Identification and Governance of End User Computing Applications Impacting the Integrity of CCAR/DFAST Stress Testing Reporting in Banks

Samej Wakode

Abstract: EUC (End-User Computing) applications are an integral part in complementing various critical processes in financial institutions. One of the vital section where it has presence is to support compliance-driven reports related to stress testing; Comprehensive Capital Analysis and Review (CCAR) and Dodd-Frank Act Stress Testing (DFAST). Although End-User Computing tools contribute to improve operational efficiency and adaptability, their inherent lack of standardization, insufficient controls, and reliance on manual processes pose considerable exposures to the integrity, accuracy, and compliance-driven compliance of stress testing submissions. This research paper investigates the identification, exposure assessment, and governance of End-User Computing tools that influence CCAR/DFAST reporting. The study emphasizes: 1) Challenges in End-User Computing tools management and remediation such as undocumented logic, issues with version control, and exposures to information integrity 2) Regulatory implications such as potential for non-compliance with CCAR, DFAST [1], SR 11-7 (Model Risk Management)[2], and BCBS 239 (Risk Data Aggregation) standards due to unregulated End-User Computing tools 3) A Structured governance framework suggesting best practices for managing inventories, assessing exposures, validating controls, and automating processes to reduce End-User Computing applications related exposures. Methodologically, the paper integrates research related to End-User Computing tools in CCAR/DFAST reporting, compliance-driven guidelines from the Federal Reserve, OCC, and Basel Committee, Industry best practices from financial institutions that have effectively established End-User Computing tools governance programs. Key findings indicate that financial institutions should maintain a centralized inventory of End-User Computing tools [3] with exposure-based classifications, implement automated controls (such as formula checks and input validation), enforce diligent Change management and independent model validation, Utilize End-User Computing tools remediation and management tools (like Xceptor, Appian, ClusterSeven and Apparity) for effective automation and monitoring. The paper concludes with actionable recommendations for financial institutions to enhance End-User Computing tools governance, thereby ensuring information accuracy, auditability, and compliance with regulations in CCAR/DFAST submissions.

Keywords: EUC (End-User Computing), Stress testing, Comprehensive Capital Analysis and Review (CCAR), Dodd-Frank Act Stress Testing (DFAST, EUC identification and classification

How to Cite?: Samej Wakode, "Identification and Governance of End User Computing Applications Impacting the Integrity of CCAR/DFAST Stress Testing Reporting in Banks", Volume 14 Issue 6, June 2025, International Journal of Science and Research (IJSR), Pages: 292-297, https://www.ijsr.net/getabstract.php?paperid=SR25529230944, DOI: https://dx.doi.org/10.21275/SR25529230944