Tackling EUCs: A Guide for Financial Services Institutions

The use of end-user computer applications (EUCs) by global banking and financial institutions has grown manifold over the last several years. Firms find EUCs flexible and easy to perform repeatable financial operations and adjustments. However, their widespread use has posed serious challenges to governance, risk, and regulatory compliance. To help banks confront regulatory challenges in a holistic manner, Infosys Consulting has developed a robust EUC Management Framework to deliver a fully secure, auditable, and automated end-to-end solution.

What is an EUC?

EUCs are typically Excel, Access, or SAS scripts for data operations in business processes outside of the typical IT governance controls; an example would be preparing monthly financial adjustment excel files and uploading through an adjustments module to a general ledger or a financial reporting system.

Why do financial services institutions have so many EUCs?

While there are several reasons for EUC proliferation within financial services institutions, we have listed some of the most common ones below:

• Large technology transformation programs are a multi-year effort. Typically, features needed by business and operations are not rolled out at the beginning. So, to ensure that business outcomes are met, operations or business employ manual workarounds using spreadsheets and manual controls. These EUCs add up quickly and live on until the required business functionality is built into the IT system.
• Another issue is the lack of a coherent data strategy in the business unit or the enterprise. Operations or business typically resort to EUCs when their data needs are not being met in the core IT applications. Rather, data is in disparate systems, not standardized, or not available in a timely manner – requiring many workarounds to meet the business outcomes.
• Lastly, one other common situation we have encountered are the collection of business functions in a financial institution that are totally outside the realm of IT governance, leading to user developed artifacts or EUCs to run the business process.

So, what’s the risk?

With the lack of IT controls like access management, auditability in business processes and manual execution of the EUCs, there are quite a few errors that build up and affect business outcomes. This in turn leads to regulatory issues and increased operational and reputational risk. There are also several other factors, including managing PII data controls, governing the calculations or macros in Excel, and inefficiencies that could expose the financial institution to other compliance issues or poor customer experience. Regulators are taking a serious view when critical business processes are supported by high risk EUCs and require remediation strategies to be put in place.

How can organizations embark on their EUC remediation journey?

To get started on the EUC remediation journey, here are 3 key questions for your institution:

1. How should one define and identify EUCs in the organization?
2. Once identified – how do you measure the operational risk & govern them?
3. For risk classified EUCs – what is the optimal remediation path?

Introducing our New EUC Management Framework Solution

Our FSI experts are excited to introduce their new EUC Management Framework – designed to help banks confront regulatory challenges in a holistic manner. As part of the launch they have created a new a video outlining the offering – you can view this below.