Meeting the CCAR Challenge

After years of uncertainty and speculation about the scope of stress testing regulations and requirements, institutions have a much clearer picture of the regulatory landscape. As we prepare for the third year of the annual CCAR process, we are now moving from a tactical stage as it relates to the CCAR exercise to a more strategic stage. However, with regulators envisioning that stress testing will transform the industry and the perception that many institutions are treating stress testing like a burdensome “check-the-box” exercise, there is still a discrepancy between how each views the value of the regulations.

Many have already devoted considerable time and resources to comply with the new regulatory guidelines and are asking whether or not stress testing is worth the continued investment. More precisely, is it likely that the level of scrutiny to this topic will fade in the future? Will everyone sufficiently support their stress testing capabilities to embrace the implementation of a more effective process?

Throughout this publication, we have taken a closer look at the opportunities and challenges of stress testing in the US – from an overview of the current dynamic and regulatory updates to implementation and best practices. And although we are years into the resource-siphoning scramble to stay compliant with regulations, there is still much more to do.

In a previous article, my colleague Dr. Christian Thun addressed the question “Are regulatory stress tests just cost without value?” Some may believe this to be the case, especially if the ever-increasing scope and related data requirements of the tests have little to do with an institution’s individual risk profile.

Complying with regulations is neither generally welcome nor easy. Yet, in a very short period of time, stress testing has become both a central regulatory necessity and for many a key risk management tool. It represents an opportunity to more fully consider a broad range of potential outcomes and actions to take depending on different scenarios. However, there are still institutions that opt for a superficial approach, which may expose them to structural weaknesses as more progressive institutions build the infrastructure necessary to both comply and compete in the future.

Institutions that understand how the new requirements can vastly improve existing processes – such as credit loss estimation, budgeting and planning, asset and liability management, and risk and financial management – are at the forefront of a new era of risk management. At the same time, senior management must also acknowledge that existing systems and processes are ill-suited to handle the current expectations. With CCAR evolving and becoming an integral part of the risk and capital management frameworks at institutions, management needs the capability to respond efficiently to current demands and the flexibility to be able to address future requirements.

• Data management: Granular data is essential for stress testing and CCAR bottom-up modeling purposes. Financial institutions will need to centralize all the data necessary to support stress testing models, as well as regulatory and internal reporting requirements. This system should also be able to reconcile its data with production systems to ensure results consistency. Therefore, this approach requires an enterprise-wide datamart oriented on risk and financial management. The datamart would be the data source for all risk engines, capital planning, and stress testing tools.
• Models: Internal models will be increasingly challenged by regulators. Firms will need to be able to document and maintain their bottom-up and/or top-down models and be consistent over time and across asset classes. These models, and the underlying data used to construct them, will help them to meet the CCAR regulatory requirements while continuing to ensure that risk taking is consistent with shareholder expectations and their risk appetite.
• Reporting: Supervisors will require more frequent stress testing and reporting. Financial institutions are required to publish monthly, quarterly, and annual reports in a required format. This in turn requires an automated reporting tool that can produce regulatory reports efficiently, but be flexible enough to audit and adjust those reports. Reconciliation between reports will be paramount. The reporting tools should also be flexible enough to keep pace with evolving regulations.
• Stress testing automation: Financial institutions will need software to coordinate and centralize the stress testing process to keep consistent scenario and modeling assumptions across the balance sheet, as well as deploy and maintain a large quantity of models (e.g., periodic recalibration). The stress tests should be automated so banks can run more scenarios (e.g., business-specific scenarios). Finally, properly controlled expert judgment should generally be allowed to overwrite models on specific counterparties when real-life conditions require. Thus, stress testing automation should manage users, through workflow, auditing, and tracking.

Figure 1 illustrates how stress testing represents a unique challenge, in terms of integrating data, models, platforms, and reporting across an organization.

Figure 1. The CCAR Challenge

Source: Moody's Analytics

• Fragmented coordination efforts across finance, treasury, and risk groups
• The need for more timely communication throughout the chain of command, as C-suite and senior management are engaged in scenario definition, results, and review
• Board-level education efforts are difficult to structure and maintain

• Lack of integration of stress testing with forecasting processes and resources
• No immediate manpower for increased frequency of stress testing
• Lack of harmonization between Fed stress testing methodology and GAAP accounting
• Deterministic scenarios may not uncover future sources of crisis; there is a need for more institution-specific scenarios and systems that can support their frequent analysis
• Auditability of results is not easily accomplished

• Evolving and disparate methodologies
• Emphasis on greater granularity, consistency of loss estimation, and new business methodologies means many current models are in need of an update or replacement
• How to identify and quantify “unknown unknowns”
• Event-driven scenarios need to use thorough and well-governed analysis rather than routine models

• Spreadsheet-based infrastructure is clearly inefficient
• Manual processes constrain:

  - Frequency of stress testing
  - Reconciliation and controls
  - Ability to analyze results

• Competing priorities

  - Need for long-term infrastructure planning and enhancements versus short-term CCAR / DFAST timeline

• Existing infrastructure not well suited for CCAR / DFAST process

Institutions around the world have devoted considerable time and resources to comply with the new regulatory guidelines and to establish internal frameworks so that they can perform stress tests for different types of risk, asset classes, and business lines. New guidance confirms regulators have ramped up their supervisory focus on stress testing, requiring tests more frequently and with more complexity.

The regulatory stress testing and reporting mandates will continue, and the pressure to implement integrated and automated stress testing solutions will push institutions to refresh their IT infrastructure.

Effectively addressing the stress testing challenges will enable boards and senior management to make better-informed decisions, proactively create contingency and resolution plans, make forward-looking strategic decisions for risk mitigation in the event of actual stressed conditions, and help in understanding the evolving nature of risk in the business. In the end, a thoughtful, repeatable, and consistent stress testing framework should lead to a more sound, efficient, and (above all) lower-risk marketplace.