At the end of 2021, the Bank of England’s Prudential Regulation Authority (PRA) published a series of reports highlighting a number of issues with multiple major banks’ regulatory compliance. Some major revelations that came out of this was many banks’ over-reliance on spreadsheets (with one spreadsheet error costing $10 million!) and fragmented governance mechanisms. This is an example of a common problem that many financial institutions face - they are tasked with incredibly complex work and don’t always have the right technology to support it.
We know that financial institutions have to jump through a lot of regulatory hoops already, and regulatory pressures are only increasing, but compliance doesn’t always equal resilience. You can tick all the right boxes during an audit, but when there’s a real-life breach, how ready are you to deal with it and avoid knock-on effects for your customers?
Undergoing a disaster recovery exercise for an audit, for example, often takes weeks or months of planning - you don’t have that luxury when you’re faced with a real-life outage that needs fixing now. So how confident are you that your compliant systems will actually be resilient in the heat of the moment?
Despite there being myriad new solutions and technologies available to ensure compliance and mitigate risks, many organizations are still relying on spreadsheets and other manual methods to manage most aspects of their day-to-day business. And, as the PRA’s report shows, this can have some major consequences. The manually-intensive nature of using spreadsheets means they leave tons of room for human error; there could be multiple versions in circulation with no one source of truth, and they offer no comms or orchestration capabilities.
Plus, with all the new requirements, technological advances, and increasing cyber threats, technology needs to keep up and co-ordinate, too. Why would you want to rely on technology that’s 40 years old to manage your business in 2022?
The PRA’s report could be a sign that regulators will only get tougher on banks this year, with the latest swathe of fines setting the example, and financial institutions will probably have to work even harder to be both compliant and resilient. The focus now should be bridging the gap between compliance and resilience so that in those crucial moments of disaster, and/or regulatory inspection, the plans, structures, and governance frameworks are in place to operate with confidence. If you don’t want to be stuck managing all this with spreadsheets, there is another solution.
Want to find a better alternative to spreadsheets? Find out about Cutover runbooks.