In the 2012 ‘London Whale’ trading debacle, JPMorgan suffered a loss of at least $6 billion on a portfolio of credit default swaps. The bank’s internal report¹ into the event described how misuse of Microsoft Excel spreadsheets had contributed to the loss. A set of Excel spreadsheets was being used to manage the risk on the portfolio. The risk management process was manual and involved copying and pasting data from one spreadsheet to another. More importantly, a calculation error in the spreadsheet had the effect of underestimating risk by half.

This scenario is all too familiar within financial institutions (FIs), where tools like Excel, Access, and MatLab are widely used by non-developers to implement end user computing (EUC) solutions. Regulators have recognized the risks that EUC solutions pose and have issued regulations aiming to oblige banks to monitor and control their use. In this chapter, we examine the regulations that aim to mitigate the risks of EUC solutions. We look at how FIs use EUC solutions and why this is likely to continue, and we summarize the RegTech solutions that can help banks implement these regulations.

Which Regulations Apply to EUC Solutions in Financial Organizations?

A number of recent regulations apply to spreadsheet usage within FIs. It is important to note that they do not ...