1. Home
  2. End User Computing Stress Testing Compliance

END-USER COMPUTING & STRESS TESTING COMPLIANCE 

Compliance Guidelines

Stress Testing | SCAP, CCAR, DFAST, ECUs


Since the 2007-09 financial crisis, regulators and banks have been using stress testing to evaluate and ensure sufficient capital during unfavorable economic condition, and as a means of restoring confidence in the financial community. Regulations such as Basel II & III, ICAAP, Supervisory Capital Assessment Program (SCAP), Comprehensive Capital Analysis and Review (CCAR), Dodd-Frank Act Stress Tests (DFAST), and the European Central Bank's (ECU) Comprehensive Assessment, as well as others, use models to create what-if scenarios to test capital sufficiency through stress testing.

Supervisors provide regulatory guidance on modeling and whether it is the Bank for International Settlements, the Federal Reserve Board of Governors, the European Central Bank, the Bank of England, or the Prudential Regulation Authority (PRA), regulators expect:

  • "transparent and repeatable" process
  • "completeness and accuracy of information"
  • internal controls around data integrity and models

SR 11-7


Many regard the Board of Governors of US Federal Reserve System’s, Supervisory letter entitled Supervisory Guidance on Model Risk Management, SR 11-7 as a clear guide for implementing an effective model risk management framework. According to this document:

"Banking organizations should be attentive to the possible adverse consequences (including financial loss) of decisions based on models that are incorrect or misused, and should address those consequences through active model risk management. . . . (SR 11-7) describes in detail the key aspects of an effective model risk management framework, including robust model development, implementation, and use; effective validation; and sound governance, policies, and controls."

Reducing Model Risk

With the increasing focus on governance and qualitative data, model risk management has become an important issue for banks; one that requires significant time and resources. Since many banks rely on end user computing applications such as spreadsheets to create the models or feed data into the model, managing spreadsheet risk is critical to reducing and managing model risk.

Our software gives you all of the controls that regulators require. It also greatly reduces operational risk from spreadsheets & other EUCs on an ongoing basis.


Inventory


  • Create a complete and accurate automated inventory of all EUC files, including spreadsheet models in the company

Auditing


  • Cell level audit trail of spreadsheets sharing file activity including sheet and cell location, timestamp, user, type of change, old value, new value, and change comments
  • Structure level audit trail of Access databases
  • Immediate email alerts on critical changes
  • Periodic email summaries on significant changes

Model Analysis


  • Analyze spreadsheets to uncover formula issues and inconsistencies
  • Cell Analysis to view cell or formatting issues
  • VBA Code Analysis to find keywords and identify areas lacking in best practices
  • File, sheet, and cell-level data lineage maps

Version Control


  • Manual or scheduled version creation to store important versions of spreadsheets
  • Version comparison, archiving
  • Tracking of ad-hoc versioning methods

Sign offs


  • Line item approval of audit trail with name of approver and date of approval
  • Structured workflows with defined tasks and owners