Technology systems for enterprisewide stress testing

Where financial institutions are falling short, what to do about it, and which stress testing technology providers are leading the pack

By Tom Kimner, Head of Global Marketing and Operations, Risk Management, SAS

Long gone are the days of making educated estimates about potential credit losses and capital adequacy under pressure. The risk management landscape changed in 2012 when US regulators unveiled Dodd-Frank Act Stress Testing (DFAST) provisions that required the largest American banks to perform stress testing. It evolved again when the Act was expanded in 2014 to include midsized firms, those with $10-$50 billion in assets.

Enterprise Stress Testing Systems 2015: SAS Vendor Highlights

Stress testing – statistically predicting the impact of possible adverse conditions – quickly became a matter of compliance and necessity. Of course many institutions, particularly the larger and more influential ones, were already doing stress testing, but the flavor of the activity changes when compliance is at stake.

But is DFAST compliance enough? Could stress testing mechanisms be doing more? Would the current state of stress testing have been enough to foresee the financial crash of 2008? At the time, financial institutions were blindsided not because the necessary data didn’t exist somewhere, but due to flawed implementation. That’s the word from the Chartis research report, Enterprise Stress Testing Systems 2015: SAS Vendor Highlights:

“FIs didn’t integrate credit, market, liquidity and operational risk – or secondary impacts such reputational risk – into consolidated governance and functional processes. Technology systems didn’t deliver clean, aggregated and appropriate data that aligned with finance correlated across multiple risk factors and dimensions, including asset classes, legal entities or business lines. … True enterprisewide stress testing was rare.”

Years later, these criticisms still stand. Chartis’ latest survey of 66 global financial institutions – coupled with in-depth interviews with 22 senior risk practitioners – shows that the desired integration still isn’t happening. Siloed processes and systems prevail, and there’s no real faith in the numbers except to satisfy regulators.

Category leaders are risk technology vendors that have the necessary depth and breadth of functionality, technology, and content, combined with the organizational characteristics to capture significant market share by volume and value. Category leaders can demonstrate a clear strategy for sustainable, profitable growth, matched with best-in-class solutions.
Chartis, Enterprise Stress Testing Systems 2015

Where stress testing practices are falling short

Stress testing is treated as a compliance exercise.

The Chartis survey shows that most stress testing activities are about compliance – focused on capital ratio tests through the lens of standalone market and credit risk – and rarely embedding those capital ratio stress tests into business decision-making.

Data quality is poor.

More than 95 percent of respondents cited data gaps and problems with data quality. Many firms still rely on internal departmental risk systems or Excel spreadsheets. According to the Chartis report:

"Stress testing infamously proliferates manual Excel worksheets used as data aggregation, pricing models, mathematical engines, interpolators, diffusion techniques and so on. These are typically assembled, manipulated, aggregated and processed by consultants using siloed internal risk systems. FIs are addicted – either unwilling or unable to give up their spreadsheets."

Stress testing is not truly enterprisewide.

Only 45 percent of the FIs represented in the Chartis survey have integrated the assumptions and data used in stress testing in credit portfolio management. Risk categories such as market, credit, liquidity and operations risk management all remain separate with few feedback loops between them. Back office and finance testing is rarely integrated with front office risk management and operational data. There is little integration between workflows, risk systems and dashboards.

Governance is weak.

Control procedures tend to be poor, and systematic, repeatable processes are not in place. Furthermore, stress testing has largely been entrusted to risk committees, with boards providing only oversight. According to Chartis:

“At most FIs stress testing is not treated as a strategic initiative but rather as one component of risk management activities – even sometimes as a compliance ‘box-tick.’ Only 12 percent of boardrooms have a ‘high’ involvement in stress testing, according to survey respondents, with senior executive committee involvement at only 18 percent.”

What needs to change?

Integrate risk and finance data and operations.

Often business unit and separate risk managers are responsible for their own stress testing, while CFOs and their teams are responsible for ensuring adequate capital levels after stress testing. FIs need to better understand overlapping risk factors – to integrate risk and finance functions so the institution can become truly risk-enabled and departments can share analytical assets.

Get more business line managers involved.

If you want stress testing results to influence day-to-day and strategic business decisions, get business line heads and management committees more involved, and integrate the stress testing process into existing planning, forecasting and business processes. Document everything, so regulators don’t end up spending as much time auditing the integrity of the stress testing process as they do the calculations themselves.

Make stress testing an ongoing process.

Under new regulatory requirements and standards, financial institutions are doing more to treat stress testing as essential processes rather than one-off compliance drills. Ideally, enterprise stress testing would be done intraday and be available to business units to support better operational and strategic decisions, under central governance.

Provide a technology platform that breaks down silos.

Having the right technology platform in place – an integrated system that makes it easy to aggregate, share and reuse a trusted source of data – will be essential to meet the new demands of enterprise stress testing. FIs need to strategically invest to address areas of technology weakness and enable a more effective and accurate stress testing process, both for regulatory compliance and business decision making.

SAS – A Chartis-recommended platform for enterprisewide stress testing

The SAS® Stress Testing suite includes three complementary offerings that can be integrated or operate as individual components within an existing bank architecture:

  • A workbench to establish a structured risk modeling process.
  • A controlled environment where complex systems of risk models can be implemented quickly and transparently.
  • A web-based central hub to manage the stress testing process and consolidate results from disparate systems.

Here’s what Chartis had to say about the solution set:

“SAS’s offering is based around a single integrated risk technology framework with one metadata layer connecting the entire solution. A single risk engine for market, credit and liquidity risk with BI (business intelligence) eliminates manual processes for data quality and data transformation.

The coordinated, systemic support from SAS covering data management, model lifecycle management and integration, scenario management, aggregation, capital planning and reporting is a key differentiator for their offering.

“From client use cases that have been mainly regulator-driven, this enables improved data management, hands-on governance, lower integration costs, reduction of modeling gaps in the results, fewer Excel dependencies and a greater confidence in handling “on-the-fly” regulator requests. Stress testing managers can oversee and audit the process.”

In August 2015, Chartis named SAS a category leader in its 2015 RiskTech Quadrant for enterprise stress testing systems based on features and market strength.

By the end of 2015, more than 250 clients were already using SAS® risk management and stress testing modules. With these capabilities, key decision makers can gain an integrated view of risk across the enterprise; spot and analyze the warning signals for each risk; assess the likelihood, magnitude and potential impact; and take timely, corrective action.

Because no one wants to relive the events of 2008.

About Chartis

Chartis is the leading provider of research and analysis on the global market for risk technology. Its goal is to support enterprises as they drive business performance through better risk management, corporate governance and compliance.

Chartis logo

Get More Insights


Want more Insights from SAS? Subscribe to our Insights newsletter. Or check back often to get more insights on the topics you care about, including analytics, big data, data management, marketing, and risk & fraud.

Back to Top