PRA published a "Dear CEO" letter that sets out findings of a review on the reliability of regulatory reporting and reiterates the supervisory expectations on regulatory reporting. The PRA assessment found significant deficiencies in a number of processes used by firms to deliver accurate and reliable regulatory returns and noted an increased risk of material misstatements from firms that did not meet the expectations. The key findings set out in this letter cover the areas of governance and ownership, controls, and data and investment. Overall, PRA expects for all firms to submit reliable and accurate regulatory returns and for the regulatory reporting process to receive no less rigor than financial reporting.
The following are the key findings and the related supervisory expectations, as set out in the letter:
- With respect to governance and ownership, PRA found instances where responsibilities were dispersed across multiple individuals and teams and delegated too far down the organization. This issue was heightened in some cases where firms had complex and fragmented end-to-end processes, which often meant there was a poor understanding and documentation of the entire process. PRA expects responsibilities to be clear for those involved in all stages of the end-to-end regulatory returns process. PRA also observed instances of poor governance around key regulatory interpretations, including a lack of basic documentation, periodic reviews, and/or appropriate sign-off. In these instances, PRA expects firms to undertake work to identify the key interpretations and judgments, validate these interpretations and judgments, and correct them, where appropriate. When errors are identified for any reason after submission of the returns, firms should review the impact and resubmit where there are material errors.
- With respect to controls, PRA identified a number of gaps in end-to-end processes for regulatory returns, such as insufficient controls around models, issues with End User Computing (EUC), and a lack of reconciliation check for errors. PRA expects operating models to be clearly documented with effective controls at each stage of the process. Poor documentation led to a lack of understanding of both the controls and their effectiveness and ultimately errors in reporting. This was exacerbated by a high degree of manual intervention in the end-to-end processes for regulatory returns.
- PRA review highlighted that many firms have not prioritized investment in regulatory reporting, leading to reduced capacity and capability compared with financial reporting. Focus is often placed on implementing tactical fixes rather than strategic ones. The reviews found that firms must also place greater focus on robust sourcing of data to support allocation of assets between exposure classes. This should be supplemented by clear governance and sign-off when incomplete data is used.
PRA plans to follow up with the relevant firms on specific findings from the review. It expects firms’ remediation plans to be strategic, appropriately resourced, and address the root causes of those issues. Given the importance of robust regulatory returns, PRA expects all banks, designated investment firms, and building societies to consider the findings in this letter and any work they may need to do to remediate applicable issues, to improve the governance, controls, and data in context of the regulatory reporting.
Keywords: Europe, UK, Banking, Reporting, Governance, Investment Firms, Internal Controls, Operational Risk, Compliance Risk, Basel, FSMA, PRA
Previous ArticleEBA Revises List of Validation Rules for Reporting by Banks
The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.
The European Commission (EC) has issued two letters mandating the European Supervisory Authorities (ESAs) to jointly propose amendments to the regulatory technical standards under Sustainable Finance Disclosure Regulation or SFDR.
The European Banking Authority (EBA) published its annual report on convergence of supervisory practices for 2021. Additionally, following a request from the European Commission (EC),
The Farm Credit Administration published, in the Federal Register, the final rule on implementation of the Current Expected Credit Losses (CECL) methodology for allowances
The U.S. Securities and Exchange Commission (SEC) looks set to intensify focus on crypto-assets and cyber risk and extended the comment period on the proposed rules to enhance and standardize climate-related disclosures for investors.
The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility and issued an update on the operational preparedness for zero and negative market interest rates.
The Commission for the Financial Market (CMF) in Chile published capital adequacy ratios (as of February 2022, January 2022, and December 2021) for 17 banks and for the banking system.
The Prudential Regulation Authority (PRA) issued a statement on the European Banking Authority (EBA) guidelines on management of non-performing exposures (NPEs) and forborne exposures.
The European Banking Authority (EBA) updated the implementing technical standards that specify the data collection for the 2023 supervisory benchmarking exercise in relation to the internal approaches used in market risk, credit risk, and IFRS 9 accounting.
The European Insurance and Occupational Pensions Authority (EIOPA) published a feedback statement on the responses received to the consultation on blockchain and smart contracts in insurance.