Despite calls from critics like the Adam Smith Institute to abolish stress tests, and the difficulty regulators admit that banks have in producing stress testing submissions, the public appetite for financial services regulation and the perceived failure of ‘light touch’ pre-2007 regulatory regimes mean that stress testing is here to stay.

Moreover, given that we are in early stages of a major change to how financial market stability and industry solvency is monitored, we can expect further change as regulators refine their stress testing approaches, and contiguously gain insight from the information provided by participants. Industry feedback may yet prompt further changes, as regulators look to build acceptance for their stress testing regimes.

Another argument to suggest that stress testing will continue is that regulators see evidence of it working. Since the establishment of CCAR, DFAST, UK and EU stress tests and other risk data regulations such as BCBS 239 and the upcoming BCBS 265, firms have made sizeable improvements, particularly in areas such as data collection, risk analytics and elements of corporate governance. All this suggests that, independent of whether institutions believe the scenarios being tested are realistic or not, we are seeing the start of a fundamental shift in risk culture which is what the regulations seek to achieve in the long run.

The Intent behind the Regulation

Banks on both sides of the Atlantic are faced with two common challenges:

  1. Making stress testing a transparent, repeatable and cost-efficient process
  2. Coping with stress testing changes in the future
Regulators will remind banks to focus on the intent behind regulation, rather than what the specific tests will be this year or next. The intent of the regulation, in both its American and European form, is to encourage institutions to seek the building of a capital planning and stress testing framework that identifies firm-specific risks and ultimately informs the decisions that management take. Therefore, when it comes to stress scenarios, banks should not merely try to comply with regulatory stress tests, but instead build a framework to understand and monitor the precise risks in their own markets.

A proactive, rather than reactive, approach to stress testing and risk reporting is viewed as the key to increasing the resilience of individual firms, the overall stability of the financial system, and – ultimately – regulatory approval.

How is this done?

Just as critics of stress testing say a ‘one size fits all’ approach can be considered too blunt for the wide variety of business models in financial markets, there is no single method (or off-the-shelf solution) to help banks manage the challenge of annual stress testing. However, there are common approaches that institutions adopt, which are being recommended by regulators as best practice.

Best Practice Recommendations

From an organisational and systems perspective, these recommendations include:

  1. Governance
When conducting stress tests, strong internal controls (and involvement of audit and risk) are critically important toward the translation of stress scenarios into financial impacts. When such translations are undertaken at large, complex organisations, it can often involve multiple models and lines of business. Firms that have assembled strong stress testing approaches also have strong governance functions whereby all parties work together to implement the stress scenarios and coordinate assumptions, and the senior management of each business line is intimately engaged in the process.

Well-articulated documentation, standards and process orchestration and underlying data ensure that scenarios are implemented consistently across business functions in terms of the understanding of the intent of the scenario, the portfolios and business lines affected and the accuracy and reliability of reported results.

In addition to this, a sound governance process identifies and addresses gaps in an enterprise’s stress testing framework and has the authority to work with business owners and stakeholders to address them.

  1. Data Control Points for Scenario Generation
Data models are the core of each stress test. Crucial assumptions used to estimate losses, risk weighted assets, and revenues must be clearly documented so that the detail of each scenario is fully parameterised.

To achieve consistency in preparing scenarios it is essential that common data inputs (e.g. securities data, historical market prices) and derived data (e.g. curves and surfaces) are sourced, validated and distributed from a single function. This is to make sure common data has assured lineage and provenance, and any changes can be quickly propagated throughout the organisation. High quality data is needed for understanding the historical relationship between scenario parameters (GDP, interest rates, unemployment, stock markets etc.) so that scenarios can be correctly discussed and challenged before they are released internally.

Where scenarios require price or volatility shocks to trading books these should also be defined from a validated central source and provided to models that are simulating their impact on positions for the stress test. For the results to be convincing to regulators, it is important that banks have a deep understanding of the data and models used in their scenarios so that their explanatory materials meet the required standards.

  1. Workflow Control Points
In order to establish a robust stress testing framework – and to make the process both repeatable and auditable – institutions must first understand the necessary workflows and the data integration challenges they face.

At such firms, control points have been established to both promote repeatable and automated practices within the modelling framework, and to verify the data and model quality throughout the process. These control points ensure that corrections or enrichments of data used are proliferated consistently both upstream and downstream from the control point and – wherever possible – the opportunity for manual input of data is eliminated, along with the risk of human error.

In short, governance, data management, model management and system integration are the keys to banks building a robust stress testing framework that is capable of both adapting to future changes in stress testing requirements and, more importantly, becoming the decision-making tool that regulators hope will inform both strategic and routine decisions.

Making the process repeatable and cost effective will be made possible by the use of automation and integration, particularly with regard to the common data sets required for scenarios calculation around the various departments and divisions running them. This moves the process from what is currently a highly manual task, led by risk and audit experts, to an automated and scalable environment that leverages existing technology investments.

Ultimately, financial institutions will be successful in creating stress testing environments that meet regulators’ needs and indeed institutionalise risk weighted decision making. After all, the single greatest engineering skill western financial institutions have shown over the last 50 years is the ability to take physical processes and make them virtual. The question today is whether this transformation can be done at a pace that keeps regulators satisfied.

By Richard Petti, CEO, Asset Control