Leveraging the Regulatory Stress Tests to Build Long-Term Value

Stress testing is a powerful risk management tool that offers a unique opportunity to contemplate potential outcomes and actions to take depending on different scenarios. Unfortunately, many banks consider regulatory stress testing a burden and not an opportunity. Regulatory compliance is challenging, however, there are ways in which banks can use the exercise to build long-term value, beyond meeting the Comprehensive Capital Analysis and Review (CCAR) and Dodd-Frank Act Stress Test (DFAST) requirements. This article addresses the multiple thorny issues that banks face when complying with the regulations and provides solutions about how to develop a framework that accommodates the demands of both regulatory and business-driven stress testing.

The eruption of the global financial crisis with the downfall of Lehman Brothers in September of 2008 focused people’s attention on tools that, for a long time, often played only a minor role in risk management, including stress testing.

Despite the fact that banks have been using stress testing internally for many years (e.g., to stress market risk factors such as yield curves), the test results had little-to-no influence on the overall business decisions of banks. As a consequence, banks built excessive risk positions without considering how vulnerable they would be if things quickly went wrong.

The risk taking that led the global financial system to the verge of collapse caused regulators around the world to significantly tighten industry rules and guidelines – from increased capital levels and minimum liquidity ratios to maximum leverage ratios – and bring stress testing to the forefront. In addition to national regulations, the central supervisory bodies in the United States and European Union (EU) carried out bank-wide stress tests to evaluate the resilience of leading financial institutions to adverse market developments.

These regulatory requirements represented huge challenges – the amount of information that was requested, ill-defined regulatory requirements, siloed architectures, and fragmented risk management approaches – in many banks and caused inconsistencies, duplicate work, incomplete aggregations, and concerns about the reliability of the overall results. Specific concerns that needed to be addressed, in many cases for the first time, were:

• Stress testing requires extensive data gathering, organization, validation, and often manipulation prior to input into the CCAR mode
• Frameworks, applications, and processes have to be developed to support CCAR reporting on a regular basis
• The quality of stress testing output is dependent upon the quality of input – data input and quality control processes are essential to effective stress testing

The resources had to be allocated to perform the calculations and – most importantly – meet the deadlines set by the regulators, greatly exceeding the levels of most other major bank-wide projects. Risk professionals had to work extra hours for weeks. Staff had to be pulled from other important projects or their normal daily responsibilities. Several banks reported that in some cases more than 100 people were involved in the regulatory stress test, which illustrates the complexity and resource demands of the exercises

The stress testing exercises required by the Federal Reserve (the Fed) are expected to increase in complexity over time (Figure 1). With ever increasing regulatory requirements, many banks have raised the concern that these stress tests have little to do with a bank’s individual risk profile. Instead, they impede their ability to think creatively about their own business vulnerabilities. Given the resources needed to meet the deadlines and report the results to the regulators, banks have begun to ask for a return on this investment. If a regulatory stress test does not fit a bank’s business, is it just cost without added value?

Figure 1. The regulatory environment is expected to increase in complexity

Source: The Federal Reserve¹ and Moody's Analytics

Contrary to what some banks believe, stress testing is one of the most powerful tools in risk management, yet it is frequently overlooked. A well-functioning, scalable stress testing platform can offer substantial value and returns. Instead of using a rather abstract concept like Value-at-Risk (VaR), stress testing enables risk and business managers to contemplate what could happen to their bank and their risk exposure in situations not captured by the parameters of its current models (e.g., sudden shifts in correlations or default levels). More importantly, it can improve communication between the risk management and business sides of a bank and suggest possible actions for senior management in case an adverse business environment materializes.

With this in mind, the regulatory stress tests positively impacted the risk management cultures of many banks. Still, many organizations consider regulatory stress testing more of a burden than an opportunity to learn and improve their internal processes.

As banks adopt and support regulatory stress testing exercises, the benefits of aligning their business needs with regulatory requirements become clear. With validation of forward-looking, scenario-based forecasts becoming an increasingly recognized sign of organizational and managerial strength, many banks are taking the new requirements seriously and reimagining their existing processes and risk analytics. To be sure, the complexity of the new stress testing and capital planning requirements is daunting and requires a commitment from senior leadership.

Up until recently, bank operating models allocated part-time resources to various sections of a stress test exercise. Typically, these resources maintained reporting affiliations to different divisions, teaming up only when a (regulatory) stress test cycle was required. Now, banks are building dedicated teams to cover all aspects of stress testing with the goal of developing a lean, automated, and common set of tools and processes.

This will require tremendous organizational changes, as these stress testing exercises will involve the risk management, treasury, and capital planning departments. One solution is for banks to have a dedicated department working on stress testing, which could then challenge the risk departments on their systems and models. This stress testing department could effectively act as an independent check.

Some banks still have to address what they see as the most difficult steps in developing quality stress tests:

1. Sourcing and managing appropriate data: Financial institutions need to source, aggregate, and consolidate all the data necessary to understand and properly model behavior under stress, and meet reporting requirements. Legacy systems and silos hinder the flexibility required for efficient bank-wide or cross-risk stress testing, as well as its planning and coordination.
2. Modeling scenario impact on risk parameters: Supervisors will increasingly challenge internal models, so banks will need to accurately calculate the impact of macroeconomic, event-driven, and institution-specific scenarios to estimate losses across key risks (credit, liquidity, market, etc.) and asset classes. The estimation of the impact stress scenarios have on a bank's cash flows and P&L is of particular interest to senior management as it directly links stress testing to performance.
3. Efficiently reporting the results: Due to the growing complexity and number of regulatory stress testing requirements, reporting stress testing results has become a time-consuming activity. Banks need efficient reporting tools that enable them to respond quickly to evolving regulatory requirements and can be leveraged for business purposes.
4. Automating the stress testing process: Banks need an automated process that aggregates data points from multiple loss estimation models, matches balance sheet and income statement dependencies, and ensures consistent, integrated forecasting of all income statement and balance sheet categories.

The best way forward for many banks is to invest in robust stress testing frameworks that comprise models, data, IT landscape, and processes. The heart of a well-functioning automated stress testing process is a single data repository in which the relevant risk and finance data required for the regulatory stress tests are consolidated and readily available. With the data layer in place, the models, workflow tools, and reporting modules can be layered on top. Once this structure is implemented, banks are afforded a scalable and powerful capability – to run and effectively report on a broad array of enterprise-wide stress tests in a timely and cost efficient manner. This capability can offer substantial insight to senior management about their bank’s risk profile and potential opportunities.

Figure 2 compares the typical stress testing process still present in many institutions (on the left) and a leaner, more efficient process (on the right) that is less resource intensive and able to produce results faster.

The process illustrated in Figure 2 can be currently observed in many banks trying to respond to regulatory (or senior management) stress test requirements. These banks have to access a wide range of (legacy) systems and databases to collect and consolidate the data needed for stress testing calculations. Even intermediary steps, such as data re-formatting (illustrated by the single person among the databases on the lower left hand side) are needed before the data can be used for the actual calculations. In the risk management department, a larger number of employees (up to 100, as mentioned previously) are charged with the task of performing the calculations. Lastly, within the treasury the extremely arduous task of aggregation and reporting generally takes place before the results can be submitted to senior management and regulators. This complex system is inefficient and costly. Perhaps even more disturbing is the inherent high risk of error prevalent in this ungainly process.

Figure 2. Comparison of a typical versus a leaner, more efficient stress testing process

Source: Moody's Analytics

Banks will not be able to avoid the burden of regulatory stress tests, so there is no choice but to make the best of it. That means executing the task with minimal resource consumption. Banks will have to invest in infrastructure to establish a process and IT architecture that are robust, repeatable, scalable, and lean.

The right side of Figure 2 illustrates the leaner and more controlled framework. The data from sub-systems will be stored via Extract, Transform, Load (ETL) interfaces in a comprehensive data repository. This repository is flexible and contains the necessary data, scenarios, and results to enable those responsible for the stress test to generate the results in a much faster, reliable, and efficient way. Beyond the need to respond to the regulatory stress tests, banks will obviously be in a position to use this framework for their own stress testing.

The requirements set by external regulators are definitely challenging, but there are two ways to master this challenge: automate the process as much as possible and consolidate the data in one single data repository so it is readily available when needed.

With a comprehensive data repository, banks will not only be able to respond to regulatory stress tests with reasonable ease and confidence but, more importantly, they will also build a foundation for their own stress testing – reaping long-term benefits for their investments.