The PRA & Regulatory Reporting: The Reconciliation Process
The Prudential Regulation Authority’s recent letter to the CEOs of the UK’s banks and building societies highlighted their disappointment in finding numerous issues in how many UK institutions managed their preparation of regulatory reports.
Die letter highlighted that regulatory reporting was highly fragmented, those involved were often too junior, and that there was often insufficient management supervision. There were also issues in how spreadsheets were used in ways that made transparency and auditability challenging to achieve. This situation can lead to potential scope for misreporting in the regulatory process.
One area that the PRA highlighted as a source of concern was the reporting reconciliation process.
Reconciliation and the perils of EUCs
The reporting reconciliation process is at the core of regulatory reporting. It covers the way that the various elements that make up regulatory reports – results, model reports, supporting documentation, and much else – are consolidated and checked.
Clearly, these results need to be anchored on the data drawn from core systems, but, just as importantly, there needs to be scope to allow managers to apply expert judgment to the results before submission. Managers need to be able to present – and defend – regulatory submissions that have been reviewed to give a coherent picture that aligns with other reports available to shareholders and counterparties.
Die reconciliation process depends on taking information and inputs from multiple core systems that are not designed to work well together. Spreadsheets – often used as End User Computing (EUC) applications – typically form part of this ‘final mile reporting’ because of their power, flexibility, and ease of use. They can help integrate data flows from diverse systems without the cost and complexity of a large data integration or business process re-engineering project. They also help facilitate the application of expert judgment to help make sense of complex commercial positions.
The reconciliation process depends on taking information and inputs from multiple core systems that are not designed to work well together.
While valuable to the business, this power and flexibility comes at the expense of management controls, which reduce the transparency and the auditability the PRA expects. A key point raised by the PRA was the need to anchor the reconciliation process in the general ledger data.
The expectation of the PRA is for ‘the reconciliation process to be a formal and comprehensive process reconciling regulatory flows to appropriate records, for every submission cycle.’
So, how do you achieve this while using EUCs that are central to many regulatory reconciliation processes?
How to implement an appropriate reconciliation process
As mentioned in the previous section on model risk management, your first step is to create an inventory of all the applications used in your final mile reporting (including the EUCs e.g. spreadsheets ).
A centralised inventory provides the foundation for the management controls. It provides document management capabilities that enable end-users and risk and audit teams to understand the purpose, design, and ownership of each application used in the reconciliation process. It also helps institutions apply and enforce their policies efficiently and effectively, helping reduce the scope for errors.
Putting technology to work in managing spreadsheets
For many firms, particularly after the pivot to remote workforces, the size of their EUC estate has become even more dispersed, making manual oversight nearly impossible. It’s why more of them are electing to deploy technology platforms that can fulfill this crucial discovering and monitoring role.
Mitratech offers a powerful, scalable, and proven spreadsheet risk management solution that provides the management control, visibility and auditability required by the PRA. Used by some of the most demanding institutions in the world, our solution offers you a proven and practical option for enhancing the robustness of your reconciliation process.
Verwalten Sie Ihre Schatten-IT-Tabellenkalkulationen
Mit ClusterSeven können Sie die Kontrolle über die in Ihrem Unternehmen versteckten Endbenutzer-Computer übernehmen, die ein verstecktes Risiko darstellen können.