That "Dear CEO" letter: some institutions are in the "last chance saloon?

The PRA's communication was a wake-up call - but SaaS regulatory technology offers solutions

The letter from the Prudential Regulation Authority (PRA) to regulated financial entities in the UK took me by surprise. Not because of the content of the letter - which was entirely foreseeable - but because of the tone. It was tougher than might have been expected. Banks were given a serious dressing down. Many are not taking their responsibilities seriously:

?It was clear that multiple firms did not treat the preparation of their regulatory returns with the same care and diligence that they apply to financial reporting shared with the market and counterparties. For some firms, there had been a historic lack of focus, prioritisation, and investment in this area.?

The letter contains the words ?we expect? or ?our expectations? no fewer than 11 times - effectively it is saying, sort yourselves out, rethink your reporting strategies and invest in regulatory technology. The words ?or else? do not appear explicitly, but the letter ends with an ominous, ?where individual firms fall short of our expectations, we will consider the full range of supervisory responses and enforcement powers at our disposal?.

This comes in the wake of a series of Section 166 notices issued by the PRA to UK registered banks for failures in their governance and controls around regulatory reporting.

The PRA highlights shortcomings in three areas:

  1. Governance and ownership

The PRA bemoans the lack of senior accountability and oversight, stating that they found instances of responsibilities being widely dispersed or delegated too far down the organisation. Greater top-level accountability should also be supported by ?robust processes, including independent testing and validation?. It goes on to cite poor governance around key regulatory interpretations, lack of documentation and the need to resubmit reports where there are material errors (among many other shortcomings).

  1. Lack of controls

The PRA identified gaps in end-to-end processes, lack of controls around models, over-reliance on spreadsheets and manual processes, and a lack of reconciliation of regulatory flows to the general ledger and other records.

  1. Lack of data and investment

The PRA highlighted 'that many firms have not prioritised investment in regulatory reporting, leading to reduced capacity and capability compared with financial reporting?. It found a focus on tactical fixes and workarounds, outdated reporting system infrastructure and a significant need for manual intervention, all of which leads to a higher risk of data errors and misstatement of returns. Firms must also invest in more robust sourcing of data, for example to support allocation of assets between exposure classes.

However, it is not all doom and gloom. The PRA did offer some praise for those firms that have invested in data and an efficient regulatory reporting technology infrastructure. Moreover, the letter implies that the benefits go beyond regulatory reporting itself, as firms that have invested are enabled to ?make more effective and efficient use of the data in the longer term?.

Nicolas Degruson will be discussing how firms can move forward in part two of this blog post - watch our website.

For more Regulatory Technology thought leadership from Moody's Analytics visit