Enabling resilience: A comprehensive guide for regulatory stress testing and governance frameworks for banks

Oct 6, 2023 by Yogesh Kshirsagar


In brief

  • Explore banking regulatory stress tests and the key stakeholders 
  • Learn the differences between scenario and sensitivity testing  
  • Discover the benefits of a well-structured governance framework  
  • Understand how a governance framework can help ensure financial stability  


Banks need to run stress testing according to the regulations published by numerous regulatory bodies. These could be, for example, central banks or government acts.  

Amongst these, the Federal reserve mandates CCAR (Comprehensive Capital Assessment & Review) for all banks with more than $50 billion in assets. This is part of the Dodd-Frank reform 

The European Central Bank provides Internal Capital Adequacy Assessment Process (ICAAP) guidelines for all major banks. Stress testing is one of the key requirements. 

There are various stress runs conducted by banks which take into consideration the nature of their business, their size, and the jurisdiction they are operating in. 

In this article we will define stress testing, demonstrate the types, stakeholders, their governance structure and some of the benefits.  

Regulatory runs are quite expensive if we take into consideration the manpower and infrastructure they require. Obviously, having governance structure in place for stress testing is helpful to avoid repeatedly running stress tests, thus saving your bank a lot of money. 


Definition of regulatory stress testing


Regulatory stress testing is a process to simulate stress scenarios and sensitivities in banking applications, to review the risks associated with counterparties in quantifiable terms and report the necessary risks to the bank’s management and/or regulators. 

There are two types of stress testing: 

  • Scenario testing is a testing activity where the risk systems calculate valuations based on certain scenarios generated by upstream systems (e.g., the 2008 financial crisis). The scenario is a combination of multiple correlated factors. This is a “what-if” analysis for a future hypothetical scenario 
  • Sensitivity testing is a testing activity where the risk systems calculate valuations based on certain risk factors (e.g., an interest rate increase of 1%). This is a “what-if” analysis of a single parameter to see how it would impact your capital planning and risks. This may tell you specifically what exactly would have an impact on your bank  

In both the cases, the risks systems receive shocks (credit shocks, market shocks) from the upstream systems. Based on these shocks, the risk systems generate valuations.  

At first glance, scenario testing and sensitivity testing may look similar, but they are quite different in nature. Scenario testing is a lot more comprehensive than sensitivity testing. 

Downstream applications aggregate risks at a counterparty level where you understand an exposure against a counterparty that can be quantified with a number across all asset classes (e.g., you may have $100 million of exposure against a counterparty in commodities, but you may owe the counterparty $100 million, aggregating the net exposure to $0). On the other hand, you may realize you have more exposure to some other counterparties.  

In summary, the whole exercise is a capital planning exercise in a proactive manner where banks run different kinds of stress runs regularly (e.g., monthly, quarterly, yearly).  


Key stakeholders in stress testing


Key stakeholders involved in the internal stress testing process of a bank are as follows: 

  • Capital planning group 
  • Risk managers 
  • Risk systems 
  • Quantitative analysts 
  • Governance team  
  • External stakeholders 

The capital planning group is responsible for proactively making smart investment decisions for your bank. Typically, this group interacts with external regulatory bodies and ensures that the bank has implemented all the necessary regulatory reporting requirements. 

Risk managers review the risks associated with each customer and check if there has been any significant increase in the counterparty valuation adjustment numbers. Sometimes when they see an increase, they reach out to the respective quantitative analysts to check if the pricing models/risk factors applied were correct. In general, risk management groups ensure risk numbers and communicate the risks to various key stakeholders. You may have risk managers who are experts in commodities or rates, or they may be experts in multiple asset classes. 

In the context of stress testing, risk systems are the systems that calculate valuation adjustments at a counterparty level. There are various pricing models used by risk systems for XVA calculations. Some pricing models are quite simple, from “Do not calculate any risk” to “Calculate every risk” for a counterparty. Depending on the pricing models, the time consumed by these systems also varies.  

Quantitative analysts are people who are skilled in financial models and who provide advice to risk managers about pricing models and other technical matters. In general, upstream applications net the trades and these netting sets flow down to risk systems. Risk systems have pricing models associated with each set. They apply these models to calculate risk factors at the netting set level.  

The governance team conducts all the regulatory runs as prescribed by regulators. Their role is crucial as it is the team responsible for planning all the regulatory runs, enabling the risk system teams with the appropriate knowledge and skills, and putting the necessary IT controls in place. 

Externally, the banks will need to deal with central banks and government bodies to understand and fulfill their reporting obligations. 


Governance of stress testing


The governance of stress testing across the bank should include the following factors: 

  • Governance framework 
  • Stress run calendar 
  • Project plans 
  • IT controls 
  • Management of improvements 
  • Stakeholder matrix 


Governance framework


A governance framework is an asset that needs to be in place that will provide an overview of stress runs conducted across the banks. Typically, it provides the following guidance:   

  • Objective of stress runs 
  • Matrix of stress runs, their scope, frequency, and scenarios/sensitivity covered 
  • Process of stress testing for all regulations 
  • Sign off process 
  • Information about plans 
  • Stakeholder matrix 

It is necessary that key stakeholders have seen this framework and have provided their comments and suggestions. 

  • Stress run calendar: The governance team should publish the calendar that then needs to be broken down into a daily calendar and the team has to know which regulatory run is happening right now and which will conflict with the other. This is a great way to ensure that the team is well informed about the regulatory runs 
  • Project plans: Each regulatory run is a project with prerequisites, tasks and outcomes by various parties. You must track each project separately to keep senior stakeholders up to date 
  • IT controls: IT controls such as the verification of scenario IDs or sanity checks of the reports generated by IT are essential to avoid re-running and delays. These IT controls must be treated as continuous improvement items by IT, as part of their IT services for banks, and should never become barriers for regulatory submission. The key for all regulatory projects is timely submission 
  • Enhancement to the framework: The addition of a stress run must be treated as a change in the framework and has to be documented clearly in any updated framework, e.g., your bank has been asked to add an entity for a stress run that you conduct monthly, it must be updated in the framework and all risks systems have to be informed 
  • Stakeholder matrix: There are a lot of stakeholders in the process and they could be located across the globe. As a governance organization, it is your responsibility to ensure that you know each person and educate all the team members on your regulatory runs and timelines 


The benefits of a governance framework


  • A governance framework provides clarity about all the stress runs conducted by the bank, and their timelines (e.g., some risk systems may not be aware of the timelines or requirements). In such cases, a governance framework is useful 
  • It provides a single view of all the regulatory runs conducted by the bank. This is often useful when there is a requirement to add a particular scenario or to modify the run structure (e.g., you may get a request to run a scenario such as the 2008 financial crisis on a monthly basis from some regulators). But, just by looking at the framework you will be able to say that you’re already running it and no action is required on your part 
  • A governance framework can be used to provide a process followed by the bank for all regulatory runs. Hence, all stakeholders will be clear about the current process and process improvements 
  • A governance framework provides clear responsibilities with the stakeholder matrix. This is very useful in cases where a quick turnaround is required 

Overall, the governance of regulatory stress testing for banks is an essential tool to assess and enhance the stability and resilience of the financial system, as it helps identify potential vulnerabilities and weaknesses in the banking sector before they can escalate into broader financial crises. 



Yogesh Kshirsagar , Principal Consultant, Banking and Capital Markets

Yogesh Kshirsagar author linkedin

Principal Consultant, Banking and Capital Markets

Yogesh has 19 years of IT experience in banking and finance. Before joining Luxoft, he held leadership positions across the UK, United States, Singapore, Malaysia, and India, working with clients like Standard Chartered, Credit Suisse, American Express, CLSA, Natixis, Bank of Ireland and MUFG Securities. He specializes in regulatory reporting, anti-money laundering, client lifecycle management and investment banking. Yogesh also writes and speaks about these topics. Any spare time is spent with his daughter, jogging, reading or experimenting with new ideas.

Yogesh Kshirsagar , Principal Consultant, Banking and Capital Markets

Yogesh Kshirsagar author linkedin

Principal Consultant, Banking and Capital Markets