Bank Spreadsheet Risk Management & EUC Data Governance
Banking and Capital Markets
The global banking industry uses spreadsheets and other end user computing (EUC) applications more than any other industry. These EUCs support critical business functions— trading, operations, regulatory and financial reporting, stress testing and more.
For years now, banks’ spreadsheet errors have been the cause of spectacular financial losses, fines, and reputational damage. Banking is also heavily regulated, and these spreadsheet related mistakes have resulted in many regulations, fines, and cease and desist orders. Regulators and auditors are especially focused on banks managing over ten billion dollars in assets.
Bank Spreadsheet Management
Identifying important spreadsheets and other EUCs is the priority.
Spreadsheets are used by business units and departments across the organization. Important or critical spreadsheets are found specifically where human analysis is required to add value to a process. This includes modeling, trading, financial analysis, reporting, etc. The challenge here is twofold:
- How many spreadsheets and other EUCs are there?
- Which EUCs are important?
Excel spreadsheets typically represent the majority of EUCs. However, EUC file types such as Access databases, Python scripts, R scripts, and others need to be included too.
Apparity’s EUC Risk Management platform enables banks to identify EUC file types. This is achieved through a combination of parameter- based scanning and user inputs. The process is highly automated, ensuring the EUC inventory is accurately maintained. This allows business users, management, and administrators to go about their day without complications or inefficiencies.
Discovery Module
Apparity’s Discovery Module automates creation and maintenance of an inventory of spreadsheets and other EUC file types, including key file details.
EUC Risk Tiering
Major banks will find their total EUC inventory ten times and even twenty time the number of their identified models. It is important to risk assess each EUC to allocate the right level of monitoring and controls.
Apparity includes automatic and scheduled risk assessment of all spreadsheets in the inventory. This helps tier each spreadsheet by technical complexity. A fully customizable user-based assessment form can supplement this to ensure each EUC is correctly assessed.
- Structural Complexity Algorithm:
Determine the complexity of each identified file using custom evaluation parameters. - Registration:
Qualitative assessment of file impact to capture relevant data from file owners. Enables a risk-based inventory based on both complexity and impact. - Connection Explorer:
Visually chart connections between discovered files. Provides a clearer understanding of upstream & downstream dependencies.
Active Management
High-risk EUCs support a bank’s most important business and regulatory related functions. Best practices demand that these be monitored as with any other important data governance program. It is important to know who is changing what, and when. Important changes can be reviewed by peers and management to ensure no mistakes are made.
Apparity integrates with Excel, so users can easily see where they have made important changes. Users can amend these changes and updates until satisfied that everything is working correctly.
Importantly, Apparity does not display unnecessary or misleading alerts that other platforms use, providing a best-in-class user experience. The completed file can be easily forwarded to a peer or management for 2nd line review. An audit trail of these changes and signoffs are retained and available through reports.
Inventory
- Discovery Module:
Automatically create and maintain an inventory of spreadsheets and other EUC file types, including key file details. - Structural Complexity Algorithm:
Determine the complexity of each identified file using custom evaluation parameters. - Registration:
Qualitative assessment of file impact to capture relevant data from file owners. Enables a risk-based inventory based on both complexity and impact. - Connection Explorer:
Visually chart connections between discovered files to map data lineage. Provides a clearer understanding of upstream & downstream dependencies.
Version Control
- Versioning:
Automatically capture and track all file copies while allowing user comments to enable collaboration and audit trails. - Version History:
View, export, and restore a file to a previous version or copy of a file. - Zero Loss Fingerprinting:
Monitored files are always tracked, regardless of file save location or how it is named. Ensures there are never ‘lost copies’ of a file.
Change Management
- Change Logs:
Real-time and in-session view of all critical changes made to a file. Filtering and sorting helps identify potential mistakes or unauthorized changes. - Noise Filtering:
Users only see critical changes that are relevant to them configured against company EUC policy. - Automated Review and Approval Workflow:
Ensures critical changes are properly signed off with included audit trails.
Access Control
- File Access & Change Reports:
Track and log all users who update critical files. - Unexpected Change Warnings:
Flag any changes made by non- Apparity users who might be outside the controls framework. Apparity checks & monitors against all existing access control frameworks. Ensures access will never be granted to a file unless the user has access to the original file location. - Automated PII identification:
Allows teams to understand which files have sensitive data that should not be accessible to broader audiences.