Under a mandate of Dodd-Frank, the Federal Reserve requires banks with consolidated assets between $10 billion and $50 billion (midsize banks) to conduct annual company-run stress tests beginning this fall.
Annual stress tests are designed to support a forward-looking assessment of the firm's financial risks and to tailor its risk management and capital resources in response to that assessment, certainly laudable goals that should be pursued by financial firms of critical size. However, the stress testing requirements for midsize banks add to their already considerable compliance burden, with questionable payback in terms of better risk management, at least in the near term.
While the federal banking agencies claim the stress test rules are tailored to midsize banks, these rules impose onerous requirements on a very diverse class of companies, many of which have relatively non-complex operations. Where the rules allow for some flexibility in relation to the requirements applied to the $50 billion-plus financial firms, including a one-year transition period for reflecting the Basel III capital framework in their stress tests, the general expectation is that the midsize banks will eventually adopt practices equivalent to those of the larger banks. Moreover, guidance recently proposed by the federal banking agencies makes clear that the legislatively mandated stress tests are but one component of a comprehensive suite of stress tests that midsize firms should utilize to capture risks that may not be reflected adequately in the Dodd-Frank test.
Midsize banks are required to conduct annual risk assessments under "baseline", "adverse" and "severely adverse" economic conditions. These scenarios are meant to identify increased risks associated with liquidity, capital, interest rates, credit, operations, company reputation, country and strategic risk and other forms of exposure. Stress test developers must also ensure that the tests reflect new and emerging risks, and that they account for the possibility of multiple adverse scenarios occurring within a given time period. Disclosure of results under the "severely adverse" scenario is required.
Midsize banks are instructed to provide credible projections of losses, pre-provision net revenue, net income, and the provision for loan and lease losses for each of the three potential economic conditions and for each of the nine quarters of the planning horizon. Midsize banks with a broad business scope may also need to conduct stress tests across different business lines, and to explore more sophisticated risk estimation techniques. If the required data is not available within the timeframe leading up to the first reporting deadline, companies may use proxy data in order to capture as much potential risk exposure as possible. However, there is a clear expectation that midsize banks will migrate to the use of historical data and use proxy data with caution.
Many midsize banks will need to rely on vendors to meet the data and methodological requirements of the rules and proposed guidance. The proposed guidance acknowledges the role of vendors in supporting the risk management activities of midsize banks, but establishes high expectations for vendor management. Senior management is expected to ensure compliance, including regular reviews of vendor data collection practices. Senior management would be expected to demonstrate knowledge of vendor models and methodologies, including their underlying assumptions, limitations and weaknesses.
Robust corporate governance is critical to an effective stress testing program. Midsize banks will need to review current systems of governance, as enhancements to policies, procedures and controls may be necessary to meet supervisory expectations. Importantly, the proposed guidance sets forth the clear expectation that stress testing policies and procedures will be integrated into other policies and procedures across the organization in an enterprise-wide approach to compliance and risk management.
Senior management should ensure the capability for overseeing annual stress tests, adjusting them as needed to align both with changes in macroeconomic conditions and company-specific developments, developing a system of controls, oversight and documentation, validating methodologies and reviewing stress testing outcomes prior to the reporting or disclosure of results. Where stress test results are out of alignment with a company's risk tolerance, senior management will need to present a strategy for reducing risks. The rules and proposed guidance require banks to demonstrate clear links from stress test results to board and senior management actions across the organization, including with respect to capital planning and risk management.
The new stress testing requirements for many midsize banks will require the development of extensive data capabilities, new methodologies and robust policies, procedures and internal controls. These requirements will prove challenging for many firms adapting to a raft of new prudential and consumer regulations and transitioning to the new capital framework. Greater flexibility in the application of the new requirements and an understanding by the agencies of the need for banks to evolve to these heightened standards would be welcome.
Mary Frances Monroe is a senior director with Treliant Risk Advisors and can be reached at email@example.com. Prior to joining Treliant, she was the director of Policy, Research and Risk for the Bermuda Monetary Authority and held policy and supervisory positions at the Federal Reserve.