Automating enterprise stress testing, like other complex IT undertakings, doesn’t lend itself very well to a “big bang” approach. The implementation of any IT solution to address a comprehensive regulatory mandate such as CCAR, DFAST or EBA Stress Testing
all at once can be inherently risky, time consuming and very expensive.
With regulators laser-focused on the governance and processes behind regulatory mandated stress testing, banks need to evaluate each major area of their stress testing programs to understand where they are most vulnerable and subject to regulatory scrutiny.
Some banks may be cited for their forecasts and models; regulators may feel that they may be too optimistic, imprecise, or inaccurate depictions of their actual businesses. Other banks could get cited for overall data quality, as regulators may perceive
their sourced data to be unreliable or incorrect.
In either case, the stakes are extremely high. For example, regulators can, and most likely will, reject the capital plans of banks that fail their CCAR stress tests. Aside from the considerable reputational damage associated with failing a regulatory
stress test (i.e. “name and shame”), rejected capital plans can translate into the regulators rejecting both shareholder dividend and stock repurchase programs. That may not go over too well with a bank’s investors, equity analysts or, worse yet, foreign
parents expecting a return of their capital.
Of the five banks last year that had their initial capital plans rejected by the Federal Reserve regulators, all but one had to resubmit because of perceived weaknesses in their CCAR processes.
Banks should not just focus on the quantitative aspects of stress testing such as forecasting, modeling and reporting. Rather the qualitative ones such as process, governance, and scenario management are just as important. With inadequate capital becoming
less of an issue at big banks this time around, well-defined processes, compelling models and good governance will be the key to satisfying the demands of the regulators.
The use of spreadsheets to massage and meld fragmented, silo’d, inconsistent, and often incomplete data as inputs for financial models or reports is still prevalent in the banking industry. Global industry regulations such as
BCBS 239 are an attempt to wean banks off this risky practice. As a first step to a successful enterprise stress testing program, banks need to ensure that they are working with truthful data that has been
cleansed and reconciled to their general ledgers, or in other words, garbage in, garbage out. Banks applying appropriate data governance principles to properly provision their data can achieve improved accuracy and considerable process efficiencies for stress
testing as well as other regulatory reporting, capital planning and management insight. Basically, banks that effectively solve any one of these enterprise reporting challenges can then address the other reporting challenges with the same, leverage-able approach.
Where to start will depend on a bank’s greatest pain point.
Next, banks need to ensure that they can prove traceability of data and models that can withstand the toughest regulatory audit and supervisor’s scrutiny. Regulators don’t like “black boxes”. They seek to understand how models and calculation engines function
and are calibrated. That is they want to be able to determine the inputs to make sense of the outputs. Being able to show data lineage all the way back to source systems confirms that your bank is working off a single source of truth, as well as eliminates
the possibly of using conflicting, inconsistent data.
Beginning the Journey
A logical place for banks to start is with their data. Implementing an enterprise-wide data strategy to ensure that all data used for financial, regulatory and management reporting purposes is properly provisioned from source systems, and any discrepancies
or inaccuracies in that data are addressed as part of a defined process beforehand with the proper audits and governance in place, rather than sporadically fixed on spreadsheets.
Banks should also inventory all aspects of their current stress testing programs to understand which pieces are working for them and why. After all, if the regulators seem content with particular models or specific processes, then why change them? At least,
not alter them initially. Rather banks should view their stress testing programs as evolutionary journeys toward better forecasts, model accuracy and process efficiency. For those large banks that have been designated as “Systemically Important Financial
Institutions” or “SIFI’s”, the same capabilities to accurately provision, aggregate and report on risk data is also required under BCBS 239. For other financial institutions with aspirations to expand via acquisitions, these capabilities will most certainly
be perceived as best practices by the approving regulators.
What process changes has your bank made during this CCAR, DFAST or EBA cycle? I’d be interested in hearing.