Ensuring reliable regulatory reporting after a demerger

Our client is a private Southern European investment bank operating in over 50 markets. The bank is subject to regulatory reporting requirements under frameworks such as MiFID II and SFTR, as well as local rules set by CySEC. These regulations contain strict criteria in terms of the accuracy, completeness, and timeliness of submitted data. They also require the ability to demonstrate control over the reporting process.

To meet these requirements, the bank aggregates data from multiple internal systems and external providers, transforming it into reports for submission to the regulator.

Following a demerger, the client retained its systems but lost much of the internal knowledge needed to confidently manage regulatory reporting.

Although the reporting processes remained in place, they lacked transparency and control. Rather than system failures, the main issues were caused by uncertainty around data and outcomes:

• Reports were generated using data that could be incomplete or inconsistent with limited visibility
• Changes in external data sources affected critical reporting fields.
• Reporting relied on manual aggregation steps, which increased the risk of human error.
• There was no reliable way to confirm that submitted reports were received or accepted by the regulator.

As a result, the client could produce and send reports but could not fully verify their correctness or track their status after submission in a reasonably timely manner. To reduce compliance risk and establish control over reporting outcomes, the client engaged EffectiveSoft to analyze and stabilize the reporting lifecycle.

Our approach focused on three key areas: understanding how reporting data is formed, establishing control over the reporting lifecycle, and ensuring full traceability of reporting processes.

1. Making reporting logic explicit

The first step was to clarify how regulatory reports were actually formed. For this purpose, we analyzed the composition of reporting datasets, including inputs used, transformations applied, and fields critical for regulatory submission. This allowed us to identify weak points where data could become incomplete or inconsistent without issues being flagged.

We gave particular attention to reference data used in reporting. In some cases, changes or gaps in upstream data inputs led to missing values that were not treated as errors, but still affected the completeness of reports for specific instruments.

To address these issues, we:

• Identified critical reporting fields and their data sources.
• Introduced safeguards to prevent missing or degraded values from being included in reports.
• Restored and stabilized key data using historical and alternative sources.
2. Establishing control over the reporting lifecycle

Beyond data quality, the main issue was the lack of control over the reporting process itself.

We restructured the workflow to make each stage, including data preparation, report generation, and submission, more transparent and verifiable. This ensures that reports are based on complete datasets and adhere to a consistent, controlled process.

In addition, we shifted the start time of report generation (and consequently submission) several hours earlier, allowing potential issues to be identified well before the end of the working day and ensuring there is sufficient time to resolve them within business hours.

3. Introducing auditability and operational confidence

To ensure ongoing compliance, we focused on making reporting processes auditable and repeatable. We documented and made traceable the key reporting steps and data transformations, providing the team with the ability to understand how each report is formed and investigate discrepancies as they arise. Daily validation routines now ensure that reporting datasets are ready and consistent before submission cycles begin.

These changes have shifted reporting from a process that relied on manual checks and implicit knowledge to one that can be systematically verified and explained.

The client moved from a reporting process with limited transparency to one that is controlled, traceable, and aligned with regulatory expectations.

Data used in regulatory reports is now stable and validated before submission, thereby reducing the risk of incomplete or inaccurate reporting. Dependencies on external providers are now effectively managed, and precautions prevent silent data loss. Meanwhile, the bank gained visibility into the entire reporting lifecycle, from data preparation to regulator response. This allows the bank to confirm not only that reports are generated but also that they are successfully delivered and accepted. These changes have significantly reduced compliance risk and improved confidence in meeting regulatory obligations.