As more and more banks are subject to Dodd-Frank Act stress-testing (DFAST) requirements and as medium-size banks are disclosing their DFAST results publicly for the first time, valuable lessons can be learned from the first few years of stress testing and reporting in both large and medium-size institutions.
Evolving Regulatory Stress-Testing and Disclosure Requirements
Large banks (those with more than $50 billion in assets) have been subject to stress testing for several years as part of the Federal Reserve’s (Fed) Comprehensive Capital Analysis and Review (CCAR) process. The goal of the testing was to provide a look into the future under adverse and severely adverse conditions to identify vulnerabilities that could pose a systemic threat to individual institutions and the overall financial system.
Beginning in 2013, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) extended the mandate for stress testing to include medium-size institutions ($10 billion to $50 billion in assets). Summer 2015 marks the first time those institutions have been required to publicly disclose some of their testing results – specifically, their performance under the Fed’s severely adverse scenarios.
Although medium-size and regional institutions are the only ones directly affected by these reporting requirements now, they could be joined by a number of community banks currently near the $10 billion threshold. One or two acquisitions or even significant organic growth could elevate these institutions into the tier of banks that must publicly report the results of Dodd-Frank mandated stress testing, which is one reason many banks in this size range are running practice stress-testing exercises. In addition, it is widely expected that DFAST requirements eventually will be extended to community banks.
For large, medium-, and near-medium-size institutions, therefore, a review of the past few years of stress-testing and summary reporting experiences can provide insights into how to manage DFAST compliance more efficiently and predictably. Even more important, these experiences can suggest opportunities to advance stress testing as a business decision tool, not just a compliance chore. In so doing, banks could gain additional management and business value from the process.
Relying on Heroic EffortsThe stress-testing requirements for medium-size banks are not as rigorous as those imposed on the largest banks. Medium-size banks also have more flexibility in the way they choose to format and report their public summaries of testing results. Although this could be expected to ease the compliance burden somewhat, in fact the less specific requirements might have generated additional confusion among reporting institutions.
For example, in a recent webinar for bank executives hosted by Crowe, participants were asked to characterize their stress-testing experiences. About one-fifth (21 percent) of the webinar participants had not yet completed a round of stress testing. After those responses were eliminated, only about a third (32 percent) of those who had actually completed at least one round of stress testing said the process had gone about as expected and that they were on target with their original road maps. Ten percent said the experience had been far more challenging than expected, and another 26 percent said they encountered other problems aligning the effort with the original road maps. (See sidebar.)
These findings are consistent with other industry observations. Assembling the stress-testing team, organizing and assessing the necessary data and forecasts, developing and testing the necessary models, and implementing the necessary governance and management processes often require a heroic effort at the outset. Once the process begins, more extraordinary effort is required as the team analyzes the more than two dozen macroeconomic variables spelled out by the regulators, taking into account how the potential variables can be applied to its credit and balance models and used to analyze its stressed capital.
As admirable as heroic efforts by the stress-testing teams are, however, regulators – as well as shareholders and other interested parties – expect banks not to depend on heroes to stay in compliance. Ultimately, the operational elements of stress testing should be integrated into the bank’s ongoing production and business processes. To do that requires learning from past experiences.
Expecting the UnexpectedAs DFAST stress-testing and reporting requirements expanded, some unforeseen challenges arose. As noted, some of those challenges stemmed from the less specific public reporting requirements imposed on medium-size institutions, leaving those banks to develop their own methods for demonstrating their simulations’ results.
In addition, as stress-testing requirements expanded to medium-size banks, regulators deployed a number of examiners whose experience had involved only large, national institutions. When the examiners applied the more rigorous CCAR examination standards they were accustomed to using, some medium-size banks encountered compliance challenges.
Such complications were reflected in the survey responses from the Crowe stress-testing webinar mentioned earlier. For example, when participants were asked about their recent examination and regulatory experiences, slightly more than half (54 percent) said they had been part of a stress-testing review. Of that group, more than a quarter (26 percent) characterized their experiences as “not what we expected, far more detailed.”
There also have been reports of inconsistencies in the way examiners communicated their expectations to banks. For example, banks in one region of the country typically were told in advance what specific data the examiners would want to review, while banks in another region were informed only of the date and time that examiners would arrive. There also have been complaints of excessive documentation requirements and technical problems with the website used for uploading stress-testing results.
The lesson for banks is to be ready, responsive, and nimble. No one can predict precisely how the examination process will play out.
Internal ChallengesIn addition to unexpected external issues, banks should anticipate internal challenges in carrying out the stress-testing process. The list of potential issues is long and will vary with each institution, but some topics are of persistent concern and merit particular attention by banks subject to stress-testing requirements:
- Data issues. The data used in stress testing must be reliable, complete, and suitable. Underlying changes in asset and risk mix often are masked in the historical data.
- Modeling and model risk management. When asked which examination areas surprised them, 39 percent of participants in the Crowe webinar pointed to model risk development and validation. The process of designing, testing, and integrating models requires extensive resources, and special modeling considerations are needed for certain portfolios. Regardless of the number of models used, full documentation and independent model validation are required for all models.
- Capital ratios. The phase-in of the Basel III framework will strengthen bank capital and liquidity requirements, but it also significantly complicates capital ratio calculations. The preparation of benchmark and comparative data for use in stress testing is also greatly complicated by Basel III.
- Allowance for loan and lease losses (ALLL). ALLL calculations for financial reporting purposes reflect adjustments from many interested parties, such as auditors, examiners, shareholders, and management. But for stress-testing purposes, the ALLL calculations must produce a forward-looking forecast that does not include those adjustments. The adoption of the current expected credit loss (CECL) model eventually will help align ALLL with DFAST requirements.
- Internal audit. The stress-testing team should include an internal audit representative. It also is important to be sure that there are resources with adequate technical depth to support planning and completing the entire internal audit process.
- Final aggregation or assembly. The final forecast assembly and review stages are consistently challenging to institutions. Centralized collection of data, models, and forecast adjustments can streamline the effort, and a clearly defined and automated process for compiling and aggregating all information will help produce consistent outputs.
Preparing for the Next Round
In addition to addressing ongoing concerns, such as cleaning up data, tightening controls, and addressing various qualitative risk and governance issues, banks should be aware of several specific issues that will be associated with the next few years’ stress-testing regimens. For example, at a technical level, the phase-in of Basel III and the adoption of the CECL model directly will affect stress-testing scenarios for some time to come.
Another obvious difference in the coming years will be a shift in the dates of the stress-testing cycle. Beginning in 2016, large banks will be required to complete their stress-testing submissions by April 7 rather than Jan. 5. This three-month extension will relieve big banks of the need to complete the process at the same time that they are meeting other year-end obligations.
Medium-size institutions’ stress-testing schedules will shift by about four months in 2016, with submissions due July 31 and public disclosures due during the latter half of October. These schedules will be somewhat easier for banks to accommodate and will allow regulators more time to investigate and explore banks’ progress.
Beyond such immediate specifics, the past few years of stress-testing experience can provide some general strategic and tactical lessons for how to manage the process. For example, stress-testing teams should become well acquainted with their Fed liaison so they know how to get in touch in the event of technical issues, such as problems with uploading information to the Fed’s website. It is important to establish and actively maintain this relationship.
At a more general level, other important contributors to a successful program include a bank’s willingness and ability to be specific and detailed in laying out a plan for compliance and a bank’s commitment to always deliver on its promises. Such efforts are necessary to build confidence with the internal teams as well as with examiners and other external reviewers who will monitor and audit any proposed remediation.
Bear in mind that model development and stress-testing activities ultimately are intended to provide value beyond compliance alone. Institutions are expected to provide summary information on how they will use stress testing in the normal course of business, including for capital planning, assessing capital adequacy, building capital contingency plans, and maintaining risk management.
When these processes are performed effectively, developing and implementing stress testing and reporting the results can become more than merely an annual compliance task and can provide genuine business value to the institution.
Bank Executives Talk About Their DFAST Experiences
In late June 2015, a group of approximately 300 bank executives and other participants attended an online webinar on Dodd-Frank Act stress testing (DFAST) hosted by Crowe. During the presentation, participants were asked about their DFAST experiences and their expectations for future requirements. Following are some of their responses.
How have your stress-testing efforts met your expectations and road map?
How have your examination and regulatory experiences been?
What areas of exam emphasis surprised you?
Based on feedback received and your bank’s current stress-testing investment, how much do you plan on changing next year?