Risk management is a continuous process rather than a linear one. A pragmatic Know Your Obligations (KYO) strategy starts with building an ongoing monitoring approach by deconstructing regulatory obligations and then measuring the performance of related procedures and controls to assure compliance. The final step is to evidence that compliance.
This is a critical part of the process because, as far regulators are concerned, without that supporting documentation, it’s like it didn’t happen.
It’s been just about a year since the Bank of England’s Prudential Regulation Authority (PRA) issued the Dear CEO letter Thematic findings on the reliability of regulatory reporting, serving notice to firms that the agency has seen “a historic lack of focus, prioritisation, and investment in this area.”
It’s not a new problem but the letter has brought it into sharp relief. One year on, where are firms regarding the expectations around regulatory reporting and governance set out in the letter?
