• Henry Umney , CEO at ClusterSeven


• 26.10.2018 12:00 pm
undisclosed , Henry Umney is CEO of ClusterSeven. He joined the comp any in 2006 and for over 10 years was responsible for the commercial operations of ClusterSeven, overseeing globally all Sales and Client activity as well as Partner engagements. In July 2017, he was appointed CEO and is strongly positioned to take the business forward. He brings over 20 years’ experience and expertise from the financial service and technology sectors. Prior to ClusterSeven, he held the position of Sales Director in Microgen, London and various sales management positions in AFA Systems and ICAP, both in the UK and Asia.

Latest research forecasts that spending on RegTech (Regulatory Technology) platforms will increase to an estimated $115 billion by 2023, an average 45 percent per annum rise over the next five years. The figure is staggering, but it shouldn’t come as a surprise given the number of regulations and their pace of evolution in the current climate. There is a plethora of global regulations that organisations need to comply with – IFRS9, MiFID II, SOX, CCPA, BCBS 239, SR 11-7, Solvency II and the list goes on – not to mention new ones such as the CECL and CCPA that are being added. The risk of non-compliance and the ensuing fines is something that no business can afford to ignore. Already, regulators are showing their teeth with the GDPR – Facebook faces a fine of $1.6 billion and an investigation into its hack that has breached the accounts of 50 million users. 

Essentially, the collective goal of the regulatory regimes is that they want organisations to evaluate their operational resilience and ‘design in’ measures to ensure business elasticity and endurance in tougher markets. In the UK, the situation is far more complex, which will exacerbate in a ‘no-deal’ scenario. Amidst such fears, financial regulators in the EU and the UK are drafting a series of bilateral agreements in an attempt to limit and potentially pre-empt market instability. The European Commission and HM Treasury have also asked the European Central Bank and the Bank of England to convene a technical working group on risk management for the period surrounding 30 March 2019 in financial services.

RegTech can make an invaluable contribution to the speed and dynamism with which financial institutions can deliver against the requirements of the various regulatory regimes. They can be implemented quickly, replacing expensive manual processes; and when used in conjunction with existing legacy systems, they can drive innovation and deliver flexibility to meet changing regulatory requirements. 

As financial institutions make investments in RegTech capability to manage risk and compliance, it’s imperative that spreadsheet risk management is a consideration in these efforts, due to the prevalence of spreadsheets in core business processes. Spreadsheet risk management is a key component of RegTech, and if overlooked, spreadsheet risk could well be the ‘Achilles Heel’ of organisations that could lead to inadvertent non-compliance, for example if spreadsheets feature in final mile reporting, or in pricing models. . In fact, regulators recognise financial institutions’ reliance on these end user computing tools for the management and manipulation of unstructured data and so, through the various regimes are demanding a considered and consistent approach to its use in business.

Spreadsheet risk management a key component of RegTech 

Making automated spreadsheet risk management part of the RegTech mix will ensure that financial institutions fully maximise the value of their investments in technologies such as big data analysis, artificial intelligence, biometrics, blockchain, chatbots and so on. With a majority of regulatory compliance requirements involving complex data processing and spreadsheets often serving as the ‘go to’ tool for managing a number of vital business processes; data accuracy to a large extent in many instances is dependent on the integrity of the spreadsheet applications that store the information.   

Spreadsheet risk manifests in business for a number of reasons. This application is easily accessible – it’s available on every desktop by default; Excel is easy to use; and the inherent design of the application lacks control capability. All this combined with the absence of spreadsheet usage policies means that often there are no checks on data sources used to populate business critical spreadsheet-based processes.  

Automation of spreadsheet risk management must underpin RegTech

The good news is that overcoming spreadsheet risk is possible and proven with the adoption of a best practice approach to this function. Similar to the core principle underlying RegTech solutions, best practice spreadsheet risk management is underpinned by automation too. 

With automated spreadsheet management, financial institutions have a complete understanding and visibility of the organisation’s spreadsheet environment, based on very complex rules and criteria. The technology can expose the data lineages of individual files across the spreadsheet environment to accurately reveal the data sources and relationships between the applications.Every critical spreadsheet can be tiered based on the risk it poses to the business and protected for security. In fact, spreadsheet risk management solutions facilitate an enterprise-strength model that dovetails with the larger RegTech environment to establish a seamless process that supports everything from creation of new spreadsheets through to their adoption into the relevant corporate applications and ultimate retirement from the business’ application landscape. 

Cloud-based options for such solutions are available too for financial institutions who prefer to implement a system without the need to invest involve their IT departments. Such solutions are non-intrusive and offer the full suite of functionality for best practice spreadsheet risk management. From all reports, today the adoption of cloud technology in general is envisaged as the pathway to other RegTech technologies too. 

This kind of automated approach will build-in operational resilience by providing in-built safeguards for attestation management, especially in today’s era of the Senior Managers and Certification Regime, where the regulators are making senior executives responsible for their business’ activities. Spreadsheet risk management provides automated processes for attestation by employees for the most critical spreadsheets, thereby ensuring that changes are made in line with the company directive. The Netherlands-based Rabobank is an example of a financial institution that is using automated spreadsheet risk management as part of its RegTech capabilities to enhance their attestation management capability. 

Specifically in Europe, in the post Brexit environment, automated spreadsheet management will play an integral role as financial institutions disentangle and extricate business activity that lies in unstructured business-critical processes to meet the regulatory demands of the specific jurisdictions. With possibly 10s of 1000s of spreadsheets surrounding core enterprise systems such as risk, accounting, trading, reporting, tax, compliance and so on; automation will be the only secure and fail-safe way to do this. 

Similar to any RegTech platform or application, spreadsheet risk management helps financial institutions achieve their operational, commercial and regulatory compliance objectives, making the function ‘business as usual’. Its benefits aren’t limited to just regulatory compliance, they genuinely transcend all business activity.