The spreadsheets your company may use in the performance of stress test modeling might be subjecting your business to additional stress that could harm its health. Read on to learn if you're at risk...
Capital management related regulations like CCAR, DFAST and Solvency II mandate that banks and insurance firms analyze their business under various economic scenarios. This ensures they have enough capital to withstand adverse economic conditions. Often simply referred to as a “stress test,” this complex analysis is highly model dependent. The models themselves may be built on Excel, but even if they are not, very often there are various data transformations that are done using Excel.
Even though larger institutions may have been able to eliminate spreadsheets from this process, they are still widely used at other firms. The ease of use and accessibility to staff and the ability to link to various data sources (the non-technical person’s ETL) also enable the easy modification of data and logic. Sun Tzu predicts that “your strength will become your weakness” and so it these advantages of spreadsheets themselves that can inject stress into the stress testing process.
Spreadsheets make it easy for anyone to save and manipulate data… which also makes it easy to introduce errors. And errors in the model input can lead to inaccurate outputs and wrong results, and ultimately poor business and strategic decisions. This fact has not escaped the notice of regulators and they are consistently stepping up their scrutiny of how stress testing is conducted. Guidelines are already in place as to how this ought to be conducted. For example, according to the US Federal Reserve’s guidance on Model Risk Management:
“Rigorous model validation plays a critical role in model risk management; however, sound development, implementation, and use of models are also vital elements. Furthermore, model risk management encompasses governance and control mechanisms such as board and senior management oversight, policies and procedures, controls and compliance”
Many companies in the US, UK and Europe are already using CIMCON tools to reduce model risk and comply with stress testing related regulations. CIMCON provides a pragmatic, role-based approach as advocated by SR 11-7 that is based on (1) creating a complete and accurate model/EUC inventory (including a visual data lineage map), (2) integrity checks of high-risk models, and (3) change controls and continuous monitoring.
Fortunately, along with the new scrutiny being directed at spreadsheets and other EUCs, new capabilities have emerged for bringing them under more effective control. Known as Spreadsheet Risk Management software, or more broadly as End-User Computing (EUC) controls; these tools automate processes and procedures for eliminating data input and other errors which are inevitably introduced through human mistakes. And that should be important to not just banks and insurance companies, but to any business for whom accuracy is important… which is basically every business.