With the publication of the final rules under Section 165(i) of the Dodd-Frank Act, stress testing as a required risk management tool has arrived to a wide swath of financial institutions.
Although requirements may continue to evolve, one thing is clear: Stress testing affects how a firm operates and manages its business. In the short term, the regulation will challenge banks and other financial institutions across multiple dimensions as they race to implement a sound stress testing program consistent with the new requirements.
The specifics of each stress testing program are unique, but the set of enterprise-level imperatives are similar: robust infrastructure and well-organized resources and processes. Designing a comprehensive stress testing program can significantly reduce cost of implementation, make results more organizationally meaningful and ease translation of results into a bank's risk appetite statement and capital planning process.
The new guidelines are imposing a formal and defined stress testing program that crosses traditional organizational lines. Many banks are in the formative stages of identifying hiring needs and creating dedicated stress testing teams that often reside within risk management, finance and treasury departments or exist as separate, enterprise-level committees. Effective procurement is also important as many banks will rely on consulting partners, software vendors and third-party model and data providers to create a firm-specific solution.
Through creation of the stress testing program, firms are inevitably introduced to philosophies and methodologies that challenge business-as-usual operations. A more forward-looking step for nascent firms is developing and implementing guidelines for aligning results to performance.
Hence, a stress testing program should be designed to ensure institutional awareness and provide training and effective education for board members, senior management and other relevant personnel. This need is heightened by the regulatory guidance on model risk management requiring an "effective challenge" of the results and underlying models. There is an expectation that board members and senior management are knowledgeable about stress testing practices in general and, in particular, the stress testing results at their respective banks.
Operational elements in executing a stress testing program include:
Data management: Regulators are requiring greater granularity in a specified format and frequency that necessitates well-designed, comprehensive and integrated databases.
Scenario definition: Translations of regulatory scenarios into more customized scenarios that include nuanced and regionalized variables will accurately reflect the institution's primary operational activities and risk profile.
Modeling precision: Firms will need to ensure models are identified and properly maintained for each major asset class in their portfolio. These models are subject to the same model risk management framework as others used by the banks with sound governance, controls and policies, regardless of whether these are internally developed or third-party vended models. For many banks, regulatory expectations related to model development and maintenance will far exceed current practice.
Aggregation: Compiling data into a regulatory reporting format, as well as internal risk reporting requires significant upfront infrastructure design and cross-organizational processes. This is one of the top concerns cited by institutions for the 2013 reporting cycle and beyond. Much of the aggregation is currently manual, exposing firms to risk of costly errors. We expect significant investment in automation and integration of stress testing results.
Stress testing is now a regulatory mandate with operational and strategic implications and, therefore, cannot be a check-the-box exercise. Banks are now beginning to incorporate stress testing into capital planning, budgeting and risk control practices. Proper planning now is critical to create a program that is flexible and capable of evolving with regulatory changes and management needs (e.g. Basel III implementation in the U.S.). This platform will need to be enterprise-level to ensure consistency in the application of economic scenarios, model use and reporting.
One of the greatest challenges presented by the regulatory mandate is timing: For mid-tier banks ($10 billion to $50 billion in assets), the first submission will take place in the fall of 2013. This timetable necessitates having a program in place by summer of 2013 to allow for testing and validation prior to release of the supervisory scenarios in November.
In turn, this means that program design and identification of gaps must be near completion by early spring of 2013 to allow time for implementation and model development. Hence, the time is now to think about developing or refining a stress testing program.
Gus Harris is executive director for Moody's Analytics Stress Testing Solutions and Structured Analytics and Valuations groups. Anna Krayn is an associate director for Moody's Analytics Stress Testing Solutions and Enterprise Risk Solutions advisory services.