Stress Testing Governance
Stress tests should be conducted appropriately under adequate oversight as part of an institution’s governance and controls.
Key elements of effective governance and controls over stress testing include the governance structure, policies and procedures, documentation, validation and independent review, and internal audit.
Responsibilities of the Board and Senior Management
The board of directors is accountable for the entire organization and must be sufficiently knowledgeable about the organization’s stress testing activities.
Stress testing results inform the board of the institution’s risk appetite and profile and operating and strategic decisions, and they may serve as early warning signs of upcoming pressures.
Boards should actively challenge the results of stress tests and supplement them with other tests as well as both quantitative and qualitative information.
Senior management, with oversight from the board, is responsible for establishing robust policies for stress tests, which could supplement other risk, capital, and adequacy measures.
Management is also responsible for reviewing and coordinating stress test activities, assigning competent staff, challenging results and assumptions, and incorporating remedies to potential problems.
Senior management should ensure that there is a sufficient range of stress testing activities to evaluate risks. Results should be benchmarked and regularly updated given that risks, data sources, and the operating environment can change. An independent auditor should verify test results.
Senior management should regularly report to the board of directors on stress testing results in a clear and concise way, highlighting the key elements of the stress testing activities and any limitations.
Policies, Procedures, and Documentation
Stress testing activities should be governed by clear and comprehensive policies and procedures that are updated annually and documented in an appropriate manner. Appropriate documentation allows senior management to track and analyze results over time.
Documentation should include a description of the stress tests, main assumptions, results, limitations, and any proposed remedies. Those responsible for documentation should be given incentives given the complexity and time-consuming nature of preparing documents. Documentation received from external parties should be reviewed.
Stress test policies, procedures, and documentation should address a range of issues, including describing the purpose and process of stress test activities, establishing consistent and adequate practices, defining roles and responsibilities, determining the frequency and priority of stress testing activities, and describing proposed remedies.
Validation and Independent Review
Ongoing validation and independent review of stress testing activities is an important component of an institution’s governance. Validation and independent review should be unbiased and critical, and they should form part of the institution’s overall validation and review processes.
Results should be compared with appropriate benchmarks that reflect the institution’s risks and exposures.
Stress tests for nonstress periods (i.e., “good times”) should be incorporated into an institution’s model to test their predictive power and usefulness. Models used in nonstress periods may require a different set of assumptions given changing risks, correlations, and behavior by market participants.
Institutions do not need to fully validate stress tests, but limitations, challenges, and proposed remedies should be communicated and disclosed in a transparent manner.
Validation and independent review should challenge the review process and the qualitative components of the stress test, implement development standards, validate and implement stress tests, and monitor performance.
Role of Internal Audits
The internal audit assesses the integrity and reliability of policies and procedures. It should verify that stress tests are conducted thoroughly and as intended, by staff with the relevant expertise.
The internal audit should also review the procedures relating to the documentation, review, and approval of stress tests. Any deficiencies should be identified.
Key Aspects of Stress Testing Governance
An institution’s governance framework should incorporate stress testing coverage, stress testing types and approaches, and capital and liquidity stress testing.
Stress testing coverage should incorporate the relationship between risks and exposures in the short term and long term, and detect risk concentrations that could negatively impact an institution. Coverage can be applied to individual exposures, the entire institution, or various sublevels within an institution.
Stress testing types and approaches should consider the firm-specific and system-wide impacts of stresses from historical and hypothetical scenarios, and should include stresses that challenge the entire institution’s viability. When stress testing is complemented with scenario analysis, scenarios should be robust and credible.
Capital and liquidity stress testing should be harmonized with overall strategy and planning and updated for all material results and events. The impact of multiple simultaneous risks should be considered, including capital and liquidity problems that could arise simultaneously and magnify risks. Objectives for capital and liquidity funding costs should be clearly articulated. Excess exposures and areas should be identified where liquidity and capital positions can be strengthened.
