The SEC has approved the use of synthetic data in mandatory bank stress-test submissions under CCAR and DFAST. The move signals regulator comfort with synthetic scenarios—if banks can demonstrate governance, quality, and controls.
SEC approves synthetic data for CCAR and DFAST stress testing
The U.S. Securities and Exchange Commission (SEC) has authorized banks to use synthetic data in their mandatory stress-test submissions under the Comprehensive Capital Analysis and Review (CCAR) and the Dodd-Frank Act Stress Test (DFAST) frameworks. The approval allows institutions to include synthetic market scenarios in filings, expanding the set of conditions banks can test beyond what is represented in historical datasets.
According to the source, the change is captured in SEC Rule 2025-08 and is expected to be adopted quickly, with first use anticipated in the 2026 annual stress-test cycle. The stated rationale is practical: synthetic data can help model extreme or rare market conditions that historical data cannot replicate, improving coverage for tail-risk and operational-risk exercises while potentially reducing exposure to sensitive data elements.
- Stress testing gets broader without waiting for “real” crises. Data teams can generate synthetic scenarios to probe edge cases (liquidity shocks, correlated drawdowns, operational disruptions) that may be underrepresented in internal history, improving model challenge and scenario design.
- Privacy posture can shift from masking to measurement. If synthetic data reduces reliance on sensitive PII, privacy engineers can reallocate effort from repeated anonymization cycles toward validating synthetic data quality, leakage risk, and access controls.
- Governance becomes the make-or-break. Expect exam and audit focus to move toward documentation: how synthetic scenarios are generated, what constraints are enforced, how drift is monitored, and how outputs are reconciled to risk models used for capital planning.
- Implementation pressure hits 2026 planning cycles. With first adoption expected in 2026, banks that want to use synthetic scenarios will need to integrate generation, validation, and sign-off workflows into existing CCAR/DFAST production pipelines on a regulator timeline.