Integrity of regulatory reporting remains a key priority of the PRA

They issued a record-breaking fine of GBP46.55million to Standard Chartered Bank for failures in its governance and control framework around regulatory reporting on its liquidity position, as well as the bank’s failure to inform the PRA when material issues with its regulatory reporting were identified. A few days later, they confirmed yet another fine to Metro Bank of GBP5.38million, as the bank failed to act with due skill, care and diligence in the regulatory reporting on its capital position and showed shortcomings in governance, controls and investment in its Common Reporting (COREP) returns processes.

Areas of weakness identified

The PRA highlighted key failures as root causes for the regulatory reporting errors and miscalculations, which include:

1. Inaccurate and poorly formalised technical interpretation of regulatory rules
2. Relevant data missing from regulatory reporting systems
3. Highly manual and complex processes to produce regulatory reports
4. Inadequate ownership and governance arrangements over regulatory returns
5. Insufficient resourcing of regulatory reporting teams in terms of personnel’s strength and skillset
6. Limited independent assessment of regulatory reports

Focus in 2022

The PRA has made it clear that ensuring ongoing integrity of regulatory reporting continues to be one of its key priorities. Therefore, banks and building societies focus in 2022 needs to be on strengthening their reporting framework across their suite of regulatory returns. Remediation and improvement efforts should cover how regulatory reporting data is governed, sourced, aggregated, transformed, interpreted, analysed and subsequently reported. Firms can use principles laid out in Basel’s BCBS 239 Principles for Effective Risk Data Aggregation and Risk Reporting as a benchmark of what is needed to ensure regulatory reporting is complete, timely, and accurate on an ongoing basis.

Independent reviews carried out by either Risk, Compliance, Internal Audit or third-party advisors should be sufficiently balanced such that it adequately covers all elements of the regulatory reporting framework. The scope and frequency of these reviews should also be periodically updated to reflect recent areas of concern identified from ongoing risk activities, examinations/correspondence from regulators as well as the outcome of horizon scanning or any industry benchmarking exercise.

Finally, banks and building societies need to demonstrate timely internal escalation processes across the governance structure when material issues are identified in their regulatory reports. In addition, the PRA should be promptly notified when these materials issues occur, even if detailed investigation and analysis are still ongoing.

Next steps

Optimising the strategic value of data used for risk management and regulatory reporting purposes is essential for ongoing reporting reliability. Actions to take around this should cover the following:

1. Risk Data Governance – improve maturity of oversight arrangements, define data management standards; establish roles and responsibilities aimed at safeguarding data integrity.
2. Risk Data Architecture – Ensure data is stored, traced and connected in a way that is secure, compliant, flexible and enables meaningful use.
3. Risk Data Quality - Remediate poor quality risk data; implement robust data quality controls and metrics; automate risk and regulatory reporting production and controls

References

• https://www.bankofengland.co.uk/prudential-regulation/letter/2021/september/thematic-findings-on-the-reliability-of-regulatory-returns
• https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/regulatory-action/final-notice-from-pra-to-standard-chartered-bank.pdf
• https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/regulatory-action/final-notice-from-pra-to-metro-bank.pdf