Ahead of the Stress Testing Summit, Jeff Simmons, Managing Director, Head of Enterprise Risk Management at the Bank of Tokyo Mitsubishi UFJ gives us his insight on the use of stress testing for setting risk appetite.
Q. Jeff, can you tell us a bit about yourself?
A. My route into Risk Management has been quite patchy to be honest but has to a large extent mirrored the development of risk as a function anyway. I started off as an Accountant and this is what my qualification is in. In this time Risk did not exist as a separate entity, and was largely done through a finance lens anyway.
I moved then into IT working on Front Office Trading systems. This was at a time when increasing computing power and more complex products were competing with each other, almost an arms race. I was involved in that race.
I then moved into Model Validation, this being a time when control and review of models was starting to gain more focus, pricing and risking products was now almost out of the vanilla markets hands. Moving into Emerging Markets I learnt about Credit, and the value of Credit.
Credit Derivatives were a new asset class, but Emerging Markets had been doing this for years. Then I moved into Risk Management systems, and the implementation of tools such as VaR, Stress Testing, Risk Appetite as even more complex products such as CDO’s became more common. The crash sent me into Consulting, largely around Capital and the new Regulations.
Finally I ended up in Enterprise Risk which seems to bring all of these different areas together. So, I didn’t so much as come to work in Risk Management, rather came to be a part of risk management growth.
Q. How can stress tests help define risk appetite and inform strategic decision making?
A. This is an easy thing to ask, but difficult to define or answer. I view it relatively simply, risk appetite is set such that unexpected losses can be absorbed with in it. If stress testing shows that we exceed risk appetite then we have to take action.
This action can be the same as if we had exceeded risk appetite in our normal business activities. But then you get the “strategy” bit. Existing strategies are fine, the principle generally is to do what you currently do (i.e. your core business), just more of it.
But what of non core expansion, the opening of a Moscow Office, the push into oil, the exit of China business if you have “called the top”. When and how are they evaluated, and, how can you assess stress scenario probabilities against them. Action is only as good as the certainty of the predicted outcome.
Q. How can the level of risk appetite change for businesses based on stress results?
A. Well this is related to Q2, in fact it is the other side of the coin. If we go on the principle that stress testing is primarily there to identify “holes” in your exposures.
Under stress we see just how big these holes are. Now the quandary, do you resize your risk appetite for high impact low probability events. How do you make that decision. The problem with this approach is “how much is enough” and “how likely is it that it will happen”.
The cost of getting the answers to either of these 2 questions wrong can be high. Inappropriate action, either de-risking prematurely or too late could have significant impacts.
Q. How do you see the role of stress testing evolving over the next 6-12 months, particularly with the political environment and regulatory trends in mind?
A. I don’t see the role or purpose of stress testing changing, just it’s complexity.
Let’s think of BREXIT as an example for a European Bank. The macro economic implications are very complex, even if we knew with some accuracy how they would play out. This is not possible though. So we have multiple scenarios with multiple severities across multiple countries and industries.
Then we have the non-macroeconomic, political changes (what is the impact on BREXIT of the now hung UK parliament), Regulatory changes driven out of Europe in response to the “back to back model”. Then we have socio economic, business and even tax. The era of the pure macro-economic scenario is almost passed us, and yet we still haven’t solved a lot of those complexities yet. For example the incorporation of operational risk, conduct risk and legal risk. Where does the impact of cyber terrorism come in over a 3 year EBA horizon as another example?
So, where will stress testing be in the next year, I think there will be a surge in behavioural analysis science with more focus on the contagion and secondary impacts.