Spreadsheets don’t last forever. That’s the view of Matt Parker, host of the satirical YouTube channel, The Spreadsheet News Network, and it’s a lesson that U.K. lender Standard Chartered learned the hard way after the PRA issued it with a record £46.5m penalty for a spreadsheet-related error, which caused it to misreport it liquidity position.
Fellow U.K financial watchdog, the FCA, followed up by penalizing another British bank in December 2022 for similar spreadsheet-linked failings.
But it’s not just U.K. regulators which are looking at the risks posed to banks by rogue spreadsheets. One major U.S. bank faces a January 31 deadline to submit an amended restitution plan, or bank living will, to FDIC and the Fed over a $900m spreadsheet linked error.
In a statement following the rejection of its 2021 bank living will, the bank said it was making ‘significant investments’ in the areas of data integrity and management, following regulators’ rejection of its plan.
According to the American Banker, this ‘significant investment’, means that the firm is planning to spend over a billion dollars on tech in its corporate banking unit alone in 2023, a 40% increase on the amount for 2020 and part of a broader trend of firms ramping up their regtech spending.
The U.S. bank is not alone. Juniper Research, estimates that spending on regtech platforms will be more than $115bn in 2023, a huge increase on the $18bn spent in 2018, and accounting for 40% of total compliance spending by banks in the next 12 months.
This view was backed by research firm Gartner, which says this spending will increase whatever the impact of economic and geopolitical uncertainty on companies’ balance sheets. Gartner reported that nearly 80% of the CFOs it surveyed said they would increase spending on digital projects in 2023, irrespective of other cost pressures.
Regtech and spreadsheet risk management
The reason for focus on regtech spending is driven by banks looking to avoid the compliance issues suffered by banks in the U.K. and the U.S. recently. Spreadsheet risk management isn’t the only issue that regulators will be looking at but managing this issue poses challenges for banks.
The penalties for spreadsheet risk management failures may be recent, but the regulations behind them have been in place for some time. The Dodd-Frank Act was passed in 2010 and there have been numerous post-financial crisis regulations for banks to digest since then.
What is new about 2023 is that major regulators across the globe are looking to see improved compliance from banks generally, and in the U.K’s case with CP6/22 spreadsheet risk management in particular.
These spreadsheet failures are endemic according to research by the European Spreadsheet Risk Interest Group (ESRIG), which said that more than 90% of spreadsheets contain errors and these mistakes are rarely, if ever, eradicated.
The ESRIG said as a result of these failures, about 50% of spreadsheet models used operationally in large businesses have material defects and it is these MRM errors that regulators are looking to eradicate.
Spreadsheets and AML/KYC Risk
But it’s not just spreadsheet MRM failures that regulators are concerned about. In a letter to retail banks in 2021, the U.K. ‘s FCA highlighted the use of manual processes – or spreadsheets – as a major AML and KYC compliance risk for the sector.
“We often identify instances where customer due diligence measures are not adequately performed or recorded. This includes seeking information on the purpose and intended nature of a customer relationship.”
Banks now face a further spreadsheet-linked KYC and AML headache from complying with the sanctions regime imposed on Russia for its invasion of Ukraine, according to a Thomson Reuters’ report, titled: ‘The Fog of Sanctions’.
“Financial institutions might have a large number of payments which are expected to be processed in real time and stopping that process to check manually, and with insufficient staff, poses resourcing challenges,” Saskia Rietbroek, Executive Director of the Association of Certified Sanctions Specialists International in Maastricht, Holland told Thomson Reuters.
The AML risk posed by spreadsheets was demonstrated by the FCA’s 2017 action against a German lender over its failure to monitor suspicious trades with Russian counterparties with the U.K. regulator explicitly mentioning the bank’s spreadsheet failures when it issued the German lender with a £163m fine.
“When it was informed by Deutsche Bank’s operations team that ‘providing a spreadsheet will not be possible, as this is done manually by a team member and capturing so many records will be painful’, the AML team did not persist with its inquiries,” the FCA said.
Spreadsheets may pose multiple threats to banks’ compliance efforts, but Michael Izza, C.E.O. of UK accountancy body, ICAEW, is confident that firms will be able to tame these risks.
“By their nature, spreadsheets can change or fail in unexpected ways. Their fallibility makes their creation and review an imperfect science, but with the right approach, that can always be improved,” he said in the organisation’s spreadsheet guide.
