It’s in the Details: Are Spreadsheets Putting Firms at Risk?

Mitigating the risks in end-user applications through intelligent automation and digital transformation

Friday, March 10, 2023

By Sandeep Kumar


Wall Street firms’ data management practices are under intense scrutiny.

Regulators are putting increased pressure on financial institutions to manage their spreadsheets and end user computing (EUC) risk programs more effectively. Indeed, sloppy paperwork and practices have led to a series of high-profile fines being levied by regulators.  

There are many challenges when using spreadsheets and other EUC applications. In this article, we explore ways to reduce operational risk and improve processes through digital transformation. 

Exposure to Risk 

Regulatory compliance is a huge pain point for financial institutions, and a lot of it stems from how spreadsheets and other EUC applications are utilized as part of a bank’s operational processes. 

In 2020, Citigroup was fined $400 million for “serious and longstanding deficiencies and unsafe or unsound practices” in Citibank’s risk management and data governance. This and other cases underscore the need to overhaul internal controls throughout the banking and financial services industry. 

Standard Chartered was ordered in 2021 to pay more than $61 million after a spreadsheet error resulted in the emerging-markets-focused lender overestimating its access to U.S. dollar funding. 

The Securities and Exchange Commission is stepping up enforcement as regulators emphasize the importance of recordkeeping requirements – calling them “sacrosanct.”

Costly Mistakes  

All across the back offices of financial institutions, tasks such as reconciliations, reporting, data cleansing, enrichment and transformation, complex data modeling etc. are being performed. Various studies report that nearly 9 out of 10 (88%) spreadsheets contain errors. 

Customer confidence is at stake, says Sandeep Kumar of Hexaware.

Mistakes are made because spreadsheets and other EUC applications are processed by business users with little or no oversight from a firm’s IT department. The risk of file corruption and inconsistent data analytics threatens an institution’s profit margins, as well as exposing firms to regulatory fines.  

The need to manage risk also impacts efforts to build customer confidence. More than 50% of customers have low trust in financial services providers across the banking, credit card, insurance and investment industries.  

In today’s uncertain market, a consistent client experience is essential to build trust and maintain a competitive advantage. According to Forrester’s Financial Services Customer Trust Index, 93% of U.S. customers with high trust in their primary bank indicate that they would recommend the brand to family and friends, compared to just 39% of customers with low trust saying they would do the same. 

Technology Guardrails 

Current EUC risk mitigation strategies are insufficient. Federal regulators want to ensure that a bank customer’s data is being stored in an encrypted format in an enterprise grade application. Firms need to take their controls to the next level and discontinue traditional spreadsheets and other EUC applications.   

To meet tightened regulatory and capital market requirements, banks have been adopting platform-based solutions and automation. Because the automation platform is governed by IT, redundancy planning, disaster recovery and other benefits apply, while effective operational controls establish transparency and an audit trail. The financial institution is left with robust documentation comprised of real-time reporting and analytics. 

Moving data to an intelligent automation platform gives business units the flexibility of technologies like Excel or Python Scripts, but without their vulnerabilities. A provider with software-as-a-service (SaaS) and platform-as-a-service (PaaS) solutions has the infrastructure to facilitate and guide firms through the process. 

By leveraging a cutting-edge data automation platform enabled by domain expertise, artificial intelligence and analytics, banks and financial institutions are able to scale operations while ensuring optimum service delivery. 

Upskilling the Back Office 

The traditional processes involve a cluttered IT landscape with standalone apps running on user desktops. This provides low or weak governance, which has exposed financial institutions to regulatory scrutiny.

The first step towards a comprehensive EUC remediation is termed “EUC mining” and creates an inventory of macros to identify high-risk applications.  

No-code data automation platforms can then eradicate the problem at the source by removing and automating EUCs. Built-in checks add additional controls. And because it’s a no-code platform, non-technical users can operate it with accuracy and efficiency. Workflow is orchestrated in a controlled and audited environment. 

Center of Excellence 

A roadmap to self-sufficiency includes creating a center of excellence (COE) to establish best practices, outline training, and offer support and mentorship. As a type of governing board and technical solution gatekeeper, this team will involve IT. Citizen developers can update solutions and configure new processes onto the platform – all validated by the COE.

This also ensures that return on investment and other financial performance metrics are met. With less traffic through IT, the subject matter experts can focus on complex projects, using resources more efficiently.

The rise of fintech has challenged the legacy banking business processes that lack organizational agility. Asset managers, traders, wealth managers, and financial institutions across banking and capital markets are forced to change their business operations, disrupted by regulations, intense competition, continuous threat of substitutes and disruptive innovations.  

Enterprise data management (EDM) allows firms to achieve their data-to-value goals. The transformational initiatives necessitate changes in the IT landscape such as modernizing legacy applications, consolidating redundant applications, migrating to the cloud, information delivery to customers through varied new channels, and so on. 

Digital transformation of data management minimizes operational risk, improves accuracy and enhances the customer experience. It’s the kind of “insurance” financial institutions need as regulators step up enforcement. 


Sandeep Kumar is Global Business Head – Banking, Financial Services and Insurance (BFSI) in Business Process Services at Hexaware Technologies.


We are a not-for-profit organization and the leading globally recognized membership association for risk managers.

weChat QR code.
red QR code.

BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals