Stress tests approached in the right way can play an important strategic role and contribute to a bank’s business performance. That’s according to Wolters Kluwer’s Finance, Risk & Reporting experts from across EMEA, APAC and North Americas. Here Sarfaraz Ahmed, Xavier Dubois, Bart Everaert, and Jeroen Van Doorsselaere) explain for Financial IT how devising the right technology infrastructure can ensure stress tests are used strategically.

When stress tests were first introduced, they may have been perceived as a one-time exercise; a hurdle that financial institutions of a certain bulk would occasionally have to leap over to prove their resilience against market occurrences and other potential events. But recent developments have made it clearer than ever that stress testing should be viewed as an ongoing process, applicable to a wide range of institutions across jurisdictions, and requiring concerted and constant attention and resources. There is no doubt that the way stress testing is evolving will present challenges for financial institutions. However, it is our view that approached in the right way, stress tests can play an important strategic role and contribute to business performance.

In addressing stress testing it’s important to understand how it’s developed -- and in some respects, converged -- globally. In the aftermath of the global financial crisis, determined to avoid further unanticipated collapses, US regulators developed the Supervisory Capital Assessment Program (SCAP) to gauge financial institutions’ potential losses and capital conditions under various downturn events. The fist SCAP in 2009 applied to only a handful of institutions, but had evolved by 2011 into the Comprehensive Capital Analysis and Review (CCAR) process, which concentrates on capital planning and has been run for a growing number of financial institutions each year. CCAR has been supplemented by Dodd-Frank Act Stress Testing (DFAST), which is more focused on supervisory parameters and views of the portfolio.

Globally, the Basel Committee on Banking Supervision (BCBS) introduced its overall principles for stress testing practices and supervision (BCBS 155) in 2009, and has developed the Internal Capital Adequacy Assessment Process (ICAAP) to encourage financial institutions to factor a wider range of risks into capital planning. In Europe, the European Banking Authority (EBA) has also conducted regular Asset Quality Reviews (AQR) of financial institutions throughout the European Union to identify possible weak spots in their assets.

A new gold standard

Significantly, the EBA has also just issued a consultation paper, expected to be implemented as early as mid-2018, that moves stress testing beyond situational assessments to embed it more firmly as a risk management practice within banks. The new guidelines will make stress testing far more comprehensive, in effect setting a new international benchmark, and stand in sharp contrast to the United States, where the recent political tendency has been towards deregulation and the removal of annual stress tests.

The consultation paper mandates financial institutions setting up a defined stress testing program and devoting sufficient human resources and technology infrastructure to support it. Stress testing programs should also be equipped with a governance structure that places them under the direct responsibility of senior management.

The guidelines also dictate that stress testing must be applied at all levels of the organization, from individual entities to the entire group. They in effect broaden tests to include more risk factors, reverse stress testing, strategic planning, capital and liquidity planning, leverage ratios, TLAC/MREL and recovery plans (aka ‘living wills’).

Rather than specifying a certain threshold at which financial institutions should be stress tested, the EBA has adopted the principle of proportionality -- that is, financial institutions should conduct testing in proportion to their size and complexity. The proposed guidelines could be viewed as combining and building upon the distinct programs in the United States that concentrate on capital, credit, liquidity and other risk conditions.

Asia Pacific’s diversity means the region is home to various regulatory approaches, with no single binding standard or supervisory body. However key markets such as Australia, Hong Kong and Singapore, being members of BCBS, have generally followed the stress testing requirements of BCBS 155, emphasizing credit-related capital. Given regulators tend to take cues from Europe and the United States it is easy to imagine more comprehensive stress testing demands emerging in the region in future, with some regional touches. An example of these regional touches is the Australian stress testing practice focusing on housing risks; this is driven by a significant and increasing proportion of lending attributable to housing resulting in lower risk weighted assets and hence higher regulatory capital ratios.

Separate widely applicable global standards such as the IASB’s International Financial Reporting Standard (IFRS), the FASB’s Current Expected Credit Losses (CECL) and Interest Rate Risk in the Banking Book (IRRBB) also contain stress testing elements, albeit covering positive as well as negative market conditions. The net result is that stress testing increasingly involves the assessment of much more than capital conditions. Credit, liquidity, market and other financial risks must all be evaluated across various scenarios. There is a shift globally towards stress testing becoming a continuous practice rather than a one-off or scheduled exercise, and expanding to touch on more business lines, from risk to finance and compliance. Unfortunately, financial institutions’ systems and management structures have not necessarily evolved to match these regulatory advancements.

Data in demand

Stress testing depends above all on data. More comprehensive tests require a central data warehouse where information from various departments is aggregated and reconciled to serve as a foundation for a wider range of risk calculations. Yet in many institutions data continues to sit in departmental silos, with treasury, regulatory reporting, finance and risk all working with their own data sets.

One possible answer is to have each department execute their own stress tests and report the results back to an umbrella stress testing unit. But this still leaves many issues, not least the problem of data reconciliation. As complexity and frequency grow, data quality and efficiency are also critical -- and the more piecemeal or manual the approach, the more difficult maintaining both becomes. This is likely why the EBA consultation paper makes it clear stress testing data should be aggregated on a largely automated basis, and subject to strict controls. Data integration and having a more in-depth view of data are persistent needs in this era that have also confronted financial institutions in the guise of standards like BCBS 239 (a.k.a. Principles for Effective Risk Data Aggregation and Risk Reporting/PERDARR).

Integration of data alone is not enough; it must be supported by the integration of teams. Departments that historically may not have had to work closely together will through stress testing be pushed together to function as one. Various models will need to be set up by risk, then passed seamlessly through finance and treasury to examine how they impact the balance sheet before being factored into capital planning. This may not always come naturally; in any organization, there is a tendency for people and departments to claim ownership over certain data or processes.

This means institutions will need to take steps to raise awareness of the increasingly cross-functional nature of stress testing and the need for a consolidated approach. Establishing a clear organizational structure for stress testing with well-defined responsibilities that is both led and vocally supported by senior management, can help break down internal silos. While the transition may take time, overall global trends will almost certainly require financial institutions to establish dedicated stress testing systems. Much like stress testing in its newer forms, these systems will have to be global, flexible, ‘always on’ and fully integrated.

Many financial institutions will seek the help of external partners or solutions rather than trying to build these systems from scratch. In evaluating these solutions, it’s important to identify those that encompass all risk components -- whether market, credit or other financial -- and can calculate their individual or combined impact on the full range of risk factors. It should be possible to gauge interest rate scenarios, for example, in terms of impact on both capital and liquidity, even though these reflect separate risk measurements. These capabilities will provide enterprises the holistic view needed to address current regulatory demands and industry realities, where risks (and stress testing obligations), or affect only one type of asset.

Solutions should also reflect the growing emphasis on data management in stress testing. No longer is modeling the exclusive domain of risk managers who manipulate data in their own departmental ‘playgrounds’. Regulators (not least the EBA) have made it clear they require data to be subject to controls and monitoring that guarantee certain levels of security, accuracy and quality. Future-proof risk management architecture should incorporate robust yet versatile control capabilities that allow for various levels of access, qualitative assessment and reconciliation of data according to carefully defined procedures.

A goal as well as an obligation

Institutions struggling to integrate and harness data in response to changing stress testing trends can take comfort in the fact that there are tools available to support this process. But the optimal solutions can empower financial institutions to go well beyond meeting stress testing requirements, just as stress testing itself can be – and is expected to be by all regulators - much more than a simple box-ticking exercise.

By providing insight into a wider range of risk factors and their consequences, stress testing can form the bedrock of a broader, more anticipatory risk management strategy that identifies possible threats to the current business model and throws up ‘first alerts,’ giving the institution more time to make necessary adjustments.

Stress testing has traditionally been driven mainly by regulators, but also internally by risk departments as they conduct static and dynamic simulations in response to both regulatory and business demands. The right management decisions could ensure these analyses are put to use in all layers of the organization. Having the ability to conduct ad hoc stress tests or scenario analyses with not just market but also business scenarios as a base will be the next evolution in stress testing.

Knowing the risks is one thing; acting on that knowledge another. Suppose an institution has been calculating an imminent high-probability market risk -- for example a rise in interest rates as consequence of post-crisis recovery (not unlikely at this moment). This should not only present management with the conclusion that net interest margins might decline due to maturity mismatches between long-term retail lending and short-term liability funding. It should also give management options to optimize the business in such a way that it profits from this risk.

Another example is a financial institution forced to put accounting to work on expected credit losses. Instead of looking at this exclusively as a disclosure requirement, it could be seen as a tool to gauge the NPL contributions of different portfolios and provide management insight on which to possibly shift away from.

Regulatory stress testing requirements can also be put to good use by incorporating them into management reporting, and budgeting and planning. If common data leads to planning decisions based on top-down or bottom-up scenarios as a result of underlying stress testing, these decisions will be made with the same data and scenarios used by regulators, which means they not only consider internal KPIs but also the possible regulatory costs business changes can bring.

Once the regulatory aspects of stress testing become more routine, it is our hope more institutions will draw on the potential of the systems and solutions they have implemented as management tools, using them to estimate the costs and vulnerabilities associated with specific assets or contracts, and using that information as a basis for strategic investment or market entry decisions. This will turn stress testing from something they ‘have to do’ to something they ‘want to do’, and from which they will reap benefits over the short and medium term. As with other kind of tests, the best students are unlikely to be content with simply earning a passing grade.