viernes, 10 de mayo de 2013

Compliance and Reporting Solutions from SAP

by Sarah Feron - Senior Consultant at ConVista Spain

Although the financial crisis already started in 2007/2008, we can still feel its impacts. Regulations to enhance financial stability are getting more and more complex, and new topics are constantly added. The broad spectrum of topics being regulated by many national as well as international authorities is shown in the following overview:

Reporting & Compliance - Regulations

ESA: European Supervisory Authorities
ESMA: European Securities and Markets Authority
EMIR European Market Infrastructure Regulation
AML: Anti-Money Laundering
ESG: Environmental, Social, and Corporate Governance
SOX: Sarbanes-Oxley Act
UCITS: Undertakings for Collective Investment in Transferable Securities
AIFMD: Alternative Investment Fund Managers

IT solutions need to respond to these requirements, dealing with increasing data volume caused by a higher grade of granularity. In addition to that, the data must often be available in real time to respond quickly to critical decisions. It is therefore fundamental to centralize data, aiming to avoid duplications and guarantee data quality and integration in data processing.

When you decide on the “how”, it is often difficult to understand the scope of the software tools needed to cover the legal requirement. SAP offers a wide range of products, so finding the best-fit solution is not always easy and new versions and naming don’t make things simpler. Hence, it makes sense to start off from the generic view and to then dive into detail for each legal block. So let’s have a look at the solutions provided by SAP to respond to the legal landscape shown above:
Reporting & Compliance - SAP Solutions

Basel III (regulated within CRD and CRR in Europe)

So let’s have a look at Basel first. The European Banking Authority (EBA) is introducing EU-wide uniform reporting procedure based on the Capital Requirements Regulation (CRR) and the Capital Requirements Directive (CRD IV), coming into force in all EU member states Since Basel III is based on Basel II architecture, the latter will automatically be included in the solution; therefore, we will only focus on Basel III hereinafter.
Given the fact that Basel III itself contains a huge number of themes by its own, we should have a closer look at the respective SAP solutions. The core issues for the regulation can be summed up to
  • Credit Risk
  • Liquidity Risk
  • Operational Risk
  • Market Risk
  • Capital Risk
Given the three Pillars of the approach, each one will have to be analyzed with a different view:
1)    Compliance with KPIs based on the current situation (Pillar 1)
2)    Internal models of risk evaluation, including future scenarios and stress-tests (Pillar 2) and
3)    The disclosure management of the results to the respective authorities (Pillar 3).
To comply with the whole spectrum of Basel II and Basel III using SAP, you will need to consider the following solutions:

Reporting & Compliance - SAP Solutions

As you can see, to broadly classify the fields listed above:

  • Credit Risk à Credit Risk Analyzer
  • Liquidity Risk à Liquidity Risk Manager/HANA
  • Operational Risk à GRC Risk Management (Processes/Risk Management)
  • Market Risk à Market Risk Management
  • For Reporting and management purposes, the SAP Enterprise Risk Reporting 1 and 2/HANA come into place.
  • Presentation to authorities (EBA, NBAs) can be covered by the SAP Disclosure Management solution (including new xbrl standards).
In Europe, the analytical reporting regarding risk for Basel III is defined by the “COREP” reports. They are covered by SAP Analytical Banking. For external presentation (XBRL format) of the data, the Disclosure Management solution comes into place.
Accounting and Annual Reports
However, disclosure not only implies risk analysis (see above), but also statistics on Balance Sheets and Profit and Loss positions (new!). The reports, within the EU defined by “FINREP”, can also be presented by the Disclosure Management solution. They would fall into the Finance category, and are based on IFRS reporting. In contrast to COREP, the calculation process is not running on the Analytical Banking application from the Bank Analyzer, but its AFI (Accounting for Financial Instruments) component. AFI can also be used for IFRS reporting. An alternative to the Bank Analyzer is SAP ECC/FI.

Fraud and Corporate Governance

Fraud and Governance/Compliance are dealt with within the SAP GRC solution (Governance, Risk & Compliance).
Varouis regulations, such as SOX or Euro-SOX, demand an internal control system to be in place. SAP Process Control enables the management of such a system in almost every aspect, for example policy management or monitoring of manual controls.
As far as Fraud is concerned, Banks have to deal with a wide range of different types of issues. One big block which has gained high importance is Anti-Money Laundering policies, requiring for instantaneous action. SAP Fraud Management, also based on HANA, assures fraud prevention, detection, investigation, as well as its monitoring. It is categorized as a piece of the SAP GRC package. High data volumes can be organized and analyzed efficiently.
SAP Fraud Management  (GRC)
Fraudulent behavior related to internal actions (e.g. Rogue Trading, Wire Transfer Fraud, or Fraudulent Loans) can also be managed by the SAP solution.
Corporative Governance, regulated by Sarbanes–Oxley in the US and by a “EuroSOX” version in Europe is related to fraudulent behavior and therefore also part of SAP GRC.
For reliable management of authorizations, SAP Access Control ensures compliant user provisioning as well as the compliant design of user roles and access risk analysis on various levels. Furthermore, it enables an audit-proof emergency access management.

Securities Legislations

As far as securities are concerned, different topics are to be addressed. Within European regulation, they are regulated by ESMA, which has defined the European Market Infrastructure Regulation (EMIR) as well as the Markets in Financial Instruments Directive (MiFID) and the Undertakings for Collective Investment in Transferable Securities (UCITS)/ Alternative Investment Fund Managers (AIFMD, not yet in force) In the US, these securities topics are covered within the Dodd Frank Act.
As far as EMIR is concerned, you can take advantage of the SAP TRM (Treasury & Risk Management) solution to deal with Central Counterparties for clearing operations. SAP is furthermore currently developing a tool for the upcoming reporting obligation (“Transaction Register”) for EMIR.
If you are a depository bank and need control Investment Banks’ products, you will have to calculate the commissions and the Net Asset Value (NAV) respectively. ConVista has developed a proper tool which will automate that process for you.


Finally, Sustainability in the banking sector falls into the scope of Risk and Compliance. Despite the fact that reporting is voluntary, social pressure and strategic decisions lead to significant growth rates. Sustainability is usually divided into Economic, Social, and Governmental principles. Accordingly, SAP offers different solutions:
Financial Performance Management that is based on KPIs, the following tools come into effect:
  • SAP BusinessObjects
  • Risk Management application
  • SAP GRC (Governance, Risk & Compliance)
  • SAP BA (SAP Bank Analyzer)
If you would like to stress environmental sustainability, SAP EHS (Environment, Health & Safety) will be an appropriate solution. It allows tracking, measuring, and monitoring emissions, and is also able to generate reports for regulatory requirements.
Finally, for social compliance, a sustainable workforce needs to be assured. This can be achieved by deploying SAP ERP HCM (Human Capital Management).


Having analyzed one by one the pile of regulations, we need to keep in mind that the above picture will for sure be a snapshot in time only. Further requirements are just around the corner and existing ones are very likely to be improved. However, despite all the complexity behind it, we could see that the technological solutions are available and actually not that complicated. In the end, it comes down to a selection of products which can indeed be used for several purposes (e.g., GRC for Basel, Fraud, and Sustainability).