Stress Testing Best Practices: A Seven Steps Model

The model represents a collection of principles and best practices developed through extensive interviews with many of the stakeholders in our client institutions. It also represents a process to implement a comprehensive, rigorous, and forward-looking stress testing programme.

The findings are summarised in this article’s chart, which highlights key activities for each step in the process. Each step is detailed to further pinpoint opportunities for effectively integrating stress testing in a firm.

Moody’s Analytics has created a Seven Steps Model to help implement stress testing best practices across various bank divisions.

Source: Moody's Analytics

Organisational silos, still dominant at many banks, make efficient enterprise-wide stress testing an ongoing challenge. However, banks should establish dedicated teams tasked with defining objectives and governance guidelines and ensuring proper coordination among the business, risk, and finance departments. Such teams often range in size from three to twenty people (based on bank size). Some teams report to the Chief Risk Officer (CRO), others to the Chief Financial Officer (CFO); in both structures, a direct relationship to the board is critical.

Many banks use committees to define and review stress scenarios and to reinforce participation across the institutional boundaries. Some organisations have created departments focused on the sole task of developing and managing enterprise stress testing. Such groups typically use external scenarios (such as macroeconomic shocks) as benchmarks that assist in developing specific internal scenarios. Moody’s Analytics recommends this as a best practice. Defining scenarios that are useful to business lines, as well as the risk and finance functions, require the effective participation and cooperation of multiple teams and specialists.

Additionally, embedding risk culture in decision-making across business units and functions, whilst essential, remains a challenge for many banks.

Institutions continue to struggle with data quality, availability, and comprehensiveness despite significant investments in both capabilities and infrastructure in recent years. Legacy systems and silos that were developed during the course of Basel II implementation hinder the flexibility required for effective stress testing. Shifting and uncertain regulatory demands also complicate progress in this area. Therefore, a flexible platform for aggregating the balance sheet data that integrates information from across the organisation is crucial.

Once the data is captured and centralised, the next step is to layer on macroeconomic scenarios. Modelling the impact of macroeconomic scenarios on institutional cash flows (e.g., income or economic capital) requires both significant information and a strong understanding of the business drivers.

Quantitative measures – such as probability of default (PD), exposure at default (EAD), and loss given default (LGD) – are of particular interest to senior management as they link stress testing directly to performance. Common implementation challenges include lack of internal skills and data, shortage of relevant resources, time constraints, and a dearth of skilled personnel. Best practices include developing internal models using dedicated quantitative teams, as well as using third-party models and services to accelerate the process, decrease internal workloads, and fill gaps in key skills and capabilities.

Requirements for stress testing come from a variety of external and internal sources. These include national and supranational regulators, the board of directors, various committee and governance structures, as well as business line management. These requirements will grow and evolve over time, making effective reporting consume an increasing amount of both time and resources.

Reporting tools that address regulatory requirements that can also be leveraged for business purposes will offer significant benefits and should be considered a best practice. At the same time, the lack of common standards for reporting means the size, degree of detail required, and structure of reports will vary widely, so flexibility and the ability to adapt to changing requirements are critical capabilities.

Ultimately, stress testing must be part of both the business planning process and the institution’s day-to-day risk management practice. Adjustments to asset-liability composition should align with management of concentration risk. Monitoring sensitive limits should provide useful input to risk appetite discussions. Yet 80% of surveyed financial institutions fail to integrate stress testing into the senior decision-making process. Best practices in this area remain a work in progress.

In conclusion, investing in efficient tools, processes, and systems should help banks turn what is perceived as a labour-intensive, mainly regulatory exercise into an effective tool for business planning and risk management. Easier compliance with regulation and increased transparency in the marketplace should coincide with more confident decision-making.