The PRA & Regulatory Reporting: Spreadsheet Risk Management

The UK’s prime banking regulator – the Prudential Regulatory Authority (PRA) – recently contacted the CEOs of UK banks and building societies, highlighting their disappointment in finding  issues around the quality of the systems and processes used  to prepare regulatory reports submitted by many financial institutions.

In its “Thematic Findings on the Reliability of Regulatory Returns,” one concern the PRA raised was that firms did not always apply the same effort and diligence to their regulatory reporting as they did with the financial reports they provided to their shareholders and counterparties.

Instead of an efficient, streamlined process with clear lines of responsibility and proper ownership, the PRA found that the regulatory reporting process for many institutions is fragmented, manual, and potentially error-prone. The process often lay with small teams who were unaccountable to the PRA and often lacked outside scrutiny and proper management oversight.

A particular area of concern for the PRA was how spreadsheets featured heavily in many regulatory reporting processes and workflows, as this reflects the ad hoc nature of regulatory reporting uncovered by the PRA’s research.

The PRA has highlighted spreadsheet risk as a significant weakness for many institutions and has tasked many to draw up plans to address the issue. They will be looking for evidence of grip and progress in short order.

So, what do you need to do as best practices in an effective spreadsheet risk management program?

With a centralised inventory in place, the firms need to proactively monitor the key reporting spreadsheets so that changes can be monitored, and issues identified quickly before they can have a material impact on the business. Automated reports can capture this information, so that changes, issues and enhancements to the critical spreadsheets can be recorded, ready for use by management, regulators, and others.

The final phase is discovery, where you ensure the completeness of your inventory of critical spreadsheets that are core to the reporting process, whether a data store, calculator, model, or as part of the reconciliation process. A search across the entire estate is needed to find all the key spreadsheets in the reporting process. A less-than-complete search can mean that key spreadsheets are overlooked and fail to satisfy the regulator.

Searches need to be carried out regularly so that new, relevant spreadsheets added to the estate can be identified and monitored quickly.

How to best mitigate this risk? With leading technology…

Mitratech offers a market-leading, proven, and scalable spreadsheet risk management platform that provides enterprise-strength control and management levels.