Regulatory stress tests have taught banks the skills they need to manage through a well-defined scenario. Now leading banks are reevaluating whether their stress test processes will be up to the task in a crisis.
Students of the martial arts commonly develop their skills through the repeated practice of key movements called kata (形, Japanese, literally: "form"). The goal of repetitive kata is for the student to internalize these techniques, so they can ultimately be performed instinctively in a combat situation.
Likewise, banks have been developing their risk management skills over a decade of periodic supervisory stress tests. Through these regular exercises, and with significant investment, banks have made vast improvements around data, modeling and governance.
Now, as regulatory pressures ease, institutions must take stock and consider the utility of their stress test programs beyond the regulatory compliance exercise for which they were implemented. Leading institutions realize that an effective enterprise-wide scenario stress test process can provide a competitive advantage during a real crisis. But are the katas that have been mastered applicable to a real-world event?
Stress Testing 2.0
Savvy financial institutions are looking to gain additional benefits from their stress testing investments – such as improving analytical processes and being able to respond more effectively in a crisis. Learn from their successes as you rethink your approach to stress testing.
Among the questions to consider:
- Are the tools and human resources used for supervisory stress tests available on an ad hoc basis without disrupting critical business functions?
- Is the data and modeling framework flexible enough to adapt to a wide range of scenarios?
- Does the process support the rapid turnaround of multiple iterations?
- Is the process transparent enough to adequately inform the decision makers?
The techniques of attack and defense - have innumerable variations. Kenwa Mabuni martial artist, founder of Shito-ryu karate
The well-choreographed steps of compliance
Scenario stress testing has evolved as a tool of bank supervision following the last financial crisis, and financial institutions have since incorporated these regulatory exercises into their business-as-usual.
The exercises generally start on a pre-planned date with the release of a known number of supervisory scenarios and a specified end date. By design, this structure has allowed institutions to plan resources and coordinate activities to support the process. But this certainty has also allowed banks to maintain inefficient, resource-intensive processes that limit their potential business utility.
For real crises don’t begin and end on known dates, and their scenarios aren’t determined in advance. Will the processes created for these well-choreographed efforts serve to prepare an institution to respond to a sudden event?
The expected unexpected of supervisory scenarios
As part of the instruction set issued for the annual Dodd-Frank Act Stress Test (DFAST) exercise, the US regulators release a set of three scenarios: a baseline, an adverse and a severely adverse. For each scenario, banks are provided trajectories for a set of variables describing broad macroeconomic and market conditions throughout the entire scenario timeline. Banks often rely on third-party experts to extend these scenarios across a wider breadth of variables for modeling.
Because the supervisory stress tests are used for capital planning, regulators seek to provide stability over time to avoid shocking the banking system. Thus, while the regulators have introduced some twists (e.g., negative interest rates), particularly in the adverse scenario, the overall macroeconomic patterns used in these scenarios have remained consistent over time.
But, in a real crisis, scenarios will not be predetermined and historical relationships between variables may not hold. Depending on the trigger event, crisis impacts may be less broadly focused and may primarily affect certain geographical or product segments. As a result, models may need recalibration or replacement, and multiple techniques may be required to construct a mosaic of possible outcomes. Is the stress test process able to adapt to unfolding events without short-circuiting the reporting and control infrastructure?
Creating a true scenario-based stress test process
Leading institutions recognize that moving beyond regulatory compliance and unlocking the business value of scenario-based risk management requires a stress test process that is much more flexible and efficient than in common practice for supervisory stress testing today.
Here are the questions your institution must answer:
- Is an adequate breadth of fields being captured on a timely basis?
- Is the appropriate level of detail maintained throughout the process?
- Can the process be rapidly initiated?
- Can it provide fast turnaround and support multiple cycles?
- Does it rely on key people in the organization to function?
- Can the reporting process provide timely information to decision makers?
- Is there sufficient flexibility to create ad hoc drilldowns and summarizations as conditions change?
- Can the drivers of results be easily identified and summarized?
- Can the modeling process be modified without disrupting the workflow?
- Can multiple approaches be deployed and compared?
- Will processing bottlenecks constrain the ability to explore a range of scenarios?
Governance and Controls:
- Can the process and the points of uncertainty be fully understood?
- Will the analyses be properly archived for defense of actions taken and to facilitate post-mortem reviews?
Addressing these concerns will likely require revisions to your existing stress test architecture and possibly enhancements to its underlying technological components. Here, leaders are recognizing the synergies between stress testing and the new expected credit loss accounting standards (e.g., CECL and IFRS 9) and are seeking to use their investment to achieve greater utility from scenario-based risk management.
- Data protection and privacy: in 2016, is your network truly secure?Would your firm have the necessary pre-staged resources to prevent and then properly manage a class action lawsuit that is rapidly becoming the norm, especially when the loss involves personal identifiable information (PII)?
- Risk data aggregation: Transparency, controls and governance are needed for data quality and reportingFinancial institutions’ data aggregation and reporting techniques and systems are receiving increased attention both internally and externally. Find out how to take a comprehensive approach to BCBS principles and risk data aggregation and management.
- What is a risk model?Banks use multiple models to meet a variety of regulations (such as IFRS 9, CECL and Basel). With increased scrutiny on model risk, bankers must establish a model risk management program for regulatory compliance and business benefits. Begin the planning by clearly defining what a risk model is.