BankDirector.com: Charting a course for America's banking leaders

BankDirector Cover

Board Issues : Regulation

Regulatory Guidance on Stress Testing: What Every Board Must Know and Should Do

May 29th, 2012 |

frayed-rope.jpgThe banking agencies (the Federal Reserve, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency) recently issued the Supervisory Guidance on Stress Testing (the “guidance”).  This guidance becomes effective July 23, 2012 and applies to banking organizations with more than $10 billion in total consolidated assets. 

However, all banks regardless of size should pay close attention and follow the principles outlined in the guidance in order to implement an optimal risk management program at the bank. 

This article highlights what every bank board must know about the guidance and should do, regardless of the bank’s size. 

What the Guidance Says

The guidance says that a banking organization with more than $10 billion in total consolidated assets should implement stress testing as a key component of its risk management program. The main purpose is to enable the organization to fully understand its risk exposures and impact from stressful events and circumstances and better equip the organization to handle a wide range of adverse outcomes in the future.  

The guidance says banking organizations should incorporate five principles into a stress testing framework so that:

  • It is tailored and captures the organization’s enterprise risks
  • It employs multiple stress testing approaches
  • It is forward looking and flexible
  • It produces stress test results that are clear, actionable and support informed decision making
  • It includes strong governance and effective internal controls

The stress testing framework should cover all risks such as credit, market, operational, interest-rate, liquidity, country and strategic risk.

A banking organization’s senior management needs to design and implement the stress testing, while the board should approve the framework and policies.  The board should then monitor compliance.  The board also needs to use the results from stress testing to assess the impact to the risk profile, risk appetite and strategic plan. There should also be an independent review and validation of the framework used in the stress tests.

What the Board Must Know

Failing to follow the guidance and implement a stress testing framework commensurate with the banking organization’s size and risk profile will be deemed an unsafe and unsound banking practice. Bank examiners will closely evaluate the board’s role and ultimately hold it accountable.

Ultimately, the board is responsible for ensuring the banking organization has an effective enterprise risk management program that includes an appropriate stress testing framework.  The board should make sure senior management covers all risks and utilizes stress testing techniques such as scenario and sensitivity analysis and reverse stress testing.  Stress testing should provide the board with critical intelligence that ultimately can result in optimal risk management performance.  The board should also ensure that the stress testing framework’s adequacy and effectiveness is evaluated and validated independently.  

What Community Banks Should Do

While banking organizations with $10 billion or less in consolidated assets are exempt from the guidance, it would be prudent for the boards at these organizations to closely review the guidance and consider implementing a stress testing framework commensurate for their size and complexity, as a best practice. 

For example, a community bank could incorporate reverse stress testing as described in the guidance as a tool.  Reverse stress testing means the banking organization identifies “break the bank” type adverse outcomes, such as suffering material credit losses that result in severe undercapitalization, an employee committing a large fraud that results in a material loss, the bank being used for money laundering that results in criminal penalties or the bank being accused of lending discrimination and prosecuted by the Department of Justice (DOJ). The bank should then deduce the types of events that could lead to such an outcome.  This can reveal potential blind spots or previously unknown sources of risk that can then be mitigated through enhanced risk management.  Community banks in particular, due to their size, limited resources and less diversification in geographic location and product mix, may be more vulnerable to “break the bank” type of adverse events and may not be able to withstand such surprises unless they have planned for such an outcome. 

Ultimately, stress testing provides critical forward looking risk management intelligence that the board should use to guide the banking organization to attain optimal risk management performance and maximize shareholder value, regardless of the size of the organization.

shuda

Sai Huda is senior vice president and general manager, Enterprise Governance, Risk and Compliance Solutions at Fidelity National Information Services, Inc. (NYSE: FIS). He leads the company’s risk management and regulatory compliance software and consulting services group, focused on financial institutions.   

blog comments powered by Disqus