The German Banking Industry Committee (GBIC) welcomes the fact that the EBA has incorporated some of the suggestions made in the previous consultation (EBA/CP/2016/28) in the present Draft Guidelines on institution’s stress testing. However, as key arguments we advanced in our comment letter dated 18 March 2016 were not adopted, we would like to take this opportunity to make them again.
As a general comment, the level of detail of the requirements for internally performed stress tests mentioned in the EBA Draft Guidelines goes far beyond the German requirements on stress testing. Without an adequate assessment of the principle of proportionality, German institutions in particular would be impacted disproportionately heavily by the guidelines on stress testing. For example, the EU-wide harmonisation of the stress testing taxonomy would lead to considerable additional effort for German institutions, as all existing documentation would have to be adapted and tightened up (without any discernible value added). Additionally, the Guidelines impose very stiff requirements for stress testing governance whose level of formalisation is new for both German institutions and German supervisory practice (assessment procedures and scope). The GBIC therefore anticipates that substantial effort and resources will be needed to extend supervisory practice in Europe.
2. Specific comments
(1) Definitions/Taxonomy (section 2)
According to paragraph 9 point (11), second-round or feedback effects generally amplify an original shock. We assume that they may mitigate an original shock as well and suggest amending the wording accordingly.
The taxonomy surprisingly lacks a definition of the key term “stress test”. Such a definition should be included because various national supervisors have drafted their own definitions of “stress test”. This definition should also make clear where stress scenarios stand in relation to the implicitly or explicitly used scenarios in “regular” risk measurement. This question basically concerns all types of risk, but can be illustrated particularly well by taking operational risk as an example: institutions which use the AMA must use scenario analyses as an element in calculation of their own funds requirements. Where do stress scenarios for operational risk stand in relation to AMA scenarios (when it comes to the frequency of occurrence, level of loss parameters, etc.)?
(2) Implementation (section 3)
The GBIC is calling for a later application date for the following reasons:
Institutions should be given enough time to further develop their stress testing internally through adequate implementation periods, since the new requirements go beyond the CEBS Guidelines. We therefore suggest making a distinction as far as possible in all areas of the guidelines between requirements that have to be complied with, at a minimum (“at least”), from the end of 2018 and further requirements. For these further requirements, staggered, gradual implementation over a period of several years should be specified.
When setting the requirements that have to be complied with, at a minimum, from the end of 2018, it should be borne in mind that a large number of parallel stress testing requirements are currently set at national and international level (e.g. EBA 2018 stress test, SREP exercise, ICAAP and ILAAP). In addition, the GBIC takes the view that bank-specific supervisory expectations as regards the stress test framework should be communicated to and discussed clearly with the individual institutions. Sufficient time must be given to the institutions and the competent supervisory authorities to do this.
The operational risk stress testing requirements are formulated for all banks, irrespective of the approach applied to assess the exposure to operational risk, with some specific requirements for AMA banks. Considering the finalised Basel Committee guidelines on the standardised approach to operational risk (December 2017), the consultation on stress testing requirements should be prolonged to ensure proper consideration of the latest developments in the area of operational risk.
(3) Stress testing programme (section 4.1)
Paragraph 18 calls for a backtesting tool to be included as part of the annual validation. For a stress situation that experience shows will occur rarely, this does not appear to be optimal. A softer formulation for a qualitative assessment would be desirable here.
According to paragraph 20, we believe that the requirements set for documenting stress testing programs are understandable and right. When applying case-based stress tests, the persons entrusted with conducting the stress test need enough freedom to be able to consider new ideas and potential threats (‘thinking outside the box’). In this case, the documentation defined in full in paragraph 20 may be counter-productive. We recommend allowing institutions a certain amount of freedom when documenting case-based stress tests. In addition, it should be made clear in paragraph 20 (d) that only IT applications that are used additionally and exclusively for stress testing should be included. Where a central inventory exists, reference can be made to it.
(4) Governance aspects of stress testing (section 4.2)
According to paragraph 23, while the management body will stipulate scenarios and have key results reported to it, its full involvement in the design and implementation of a stress testing program is not practicable for large and complex institutions. The involvement of the management body should be inversely proportionate to the size of an institution: the bigger the institution, the more the stress testing program will be delegated to senior management or rather committees. The definition of “management body” should therefore also cover dedicated stress testing committees.
According to paragraph 25 (c), management actions are to be discussed with the competent authorities. We believe that this formulation is still unclear because it does not indicate unambiguously the extent to which management is required to discuss the actions with the competent authorities, or whether the supervisory authorities must approve the management actions. We are therefore urging deletion of the last clause “…and discuss them with the competent authorities”.
Paragraph 31 states that the outputs of the stress tests should be used as an input for the institutions’ risk appetite and limits. We wish to point out that the purely quantitative use of the outputs would be neither appropriate or easy to implement. In this respect, the GBIC advocates the use of qualitative outputs as an additional input for risk appetite and limits.
(5) Data Infrastructure (section 4.3)
According to paragraph 49, the requirement that correlations should, in principle, be increased in all scenarios is one we do not understand. Instead, case-by-case analysis of how certain correlations behave in scenarios is required. We thus recommend wording the requirement more precisely so that institutions also have to analyse in stress testing whether the correlations set may increase.
(6) Portfolio and individual risk level stress testing (section 4.4.2)
Paragraph 50 addresses the performance of stress tests at the level of individual portfolios covering “all risk types”, whereas the German Minimum Requirements for Risk Management (MaRisk) currently refer only to material risks. Please limit this to “material” risks.
(7) Proportionality (section 4.5)
In general, the document contains in part highly detailed and complex requirements for the methodologies and performance of the institution’s internal stress tests. In light of this, it is important for the principle of proportionality to be defined in more concrete terms.
As guidelines under Pillar II, the entire stress testing guidelines should, in our view, be applied with the principle of proportionality in mind. This is not always made clear enough in the wording of the guidelines, however. For example, some sections (2, 3 and 4) contain a proportionality proviso, others do not. In contrast, the Background and rationale section (p. 6-8) accompanying the guidelines contains a very clear statement on how proportionality could play out in smaller financial institutions. We therefore suggest incorporating this section into the wording of the actual guidelines (from p. 10).
Paragraph 57, too, contains an important statement on proportionality which would gain in value by being applied to the guidelines as a whole.
As they currently stand, the Guidelines can be expected to have a considerable impact on small and medium-sized institutions in particular. In the view of the GBIC, smaller (less significant) institutions should therefore be expressly excluded from the data infrastructure (section 4.3) and reverse stress testing (section 4.6.5) requirements, or should be excluded from them as a general rule (possibly with an opt-in for the competent authority). With regard to reverse stress tests, we are not convinced that a stress test calibrated to a “non-viable business model” can offer the right incentives for regular day-to-day risk management.
In terms of the definition of stress tests, we are also concerned that exaggerated stress tests could lead, in cases of doubt, to restrictions on the business strategy. We are therefore advocating the use of appropriate stress parameters – especially relating to the simultaneous occurrence of several risk types. From our perspective, managing exaggerated stress risks is inappropriate. The GBIC believes that a critical debate would surely be more expedient.
(8) Stress testing types (section 4.6)
Particularly in section 4.6, the draft guidelines set requirements that make internal bank stress testing extremely burdensome. This section calls for various analyses and calculations for which, in turn, further requirements (for each analysis and calculation) are set. The resulting amount of stress test analysis that has to be performed is excessive, as is shown by the following cumulative requirements.
With regard to reverse stress tests (section 4.6.5), we believe that the fact that they must be firmly embedded into the institution’s planning is particularly problematic. We think this contradicts fundamental planning principles, at least for a going concern perspective.
(9) Scenario analysis (section 4.6.3)
Paragraph 75 uses the terms “main risk factors”, “material risk factor” and “relevant risk factors”. A clearer distinction would be desirable here, e.g. in the sentence in 75. a) “… No material risk factor should be left unstressed or unconsidered”. Although all risk factors may be changed to enable a consistent scenario, they are not necessarily stressed in all cases. For example, the interest rate can be changed, but this does not inevitably lead to a stress scenario. This means that “unstressed or” should be deleted.
(10) Reverse stress testing (section 4.6.5)
In paragraph 85, the use of reverse stress testing to determine the severity of ICAAP and ILAAP scenarios is impracticable, in our view. Reverse scenarios may well make sense as a tool for assessing plausibility in an overall context; severity should, however, be determined via risk appetite and coherent scenario specifications that management can understand.
Paragraph 88 requires institutions to identify measures that provide alerts when a scenario turns into reality. This (potentially too one-dimensional) approach basically only makes sense to a limited extent, as scenarios never materialise exactly as anticipated. Instead, we believe that reference to the recovery indicators that are to be developed as part of recovery plans would be more sensible.
All requirements of paragraph 97 are laid down in more detail in EBA/GL/2014/06 and should be dropped, in order to avoid intersecting or redundant requirements.
According to paragraph 98, stress tests for ICAAP and ILAAP purposes and recovery planning should not be interlinked but compared to one another. The requirement in this paragraph that stress scenarios and ICAAP/ILAAP stress tests should not be interlinked appears to be a contradiction, since it is stipulated elsewhere that ICAAP/ILAAP scenarios and reverse scenarios on the one hand and reverse stress tests and stress analysis on the other hand should be interlinked. Paragraph 224 evidently also assumes interlinking.
Paragraph 101 does not fit into these guidelines, in our view, but more into guidelines on recovery planning and should therefore be deleted.
(11) Credit and counterparty risk (sections 4.7.1)
Credit risk stress testing should encompass everything from simple sensitivity analyses to stress scenarios (paragraph 107). It should be performed both at different levels – market-wide, counterparty-specific, sector-specific – or a combination of these (paragraph 107) and with different time horizons (paragraph 109). In the process, the numerous sensitivity analyses required under paragraph 66 ff. of the draft guidelines, must be considered. The large number of stress tests is again increased many times over if the impact of stress testing before and after management actions has to be explained (paragraph 197). Seen cumulatively, these examples show that an overall reduction in requirements is needed to avoid an exorbitant number of stress test analyses.
In paragraph 114, it is assumed that PDs applied in the calculation of capital requirements are “usually” through-the-cycle (TTC) PDs. This is not correct. As far as we know, the majority of rating systems use a combination of point-in-time (PIT) and TTC PDs. As a consequence, paragraph 114 should be deleted because the basic assumption behind the paragraph is not correct.
(12) Operational risk (section 4.7.4) / conduct related risk and associated litigation costs (section 4.7.5)
The requirements for stress testing of operational risk and conduct related risk are formulated separately, though conduct risk is included in the scope of operational risk as part of legal risk. It is not clear why parts of the scope of operational risk should be considered separately for stress testing purposes and how such results should be integrated into bank-wide stress testing scenarios.
Paragraph 133: Intrinsic impacts and loss of future earnings due to OpRisk events are supposed to be included in the stress test. This contradicts the current logic in the capital account and is not currently captured or captured in a suitable quality. These impacts should not therefore be included in the stress test.
Paragraph 133: When using historical data, external data or scenarios as inputs for both P&L and RWA projections, institutions should take into account and avoid possible double counting effects. The following ambiguity should be eliminated: does the double counting refer to the inputs (in which case it would be understandable) or to the P&L and RWA projections (a P&L effect would also impact the RWAs)?
Paragraphs 138, 139: There are several references that stress tests should include severe but plausible events, which already happens in the AMA via the scenarios. Double counting should therefore be avoided at all costs.
Paragraph 140: It is vital for scaling and exclusion to be retained in the stress test. These are CRR methods for including relevant data in the model and excluding irrelevant data. Only relevant data should be stressed in stress scenarios and it does not make any sense to use irrelevant data (transactions that the bank does not enter into).
We also propose deleting the words “... as part of the legal risk” in paragraph 141 because it should be up to the institutions to define the hierarchy of risks.
According to paragraph 144, as is known, future losses are duly covered by means of provisioning under accounting rules. We still do not consider it appropriate to assess expected losses in excess of existing accounting provisions and factor these in projections.
Paragraph 146: This point should be limited to material risks, i.e. only risks above a certain threshold, so that only the material events are documented. There should also be an option to dispense with the disclosure of figures if this is legally disadvantageous (e.g. because it could be viewed as an admission of guilt).
(13) Interest rate risk from non-trading activities (section 4.7.7)
Including secondary/feedback effects at the single level appears difficult to us because it is almost impossible to support them quantitatively (paragraph 167). Instead, a reference to, for example, the macro-scenarios of the European Systemic Risk Board appears to be more expedient (as well as an appropriate reflection of them at the overall level).
(14) Concentration risk (section 4.7.8)
With regard to concentration risk, correlations between risk factors are to be increased and extreme changes in risk parameters to be stressed, taking into account second round effects in the process (paragraph 174). Such deliverables can only be computed on a statistically uncertain basis and do not lead to more acceptance of stress testing among decision-makers in institutions. The concentration risk indicators mentioned in paragraph 177 (Herfindahl-Hirschman Index (HHI) and Gini coefficients) produce pressure on institutions to justify themselves if they do not use these indicators. It would be better not to mention any indicators here. These indicators should, at any rate, only be mentioned as possible aids to analysis and not specified in the form of an exhaustive list.
Furthermore, we regard the established indicators such as marginal value-at-risk as appropriate and adequate to capture concentration risk in credit risk.
(15) Foreign exchange lending risk (section 4.7.9)
According to paragraph 184 (e), IRBA models should be able to capture client-related FX lending risk through higher risk weighting of assets. This is an additional IRBA minimum requirement that would have to be inserted in the CRR, where it is not mentioned. As the guidelines are not allowed to alter “Level 1 rules”, paragraph 184 (e) should be deleted.
(16) Stress testing for ICAAP/ILAAP purposes (section 4.8.1)
According to paragraph 189 (c), for globally active institutions that also have to use the ICAAP in the APAC region, the requirement to perform “comprehensive institution-wide stress testing …reflecting all entities” poses considerable problems. The APAC ICAAP is, as has been demonstrated, subject locally to other rules that are not compatible with the European approach. Should European and APAC rules not be aligned, we kindly request deletion of this paragraph.
According to paragraph 189 (d), a minimum period for ICAAP stress tests makes no sense, in our view, because the ICAAP should cover all overarching scenarios, also rapid impact ones. At most, a requirement to at least assess one scenario with a minimum duration of two years makes sense. In view of the modelling uncertainties, we do not see any potential increase in understanding that would result from a two-year scenario, but not from a one-year scenario.
In addition, it should be explained how the two-year time horizon is to be understood. Does it mean a rolling period of two years from the date the stress test is set up, the next two accounting reference dates, or the earliest future accounting reference date that is more than two years after the date of the stress test?
At present, the ICAAP stress test is used in Germany for internal management at the banks; the use of ICAAP results for supervisory purposes is specified by the national supervisor as part of the SREP. We believe that this sort of flexibility for national supervisors continues to be necessary in order to take due account of the heterogeneous nature of the bank management systems. We are therefore requesting a lower level of detail for paragraphs 189 – 192.