If the global economic crisis of 2009 taught us just one thing, it demonstrated the financial services industry’s centrality to the economy of not only individual nations but to the whole world. Financial institutions were probably the hardest hit by the crisis; and were also one of the quickest to react to the gaps and weaknesses in their regulatory, operating and risk management models, as exposed by the crisis.
More significantly, the dramatic loss of liquidity during the crisis had served as a wake-up call in terms of the way banks manage and control liquidity risk. Many shortcomings of liquidity risk management were revealed, from governance to daily measurement. Theory and practice, technology and processes and even corporate governance in this realm were found to be lacking.
While not exactly forgotten, it’s fair to say that in the years leading up to the crisis, liquidity risk was viewed as a theoretical issue. Due to regulation and experience, banks have dedicated more resources to the management of market and credit risks. However, a theoretical appreciation of liquidity risk has transformed into a visceral understanding during the past two years. The crisis was therefore a poignant reminder that managing liquidity risk is crucial. It now commands centre stage with executives, boards and regulators, as failing to manage liquidity has been shown to cause reputational damage – or worse, insolvency.
Liquidity as a Separate Risk Class
The importance of liquidity demands that it must be treated as a separate risk class, aggressively managed and elevated to a level equivalent to that of credit, operational and market risks. This requires developing and rigidly maintaining a framework that clearly defines responsibilities, controls, limits and reporting needs.
The positive news is that change is already underway at many organisations. In a poll conducted on liquidity risk management in the middle of last year by Ernst & Young, two-thirds of respondents said they were already in the midst of making changes. Of those respondents, approximately half indicated that the changes were significant.
Making these changes will not be easy but is highly important. For example, global banks will face the challenge of optimising liquidity while also meeting the standards set by regulators on a country-by-country basis. This will remain the case until there is better global regulatory coordination and alignment. As banks grapple with this issue, they should aim to work more closely with regulators and facilitate coordination across business lines in different parts of the world.
There is no doubt that regulators are calling for sound liquidity risk management practices among financial institutions. The crisis had exposed the inadequacies and failures of thoroughly quantifying potential liquidity risks – nowhere is this more evident than in stress-testing. Identifying proper scenarios that pose the greatest risk to the long-term viability of an institution is the key to developing contingency plans. Institutions are expected to examine existing stress-testing processes and abandon silo risk-based testing frameworks. They are also urged to use market-wide and institution-specific stress tests applied to both the short and long term. In doing so, they should include forward-looking, hypothetical information and qualitative data to help identify and prepare for liquidity events for which there is no precedent.
Towards a Robust Stress-testing Framework
Stress testing can involve complex models and infrastructure and is frequently dependent on expert judgment. Yet it must be transparent, replicable and reliably able to support strategic business capital, planning and management processes.
In developing a stress-testing framework, institutions need to have a repeatable process for scenario analyses, rather than relying on ad hoc solutions. This requires the following critical steps:
1. Analyse and define the approach
The scope of a stress testing programme must be determined – risk coverage, risk profile, and required outputs and reporting granularity. A review of existing stress-testing capabilities should be performed against these objectives.
To establish projection methodologies that link risk and finance model inputs to macroeconomic factors requires an understanding of the specific risk drivers within portfolios and their impact on financial metrics and portfolio performance. It is also important to estimate the time between the initial economic shock and the impact on the bank’s financial situation (the lagged effect). Stress-testing must be integrated into the risk governance and decision-making at the appropriate level of seniority.
2. Choose appropriate scenarios
For stress-testing to effectively support senior management decisions, the number of scenarios must be kept to a manageable level, while still providing a thorough assessment of risk.
Relevant scenarios must be selected from adverse variations from the plan, using the same type of indicators as for baseline business planning and additional scenarios, given the institution’s risk sensitivities.
Scenarios must then be translated into factors that drive risk and finance models, developing a set of model inputs for each scenario to stress the key income statement and balance sheet metrics that measure the bank’s solvency and liquidity position. Data requirements must be defined and assumptions around new business and risk profiles under each scenario established.
For larger institutions, the key challenge is to apply consistent scenario interpretations across multiple risk and financial statement models, and design stress-testing capabilities at different levels (e.g. bank-wide, business unit, business line).
3. Build a repeatable process
Execution of the assessment must take place within a clearly defined and repeatable process. The process must cover the gathering of required data, addressing cases where it may be scarce and lacking in quality. The application of stress-testing models must be supported by the development of an adequate infrastructure. Process planning must allow for expert judgment review sessions and workshops where needed.
Such an integrated process can require establishing additional governance as applicable, either through a distinct stress-testing committee involving senior risk and finance representatives or through integration with capital planning committees. Activities must be documented to support internal analysis and supervisory dialogue.
4. Aggregate, report and review results
Institutions need to be able to run an aggregation of financial model and capital projections and produce management reports – explanatory diagnostics, sensitivities, key behavioural assumptions in a timely manner. The results must be reviewed to challenge behavioural assumptions and if appropriate models may need to be rerun. The results should be reported to senior management to determine their action regarding capital adequacy strategy and risk management, including potential revision to the business plan.
For stress-test results to support decision-making within large institutions, the calculation and reporting process must provide for appropriate controls and timely delivery of information. One approach could be to implement stress-testing within the yearly budget process. To ensure necessary management involvement within businesses lines, this process must provide relevant business information. This can be achieved by including not only scenarios on severe but rare events, but also sensitivity analysis of the business to potential adverse conditions that could cause operating income to become negative.
Hard lessons have been learned from the economic crisis, and regulatory scrutiny over the financial services industry is not expected to subside. Financial institutions can continue to expect tough questions about their contingency planning and level of discipline related to risk. They should not be distracted by a sense of returned normality from improving their ability to manage future volatility of earnings and capital. The creation of strong stress-testing processes within the larger risk management framework must always be an imperative.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.
Politicians have united in urging the Reserve Bank of Australia to lend its backing to the digital currency by officially recognising it.