AI will enable regulators to scrutinise your reporting like never before. Our Chief Marketing Officer, Margaret Franco, hosted a virtual event with two regulatory experts - Quinn Perrott and Steve Walsh - to discuss what this means for your firm, and how you can prepare.
Quinn has been reporting trades for over ten years, and is Co-CEO of TRAction, a trade reporting service provider. The firm acts as a bridge between financial firms and trade repositories.
Steve is Managing Director, Reconciliation, at Duco. He has over 25 years of global markets middle office and Operations experience across Lehman, Nomura, and Citi, where he took responsibility for regulatory implementation. As part of his role, he was responsible for the initial CFTC and EMIR implementations.
We were joined by an audience of industry professionals. Read on to discover the highlights of the discussion and what your peers think about the prospect of rapid regulatory scrutiny.
ASIC makes the first move
Rewrites to CFTC, EMIR, ASIC and MAS have placed greater emphasis on data quality and controls. Regulators are paying much closer attention to what you're reporting and how you're ensuring it’s accurate.
It seems the Australian Securities and Investments Commission (ASIC) is leading the way.
Quinn explained that a few months into 2025, TRAction clients started forwarding letters they were receiving from ASIC.
“In April we got an email from a client, and they'd forwarded on a request from ASIC, looking at six or seven particular items in their trade report,” Quinn said. “The next day, another letter came. Four or five of the same queries and some different ones. And then the next day, two letters came. At that point, we realised there's something broader going on in the industry.”
The regulator has since published a paper on some of the specific points they were reviewing, which include unique transaction identifiers (UTIs) and unique product identifiers (UPIs).
“As a lot of you will realise in Europe,” Quinn said, “those fields are all part of the common domain elements, so they're also part of EMIR, and CFTC as well, to some degree.”
“We shouldn't be surprised by ASIC's response and what ultimately could be a global regulator response,” Steve added. “What we are seeing, and not unsurprisingly in the AI age and increased levels of technological capability, is the fact that the regulators are now leveraging the very best technology to scrutinise this data and understand where these lapses of integrity are.”
The complexity of both data integrity and global regulation mean it is highly likely global regulators will follow in ASIC’s footsteps.
A new challenge for Operations
Margaret observed that dealing with this level of scrutiny from multiple regulators could be quite the operational burden.
“Absolutely,” Steve agreed. “We understand that firms rely on somewhere between eight and 20 systems for the required common data elements that the various regimes expect.”
“When you look at the monolith infrastructure that provides the relevant data points for the various regimes, you've got so many points of failure within the collation of that data.”
Firms have ended up with a “Frankenstein’s monster of incumbent solutions”, Steve said. One that lacks continuity, requires a great deal of maintenance, and is extremely complex.
“All of these reporting controls and requirements need to be platform-based,” he added. “You can't rely on a manual Excel spreadsheet, an Access database, and the goodwill of your employees to follow up on every item and every issue.”
Are financial firms ready for this level of scrutiny?
Now that we’d set the scene, we wanted to know how our audience was feeling about the prospect of rapid regulatory scrutiny. For our first poll, we asked whether this development surprised them.
Around half our audience wasn’t surprised that this was happening, but an almost equal percentage were caught off guard by how quickly this had come about.
“That response really doesn't surprise me,” Steve said. “If I look at what were the early days of transaction reporting, the regulators and the trade repositories were overloaded with data. I think it's fair to say, firms risk-accepted what was a fire-and-forget mentality.”
“Ultimately the age of AI and the availability of high-quality technology is upon us, and we should expect the rate at which the various global regimes adopt this capability to increase.”
Quinn shared that he had been expecting the regulators to up scrutiny, but that the extent to which ASIC have begun scrutinising reported data and the speed at which they can do it have come as a surprise.
“We thought something might come from pairing and matching first, but actually having the regulator go through the data themselves as opposed to the trade repository, and do it with such accuracy and finesse and so quickly was a bit of a surprise. We were expecting the storm, but not from this front.”
For our second poll we wanted to know whether our audience felt ready to handle these developments.
Around a third of our audience felt sufficiently prepared for this step-up in regulatory scrutiny. Nearly half felt they were somewhat prepared, and around a fifth didn’t feel very prepared at all.
“Marking your homework in real-time”
One particularly interesting aspect of what ASIC is doing is that the regulator is not just identifying the initial errors, but actively keeping tabs on a firm’s progress in resolving them.
“Over the last 10 years, in multiple different regimes, we've seen quite a lot of interaction with regulators on data. And we've never seen it happen like this, in near real-time,” Quinn said.
He gave an example where ASIC identified issues relating to a counterparty field in one client’s reporting. They found the cause and reported the trades correctly.
“And within 48 hours ASIC had come back to them, and said, ‘We can see that you've made those changes, but there's a couple of trades’ - and they gave the unique transaction identifiers - ‘These two trades, it's still happening.’”
“And it turns out, they had an obscure legacy platform where they hadn't made the changes.”
A new approach to scrutiny
That’s in stark contrast to what’s been seen before, where it takes a regulator a long time to respond to the data. Quinn said previously it would appear to be a manual process. The regulator would come and tell a firm they have a problem, and then the firm would report back that they’d fixed it. That would be the end of it.
“I can only imagine the level of technology that they're applying to do that. It appears they're using an external company with some form of data analytics, possibly using AI to get that information at their fingertips so quickly.”
Steve added that, in this new era of rapid scrutiny and conversation about reporting errors, it was important that firms were able to maintain a positive relationship with regulators.
“In my experience … getting ahead of conversations with a regulator to self-identify your own issues, provide a remediation plan, highlight where those issues have impacted past transactions, and then make a pledge, give a date, is imperative.”
How can you prepare for this level of regulatory scrutiny?
So, what's the key message here? Margaret asked. What do firms need to be aware of and what do they need to do as we enter this new phase of regulatory scrutiny?
“Ultimately it goes back to the relationship that you have with your service providers, and your ability to get a handle on the data integrity of the transactions you've reported to the trade repositories,” Steve said.
The regulators may be playing nice now, but fines will come, he added. Firms need to be ready to show how they will remediate any issues.
“I think it's fair to say that in these early stages, there's some ‘friendly fire’, there's some interaction. ‘We think you might have an issue’ will roll into, ‘You have an issue. How are you going to resolve it?’”
Ensure you have the right resources
Another key focus area is on resourcing for this level of compliance. Firms are overloaded with regulatory burdens, Steve explained, with rewrites, regime changes and moves to shorter settlement windows.
“Positioning to get the relevant funding required for change, and avoid any sort of difficult conversation with the regulators is key, and acting now is of primary importance.”
“As we've seen, T+1 in the US created an awful lot of noise. Firms added somewhere in the region of 20% SME [subject matter expert] resource to assist with that. Now we've got a glut of change required. We've got heavy scrutiny from a global regulatory regime point of view and limited funding.”
Check it before the regulator does
Quinn added that we’re entering a new phase of reporting. Without the capabilities of modern technology, regulators used to only do spot checks on the hundreds of thousands of reporting firms. While firms tried their best not to make mistakes, there was an element of hope involved.
“This is now a regime where those mistakes will get picked up,” Quinn said. “The regulators will have the tools to go through all of the data and find all of the errors, at least across the most common issues. What do you need to be compliant with that?”
“We've seen this happening in ASIC, but ASIC is a smaller regulator. It's a very similar environment to much larger ones in Europe and the UK. So, they'll probably do the same thing, it will just take a little while longer to gear up.”
“So, that's positive; you have a bit of time. You can see the storm coming from the other side of the world. Get the tools in place, check your homework before the regulator does.”
He also reinforced Steve’s point about funding, saying, “To be frank, you're probably going to need a bigger budget, need more tools, possibly need more people. It's moving up another level of seriousness.”
To summarise:
- Get the relationships with the right service providers
- Get a handle on the controls that you have within your environment
- There's a little bit of time, but definitely act now
- Get the right tools, and the budget, in place
- Ensure you have the ability to check your own homework
When will regulators start issuing fines?
The conversation had touched on the consequences of incorrect reporting a couple of times, and we wanted to know how our audience felt about this. How soon did they feel that the first EMIR penalties would be handed out?
The vast majority of our audience (80%) were expecting fines to start in Q1 next year. A pessimistic 12% thought they’d arrive much earlier, while a very optimistic 7% believed that the regulator would never fine firms.
Steve agreed that Q1 2026 was the most realistic timeframe to expect fines to begin. That, he said, gave firms some time to seek investment to get the correct tools in place. In fact, he stressed the need to act now.
“We didn't go through the various rewrites and refits for nothing. The regulators have a responsibility to remove systemic risk.”
“This is an ‘arms race’. The regulators have the best access to technology and that will continue. There are tools out there that can enable you to keep pace. Stay in the race. Don't be last, because the last contender in this race will get an awful lot of noise from the regulators.”
Reporting and scrutiny questions from your peers
It was time to hear from the audience - and they had some great questions for Quinn and Steve.
First up, we were asked if the integrated reporting that ESMA is currently consulting the market on contradicts what our panellists had been discussing.
“ESMA is working towards looking at how they can make these things easier or reduce duplication,” Quinn agreed.
“But there's a couple of key points there. Often when governments try and make things easier, they make things more complicated. And EMIR Refit is a classic example of that. Find me one person who says the EMIR Refit is simpler or less burdensome.”
“If it gets simpler, they may well just hold you to a much higher standard. So they say, ‘Okay, you don't have to do dual reporting anymore, but we expect you to get things 100% correct, and we'll check it all the time.’ It's both getting simpler and harder. Great question, but I think it doesn't really contradict at the core.”
Steve also pointed out that ‘EMIR 3’ is on the horizon.
“Ultimately, if there is change, be that harmonisation or simplification, you will need to respond to that. Firms have different levels of complexity in their own reporting. And every level of complexity needs to be changed when each regime makes changes.”
In short - complexity isn’t going away any time soon.
Will other regulators be stymied by scale?
Next, someone asked whether the scale of trade reporting would impact other regulators’ ability to scrutinise data in the same way as ASIC is doing.
“In the past that would have been really true,” Quinn said, “but if you have a look at the way computing, large language models, AI technology has evolved, they handle really large amounts of data.”
Steve added that other regulators will learn from each other, so ASIC have already given other regimes a head start. For example, they’ve identified and published a list of common data elements that they are focussing on. “We should expect that to expedite some of the scale challenges,” he said.
Are inter-regulator reconciliations coming?
Another audience member wanted to know if our panellists thought it likely that regulators would start reconciling trade reports that are submitted to different jurisdictions when counterparties are reporting under separate regulatory authorities.
“I think it will happen,” Steve said. “It has to happen. With increased scrutiny, with increased speed, will come the ability to understand those more complex challenges. That could be an opportunity to see what is a very bifurcated environment come together.”
Quinn agreed, but believed that this isn’t something that we’ll be facing any time soon.
“One day,” he said. “There are certain provisions in the regulation and certain systems, but there are several steps in between that haven't been done. Five or 10 years, that will probably be quite a common thing. I think the regulators have probably got the ability to do it ad hoc if they saw it necessary. But that would be very much a spot check.”
Some regimes, though, are more closely aligned and so this kind of cross-regime scrutiny could happen sooner, Steve added.
Watch the full conversation
And with that it was time to wrap up. Here’s a reminder of the key takeaways from the discussion:
- Regulators are harnessing the latest technology to scrutinise reporting like never before
- Not only is your homework being marked in near real-time, but regulators can also follow up on any fixes that have - or haven’t - been made
- The solution is to take a proactive approach: invest in the right controls, technology and service provider to ensure you are confident in your reporting data
You can get the full insights from Steve and Quinn by watching the recording on-demand here.
