Regulatory Watch – UK Edition – February 2020

The accuracy of regulatory reporting (and consequently the effectiveness of BCBS 239 systems and controls), following the PRA’s Dear CEO Letter in October 2019, is high on the regulatory agenda. For firms preparing their post-Brexit arrangements, a front to back review of data accuracy and completeness should be an easy sell. However, all Senior Manager Functions who have been allocated the prescribed responsibility for regulatory reporting need to ensure they exercise appropriate oversight (including review and challenge) of the associated data traceability and lineage as well as validation controls.

Many firms feel they have invested significant time and focus on access control over the years, be that from a segregation of duties perspective following rogue trading incidents or managing information barriers. However the FCA’s Market Watch 60 from August 2019, which we discuss, still shows significant issues. We argue that the focus has always been isolated on a specific topic rather than considering access control across the different domains. As more firms move data onto the cloud, access to systems, physical spaces, and data should be considered holistically.

As always, a snapshot from EROS – our regulatory horizon scanning tool – is appended, setting out the regulatory news from last month. If you have any comments, suggestions, or would like further details on any of the features included in this month’s edition, please do not hesitate to contact me or the RegWatch Team.

Manmeet Rana

UK Head – Aurexia