Success of risk management initiatives will be underpinned by best practice-led spreadsheet management 

Henry Umney, CEO of ClusterSeven, offers his views on regulatory and risk management trends in the insurance, banking and financial services sectors for 2018:

• Model risk management will become a top priority

With regulators demanding that organizations adopt an all-inclusive model risk management and governance strategy, many regulations (e.g. SR11-7, ECB TRIM, OCC 2011-12 and more) are now becoming ‘business as usual’ in the banking and financial services sectors. Such a broad sweeping mandate is demanding a robustness around model governance and therefore calling into question the integrity of the data sources that feed the models as well as the effectiveness of controls that currently exist to ensure accuracy.  Organizations will need to pull back the ‘governance lens’ in 2018 to take a more holistic view of their model risk management programme. This will allow them to gain visibility and understand the entire ecosystem of applications that surround each and every governance model – as well as the data lineages across the landscape.

• Sarbanes Oxley (SOX) will make a comeback

With the introduction of rules on mandatory audit rotation last year, which require public entities and listed companies to put their audit out to tender every 10 years, and change the auditor at least every 20 years – the emphasis on SOX compliance will make a comeback. This will be an easy win for external auditors looking to make their mark in new client organizations. Additionally, regulators such as the Public Company Accounting Oversight Board (PCAOB) are coming down hard on auditors for audit failures and violation of the Board’s quality standards to enforce SOX compliance by organizations. Faced with potential fines in the region of millions of dollars, auditors will increase their scrutiny of organizations’ internal audit controls over financial reporting, assessing and responding to risks of material misstatement, and measurements.

With many of these processes undertaken in spreadsheets, external auditors will look for ways to deliver against regulators’ demands of more evidence of auditability and control of these applications. Without the adoption of technology-led spreadsheet management of internal audit controls by organizations, they will find it almost impossible to meet the demands of the auditors and regulators alike.

• Regulation will drive data ownership, organizations will realize the value of data for competitive advantage 

Most regulations, be they General Data Protection Regulation (GDPR), IFRS 9, BCBS 23,9 SOX, SM & CR, Dodd-Frank or any other, ultimately aim to enforce data ownership and governance to ensure accuracy of financial models, minimize financial risk and protect consumers. While simple in concept, due to the widespread types of data sources and complexity of models, it’s incredibly difficult to get right. It requires a streamlined approach to people, processes and technology. However, those that make headway, will begin to recognize and realize the value of data for informed decision-making and competitive advantage. Due to the extensive use of spreadsheets for data manipulation-related processes, their control and management will be key to such initiatives.

• Organizations will set up temporary business processes to deal with Brexit 

While the uncertainty around Brexit continues, organizations will start preparing to deal with Brexit, regardless of the shape or form it takes. Organizations have enterprise systems of course, but they aren’t as flexible and nimble to change, and more so in the current uncertain environment. Spreadsheets will become the default tool that they will resort to quickly respond to changing business requirements for reporting and compliance by setting up temporary business processes/solutions as they plan for every eventuality. An automated approach to spreadsheet management will be essential to ensuring the accuracy and integrity of these critical processes to minimise financial, operational and regulatory risk.

• Major IT-led transformation in the insurance sector is on the cards

As the Prudential Regulation Authority (PRA) increases scrutiny on the insurance sector, insurance firms will need to continue to ensure their Solvency II compliance is embedded into ‘business as usual’. Simultaneously, the introduction of IFRS 17 represents the biggest accounting change for insurers in recent times. Compliance with these regulations will drive IT-led transformation of processes and standardization of modelling platforms will become a major focus for insurers in 2018. As firms set up new enterprise systems and data warehouses as part of their technology transformation initiatives – in the interim – spreadsheets will provide the much-needed flexibility to help quickly establish processes and models for compliance, which will ultimately remain in use for the foreseeable future. Consequently, adoption of automated spreadsheet management will form a key part of the IT transformation initiatives.

• Cloud adoption of risk management solutions will gather momentum

With many regulatory bodies globally, such as FedRAMP, European Union Model Clause, SOC 1 and 2, among others, having recognised Microsoft Azure as a secure platform, the cloud ecosystem for risk management solutions will gather momentum, which will encourage their adoption among organizations. Risk management cloud solution providers will innovatively leverage this ecosystem to expand their offering and delivery options to beyond traditional areas including internal audit, and risk and compliance.