Transitioning to IRB: The challenges and benefits
Overcoming the costs and challenges of IRB implementation
How to manage the impact of the PRA’s new stress testing principles
19 October 2018
New Prudential Regulation Authority (PRA) guidelines are urging lenders to re-evaluate their stress testing frameworks to help prevent another financial crisis. In this latest blog, Sonia Caverzan, our Head of Stress Testing, explores how best practice can not only meet new regulations, but can also be used to benefit banks and building societies.
What called for tighter guidelines?
The PRA’s new proposals follow a series of critical papers published by the Bank of England (BoE) in response to the 2008 financial crisis. In the Concurrent Stress Test results published in the last few years, the PRA have called out in different occasions that model management frameworks for stress testing models lag significantly behind those for regulatory models – and indicated that more should be done to bridge that gap.
In April 2018, the PRA issued a new set of modelling principles for stress testing models through a Policy Statement (PS7/18) and a Supervisory Statement (SS3/18), following consultation with the industry. The new principles are relevant for PRA-authorised banks, building societies and PRA-designated investment firms.
How will this impact lenders?
Initially, smaller banks and building societies might feel greater impact from these new guidelines than larger financial institutions, since they will have less experience of stress testing and fewer resources to meet the requirements. However, it is worth noting that while larger firms that take part in the Bank of England’s annual Concurrent Stress Test are expected to follow the new guidelines in full, for smaller firms the new principles are to be applied on a proportionate basis, depending on:
- a bank’s size
- its complexity
- the importance of stress test modelling for its business
Now is the time for banks to assess the likely impact of the new regime on their business, as firms are expected to undertake a self-assessment of their stress test models risk management practices against the principles as part of their ICAAP submission starting from 1 January 2019.
Four steps to stress testing success
In a recent webinar with UK Finance, we explored the four principles formalised by the PRA to encourage a compliant, effective stress testing modelling framework across banks, which we summarised in four key words: definition, governance, implementation and validation. Let’s look at each element in more detail.
- Definition – does your model qualify as a model?
Banks must define what constitutes a model and must be confident that what they define as their stress testing models adequately fulfil that description. Although interpretations will differ slightly between businesses, a model is any calculation mechanism used to produce a risk or financial figure, based on mathematical or statistical relationships. Qualitative overlays and post-model adjustments can also contribute to a valid ‘model’.
Banks should also maintain a model inventory: specifically, define and record models’ developers, owners and users.
Banks should be careful, however, to find the right balance between a comprehensive and a manageable definition of their stress testing models. Why? Because all aspects of a model formally recorded will, naturally, be subjected to increased scrutiny and additional governance requirements.
For practical reasons there are no black and white rules for what might qualify as a model. Indexed Loan To Value (LTV), for instance, would be considered as a model by certain institutions, depending both on their mortgage portfolios size and on the LTVs contribution to the bank’s Risk-Weighted Assets (RWA) figures. The larger the lender, in other words, the more significant Indexed LTV might be and therefore more likely to qualify as a ‘model’.
Each bank must work on its own criteria. One size definitely does not fit all.
- Governance – who’s going to take responsibility?
To establish effective governance there must be adequate procedures and controls in place to manage model risk. Central to this is engaging an institution’s Senior Management in the stress testing process.
What does this mean in reality? That it should be the responsibility of the Board of Directors to set the framework for model management risk, and of Senior Management to oversee its implementation.
Inevitably, a model alone is insufficient without proper mechanisms in place for it to be scrutinised, challenged and where necessary changed. The overseeing process needs to be taken seriously and recognised for the pivotal role it plays. Key figures including the Chief Executive Officer, Chief Risk Officer and Chief Finance Officer must all have a thorough understanding of the models – to the extent that they can steer the business in a better direction as a result of insights gleaned from stress testing.
Serious economic downturns are thankfully rare, but that means data to predict similar events in the future is therefore limited. With a potentially disruptive Brexit on the horizon, it’s important there is healthy separation between those people designing the modelling and those senior enough to take an overarching view and ask the crunch question: “Does this make sense for our portfolio?”
- Implementation – documenting every step of the journey
Any stress test model is only as good as its execution: the quality and accuracy of data fed into it, the relevance of the information, and the conclusions drawn from its use. The best models are designed to consistent standards and follow clearly-defined internal implementation procedures. Now is the time for business to identify any weaknesses in these procedures, before new regulations come into force and leave them exposed.
Central to this process is clear and transparent documentation. At the very least this documentation should record a models:
- design and methodology
- data used
- assumptions made
- uncertainty and limitations
This last point is particularly important. It is vital to identify a models assumptions and weaknesses, and likewise, what judgements and overlays can help alleviate these deficiencies.
Finally, an appropriate monitoring policy should be implemented, reflecting both portfolio size and scale of risk to the business.
There is nothing to lose and everything to gain by getting the right framework in place now. Setting aside the legal requirements, stress testing models are a useful management tool to assess the resilience of your business to ‘the unknown’ and as such should become an integral part of a firm’s risk management framework rather than be perceived as one-off regulatory exercises.
- Validation – the strength of external, and ideally independent, reviews
For quality control, banks should have their stress test models validated and independently reviewed to hone their performance and pinpoint any uncertainties within. This can initially seem onerous because smaller banks in particular don’t always have sufficient people – or the right in-house skills – to conduct a thorough validation.
Even if for lack of resources the validation is carried out by the same teams who developed the model, some form of external oversight should be applied.
In the near future, artificial intelligence could help support and improve the validation of stress test models by subjecting them to thousands of potential scenarios, rather than the relatively limited range that the Bank of England currently applies. Further down the line, therefore, machine learning techniques could prove faster, more accurate and more cost-effective validation tools for organisations of any size.
For now, the human touch remains necessary, so banks should plan to commit resources accordingly.
Key checklist for designing a successful stress test model
Some comforting news. The four principles contained within the PRA’s new policy statement are not radical shifts in stress testing – rather, they are an enshrinement in regulation of general high-level principles that have long been understood by the industry.
In a recent stress testing publication, we identified the following core elements of a successful stress test. These closely relate to the four new modelling principles set out by the PRA and can be summarised by a series of key questions that lenders should be asking themselves when assessing their stress testing modelling framework:
- Data Management and infrastructure: Is appropriate data management and infrastructure in place?
- Modelling Methodology: Is the modelling methodology adequate?
- Incorporate Macroeconomic effects: Are variables sensitive to traditionally fluctuating factors such as unemployment or base rates? Are the macro economic factors used in the model appropriate given the portfolios characteristics?
- Management and Governance: Are the most senior individuals within the organisation engaged in the stress testing process? Are there mechanisms in place to challenge and therefore improve the model?
- Model Execution: Does the model use appropriate and up-to-date data, and can useful conclusions be drawn from its use? Are any uncertainties and limitations inherent in the model thoroughly understood? How can they be overcome?
- Model Validation and Oversight: Is there adequate oversight of the model? Are review processes thorough and detailed? And are they sufficiently independent?
Stress test modelling might seem burdensome, but, when properly designed and executed, stress testing models can bring tangible benefits to the business. There is an easy way to assess their effectiveness, which is by asking: Does the business itself believe the outputs of the model in question? Does the business itself believe that the model covers its own key risks? If so, it stands a good chance of being fit for the future.