The UK’s Prudential Regulation Authority (PRA) has commissioned 11 skilled persons reviews under Section 166 of the Financial Services and Markets Act 2000 into firms’ regulatory reporting in the last two quarters.
The PRA commissioned nine prudential s166 reviews of deposit takers in the fourth quarter 2019/20 (December through February), according to publicly available information. It said the “majority of the reviews covered regulatory reporting”, following an October 2019 ” Dear CEO” letter which reminded banks’ of their obligation to submit timely and accurate reports.
It commissioned a further four s166 reviews in the first quarter 2020/21 (March through May) as the impact of the COVID-19 pandemic unfolded. Two covered controls and risk management frameworks and the others were prudential (regulatory reporting) in nature.
Less than a month after the “Dear CEO” letter, the PRA fined Citi £44 million for regulatory reporting failures, citing inadequate systems controls around reporting, inadequate staffing levels, poor governance and an insufficiently effective approach to technical interpretations of reporting requirements. The PRA said it first uncovered problems with Citi’s reporting in 2015 but did not commission a s166 review until 2017.
Flawed reporting may overshadow banks’ COVID-19 response
There is a risk flawed risk data and regulatory reporting could overshadow banks’ response to the COVID-19 crisis as it did during the Lehman Brothers collapse in 2008. The European Central Bank also warned bank chief executives about poor quality regulatory reporting last year.
The Bank of International Settlements’ (BIS) April 2020 report on Global Systemically Important Banks’ (G-SIB) compliance with its principles risk data aggregation and reporting (BCBS 239) showed none were fully compliant, but said there had improvement, although some of the most recalcitrant problems such as overreliance on manual workarounds (spreadsheets) lingering. As the better banks progressed their understanding of the principles, they revisited past work and made improvements and might have self-assessed as not fully compliant, the report said.
“I am quite positive on the progress organisations have made. Is it finished? Obviously not. The BCBS report hides the positive. You just have to look at the number of [chief data officers] and the influence they have in organisations, the policies and how stringent they’re getting. We know one organisation training 5,000 people globally this year on data management principles. We are not done, but some seriously positive steps have been taken in the right direction,” said Chris Probert, a partner and UK data practice lead at Capco.
Banks that have improved their regulatory reporting quality since 2008 may be better positioned today. However, responding accurately and quickly to regulators’ ad hoc requests for information on top-50 counterparties, liquidity and credit risk, for example, will be difficult even for some G-SIBs despite a decade’s worth of regulatory effort and bank expenditure to improve. That is because for decades data quality was not been on banks’ agendas as many of the largest saw complexity balloon through mergers and acquisitions.
“Unpicking that complexity is so hard. Ultimately these are complicated organisations. They are making strides, but they probably aren’t moving as quickly as they would like. They do have a lot of legacy issues to deal with and are opting for a strategic agenda rather than a tactical agenda to resolve these problems through an architecture that is reusable and scalable where they don’t make the same mistakes over and over,” Probert said.
PRA requests estimated provision levels
Regulators may have already been asking banks for information on their financial resilience during the pandemic or looking for additional information during the periods of high volatility.
“Firms are investing more into understanding their legacy architectures and looking for tangible ways to simplify them so they can provide different types of data on a timely basis. All of this is already likely available at various levels in an organisation, the question is how do you standardize that and make it readily accessible to a regulatory body? Hence why some of this is still done manually,” said Tej Patel, a partner and UK regulatory practice lead at Capco in London.
One example of an ad hoc request is Sam Woods’, the PRA’s chief executive, June 4 letter to banks in part to advising that ahead of their second quarter 2020 reporting, the PRA intends to gather further information from firms on estimated provision levels to compare the timing and amount of losses it has modelled to those anticipated by banks. He did not indicate a deadline for submission but may have been giving them ample time to prepare.
Most banks have a continuous asset quality review programme that spends a lot of time and resource on aggregating data for an annual review. Still producing an updated view for the regulator is unlikely to be easy. Firms will have spreadsheets with some of the data, but their confidence behind it may not be high.
“Infrastructure and data issues aside, the loans piece will take firms a bit longer to produce. If this is amended request it may take a little longer to push through and it will probably be manual,” Patel said.
Letter reminded senior managers of their obligations
The PRA’s October “Dear CEO” letter reminded designated senior managers, executive teams and boards of their responsibilities in this key area.
“The production and integrity of a firm’s financial information and its regulatory reporting is a prescribed responsibility. We have therefore copied this letter to the relevant senior manager at your firm, although this should also be an area of focus for the executive team and the board,” it wrote.
This article originally appeared in Thomson Reuters Regulatory Intelligence on 16 June 2020