Risk Magazine recently surveyed risk managers at the US’ largest financial institutions with respect to their opinions on the recently submitted Comprehensive Capital Analysis and Review (CCAR). While the complexity and breadth of the tests was noted, much of the respondents’ criticism stemmed more from operational concerns.
According to the article, the level of documentation, as well as the timing of the tests, was a particular irritant to banks. The tests were released shortly before Thanksgiving, and due shortly after New Year’s, meaning many institutions were forced to cancel vacation leave and ask their analytical resources to spend long hours and weekends working. A risk manager of a midsized US bank said “When our regulators manufacture a crisis by issuing instructions so late in the process, it contributes to exhaustion, potential mistakes and bad feelings about our regulators.”
At the heart of the matter is the breadth of the CCAR stress testing paradigm, which has evolved over the past three years. Starting in 2009 with the Supervisory Capital Assessment Process (SCAP), the fundamental approach to the process has been the comprehensive simulation of a financial institution over a prescribed economic environment. A simple, seemingly innocuous approach – the devil, of course, dances gleefully within the details.
Evaluating the cost
Over the past several years, and certainly in the wake of the financial crisis, the nation’s largest financial institutions have expended massive amounts of resources enhancing their analytical infrastructure. Sophisticated modeling, forecasting and simulation capabilities have propagated throughout the industry, and the use of these powerful analytical capabilities continues to expand. In fact, the CCAR process, as envisioned, does not require any of its constituent institutions to develop new methodologies. What it is intended to do is utilize the institutions’ existing risk and finance infrastructure, extended and adapted to account for the forecast’s protracted adverse economic environment. The fundamental pieces are expected to already be operational: Forecasting asset and liability balances and funding demands, expectations around reserves and provisioning, capital management and allocation, operational budgeting and planning. None of this is new to affected institutions, and there are rigorous processes around each.
At the crux, however; is the use of the word ‘each.’ Historically, these processes have run largely independent of the other and are rarely looked at in aggregate. What the CCAR process is forcing, however, is a holistic simulation of the institution, and therefore, it is requiring a cogent integration between data from all of these autonomous processes. A perfect illustration of this was shared with me during a conversation with a capital management executive from a large financial institution, who said “The math isn’t the hard part; it’s controlling the ad-hoc process we’ve had to develop on the fly. We have dozens of groups that each have a piece of the puzzle that puts the whole picture together.” Understandably, the tactical response to such a far-reaching and comprehensive undertaking has been a labyrinthine process, often unnecessarily complex and confusing.
A process for the process
At the risk of self-incrimination as a Tolkien-ite, what is needed is “One Process To Rule Them All:” A larger meta-process to monitor the workflow, manage timelines and deliverables, ensure the coherence of results, guarantee the accuracy of the requisite reports and allow for granular insight to be delivered in a timely manner during the inevitable regulatory parlays that occur following the delivery of the results. This process, of course, needs to have specific points of accountability and afford both the affected institutions and regulatory bodies sufficient auditability access as transparency remains of paramount importance.
Many institutions have recognized this need – evidenced by the fact that there are dedicated groups emerging specifically to address stress testing. Oftentimes these are cross-functional teams, an amalgamation of disciplines from the business units, risk, treasury and the finance organizations, with names such as the Stress Test Working Group, Steering Committee or Planning Committee. However, as the legislative branch of our government is quick to demonstrate, a large number of presumably intelligent people without a coherent agenda can be an impressively inefficient approach. Like Congress, large financial institutions can be politically charged, highly bureaucratic places, however, there should be a singularity of vision with respect to what needs to be accomplished. Recognizing that the coalescence of resources under a cosmetically labeled group is simply not sufficient to address stress testing; it is under the centralized umbrella of these organizations that the entirety of the CCAR meta-process is envisioned to reside and be managed.
Planning for the endgame
One potentially notable wrench in the works is the fact that, though the SCAP and CCAR framework have now gone through its third iteration and are becoming more formalized, it is still very much in flux. Whatever final form the framework ultimately takes, and to what extent Dodd-Frank and Basel III have upon that final form, is still somewhat unknown. As such, whatever oversight, governance and management process that does wind up getting instantiated at the CCAR institutions needs to be flexible enough to accommodate any potential changes that may emerge from the ever-fickle requirements landscape.
All told, the CCAR process defines a new paradigm of robust, forward-looking, analytical exercise for large financial institutions. As the process evolves, we will continue to see institutions expend significant resources addressing the operational challenges the process presents. Formalizing this process into something that is efficient, manageable, repeatable and auditable will reinforce the fundamental premise of stress tests: Demonstrate that an institution, as a part of its primary business activities, is able to quickly and efficiently understand how it is exposed to risks that may potentially emerge. The trick, of course, is to ensure that demonstration does not become risk management’s newest Rube Goldberg device.