If you work in financial services, and are paying attention to the reform agenda, it is a safe bet you are uncomfortably aware of the emerging stress-testing and capital planning requirements promulgated by bank supervisory agencies globally.
"Uncomfortable" because you realize the enormity of the challenge of the new requirements. "Aware" because these semiannual (or annual, depending on average balance sheet size) exercises are taking up an enormous amount of your time, energy and resources – at the professional staff, senior executive, and board level. In a bid to improve transparency and increase confidence that, indeed, bank balance sheets are not black boxes, global policy leaders have embarked on an ambitious agenda that has as its centerpiece improved stress-testing, capital planning, and risk appetite frameworks. In the United States, this is known as the Comprehensive Capital Assessment and Review and the Capital Plan Review.
Recent results from the 2013 CCAR and CapPR, released this month, underscore the importance of the stress-testing and capital planning exercise, and the need to have strong internal analytical and risk governance processes in support of efficient and accurate submissions. Although the exercise is quantitatively and organizationally difficult, having the systems and controls that permit an accurate analysis can improve transparency and reduce the risks of black-box banking.
Some have opined, in these pages, that these tests are a senseless compliance exercise and, as structured, inconsistent with enhancing safety and soundness and reducing systemic risk. This is simply untrue. However, for those banks that approach these new requirements with this perspective, it is likely a self-fulfilling prediction that the new requirements will be treated as an agonizing and low-value regulatory compliance exercise.
Unfortunately, this mistaken view may persist until a bank's primary regulator steps in and prohibits a dividend payment, stock repurchase program, merger, acquisition, or incentive compensation plan, and issues a "matter requiring board attention" notice or – worse – a cease-and-desist order or capital directive. Such banks may make relatively attractive acquisition targets for firms that are taking the longer view.
Other banks understand how the new requirements can retool and dramatically enhance credit loss estimation, budgeting and planning, and asset-liability management processes. These are risk and finance processes that in many banks are difficult to coordinate, harmonize, and validate in a "straight-through" and consistent fashion.
With validation of forward-looking and scenario-based forecasts an increasingly recognized sign of organizational and managerial strength, most banks are taking the new requirements seriously and reimagining and re-inventing their processes and risk analytics. To be sure, the complexity of the new stress-testing and capital planning requirements is daunting and requires a commitment at senior leadership levels and strong architecture. However, done correctly the promised utility of these tests - for planning, analysis, and decision-making - is nontrivial.
Firms that are taking an organized and strategic approach to the new mandates may remember the Federal Deposit Insurance Corp. Improvement Act's Section 305 requirements. This provision in the 1991 law proposed to mandate capital charges for exposure to interest rate risk. Although this proposal ultimately was watered down, due in part to international Basel convergence issues and cross-border competitiveness concerns, it launched a Renaissance in balance sheet management and forward-looking simulations for the balance sheet and income statement.
Modeling a balance sheet and income statement under adverse scenarios is a tried and true concept. In fact, the Section 305 requirements were a primary reason for making the Camel bank rating system (capital, asset quality, management, earnings, and liability management) a plural – Camels, with "s" standing for the sensitivity of a bank's earnings and economic value to interest rate changes. Today, ALM models are an integral part of all asset-liability management committees' monthly processes, and these dynamic projections of interest rate risk exposure are disclosed as part of annual SEC-required reporting. Will the same occur for stress-testing and CCAR processes?
While there is nothing new regarding the concepts that underpin the CCAR requirements, existing risk and finance systems are agonizingly ill suited to handling the dramatically more rigorous requirements. This is true across three levels of need: 1) data and data management, 2) analytical models and methods, and 3) comprehensive internal and external reporting requirements.
The Federal Reserve's FRY-14 schedules provide a starting point glimpse for the rigor with which the supervisory agencies are approaching the new statutory mandates. These quarterly submissions provide much of the data necessary to comprehensively assess current-position credit loss, net interest income, noninterest income and expense, regulatory and economic capital, as well as the bank's CCAR results.
Existing treasury and finance systems are not designed to properly use this required data. In fact, most data stores remain inconsistent with the new standards. Elsewhere, most budgeting and planning systems – which are used in an extensive CCAR process to populate baseline new business volumes, noninterest income, noninterest expense, and various forecasts for credit losses – are not conditioned on adverse and other stress scenarios. Nor are they designed to forecast the credit quality of expected asset production, and associated funding. Treasury risk systems, likewise, were not designed to rigorously handle credit risk, both existing and planned. They were built with interest rate risk in mind.
As a result, many banks struggle to link siloed "specialized" risk and finance processes together, at the data level and beyond. One industry practitioner has called existing systems and processes "a duct tape and baling wire approach." Nonetheless, professional financial managers understand the potential value in a data store that can persist, slice and dice, and use this improved, comprehensive data.
Without the proper reference default and recovery data, it is impossible to accurately calibrate a credit model. Most existing solutions simply provide a framework to take credit loss parameters "as inputs." This is insufficient. To achieve harmony with front-office credit teams (who manage relationships, underwriting, and pricing), asset models must properly accommodate and calibrate a firm's unique credit characteristics. Furthermore, these risk measures must be consistent with the macro- and microeconomic scenarios that a firm's decision makers or regulators may want to explore. These asset models should also provide accurate interest income and noninterest income values. It is important to keep in mind that the supervisory-mandated scenarios are likely to become a benchmark minimum requirement. Certain mandated scenarios may not be meaningful to a bank, requiring instead more tailored idiosyncratic scenarios that are aligned with management's understanding of the firm's true risk profile, concentrations, and sensitivities. This is especially true for regional and community banks, or banks in unique geographic locations (think Hawaii). In these cases, more appropriate idiosyncratic stresses are needed.
As firms begin tackling these analytical challenges, sparse data sets, modeling capabilities, and internal risk assessment processes are being challenged. Resources that are able to integrate risk measures conditioned on economic scenarios are not always readily available, and the process reengineering requirements can be opaque. Understanding industry best practice and regulatory drivers becomes critical at an early design stage.
To be useful, a solution that seeks to improve the efficiency and rigor of existing stress-testing processes must start with the goal in mind: usefulness for management. If the end result of the CCAR exercise is merely a stack of paperwork, the supervisory agencies will have failed. This is not the supervisory expectation nor is it the widely expected outcome.
To properly calculate a firm's forward-looking capital needs, and ensure the process meets the "use test," it is often the case that the analytics and software are often developed and implemented in rigorous, bottom-up manner (with exceptions for certain retail portfolios, though not mortgages). One look at the agencies' data reporting requirements will remove all doubt about the rigor that is expected of banks over $10 billion in assets.
While submitting the annual FRY-14 schedules is a challenge, if it is designed from the bottom up, and with thoughtful linking to production risk and finance systems, a bank can dramatically improve operational efficiency. The goal should be to operate at a tempo that allows professional staff to create, at minimum, quarterly bespoke stress-testing results. With the right process and solution design, calculated results can be made far more efficient such that risk managers spend less time on the "build" and more time on the "analysis". Good design, from the data, analytic and reporting layer, can even improve this further such that a monthly production cycle is attainable. Once this is accomplished, the days of black-box banking may come to an end.
The growth pains the industry is experiencing shouldn't come as a surprise. The CCAR, Basel III and enhanced liquidity risk management expectations are hard to address with "trifurcated" business processes.
To break the black box and provide needed transparency, it is necessary to understand position risk – current and planned – at a granular level. The analytical methods, to be useful, must result in actionable business intelligence. To be actionable, the methods and processes must be accurate, auditable, and transparent. With a well-planned design and strategy, stress-testing is not "baloney," but steak and potatoes.
Done right, CCAR will motivate a Renaissance in enterprise risk assessment and reduce the fragility of current position risk and bank operations, while also allowing for meaningful experiments around potential future stressed exposures. This capability, when rolled up at the system level, may be helpful – in time – at assessing systemic risk, risk interconnections, and the overall safety and soundness one of the most complex systems on Earth: the U.S. financial services industry.
Thomas Day is a senior director at Moody's Analytics.