Given the long list of regulations that organisations need to comply with – CECL, IFRS9, MiFID II, SOX, CCPA, BCBS 239, SR 11-7, Solvency II, GDPR, CCPA, among others – investment by organisations in Regulatory Technology (RegTech) is estimated to grow by a whopping 45% annually on average over the next five years. This represents a six-fold increase by 2023. The risk of hefty financial penalties because of non-compliance looms and so, clearly, institutions are wisely resorting to technology to meet regulatory demands efficiently and cost-effectively. At the same time, they are mitigating any reputational risk that accompanies non-compliance, the effects of which are potentially longer lasting than any monetary fine, says Henry Umney, CEO of ClusterSeven.
RegTech can be quickly deployed, replaces expensive manual processes, delivers flexibility and facilitates dynamism to enable financial institutions to deliver against the evolving compliance requirements. When used concurrently with existing legacy systems, such platforms can help drive innovation too.
As financial institutions make investments in RegTech capabilities – typically considered to be big data analysis, artificial intelligence, biometrics, blockchain and chatbots – the widespread use of spreadsheets in core business processes means that spreadsheet risk management must be a major consideration in these efforts. If overlooked, these risks could well be the ‘chink in the armour’ that leads to accidental non-compliance, as well as potential business impact and reputational harm.
Spreadsheet risk is genuinely a risk to the business
A large portion of regulatory compliance requirements involve complex data processing and spreadsheets often serve as the ‘go to’ tool for managing several vital business processes. For instance, spreadsheets are widely used for final mile reporting, pricing models, economic/financial models, or data manipulation. With spreadsheets feeding information to many core enterprise systems and RegTech platforms, accuracy of the data inputs in many instances is dependent on the integrity of the spreadsheet applications that store the material. Hence, incorrect inputs into any system will skew the outcome, to either cause compliance breaches or indeed impact decision-making, completely negating the value of these latest technologies to the business.
With spreadsheets feeding information to many core enterprise systems and RegTech platforms, accuracy of the data inputs in many instances is dependent on the integrity of the spreadsheet applications that store the material.
Spreadsheet risk is genuinely a risk to the business for several reasons. Not only is it easily accessible (it’s available on every desktop), it is easy to use and so, used without training and often in the absence of formal usage policies. All this combined means that there are little or no checks on data sources used to populate business critical spreadsheet-based processes.
Automation of spreadsheet risk management key to RegTech success
Spreadsheet risk can be overcome with the adoption of a best practice approach to this function. Like RegTech solutions, spreadsheet risk management is underpinned by automation.
Automated spreadsheet management enables financial institutions to have complete visibility and an understanding of the organisation’s spreadsheet environment. The technology exposes the data lineages of individual files across the spreadsheet environment to accurately reveal the data sources and relationships between the applications. Every identified critical spreadsheet can be tiered based on the risk it poses to the business. Today, spreadsheet risk management solutions facilitate an enterprise-strength model that dovetails with the larger RegTech environment to establish a seamless process that supports everything from creation of new spreadsheets through to their adoption into the relevant corporate applications and ultimate retirement from the business’ application landscape.
A considered approach to spreadsheet risk management must be an integral part of any RegTech initiative.
Spreadsheet risk management minimises compliance execution risk. Fundamentally, one of the objectives of the various regulatory regimes collectively is that they want organisations to build in operational resilience into their business to ensure commercial flexibility and strength in tougher economic times. This kind of approach helps design-in operational resilience by providing intrinsic safeguards for things like attestation management. It provides automated processes for attestation by employees for the most critical spreadsheets, ensuring that changes are made in line with the company policy – critical for regulations such as the Senior Managers and Certification Regime, where the onus of good business practices and accountability rests with the senior executives themselves.
Good data underpins business operation, decision-making and commercial success, and compliance. Stringent and ‘business as usual’ style management of these end-user computing tools where unstructured, yet business-critical data resides, is essential not merely for compliance, but for efficient running of an organisation. A considered approach to spreadsheet risk management must be an integral part of any RegTech initiative. It will ensure that financial institutions fully maximise the value of their investments in the associated technology platforms.
About the author
Henry Umney is CEO of ClusterSeven. He joined the company in 2006 and for over 10 years was responsible for the commercial operations of ClusterSeven, overseeing globally all sales and client activity, as well as partner engagements. In July 2017, he was appointed CEO and is strongly positioned to take the business forward. He brings over 20 years’ experience and expertise from the financial services and technology sectors. Prior to ClusterSeven, he held the position of Sales Director in Microgen, London and various sales management positions in AFA Systems and ICAP, both in the UK and Asia.