SEC Rule 10c-1 and the new era of RegOps: Embedding data quality with agentic AI
30 September 2025
In an environment where regulators like ESMA and the SEC are explicitly focused on data quality, firms that can demonstrate proactive control gain a significant edge, says Pierre Khemdoudi, CEO and co-founder at Gentek.AI
Image: Pierre Khemdoudi
For over a decade, financial institutions have been racing to keep up with a relentless wave of new and rewritten regulatory reporting requirements.
The European Market Infrastructure Regulation (EMIR), the ÌÇÐÄvlog Financing Transactions Regulation (SFTR), and the Markets in Financial Instruments Regulation (MiFIR) in Europe; the Dodd-Frank Act and the Commodity Futures Trading Commission (CFTC) rewrite in the US; and reporting requirements from the Monetary Authority of Singapore (MAS) and the Hong Kong Monetary Authority (HKMA) in Asia, have all introduced unique demands.
Each regime has required new data points, additional templates, and specific reconciliations. Each has driven investment in people, technology, and processes. And yet, despite this investment, regulators have continued to flag the same issue: persistent weaknesses in the quality of reported data.
The arrival of the US ÌÇÐÄvlog and Exchange Commission’s (SEC’s) Rule 10c-1 on securities lending transparency provides an opportunity to reconsider this dynamic. On the surface, it is another complex mandate, requiring securities lenders to capture granular data, report transactions to the Financial Industry Regulatory Authority (FINRA) under tight deadlines, and track lifecycle amendments with precision.
But 10c-1 coincides with a broader regulatory movement that cannot be ignored. In Europe, the European ÌÇÐÄvlog and Markets Authority (ESMA) has issued a Call for Evidence on the simplification of financial transaction reporting, with a strong emphasis on data quality frameworks and cost efficiency.
Regulators are no longer content with timely submissions alone. Increasingly, they demand that firms demonstrate the controls, governance, and assurance processes that underpin reporting quality.
This evolution raises a fundamental question for financial institutions: how can regulatory operations move beyond fragmented, regime-specific fixes and build a unified, resilient control framework that embeds quality by design?
The challenge of SEC Rule 10c-1
Rule 10c-1 requires securities lenders to report detailed information on their loans, including counterparties, collateral, and terms, by the close of each trading day. Much of this data will be made public, placing firms under dual scrutiny from both regulators and market participants.
The operational implications are substantial. Firms must:
• capture and validate data at a highly granular level
• meet end-of-day deadlines, leaving little room for manual adjustments
• manage lifecycle events and corrections with precision
• operate under the knowledge that errors will not only be visible to regulators, but also to peers and competitors
Attempting to meet these requirements with traditional approaches like static extract, transform, load (ETL) pipelines, rule-based validations, and manual reconciliations, risks repeating the cycle experienced under EMIR and SFTR: high costs, rigid systems, and persistent error rates. The parallel scrutiny of regulators and the market further raises the stakes.
Regulators and the data quality imperative
The SEC’s new mandate is not occurring in isolation. ESMA’s review of SFTR highlights the broader shift in regulatory expectations. The Call for Evidence focuses on whether current frameworks deliver useful, reliable, and cost-effective data. The message is clear: it is no longer sufficient to generate a file and submit it on time. Supervisors want assurance that reported data is accurate, complete, and underpinned by strong controls.
This represents a subtle but important change. In the early years of transaction reporting, the focus was largely on coverage i.e. ensuring that all relevant transactions were captured and submitted. Today, the emphasis has shifted to quality and integrity. Regulators now assess whether firms can demonstrate effective reconciliations, field-level accuracy, consistent use of identifiers, and robust governance over exceptions.
For firms, this is both a burden and an opportunity. The burden lies in the fact that most reporting infrastructures remain fragmented. Controls are duplicated across regimes, reconciliations are inconsistent, and exception management often relies on manual intervention. The opportunity lies in the emergence of new technologies, particularly agentic artificial intelligence, that can embed quality assurance directly into reporting workflows.
Agentic workflows: A scalable approach to controls
Agentic workflows represent a departure from the static controls of the past. They leverage autonomous AI agents that can reason, adapt, and collaborate to manage regulatory processes dynamically. Instead of treating each regime as a standalone challenge, agentic workflows provide a scalable model that can be applied across all reporting mandates.
The practical benefits are clear:
• Dynamic schema interpretation: Agents can map internal data structures to new regulatory templates without costly system re-engineering.
• Continuous validation: Rather than running end-of-day checks, agents validate data in real time, catching issues as they arise.
• Centralised exception management: Breaks across systems are handled in one unified environment, with many resolved automatically.
• Regulatory adaptability: Agents can ingest regulatory updates, such as ESMA Q&As or SEC clarifications, and adjust controls accordingly.
This model does not simply automate reporting. It automates the control framework itself, embedding validation, reconciliation, and governance into the workflow in a way that scales naturally as new mandates are introduced.
Moving beyond fragmentation
The problem with the current model of compliance is fragmentation. Each regulation has historically triggered its own build: a separate set of validations, reconciliations, and exception processes. This approach results in duplicated effort, inconsistent coverage, escalating costs, and, ultimately, regulatory risk.
The irony is that much of the underlying work is common. Whether for EMIR, SFTR, or 10c-1, firms must validate counterparties, ensure lifecycle alignment, reconcile collateral data, and resolve exceptions. Yet without a unified framework, these activities are repeated in silos, draining resources and creating weak points.
Agentic workflows offer a way out of this cycle. By harmonising checks, consolidating exception management, and ensuring consistent oversight, they allow firms to replace fragmented controls with a consolidated, intelligent framework.
IRIS by Gentek: An example of unified control in practice
One example of this approach is Gentek’s Intelligent Reporting and Integration Solution (IRIS). IRIS was developed to address precisely the challenges outlined above: fragmented infrastructures, duplicated controls, and rising regulatory expectations on data quality.
Importantly, IRIS is not designed to replace existing reporting infrastructure. Instead, it integrates on top of it, creating a unified control framework without the disruption of wholesale system replacement. This design allows firms to deploy quickly, preserve existing vendor and in-house investments, and realise benefits without multi-year transformation projects.
Where IRIS goes further is in its adaptability and customisation. The system has been built to enable easy tailoring for bespoke client needs, whether that involves unique reporting templates, firm-specific exception workflows, or integration with proprietary systems.
Just as importantly, IRIS is designed to evolve as the regulatory landscape changes. Whether it is a new SEC mandate, an SFTR rewrite, or emerging ESG and digital asset regimes, IRIS can be configured to absorb change rather than forcing firms into costly rebuilds.
In practice, IRIS provides:
• A shared library of validations and reconciliations applied consistently across regimes.
• Centralised exception management, where AI agents not only flag issues but also resolve them automatically where possible.
• An embedded regulatory knowledge base, providing context for complex rules and changes.
• Oversight dashboards that give compliance and operations leaders transparency into reporting quality across the enterprise.
• Flexible configuration options, enabling firms to adapt workflows and controls to their unique requirements.
• The result is a system where compliance is not only achieved and evidenced, but also future-proofed against inevitable regulatory change.
The strategic advantage of proactive control
Embedding controls through agentic workflows delivers immediate operational benefits: lower costs, reduced manual intervention, and faster adaptation to new rules. But the strategic advantage extends further.
In an environment where regulators like ESMA and the SEC are explicitly focused on data quality, firms that can demonstrate proactive control gain a significant edge. They build credibility with supervisors, reduce the risk of fines and remediation projects, and position themselves to handle future mandates with minimal disruption.
Moreover, by freeing RegOps teams from manual exception management, firms can reallocate resources to higher-value activities, such as regulatory interpretation, scenario analysis, and engagement with supervisors. In this way, compliance evolves from a defensive function into a strategic capability.
Conclusion: A pivotal moment for RegOps
The SEC’s Rule 10c-1 and ESMA’s review of SFTR represent more than just another turn of the regulatory wheel. Together, they mark a pivotal moment for regulatory operations. Supervisors are moving from measuring the volume of reporting to scrutinising its value and quality.
Firms now face a choice. They can continue to build in silos, layering new systems and processes onto already fragile infrastructures. Or they can embrace a unified approach, leveraging agentic AI to embed controls and data quality assurance directly into workflows.
Solutions like IRIS show what this future can look like: not only embedding data quality into reporting but also providing the adaptability and customisation required to meet bespoke client needs and absorb inevitable regulatory change. In a world where compliance is constantly evolving, adaptability is not a luxury, it is the foundation of resilience.
As regulatory change continues, from 10c-1 to Basel IV and beyond, those who act now to modernise their control frameworks will not only remain compliant. They will lead the next generation of regulatory operations.
The European Market Infrastructure Regulation (EMIR), the ÌÇÐÄvlog Financing Transactions Regulation (SFTR), and the Markets in Financial Instruments Regulation (MiFIR) in Europe; the Dodd-Frank Act and the Commodity Futures Trading Commission (CFTC) rewrite in the US; and reporting requirements from the Monetary Authority of Singapore (MAS) and the Hong Kong Monetary Authority (HKMA) in Asia, have all introduced unique demands.
Each regime has required new data points, additional templates, and specific reconciliations. Each has driven investment in people, technology, and processes. And yet, despite this investment, regulators have continued to flag the same issue: persistent weaknesses in the quality of reported data.
The arrival of the US ÌÇÐÄvlog and Exchange Commission’s (SEC’s) Rule 10c-1 on securities lending transparency provides an opportunity to reconsider this dynamic. On the surface, it is another complex mandate, requiring securities lenders to capture granular data, report transactions to the Financial Industry Regulatory Authority (FINRA) under tight deadlines, and track lifecycle amendments with precision.
But 10c-1 coincides with a broader regulatory movement that cannot be ignored. In Europe, the European ÌÇÐÄvlog and Markets Authority (ESMA) has issued a Call for Evidence on the simplification of financial transaction reporting, with a strong emphasis on data quality frameworks and cost efficiency.
Regulators are no longer content with timely submissions alone. Increasingly, they demand that firms demonstrate the controls, governance, and assurance processes that underpin reporting quality.
This evolution raises a fundamental question for financial institutions: how can regulatory operations move beyond fragmented, regime-specific fixes and build a unified, resilient control framework that embeds quality by design?
The challenge of SEC Rule 10c-1
Rule 10c-1 requires securities lenders to report detailed information on their loans, including counterparties, collateral, and terms, by the close of each trading day. Much of this data will be made public, placing firms under dual scrutiny from both regulators and market participants.
The operational implications are substantial. Firms must:
• capture and validate data at a highly granular level
• meet end-of-day deadlines, leaving little room for manual adjustments
• manage lifecycle events and corrections with precision
• operate under the knowledge that errors will not only be visible to regulators, but also to peers and competitors
Attempting to meet these requirements with traditional approaches like static extract, transform, load (ETL) pipelines, rule-based validations, and manual reconciliations, risks repeating the cycle experienced under EMIR and SFTR: high costs, rigid systems, and persistent error rates. The parallel scrutiny of regulators and the market further raises the stakes.
Regulators and the data quality imperative
The SEC’s new mandate is not occurring in isolation. ESMA’s review of SFTR highlights the broader shift in regulatory expectations. The Call for Evidence focuses on whether current frameworks deliver useful, reliable, and cost-effective data. The message is clear: it is no longer sufficient to generate a file and submit it on time. Supervisors want assurance that reported data is accurate, complete, and underpinned by strong controls.
This represents a subtle but important change. In the early years of transaction reporting, the focus was largely on coverage i.e. ensuring that all relevant transactions were captured and submitted. Today, the emphasis has shifted to quality and integrity. Regulators now assess whether firms can demonstrate effective reconciliations, field-level accuracy, consistent use of identifiers, and robust governance over exceptions.
For firms, this is both a burden and an opportunity. The burden lies in the fact that most reporting infrastructures remain fragmented. Controls are duplicated across regimes, reconciliations are inconsistent, and exception management often relies on manual intervention. The opportunity lies in the emergence of new technologies, particularly agentic artificial intelligence, that can embed quality assurance directly into reporting workflows.
Agentic workflows: A scalable approach to controls
Agentic workflows represent a departure from the static controls of the past. They leverage autonomous AI agents that can reason, adapt, and collaborate to manage regulatory processes dynamically. Instead of treating each regime as a standalone challenge, agentic workflows provide a scalable model that can be applied across all reporting mandates.
The practical benefits are clear:
• Dynamic schema interpretation: Agents can map internal data structures to new regulatory templates without costly system re-engineering.
• Continuous validation: Rather than running end-of-day checks, agents validate data in real time, catching issues as they arise.
• Centralised exception management: Breaks across systems are handled in one unified environment, with many resolved automatically.
• Regulatory adaptability: Agents can ingest regulatory updates, such as ESMA Q&As or SEC clarifications, and adjust controls accordingly.
This model does not simply automate reporting. It automates the control framework itself, embedding validation, reconciliation, and governance into the workflow in a way that scales naturally as new mandates are introduced.
Moving beyond fragmentation
The problem with the current model of compliance is fragmentation. Each regulation has historically triggered its own build: a separate set of validations, reconciliations, and exception processes. This approach results in duplicated effort, inconsistent coverage, escalating costs, and, ultimately, regulatory risk.
The irony is that much of the underlying work is common. Whether for EMIR, SFTR, or 10c-1, firms must validate counterparties, ensure lifecycle alignment, reconcile collateral data, and resolve exceptions. Yet without a unified framework, these activities are repeated in silos, draining resources and creating weak points.
Agentic workflows offer a way out of this cycle. By harmonising checks, consolidating exception management, and ensuring consistent oversight, they allow firms to replace fragmented controls with a consolidated, intelligent framework.
IRIS by Gentek: An example of unified control in practice
One example of this approach is Gentek’s Intelligent Reporting and Integration Solution (IRIS). IRIS was developed to address precisely the challenges outlined above: fragmented infrastructures, duplicated controls, and rising regulatory expectations on data quality.
Importantly, IRIS is not designed to replace existing reporting infrastructure. Instead, it integrates on top of it, creating a unified control framework without the disruption of wholesale system replacement. This design allows firms to deploy quickly, preserve existing vendor and in-house investments, and realise benefits without multi-year transformation projects.
Where IRIS goes further is in its adaptability and customisation. The system has been built to enable easy tailoring for bespoke client needs, whether that involves unique reporting templates, firm-specific exception workflows, or integration with proprietary systems.
Just as importantly, IRIS is designed to evolve as the regulatory landscape changes. Whether it is a new SEC mandate, an SFTR rewrite, or emerging ESG and digital asset regimes, IRIS can be configured to absorb change rather than forcing firms into costly rebuilds.
In practice, IRIS provides:
• A shared library of validations and reconciliations applied consistently across regimes.
• Centralised exception management, where AI agents not only flag issues but also resolve them automatically where possible.
• An embedded regulatory knowledge base, providing context for complex rules and changes.
• Oversight dashboards that give compliance and operations leaders transparency into reporting quality across the enterprise.
• Flexible configuration options, enabling firms to adapt workflows and controls to their unique requirements.
• The result is a system where compliance is not only achieved and evidenced, but also future-proofed against inevitable regulatory change.
The strategic advantage of proactive control
Embedding controls through agentic workflows delivers immediate operational benefits: lower costs, reduced manual intervention, and faster adaptation to new rules. But the strategic advantage extends further.
In an environment where regulators like ESMA and the SEC are explicitly focused on data quality, firms that can demonstrate proactive control gain a significant edge. They build credibility with supervisors, reduce the risk of fines and remediation projects, and position themselves to handle future mandates with minimal disruption.
Moreover, by freeing RegOps teams from manual exception management, firms can reallocate resources to higher-value activities, such as regulatory interpretation, scenario analysis, and engagement with supervisors. In this way, compliance evolves from a defensive function into a strategic capability.
Conclusion: A pivotal moment for RegOps
The SEC’s Rule 10c-1 and ESMA’s review of SFTR represent more than just another turn of the regulatory wheel. Together, they mark a pivotal moment for regulatory operations. Supervisors are moving from measuring the volume of reporting to scrutinising its value and quality.
Firms now face a choice. They can continue to build in silos, layering new systems and processes onto already fragile infrastructures. Or they can embrace a unified approach, leveraging agentic AI to embed controls and data quality assurance directly into workflows.
Solutions like IRIS show what this future can look like: not only embedding data quality into reporting but also providing the adaptability and customisation required to meet bespoke client needs and absorb inevitable regulatory change. In a world where compliance is constantly evolving, adaptability is not a luxury, it is the foundation of resilience.
As regulatory change continues, from 10c-1 to Basel IV and beyond, those who act now to modernise their control frameworks will not only remain compliant. They will lead the next generation of regulatory operations.
NO FEE, NO RISK
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to ÌÇÐÄvlog Finance Times
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to ÌÇÐÄvlog Finance Times
