In a response to the recent financial crisis, regulators have imposed stress-testing requirements in order to emphasize the importance of adequate capital and financial resilience. A stress test is applied to the balance sheet in order to measure a bank’s capital level, and ultimately the bank’s ability to adapt to financial pressures and survive economic shocks. Though initially the stress tests were implemented only in large financial institutions, the Dodd-Frank Act Stress Test rule has expanded the requirements to include regulator supervision over stress testing of banks with as little as $10 million in assets. Regardless of bank size, stress tests can be a valuable strategic tool to any financial services company.
The report Stress Testing: A View from the Trenches, authored by the Global Association of Risk Professionals (GARP) and SAS Institute (see link to full article below), highlights how the financial industry is moving towards greater maturity. However, despite this growth, the report reveals that many institutions have self-reported deficiencies in technology and communication. This abstract summarizes some of the key points in the GARP research report.
Administered by GARP and SAS, a survey was conducted in May and June 2015. A total of 389 respondents, comprised of risk professionals, reflected on their respective institution’s level of maturity in their stress test processes and procedures. A majority of the respondents came from commercial banks, but other respondents represented retail banks, investment banks, asset managers, and other diversified financial institutions.
The survey asked about various aspects of the stress test process; specifically, the respondents were asked to comment on data governance, modeling, scenario management, and reporting. The respondent organizations were then placed into four categories based on their responses: highly mature, mature, immature, and highly immature. There are certain characteristics known to belong to highly mature and experienced organizations. These organizations are likely to have a risk model that aligns well with that of their regulators. For example, those with a higher level of resources or attentive management in regards to the stress test process are thought to be higher along the maturity curve. Those that are less ahead on the maturity curve could use these characteristics as a “best practices” framework for developing their own stress testing procedures.
The survey shows that financial institutions are taking what they learn from stress tests and using this information as a tool to improve their responses to financial pressures. This learning tool has allowed them to improve their business in areas such as data management, modeling and scenario management, all of which are considered to be the “foundational requirements” for an effective set of stress test procedures.
However, as in any self-assessment, the respondents did identify a few weaknesses in their current approaches to stress testing. Regardless of institution size, the common weakness reported relates to technology. Many respondents reported that their existing technology was consistently lower in quality in comparison to the capabilities/expertise of their people. As time passes and regulators increase the their demands for highly detailed stress tests, institutions will need to make additional investments in technology to not only meet the needs of the stress test, but also to provide additional transparency and comfort to their regulators.
Perceptions of Practitioners and Managers
Respondents to the survey were comprised of risk practitioners (53%) and senior management (47%). Risk practitioners are those who work directly on stress testing, while senior management oversees the processes. More often than not, senior executives tend to report more positive or favorable responses than do those actually carrying out the daily functions. However, the report showed that senior management tended to be the more conservative and realistic responders. For example, 62% of practitioners said that their data management expertise was adequate or strong, while only 49% of managers reported adequate or strong data management expertise. Additionally, 58% of practitioners noted their data quality was mature or highly mature, while only 50% of managers reported the same.
Transparency for Regulators
The reason mature organizations are described as such is because they have a better understanding of what regulators are asking for in the stress testing requirements. Regulators often provide valuable information before, during, and after a stress test. Organizations can then take this feedback from regulators to turn it into meaningful results and improve their overall performance. A little over three-quarters (77%) of respondents have made changes to their strategies, risk appetites and risk limits due to feedback from stress test results. Moreover, those who have had more experience with stress testing report that they are able to seamlessly use the regulatory inputs to restructure the stress testing processes.
Stress Tests Affect Strategy
To complete a stress test is an investment of an organization’s money, time and resources. In order to ensure that this investment is worth the effort, an institution can effectively turn the stress test results into a long-term growth strategy. Even in incremental changes, a firm can directionally change the company. The survey indicates that 21% of respondents indicated a change in risk appetite. By limiting risk appetite, a company can successfully avoid potentially harmful events. These changes in the way management thinks and operates can, in turn, change the operational and competitive strategy. Of course, highly mature firms were able to make the most significant changes, due to their ability to understand the regulator’s need for better reporting, as indicated previously.
A Move Towards Maturity
As previously noted, there are characteristics that belong to highly mature organizations. Some of these characteristics are:
- Appropriate level of management attention
- Comprehensive, centralized libraries of risk factors and scenarios
- Unified data repository that allows for full integration and reconciliation
- Risk models closely aligned with those of regulators
- High levels of granularity supported by model
These characteristics help set highly mature firms apart from the rest. With the standards and requirements of stress testing becoming more rigorous, it is especially vital for immature financial institutions to understand and evaluate investments that need to be made in order to improve their processes. As previously mentioned, a lack of a strong technology base within the four components should prompt companies to make the necessary changes with the organization.
Stress tests have proven to be more than just a compliance activity for organizations; similar to enterprise risk management, stress tests are now being seen as a strategic advantage for some institutions. To better assist the implementation of a stress test, companies should make an active effort to break out of the legacy of a silo-based risk management approach in order to allow all pieces of an organization to communicate better about the stress test results. Making the stress test an enterprise-wide effort will make both internal and external communications to regulators more meaningful.
Subscribe to ERM Insights
The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.