Spotlight on Regulatory Reporting
In late 2019, communication from the PRA emphasised that banks and building societies are expected to submit “complete, timely, and accurate regulatory returns.” Since then, they have conducted follow-up investigations into the quality of reporting across the industry. From these findings, a recent letter suggested that, overall, the PRA was:
“Disappointed to find significant deficiencies in a number of firms’ processes used to deliver accurate and reliable regulatory returns. It was clear that multiple firms did not treat the preparation of their regulatory returns with the same care and diligence that they apply to financial reporting shared with the market and counterparties. For some firms, there had been a historic lack of focus, prioritisation, and investment in this area.”
These findings have far-reaching implications for the industry, and firms must further prioritise regulatory reporting if they are to meet the PRA’s expectations.
Moving forward, regulated firms will need a detailed understanding of the PRA’s September 2021 letter “Thematic findings on the reliability of regulatory reporting,” which falls into three key parts:
Part one: Governance and ownership
Despite the rules outlined in the senior management regime, many senior managers lack accountability, ownership and oversight of their firm’s financial information and regulatory reporting processes. Such responsibilities are often dispersed across many teams and too far down the organisation.
The PRA is especially concerned with cases where firms have overly complex or fragmented end-to-end processes, which result in poor understanding and documentation of process flow. Even more significantly is that some firms rely on teams who have little oversight of their role or accountability of work carried out.
These problems were compounded by evidence of “poor governance around key regulatory interpretations, including a lack of basic documentation, periodic review, and/or appropriate sign-off.” In many cases, issues arose because regulatory requirements had been hard coded into systems, which is problematic if interpretations change or are no longer suitable.
The PRA expects those involved in the end-to-end regulatory returns process to have clear visibility of their responsibilities. Firms will also need “robust processes, including independent testing and validation, with the use of Internal Audit where appropriate, to ensure returns are reliable and accurate.”
Where requirements have been hard coded into internal systems, firms should identify key interpretations and judgements, validate those judgements, and correct them where appropriate.
Part two: Controls
Any regulatory returns process is only as effective as the control framework on which it is built. As such, the PRA are watchful of firms that have “gaps in their end-to-end processes for regulatory returns, such as insufficient controls around models, End User Computer (EUC) and a lack of reconciliation checks for errors.”
These issues are problematic because they lead to a lack of understanding of controls and their effectiveness, as well as reporting errors. The PRA further warn that a high degree of manual intervention in the regulatory returns process is particularly detrimental.
- Models: The PRA expressed disappointment over “several instances of poor record keeping of original model documentation including applications, their approval, and a full chronology of model changes that require regulatory approval or notification.” Moving forward, it expects operating models to be clearly documented with effective controls at each stage of the process.
- Spreadsheets: For firms whose regulatory reporting processes still involve spreadsheet controls – which are inherently riskier – the PRA expects “appropriate documentation of key processes, risk and control assessments, judgements, and assumptions as well as robust processes and controls.”
- Reconciliations: Firms with unsatisfactory reconciliation disciplines are being monitored closely by the PRA. Looking ahead, such firms will require “a formal and comprehensive process reconciling regulatory flows to appropriate records, including the general ledger, for every submission cycle.”
Part three: Data and investment
A number of firms are yet to invest sufficiently in regulatory reporting, which consequently lacks the capability and capacity of financial reporting. In particular, the PRA point out that a lack of strategic investment “has led to outdated reporting system infrastructure and the need for significant manual intervention to fill data and system gaps. This in turn leads to higher risk of data errors and misstatement of returns.”
The PRA found that, where firms had invested in data, they had a “simpler and more efficient infrastructure, requiring less manual intervention.” Those that have yet to invest will be expected to follow suit if they want to minimise data errors and make more effective use of their data in the long-term. Firms must also place greater focus on robust sourcing of data, which should be supplemented by clear governance and sign-off when incomplete data is used.
The way forward
To address these deficiencies and meet the PRA’s expectations, firms need to regard their regulatory reporting with the same rigour as they currently do with financial reporting. This will almost certainly involve investment in and partnering with technology.
AutoRek’s key recommendations:
- Invest in a software solution to assist with regulatory reporting, which demonstrates prioritisation as expected by the PRA
- By using an end-to-end platform, firms can remove manual spreadsheet-based processes and the inherent issues they involve, e.g., lack of control, security, and risk of error
- An automated solution will allow firms to store their data in a single, secure source, ensuring integrity and control. This data can then be used to populate regulatory returns in a standardised, repeatable manner, thereby removing manual processing errors
- Firms should seek a rules-driven platform that guarantees complete reconciliation of data items to ensure accuracy and completeness prior to submission to the regulator
- Firms will need workflow that allows for review and approval of each regulatory return to be completed and stored ahead of each submission.
AutoRek’s best-in-class technology provides the capability for your firm to meet regulatory reporting requirements, including CASS, MiFID II, IFPR, IFRS 17, CSDR and safeguarding.