Comment on recent PRA Dear CEO letter on the reliability of regulatory reporting

15 September 2021

You may recall that the PRA, in October 2019, wrote to all CEOs reminding them of their expectation that all banks and building societies should submit complete, timely and accurate returns.

The PRA has continued to focus on this area and this resulted in a number of skilled person reviews on regulatory reporting being commissioned from 2019 onwards.

The results from this thematic has recently been published in a letter to CEOs and the overall conclusion is that the PRA: …“is disappointed to find significant deficiencies in a number of firms’ processes used to deliver accurate and reliable regulatory returns. It was clear that multiple firms did not treat the preparation of their regulatory returns with the same care and diligence that they apply to financial reporting”.

The findings from the thematic review centres on three key areas:

1. Governance and ownership

  • Ownership and control of the regulatory reporting is dispersed across the business resulting in lack of ownership and accountability, particularly at the senior management level. 
  • Poor governance around key regulatory interpretations resulting in subjective assessments not being updated and reviewed by the appropriate level of management. 

2. Controls 

  • Significant gaps in the end-to-end processes with lack of effective controls for the following: 
    • Models: Lack of documentation and approval of model changes without regulatory notification. 
    • Reconciliations: gaps in the formal reconciliation between the general ledger and the regulatory data for each submission cycle resulting in incorrect data being submitted.
    • Spreadsheets: Poor control environment over manual process and over-reliance on spreadsheets with applying end-user-controls. 

3. Data and investments

  • Lack of investment in strategic regulatory reporting solutions has resulted in heavy reliance on tactical workarounds and manual adjustments. This in turn has led to a higher risk of data errors and misstatements.

What should firms do?

Given the ongoing focus on regulatory reporting by the PRA, and the future changes in regulatory reporting due to CRR2 and Basel 3.1, it is important that firms have effective operating models for their regulatory reporting processes that are flexible, scalable and dynamic and also operate with the same rigour and oversight as the financial reporting process.

This requires firms to invest in resources/training, infrastructure/technology and an effective governance/control environment. Specifically, based on our experience of reviewing the regulatory reporting function of  multiple banks and building societies, it is paramount that firms have detailed documentation of how they have interpreted the regulatory rules and that this has been reviewed and challenged at the right level of seniority.

Firms should continue to enhance the regulatory reporting process and this must be supported by regular third party and external review to provide assurance that firms have addressed the issues identified in the thematic review.

How BDO can help?

If you would like to discuss the above or would like to understand how BDO can help your firm with strengthening your regulatory reporting process or addressing some of the issues identified in the thematic review, please contact Leigh Treacy, Head of Financial Services Advisory or Oivind Andresen, FS Risk & Regulatory Advisory Director.