Loan Review

Credit Risk Review (a/k/a Loan Review): A Value or a Burden?

For over 30 years, the regulators have advocated, or required, an independent validation of credit risk.  There is a good business reason for this function if managed well.  Banks spend a lot of money on CRR and internal audit, and in today’s heavy cost, heavily regulated banking world, you need to get optimum value for every dollar spent.  But is the board getting what it needs from it to influence decision making on strategic direction, personnel management and other key lending components?

 *Are you getting a mixed message from your regulator on CRR?

*Do you view CRR as largely necessary to satisfy Regulators and External Auditors?

*What questions does your board or management team ask about the value added?

*And finally: Is it risk based?

 This article identifies common misconceptions and deficiencies in CRR functions that we’ve evaluated in our roles as former regulators, bankers, or as independent consultants.  These reflections hopefully will assist you to proactively manage your CRR function. We routinely (yes, routinely) see such weak performance of CRR that it provides no reliable validation of loan risk ratings, overall portfolio quality or credit administration.  Following are, by order of impact, major observations: 

 1.      Hiring a CRR vendor to perform the function and failing to adequately police its performance or manage the process.  This is far and away the cause of the biggest loss of value.  It is unwise to hand off planning and execution to a vendor and assume it’s handled well.  Deficiencies include:

o   poorly conceived scope coupled with weak or nonexistent risk-based focus.

o   excessive coverage.  Over time, a paradigm has evolved that more coverage is better, and is favored by the regulators.  This is false, and is causing a huge waste of money.  We now commonly see annual CRR file review coverage of 60-80% of outstandings/commitments.  Moreover, the same borrowers and categories are reviewed year after year. While it looks good to show the board, regulators and auditors, the benefit is illusory and here’s why:

§  We have found that such penetration imbues production pressure on the people performing the file work.  This leads to a rush through files and, sometimes, failure to even discuss the credits with loan officers to assure a sound evaluation of the borrower.  Our tests of this work find shallow analysis, unsupported risk ratings, factual errors in calculations leading to incorrect conclusions, missed documentation defects, poor appraisal reviews and weak collateral analyses; all adding up to unreliable systemic findings on your credit world. 

§  To put into perspective, coverage of 60-80% is typically required only when a bank teeters on failure, and the regulators require this level of penetration to verify the extent of loss exposure in the portfolio.  Conversely, a good risk based approach should not target a coverage ratio, but also should not need to exceed 20-40% per year.  This can vary by year depending on how solid your credit function is based on CRR results. 

o   Conclusion oriented observations get lost in the bulk of the thick binder that is delivered to the board by the vendor after each target.  Further, the vendor report is often full of loan portfolio statistics that simply restate what is already in the routine board reports. You are charged for information you already have.  A board member does not have time to sift through this in search of meaningful conclusions.     

o   Overall conclusions are generic statements that provide little insight on validating the bank’s credit risk management.  Worse, these often provide false comfort to the board.  The author of this article has evaluated CRR in dozens of banks over the past 30 years, often after having identified systemic credit quality, underwriting and administration deficiencies in the subject bank.  In no case did CRR ever identify the systemic problems prior to the regulator doing so.   

2.      Inattentive Board/Audit Committee toward managing the process.  While CRR and Internal Audit are designed to be independent validation tools, it is often clear via discussions with board and audit committee members that they are not focused on where the risk is when providing direction on coverage or reviewing results of work performed.  This is usually due to inadequate training of board or committee members on risk based approaches; leading to inordinate participation by lending executives in administering the process, thus diluting independence. 

3.      Using unqualified or unmotivated personnel to perform in house CRR.  This is usually present when the bank is merely showing the regulators and auditors that it has a CRR.  We sometimes find that they are ‘going through the motions’, and committing many of the shortcomings described above.  The tone from the top does not illuminate the importance of the function.  Without a solid commitment from the top and sound execution, value is tepid or absent.

 At Pactola, we would be happy to meet with you to discuss our observations on how to maximize the value of your CRR.  We also have similar observations on internal audit and are qualified to address that as well.  It is very possible that you could cut the costs of these functions while providing more concise, risk based feedback to the board that feeds into good decision making.

Gary Stoley brings over four decades of experience with commercial, agricultural, syndications, asset based lending, leveraged transactions and retail. He has spent over 33 years with the Office of Comptroller of the Currency and then an additional five as a contractor for that agency. More info can be found at: https://pactola.com/credit-risk-advisory-services