In our previous blog post in this series, we discussed Comprehensive Capital Analysis and Review (CCAR) and Dodd-Frank Act Stress Test (DFAST) and how CECL implementation teams can think about leveraging the stress test’s credit loss models for CECL.
Stress testing data, IT infrastructure, processes and controls (in addition to models) may be evaluated for integration with CECL.
Data and IT Infrastructure
CECL and stress test models are similar types of projections and use similar data elements. If the bank chooses to adopt a stress test methodology and segmentation for CECL, the data used in both models overlaps substantially. Due to the differences in model calibration, the existing data must be evaluated to ensure it supports the desired CECL estimation approach. Banks must gather data requirements and source information for missing data identified in this evaluation and for in scope exposures where a stress test model is not available.
Stress testing technology platforms exist for the end-to-end modeling process, from data warehouses, to statistical modeling software, to reporting infrastructure. CECL implementation teams can plan to use existing IT platforms wherever possible, avoiding duplicative technology. Banks who use third-party IT stress testing platforms can engage the vendor to determine if it can support CECL modeling or if another vendor will be required.
While regulators require numerous controls for stress testing data, data controls for any attributes not currently used in Allowance for Loan and Lease Losses (ALLL) will require augmentation to be Sarbanes-Oxley (SOX) compliant. We will cover CECL SOX compliance in a future blog post.
Processes and Controls
Many banks will perform a gap analysis of the existing credit loss allowance process against CECL requirements to identify areas requiring enhancements as a preliminary step.
Stress testing processes can be used to fill some gaps rather than building a new process from scratch. For some banks, CECL implementation presents an opportunity to identify and consolidate functions that overlap the allowance process and stress tests.
Many stress testing processes may be leveraged or evaluated for use with CECL, along with internal control frameworks, model governance policies and model documentation/validation templates.
The following considerations apply for any stress test process or control used for CECL:
- Increased Volume: Banks run stress tests either annually or semi-annually, depending on the size of the bank. CECL’s process will run quarterly to coincide with financial reporting cycles. Processes will require augmentation to support additional cycles.
- Cycle Time: Regulators release stress test scenarios two months prior to when results are due. For CECL, execution time must reduce significantly as models need to run using data finalized a few days prior to the accounting statement filing date.
- SOX Compliance: While regulators require numerous controls over the stress testing process, all controls are not necessarily SOX compliant. As with data, incremental process and control changes to the allowance for credit losses will require updates to be SOX complaint.
Many banks currently employ manual stress testing procedures. Given the potential augmentations required to support increased volume, cycle time and controls, banks may want to use CECL as an opportunity to explore process automation to speed processes and improve controls while reducing costs.
Changes to the allowance for credit losses required by CECL will impact capital ratios. Since CECL will likely result in larger allowances and therefore lower capital ratios, banks will need to plan accordingly in subsequent CCAR and DFAST exercises.
CECL implementation teams must consider enterprise-wide capabilities when planning the roadmap to CECL compliance. If CCAR and DFAST are applicable to your bank, you have a good place to start for credit loss modeling, data and IT infrastructure and processes and controls, and can aim to centralize some capabilities for use with CECL.
For banks out of CCAR and DFAST scope, and for non-financial institutions with CECL exposures, you still might not need to start from scratch. Many third-party vendors have developed the technical modeling knowledge, implementation knowledge and an understanding of what regulators look for during similar exams. A large marketplace of external help is available, led by the people who were advising banks through the build-out of stress testing functions.