CCAR Stress Testing: The Devil Lies in The Data?

So much has been written about the models being the source of all evils in the risk management space. Surely the breaking down of correlation matrices was responsible to a large extent in the erroneous assessment of the exposures and real risk being carried in the balance sheet of our financial institutions prior to the 2008 crisis.

In his nomination hearing Before the Committee on Banking, Housing, and Urban Affairs, U.S. Senate, Alan Greenspan had clearly stated that “economic model, no matter how detailed or how well designed, conceptually and empirically, is a vastly simplified representation of the world that we experience”

Having clearly stated the problem, why were more stringent guidelines implemented to assess the inherent risk of models and provide for a consistent view of the risk identified?

Regulators around the world have been trying to come to grips with the dual reality to provide banks more flexibility in the assessment of their risk, as surely they are the best to know the risk that they carry in their books, and the requirement to have a level playing field amongst all players.

We had to wait until the spring of 2009 for Treasury Secretary Tim Geithner to push for a comprehensive stress-test to restore confidence in banks and their level of capital. It was a short step from there to integrate the results of the Stress Testing process into the Capital Management function as it is now known as the Fed’s CCAR (Comprehensive Capital Assessment Review)More recently in April of this year the  BIS  “Report to G20 Finance Ministers and Central Bank Governors on monitoring implementation of Basel III regulatory reform” clearly identifies the lack of consistency that exists between financial organizations in the treatment and development of their models. Models provide some level of flexibility in their development but create discrepancies in the calculation of their RWA (Risk Weighted Assets). In addition, local regulators have gold platted their regulations by using liberally supervisory multipliers or restricting modeling option , for example disallowing any diversification benefits between the type of risk.

So more flexibility is good and probably makes it possible for banks to give a more accurate picture of their risk profiles but at the same time makes it a lot harder to compare risks across institutions and understand truly the impact of a macro event on each banks respective portfolio.

In a sense, the CCAR initiative in the US introduces a lot of common sense and sanity by providing a common set of measures based on pre-defined scenarios. The downside of such an approach is of course, that many institutions do take this initiative as another box-ticking compliance exercise. This is both dangerous and misses the point of the benefits of the encompassing value of the integrated view on Balance Sheet and Earnings as part of the proper Capital Management Process. So what more can be done to bring the two realities together?

Corporate Governance at the Institution Level: One way of addressing this issue is to add to the prescriptive stress scenario, an emphasis and process to incorporate bank’s own downside scenarios based on demonstrable materiality of the stress factors chosen. This would then be of course a lot more institution specific but would ensure that the corporate governance process is complete by integrating risks that are institution specific.

Risk and Finance Integration: Whether institution specific or industry prescribed, the biggest challenge remains the fact that banks’ current architectures remain highly siloed. At a macro level, the first challenge is to generate a complete set of accounts under a stress scenario with the risk and finance function integrated.

Siloed Risk Architecture : The risk function itself is not devoid of its own challenge with historically a large number of risk providers owning different pieces of the calculation process. This leads to a great deal of inconsistency or re-work, aggregation and concerns about the reliability of the outcome. In most cases, what is required is a clear re-work of the Risk Architecture to start introducing commonality of data and processes and to ensure that model definition and execution remains usable across the different risk types.

Here again, before we can start getting excited about the modeling capabilities and methods, we go back to the starting point of any analytical initiative… It is all about the data.

I welcome your thoughts and opinions on this!