Risk Management Practices
Extracting Value from Stress Testing
Sanjiv Talwar, Principal,
Financial Risk Group
Stuart Turnbull, Director,
Glen Lyon Risk Management & Professor Emeritus, University of Houston
Foreword by: Brian O’Donnell, Co-founder & Chief Data Officer, iisaac
Stress testing and scenario analysis can be an invaluable tool for risk practitioners, senior executives and board members of Financial Institutions. In the article that follows, Sanjiv Talwar and Stuart Turnbull explore strategies for extracting value from stress testing. It is an interesting perspective for many, who may have come to see stress testing as an arduous regulatory requirement. While regulatory requirements, such as the DFAST (Dodd- Frank Act Stress Tests) and CCAR (Comprehensive Capital Analysis and Review), have indeed become extremely detailed and time consuming processes, they need not become merely a regulatory tick the box exercise. As Mr. Talwar and Mr. Turnbull highlight, stress testing and scenario analysis provide invaluable insights for both the management of risk and the development of core business strategies.
This paper explores how firms can benefit by exploring stress testing to examine a wide array of issues. Going beyond regulatory stress testing requirements, firms can leverage their significant investment in building out a stress testing framework and technology environment in order to:
- Assess strategic options: Stress testing and scenario analysis are helpful in analyzing various strategic options, and particularly their impacts on earnings volatility and capital levels during recessionary periods in the future.
- Explore the implications of Key Strategic Risks: As the firm engages in strategic and risk appetite discussions, stress modeling can be used to help quantify emerging risks, not as predictions but rather as a means of sizing up less predictable risks, which are subject to significant unknown impacts and risks uncertainties.
- Assessing complex operational risks, such as cyber threats and the implications of emerging disruptive technologies: Complex operational risks require specific, technical expertise to assess and manage, and such expertise should be augmented with scenario analysis to help size up the natures of this risk and the range of possible outcomes and impacts.
Risk practitioners will find a robust stress testing capability invaluable in assessing various tail risks and in helping to recommend mitigation strategies. Senior Executives will find stress testing and scenario analysis invaluable in assessing strategic alternatives and potential investments.
Additionally, Mr. Talwar and Mr. Turnbull explore the value of stress testing to senior executives, board members and probably most particularly to the Risk Management Committee. For board members, stress testing can provide strong insights to longer term risks.
Stress testing and scenario analysis has become a fundamental tool for risk and overall business management. This paper examines how risk practitioners, senior executives and board members can take this practice beyond simply meeting regulatory requirements, and towards gaining critical insights in helping to lead and manage the firm more effectively.
Supervisory stress testing has become a regulatory requirement for financial institutions in most developed jurisdictions since the Global Financial Crisis. Regulators describe a set of conditions, both macro-economic and firm specific, that will impact the firm over a specified horizon. When done well, stress testing, or more aptly referred to as scenario analysis, provides an assessment of the proforma financial statements that would result from adverse economic scenarios. We will explain that all firms, financial and non-financial, can benefit from employing scenario analysis to address a wide array of issues.
In the US, the Dodd-Frank Act mandates stress testing which is referred to by regulators as the Dodd-Frank Act Stress Test (DFAST). DFAST has become a valuable tool for evaluating whether financial firms are holding sufficient capital and the dispersion of capital levels under the different scenarios. This process is comprised of four main steps.
- Firms must provide the Federal Reserve with standardized data on their securities holdings, trading positions, counterparty exposures, revenues and balance sheets.
- The Federal Reserve specifies macro-economic and financial market scenarios. These scenarios involve different degrees of adversity and duration.
- The Federal Reserve inputs the data from the firms into its own models to estimate for each scenario, over a nine-quarter planning horizon, revenues, losses and
- The results from the exercise are disclosed to the public.
While DFAST is useful, it does not set any capital limits or restrain capital actions (paying dividends or buying back shares). These functions are described in the Comprehensive Capital Analysis and Review (CCAR), where the Federal Reserve assesses the overall capital adequacy of the firms. In particular it assesses whether:
- A firm has sufficient capital during the different scenarios,
- The firm’s capital planning processes are appropriate,
- The firm’s risk management processes are capable of addressing the array of issues that arise in the different scenarios,
- The firm’s planned dividend and share repurchases impact its ability to remain a viable financial firm.
Compliance with the regulatory requirements impose significant costs upon firms along many dimensions:
- Collection of data and standardization of formats.
- The demands on the IT structure within the bank arising from legacy systems.
- The ability to model the different portfolios within a business and across the bank. This raises the challenging issue of modeling the correlations of revenue and loss drivers across the businesses. Given the need for modeling different macroeconomic environments, this requires an emphasis on understanding the factors that affect the risk drivers.
- Managerial ability to comply with the increased regulatory requirements. This requires the ability to meet the demands of regulators on a timely basis. It also requires the ability to understand the analysis and to convey the implications to senior management and the firm’s board of directors.
The increase in regulatory compliance comes at a cost. In a recent survey of global and domestic systemically important banks, 25 percent estimated their annual spending on regulatory stress testing exceeds over $100 million USD, with more than half of the banks taking three or more months to complete end-to-end stress testing. However more than half of the banks found that stress testing could help with business planning, budgeting and assessing the risk/return profile. In this paper, we explain how the methodologies underlying the required stress testing can be used to enhance analysis of a wide array of issues facing banks and corporations in general.
It should be noted, though not discussed here in depth, that the management of data collection and reconciliation represents one of the major costs to banks in stress testing. Product and customer data must be accessed across different businesses and geographic locations. Often these businesses collect different types of data and employ different formats. Consequently, different businesses within the bank will have different protocols designed to meet their particular needs. The different IT systems and silo mentality that often exists within a bank, reinforces the desire to maintain different formats and protocols. However, regulatory requirements impose the need for standardization, thereby forcing management to introduce some level of standardization. Introducing this standardization is costly as it involves having to rewrite protocols, change business culture and negotiating compromises across different businesses. The changes often must be implemented retrospectively in order to allow meaningful quantitative analysis.
The increased volume and complexity of regulation places great demands on senior management, risk managers and the board of directors. The demands span two different areas.
- The bank must thoroughly understand the complex regulatory requirements in order to ensure compliance is achieved and maintained.
- The bank must successfully undertake the regulatory tests as well as interpret the results. It must also demonstrate that it has effectively challenged extant methodologies.
The platforms designed to comply with regulatory requirements provide management with a set of tools to address some of the challenges facing businesses. In this paper, we show how it is possible to extract value from the different platforms in order to improve decision making abilities.
 See Daniel K. Tarullo, “Next Steps in the Evolution of Stress Testing”, Board of Governors of the Federal Reserve System, (September 26, 2016).
 KPMG International, "Stress Test: A Benchmark Analysis of Systemically Important Financial Institutions," www.kpmg.com, (2016).
 See KPMG 2016.
Download the full report: