Banks will need to evaluate their regulatory reporting frameworks in the light of findings outlined in a recent report published by the Central Bank of Ireland (“CBI”) on its thematic inspection of regulatory reporting by international banks (“Report”). According to those findings, banks may be failing to give sufficient consideration and prioritisation to their regulatory reporting obligations.
Regulatory reporting is key to the effective supervision of banks. The CBI uses regulatory returns for a number of purposes, including:
• assessing a bank’s risk profile;
• monitoring a bank’s adherence to regulatory requirements; and
• assessing a bank’s financial position.
The CBI recently completed a thematic inspection of a number of international banks with a view to assessing the extent to which it can rely on the accuracy and integrity of regulatory returns submitted. It published its Report outlining the results of that inspection on 12 April 2017.
The thematic inspection specifically focused on the banks’ processes for generating:
• Risk Weighted Assets (RWAs) and own funds for Common Reporting (COREP);
• Off-balance sheet items, Financial reporting (FINREP);
Large Exposure Returns (LEX); and
• Liquidity Coverage Ratio (LCR).
Following on from the inspection, the Report sets out a number of findings and outlines the CBI’s expectations in relation to these findings. In summary, these are as follows:
Quality and comprehensiveness of documented products: a number of banks had inadequate or incomplete procedures for the generation of the regulatory returns. The CBI expects banks to ensure that they have established comprehensive documented procedures for the preparation of regulatory returns, which, at a minimum, address the points outlined in Finding 1 of Appendix 1 of the Report. It also expects the relevant procedural document to be approved at an appropriate management forum and to be reviewed at least annually.
Resourcing of the Regulatory Reporting Function: the resourcing of the Regulatory Reporting Function is deficient in a number of banks, from both a human and Information Technology perspective. Regarding human resources, the CBI isconcerned that a number of banks overrelied on the experience and knowledge of key staff, had no formal training for staff, no formal succession plan, and had failed to ensure staff awareness of the bank’s regulatory obligation. Regarding IT, in general, the generation of regulatory returns was excessively manual with limited integration of source systems and an overreliance on manual adjustments and Microsoft (MS) Excel.
Reconciliation and Data Quality Assurance: a number of banks had failed to put in place a robust reconciliation and data quality assurance process aimed at ensuring the integrity of the data employed in the regulatory returns. Data quality issues were identified in all banks to varying degrees. In addition, a number of banks had failed to put in place a formal data attestation process between business lines and the Regulatory Reporting Function, which, combined with gaps in data validation and verification, resulted in the use of inaccurate data for the generation of regulatory returns. The Report also identified a number of fundamental errors in regulatory reporting submissions, which should have been identified and remediated during the management review process.
Deficiencies in the three lines of defences: according to the Report, the scope, depth and frequency of the Internal Audits conducted within the banks relating to the end to end regulatory reporting process fell significantly below the CBI’s expectations.
Inconsistencies in the implementation of the LCR: instances of material misreporting were identified in relation to the LCR (DA). The Report also identifies three common themes in relation to the LCR (DA) process, relating to:
• incorrect inflow and outflow rates being used due to misclassification of elements of the LCR;
• weaknesses in the approach used for consideration of the Historical Look-Back Approach; and inadequate development of the Liquidity Risk Framework in relation to the LCR requirements.
Categorisation and reporting of large exposures: a number of banks failed to adequately document the LEX reporting process and the thematic inspections identified misreporting issues due to system limitations and the requirement for excessive manual intervention in the production of the return. The inspection identified common themes in relation to the categorisation and reporting of LEX relating to:
• a lack of comprehensive procedural documentation;
• inaccurate reporting of LEX under Article 394(1)(b) of the Capital Requirements Regulation 575/2013;
• a sub-standard reconciliation process; and
• lack of adequate review and approval of the return.
The CBI has written to all of the international banks informing them about its findings and has issued reconciliation plans to the in-scope banks with specific timeframes set for the closure of the issues identified.
The CBI expects all banks operating in Ireland to have in place robust regulatory reporting processes and controls that are proportionate to their business. In view of the fact that only one of the banks inspected by the CBI demonstrated an appropriate control environment in relation to the production of their regulatory returns, each bank should carefully evaluate the adequacy of its regulatory reporting framework in light of the findings set out in the Report and put in place remediation plans for any issues identified.