PRA Letter Sets Out Findings on Reliability of Regulatory Reporting

The following are the key findings and the related supervisory expectations, as set out in the letter:

• With respect to governance and ownership, PRA found instances where responsibilities were dispersed across multiple individuals and teams and delegated too far down the organization. This issue was heightened in some cases where firms had complex and fragmented end-to-end processes, which often meant there was a poor understanding and documentation of the entire process. PRA expects responsibilities to be clear for those involved in all stages of the end-to-end regulatory returns process. PRA also observed instances of poor governance around key regulatory interpretations, including a lack of basic documentation, periodic reviews, and/or appropriate sign-off. In these instances, PRA expects firms to undertake work to identify the key interpretations and judgments, validate these interpretations and judgments, and correct them, where appropriate. When errors are identified for any reason after submission of the returns, firms should review the impact and resubmit where there are material errors.
• With respect to controls, PRA identified a number of gaps in end-to-end processes for regulatory returns, such as insufficient controls around models, issues with End User Computing (EUC), and a lack of reconciliation check for errors. PRA expects operating models to be clearly documented with effective controls at each stage of the process. Poor documentation led to a lack of understanding of both the controls and their effectiveness and ultimately errors in reporting. This was exacerbated by a high degree of manual intervention in the end-to-end processes for regulatory returns. 
• PRA review highlighted that many firms have not prioritized investment in regulatory reporting, leading to reduced capacity and capability compared with financial reporting. Focus is often placed on implementing tactical fixes rather than strategic ones. The reviews found that firms must also place greater focus on robust sourcing of data to support allocation of assets between exposure classes. This should be supplemented by clear governance and sign-off when incomplete data is used. 

PRA plans to follow up with the relevant firms on specific findings from the review. It expects firms’ remediation plans to be strategic, appropriately resourced, and address the root causes of those issues. Given the importance of robust regulatory returns, PRA expects all banks, designated investment firms, and building societies to consider the findings in this letter and any work they may need to do to remediate applicable issues, to improve the governance, controls, and data in context of the regulatory reporting. 

Related Links

• Notification
• Letter (PDF)

Keywords: Europe, UK, Banking, Reporting, Governance, Investment Firms, Internal Controls, Operational Risk, Compliance Risk, Basel, FSMA, PRA