Certify a Regulatory Report

Start in the CoComply Reports module. Locate the regulatory report you need to certify — Call Report (FFIEC 041/051), Y-9C, HMDA, or another scheduled filing. Each report in CoComply is pre-mapped to its Critical Data Elements (CDEs) based on MDRM codes, line items, and schedule references. Review the full CDE inventory attached to the report and confirm scope with your Regulatory Reporting lead before beginning certification activities.

• Use the Schedule Filter to isolate CDEs by FFIEC schedule (e.g., RC-C, RC-R) if you are certifying a subset of the filing.
• CDEs flagged as Tier 1 or Tier 2 carry higher materiality — prioritize these first.
• If a CDE is missing from the report's inventory, use the Bulk Import or manual Add CDE function to bring it in before starting.

Each CDE requires a designated Data Owner (accountable executive) and Data Steward (operational lead). In CoComply, ownership is assigned at the CDE level and can be inherited from the parent Line of Business or Department. Use the Ownership panel in the Govern module to confirm assignments are current, then sync to the active certification cycle.

• Ownership should reflect the source-of-record business team, not IT or the regulatory reporting function.
• Use the LOB-to-Division mapping to ensure organizational alignment is consistent with your current org chart.
• CoComply sends automated ownership confirmation requests — owners must accept before a CDE can enter active certification.

Before collecting attestations, validate that the underlying data meets quality standards. In the Assure module, navigate to the Data Quality section for the report. CoComply surfaces pre-configured DQ rules by CDE — completeness, referential integrity, format conformance, and threshold breach checks. Review any open DQ findings and confirm remediation is in progress or documented as an accepted risk.

• DQ findings that are unresolved at the time of attestation will be flagged as exceptions in the final certification record.
• Use the Findings Management panel to log remediation owners, due dates, and status notes directly in CoComply.
• For scheduled filings, it is best practice to run DQ checks no later than T-5 business days before the filing deadline.

In the Certify module, initiate the Attestation Collection workflow for the report. CoComply sends in-platform and email notifications to each assigned Data Owner requesting their attestation. Owners review their CDE assignments, confirm data accuracy and source system alignment, and submit their attestation with an optional comment. Track real-time completion status from the Certification Dashboard.

• Set a collection deadline at least 3 business days before your filing date to allow time for exceptions.
• Use the Bulk Remind feature to send a follow-up nudge to owners who have not responded.
• Attestations are timestamped, IP-logged, and non-repudiable — each submission creates an immutable audit record.

Any CDE with an open DQ finding, a rejected attestation, or a missing owner assignment is flagged as an exception in the certification cycle. Work through each exception: confirm remediation, escalate as needed, and document the resolution in CoComply's Findings Management module. Attach supporting evidence — screenshots, reconciliation files, control testing results — directly to the CDE record.

• Evidence attached to a CDE record is stored in CoComply's immutable evidence vault and is available for examiner review.
• Use the Exception Narrative field to explain the nature of the issue and the resolution rationale — this appears on the final certification report.
• Partial certification is allowed: you can close CDEs individually as they clear exceptions rather than waiting for the full set.

Once all CDEs are attested and exceptions are resolved (or formally documented), navigate to the Certify module and select Generate Certification Report. The report summarizes: report scope, CDE count, attestation completion rate, open exceptions and their disposition, DQ finding counts, and the certification date and approvers. Export as PDF for distribution to Internal Audit, Risk, and senior leadership. The certification record is stored permanently in CoComply and available for regulatory examination on demand.

• Share the certification report with your CDO and CFO as a standing governance artifact — not just during exam preparation.
• CoComply's certification reports are formatted to align with OCC examination request templates and SR letter expectations.
• Schedule recurring certification cycles (quarterly or monthly) directly in CoComply to build a continuous assurance posture.