Dodd-Frank Stress Testing – The Submission Deadline Looms
The deadline for banks and financial institutions in the US to submit their capital plans and the results of their own stress tests to the Federal Reserve Board is fast approaching – 06 April 2020.
The Federal Reserve Board aims to evaluate how large banks will perform during a severe global recession, in addition to providing information on how leveraged loans and collateralized loan obligations may respond to the same.
Given the current COVID-19 spread, these stress test exercises as part of the Comprehensive Capital Analysis and Review (CCAR) and the Dodd-Frank Act are indeed timely. This year’s stress tests will evaluate 34 large banks with more than $100 billion in total assets.
Needless to say, data plays a critical role in the complex process of stress testing, and most stress tests are conducted wholly or partially via Shadow IT and End User Computing (EUC)-based models including spreadsheets in banks and financial institutions. Institutions must therefore pay much closer attention to the data manipulated in EUC tools to satisfy demands from regulators of the governance of models. If not, the possibility of regulatory censure looms.
A single spreadsheet error can wreak havoc
In fact, Dodd-Frank Act Stress Test instructions include guidance on supervisory expectations, and specifically that model inventories should include significant EUC applications that support financial modeling projections, both directly and as indirect, data feeder files. With the recognition that models are made up of multiple components for data input, processing and reporting has brought many thousands of EUC applications within the scope of model risk management obligations. Traditional model risk management processes aren’t able to create and maintain these enormously expanded inventories.
Financial institutions must accurately and adequately demonstrate the ancestry and validity of their data. But undertaken manually, it is challenging. Banks rely on numerous (even hundreds) of spreadsheets to support their models. Even a single data error in one file can proliferate across a wider EUC landscape, feeding inaccurate data into a model to produce inaccurate outputs. Spreadsheets are cumbersome and contain a vast amount of data, stored in multiple sheets, making discrepancies difficult to identify. This is further compounded by linkage of these applications to each other via formulae, creating an environment where changes and discrepancies are not visible, often occurring in data not intended to be viewed after initial data input.
Automating EUC management around Dodd-Frank
Additionally, spreadsheets are frequently shared and transferred between users, resulting in multiple documents, only one of which is up to date. If they are not stored and labelled correctly, subsequent users are unable to identify which spreadsheet is the current version containing up to date data, and which, potentially is causing discrepancies from the use of old or incorrect data.
The answer lies in automating the EUC management processes. It helps ensure data quality and transparency – how data is created and where transformations in the data models are occurring. Technology can facilitate the adoption of best practice processes to ensure data quality by embedding governance into the business operation, supporting everything from creation of new EUC applications through to eventual decommissioning of these files.
With banks understanding and controlling the entire data ecosystem that surrounds the stress testing model, it becomes possible to establish what type of EUC the data is coming from – e.g. spreadsheets or access databases; whether it is a single spreadsheet or multiple spreadsheets that feed data into the model; and what the data linkages between the various data feeds are etc.
This visibility comes from a process of discovery including scanning file shares and repositories; as well as analysing the overall EUC estate structure, properties and content. Banks can rank the inventory of files by the level of risk (or materiality) they pose based on the risk appetite of the organisation, providing a holistic view of the complex web of data flows, on an ongoing basis.
A technology-led approach to EUC data quality management eliminates the need for manual checking as well as credibly demonstrating the validity of stress testing models and the accuracy of the corresponding outputs to satisfy the regulators. EUC management solutions enable financial institutions to set up data change management processes and control mechanisms, supported by an audit trail to ensure that the integrity of the data is always maintained.
Delivering the major value inherent in data
Importantly, the application of expert judgment by users by altering data sets in spreadsheets to improve the alignment between theoretical calculations and the real world isn’t compromised. The automation offered by technology solutions facilitates re-attestation of the models, and tools that feed them, with the real-time reporting and monitoring functionality and data, so banks can periodically re-evaluate the models and tools to ensure that they are indeed working as desired by the organisation.
Ultimately, while organisations are faced with meeting stringent regulatory requirements, the major benefit of quality data is that it can be utilised strategically to meet business goals. The automated management process can be easily adapted for many other regulations, hereby contributing to overall risk management and bottom-line benefits.