15 Mar Spreadsheets, Sands of Time, and Solvency II
How accurate is your exposure data? The Prudential Regulation Authority (PRA) data review of February 2016 noted that many contracts (policy terms and conditions, documentation of bespoke assets) are often still on paper: dusty old legal contracts housed in vaults. Firms may be using electronic records for valuation, risk management and capital purposes, but assessing accuracy and completeness ultimately requires a view of how well the electronic records – frequently held on spreadsheets for bespoke or complex contracts – match the originals, together with a method of records retention that reflect the sometimes long-lived and stable nature of contracts.
The PRA does not have a view on whether end-user computing (EUC) is appropriate, as it is a form of IT, and all IT needs to be appropriately controlled. Controls over the accuracy of electronic versus paper in a perfect world ideally consist of a complete reconciliation. The ultimate exposure is not to a spreadsheet record, but to that dusty legal documentation. Often this is burdensome when there are thousands of records with perhaps millions of fields. If sampling approaches are used, these should ensure that all material risks are covered, with reporting and metrics over the extent of the sampling, and with an appropriate audit cycle that covers the entire universe over time. Firms should also be able to provide assurance to the PRA that the approach is consistent with Solvency II requirements over completeness, accuracy and appropriateness of data.
Dr. Dean Buckner
Technical Specialist, Data
Prudential Regulation Authority
Bank of England