Both the Switzerland-based Basel Committee on Banking Supervision (BCBS) and the Financial Services Authority (FSA) in the UK have recently made it clear that when relying on manual processes, desktop applications or key internal data flow systems such as spreadsheets, banks and insurers should have effective controls in place that are consistently applied to manage risks around incorrect, false or even fraudulent data. The citation by the BCBS is the first time that spreadsheet management has ever been specifically referenced at such a high level, a watermark in the approach to spreadsheet risk.
Ralph Baxter, CEO, ClusterSeven said: "The failure of businesses to fully understand, control and monitor data held in spreadsheets leaves businesses worryingly exposed to unacceptable risks and recent indicators from the regulators now suggest that firm action will be taken against those that bury their head in the sand. The simple fact is that spreadsheets continue to be used extensively by all financial institutions and remain at the heart of many firms' data systems.
In September, the FSA addressed the issue of spreadsheet risks in its report Solvency II: Internal Model Approval Process Data Review Findings. The regulator stated that insurance firms will be expected to demonstrate appropriate controls with regard to key internal data flow systems such as spreadsheets.
London-based ClusterSeven, which has a third of the world's top 30 banks as clients as well as a number of insurers and asset managers, was one of the first firms to identify how strategically important spreadsheets are to modern businesses and financial services institutions.