Regulatory reporting problems usually do not start on submission day. They start weeks earlier, when the team does not yet know which number is final, which spreadsheet is the latest version, which adjustment was approved, or why this month's movement looks different from last month's.

The deadline gets closer. Finance pulls an extract from the core system. Risk has a different view. Operations has a manual tracker. Compliance asks for evidence behind one line item. Someone updates the spreadsheet, but the commentary still refers to the old number. A reviewer asks where the adjustment came from. The person who knows is in meetings. The report is eventually submitted, but too much of the work depended on chasing, copying, reconciling, and remembering.

That is the real workflow to fix. Regulatory reporting is not just a form, template, XBRL file, board pack, spreadsheet, or dashboard. It is the chain of source data, transformations, checks, adjustments, evidence, commentary, approvals, and submission steps that make the report defensible.

This article is written for financial services teams where regulatory or management reporting is still too manual. It is not legal, accounting, or regulatory advice. The exact reporting obligations depend on your market, license, product, and regulator. The operating question is simpler: can your team produce the report with enough speed, evidence, and review control that the process does not become a monthly scramble?

First, define the job of the reporting workflow

Most teams describe the job as submitting the report on time. That is necessary, but too narrow. A good reporting workflow has to answer a few practical questions before the deadline:

  • Which reports are due, when, and who owns each one?
  • Which source systems feed each line item?
  • Which transformations, calculations, mappings, and exclusions are being applied?
  • Which numbers failed validation or moved unexpectedly?
  • Which adjustments were made, who approved them, and why?
  • Which commentary explains the movement clearly enough for review?
  • Which evidence proves the report was prepared and reviewed properly?

If the workflow cannot answer those questions, the team may still submit the report. But the process will feel fragile. Reviewers will ask the same questions each cycle. The team will rebuild evidence at the last minute. People will lose confidence in the numbers even when the final submission is correct.

The practical test

Choose one recurring report. Could a new reviewer trace a material line item from submitted number back to source system, calculation, adjustment, commentary, evidence, and approver? If not, the workflow is too dependent on people who already know the story.

How reporting usually happens today

In many financial services teams, regulatory reporting grew around deadlines. Someone created a spreadsheet because it was the fastest way to get the report out. Someone added tabs for checks. Someone else added a commentary document. A shared folder became the evidence repository. Approvals happened by email. A dashboard was added later, but the report still depends on manual extracts underneath.

A typical reporting cycle often looks like this:

  1. The calendar reminds the team that a report, return, pack, disclosure, or management submission is due.
  2. Source data is pulled from core systems, finance systems, risk systems, operations tools, spreadsheets, or data warehouses.
  3. Someone cleans the extract, maps fields, applies calculations, and copies outputs into the reporting template.
  4. Validation checks find missing values, unexpected movements, mismatched totals, or source-system differences.
  5. The team investigates exceptions and asks data owners for context.
  6. Manual adjustments are made, sometimes with notes in the spreadsheet and sometimes in an email thread.
  7. Commentary is drafted to explain movements, exceptions, and judgement calls.
  8. Reviewers check the pack, request changes, and approve the final version.
  9. The report is submitted, archived, and then partly forgotten until the next cycle.

The problem is not that people are careless. The problem is that the workflow was often built as a survival system. It works because experienced people know where things live. That is also why it becomes risky when volumes grow, products change, reviewers rotate, or deadlines compress.

Where regulatory reporting breaks

Reporting work breaks when the report is treated as the thing to build, instead of the workflow around the report. The final file may look tidy, while the preparation process underneath is scattered.

Breakpoint What it looks like What usually needs fixing
Unclear source ownership Finance, risk, operations, and compliance each have a different version of the same number. A source map that names the system, data owner, extraction method, and approved use for each line item.
Manual transformations Calculations happen across hidden spreadsheet tabs, copied files, or undocumented formulas. A documented transformation layer with clear rules, version control, and reviewable outputs.
Weak validation Errors are found late because checks depend on one person's eye or a few manual comparisons. Repeatable checks for completeness, movement, reconciliation, thresholds, totals, and prior-period comparisons.
Poor adjustment trail Adjustments are made to finish the pack, but the reason, owner, and approval are hard to reconstruct later. An adjustment log with source, rationale, amount, date, reviewer, approver, and evidence.
Late commentary The report explains what changed only after the team has already spent most of its time fixing the numbers. Variance prompts, owner comments, source-linked explanation, and review-ready commentary drafts.
Approval by memory Reviewers approve because they trust the preparer, not because the evidence is easy to inspect. A review workflow with checklist status, open exceptions, reviewer notes, and sign-off history.

Once you separate these breakpoints, the improvement path becomes clearer. You do not need to rebuild every report at once. You need to make one reporting cycle traceable, checkable, and easier to review.

What good looks like

A good regulatory reporting workflow should feel boring in the best way. The team knows what is due. The source data arrives from known places. Checks run early. Exceptions are visible. Commentary starts before the final night. Reviewers can see the evidence. The final submission is archived with enough context to explain it later.

The minimum good version usually includes:

  • A reporting calendar with deadlines, owners, preparers, reviewers, and dependencies.
  • A source-to-report map showing where each major line item comes from and how it is transformed.
  • A validation checklist that runs before review, not only after someone notices a problem.
  • An exception queue for missing data, failed checks, unusual movements, mapping issues, and late source files.
  • An adjustment log with reason, amount, source, reviewer, approver, and evidence.
  • A commentary workflow that connects movements to owner explanations and supporting data.
  • An evidence pack with source extracts, reconciliations, checks, reviewer notes, approvals, and final submission files.

This does not have to be one giant platform. For many mid-market teams, the first useful system can be a disciplined workflow over a few tools they already use, with better data connections and a small amount of automation.

The report control file

For one recurring report, create a control file with these sections:

  • Report metadata: report name, period, due date, preparer, reviewer, approver, status, and submission channel.
  • Source map: source system, table or extract, data owner, extraction date, refresh method, and known limitations.
  • Line-item map: report field, source field, calculation rule, exclusions, transformations, and prior-period comparison.
  • Validation checks: check name, threshold, pass or fail status, owner, issue note, and resolution date.
  • Adjustment log: adjustment amount, reason, source evidence, requester, reviewer, approver, and timestamp.
  • Commentary: movement explanation, business driver, exception note, and supporting link.
  • Approval trail: reviewer comments, open issues, approvals, final submission file, and archive location.

The data you need underneath

Regulatory reporting data can sound intimidating because the report may be technical. But the workflow needs a practical data model before it needs a complex one.

Start by identifying the data that drives the report:

  • Report name, period, due date, submission type, version, and reporting entity.
  • Source-system extracts, including extraction timestamp, owner, filters used, and refresh status.
  • Report line items, source fields, mappings, calculations, thresholds, and prior-period values.
  • Reconciliations between systems, ledgers, subledgers, risk views, operations trackers, and manual inputs.
  • Validation results, exception categories, issue owner, resolution status, and reviewer notes.
  • Adjustments, overrides, manual entries, assumptions, approval notes, and evidence links.
  • Commentary drivers, such as volume movement, portfolio mix, customer behavior, pricing, claims, transactions, provisions, exposure, or operational changes.
  • Submission status, final files, acknowledgements, follow-up requests, and archive location.

The useful question is not "Do we have all the data?" It is "Can we explain which data was used for this report, why it changed, who checked it, and what evidence supports it?"

The systems usually involved

Regulatory reporting often sits across more systems than the final report suggests. Common systems include:

  • Core banking, lending, insurance, payments, wealth, or investment platforms that hold account, policy, transaction, position, exposure, or customer data.
  • Finance and accounting systems for ledgers, balances, reconciliations, provisions, and management accounts.
  • Risk and compliance tools for classifications, controls, incidents, risk ratings, and monitoring outputs.
  • Operations systems for cases, transactions, claims, settlements, servicing queues, and exception logs.
  • Data warehouses and BI tools for curated models, dashboards, extracts, and report-ready datasets.
  • Spreadsheets that still hold calculations, checks, manual notes, and review packs.
  • Document repositories for source files, evidence, approvals, final submissions, and regulator correspondence.
  • Workflow and ticketing tools for issue ownership, review tasks, deadlines, and approval status.

The reporting workflow should not pretend those systems will disappear. It should decide where each part belongs. Source data should stay near the source of truth. Transformations and checks should be reviewable. Commentary should connect to the numbers it explains. Evidence should be findable after the deadline.

Where AI can help

AI can help with regulatory reporting, but it should not be positioned as a magic report generator. The best use is to reduce manual reading, comparison, classification, drafting, and evidence retrieval around a controlled workflow.

Good places to use AI include:

  • Variance explanation: draft first-pass commentary from source movements, prior periods, and owner notes.
  • Exception summarization: summarize why checks failed, what changed, and which owner needs to respond.
  • Evidence retrieval: help reviewers find source extracts, prior submissions, reconciliations, policy notes, and related issue history.
  • Document extraction: extract relevant values from statements, confirmations, invoices, claims files, contracts, or regulator correspondence where data is not structured.
  • Checklist drafting: create review prompts based on the report type, prior-period issues, known controls, and open exceptions.
  • Commentary quality review: flag commentary that does not explain the movement, lacks evidence, or conflicts with the data.
  • Submission pack preparation: assemble draft packs, labels, references, and reviewer summaries for human approval.

The key phrase is "for human approval." AI can draft, compare, and retrieve. The team still needs clear ownership for the numbers, checks, assumptions, adjustments, and final submission.

Where human review still matters

Human review matters in regulatory reporting because judgement often lives between the data and the submission. A number may be mathematically correct but still need interpretation. An adjustment may be reasonable but still need evidence. A movement may be explainable but still require escalation.

Keep human review visible when:

  • A line item moves outside a materiality threshold.
  • A source system changed, a mapping changed, or a new product affected the report.
  • A reconciliation does not tie out cleanly.
  • A manual adjustment or override is required.
  • The report depends on policy interpretation or accounting judgement.
  • A regulator, auditor, board, or management team may ask for evidence later.
  • AI drafted commentary, extracted values, or summarized exceptions.

The workflow should make the review easier, not invisible. Reviewers should see what changed, what failed, what was adjusted, what AI assisted with, and what evidence supports the final answer.

What to fix first

The first fix should usually be one recurring report with a clear pain point. Choose a report where the team already feels the drag: repeated reconciliation, late commentary, frequent exceptions, unclear ownership, or fragile evidence.

Then build a first version around five things:

  1. Report calendar: define due date, owners, inputs, review dates, and dependencies.
  2. Source map: document where the key numbers come from and who owns them.
  3. Validation checks: automate or standardize the checks that currently happen manually.
  4. Exception queue: separate data issues, calculation issues, review questions, and late inputs.
  5. Evidence pack: create one place for extracts, checks, adjustments, comments, approvals, and final files.

That first version can live partly in spreadsheets, workflow tools, BI, and document storage. The win is not tool purity. The win is that the report becomes traceable and reviewable.

A practical 30/60/90 day path

A good 90-day reporting project should not try to automate every filing. It should make one important reporting process less fragile and create a reusable pattern for the next one.

First 30 days: map the reporting cycle

Start by reconstructing the last two or three cycles for one report. Look at who provided data, which files were used, which checks failed, where adjustments were made, what commentary changed, and how the final approval happened.

The output should be tangible:

  • A report workflow map from source data to submission.
  • A source-to-line-item map for the main report fields.
  • A list of recurring validations and exception types.
  • A current evidence inventory.
  • A first version of the report control file.

Next 30 days: build the control workflow

Month two should make the process easier to run. Build or improve the source extract routine, validation checks, issue queue, adjustment log, commentary prompts, and review status view.

By the end of this month, the team should be able to answer:

  • Which inputs are missing?
  • Which checks failed?
  • Which line items changed materially?
  • Which adjustments are waiting for approval?
  • Which reviewer comments are open?
  • Which evidence is still missing?

Days 60 to 90: add AI support and reporting metrics

Once the control workflow is stable, add AI carefully. Use it to draft variance commentary, summarize failed checks, retrieve evidence, compare current and prior reports, or prepare a reviewer summary.

Measure the workflow in plain operational terms:

  • Time spent collecting source data.
  • Number of failed validation checks by category.
  • Time from first draft to reviewed pack.
  • Number of manual adjustments and approval lag.
  • Commentary rewrite cycles.
  • Evidence completeness at submission.
  • Follow-up questions after submission.

Those measures tell you whether the reporting workflow is actually improving. They are more useful than counting how many AI features were added.

Common mistakes

Regulatory reporting projects often struggle for predictable reasons.

Mistake 1: starting with the final template

The final form matters, but it is only the output. If the source map, checks, evidence, and approvals are weak, a polished template will still be fragile.

Mistake 2: leaving transformations inside spreadsheets no one reviews

Spreadsheets may remain part of the process, but key calculations and adjustments need ownership, documentation, and review.

Mistake 3: treating commentary as a last-minute writing task

Commentary should start when movement is first identified, not after the numbers are final. Otherwise the team spends review time reconstructing the story.

Mistake 4: automating checks without an exception owner

A failed check is only useful if someone owns the resolution. Otherwise the dashboard becomes another place where issues sit.

Mistake 5: archiving the final report but not the working evidence

The final file is not enough. Store the extracts, checks, adjustments, comments, approval trail, and final submission context together.

How Ubisar would approach it

Ubisar would start with one report that creates visible monthly or quarterly pain. We would map the reporting process as it actually happens, define the source-to-report logic, clean up the data flow, build the checks and review workflow, and add AI support where it helps preparers and reviewers do less manual work.

The work usually touches all three layers:

  • Data: source extracts, report fields, mappings, calculations, validation results, adjustment logs, and evidence links.
  • Tech: spreadsheets, BI tools, data warehouses, reporting templates, workflow tools, document stores, and integrations.
  • AI: variance drafts, exception summaries, evidence retrieval, document extraction, commentary review, and reviewer prep.

This connects directly to financial services workflow implementation. The goal is not a generic AI use case. It is a repeatable reporting workflow that lets the team produce better packs with less chasing and stronger review. It also fits the AI, Data & Tech Implementation Retainer, because reporting improves as data definitions, tools, checks, and user habits improve month by month.

A checklist for your next report cycle

Before rebuilding anything, pick one report and answer these questions:

  • Which source systems feed the report?
  • Who owns each major input?
  • Which line items are copied, calculated, mapped, or manually adjusted?
  • Which checks are run before review?
  • Which checks failed in the last cycle?
  • Which adjustments were made and who approved them?
  • Which commentary took the longest to write?
  • Which evidence would be hard to find three months from now?
  • Which reviewer questions repeat every cycle?
  • What would make the next cycle 20 percent easier?

If you can answer those questions, you are no longer talking about reporting in the abstract. You are looking at a real workflow that can be improved.

Sources and useful references

For broader reporting-control context, the Basel Committee's principles for effective risk data aggregation and risk reporting are a useful reference, especially around accuracy, completeness, timeliness, and adaptability. The SEC's structured data resources are useful background on why machine-readable, consistent reporting formats matter. For US banking report process context, the Federal Reserve's reporting forms and instructions library is a reminder that reporting work is as much about instructions, definitions, and controls as it is about submission.

The practical next step is to make one report reviewable from source to submission. Once that works, the same pattern can be reused for the next report.