Stress tests and other examinations of European banks over the course of this year were released showing that most of Europe’s giant banks are prepared for any modest change in the economic winds. There was only a short list of 25 (or fewer, depending on which measures and tests you might want to lend credence to) that are considered too short on capital to survive an unexpected minor stress. The one bank with the glaring capital shortfall is Monte dei Paschi, the world’s oldest bank and one of 9 in Italy that were considered to have failed stress tests. Monte dei Paschi is judged to be €2.1 billion short, almost a tenth of the total capital deficit on the list. Italy’s central bank noted that the stress test scenarios were particularly unfavorable for Italy because of the way the recession of 2012 was counted as a baseline. When you imagine more realistic economic scenarios for Europe, the rest of the euro zone is probably in about the same boat that Italy is in.
A weakness of bank stress tests is that they look at only the most obvious and naive economic scenarios encompassing just a few macroeconomic variables. They can’t help you find the unexpected changes that are the cause of most failures in businesses and banks. In this week’s headlines, for example, energy analysts were talking about the possibility of world oil prices settling between $70 and $75 for an extended period, a decline of a third from the last few years. Which banks might be negatively affected by this unexpected decline in energy prices? Which might be in trouble if energy prices unexpectedly increased by a similar amount? We can only guess. The variance analysis of a stress test can’t dig even this deep.
In the U.K., Lloyds passed the European stress test, but so narrowly there are worries about whether it can pass the U.K.’s stress tests. Those results are coming up in December.
According to a published report about the “address book” break-in at JPMorgan Chase, criminals gained access through the bank’s virtual private network (VPN). VPN access ordinarily is tightly controlled, but the criminal group must have found a way around the restrictions, possibly based on a combination of IP spoofing and a rootkit attack.