Guideline

Subject: Stress Testing

Category: Sound Business and Financial Practices

No: E-18 Date: December 2009

Stress testing is an important tool for senior management to use in making business strategy, risk
management and capital management decisions. This guideline sets out OSFI’s expectations
with respect to stress testing and applies to banks and bank holding companies, and to all
federally regulated trust and loan companies, cooperative credit associations, life insurance
companies and fraternal benefit societies, property and casualty insurance companies and
insurance holding companies (collectively referred to as “institutions”).

Table of Contents

A. Stress Testing Defined .....................................................................................2

B. Purposes of Stress Testing ...............................................................................2
C. Role of Senior Management ............................................................................3
D. General Considerations for Stress Testing Programs ......................................4
E. Methodology and Scenario Selection...............................................................5
F. Specific Areas of Focus ...................................................................................8
Risk Mitigation ............................................................................................8
Securitization and Warehousing Risks ........................................................8
Risks to Reputation ......................................................................................9
Counterparty Credit risk...............................................................................9
Risk Concentrations .....................................................................................9
G. Supervisory Considerations ...........................................................................10
Glossary .................................................................................................................12

255 Albert Street

Ottawa, Canada
K1A 0H2

www.osfi-bsif.gc.ca
A. Stress Testing Defined

Stress testing is a risk management technique used to evaluate the potential effects on an
institution’s financial condition, of a set of specified changes in risk factors, corresponding to
exceptional but plausible events1. Stress testing includes scenario testing and sensitivity testing
(refer to Glossary).

Stress testing is especially important after long periods of benign economic and financial
conditions, when fading memory of negative conditions can lead to complacency and the
underpricing of risk. It is also a key risk management tool during periods of expansion, when
innovation leads to new products that grow rapidly and for which limited or no historical
experience is available.

Stress testing attempts to determine the impact of situations where the assumptions underlying
established models used in managing a business break down. This applies equally to valuation
models, models of individual risks and models that aggregate individual risks.

B. Purposes of Stress Testing

Stress testing should be embedded in enterprise wide risk management. A stress testing program
as a whole should be actionable, playing an important role in facilitating the development of risk
mitigation or contingency plans across a range of stressed conditions. It should feed into the
institution’s decision making process, including setting the institution’s risk appetite, setting
exposure limits, and evaluating strategic choices in longer term business planning.

An institution’s stress testing program should serve the following purposes:

i. Risk identification and control – Stress testing should be included in an institution’s
risk management activities at various levels, for example, ranging from risk
mitigation policies at a detailed or portfolio level to adjusting the institution’s
business strategy. In particular, it should be used to address institution-wide risks,
and consider the concentrations and interactions between risks in stress environments
that might otherwise be overlooked.
ii. Providing a complementary risk perspective to other risk management tools –
Stress tests should complement risk quantification methodologies that are based on
complex, quantitative models using backward looking data and estimated statistical
relationships. In particular, stress testing outcomes for a particular portfolio can
provide insights about the validity of statistical models at high confidence intervals,
for example those used to determine VaR.
As stress testing allows for the simulation of shocks which have not previously
occurred, it should be used to assess the robustness of models to possible changes in
the economic and financial environment. Stress tests should help to detect

1
Stress Testing by Large Financial Institutions: Current Practice and Aggregation Issues, Committee on the
Global Financial System, April 2000

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 2
 vulnerabilities such as unidentified risk concentrations or potential interactions
between types of risk that could threaten the viability of the institution, but may be
concealed when relying purely on statistical risk management tools based on
historical data.
Stress testing can also be used to assess the impacts of customer behaviour arising
from options embedded in certain products – particularly where the impact is not
easily modelled under extreme events.
iii. Supporting capital management – Stress testing should form an integral part of
institutions’ internal capital management where rigorous, forward-looking stress
testing can identify severe events, including a series of compounding events, or
changes in market conditions that could adversely impact the institution.
iv. Improving liquidity management – Stress testing should be a central tool in
identifying, measuring and controlling funding liquidity risks, in particular for
assessing the institution’s liquidity profile and the adequacy of liquidity buffers in
case of both institution-specific and market-wide stress events.

C. Role of Senior Management

Senior management (including, in the case of foreign insurance or bank branches, the Chief
Agent or Principal Officer, respectively, and an appropriate senior official from the branch’s
home office) involvement in the stress testing program is essential for its effective operation.
Senior management is accountable for the program’s implementation, management and oversight
and for ensuring that the institution has adequate plans to deal with remote but plausible stress
scenarios.

Senior management must ensure there is a “fit for purpose” program in place that is enterprise
wide and that operational management has adopted policies requiring appropriate use of stress
testing as a management tool.

Senior management should be able to identify and clearly articulate the institution’s risk appetite
and understand the impact of stress events on the risk profile of the institution. Senior
management must participate in the review and identification of potential stress scenarios, as
well as contribute to the development and implementation of risk mitigation strategies. In
addition, senior management should consider an appropriate number of well-understood,
documented, utilised and sufficiently severe scenarios that are relevant to their institution. Senior
management’s endorsement of stress testing as a guide in decision-making is particularly
valuable when the tests reveal vulnerabilities that the institution finds costly to address or
difficult to resolve in a timely, appropriate and realistic manner.

Please refer to OSFI’s Corporate Governance Guideline for OSFI’s expectations of institution
Boards of Directors in regards to operational, business, risk and crisis management policies.

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 3
D. General Considerations for Stress Testing Programs

Stress testing programs should take account of views from across the organisation and should
cover a range of perspectives and techniques.

The identification of relevant stress events, the application of sound modelling approaches
and the appropriate use of stress testing results each require the collaboration of different
senior experts such as risk controllers, economists, business managers, traders and actuaries.
Institutions should also use a range of techniques in order to achieve comprehensive coverage
in their stress testing program, including quantitative and qualitative techniques to support
and complement models and to extend stress testing to areas where effective risk
management requires greater use of judgement.

Institutions should have written policies and procedures governing the stress testing program.
The operation of the program should be appropriately documented.

The assumptions and fundamental elements for each stress testing exercise should be
appropriately documented, including the reasoning and judgements underlying the scenarios
chosen and the sensitivity of stress testing results to the range and severity of the scenarios.
The level of documentation should be based on the nature and purposes of the stress testing.
For example, documentation of ad hoc sensitivity tests for tactical decisions may be less
elaborate than the documentation of enterprise-wide stress tests used for strategic decision
making. An evaluation of fundamental assumptions should be performed regularly or in light
of changing external conditions. The results of the assessments should also be documented.

An institution should have a suitably robust infrastructure in place, which is sufficiently flexible
to accommodate different and possibly changing stress tests at an appropriate level of
granularity.

The infrastructure should be able to aggregate comparable risks and exposures across the
institution. It should allow for reporting to senior management in a timely manner
throughout the fiscal year. The infrastructure and information systems should be sufficiently
flexible to accommodate a timely increase in the frequency of ad hoc sensitivity testing to
support senior management’s response to rapid changes in the operating environment and
also for purposes of responding to the concerns of external stakeholders and regulators.

An institution’s stress testing infrastructure and information systems should be commensurate

with the nature and complexity of the institution and its risk profile. For example, greater
risk factor volatility and shorter time horizons for management actions require infrastructure
and information systems that accommodate more frequent stress testing in those areas.

An institution should regularly maintain and update its stress testing framework. The
effectiveness of the stress testing program, as well as the robustness of individual components,
should be assessed regularly and independently.

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 4
 Assessments of effectiveness should be qualitative as well as quantitative, given the
importance of judgments and the severity of shocks considered. Areas for assessment
should include effectiveness of the program in meeting its intended purposes,
documentation, development work, system implementation, management oversight, data
quality and hypotheses and assumptions used.

Since the stress test development and maintenance processes often imply judgmental and
expert decisions (e.g. assumptions to be tested, calibration of the stress, etc.), the
independent control functions such as risk management and internal audit should also
play a key role in the process. In particular there should be an independent review (e.g.,
by internal audit) of the adequacy of the design and effectiveness of the operations of an
institution’s stress testing programs.

E. Methodology and Scenario Selection

Stress tests should cover a range of risks and business areas, as well as at the institution-wide
level. An institution should be able to integrate effectively, in a meaningful fashion, across the
range of its stress testing activities to deliver a complete picture of institution-wide risk.

A stress testing program should consistently and comprehensively cover product-,

business- and entity-specific views. Using a level of granularity appropriate to the
purpose of the stress test, stress testing programs should examine the effect of shocks
across all relevant risk factors, taking into account interrelations among them.

Comprehensive stress testing programs should consider the institution’s most material
and significant risks. Where relevant and material, such risks may include:
 credit risk, including counterparty and reinsurance risk
 market risk, e.g.,
o general market
o specific
o cash flow mismatch
o interest rate
o foreign exchange
o commodity
 insurance risk, e.g.,
o mortality
o morbidity
o claim frequency and severity
o persistency and lapse risk

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 5
  liquidity risk
 operational and legal risk
 concentration risk
 contagion risk
 risk to reputation
 securitization risk
 new business risk
 regulatory risk
 inflation risk

The impact of stress tests is usually evaluated using one or more measures. The particular
measures used will depend on the specific purpose of the stress test, the risks and
portfolios being analysed and the particular issue under examination. A range of measures
may need to be considered to convey an adequate impression of the impact. Typical
measures used are:
 asset and liability values
 level of impaired assets and write-offs
 accounting profit and loss
 economic profit and loss
 required and available regulatory capital
 economic capital
 liquidity and funding gaps

Stress testing programs should apply across business and product lines and cover a range of
scenarios, including non-historical scenarios, and aim to take into account system-wide
interactions and feedback effects (e.g., second order and macroeconomic effects).

Stress tests should be conducted flexibly and imaginatively, in order to improve the
likelihood of identifying hidden vulnerabilities. A “failure of imagination” could lead to
an underestimation of the likelihood and severity of extreme events and to a false sense of
security about an institution’s resilience.

The institution should assess the impact of severe shocks and periods of severe and
sustained downturns, including its ability to react over the time horizon appropriate for
the business and risks being tested.

Institutions should use stress tests to identify, monitor and control risk concentrations. To
adequately address risk concentrations, the scenario should to be firm-wide and

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 6
 comprehensive, covering balance sheet and off-balance sheet assets, contingent and non-
contingent risks, and should give due consideration to actions beyond contractual
obligations that might be undertaken to preserve reputation. Further, stress tests should
identify and respond to potential changes in market conditions that could adversely
impact an institution’s exposure to risk concentrations.

Stress tests should feature a range of severities, including events capable of generating the most
damage, whether through size of loss or through loss of reputation. A stress testing program
should also determine what scenarios could challenge the viability of the institution (reverse
stress tests). Such tests may be useful in uncovering hidden risks and interactions among risks.

Stress tests should be geared towards events and business areas that might be particularly
damaging for the institution. Areas which benefit in particular from the use of stress
testing are business lines where traditional risk management models indicate an
exceptionally good risk/return trade-off; new products and new markets which have not
experienced severe strains; and exposures where there are no liquid two way markets.

Institutions should conduct reverse stress tests. A reverse stress test starts with a
specified outcome that challenges the viability of the firm. One example of such an
outcome would be that over a short time period, the firm incurs a very large loss that
challenges its viability. The analysis would then work backward (reverse engineered) to
identify a scenario or combination of scenarios that could bring about such a specified
outcome. The reverse stress test induces institutions to consider scenarios beyond normal
business settings that would include events with contagion and systemic implications.

As part of an overall stress testing program, a deposit-taking institution should aim to

take account of simultaneous pressures in funding and asset markets, and the impact of a
reduction in market liquidity on asset valuation. Funding and asset markets may be
strongly interrelated, particularly during periods of stress. An institution should enhance
its stress testing practices by considering important interrelations between various factors,
including price shocks for specific asset categories; the drying-up of corresponding asset
liquidity; the possibility of significant losses damaging the institution’s financial strength;
growth of liquidity needs as a consequence of liquidity commitments; taking on board
affected assets; and diminished access to secured or unsecured funding markets.2

As part of an overall stress testing program at an insurance company, specific

consideration should be given to important interrelations between various risk factors.
For a life insurer, changes in economic conditions can significantly affect policyholder
behaviour such as lapse rates, utilization of options within an insurance contract, and
morbidity and recovery rates. For a property and casualty insurer, changing economic
conditions will not only influence investment income and company expenses, but can
also, particularly in times of inflation, lead to higher claims and loss reserves. The
interrelations of various factors will depend upon the insurer’s products, its investment

2
See also Principles for Sound Liquidity Risk Management and Supervision, Basel Committee on Banking
Supervision (September 2008).

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 7
 policy and its approach to managing its business. A critical goal for insurers is to identify
situations in which the assumed normal pattern of interrelationships breaks down due to a
change in the business environment.

F. Specific Areas of Focus

The following risks have proven to require specific attention in light of experience of financial
market turmoil:
 Risk Mitigation
 Securitization and Warehousing Risks
 Risks to Reputation
 Counterparty Credit Risk
 Risk Concentrations

As such, stress testing should be prominent among the risk assessment tools used where these
specific risks are material.

Risk Mitigation

Stress testing should facilitate the development of risk mitigation or contingency plans across
a range of stressed conditions. The performance of risk mitigating techniques, like
reinsurance, hedging, netting and the use of collateral, should be challenged and assessed
systematically under stressed conditions when markets may not be fully functioning and
multiple institutions simultaneously could be pursuing similar risk mitigating strategies.
Stress testing should also reflect constraints on management action and should not place
undue reliance on the timeliness of mitigating actions.

Securitization and Warehousing Risks

The stress testing program should explicitly cover complex and customized products such as
securitized exposures. Stress tests for securitized assets should consider the underlying
assets, their exposure to systemic market factors, relevant contractual arrangements and
embedded triggers, and the impact of leverage, particularly as it relates to the subordination
level in the issue structure.

The stress testing program should cover pipeline and warehousing risks. These are market,
credit and funding risks arising in the period prior to securitization or sale and which may
arise from the need to hold assets for longer periods than originally planned when markets are
disrupted. An institution should include such exposures in its stress tests regardless of their
probability of being securitized. Many of the risks associated with pipeline and warehoused
exposures emerge when an institution is unable to access the securitization or other markets
due to either institution specific or market stresses.

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 8
Risks to Reputation

An institution should enhance its stress testing methodologies to capture the effect of risks to
reputation. To mitigate reputational spill-over effects and maintain market confidence, an
institution should have an approach to assess the impact of risks to reputation on other risk
types.

The institution should integrate risks arising from off-balance sheet vehicles and other related
entities in its stress testing program. An institution should carefully assess the risks
associated with commitments to off-balance sheet vehicles related to structured credit
securities and the possibility that assets will need to be taken on balance sheet for reputational
reasons. Therefore, in its stress testing program, an institution should include scenarios
assessing the size and soundness of such vehicles relative to its own financial, liquidity and
regulatory capital positions. This analysis should include structural, solvency, liquidity and
other risk issues, including the effects of covenants and triggers.

Counterparty Credit risk

An institution may have large gross exposures to leveraged counterparties, including hedge
funds, financial guarantors, investment banks and derivatives counterparties that may be
particularly exposed to specific asset types and market movements. Under normal
conditions, these exposures are typically completely secured by posted collateral and
continuous re-margining agreements yielding zero or very small net exposures. In the case of
severe market shocks, however, these exposures may increase abruptly. The potential cross-
correlation of the creditworthiness of derivative counterparties with the risks of the reference
assets may emerge (i.e., wrong-way risk). An institution should ensure that its stress testing
approaches related to derivative counterparties are robust in their capture of such correlated
tail risks.

Risk Concentrations

Stress testing should consider risk concentrations resulting directly from risk taking activities
as well as those resulting indirectly from actions to mitigate risks, e.g., concentrations of
credit counterparty risk arising from hedges of market and insurance risk.

Risk concentrations may arise along different dimensions:

 single name concentrations
 concentrations in regions or industries
 concentrations in single risk factors
 concentrations in indirect exposures via posted collateral or hedge positions
 concentrations in off-balance sheet exposure, contingent exposure or non-contractual
obligations by reputational reasons

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 9
 In addition, concentrations may arise based on correlated risk factors that reflect subtler or
more situation-specific factors, such as previously undetected correlations between market
and credit risks, as well as between those risks and liquidity risk.

G. Supervisory Considerations

OSFI reviews institutions’ stress testing programs as part of the supervisory review process as
described in the Supervisory Framework, and as part of its review of a deposit-taking
institution’s Internal Capital Adequacy Assessment Process (ICAAP). For insurers, one example
of stress testing is Dynamic Capital Adequacy Testing (DCAT). OSFI expects to see evidence
that stress testing is integrated into institutions’ internal risk management processes.

OSFI uses the results of institutions’ stress testing programs as important information and
integrates the results into its assessment of the inherent risks and risk controls and oversight of
institutions’ business activities

In assessing institutions’ stress testing programs, OSFI may:

i. Evaluate whether scenarios chosen are consistent with the risk appetite the institution has
set for itself.
ii. Assess whether scenarios are appropriate to the portfolio of the institution and that they
include severe shocks and periods of severe and sustained downturn. The scenarios
chosen should also include, where relevant, an episode of market turbulence or a shock
to market liquidity.
iii. Assess whether the frequency and timing of stress testing is sufficient to support timely
management action. For example, stress testing and DCAT are complementary
initiatives. More frequent stress testing at the business unit level facilitates timely
reaction to sudden market developments. It also supports the integration of the DCAT
process with the finalization of an annual business plan by providing timely inputs based
on current information. While it is up to each institution to determine how to best
integrate DCAT and other stress testing into its business planning process to achieve the
maximum benefits, ideally the annual DCAT of an insurance company would be
available to the Board of Directors, Principal Officer or Chief Agent as soon as is
reasonably possible; in all cases the annual DCAT should be submitted to OSFI within
30 days of its presentation to the Board of Directors, Principal Officer or Chief Agent.
iv. Ask institutions to evaluate scenarios under which viability is compromised and may ask
institutions to test scenarios specific to different lines of business, to assess the
plausibility of events that could materialize in significant strategic or reputational risk, in
particular for business lines with significant balance sheet exposures.
v. Ask institutions, from time to time, to carry out standardized:
o sensitivity tests for individual businesses/products given evolving market
conditions or
o scenario tests for use by OSFI to assess system wide vulnerabilities.

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 10
 vi. Examine the future capital resources and capital requirements under adverse scenarios. In
particular, OSFI would consider the results of forward-looking stress testing for assessing
the adequacy of capital buffers.
vii. Take account of the extent to which capital might not be freely transferable within groups
under adverse scenarios. OSFI would also consider the possibility a crisis impairs the
ability of even very healthy institutions to raise funds at reasonable cost.
viii. Review the range of management actions envisaged by institutions in response to the
results of the stress testing exercise and be able to understand the rationale for the
management body decision to take or not to take remedial actions. Supervisors may
challenge whether such actions will be available in a period of stress and whether the
institution will realistically be able and willing to take such actions.
ix. Make recommendations to an institution to take appropriate remedial action to address
weaknesses in its stress testing program.

From time to time, OSFI may conduct an analysis of the impact of system-wide stress scenarios.
OSFI intends as much as possible to test the impact of these system-wide scenarios using
information that is reported in regulatory returns or regularly collected as part of the supervisory
review process in order to minimize data calls on institutions.

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 11
Glossary

Scenario testing:
Scenario testing uses a hypothetical future state of the world to define changes in risk factors
affecting an institution’s operations. This will normally involve changes in a number of risk
factors, as well as ripple effects that are other impacts that follow logically from these
changes and related management and regulatory actions. Scenario testing is typically
conducted over the time horizon appropriate for the business and risks being tested.

Sensitivity testing:
Sensitivity testing typically involves an incremental change in a risk factor (or a limited
number of risk factors). It is typically conducted over a shorter time horizon, for example an
instantaneous shock. Sensitivity testing requires fewer resources than scenario testing and
can be used as a simpler technique for assessing the impact of a change in risks when a quick
response or when more frequent results are needed.

Stress Testing
Severe stress Sensitivity
testing

Severity

Scenario
Low stress testing

Single risk/single Many risks/interactions

time period & time periods

Complexity

Banks/T&L/BHC/Co-ops/Life/P&C/IHC Stress Testing

December 2009 Page 12