Stress testing Guideline

June 2012

Introduction

The financial crisis of 2008-2009 highlighted certain weaknesses in stress testingA risk management technique used to assess the potential vulnerability of a financial institution by testing defined and exceptional, but plausible, adverse scenario. frameworks, chief among them the fact that stress testing was not adequately incorporated into the integrated risk managementA set of practices and processes, supported by a risk-aware culture and enabling technologies, that improves decision making and performance through a holistic view of a financial institution’s set of risks. and decision-making processes of financial institutions.

International standards pertaining to sound and prudent risk management, set out by bodies such as the Basel Committee on Banking SupervisionBasel Committee on Banking Supervision. International Convergence of Capital Measurement and Capital Standards, June 2006; Core Principles for Effective Banking Supervision, October 2006; Basel III: A global regulatory framework for more resilient banks and banking systems, June 2011; Principles for sound stress testing practices and supervision, January 2009. and the International Association of Insurance Supervisors,International Association of Insurance Supervisors. Stress Testing by Insurers, Guidance Paper, October 2003; Insurance Core Principles, Standards, Guidance and Assessment Methodology, October 2011. encourage institutions to adopt a forward-looking view in the management of their day-to-day activities, strategic planning and capital management. The AMF’s expectations regarding stress testing are based on the fundamental principles set out by international bodies.

The AMF believes that an effective stress testing program helps both to improve risk management practices and decision-making and to prepare financial institutions for difficult market conditions. Stress testing should therefore be an integral part of an institution’s integrated risk management policyA set of general principles adopted by a financial institution for conducting its activities in a given area. .Autorité des marchés financiers. Integrated Risk Management Guideline.

In light of this, financial institutions should implement a stress testing program to identify the sources, types and scope of risks to which they are exposed.

The sophistication of the approaches and techniques used in the program will depend on the nature, size, complexity of activities and risk profileA financial institution’s overall level of risk exposure that is based on an evaluation of the risks inherent in the financial institution’s significant activities, its ability to manage risks, its financial condition and its commercial practices. of the institution. It is thus the responsibility of each institution to develop a stress testing program tailored to its needs and based on its risk appetiteThe aggregate level and types of risk a financial institution is willing to assume to achieve its strategic objectives and business plan. and risk toleranceRisk tolerance sets boundaries on the level of risks a financial institution is prepared to accept based on its risk appetite. .

It will also be the responsibility of each institution to choose the type, scope, time and frequency of its stress testing.

With respect to insurers specifically, the AMF acknowledges that dynamic capital adequacy testing (“DCAT”) is one component of stress testing. This guidelineA document that describes the steps that financial institutions can take to satisfy their legal obligation to follow sound and prudent management practices and sound commercial practices. does not present stress testing as replacing DCAT, but rather as a complementary tool used, for example, to introduce more severe scenarios and approaches underlying scenario testing.

The purpose of this guideline is to set out the AMF’s expectations of financial institutions with respect to stress testing. The AMF administers various sector-specific actsInsurers Act, CQLR, c. A-32.1, section 463; Deposit institution and deposit protection Act, CQLR, c. I-13.2.2, section 42.2; Act respecting financial services cooperativesA legal person in which persons with common economic needs unite to form a deposit and financial services institution to meet those needs. , CQLR, c. C-67.3, s. 565.1; Trust companies and savings companies Act, CQLR, c. S-29.02, section 254. authorizing it to provide financial institutions with guidelines pertaining to sound and prudent management practice.

 

1. Concept and approaches underlying stress testing

Stress testing is a risk management tool used to assess the potential vulnerability of a financial institution to exceptional but plausible events.Committee on the Global Financial System. Stress Testing by Large Financial Institutions: Current Practice and Aggregation Issues, April 2000. These events are known for their severity and low probability of occurring, and include extreme or worst-case events.

More specifically, stress testing can be used to assess the potential impact of events or movements of combined factors on the different components of an institution (sectors, portfolios, etc.) in terms of financial position.

Three main approaches generally underlie the techniques used in performing a stress test.

1.1 Sensitivity analysis

This approach consists in varying a single risk factor or a limited subset of risk factors. This is therefore referred to as a testing approach where the scope of the shock(s) considered is not reflected in all the factors that would be affected by the shock(s).

The main advantage of this approach is that it can be used to isolate the contribution of a limited set of factors to the institution’s risk profile.

For example, an institution might wish to measure the impact of a sudden, short-term drop in interest rates on its profitability, but disregard the cause of the drop and its impact on the economy.

1.2 Scenario analysis

This approach is designed to assess the impact of a simultaneous variation in a complete set of factors in order to reflect an event that could occur in the future. The event underlying the scenario should be clearly defined.

A scenario analysis includes the initial shock and all secondary effects on all pertinent factors, which are beyond the institution’s control.

A scenario analysis of a short-term drop in interest rates would specify the cause of the drop and, unlike a sensitivity analysis, would also include its effects on all other pertinent economic factors for the institution.

The scenarios developed can be historical, i.e. based on past events that are deemed likely to recur, or hypothetical, i.e. based on plausible events that have not yet occurred. They should incorporate atypical elements, such as the effects of a perfect correlation between types of risk in a stress situation.

The parameters (factors considered, scale of shocks, etc.) may differ from one scenario to another, but must be consistent with one another and relevant to the purpose of each of the analyses.

A scenario analysis provides a more complete picture of the potential impact of shocks, but is also more demanding in terms of resources. In this regard, the AMF will not expect an institution that has relatively simple operations to carry out this type of analysis on a regular basis.

1.3 Reverse stress testing

Reverse stress testing is intended to identify events or economic conditions that could jeopardize the solvency of an institution or cause it other major damage, such as injury to its reputation.

This approach operates through back analysis, because it involves first identifying the types and extent of losses with serious consequences, then determining events that could result in such losses. It can help identify qualitative risks (not based on a probability distribution), such as the impact of losing a major client on solvency.

Reverse stress testing includes the following main advantages:

  • encourages the design of integrated scenarios;

  • determines the plausibility of scenarios more easily;

  • fosters the identification of risk concentrationA single exposure or group of similar exposures with the potential to produce large losses or a material change in a financial institution’s risk profile. s in and/or among sectors of activity;

  • facilitates the identification of certain hidden risks and vulnerabilities;

  • helps the institution identify interdependence among various sources of risk and potential inconsistencies in risk mitigation plans;

  • fosters integrated risk management.

 

2. General framework

Principle 1: Roles and responsibilities of the board of directors and senior management

The AMF expects stress testing to form an integral part of the institution’s integrated risk management and be supported by sound governance.

The commitment of the board of directorsA body of elected or appointed individuals ultimately responsible for the governance and oversight of a financial institution. , senior managementThe group of individuals responsible for managing a financial institution on a day-to-day basis in accordance with the strategies and policies set by the board of directors. , the chief risk management officer or a person in charge of this function is essential to the efficient and effective operation of the stress testing program. The board of directors should foster a culture, implemented by senior management, that encourages discussions, which can go so far as to challenge the assumptions formulated, among the personnel involved in implementing and operating the stress testing program and in analyzing the results.

The discussions should include the program objectives, scenario development and the decisions based on the interpretation of the results. A particular effort should be made, when the size of the institution so permits, to seek the participation of personnel who are experts in a pertinent field but who are not necessarily involved in the program.

Roles and responsibilities of the board of directorsWherever reference is made to board of directors, this can be a committee of the board, for example, formed for the purpose of examining specific issues

The board of directors has the ultimate responsibility for the stress testing program. It should, in particular:

  • ensure that the institution has a stress testing program as one of its risk management and prevention tools;

  • approve the program, as well as any significant changes that may be made thereto;

  • be informed, regularly and in writing, of the main findings of the stress tests and the implications thereof on the institution’s risk profile;

  • be informed of the possible risk mitigation strategies.

Roles and responsibilities of senior management

The roles and responsibilities of senior management and the chief risk management officer with regard to the institution’s stress testing program are primarily as follows:

  • to approve stress testing program monitoring and management proceduresA set series of tasks to be performed. It is generally the result of imperatives that cannot be negotiated by the individual who applies it. ;

  • to implement, manage and ensure the monitoring of the stress testing program applicable on an institution-wide basis;

  • to take part in determining test scenarios that are exhaustive, comprehensible and applicable to the institution;

  • to incorporate stress test results into the institution’s risk toleranceRisk tolerance sets boundaries on the level of risks a financial institution is prepared to accept based on its risk appetite. review process, definition of acceptable risk and assessment of long-term strategic optionsA contract under which the holder has the right, but not the obligation, to buy or sell a specific number of shares at a predetermined price during a specific period of time. ;

  • to help develop risk mitigation strategies;

  • to document the stress testing program and each of its components (scenarios, methodologies, etc.).

Principle 2: Stress testing program

The AMF expects the institution to implement a stress testing program, based on a range of perspectives and techniques, fostering integrated risk management.

Stress tests are not standardized tests, since programs must be tailored to the size, nature, complexity of the activities, and risk profile of each financial institution. However, the program implemented, regardless of its scope and level of sophistication, must form an integral part of the institution’s integrated risk management.

Stress testing program

A stress testing program is made up of all the procedures and processes in which stress tests are developed, assessed and factored into the decision-making process.

The program should include:

  • the techniques and mechanics for each of the tests performed;

  • the portfolios and business activities targeted by the tests;

  • all the scenarios developed;

  • the models used in the operation of scenarios;

  • reports explaining the results to decision-making bodiesThe board of directors, senior management and persons in charge of oversight functions. .

The scope and complexity of the efforts made by institutions must be commensurate with the size and sophistication of their activities.

An effective stress testing program is able to measure the impact of the qualitative or quantitative assumptions underlying a management practice or model. The program should cover all risk assessment models and all sectors of the institution’s activities.

Each of the stress tests performed as part of the program should initially disregard the risk mitigation measures available to the institution to deal with stresses, and should focus on the overall consequences of anticipated shocks in order to support the development of risk mitigation and business continuityThe capability of an organization to continue delivering products or services at acceptable predefined levels following a disruptive incident. plans. Risk mitigation measures can be included in a second phase so as to provide a picture of the residual effects of the shocks.

In practical terms, a program is used to test different shocks and scenarios that could have an impact on the institution’s business continuity or solvency.

Stress testing program and dynamic capital adequacy testing

As previously mentioned, in the case of insurers, DCAT is one component of the stress testing program. The rules established by the Canadian Institute of Actuaries (CIA) in its educational noteCommittee on Risk Management and Capital Requirements. Canadian Institute of Actuaries. Educational Note, Dynamic Capital Adequacy Testing, November 2007 concerning DCAT cover the majority of issues presented in this guidelineA document that describes the steps that financial institutions can take to satisfy their legal obligation to follow sound and prudent management practices and sound commercial practices. .

Insurers are therefore encouraged to use their DCAT-related methods and results to meet the AMF’s expectations with respect to stress testing. DCAT results should be systematically complemented by an analysis of exceptional but plausible scenarios, rather than simply unfavourable scenarios and, when necessary, by using reverse stress testing to detect qualitative risks, i.e. risks not based on probability distributions.

Role of stress testing in integrated risk management

The stress testing program should contribute to integrated risk management and, to do so, should:

  • support risk identification and control

    • address all the institution’s risks;

    • incorporate institution-wide risk management activities;

    • contribute to a reassessment of the institution’s risk profile and facilitate monitoring;

    • enable the board of directorsA body of elected or appointed individuals ultimately responsible for the governance and oversight of a financial institution. and senior managementThe group of individuals responsible for managing a financial institution on a day-to-day basis in accordance with the strategies and policies set by the board of directors. to ensure that the institution’s exposure is commensurate with its risk appetiteThe aggregate level and types of risk a financial institution is willing to assume to achieve its strategic objectives and business plan. ;

    • be based primarily on exceptional but plausible market environments;

    • consider risk concentrationA single exposure or group of similar exposures with the potential to produce large losses or a material change in a financial institution’s risk profile. s and interactions, since assumptions valid in normal times may fail in times of crisis;

    • assess the institution’s potential exposure in a crisis and foster the development of risk mitigation strategies;

    • facilitate internal communication; scenario-based analyses could help provide a more tangible view of exposures and the action to be taken to mitigate them.

  • provide a complementary perspective to other risk management tools

    • detect certain vulnerabilities not identified by tools based solely on historical data;

    • complement analyses provided by the management tools in place;

    • examine the risk characteristics of new products, portfolios or risk management strategies when historical data are limited or do not cover crisis periods.

  • prepare decision makers for periods of change

    • provide a complete picture when reversals occur in the economic cycle or major changes take place in factors beyond the institution’s control; when the recent environment differs significantly from that anticipated for the immediate future;

    • temper the expectations of institutions during periods of stability or sustained growth.

  • support capital and liquidity management

    • form an integral part of the institution’s capital adequacy assessment process;

    • complement dynamic capital adequacy testing (DCAT) in the case of insurers;

    • identify market events or conditions that could jeopardize the institution’s solvency;

    • support the measurement, monitoring and control of liquidity risk as well as the adequacy of liquidity levelsAutorité des marchés financiers. Liquidity Risk Management Guideline. in the event of institution-specific or industry-wide stress events;

    • measure the insurer’s ability to assume an extensive outlay in the event of an increase in claimsA financial asset that has a counterpart liability. or an unexpected decrease in premium collections;

    • play a role in communicating with the AMF during the regulatory capitalAll of the capital instruments of a financial institution meeting, according to different categories, the minimum quality criteria required by regulatory authorities. adequacy and economic capitalThe capital needed by a financial institution to satisfy its risk tolerance and support its business plan and which is determined from an economic assessment of the financial institution’s risks, the relationship between them and the risk mitigations in place. testing process.Autorité des marchés financiers. Integrated Risk Management Guideline.

Use of models

The program should incorporate the different risk measurement models used throughout the institution; new specific models should be added, if need be. The use of each model must:

  • take the model’s area of applicability into account;

  • comply with all of the basic assumptions.

The parameterization of a model depends directly on the environment in which the model was estimated. For example, a model based on a sample drawn from a period of strong economic growth may not be suitable for a study of a crisis scenario marked by a widespread economic downturn.

The robustness of the parameterization and the theoretical basis for the models included in the program should therefore be carefully examined in order to define their limits of use. The limitations of the models as well as the assumptions associated with stress testing must be documented.

Principle 3: Program framework

The AMF expects institutions to implement a flexible but robust framework and ensure that the procedures governing its stress testing program are properly documented.

The procedures governing the stress testing program should determine, for the benefit of the team responsible for performing stress tests, the steps that need to be taken to meet the program’s expectations.

The procedures should include:

  • the frequency of stress testing;

  • details on the methodology adopted;

  • sources of data;

  • the purpose and scope of the stress testing;

  • a definition of the scenarios, underlying assumptions, techniques and fundamental elements of each stress test;

  • the role given to expert judgment;

  • a measure of consistency between the stress test results, nature of the scenarios selected (scope and severity) the underlying assumptions;

  • a description of the actions that may be taken when stress test results indicate the need to mitigate risks, as well as an evaluation of the feasibility and impact of such actions.

A stress testing program, depending on the nature and size of the institution, may require a large amount of data about the institution, its counterparts, and the economic and financial environment in which it operates. In the case of a smaller-scale institution, the amount of information required for the program could be relatively limited.

The institution should ensure that it allocates the necessary resources (personnel, software, infrastructure and data) to carry out stress tests representative of its size and the nature of its activities. The personnel should be sufficiently flexible and skilled to adapt to changing financial and economic environments. They will thus be able to perform pertinent stress tests, on the basis of exceptional but plausible events, integrated and tailored to the needs of the institution.

Principle 4: Assessment and updating of stress testing program

The AMF expects the institution to assess its stress testing program, analyze the results, and update it regularly and independently.

The stress testing program should be assessed regularly, from a quantitative and qualitative point of view, to ensure that the procedures governing the program have been followed and the results are adequate.

The independence of the program’s assessors should be assured by the absence of direct involvement in the establishment and implementation of the stress tests assessed. The internal controlThe set of control mechanisms implemented in a financial institution to give its decision-making bodies reasonable assurance that the objectives relating to operational effectiveness and efficiency, safeguarding of assets, reliability of information and compliance will be met. functions, the personnel in charge of validating the models, where applicable, or the external audit should play key roles in the process.

As far as possible, benchmarking and back testing may be considered as quantitative assessment tools for the methods used in the program.

The ability of econometric and statistical models to operate adequately in stress situations should also be assessed. Testers must ensure that the assumptions underlying the model are not violated during testing and that the parameterization for economic changes is robust.

The qualitative assessment of the stress testing program should cover:

  • the level of integration of the stress testing program in day-to-day risk management;

  • the authorization process for changes to the program;

  • the integrityThe quality that an individual has of being honest and having strong moral principles that he or she refuses to change. It is demonstrated through the individual’s actions and through the conduct of the his or her personal and professional business. of information management systems and the availability of data;

  • the consistency and relevance of sources of data;

  • the accuracy, reliability and exhaustiveness of the data used;

  • the severity, scope and relevance of the scenarios;

  • the ability of the program to meet the objectives set;

  • the adequacy of the documentation of the processes.

 

3. Methodology and scenario selection

The methodologies and scenarios used in the stress testing program must be stringently selected. The quality of the results derived from the program will depend entirely on the ability of the units in charge to implement a complete, effective program based on the sound practices set out in the following principles.

Principle 5: Scope of program and integration of results

The AMF expects the stress testing program to cover an adequate range of risks and business areas. The institution should be able to adequately integrate its various stress testing activities so as to obtain a complete picture of its risk profile.

The stress testing program should consistently and comprehensively cover numerous risk factors in respect of products, business units and the institution. Using an appropriate level of granularity, the program should examine the impact of various shocks affecting the risk factors, taking into account the possible interrelations among such factors.

The institution should also use stress testing to identify, control and monitor concentration and residual riskThe risk remaining after actions or measures have been taken to reduce the risk’s likelihood or impact. s. In this respect, the scenarios developed should:

  • be complete and detailed;

  • cover all the institution’s operations as well as balance sheet and off-balance sheet assets and liabilities;

  • cover all the risks, whether contingent or not.

The impact of a scenario should be assessed using measures that are consistent with the nature and purpose of the scenario as well as the risks and portfolios being analyzed. In general, a range of measures needs to be considered for a complete assessment of a scenario, such as:

  • asset, liability and equity values;

  • accounting profit and loss;

  • economic profit and loss;

  • regulatory capitalAll of the capital instruments of a financial institution meeting, according to different categories, the minimum quality criteria required by regulatory authorities. and risk-weighted assets;

  • economic capitalThe capital needed by a financial institution to satisfy its risk tolerance and support its business plan and which is determined from an economic assessment of the financial institution’s risks, the relationship between them and the risk mitigations in place. ;

  • actuarial liabilities;

  • deposit activities;

  • liquidity and funding gaps.

The goal of this exercise is to integrate the program results effectively into the institution’s various decision-making processes, while ensuring that all the risks facing the institution are thoroughly covered.

Principle 6: Range of scenarios and simultaneous pressures

The AMF expects the stress testing program to cover a range of scenarios, including forward-looking scenarios, integrating simultaneous pressures to a variety of risk factors.

An effective stress testing program should include scenarios that cover a broad spectrum of events and various levels of severity. Emphasis should be placed on the events that are potentially the most damaging for the institution.

The scenario creation process should be conducted with rigour, flexibility and imagination so as to increase the likelihood of identifying all potential vulnerabilities. It goes without saying that the range of scenarios considered should be representative of the institution’s nature, size, risk profile and complexity of activities.

When developing scenarios, the personnel responsible should:

  • cover all the institution’s material risks (for example, credit risk, market riskThe risk of losses in on- and off-balance sheet positions arising from movements in market prices of financial instruments. , operational risk, insurance risk, legal risk, liquidity risk, as well as risks affecting the institution through its status as a member of a group);

  • address institution-specific vulnerabilities; for example, regional, structural, legal and sector-based factors;

  • take into account the interactions and feedback effects among the risk factors considered;

  • supply new scenarios, primarily in the case of sensitivity analyses in which results may suggest the combined analysis of a group of risk factors;

  • present a complete description, clearly identifying the trigger events, channels of shock transmission and assumptions in terms of covariation (co-movements) of risk factors. The description should show that the scenario is free of paradox;

Since historical scenarios are backward-looking, recent developments and current vulnerabilities could be overlooked. As a result, scenario design should also integrate a forward-looking approach, with a focus on the short term, in addition to a backward-looking approach.

Forward-looking scenarios differ from other types of scenarios in that they incorporate the knowledge and judgment of a number of experts such as economists, financial management specialists, actuaries and operating unit representatives in addition to being based on the concerns of senior managementThe group of individuals responsible for managing a financial institution on a day-to-day basis in accordance with the strategies and policies set by the board of directors. . The challenge consists in stimulating discussion and using the information available effectively.

Forward-looking scenarios might in particular incorporate the following elements:

  • changes in portfolio composition;

  • new information that could change the financial institution’s risk profile;

  • the emergence of new sources of risk not covered by historical risk management or previous stress episodes;

  • numerous time horizons depending on the risk characteristics, analyzed exposures and the purpose of the test in question. The time horizons should be considered with regard to the liquidity of the underlying exposures appearing in the portfolios covered by the testing;

  • recessions, stagnation or hyperinflation, for example, in which the ability of institutions to react in the medium and long term is compromised. Systemic reactions and feedback effects should be an integral part of macroeconomic scenarios;

The scenarios developed should also take into account the fact that pressures are usually multifaceted.

For a deposit institution, financing and asset markets may be highly interrelated, particularly during periods of stress. A financial crisis puts downward pressure on the balance sheets of financial institutions, possibly restricting the availability of liquidity, eroding the health of institutions and hampering the stability of the financial system.

Deposit institutions should incorporate in their stress testing program interrelations between various factors, including:

  • price shocks for specific asset classes;

  • drying-up of liquidity in the case of assets sustaining a shock;

  • possibility of significant losses damaging the institution’s financial soundness;

  • possibility of having to add assets after a negative shock to the balance sheet;

  • possibility of a massive withdrawal of deposits;

  • globally diminished access to secured and unsecured financing markets.

In the case of insurers, particular attention should be paid to material links among the various risk factors.

For insurers of persons, changes in economic conditions can significantly influence the behaviour of policyA set of general principles adopted by a financial institution for conducting its activities in a given area. holders, especially in terms of lapse rate, recourse to optionsA contract under which the holder has the right, but not the obligation, to buy or sell a specific number of shares at a predetermined price during a specific period of time. in insurance contracts, and morbidity and recovery rates.

For damage insurersAn insurer authorized to carry on business in a class of insurance that protects an insured against the consequences of an event that may adversely affect his patrimony. , changes in economic conditions can both influence investment income and expenses and generate an increase in provisions for claimsA financial asset that has a counterpart liability. . The relationship between the various factors depends on the insurer’s products, investment policy and approach to managing its operations.

Principle 7: Severity and relevance of scenarios

The AMF expects the stress testing program to contain scenarios covering several levels of severity, including events that could generate the worst damage in terms of losses and impact on reputation.

The range of scenarios included in the program should cover the most potentially damaging events for the institution. The identification of such events requires a thorough knowledge of the institution’s risk profile and the economic environment in which the institution operates.

Reverse stress testing, discussed in this guidelineA document that describes the steps that financial institutions can take to satisfy their legal obligation to follow sound and prudent management practices and sound commercial practices. , is an adequate tool for considering a range of serious events. Integration of this technique in the stress testing program can help discover hidden risks and interactions among different risks.

The scenario selection process should enable the institution to consider areas beyond its normal business operations.

Areas that could, among other things, be subject to severe scenarios are:

  • business lines in which traditional risk management approaches indicate an exceptionally high risk-return ratio;

  • new products;

  • new markets that have not experienced stress episodes;

  • exposures in low liquidity markets.

 

4. Risk mitigation

Principle 8: Contribution to the development of risk mitigation plans

The AMF expects stress testing to facilitate the development of risk mitigation plans.

The stress testing program should be a major input in the risk mitigation plan development process and should be used to assess and challenge the effectiveness of established plans.

Stress testing designed to measure the adequacy of risk mitigation plans under stress conditions should be implemented. The fact that numerous institutions could activate similar emergency plans simultaneously and major market downturns could occur in stress situations should be considered.