Effective credit risk management is critical to a financial institution’s success – and ultimately its very survival. Most banks justifiably devote substantial resources to the effort. As a result, management teams understandably are eager to find opportunities to improve efficiency and make more effective use of resources in the credit risk management process. At the same time, those responsible for regulatory compliance frequently advocate for greater transparency in the process as well.
These concurrent aims – to achieve both greater efficiency and greater transparency – are not necessarily in conflict as most people believe. Many opportunities exist for banks to work toward these worthwhile objectives simultaneously.
Credit Risk Management – the Big Picture
The overall credit risk management discipline encompasses a broad range of activities, from the high-level identification, assessment, and analysis of various categories of risk down to the day-to-day measurement, control, and monitoring of specific risks, as illustrated in Exhibit 1 below.
Exhibit 1: The Credit Risk Management Process
Source: Crowe analysis
While board and senior executive attention generally focuses on the strategic aspects of the process including risk identification, assessment, and analysis, the greatest opportunities for improving efficiency and transparency are found primarily in the areas of risk measurement, control, and monitoring.
These are the recurring activities that bank employees carry out as part of the bank’s daily, weekly, and monthly credit risk management routine. In particular, they involve the routine gathering and analysis of customer financial data to monitor compliance with loan covenants and other policies. This part of the process is where the largest volume of work takes place – so it naturally offers the greatest opportunity for improving both efficiency and transparency.
The risk measurement, control, and monitoring function can be broken down further into six subprocesses:
- Data acquisition
- Data entry
- Data spreading and analysis
- Exception management
- Review and signoff
- Portfolio management
Each of these subprocesses presents its own particular challenges.
Measurement, Control, and Monitoring – a Closer Look
While the particulars of the various credit risk data management subprocesses are distinct, many of the challenges that arise can be traced back to a common root cause – the use of manual data sources and processes that are disconnected from financial institutions’ centralized systems. In addition to being inherently inefficient, the use of isolated data silos and independent analysis tools obscures transparency and reduces audit effectiveness.
With that recurring feature in mind, each of the following credit risk data management subprocesses merits a closer examination.
- Data Acquisition
The first step in credit data management is often the most disorderly. Customer financial information is acquired in a variety of ways – via paper, email, or fax – and often by various parties.
Financial analysts typically report they spend 10 to 15 percent of their time following up on late or missing financial statements from their customers – a poor use of their time. The security of sensitive financial data as it is being transmitted is also a concern. Auditors and, increasingly, regulators want a record of what was acquired and when it was reviewed.
Solutions and best practices: Many of these credit data acquisition challenges can be mitigated through the use of online portals that allow borrowers to submit required financial data directly to the institution. An automated online portal also can send reminders, other messages, and information to further strengthen the client relationship and can be configured to handle these communications with greater security than ordinary email or other means of transmittal.
Another best practice is to use a structured tracking system to monitor and report on required data submissions. Such systems provide integrated tracking of due dates for each type of required document, along with automated alerts for past-due reports and a clear, auditable record of submissions for improved transparency.
- Data Entry
Once required customer credit data has been received, it then must be entered into the institution’s spreading system. In addition to manual keying errors, this process also presents other less obvious management challenges.
For example, manually inputting data is highly time-consuming and a very inefficient use of an analyst’s time. Yet assigning the task to a centralized data entry department or outsourcing it to a third-party provider introduces new risks in terms of accuracy and data security. The standardized templates to which the data is applied often do not adequately reflect the specific circumstances of the client’s business. This can lead to errors and misinterpretations by those who are manually keying the data.
In most instances the financial data received from customers must be manipulated or grouped during manual entry. This often requires some adjustment of the numbers to make the client-provided metrics consistent with industry standards or prior reporting periods. Not only are such manual adjustments time-consuming and inefficient, they also can introduce subjective decision-making into the process and further obscure the audit trail.
Solutions and best practices: Automated data extraction is a first step toward reducing the time and risk associated with manual data entry. Beyond extraction, more comprehensive data solutions automate the mapping process and standardize any adjustments that must be made. Automated data solutions also can help minimize the inconsistencies that could occur due to personnel changes among the bank employees who are making the data adjustments, while also providing clearly documented and traceable processes for audit and follow-up.
- Data Spreading and Analysis
The adjustments that were made during the data entry phase were only the first of several opportunities for errors and subjective judgment to enter into the picture. The use of isolated or off-system analysis tools presents additional challenges as data is imported into spreadsheets or other software. The risks of distortion and lack of accountability are multiplied with each separate analysis tool or one-off process step that is introduced.
Solutions and best practices: To be effective and supportable, the various data spreading and analysis tools must be integrated and coordinated. Doing so not only eliminates the inherent inefficiency of manually inputting data into each tool, it also helps the institution develop a single, consistent view of each customer, and greatly enhances confidence in the integrity and timeliness of that view. In addition, because critical metrics and performance indicators vary from one industry to another, it is important that deep industry-specific analysis tools are built directly into the spreading systems.
- Exception Management
Regulators devote considerable time and attention to evaluating the effectiveness of the systems used to identify, measure, track, and respond to customers who fail to maintain compliance with credit policies, covenants, and standards. All too often, such policy and covenant exceptions are not flagged and recorded systematically, and the action plans banks implement to address these exceptions are tracked offline.
As with the other instances of manual, off-system tools and processes, such disconnected exception management approaches make it difficult to develop an organizationwide view of exception patterns and trends. They also make it difficult to demonstrate that the institution is taking a consistent management approach to credit risk management.
Solutions and best practices: Three industry-leading practices can help banks address this area of concern. One is the use of systematic exception alerts to identify policy or covenant violations, coupled with automated tracking of exception histories and related actions. A second is the consistent and timely monitoring of peer data – including both industry data and comparisons within the institution’s own portfolio. Such analysis can help identify trends and early warning signs, not only on individual loans but also portfoliowide.
The third critical practice is automated reconciliation of the various information sources. This is done using tools that automatically compare customer-submitted internal financial statements with audited financial statements or tax returns, for example, and then identify needed adjustments.
- Review and Signoff
Many banks lack a guided workflow for determining which credit reviews are awaiting signoff, how reviews are prioritized, and the predetermined criteria to be used in the review. In addition, loan or portfolio reviews often focus on a narrow set of factors, rather than encompassing a full, 360-degree view of the customer relationship. A lack of consistent standards also makes auditing the timely performance of required reviews and reporting more difficult and time-consuming.
Solutions and best practices: Automated workflow solutions are widely recognized for their usefulness in helping to improve consistency and productivity during the loan origination process. In the same way, such solutions can also greatly improve performance in loan servicing and risk management by helping to prioritize analysts’ work queues and provide a systematic, paperless workflow that culminates in management signoff. The use of automated workflows also enables more accurate and timely tracking of analyst productivity and work adjustments and can help identify retraining opportunities.
- Portfolio Management
As individual relationship managers complete the five preceding work processes, the downstream effects are felt at the portfolio level. Just as automation and analysis systems can provide valuable tools for improving efficiency, consistency, and overall performance in managing the risk from individual customers, these same systems offer comparable improvement opportunities at the portfolio level.
Solutions and best practices: Centralized data warehouses offer additional opportunities to improve performance and transparency by enabling portfolio managers to track and analyze risk concentrations and other factors on a portfoliowide basis. Automated portfolio compliance reporting can help alleviate the burden when regulators introduce new reporting requirements or stress-testing scenarios. Today’s industry leaders also are increasing their use of sophisticated forecasting and projection tools to perform scenario-based projections at both the relationship and portfolio level.
Opportunities for Improvement
While the general promise of improvements in efficiency and transparency is always attractive to management, the decision to actually implement automated credit data management system components will require more specific justification. The business-case justification for such systems generally involves three broad categories of benefits: reduced risk, lowered costs, and increased revenue.
Risk reductions can be achieved through earlier detection of noncompliant loans, which allows for earlier intervention. A simplified and more efficient audit process also helps lower risk, as does the additional time that analysts can devote to their primary responsibilities when they no longer are tied up in time-consuming manual data acquisition, data entry, and follow-up.
Similarly, front-line managers can devote more of their time to developing revenue-producing relationships and building competitive advantage. Finally, cost savings can be achieved through reductions in rework and error correction, streamlined decision-making, and more efficient use of personnel with specialized skills.
The potential ability to achieve such benefits, combined with the continuing and pressing need for both greater efficiency and greater transparency, can make the introduction of improved credit risk management systems a worthwhile endeavor in financial institutions of all types and sizes.