Disclosure Provisions Associated with Stress Testing Guidance

Recordkeeping and Disclosure Provisions Associated with

(Stress Testing Guidance) (FR 4202; OMB No. to be assigned)

Introduction

All banking organizations should have the capacity to understand fully their risks and the potential impact of stressful events and circumstances on their financial condition. The U.S. federal banking agencies have previously highlighted the use of stress testing as a means to better understand the range of a banking organization’s potential risk exposures. The 2007–2009 financial crisis underscored the need for banking organizations to incorporate stress testing into their risk management practices, demonstrating that banking organizations unprepared for stressful events and circumstances can suffer acute threats to their financial condition and viability.

Description of Information Collection

General Stress Testing Principles

An organization should develop and implement an effective stress testing framework that should include several activities and exercises, and not just rely on any single test or type of test, since every stress test has limitations and relies on certain assumptions. The uses of an organization’s stress testing framework should include, but not be limited to: augmenting risk identification and measurement; estimating business line revenues and losses; informing business line strategies; assessing capital adequacy and enhancing capital planning; assessing liquidity adequacy and informing contingency funding plans; contributing to strategic planning; and assisting with recovery planning.

All risk measures, including stress tests, have an element of uncertainty due to assumptions, limitations, and other factors associated both with the use of measures based on past performance and with forward-looking estimates. An organization should document the assumptions used in its stress tests and note the degree of uncertainty that may be incorporated into the tools used for stress testing. In many cases, it may be appropriate to present and analyze test results not just in terms of point estimates, but also including the potential margin of error or statistical uncertainty around the estimates. Furthermore, all stress tests, including well-developed quantitative tests supported by high-quality data, employ a certain amount of expert or business judgment that should be made transparent. In some cases, when credible data are lacking and more quantitative tests are operationally challenging or in the early stages of development, an organization may choose to employ more qualitatively-based tests, provided that they are properly documented and their assumptions are transparent. Regardless of the type of stress tests used, an organization should understand and clearly document all assumptions, uncertainties, and limitations, and provide that information to users of the stress testing results.

Governance Over the Stress Testing Framework

Governance over an organization’s stress testing framework rests with the organization’s board of directors and senior management. As part of their overall responsibilities, an organization’s board and senior management should establish a comprehensive, integrated and effective stress testing framework that fits into the broader risk management of the organization. While the board is ultimately responsible for ensuring that the organization has an effective stress testing framework, it should task senior management with implementing that framework. Senior management duties should include establishing adequate policies and procedures and ensuring compliance with those policies and procedures, assigning competent staff, overseeing stress test development and implementation, evaluating stress test results, reviewing any findings related to the stress test performance, and taking prompt remedial action where necessary. Senior management, directly and through relevant committees, also should be responsible for regularly reporting to the board on stress testing developments and results from individual and collective stress tests as well as on compliance with stress testing policy. Board members should actively evaluate these reports, ensuring that the stress testing framework is in line with the organization’s risk appetite, overall strategy and business plans, and directing changes where appropriate.

An organization should have written policies, approved and annually reviewed by the board, that direct and govern the implementation of the stress testing framework in a comprehensive manner. Policies, along with procedures to implement them, should:

• Describe the overall purpose of stress testing activities;

• Articulate consistent and sufficiently rigorous stress testing practices across the entire organization;

• Indicate stress testing roles and responsibilities, including controls over external resources used for any part of stress testing (such as vendors and data providers);

• Describe the frequency and priority with which stress testing activities should be conducted;

• Indicate how stress test results are used and by whom;

• Be reviewed and updated as necessary to ensure that stress testing practices remain appropriate and keep up to date with changes in market conditions, organization products and strategies, organization exposures and activities, the organization’s established risk appetite, and industry stress testing practices.