With Solvency II now back on the agenda, firms are dusting off all their old Solvency II projects. Many are picking up from where they left off in March 2013 when project teams were downsized or disbanded. With hindsight some of these projects will never be rejuvenated since their value to the business or to regulatory objectives was marginal at best. However, one area is set to stay centre stage for both communities – data.
For anyone returning to the data agenda after all these months there is one document that should be a "must read". This is the thematic review on data published by the FSA (now the Prudential Regulation Authority or PRA) in 2012, entitled "Solvency II: Internal model approval process data review findings" In particular, Section IX on "IT environment, technology and tools" makes some key comments on end user computing (EUC) that will need to be addressed by firms:
4.41 Where EUC tools, such as spreadsheets, are material to the internal model data flow, we will be looking for appropriate controls for data quality such as reasonableness checks, input validations, peer reviews, logical access management, change and release management, disaster recovery, and documentation.
4.42 Automation of spreadsheets reduces the risk of manual error, but can also introduce different problems such as reduced oversight, inadequate transparency about the extent of linking and proliferation of nested linked spreadsheets. Linked spreadsheets typically pass only single numerical values, without an indication of the date of last update, creating the risk of passing stale data around the system.
And if one is in any doubt about the extent of nested linked spreadsheets prevalent in many firms then look at this page providing a visual example