After completing this reading, you should be able to:
- Describe the key elements of effective governance over stress testing.
- Describe the responsibilities of the board of directors and senior management in stress testing activities.
- Identify elements of clear and comprehensive policies, procedures, and documentation on stress testing.
- Identify areas of validation and independent review of stress tests that require attention from a governance perspective.
- Describe the important role of the internal audit in stress testing governance and control.
- Identify key aspects of stress testing governance, including stress-testing coverage, stress-testing types and approaches, and capital and liquidity stress testing.
Key Elements of Effective Governance
Stress testing is a broad term used to describe a firm’s examination of its risks and the potential impact of stressful events on its financial condition. Stress testing seeks to lay bare all the financial circumstances a firm may find itself in. It helps to understand the range of potential risk exposures.
The importance of stress testing was highlighted in post-analysis of the 2007/2008 financial crises. At many firms, stress testing was insufficiently integrated into their risk management practices. The few that had shown more commitment to stress testing did not examine sufficiently severe scenarios, and test results had little or no consideration in decision making.
Most importantly, the crisis brought to the fore the key role of governance in stress testing. In summary, the following points stand out:
- Stress testing is the ultimate responsibility of the management body of an institution. The buck stops with senior management and the board of directors. The management should have an in-depth understanding of the institution’s risk profile and the potential impact of stress events.
- The stress testing programme should be guided by clear, well-detailed policies that outline the procedure to follow from start to finish, as well as describing the role played by various employees.
- There should be consistent documentation of stress testing results and methodologies
- There should be an independent review of, not just the testing procedure but also the results of the programme.
The ensuing learning outcomes seek to break down these key elements even further.
Responsibilities of The Board of Directors and Senior Management in Stress Testing Activities
For effective operation of stress testing, the board of directors and senior management should have distinct responsibilities. What’s more, there should be some shared responsibilities, although a few roles can be set aside exclusively for one of the two groups.
Responsibilities of the Board of Directors
- The buck stops with the board: The board of directors is “ultimately” responsible for a firm’s stress tests. Even if board members don’t immerse themselves into the technical details of stress tests, they should ensure that they stay sufficiently knowledgeable about stress testing procedures and interpretation of results.
- Continuous involvement: Board members should regularly receive summary information on stress tests, including results from every scenario. Members should then evaluate these results to ensure they take into account the firm’s risk appetite and overall strategy.
- Continuous review: Board members should regularly review stress testing reports with a view to not just critic key assumptions but also supplement the information with their own views that better reflect the overall goals of the firm.
- Integrating stress testing results into decision making: The board should make key decisions on investment, capital, and liquidity based on stress test results along with other information. While doing this, the board should proceed with a certain level of caution in cognizance of the fact that stress tests are subject to assumptions and a host of limitations.
- Formulating stress-testing guidelines: It’s the responsibility of the board to come up with guidelines on stress testing, such as the risk tolerance level (risk appetite).
Responsibilities of Senior Management
- Implementation oversight: Senior management has the mandate to ensure that stress testing guidelines authorized by the board are implemented to the letter. This involves establishing policies and procedures that help to implement the board’s guidelines.
- Regularly reporting to the board: Senior management should keep the board up-to-date on all matters to do with stress testing, including test designs, emerging issues, and compliance with stress-testing policies.
- Coordinating and Integrating stress testing across the firm: Members of senior management have the responsibility to propagate widespread knowledge on stress tests across the firm, making sure that all departments understand its importance.
- Identifying grey areas: Senior management should seek to identify inconsistencies, contradictions, and possible gaps in stress tests with a view to making improvements to the whole process.
- Ensuring stress tests have a sufficient range: In consultations with the board of directors, senior management has to ensure that stress testing activities are sufficiently severe to gauge the firm’s preparation for all possible scenarios, including low-frequency high-impact events.
- Using stress tests to assess the effectiveness of risk mitigation strategies: Stress tests should help the management to assess just how effective risk mitigation strategies are. If such strategies are effective, significantly severe events will not cause significant financial strain. If the tests predict significant financial turmoil, it could be that the hedging strategies adopted are ineffective.
- Updating stress tests to reflect emerging risks: As time goes, an institution will gradually gain exposure to new risks, either as a result of market-wide trends or its own investment activities. It’s the responsibility of senior management to develop new stress-testing techniques that reflect the institution’s new risk profile.
Policies, Procedures, and Documentations on Stress Testing
Stress testing policies and procedures should:
- Describe the overall goals of stress-testing activities
- Outline stress-testing practices articulately and in a manner that ensures the tests are sufficiently severe
- Outline the roles and responsibilities of everyone across the firm, particularly the management body (board of directors and senior management).
- Provide guidance on validation and independent review
- Specify the frequency of stress-testing activities
- Provide guidance on the process followed while choosing the appropriately stressful conditions for tests
- Outline how stress-testing results are put to use and by whom
- Be regularly updated in line with changes in the risk exposure of the firm
Documentation
A firm should ensure that its stress-testing activities are well documented, including clear and precise details about key assumptions, methodologies, limitations, uncertainties, and test results. Documentation has several advantages:
- It gives management the chance to identify trends in risk exposures
- It promotes transparency by allowing third parties to scrutinize an institution’s stress-testing practices and even compare firms
- It provides for continuity of stress tests even in the face of significant changes in management. The new leadership easily “learns the ropes.”
- It helps stress test developers to further improve the process by forcing them to think clearly about their methods, assumptions, and choices.
Areas of Validation and Independent Review for Stress Tests That Require Attention from a Governance Perspective
Validation and independent review of stress-testing activities help to ensure integrity in the process as a whole. Independent review of these activities is meant to give assurance that stress tests are conducted in accordance with laid down policies and procedures, and that results are used to advance the firm’s financial stability.
Areas of Validation and Independent Review for Stress Tests That Require Attention from a Governance Perspective include:
- Ensuring that validation and independent review are conducted on an ongoing basis;
- Ensuring that subjective or qualitative aspects of a stress test are also validated and reviewed, even if they cannot be tested in quantitative terms;
- Acknowledging limitations in stress testing;
- Ensuring that stress-testing standards are upheld;
- Acknowledging data weaknesses or limitations, if any;
- Ensuring that there’s sufficient independence in both validation and review of stress tests;
- Ensuring that third-party models used in stress-testing activities are validated and reviewed to determine if they are fit for the purpose at hand;
- Ensuring that stress tests results are implemented in a rigorous manner, and verifying that any departure from the recommended actions is backed up by solid reasons;
Role of the Internal Audit In Stress Testing Governance and Control
Internal audit should:
- Independently evaluate the performance, integrity, and reliability of stress-testing activities;
- Ensure that stress tests across the organization are conducted in a sound manner and remain current in terms of the scenarios tested;
- Assess the skills and expertise of the staff involved in stress-testing activities;
- Check that approved changes to stress-testing policies and procedures are implemented and appropriately documented;
- Evaluate the independent review and validation exercises;
To accomplish all the above, internal audit staff must be well qualified. They should be well-grounded in stress-testing techniques and technical expertise so as to be able to differentiate between good and inappropriate practices.
Key Aspects of Stress-testing Governance: Stress-testing Coverage, Stress-testing Types and Approaches, and Capital and Liquidity Stress-testing
Stress-testing Coverage
- It’s important to include all risks, liabilities, and business lines in stress-testing activities. If some areas of the business are left out, stress-testing can give false hopes, making a firm believe it’s safe while in the real sense it’s not.
- Stress tests should be conducted over a range of time horizons to capture both short-term and long-term risks.
- Stress tests should capture the interrelationships between various risks and business lines. There should be efforts to single out risk drivers that feature prominently throughout the organization.
- Stress tests should be carried out at the portfolio level, department level, and even for the enterprise as a whole.
Stress-testing Types and Approaches
- During scenario analysis, the scenario tested should be in line with the direction and long-term strategy set by the board of directors. The range of scenarios should be wide to incorporate sufficiently severe outcomes, including those that have the potential to challenge the firm as a going concern.
- While stress-testing at departmental levels cares should be made to make similar assumptions across the board to ensure the reliability and relevance of enterprise-wide, aggregated results.
- Scenarios tested should be comprised of both specific and systematic risks. Also, there’s need to stress-test hypothetical scenarios – those that have a positive probability of occurrence, even if similar events have never been observed in the past.
Capital and Liquidity Stress-testing
- When stress-testing for capital and liquidity adequacy, the firm’s overall strategy and annual planning cycle should be taken into account. Results should be refreshed in light of emerging strategic decisions that have the potential to affect the financial stability of the firm significantly.
- Stress tests for capital and liquidity accuracy should seek to reveal how cash flows – both income and expenses – would be affected, especially in an environment where multiple risks materialize simultaneously.
- For entities with subsidiaries, tests should assess the likelihood of individual subsidiaries facing capital/liquidity crises on their own, regardless of the financial stability of the parent company.
- Stress tests should simulate the effects of capital problems and illiquidity pressures happening at the same time. Also, there should be efforts to show if one of these problems can exacerbate the other.
- Stress tests should help the firm to come up with contingency plans to deal with crippling capital/liquidity problems. The tests should also make clear the specific steps that could be taken, as well as those that cannot be taken in the face of the aforementioned problems.
Questions
Question 1
Sarah Wayne, FRM, works at Capital Bank, based in U.S. The bank owns a portfolio of corporate bonds and also has significant equity stakes in several medium-size companies across the United States. She was recently requested to head a risk management department subcommittee tasked with stress testing. The aim is to establish how well prepared the bank is for destabilizing events. Which of the following scenario analysis options would be best for the purpose at hand?
- Hypothetical scenario analysis
- Historical scenario analysis
- Forward-looking hypothetical scenario analysis and historical scenario analysis
- Cannot tell based on the given information
The correct answer is C.
Scenario analyses should be dynamic and forward-looking. This implies that historical scenario analysis and forward-looking hypothetical scenario analysis should be combined. Pure historical scenarios can give valuable insights into impact but can underestimate the confluence of events that are yet to occur. What’s more, historical scenario analyses are backward-looking and hence neglect recent developments (risk exposures) and current vulnerabilities of an institution. As such, scenario design should take into account both specific and systematic changes in the present and near future.
Question 2
Senior management should be responsible for which of the following tasks?
- Ensuring that stress testing policies and procedures are followed to the letter
- Assessing the skills and expertise of the staff involved in stress-testing activities
- Evaluating the independent review and validation exercises
- Making key decisions on investment, capital, and liquidity based on stress test results along with any other information available.
- Propagating widespread knowledge on stress tests across the firm, and making sure that all departments understand its importance
- I, II, and IV
- I and V
- III and IV
- V only
The correct answer is B.
Roles II and III belong to internal audit. Role IV belongs to the board of directors.