Yearly Archives: 2009

Part 1 In reality, we are always facing potential issues in our small business portfolio, it is just the nature of that particular beast. Real problems occur, though, when we begin to take the attitude that nothing can go wrong, that we have finally found the magic formula that has created the invincible portfolio.  We’re in trouble when we actually believe that we have the perfect origination machine to generate a portfolio that has a constant and acceptable delinquency and charge-off performance. So, we all can agree that we need to keep a watchful eye on the small business portfolio.  But how do we do this?  How do we monitor a portfolio that has a high number of accounts but a relatively low dollar amount in actual outstandings? The traditional commercial portfolio provides sufficient operating income and poses enough individual client credit risk that we can take the same approach on each individual credit and still maintain an acceptable level of profitability.  But, the small business portfolio doesn’t generate sufficient profitability nor has individual loan risk to utilize the traditional commercial loan portfolio risk management techniques. Facing these economic constraints, the typical approach is to simply monitor by delinquency and address the problems as they arise.  One traditional method that is typically retained is the annual maturity of the lines of credit.  Because of loan matures, financial institutions are performing annual renewals and re-underwriting these lines of credit -- and complete that process through a full re-documentation of the line. We make nominal improvements in the process by changing the maturity dates of the lines from one year to two or three year maturities or, in the case of real estate secured lines, a five year maturity.  While such an approach reduces the number of renewals that must be performed in a particular year, it does not change the basic methodology of portfolio risk management, regularly scheduled reviews of the lines.  In addition, such methodology simply puts us back to the use of collections to actually manage the portfolio and only serves to extend the time between reviews. Visit my next post for the additional pitfalls around individual risk rating and ways to better monitor your small business portfolio.

I have heard this question posed and you may be asking yourselves: Why are referral volumes (the potential that the account origination or maintenance process will get bogged down due to a significant number of red flags detected) such a significant operations concern? These concerns are not without merit.  Because of the new Red Flag Rules, financial institutions are likely to be more cautious.  As a result, many transactions may be subject to greater customer identification scrutiny than is necessary. Organizations may be able to control referral volumes through the use of automated tools that evaluate the level of identity theft risk in a given transaction.  For example, customers with a low-risk authentication score can be moved quickly through the account origination process absent any additional red flags detected in the ordinary course of the application or transaction.  In fact, using such tools may allow organizations to quicken the origination process for customers. They can then identify and focus resources on transactions that pose the greatest potential for identity theft. A risk-based approach to Red Flags compliance affords an institution the ability to reconcile the majority of detected Red Flag conditions efficiently, consistently and with minimal consumer impact.  Detection of Red Flag conditions is only half the battle.  Responding to those conditions is a substantial problem to solve for most institutions.  A response policy that incorporates scoring, alternate data sources and flexible decisioning can reduce the majority of referrals to real-time approvals without staff intervention or customer hardship.   

What is your greatest concern as the May 1, 2009 enforcement date approaches for all guidelines in the Identity Theft Red Flags Rule?

By: Tom Hannagan I have referred to risk-adjusted commercial loan pricing (or the lack of it) in previous posts. At times, I’ve commented on aspects of risk-based pricing and risk-based bank performance measurement, but I haven’t discussed what risk-based pricing is -- in a comprehensive manner. Perhaps I can begin to do that now and in my next posts. Risk-based pricing analysis is a product-level microcosm of risk-based bank performance. It begins by looking at the financial implications of a product sale from a cost accounting perspective. This means calculating the revenues associated with a loan, including the interest income and any fee-based income.  These revenues need to be spread over the life of the loan, while taking into account the amortization characteristics of the balance (or average usage for a line of credit). To save effort (and to provide good client relationship management), we often download the balance and rate information for existing loans from a bank’s loan accounting system. To “risk-adjust” the interest income, you need to apply a cost of funds that has the same implied market risk characteristics as the loan balance. This is not like the bank’s actual cost of funds for several reasons. Most importantly, there is usually no automatic risk-based matching between the manner in which the bank makes loans and the term characteristics of its deposits and/or borrowing. Once we establish a cost of funds approach that removes interest rate risk from the loan, we subtract the risk-adjusted interest expense from the revenues to arrive at risk-adjusted net interest income, or our risk-adjusted gross margin. We then subtract two types of costs. One cost includes the administrative or overhead expenses associated with the product. Our best practice is to derive an approach to operating expense breakdowns that takes into account all of the bank’s non-interest expenses. This is a “full absorption” method of cost accounting. We want to know the marginal cost of doing business, but if we just apply the marginal cost to all loans, a large portion of real-life expenses won’t be covered by resulting pricing. As a result, the bank’s profits may suffer. We fully understand the argument for marginal cost coverage, but have seen the unfortunate end. Using this lower cost factor can hurt a bank’s bottom line. Administrative cost does not normally require additional risk adjustment, as any risk-based operational expenses and costs of mitigating operation risk are already included in the bank’s general ledger for non-interest expenses. The second expense subtracted from net interest income is credit risk cost. This is not the same as the bank’s provision expense, and is certainly not the same as the loss provision in any one accounting period.  The credit risk cost for pricing purposes should be risk adjusted based on both product type (usually loan collateral category) and the bank’s risk rating for the loan in question. This metric will calculate the relative probability of default for the borrower combined with the loss given default for the loan type in question. We usually annualize the expected loss numbers by taking into account a multi-year history and a one- or two-year projection of net loan losses. These losses are broken down by loan type and risk rating based on the bank’s actual distribution of loan balances. The risk costs by risk rating are then created using an up-sloping curve that is similar in shape to an industry default experience curve. This assures a realistic differentiation of losses by risk rating. Many banks have loss curves that are too flat in nature, resulting in little or no price differentiation based on credit quality. This leads to poor risk-based performance metrics and, ultimately, to poor overall financial performance. The loss expense curves are fine-tuned so that over a period of years the total credit risk costs, when applied to the entire portfolio, should cover the average annual expected loss experience of the bank. By subtracting the operating expenses and credit risk loss from risk-adjusted net interest income, we arrive at risk-adjusted pre-tax income. In my next post I’ll expand this discussion further to risk-adjusted net income, capital allocation for unexpected loss and profit ratio considerations.

 I’ve talked (sorry, blogged) previously about taking a risk-based approach to reconciling initial Red Flag Rule conditions in your applications, transactions, or accounts.  In short, that risk-based approach incorporates a more holistic view of a consumer in determining overall risk associated with that identity.  This risk can be assessed via an authentication score, alternate data sources and/or verification results.  I also want to point out the potential value of knowledge-based authentication (a.k.a. out-of-wallet questions) in providing an extra level of confidence in progressing a consumer transaction or application in light of an initially detected Red Flag condition. In Experian’s Fraud and Identity Solutions business, we have some clients who are effectively embedding the use of knowledge-based authentication into their overall Red Flags Identity Theft Prevention Program.  In doing so, they are able to identify the majority of higher risk conditions and transactions and positively authenticate those initiating consumers via a series of interactive questions designed to be more easily answered by a legitimate individual -- and more difficult for a fraudster.  Using knowledge-based authentication can provide the following values to your overall process: 1. Consistency: Utilizing a hosted and standard process can reduce potential subjectivity in decisioning.  Subjectivity is not a friend to examiners or to your bottom line. 2. Measurability: Question performance and reporting allows for ongoing monitoring and optimization of decisioning strategies.  Plus, examiners will appreciate the metrics. 3. Customer Experience: This is a buzzword these days for sure.  Better to place a customer through a handful of interactive questions, than to ask them to fax in documentation --or to take part in a face-to-face authentication. 4. Cost: See the three values above…Plus, a typical knowledge-based authentication session may well be more cost effective from an FTE/manual review perspective. Now, keep in mind that the use of knowledge-based authentication is certainly a process that should be approved by your internal compliance and legal teams for use in your Red Flags Identity Theft Prevention Program.  That said, with sound decisioning strategies based on authentication question performance in combination with overall authentication results and scores, you can be well-positioned to positively progress the vast majority of consumers into profitable accounts and transactions without incurring undue costs.