On January 12, 2012, the Federal Financial Institutions Examination Council (FFIEC) issued responses to frequently asked questions (FAQs) about the 2010 advisory on interest-rate risk (IRR) management.
These answers touched on several key areas of that guidance, and are designed to clarify what’s considered to be sound IRR practice relating to measurement and reporting, stress testing, assumptions-development, and model validation.
Most everything in the responses comports with our interpretation of the 2010 advisory, but there are some helpful clarifications on certain issues.
Some of the primary highlights of FFIEC’s guidance:
• In a low-rate environment, institutions should run interest-rate shocks of +300 and +400 basis points. If conditions warrant, institutions should test more severe scenarios.
• Management should use reporting limits, triggers, or thresholds for stress scenarios, including the severe rate shocks discussed above, and others where appropriate to ensure IRR exposures are within risk tolerance levels.
• Management should perform simulations for one- and two-year time horizons, conduct model measurements that don’t include new business growth, develop reasonable assumptions reflecting the institution’s experience, and perform appropriate back-testing.
Smaller institutions using less-complex, vendor-supplied IRR models can satisfy some, but not all, validation requirements with independent attestation reports from the vendor.
All of this is welcome confirmation of our earlier reading and understanding of the advisory. There are also some notable clarifications that we find helpful in refining our recommendations.
Another is the need for limits, triggers, or thresholds for both standard and nonstandard stress scenarios. Two other key issues that received further clarification are validation and non-maturity deposit assumptions.
Internal controls and validation
Based on the information in this release, as well as our own experience since the original 2010 advisory, validation and back-testing issues have raised questions and, at times, have caused confusion.
In response to FAQ No. 9, FFIEC clearly states that independent certifications/validations commissioned by model vendors don’t satisfy all supervisory expectations. This has been our interpretation as well.
By itself, an independent validation of the model’s mathematics, code, and methodology isn’t enough. It’s helpful, but alone is insufficient to satisfy all expectations.
Institutions should secure a review of the entire range of ALCO processes from a sufficiently independent party. As stated in the 2010 advisory, the independent review should “Ensure the integrity of the various elements of their IRR management processes.”
The various elements of IRR processes include back-testing, assumptions reviews, annual policy reviews, board education, and a variety of other things (including the model validation)—all of which need to be assessed, checked off, and reported by an independent entity.
Assumptions for nonmaturity deposits
Appropriate modeling of nonmaturity deposit (NMD) behavior is another key point of focus. FAQs Nos. 11 and 12 both speak to NMD assumptions.
The key take-away is that industry estimates or defaults provide an approximation only, and therefore should serve as just a starting point for further analysis.
Historical analysis of NMD balance and pricing behavior can provide information to management that indicates whether, and to what degree, adjustments should be made to the industry average to more reasonably model the unique characteristics of the institution.
IRR has been a priority for regulatory agencies for two years now. The January 2010 advisory sparked a reassessment by community-based financial institutions of the adequacy of their IRR management practices.
In so doing, it also raised important questions about particular regulatory expectations. This release of responses to FAQs by the FFIEC is indeed helpful. It also serves as a reminder that IRR remains a top-of-mind issue as we move through 2012.
WASHINGTON (5/4/15, UPDATED 1:45 p.m. ET)--Building on the success credit union advocates are having in getting data breach legislation introduced in the U.S. Congress, today CUNA launches a new call to action to garner support for the recently introduced House Data Security Act of 2015 (H.R. 2205).