Are Regulatory Stress Tests Just Cost Without Value?

In an effort to prevent another system-wide failure as experienced in the financial crisis of 2008-2009, banking supervisors and governments around the world tightened regulatory standards – bringing stress testing to the forefront. Many banks have voiced their concern that the ever-increasing data requirements of the tests have little to do with their individual risk profile. Whilst they have to comply and dedicate enormous resources to meet the deadlines, they are asking that, if regulatory stress tests do not fit their business, are they just cost without value?

Stress testing is a powerful risk management tool that offers a unique opportunity to contemplate potential outcomes and actions to take depending on different scenarios. Unfortunately, many banks consider regulatory stress testing a burden and not an opportunity. Whilst there is no doubt regulatory compliance is challenging, there are ways in which banks can use the exercise to build long-term value, rather than treating it like a check-the-box exercise.

The eruption of the global financial crisis with the downfall of Lehman Brothers in September of 2008 focused people’s attention on tools that, for a long time, often played only a minor role in risk management, including stress testing.

Despite the fact that banks have been using stress testing internally for many years (e.g., to stress market risk factors such as yield curves), the test results had little-to-no influence on the overall business decisions of banks. As a consequence, banks built excessive risk positions without considering how vulnerable they would be if things quickly went wrong.

The risk taking that led the global financial system to being on the verge of collapse spurred regulators around the world to significantly tighten industry rules and guidelines – from increased capital levels and minimum liquidity ratios to maximum leverage ratios – and bring stress testing to the forefront. In many jurisdictions, regular internal stress testing became a mandatory requirement (e.g., through the MaRisk guidelines in Germany). In addition to national regulations, the central supervisory bodies in the United States and European Union (EU) carried out bank-wide stress tests to evaluate the resilience of leading financial institutions to adverse market developments.

The bank-wide stress tests defined standardised scenarios that the banks had to use for their calculations. In its latest stress test in 2011, the EU used a set of baseline and adverse macroeconomic scenarios developed by the EU Commission and the European Central Bank, respectively. The US Federal Reserve Bank (the Fed) provided three different sets of scenarios, including baseline, adverse, and severely adverse scenarios for the Comprehensive Capital Analysis and Review (CCAR) in late 2012.

The complexity increased with each regulatory stress test, as well as the data requirements and reporting obligations for the individual banks. The 2011 EU stress test focused primarily on assessing credit and market risks in adverse economic conditions. Trading and banking book assets were subject to stress at the highest level of consolidation of the banking group. To simplify the calculation, the test was conducted using the assumption of a static balance sheet.

In contrast to this approach, the Fed asked the top 19 bank holding companies (BHCs) with total consolidated assets of US$50 billion or more in November 2012 to calculate not only the three supervisory scenarios, but also two additional BHC-defined scenarios with a planning horizon of nine consecutive quarters starting in Q4 2012. The resulting capital plan, along with the proposal for planned capital actions, had to be reported by each BHC in early January 2013. In addition, each BHC had to report its estimates of losses, resources available to absorb those losses, balance sheet positions, and capital composition on a quarterly basis over the nine-quarter planning horizon. The Fed also required the banks to submit qualitative information supporting their loss and pre-provision net revenue (PPNR) estimates, including descriptions of the methodologies used to produce the estimates, as well as any other analyses that supported their capital plans.¹

For the 91 banks in the EU, as well as the 19 banks in the US, these regulatory requirements represented huge challenges. The amount of information that was requested, ill-defined regulatory requirements, the common silo architecture, and fragmented risk management approaches in many banks caused inconsistencies, duplicate work, incomplete aggregations, and concerns about the reliability of the overall results. The resources that had to be allocated to perform the calculations and – most importantly – meet the deadlines set by the regulators greatly exceeded the levels of most other major bank-wide projects. Risk professionals had to work extra hours for weeks. Staff had to be pulled from other important projects or their normal daily responsibilities. Several banks reported that in some cases more than 100 people were involved in the regulatory stress test, which illustrates the complexity and resource demands of the exercises.

With ever increasing regulatory requirements, many banks have raised the concern that these stress tests have little to do with a bank’s individual risk profile. Instead, they impede a bank’s ability to think creatively about their own business and vulnerabilities. Given the resources needed to meet the deadlines and report the results to the regulators, banks have begun to ask for a return on this investment. If a regulatory stress test does not fit a bank’s business, is it just cost without added value?

Contrary to what some banks believe, stress testing is one of the most powerful tools in risk management, yet it is frequently overlooked. A well-functioning, scalable stress testing platform can offer substantial value and returns. Instead of using a rather abstract concept like Value-at-Risk (VaR), stress testing enables risk and business managers to contemplate what could happen to their bank and their risk exposure in situations not captured by the parameters of its current models (e.g., sudden shifts in correlations or default levels). More importantly, it can improve communication between the risk management and business sides of a bank and suggest possible actions for senior management in case an adverse business environment materialises.

With this in mind, the regulatory stress tests without a doubt positively impacted the risk management cultures of many banks. Still, many organisations consider regulatory stress testing more of a burden than an opportunity to learn and improve their internal processes.

The best way forward for many banks is to invest in robust stress testing frameworks that comprise models, data, IT landscape, and processes. The heart of a well-functioning automated stress testing process is a single data repository in which the relevant risk and finance data required for the regulatory stress tests are consolidated and readily available. With the data layer in place, the models, workflow tools, and reporting modules can be layered on top. Once this structure is in place, banks are afforded a scalable and powerful capability – to run and effectively report on a broad array of enterprise-wide stress tests in a timely and cost efficient manner. This capability can offer substantial insight to senior management about their bank’s risk profile and potential opportunities.

Figure 1 compares the typical stress testing process still present in many institutions (on the left) and a leaner, more efficient process (on the right) that is less resource intensive and able to produce results faster.

Figure 1. Comparison of a typical versus a leaner, more efficient stress testing process

Source: Moody's Analytics

As illustrated on the left, this process can be currently observed in many banks trying to respond to regulatory (or senior management) stress test requirements. These banks have to access a wide range of (legacy) systems and databases to collect and consolidate the data needed for stress testing calculations. Even intermediary steps, such as data re-formatting (illustrated by the single person among the databases on the lower left hand side) are needed before the data can be used for the actual calculations. In the risk management department, a larger number of employees (up to 100, as mentioned previously) are charged with the task of performing the calculations. Lastly, within the treasury the extremely arduous task of aggregation and reporting generally takes place before the results can be submitted to senior management and regulators. This complex system is inefficient and costly. Perhaps even more disturbing is the high inherent risk of error prevalent in this ungainly process.

Banks will not be able to avoid the burden of regulatory stress tests, so there is no choice but to make the best of it. That means executing the task with minimal resource consumption. Banks will have to invest in infrastructure to establish a process and IT architecture that are robust, repeatable, scalable, and lean.

The right side of Figure 1 illustrates the leaner and more controlled framework. The data from sub-systems will be stored via Extract, Transform, Load (ETL) interfaces in a comprehensive data repository. This repository is flexible and contains the necessary data, scenarios, and results to enable those responsible for the stress test to generate the results in a much faster, reliable, and efficient way. Beyond the need to respond to the regulatory stress tests, banks will obviously be in a position to use this framework for their own stress testing.

The requirements set by external regulators are definitely challenging, but there are two ways to master this challenge: automate the process as much as possible and consolidate the data in one single data repository so it is readily available when needed.

With a comprehensive data repository, banks will not only be able to respond to regulatory stress tests with reasonable ease and confidence but, more importantly, they will also build a foundation for their own stress testing – reaping long-term benefits for their investments.