Spreadsheet Risk Management Key to TRIM Compliance

By Henry Umney, CEO, ClusterSeven

The European Central Bank’s (ECB) Targeted Review of Internal Models (TRIM) is due to come into effect in 2019. TRIM is part of the ongoing programme of regulatory enhancements and forms part of the European Banking Authority’s (EBA) activities to enhance its visibility of the European financial services sector, and address key areas of systemic risk.

TRIM specifically targets those institutions that make use of Internal Models, rather than the Standardised Model, for calculating their risk weighted assets, and their regulatory capital under Basel III.

Henry Umney
Henry Umney

At banks, the vast majority of the effort to calculate their risk-weighted assets using Internal Models is via the use of powerful calculation engines, through corporate IT applications that leverage relational databases to compute the results for credit, market and counterparty risk. These applications are integrated into banks’ core IT applications covering credit cards, current accounts, mortgages and so forth.

However, some banks will have highly innovative, potentially bespoke business processes that underpin a range of ‘non-vanilla’ products and services that may feature a blend of multiple instruments, cash flows, asset classes and currencies.

Challenges of using spreadsheets for Internal Models

These offerings – typically unique and tailor-made – are likely to utilise Excel spreadsheets to design, structure, price, deliver and underwrite them. Even if the Internal Models themselves are IT supported applications, data feeding into and reporting from the Internal Models are likely to require spreadsheet supported processes.  The overriding reasons for using spreadsheets – as opposed to other corporate IT applications – for these offerings is the enormous flexibility and power Excel offers financial institutions for data collection, manipulation and calculation.

However, the spreadsheets that typically underpin these highly complex offerings present significant challenges for institutions who need to consider the demands of TRIM.

Foremost, is the lack of controls inherent in spreadsheets. The TRIM requirements for data governance and auditability around issues such as data quality management and data lineage, for example, must be mirrored in the management of the spreadsheets that underpin the products and services that utilise spreadsheets, rather than corporate applications.

This lack of transparency around the spreadsheet processes could potentially result in regulators forcing banks back onto the more capital intensive Standardised Model. Furthermore, from an operational perspective, without a capability that allows banks to assess the data governance and accuracy of spreadsheet-based data imported into their regulatory capital management frameworks, these financial institutions cannot assure the quality of results calculated under Internal Models. This can cause banks to miscalculate and/or miss-state their regulatory capital requirements, potentially requiring them to restate earnings and exposing them to regulatory censure and reputational harm. 

Automation is the panacea

To ensure that the data from this spreadsheet estate does not compromise the governance, auditability, and accuracy of the results of Internal Models, it is essential that the same level of control is applied to the spreadsheet environment as is applied to the wider corporate IT environment.

To this end, banks must adopt a best practice approach:

  • Identify the spreadsheets that impact the Internal Models framework the most.

This will enable banks to not only locate the TRIM-relevant spreadsheets, but also understand the complexity of how they are all linked together. It’s important to note here that this identification process must identify the providence of data flowing into and out of the models ensuring a full data lineage mapping.

  • Build a centralised inventory of these key spreadsheets

This will help bring the spreadsheets under management as well as enable banks to classify them based on the risks they might potentially pose to TRIM compliance and indeed other regulatory frameworks too. Ensure that there is an attestation process – it will not only support auditability, it will also make the process of managing spreadsheet risk under TRIM much more business-as-usual.

  • Monitor the most important spreadsheets for changes

This will help ensure accuracy of the results of the Internal Models, as well as provide the governance, transparency and auditability that are all core to the TRIM requirements.It also enables the key processes for issues like version control, change approval, and visibility of the addition of new data, which will be of interest to auditors, regulators, as well as management.

The sheer scale of many banking  spreadsheet environments, and the intricate complexity of data lineage that is often a feature, , automating these steps presents banks with the best chance of success and make delivering TRIM business as usual. Manually adopting best practice, despite the best will in the world, will be extremely challenging, given the immense complexity of the Internal Models and their associated feeds and reports. A simple error or omission in even a single cell or formula in the spreadsheet could skew the output of an Internal Model. The implication of such errors can be wide reaching, and not a chance worth taking.

About the author

Henry Umney is CEO of ClusterSeven. He joined the company in 2006 and for over 10 years was responsible for the commercial operations of ClusterSeven, overseeing globally all Sales and Client activity as well as Partner engagements. In July 2017, he was appointed CEO and is strongly positioned to take the business forward. He brings over 20 years’ experience and expertise from the financial service and technology sectors. Prior to ClusterSeven, he held the position of Sales Director in Microgen, London and various sales management positions in AFA Systems and DART, both in the UK and Asia.

Related Articles