Andrew Sheen February 17, 2021

Don't Tell Your Regulator (3): We use scenarios for capital purposes only

This blog is one of a series designed to identify common mistakes made by firms. It explains why the mistake is damaging and could lead to regulatory sanctions, a capital add-on and even a skilled persons review (S166). If you are making this mistake then you need to change your practice.

Regulator3-1 (1)

A little while ago I visited a firm to discuss and review its scenario process. The firm’s approach was both thorough and efficient and the capital figures generated were accepted by all parties. The comprehensive pre-discussion briefing pack contained a detailed explanation of the scenario, the status of the relevant controls, the firm’s previous loss experience under this scenario, external experience and examples of the potential outcomes.

The discussion was very open, involved all the relevant parties, covered all the relevant topics and care was taken by a very capable scenario team not to introduce biases or permit gaming. Finally, all the participants accepted the potential loss generated and everyone was prepared to leave the scenario workshop feeling the job had been well done.

Amongst the information presented to the workshop was a detailed assessment of the controls impacting the scenario, including controls that were considered to be less than fully effective or had significant weaknesses. Unfortunately, while attendees were prepared to accept the significant loss generated by the scenario, there was no discussion of measures that could be taken to improve risk management, including control efficiency and effectiveness, or to reduce the magnitude of the loss and so reduce the potential capital impact of the scenario. This omission was particularly alarming as the ultimate capital figure generated was allocated to the firm’s businesses, including the businesses participating in the scenario workshop.

Recognising this deficiency led the firm to revamp its scenario process and introduce a control improvement component so that when scenarios were discussed in future there was a possibility to reduce the potential loss.

Unfortunately, this experience is not unique and, in many organisations, scenarios focus solely on the loss and capital impact. This omission will certainly cause regulatory concern and could result in sanctions, most likely a capital add-on as the integrity of the scenario process will be questioned. In addition, the operational resilience consultation papers published by the UK FCA, PRA and Bank of England in December 2019 also require firms to test their ability to deliver important business services within impact tolerances in severe but plausible scenarios. We expect this requirement will be retained in the regulators’ next paper, due this quarter.

Scenarios offer a powerful tool that should be used to enhance risk management and improve operational resilience as well as provide inputs to the capital process. When you use a single scenario team to oversee and manage different scenarios within a firm, you encourage efficiency and best practice across the organisation.

The increasing emphasis on scenarios for capital, risk management and resilience raises a question I have been asked many times: ‘How many scenarios should a firm have?’ The answer depends on a number of factors, such as the size, nature and complexity of the firm. I have seen a firm with three scenarios, which seemed insufficient, while another I met had 300, which seemed too many. I have even heard of a firm with thousands of scenarios. Overall, it is better to do fewer scenarios very well than lots badly.

We hope you find this blog helpful. For a full overview of our approach to framework improvements, please contact us.