Stress testing and scenario analysis

Stress testing and scenario analysis

An article by BCS Consulting, Chris Cardwell, Managing Director, Erkin Nosinov, Director, Faye Raw, Managing Consultant and Charles Hildebrandt, Managing Consultant.
Enterprise stress testing and scenario analysis, the process whereby banks assess their financial resilience to macro-economic or market-driven scenarios, has changed almost beyond recognition in the last decade. What used to be a simple, top-down process has become a complex bottom-up modelling exercise, involving almost every function within the bank and the storm’s not going to abate.

Recent changes in enterprise stress testing methods have been driven largely by the un-forecasted events of the financial crisis and the subsequent regulatory response to those events. Many banks have struggled to adequately respond to frameworks such as CCAR and STDF 1 and have been forced to rely on short-term, tactical solutions. A wide range of different operating models have emerged, as the sector responds to the rapidly changing regulatory landscape.

Substantial investments have already been made. However, rather than a period of tranquility, we believe the pace of change will continue for at least another five years. The methods and infrastructure used in the next decade will fundamentally differ to those currently in place. Whilst the regulatory agenda will continue to be a major catalyst, we believe that three principles will underpin enterprise stress testing and scenario analysis operating models in the future:

  • Stress testing and scenario analysis will become a ‘first line’ activity, ceasing to be something done to the business by Risk and Finance. Banks which incubated capabilities within their second lines of defence will undergo a period of transition as processes and capabilities are transferred into risk-taking functions.
  • Models and methodologies will become more integrated and product-centric. They will focus on portfolio dynamics and the interplay between volume, margin and risk. Models which evaluate risk and revenue items in isolation will be phased out.
  • Consistent enterprise scenario analysis methods will underpin a broader set of activities, ranging from strategic planning to regulatory stress testing and recovery planning.

Operating models, risk methodologies and investment priorities currently vary considerably across the industry. This is likely to continue over the short-term as banks build on what they currently have, in order to meet immediate regulatory demand. However, over a 5-10 year timeframe, the industry will move towards consistent adoption of a standard operating model characterised by the three principles outlined above.

Transitioning to the first line of defence

Regulatory attitudes have driven recent investment in enterprise stress testing and scenario analysis. The majority of banks met regulatory demand by boosting capacity in their Risk teams, leveraging skills already present within their second line of defence. This approach has allowed the industry to quickly improve its ability to meet compliance objectives, it is also one of the reasons why banks are deriving limited value from the process.

Enterprise stress testing is an exercise in risk articulation but it is not a simple risk measurement activity. Due to the complexity of the analysis and the extreme nature of the scenarios, it will always retain a highly subjective element. Any insights which can be gained from a stress test typically come not from the final output but from participation in the process itself. If Risk and Finance are accountable for all forms of enterprise scenario analysis while risk taking functions have limited involvement, the process can become viewed as a simple compliance issue. If this happens, banks run the risk of failing to extract any real value from the investment they are required to make.

Over time the industry will therefore migrate towards the following division of accountabilities:

  • Scenario projections and the interpretation of results will be managed within the first line of defence, supported either by Operations or captive Risk and Finance teams.
  • Risk, as the second line, will be accountable for the overall scenario analysis framework and governance over policies and models. They will also perform independent review and challenge.

These operating model changes will be driven by two factors. Firstly, banks will seek to gain additional value from the investment required to ensure regulatory compliance. To achieve this they will have to involve a broader range of risk-takers in the analysis. Secondly, regulators will increasingly insist on business ownership of stress testing outside of the CRO and CFO functions. This expectation is already present for executive level management and is likely to be required further down the ranks in the near future.

Recent information emerging about the PRA Biennial Exploratory Scenario for 2017 reinforces this driver. Rather than a short sharp shock and recovery, the scenario is likely to focus on long- term changes in the business environment and mitigating actions to adapt the business model and maintain profitability – the domain of front-office and strategic planning.

Integrated, product-centric models

Until recently, enterprise stress testing tended to be a top-down modelling exercise. The advent of data-centric initiatives such as CCAR and STDF fundamentally changed that. Banks have been forced to adopt more granular methods and generate projections which include levels of detail not even used in core business planning. They have achieved this by co-opting existing risk models, for use in an enterprise-wide context. A typical enterprise stress test now involves models which started life in the world of loss forecasting, balance sheet management and market risk stress testing.

The granularity problem is being gradually solved; the integration problem is now bigger than ever. Using models originally designed to measure risks in isolation has created a new challenge. Aligning assumptions and constructing coherent portfolio narratives is difficult, so engaging business stakeholders in the process is proving even harder.

Here we see a difference of opinion emerging. Regulators desire more granular outputs, but while calculation methods remain siloed, banks see limited additional value to be gained from this granularity.

This problem is not helped by the standard industry operating model, in which components of the stress testing process are devolved to different Risk and Finance teams. Integrating models which have evolved in this environment requires banks to work cross-functionally and in a manner which few are used to.

Over time, banks will re-engineer their enterprise scenario analysis models to be more product-centric. They will aim to incorporate the projection of volumes, margins, risk outcomes, and the interplay between them, in a single framework, combining statistical and judgemental components. The move away from single-risk models, although challenging, will improve transparency and consistency of assumptions. It will also reduce the number of hand-off’s between projection teams.

Supporting multiple use-cases

Enterprise scenario analysis underpins a variety of risk and performance management activities, from business planning to regulatory stress tests and the ‘recovery’ portion of RRPs.2 These processes have evolved at different times and for different reasons. They are often treated as discrete activities and managed by different teams. In our experience, it is not uncommon for different Risk, Finance or Treasury teams in the same bank to be responsible for:
• Business planning
• Risk Appetite stress testing
• ICAAP stress testing
• Regulatory stress testing
• Recovery planning

We typically see high levels of cooperation across these activities. However, we also see a high degree of variation in terms of the methods, processes and operating models used to perform the analysis which underpins them.

In the future, these activities will be treated as points on a single continuum, rather than separate activities in their own right. Banks will use consistent methods and a single operating model for all types of enterprise scenario analysis. Only the nature of the scenario and the format of the final output will differ.

A factor which currently prevents banks from aligning their enterprise scenario analysis techniques is the requirement to deliver outputs via regulator-defined data models. The difficulties associated with translating internal data into regulatory templates is leading some banks to start tailoring their methods to the templates. This has the potential to cause divergence between internal and regulatory stress testing and should be avoided wherever possible.

In the future, banks will need to be capable of cascading scenario assumptions down through their data architectures, creating projections at an account or exposure level. Achieving this kind of capability is clearly predicated on banks having integrated and granular data stores to support their modelling activities. Progress towards the BCBS 239 principles will therefore help facilitate the change, although many in the industry still remain some way off this point.

It is clear that many people remain sceptical about the value of increasing the granularity of enterprise scenario analysis. Until more integrated methods are adopted, this is a view with which we sympathise. However, there is no evidence that a change in regulatory approach is on the horizon, or that cross-border alignment of regulatory requirements will be achieved in the short-term. Therefore, we believe that banks will pursue granularity as a means to align the different uses of enterprise scenario analysis, rather than as an objective in its own right.


In order to meet regulatory demand, most banks incubated stress testing and scenario analysis capabilities in their Risk and Finance functions. Their methods have subsequently evolved to re ect the structure of those functions. They are siloed, with discrete modelling components projecting a risk and revenue line in isolation. Consolidation processes are then applied to make the results ‘enterprise wide’ despite the analysis not being truly integrated. Under this approach banks are meeting their compliance agendas, but not extracting much value from the process.

A more strategic operating model would leverage integrated, product-centric models with the analysis being conducted by the main risk-taking functions. In order to achieve the strategic operating model, banks should take a three-step approach: