Dear CEO - 10 September 2021

Dear CEO letter 10 September 2021

On 10 September 2021, the Prudential Regulation Authority (PRA) published a Dear CEO letter concerning the reliability of regulatory reporting. It follows a prior letter sent in October 2019 in which the PRA had raised several concerns regarding the reliability of regulatory reporting. In its most recent letter of September 2021, the PRA highlights that governance and ownership, controls, and data and investment remain concerns that firms need to address to improve the reliability of their regulatory reporting submissions. Suade’s technology has helped many regulated firms address these concerns.

Governance and ownership

The PRA stresses a lack of clear governance and ownership in its latest findings on regulatory reporting processes. There appears to be significant fragmentation of responsibilities in relation to regulatory reporting processes as well as disconnect between front-office and back-office processes. Top-down delegation with issues regarding ownership led to concerns over key regulatory interpretations, specifically regarding a lack of basic documentation as well as review and sign-off processes.

Suade’s RegTech solution for regulatory reporting simplifies the process of managing accountability and ownership through powerful data lineage and auditability tools. Each step of the regulatory reporting process from data ingestion over calculations to report production is tracked in the system and can easily be monitored. Suade’s auditability tools allow users to drill down into each calculation step to fully understand what calculations are performed. Thanks to the open-source data standard FIRE, transparency on data used and calculations performed is guaranteed. Combined with Suade’s regulatory update service with clear version control, firms using Suade’s software can rest assured that their regulatory reports are up to date with each step of the process being clearly traceable. It follows that governance and ownership of the regulatory reporting process are built into Suade’s regulatory reporting solution.


The PRA identifies a number of key concerns regarding control frameworks that had resulted in gaps in the end-to-end regulatory reporting process. Firms’ development and implementation of models appear to lack proper documentation to record the approval and chronology of changes. Because the use of spreadsheets is prone to errors from overwriting, the PRA is concerned to have identified a continued lack of appropriate control mechanisms for documenting spreadsheet use with the avoidable consequence of inaccurate and unreliable reports. A final concern raised revolves around insufficiently robust processes for reconciling regulatory flows to appropriate records.

The Suade software solution offers tools to address all of these points within its RegTech offering for regulatory reporting. Versioning control in the Suade software captures the development and roll-out of calculators and any changes to them over the period of a firm’s use of the software. A chronology of changes allows firms to test changes and clearly document their approval for accurate and complete record keeping. As indicated above, every step of the process is tracked from data ingestion all the way through to production of regulatory reports. Because the Suade software automates these processes, there is no longer a need to rely on spreadsheets to manually perform calculations and track the regulatory reporting process. Versioning control again ensures that all transformations are clearly documented. Cell comparisons for reports produced in Suade’s software, auditability tools, and the general focus on transparency allow a firm to reconcile their regulatory reporting outputs with other regulatory reports as well as their general ledgers to ensure accuracy and consistency across the firm.

Data and investment

The PRA calls for more investment in data and IT infrastructures for regulatory reporting to address reliance on manual intervention to fill data and system gaps. The PRA are concerned about data errors and misstatements of returns arising from the reliance on manual processes. The ‘Dear CEO’ letter calls for more investment in data and IT infrastructures specifically related to regulatory reporting.

Through Suade’s RegTech offering for regulatory reporting, firms can revolutionise their regulatory reporting processes. The open-source data standard FIRE uses definitions contained in financial regulation to standardise data at financial institutions, thus ensuring that the data is of the requisite quality. Suade’s regulatory reporting software provides firms with an end-to-end reporting solution that removes the need for manual intervention by automating the entire process. Deploying Suade will give firms the opportunity to address any gaps or issues with their data and IT infrastructure in a cost-effective manner.


The PRA raises a number of concerns regarding the reliability of regulatory reporting submissions made by firms. Firms can effectively address these by deploying Suade’s RegTech solution for regulatory reporting. It offers powerful tools for auditability and data lineage to address governance and ownership challenges while versioning control and cell comparisons allow firms to control the entire end-to-end process. By deploying Suade’s regulatory reporting solution, firms can take the necessary steps to address shortcomings in their data and IT infrastructures in a cost-effective manner.

Dear CEO discussion with Cynergy Bank and former FCA
We sat down with Fran Hampton, CFO at Cynergy Bank and David Lawton, former Director of Markets at the FCA to discuss the PRA's recent Dear CEO letter: Thematic findings on the reliability of regulatory reporting.

During the discussion, our CEO, Diana Paredes and the panellists explored the letter in more detail. Watch this on demand, here.

Contact us to find out more or arrange a demo.

Start a conversation

Subscribe to our Reg Round Up

Register your interest here

At Suade, we take your privacy and the protection of you personal data very seriously. You can read our website's Privacy Policy here to find out more about how we do this. By clicking 'I Accept' you agree to the terms of our Privacy Policy