Topics 63-69

Question 1

ADRs, GDRs

Answer 1

Certificates issued by domestic banks representing shares of foreign stock that the bank holds in trust but that are traded on domestic exchanges [called American depositary receipts (ADRs) in the United States and global depositary receipts (GDRs) in European markets].

Question 2

Key sources of country risk

Answer 2

Key sources of country risk include:

1. where the country is in the economic growth life cycle,
2. political risks,
3. the legal systems of countries, including both the structure and the efficiency of legal systems, and
4. the disproportionate reliance of a country on one commodity or service.

Question 3

Explain how a country’s position in the economic growth life cycle affect its risk exposure

Answer 3

• More mature markets and companies within those markets are less risky than those firms and countries in the early stages of growth.
• Early growth countries generally have higher growth rates in recoveries and larger declines in gross domestic product (GDP) growth in downturns than their more mature counterparts.

Question 4

Explain how a country’s position in the political risk affect its risk exposure

Answer 4

There are at least four components of political risk, including:

• Continuous versus discontinuous risk. Risks in democracies are continuous but generally low. In contrast, risks in dictatorships are discontinuous. Policies change much less frequendy, but changes are often severe and difficult to protect against (i.e., discontinuous risk). Studies are mixed regarding which system, authoritarian or democratic, results in higher economic growth.
• Corruption. There are costs associated with government corruption. Corruption costs can be likened to an implicit tax, direcdy reducing company profits and returns and indirectly reducing investor returns. Because the “tax” is not explicit and may also result in legal sanctions against the firm operating in the corrupt system (e.g., if a firm is caught bribing an official), it increases risk.
• Physical violence. There are economic costs (e.g., insurance and security costs) and physical costs (e.g., possible physical harm to employees or investors) associated with countries in conflict.
• Nationalization and expropriation risk. Firms that perform well may see their profits expropriated via arbitrary taxation by governments. A firm may be nationalized, in which case the owners will receive much less than the true value of the company. Risks are greater in countries where nationalization and/or expropriation are possible.

Question 5

Explain how a country’s position in the legal risk and economic structure affect its risk exposure.

Answer 5

Legal Risk

The protection of property rights (i.e., the structure of the legal system) and the speed with which disputes are settled (i.e., the efficiency of the legal system) affect risk.

Economic Structure

A disproportionate reliance on a single commodity or service in an economy increases a country’s risk exposure.

Question 6

Compare instances of sovereign default in both foreign currency debt and local currency debt, and explain common causes of sovereign defaults

Answer 6

Sovereign default risk refers to the risk that holders of government-issued debt fail to receive the full amount of promised interest and principal payments during the specified time period. Sovereign default risk can be used as a proxy for country risk. Sovereign default categories include foreign currency defaults and local currency defaults.

A large proportion of sovereign defaults are foreign currency defaults.

In a study on sovereign defaults between 1975 and 2004 conducted by Standard and Poor’s, the firm notes:

1. Countries were more likely to default on funds borrowed from banks than on sovereign bond issues.
2. Latin America accounts for a large proportion of sovereign defaults in the last 50 years (measured in dollar value terms).

It is difficult to explain why countries default on local currency debt. It would seem that countries would simply print more money to meet their obligations. However, there are three reasons that help explain local currency defaults.

1. The Gold Standard. Prior to 1971, some countries followed the gold standard. This means the country was required to have gold reserves to back currency. The gold standard thus limited the amount of currency a country could print, reducing its flexibility in terms of printing currency to repay debt.
2. Shared Currency. The euro is an example of a shared currency. The advantage of a shared currency is convenience for businesses, tourists, and so on. It eliminates the costs of converting currencies and increases transparency. However, a shared currency limits the abilities of individual countries to print money. For example, during the recent Greek debt crisis, as a member of the European Union (EU), Greece was not able to print currency to pay off debt.
3. Currency Debasement. There are costs associated with printing money. Printing money may devalue and debase the currency. It also leads to higher inflation, sometimes exponentially higher inflation. There are costs associated with default and costs associated with printing money. Some countries decide that the costs associated with default are the lesser of the two evils.

Question 7

Describe factors that influence the level of sovereign default risk; explain and assess how rating agencies measure sovereign default risks

Answer 7

Several factors influence a country’s sovereign default risk. They are as follows:

1. The country’s level of indebtedness.
2. Pension funds and social services. Countries with greater pension commitments and health care commitments (e.g., Medicare in the United States) have higher default risk. Also, as these commitments increase as the population ages, countries with older populations face greater risks.
3. Tax receipts. The greater the tax receipts, the more able a country is to make debt payments. A larger tax base should increase a country’s revenues (i.e., tax receipts) and therefore lower default risk.
4. Stability of tax receipts. Governments must pay debt obligations in both good and bad economic times. This means the revenue stream must be stable to meet these fixed obligations. Countries with more diversified economies are more likely to have stable tax receipts.
5. Political risk. Autocracies may be more likely to default than democracies because, as noted above, defaults put pressure on, and may cause a change in, the leadership of the country. There may be less pressure on the leaders of dictatorships if the country defaults. Also, the more independent the central bank, the more difficult it may be for a country to print money.
6. Backing from other countries/entities.

Question 8

Local currency vs Foreign currency rating

Answer 8

Generally, the local currency rating is at least as high as the foreign currency rating, because, as noted, countries can print money in local currency to repay debt. It is however possible for the local currency rating to be lower, as was the case with India in March 2010.

Agencies use two approaches to arrive at the foreign versus local currency
ratings:

1. Notch-up approach. The foreign currency rating is the key indicator of sovereign default risk and the local currency rating is “notched up” based on the domestic debt market and other domestic factors.
2. Notch-down approach. The local currency rating is the key indicator of sovereign credit risk and the foreign currency rating is “notched down” based on foreign exchange issues and constraints.

Question 9

Reasons why rating agencies have been criticized

Answer 9

However, rating agencies have been criticized on a number of counts. These include:

• Ratings are biased upward
• Herd behavior. When one agency upgrades or downgrades a country, the other agencies tend to follow suit. This lack of independence reduces the benefit of having three rating agencies.
• Not timely enough
• Overreaction leads to a vicious cycle. Some argue that the agencies overreact to crises, lowering ratings too much in response to a crisis, creating a feedback effect that worsens the crisis.
• Ratings failures. The study offered several possible explanations for the ratings failures:
  
  • Bad information. Agencies rely on information from governments.
  • Overburdened analysts. Rating sovereigns generates limited revenues for agencies. Analysts are spread thin and often rate four or five countries.
  • Conflicts of interest resulting from revenue challenges. Rating agencies generally do not charge users for sovereign ratings. This means revenues must come either from the issuers or from other businesses that arise from the sovereign ratings business such as ratings evaluation services, risk management services, and market indices. Rating agencies generate significant revenues from sub-sovereigns (e.g., states, provinces, counties, and cities).
  • Other conflicts of interest. As indicated above, there are off-shoot businesses from the core sovereign ratings business. These businesses may generate enough revenue to influence ratings. Typically, rating agency employees do not go work for the sovereigns they rate, thus this issue does not generally pose a conflict of interest.

Question 10

Describe the advantages and disadvantages of using the sovereign default spread as a predictor of defaults

Answer 10

Advantages of Default Risk Spreads:

1. Changes occur in real time. Market-based spreads are more dynamic than ratings.
2. Granularity. Default risk spreads are more granular. Instead of A versus B or good versus bad, there are much finer comparisons to be made based on a 2.03% yield spread on Brazilian bonds (rated Baa2) compared to a 1.46% spread on Peruvian bonds (rated Baa2) compared to a 1.58% spread on Colombian bonds (rated Baa3).
3. Adjust quickly to new information.

Disadvantages of Default Risk Spreads

1. Need for a risk-free security. In order to calculate a default risk spread, there must be a risk-free security in the currency in which the bonds are issued.
2. Cannot compare local currency bonds. Local currency bonds do not have a risk-free security with which to compare. You cannot compare local currency bonds with each other because differences in yields may reflect differences in expected inflation across countries. Also, even with dollar-denominated bonds, it is the assumption that U.S. Treasury bonds are default risk free that makes calculating a yield spread meaningful.
3. Greater volatility.

Studies that have examined default risk spreads and ratings generally conclude:

• Default risk spreads are “leading indicators. “The spreads widen before a ratings downgrade and narrow before a ratings upgrade.
• Default risk spreads are positively correlated with ratings and with default. In other words, low rated sovereign bonds are more likely to trade at higher yields (and yield spreads) and are more likely to default.
• A ratings change provides information to the market, despite the longer lag time relative to default risk spreads. Rating agencies use market information to make ratings changes. The market reacts to ratings and rating changes when pricing bonds. This means that both ratings and default risk spreads are useful to market participants in evaluating and understanding sovereign default risk.

Question 11

Investment grade rating in Moodys scale

Answer 11

Ratings Baa and above are designated investment grade, and ratings Ba and below represent non-investment grade.

Question 12

Steps of rating process

Answer 12

The rating process requires the existence of an adequate amount of information and a defined analytical framework that can be applied globally. The ratings process usually consists of the following steps:

1. Conducting qualitative analysis (e.g., competition and quality of management).
2. Conducting quantitative analysis, which would include financial ratio analysis.
3. Meeting with the firm’s management.
4. Meeting of the committee in the rating agency assigned to rating the firm.
5. Notifying the rated firm of the assigned rating.
6. Opportunity for the firm to appeal or offer new information.
7. Disseminating the rating to the public via the news media.

After the initial rating, the ratings agency monitors the firm and adjusts the rating as needed

Question 13

Describe the impact of time horizon, economic cycle, industry, and geography on external ratings

Answer 13

In addition to the condition of the firm, forecasted events in the horizon will affect the probabilities. The most notable events are the economic and industrial cycles.

Since the rating should apply to a long horizon, in many cases, ratings agencies try to give a rating that incorporates the effect of an average cycle. This practice leads to the ratings being relatively stable over an economic or industrial cycle. Unfortunately, this averaging practice may lead to an over- or underestimate during periods when the economic conditions deviate too far from an average cycle. Also, the default rate of lower-grade bonds is correlated with the economic cycle, while the default rate of high-grade bonds is fairly stable.

Evidence shows that for a given rating category, default rates can vary from industry to industry (e.g., a higher percentage of banks with a given rating will default when compared with firms in other industries with the same rating). However, geographic location does not seem to cause a similar variation of default for a given rating class.

Question 14

Explain the potential impact of ratings changes on bond and stock prices

Answer 14

The evidence supporting the impact of ratings changes on bonds is not surprising:

• A rating downgrade is likely to make the bond price decrease (stronger evidence).
• A rating upgrade is likely to make the bond price increase (weaker evidence).

As indicated, the relationship is asymmetric in that the underperformance of recently downgraded bonds is more statistically significant than the over-performance of recently upgraded bonds. Some theorize that ratings changes tend to lag the inflow of information, and the market anticipates the change, so the impact on the price is minimized.

For stocks, the change in bond ratings has an even more asymmetric effect on the stock prices than it does on bond prices:

• A rating downgrade is likely to lead to a stock price decrease (moderate evidence).
• A rating upgrade is somewhat likely to lead to a stock price increase (evidence is mixed).

The relationship between a change in ratings and the stock price can be complex, and the effect is usually related either to the reason for or the direction of the rating change, or both. A downgrade from a fall in earnings will generally decrease stock prices, but a downgrade from an increase in leverage may leave the price of stocks the same or even increase them. Since firms tend to release good news more readily than bad news, downgrades may be more of a surprise, so downgrades affect stock prices more than upgrades when the firm reveals the good news associated with the upgrade prior to its occurrence.

Question 15

Explain and compare the through-the-cycle and at-the-point internal ratings approaches

Answer 15

A given bank may have more than one system, such as an at-the-point
approach, to score a company. This approach’s goal is to predict the credit quality over a relatively short horizon of a few months or, more generally, a year. Banks use this approach and employ quantitative models (e.g., logit models) to determine the credit score.

A bank may also use a through-the-cycle approach, which focuses on a longer time horizon and includes the effects of forecasted cycles. The approach uses more qualitative assessments. Given the stability of the ratings over an economic cycle, when using through-the-cycle approaches, high-rated firms may be underrated during growth periods and overrated during the decline of a cycle.

Some evidence suggests that ratings based on at-the-point methodologies tend to vary more over an economic cycle than ratings based on through-the-cycle methodologies. Generally though, the through-the-cycle and at-the-point approaches are not comparable. The users of the ratings should select the type of rating that suits their goal and horizon. However, some researchers have formulated models that derive longer-term, through-the-cycle ratings from a sufficient history of short-term, at-the-point probability of defaults.

Because of their short-term focus, the use of at-the-point approaches may be procyclical (i.e., they tend to amplify the business cycle). The reason for this is as follows:

economic downturn —> rating downgrades —> decrease in loans and economic activity

economic upturn —> rating upgrades —> increase in loans and economic activity

Furthermore, the changes in ratings and lending policies can lag the economic cycle, so just when the economy hits a trough and is about to start expanding, the banks may downgrade firms and restrict the credit they need to participate in the expansion.

Question 16

Identify and describe the biases that may affect a rating system

Answer 16

An internal rating system may be biased by several factors. The following list identifies the main factors:

• Time horizon bias: mixing ratings from different approaches to score a company (i.e., at-the-point and through-the-cycle approaches).
• Homogeneity bias: inability to maintain consistent ratings methods.
• Principal/agent bias: moral hazard could result if bank employees do not act in the interest of management.
• Information bias: ratings assigned based on insufficient information.
• Criteria bias: allocation of ratings is based on unstable criteria.
• Scale bias: ratings may be unstable over time.
• Backtesting bias: incorrectly linking rating system to default rates.
• Distribution bias: using an incorrect distribution to model probability of default.

Question 17

Define and calculate expected loss (EL)

Answer 17

Expected loss (EL) is defined as the anticipated deterioration in the value of a risky asset that the bank has taken onto its balance sheet. EL is calculated as the product of EA, PD, and LR:

EL = EA x PD x LR

The EL measure does not capture the variation in the risky asset’s value. This variation is referred to as unexpected loss.

Question 18

Define and calculate unexpected loss (UL). Estimate the variance of default probability assuming a binomial distribution.

Answer 18

Question 19

Calculate UL for a portfolio and the risk contribution of each asset

Answer 19

Question 20

Answer 20

Question 21

Evaluate a banks economic capital relative to its level of credit risk. Describe how economic capital is derived.

Answer 21

Banks set aside credit reserves in preparation for expected losses. However, for unexpected losses, banks need to estimate the excess capital reserves needed to cover any unexpected losses. The excess capital needed to match the bank’s estimate of unexpected loss is referred to as economic capital.

By knowing the shape of the loss distribution, EL_p, and UL_p, the difference between the expected outcome and the confidence level (typically 99.97%) can be estimated. This difference can then be represented as a multiple of portfolio unexpected loss, which is often referred to as the capital multiplier (CM). With this multiplier, economic capital for the portfolio can be derived as:

economic capital_p = UL_p X CM

Question 22

Describe challenges to quantifying credit risk

Answer 22

The bottom-up risk measurement framework that attempts to quantify credit risk has several limitations:

1. Credits are presumed to be illiquid assets. With a bottom-up approach, credit losses are measured by their risk contribution to the credit portfolio and are not influenced by the correlation among risk factors as they are in liquid markets.
2. Credit risk models used in practice only use a one-year estimation horizon. Ideally, credit risk models should incorporate unexpected and expected changes in credit quality of borrowers that occur over several years; however, in practice, this approach is very difficult.
3. Other risk components (such as operational risk and market risk) are separated from credit risk and, thus, managed and measured in different departments within the bank.

Question 23

Definition of operational risk

Answer 23

Some firms define operational risk as all risk that is not credit or market risk. However, most people agree that this definition is far too broad. Past industry definitions of operational risk include:

• Financial risk that is not caused by market risk (i.e., unexpected asset price movements) or credit risk (i.e., the failure of a counterparty to meet financial obligations).
• Any risk developing from a breakdown in normal operations (e.g., system failures or processing mistakes).
• Any risk from internal sources (e.g., internal fraud), excluding the impact of regulatory action or natural disasters.
• Direct or indirect losses that result from ineffective or insufficient systems, personnel, or external events (e.g., natural disasters or political events), excluding business risk (the risk of earnings volatility resulting from business conditions).

The Basel Committee on Banking Supervision attempted to incorporate industry views and build a consensus on the definition of operational risk. The Committee’s statement of operational risk is as follows:

“The risk of direct and indirect loss resulting from inadequate or failed internal processes, people, and systems or from external events. ”

The operational risk definition explicitly includes legal risk, but does not address reputational risk or strategic risk, presumably because they can be difficult to quantify.

Question 24

Compare three approaches for calculating regulatory capital

Answer 24

The Basel Committee has proposed three approaches for determining the operational risk capital requirement (i.e., the amount of capital needed to protect against the possibility of operational risk losses):

1. the basic indicator approach,
2. the standardized approach, and
3. the advanced measurement approach.

The basic indicator approach and the standardized approach determine capital requirements as a multiple of gross income at either the business line or institution level. The advanced measurement approach (AMA) offers institutions the possibility to lower capital requirements in exchange for investing in risk assessment and management technologies.

With the basic indicator approach, operational risk capital is based on 15% of the bank’s annual gross income over a 3-year period. Gross income in this case includes both net interest income and noninterest income. For the standardized approach, the bank uses eight business lines with different beta factors to calculate the capital charge. With this approach, the beta factor of each business line is multiplied by the annual gross income amount over a 3-year period. The results are then summed to arrive at the total operational risk capital charge under the standardized approach. The beta factors used in this approach are shown as follows:

• Investment banking (corporate finance) 18%
• Investment banking (trading and sales) 18%
• Retail banking 12%
• Commercial banking 15%
• Settlement and payment services 18%
• Agency and custody services 15%
• Asset management 12%
• Retail brokerage 12%

The Basel Committee recommends that large banks move from the standardized approach to the AMA. In order to use either approach, banks must satisfy a number of conditions.

In order to use the standardized approach, banks must:

1. have an operational risk management function that is able to identify, assess, monitor, and control this type of risk,
2. document losses for each business line,
3. report operational risk losses on a regular basis,
4. have a system that has the appropriate level of documentation, and
5. conduct independent audits with both internal and external auditors.

The operational risk capital requirement currently proposed by the Basel Committee is equal to the unexpected loss in a total loss distribution that corresponds to a confidence level of 99.9% over a 1-year time horizon. This concept is illustrated in Figure 1.

Question 25

Describe the Basel Committee’s seven categories of operational risk

Answer 25

The Basel Committee on Banking Supervision disaggregates operational risk into seven types. A majority of the operational risk losses result from clients, products, and business practices.

1. Clients, products, and business practices. Failure (either intentional or unintentional) to perform obligations for clients. Examples include mishandling of confidential information, breaches in fiduciary duty, and money laundering.
2. Internal fraud. Disobeying the law, regulations, and/or company policy, or misuse of company property. Examples include misreporting data or insider trading.
3. External fraud. Actions by a third party that disobey the law or misuse property. Examples include robbery or computer hacking.
4. Damage to physical assets. Damage occurring from events, such as natural disasters. Examples include a terrorist attack, earthquakes, or fires.
5. Execution, delivery, and process management. Failure to correctly process transactions and the inability to uphold relations with counterparties. Examples include data entry errors or unfinished legal documents.
6. Business disruption and system failures. Examples include computer failures, both hardware- and software-related, or utility outages.
7. Employment practices and workplace safety. Actions that do not follow laws related to employment or health and safety. Examples include worker compensation, discrimination disputes, or disobeying health and safety rules.

Question 26

Derive a loss distribution from the loss frequency distribution and loss severity distribution using Monte Carlo simulations

Answer 26

Question 27

Describe the common data issues that can introduce inaccuracies and biases in the estimation of loss frequency and severity distributions

Answer 27

Question 28

Describe how to use scenario analysis in instances when data is scarce

Answer 28

Another method for obtaining additional operational risk data points is to use scenario analysis. Regulators encourage the use of scenarios since this approach allows management to incorporate events that have not yet occurred. This has a positive effect on the firm since management is actively seeking ways to immunize against potential operational risk losses. The drawback is the amount of time spent by management developing scenarios and contingency plans.

Question 29

Describe how to identify causal relationships and how to use risk and control self assessment (RCSA) and key risk indicators (KRIs) to measure and manage operational risks

Answer 29

Causal relationships are a convenient method of identifying potential operational risks. Relationships are analyzed to check for a correlation between firm actions and operational risk losses. For example, if employee turnover or the use of a new computer system demonstrates a strong correlation with losses, the firm should investigate the matter. It is necessary to conduct a cost-benefit analysis if significant relationships are discovered.

One of the most frequently used tools in operational risk identification and measurement is the risk and control self assessment (RCSA) program. The basic approach of an RCSA is to survey those managers directly responsible for the operations of the various business lines. It is presumed that they are the closest to the operations and are, therefore, in the best position to evaluate the risks. The problem with this assumption is that you cannot reasonably expect managers to disclose risks that are out of control. Also, a manager’s perception of an appropriate risk-return tradeoff may be different than that of the institution. A sound risk management program requires that risk identification and measurement be independently verified.

The identification of appropriate key risk indicators (KRIs) may also be very helpful when attempting to identify operational risks. Examples of KRIs include employee turnover and the number of transactions that ultimately fail. In order to be valuable as risk indicators, the factors must:

1. have a predictive relationship to losses and
2. be accessible and measurable in a timely fashion.

The idea of utilizing KRIs is to provide the firm with a system that warns of possible losses before they happen.

Question 30

Describe the allocation of operational risk capital to business units, scorecard approach

Answer 30

One method for allocating capital is the scorecard approach. This approach involves surveying each manager regarding the key features of each type of risk.

Questions are formulated, and answers are assigned scores in an effort to quantify responses. The total score for each business unit represents the total amount of risk. Scores are compared across business units and validated by comparison with historical losses.

Examples of survey questions include:

1. the ratio of supervisors to staff,
2. employee turnover rate,
3. average number of open positions in the business unit at one time, and (
4. the presence of confidential information.

The objective of the scorecard approach is to make business line managers more aware of operational risks and the potential for losses from those risks. It also encourages senior management to become more involved with the risk management process.

Question 31

Explain how to use the power law to measure operational risk

Answer 31

Question 32

Explain the risks of moral hazard and adverse selection when using insurance to mitigate operational risks

Answer 32

Two issues facing insurance companies and risk managers are moral hazard and adverse selection.

• A moral hazard occurs when an insurance policy causes an insured company to act differently with the presence of insurance protection. For example, if a firm is insured against a fire, it may be less motivated to take the necessary fire safety precautions. To help protect against the moral hazard issue, insurance companies use deductibles, policy limits, and coinsurance provisions. With coinsurance provisions, the insured firm pays a percentage of the losses in addition to the deductible.
• Adverse selection occurs when an insurance company cannot decipher between good and bad insurance risks. Since the insurance company offers the same polices to all firms, it will attract more bad risks since those firms with poor internal controls are more likely to desire insurance. To combat adverse selection, insurance companies must take an active role in understanding each firms internal controls. Like auto insurance, premiums can be adjusted to adapt to different situations with varying levels of risk.

Question 33

Describe the responsibilities of the board of directors and senior management in stress testing activities

Answer 33

In order to ensure there is adequate oversight, institutions should have separation of duties between the board of directors and senior management. This separation of duties also applies to stress testing. Although the board and management share several common responsibilities, they each have distinct responsibilities within an institution.

Board of Directors

• The board should be sufficiently knowledgeable about the organization’s stress testing activities to ask informed questions, even if it is not directly involved with and does not possess expert knowledge in the stress testing activities or their technical details. Board members should be critical of stress tests by actively challenging assumptions.
• Boards should view results with some degree of skepticism and should not rely on a single stress test exercise, but rather supplement it with other tests and quantitative and qualitative information. Stress testing can serve as an early warning sign, especially in nonstress times, allowing the board to take actions that include adjusting capital levels, increasing liquidity, adjusting risks, or engaging in or withdrawing from certain activities.

Senior Management

• Senior management is accountable to the board and is responsible for the satisfactory implementation of the stress testing activities authorized by the board.
• Stress tests should aid management’s decision making relating to business strategies, risk limits, and the institution’s capital, liquidity, and risk profile.
• Stress tests should be appropriately aggregated, remedial actions should be carried out appropriately, and results should be adequately documented.
• In addition, senior management should ensure that stress testing activities are reviewed by an independent, unbiased party (e.g., through an internal audit).

Question 34

Identify elements of clear and comprehensive policies, procedures, and documentations on stress testing

Answer 34

Appropriate documentation of stress testing policies and procedures is also critical. Documentation should include a description of the stress tests used, their results, main assumptions, any limitations and constraints, and the appropriate remedies.

Question 35

Identify areas of validation and independent review for stress tests that
require attention from a governance perspective

Answer 35

• To enhance the usefulness of validating stress tests, institutions should include nonstress periods (i.e., the “good times” periods) in their models to test their predictive power.
• Ongoing validation and independent review of stress testing activities is an important component of an institution’s governance. Validation and independent review should be unbiased and critical, and they should form part of the institution’s overall validation and review processes.
• Results should be compared with appropriate benchmarks that reflect the institution’s risks and exposures.
• Stress tests for nonstress periods (i.e., “good times”) should be incorporated into an institution’s model to test their predictive power and usefulness. Models used in nonstress periods may require a different set of assumptions given changing risks, correlations, and behavior by market participants.
• Institutions do not need to fully validate stress tests, but limitations, challenges, and proposed remedies should be communicated and disclosed in a transparent manner.
• Validation and independent review should challenge the review process and the qualitative components of the stress test, implement development standards, validate and implement stress tests, and monitor performance.

Question 36

Describe the important role of the internal audit in stress testing governance and control

Answer 36

The internal audit forms a crucial component of an institution’s governance and controls. It is intended to assess the integrity and reliability of an institution’s policies and procedures, including those pertaining to stress tests. Auditors should be independent with sufficient knowledge and technical expertise to conduct their reviews.

The internal audit should verify that stress tests are conducted thoroughly and as intended, and that the staff in charge of these activities possesses the necessary expertise and adheres to the appropriate policies and procedures. An internal audit should also review the procedures pertaining to the documentation, review, and approval of stress tests. Any deficiencies in stress tests should also be identified.

Question 37

Identify key aspects of stress testing governance, including stress testing coverage, stress testing types and approaches, and capital and liquidity stress testing.

Answer 37

Stress Testing Coverage

• Stress testing results may exclude important factors, including portfolios, liabilities, and exposures. As a result, it is important that institutions provide appropriate coverage for stress testing and document what factors are and are not covered.
• Stress testing coverage can be applied to individual exposures, to the entire institution, or to various sublevels within an institution.
• Stress testing should incorporate the relationship between various risks and exposures, and detect risk concentrations and causes of risks that could negatively impact the institution.
• Coverage should be applied on both a short-term and long-term basis.

Stress Testing Types and Approaches

• When stress testing includes scenario analysis, the scenarios selected should be sufficiently robust to be credible to stakeholders (internal and external).
• Scenarios should consider the firm-specific and system-wide impacts of stresses both based on historical analysis and on hypothetical scenarios.
• Cumulative and knock-on effects should be carefully considered.
• For stresses that are done on a firm-wide basis, it is necessary for all business lines to use the same stress assumptions to ensure consistency.
• Stress testing types should include those that extend beyond traditional risk expectations (these include reverse stress tests that “break the bank”) and challenge the entire institution’s viability. This is true even if estimation may be problematic.

Capital and Liquidity Stress Testing

• Capital and liquidity stress testing should be harmonized with overall strategy and planning, and the results should be updated for all material results and events.
• Stress tests should consider the impact of multiple simultaneous risks on earnings, losses, cash flows, capital, and liquidity.
• Stress testing should aid in contingency planning by identifying excess exposures and areas where liquidity and capital positions can be strengthened, or by identifying actions that are otherwise not possible during stressed times (i.e., raising capital).
• Stress testing should consider the effect on subsidiaries that encounter liquidity and capital issues.
• Stress testing should also look at capital and liquidity problems that can arise simultaneously and thereby magnify risks. For example, an institution may need to sell assets at depressed market prices or incur funding costs at above-market rates.
• With respect to capital and liquidity funding costs, institutions should clearly articulate their objectives.

Question 38

Describe the relationship between stress testing and other risk measures, particularly in enterprise-wide stress testing

Answer 38

Practically speaking, there could be up to three major differences in the definition of loss estimates between stress tests and VaR/EC measures:

1. Stress tests usually define losses from an accounting perspective, while VaR/EC measures usually take a market view of losses (i.e., deducting the opportunity cost of equity capital).
2. Historically, stress tests have looked at longer time horizons, whereas VaR/EC measures have looked at point-in-time losses only.
3. Stress tests do not focus on probabilities, but instead focus on ordinal rankings such as “severe,” “very severe,” and “extremely severe.” In contrast, VaR/EC measures focus on cardinal probabilities when interpreting the results of using Monte Carlo simulation (i.e., complicated statistical models) or historical simulation (i.e., actual past results). For example, a 99% VaR loss is interpreted as a 1-in-100 event.

Additionally, stress tests usually develop scenarios that are conditional. For example, regulatory stress tests tend to use the current period as a departure point in order to develop several hypothetical scenarios. In contrast, VaR/EC measures tend to develop unconditional scenarios.

Question 39

Explain the importance of stressed inputs and their importance in stressed VaR

Answer 39

Stressed inputs have been used in analyzing market risk and for both supervisory and internal purposes within financial institutions. The revised Basel market risk capital framework mandates the use of stressed inputs— for example, a stressed value at risk (SVaR) measure. Such a measure is meant to mimic a period of market stress and would be computed using a 10-day, 99th percentile, one-tailed confidence interval VaR measure of the investment portfolio.

Stressed inputs have been used in analyzing market risk and for both supervisory and internal purposes within financial institutions. There is a mandated use of stressed inputs, stress tests, and stressed parameters by the Basel Accords. Stressed VaR can be used to analyze the potential losses for an investment portfolio. In addition, it can be used to compute the capital charge for credit valuation adjustments (CVAs).

Question 40

Identify the advantages and disadvantages of stressed risk metrics

Answer 40

A key advantage of using stressed risk metrics is that they are conservative. In other words, the nature of the calculations should allow more-than-sufficient capital to be set aside for unexpected losses for future stressed events.

On the other hand, a key disadvantage is that risk metrics are stressed and will not
necessarily respond to current market conditions. Instead, they will be impacted mainly by portfolio assets.

Question 41

Describe weaknesses identified and recommendations for improvement in the use of stress testing and integration in risk governance

Answer 41

Weaknesses

• Lack of involvement of board and senior management. Banks that did not have the active involvement of senior management and the board were likely hit hard by the recent financial turmoil.
• Lack of overall organizational view. Prior to the recent crisis, stress testing in many banks was conducted by separate units concentrating on a risk function or a business line without taking into consideration the overall impact on the bank under stress conditions.
• Lack of fully developed stress testing. Stress testing for market risks has been conducted for years but stress testing for credit risk is quite recent, and stress testing for other risks (e.g., operational) is still in its infancy. Moreover, prior to the crisis, there was no mechanism in place to identify the correlations among various risks. Therefore, stress testing did not adequately identify correlated exposures and risk concentrations across the bank.
• Lack o f adequate response to crisis. Stress testing methods were not flexible or effective enough to respond swiftly and comprehensively to the changing conditions as the crisis developed.

Recommendations

• Stress testing, overall governance, and risk management. A stress testing program should constitute a critical component of a bank’s governance and risk management planning.
• Comprehensive stress testing program. A bank should operate a comprehensive stress testing program, focusing on four major areas:
  
  • Risk identification and management.
  • Alternative risk perspectives.
  • Liquidity and capital management.
  • Communication (both internal and external).
• Multiple perspectives and techniques. Stress testing programs involve various phases and steps, including identification of risk events, application of modeling techniques, implementation of test procedures, and use of the results for refining the risk mitigation strategies.
• Written policies and documentation. Procedures and written policies should be adequately documented to govern a stress testing program.
• Sound infrastructure. To implement the stress testing program effectively under times of stress, a bank should have in place a sound, adequate, and flexible infrastructure as well as data collection arrangements.
• Regular assessment. Evaluation of the effectiveness and robustness of stress testing programs should be conducted on a regular basis, on both a quantitative and qualitative basis.

Question 42

Describe weaknesses identified and recommendations for improvement in the use of stress testing methodologies

Answer 42

Weaknesses

• Inadequate infrastructure. Banks did not have adequate infrastructure (and data collection systems) in place that would enable them to quickly identify risk exposures and aggregate them at an institutional level.
• Inadequate risk assessment approaches. Stress testing methods were based on an underlying assumption that risk is generated by known and non-stochastic processes, which would mean that future risk events could be forecasted reasonably well, ffowever, recent turmoil clearly revealed the fallacy of such an assumption and demonstrated that risk assessment approaches that resulted from these methods were ineffective.
• Inadequate recognition of interactive effects. The recent financial crisis has generated strong examples of feedback, spillover, and system-wide interactional effects.
• Inadequate firm-wide perspective. Stress testing prior to the crisis was mostly geared toward individual business lines, products, and risk exposures without having a comprehensive firm-wide perspective. Firm-wide testing can generate synergistic effects, enabling a bank to better identify and manage risk.

Recommendations

• Comprehensive stress testing. Stress testing should be comprehensive, covering business areas and risk exposures as individual entities and on a firm-wide level. It should examine the impact of stress events (shocks) on risk factors while taking into consideration feedback and spillover effects due to correlations.
• Risk concentrations. A bank may develop risk concentrations along different dimensions, including concentrations in name, industry, region, single or correlated risk factors, offbalance sheet, contractual or non-contractual (reputational) exposures. Stress testing should enable a bank to identify and control risk concentrations.
• Multiple measures. In order to develop an adequate understanding of the impact of stress events on a bank’s overall performance, profitability, operations, and viability, numerous measures should be used. For example, a bank should measure the likely impact of stress conditions on asset and portfolio values, accounting and economic profits (losses), funding gaps, and capital requirements.

Question 43

Describe weaknesses identified and recommendations for improvement in the use of stress testing scenarios

Answer 43

Weaknesses

• Lack of depth and breadth. Prior to the recent financial turmoil, banks used stress testing scenarios that were ineffective in capturing extreme shocks.
• Lack of adequate techniques. Banks have employed numerous techniques, including sensitivity analysis to generate testing scenarios. Sensitivity analysis does not take into consideration the feedback effect resulting from correlations among various risk factors, positions, and markets, since it focuses only on the impact of a shock on a single factor at a point in time while holding all other factors constant.
• Lack of forward-looking scenarios. Historical and hypothetical scenarios as used by banks turned out to be less effective in the context of the recent crisis because they were based on shocks with smaller intensity, a shorter length of time, and insignificant risk correlations.

Recommendations

• A variety of events. Stress testing should cover scenarios encompassing a variety of events and varying severity levels, both at micro and macro levels.
• Futuristic outlook. Scenarios should be developed based on potential future events, emerging risks, new products, and asset and liability composition, rather than historical relationships, which may not continue in the future due to changing risk dynamics and market characteristics.
• Synergy effect. In order to develop effective future scenarios, opinions and forecasts should be collected and synthesized from experts and senior management across the bank.
• Time horizon. Stress testing should cover various time horizons along with liquidity conditions.
• Reverse stress testing. Reverse stress testing involves three phases: outcome, events, and hedging. First, reverse stress testing starts from a scenario with a known outcome, such as severe capital inadequacy, panic deposit withdrawals, or insolvency. Second, an assessment is made as to what kind of events, isolated or correlated, firm or market specific, or other events, can lead to the outcome. Lastly, a bank evaluates the effectiveness of its risk management (e.g., hedging) strategies to cope with the events likely to produce the outcome, including an extreme outcome, such as insolvency.

Question 44

Recommendations for improving stress testing of risk arising from the use of complex structured products

Answer 44

There are several recommendations for improving the stress testing of risk arising from the use of complex structured products.

• A stress test should use all the relevant information about an underlying asset pool. For example, quality of loans, creditworthiness of the borrower, maturity, and interest rates.
• Impact of market conditions. For example, investors are subject to prepayment risk if market mortgage rates decline below the rates on existing mortgages.
• Contractual obligations. For example, contingent funding agreements in which firms ensure timely payment of interest and principal if certain agreed upon conditions occur.
• Subordination level of a specific tranche. For example, a tranche may offer cash flows only after payment has been made to other tranches, meaning that such a tranche exhibits higher risk, particularly under stress conditions.

Question 45

Recommendations for improving stress testing of basis risk

Answer 45

• Basis risk can arise from various sources, including low correlation between the price movement of underlying cash instruments and the futures contracts, cross hedging, and relative illiquidity of futures contracts.
• Banks tend to focus on directional risks but ignore the essence of basis risk while conducting stress testing. Therefore, they could not adequately ascertain the effectiveness of their hedging strategies utilizing futures contracts. Banks can improve stress test handling by taking basis risk into consideration.

Question 46

Recommendations for improving stress testing of Counterparty Credit Risk

Answer 46

Monoline insurers - provide default protection insurance to issuers of various securities in a specific industry.

• A wrong-way risk emerges when the probability of default of counterparties increases as a result of general market conditions (general wrong-way risk).
• Based on the lessons learned from the recent global financial crisis, it is recommended that banks include the potential risks, arising from financial conditions of counterparties, market spillover, and feedback effects under severe stress conditions.

Question 47

Recommendations for improving stress testing of Pipeline Risk

Answer 47

Securitization, creating investment securities from a pool of underlying assets, is used by banks to expand sources of funding, free-up balance sheet space for higher yielding or safer assets, and generate extra revenue. A bank can be exposed to many other risks, including liquidity risk due to lack of access to the securitization market. Such risk is called pipeline risk (a.k.a. warehouse risk).

Prior to the recent crisis, banks conducted stress tests based on the assumption that pipeline risk would be minimal or non-existent. That is, banks believed that securitization markets would continue to operate smoothly, and if there were any disruption, it would not exist for long. That was certainly not the case with recent subprime securitization. Given the recent experience, a bank should include pipeline risk into its scenario stress tests. Regardless of the probability of the securitization of assets, banks should include such exposures in stress testing procedures for effective management of pipeline risk.

Question 48

Recommendations for improving stress testing of Contingent Risk

Answer 48

There are several sources of contingent risk, including the potential risk arising from the process of securitization and creation of off-balance sheet vehicles, such as special purpose entities (SPEs). As mentioned, securitization enables a bank to free-up balance sheet space (by selling loans to SPEs). However, banks are obligated to inject credit and liquidity to offbalance sheet entities due to contractual agreements or reputational concerns. Banks provide support to off-balance sheet entities, even when they are not obligated to avoid a materially adverse impact on their reputation. Therefore, banks expose themselves to the potential risk involved in fulfilling their commitments, contractual or otherwise, to off-balance sheet vehicles. Such risk may intensify if banks are facing tough times themselves.

Stress testing should include scenarios to assess the bank’s exposure to off-balance sheet commitments, both contractual and reputational.

Question 49

Recommendations for improving stress testing of Funding Liquidity Risk

Answer 49

Stress testing conducted by banks did not capture the nature, size, duration, and intensity of the recent crisis. It did not assess funding liquidity risk adequately and also failed to recognize the interrelationship between funding liquidity risk and market (or trading) liquidity risk.

Question 50

Recommendations to Supervisors on improving stress-testing processes

Answer 50

1. Assess stress testing methods.
2. Take corrective actions. In the event that stress testing procedures or analysis is deemed inadequate, a supervisor should push for corrective actions.
3. Challenge firm-wide scenarios. It is necessary for supervisors to question the use of stress tests that produce unrealistic results or are inconsistent with a bank’s risk appetite.
4. Evaluate capital and liquidity needs. Under the Basel II Accord, banks should conduct an analysis of their stress tests when assessing both capital requirements and liquidity. The ability to meet capital requirements during stress scenarios is crucial to ensure that a bank will remain solvent if such an event occurs.
5. Apply additional stress scenarios. It is prudent for supervisors to conduct additional stress tests using common scenarios within a bank’s jurisdiction. These additional scenarios would complement the bank’s existing stress scenarios and should be relatively easy to implement.
6. Consult additional resources. In order to expand their knowledge of stress testing, supervisors should consult with other experts to identify potential stress vulnerabilities.