New Proposed Guidance on Stress Testing for Banks

Yesterday, the Office for the Comptroller of the Currency (”OCC”), the Federal Reserve and the Federal Deposit Insurance Corporation (”FDIC”) issued proposed guidance for banking institutions to create a robust stress testing framework to adequately assess potential risks. The largest financial institutions have been subject to direct stress testing during the financial crisis in association with the administration of the Troubled Asset Relief Program (”TARP”). This new guidance formally outlines requirements for a broader population of institutions, specifically those with $10 billion or more in assets. According to the guidance, all banks of this size should structure their framework in the following manner.

“….. a banking organization’s stress testing framework should include, but are not limited to, augmenting risk identification and measurement; estimating business line revenues and losses and informing business line strategies; identifying vulnerabilities and assessing their potential impact; assessing capital adequacy and enhancing capital planning; assessing liquidity adequacy and informing contingency funding plans; contributing to strategic planning; enabling senior management to better integrate strategy, risk management, and capital and liquidity planning decisions; and assisting with recovery planning.”

While this guidance does not explicitly meet the requirements of section 165(i) of the Dodd-Frank Wall Street Reform and Consumer Protection Act for non-bank companies, the OCC, Federal Reserve and FDIC plan to issue rules consistent with this guidance for those companies. So, this serves as a preview of what is to come. Public commentary on this proposed guidance is requested by June 29, 2011.

Collaboration is Key for GRC Success

An interesting study on the current state of Governance, Risk Management & Compliance ("GRC") programs has just been released and the results are quite revealing. Entitled "The Role of Governance, Risk Management & Compliance in Organizations", the study was conducted independently by the Ponemon Institute for EMC.  The study covered four primary domains - IT GRC, Operations GRC, Finance GRC and Legal GRC - and surveyed 190 GRC practitioners across the United States.

One of the primary findings was the fact that organizations are still limited by their ability to collaborate and communicate risk information across the enterprise. Part of the problem lies in the lack of a comprehensive strategy to improve collaboration. Beyond the lack of a strategy, organizations are also limited by their technological support of GRC programs. Here's what the Ponemon Institute surmised.

We believe this study reveals the importance of an enterprise-wide strategy and increased collaboration among domains to meeting eGRC objectives. Currently, only 20 percent have an enterprise-wide strategy and collaboration among GRC areas is far from perfect. Only 28 percent of respondents say their organizations enjoy frequent collaboration or cooperation among GRC areas. However, the good news is that only 12 percent say GRC areas operate in silos in their organizations.

In order to address the barriers related to collaboration, it has been recommended that organizations make it a priority to encourage people from the various lines of business to talk together and establish “risk ambassadors”. The need to gain visibility and control through effective cross-enterprise eGRC collaboration is important to reducing gaps in how risk is assessed and managed.

Finally, according to respondents, managing risk is and will continue to be the biggest eGRC focus for their organizations. This is understandable because organizations are finding that the cost of complying with the plethora of regulations can be daunting. Taking a risk-based approach toward compliance requirements enables them to focus their resources on the most at-risk areas of their business and achieve real value from their eGRC activities.

Building the right processes, involving the right people and utilizing the right technology are all key to achieving the sort of value that GRC programs should provide. Wheelhouse Advisors is uniquely qualified to bring these key elements together for your organization. Email us at NavigateSuccessfully@WheelhouseAdvisors.com to learn more.