PRA published a "Dear CEO" letter that sets out findings of a review on the reliability of regulatory reporting and reiterates the supervisory expectations on regulatory reporting. The PRA assessment found significant deficiencies in a number of processes used by firms to deliver accurate and reliable regulatory returns and noted an increased risk of material misstatements from firms that did not meet the expectations. The key findings set out in this letter cover the areas of governance and ownership, controls, and data and investment. Overall, PRA expects for all firms to submit reliable and accurate regulatory returns and for the regulatory reporting process to receive no less rigor than financial reporting.
The following are the key findings and the related supervisory expectations, as set out in the letter:
- With respect to governance and ownership, PRA found instances where responsibilities were dispersed across multiple individuals and teams and delegated too far down the organization. This issue was heightened in some cases where firms had complex and fragmented end-to-end processes, which often meant there was a poor understanding and documentation of the entire process. PRA expects responsibilities to be clear for those involved in all stages of the end-to-end regulatory returns process. PRA also observed instances of poor governance around key regulatory interpretations, including a lack of basic documentation, periodic reviews, and/or appropriate sign-off. In these instances, PRA expects firms to undertake work to identify the key interpretations and judgments, validate these interpretations and judgments, and correct them, where appropriate. When errors are identified for any reason after submission of the returns, firms should review the impact and resubmit where there are material errors.
- With respect to controls, PRA identified a number of gaps in end-to-end processes for regulatory returns, such as insufficient controls around models, issues with End User Computing (EUC), and a lack of reconciliation check for errors. PRA expects operating models to be clearly documented with effective controls at each stage of the process. Poor documentation led to a lack of understanding of both the controls and their effectiveness and ultimately errors in reporting. This was exacerbated by a high degree of manual intervention in the end-to-end processes for regulatory returns.
- PRA review highlighted that many firms have not prioritized investment in regulatory reporting, leading to reduced capacity and capability compared with financial reporting. Focus is often placed on implementing tactical fixes rather than strategic ones. The reviews found that firms must also place greater focus on robust sourcing of data to support allocation of assets between exposure classes. This should be supplemented by clear governance and sign-off when incomplete data is used.
PRA plans to follow up with the relevant firms on specific findings from the review. It expects firms’ remediation plans to be strategic, appropriately resourced, and address the root causes of those issues. Given the importance of robust regulatory returns, PRA expects all banks, designated investment firms, and building societies to consider the findings in this letter and any work they may need to do to remediate applicable issues, to improve the governance, controls, and data in context of the regulatory reporting.
Keywords: Europe, UK, Banking, Reporting, Governance, Investment Firms, Internal Controls, Operational Risk, Compliance Risk, Basel, FSMA, PRA
Previous ArticleEBA Revises List of Validation Rules for Reporting by Banks
In a letter addressed to the industry, the Australian Prudential Regulation Authority (APRA) set out an updated schedule of policy priorities for the banking, insurance, and superannuation industries.
The European Commission (EC) adopted a comprehensive review package of Solvency II rules in the European Union.
The Office of the Comptroller of the Currency (OCC) issued Versions 1.0 of the "Earnings" and "Regulatory Reporting" booklets of the Comptroller's Handbook.
The European Central Bank (ECB) published results of its economy-wide climate stress test, which aimed to assess the resilience of non-financial corporates and euro area banks to climate risks.
The European Banking Authority (EBA) published a report on the use of digital platforms in the banking and payments sector in European Union.
The Hong Kong Monetary Authority (HKMA) published updates on the policy measures that were announced in context of the ongoing pandemic.
The International Swaps and Derivatives Association (ISDA), along with several other associations, submitted a joint response to the Basel Committee on Banking Supervision (BCBS) consultation on preliminary proposals for the prudential treatment of cryptoasset exposures.
BIS published the September issue of the Quarterly Review, which contains special features that analyze the rapid rise in equity funding for financial technology firms, the effectiveness of policy measures in response to pandemic, and the evolution of international banking.
The Basel Committee for Banking Supervision (BCBS) met in September 2021 and reviewed climate-related financial risks, discussed impact of digitalization, and welcomed efforts by the International Financial Reporting Standards (IFRS) Foundation to develop a common set of sustainability reporting standards
The Office of the Comptroller of the Currency (OCC) issued a Cease and Desist Order against MUFG Union Bank for deficiencies in technology and operational risk governance.