Yearly Archives: 2009

By: Tom Hannagan Part 1 In my last post about risk-based pricing, we started a discussion of the major elements involved in the risk adjustment of loan pricing. We got down to a risk-adjusted pre-tax profit amount. Not to divert the present discussion too much, but we often use pre-tax performance numbers for entity level comparisons to avoid the vagaries of tax treatments. Some banks are sub-S corporations, while most are C corporations. There are differences in state tax levels and, there may be other tax deferral strategies such as, leasing activity and/or securities adjustments that can affect these after-tax numbers. So, pre-tax data can be very useful.   After-tax profit and profitability ratios For internal comparisons across loans, client, lenders and other lines of business; and to better understand how the risk-adjusted profit from a loan or a relationship relate to overall bank performance, we prefer to get to an after-tax profit and profitability ratio. This is also necessary to compare loans or portfolios involving tax-exempt entities to loans with taxable interest income. To do this, we apply the bank’s average effective income tax rate (including federal and state) to the pre-tax result, with the exception of tax exempt loans. This gives us risk-adjusted net income (or profit) at the loan level.   By arriving at risk-based profit estimates at the product level, we then have the opportunity to accumulate these for multi-product client relationships, or at lender or market segment levels. Clients can then go on to analyze the profit results in comparison to their distribution of risk ratings and break the risk-adjusted returns down by loan/collateral type, client geography or industry. Some banks have graphical displays of these results.   In addition to profit level, and to assist with comparative capability, we continue to one or more profitability ratios. You can divide the profit amount by the average loan balance to get a risk-adjusted return on assets (ROA).   ROA =        Profit amount Average loan balance   This is very helpful for looking at asset product performance and has been used historically by the banking industry for risk-based pricing. Many banks have moved beyond ROA and now focus on return on equity (ROE). For a more comprehensive discussion of ROA and ROE see my post from December 6, 2008.   I will continue in my next post about Return on Equity.

Part 2 To continue the discussion from my last post, we also must realize that the small business borrower typically doesn’t wait until we are ready to perform our regularly scheduled risk management review to begin to show problems.  While a delinquent payment is a definite sign of a problem with the borrower, the occurrence of a delinquent payment is often simply too late for any type of corrective action and will result in a high rate of loss or transfer to special assets. There are additional pitfalls around the individual risk rating of the small business borrower or the small business loans; but, I won’t discuss those here.  Suffice to say, we can agree that the following holds true for portfolio risk management of small business loans: Active portfolio management is a must; Traditional commercial portfolio management techniques are not applicable due to the cost and effectiveness for the typical small business portfolio; and Collection efforts conducted at the time of a delinquency is too late in the process. One last thing, the regulators are starting to place higher demands on financial institutions for the identification and management of risk in the small business portfolio.  It is becoming urgent and necessary to take a different approach to monitor that portfolio. Just as we have learned from the consumer approach for originating the loans, we can also learn from the basic techniques used for consumer loan portfolio risk management. We have to rely upon information that is readily available and does not require the involvement of the borrower to provide such information.  Basically, this means that we need to gather information (such as updated business scores and behavioral data) from our loan accounting platforms to provide us with an indication of potential problems.  We need to do that in an automated fashion.  From such information we can begin to monitor: Changes in the business score of the small business borrower; Frequency and severity of delinquencies; Balances maintained on a line of credit; and Changes in deposit balances or activity including overdraft activity. This list is not exhaustive, but it represents a solid body of information that is both readily available and useful in determining the risk present in our small business portfolio.  With technology enabling a more automated assessment of these factors, we have laid the groundwork to develop an efficient and effective approach to small business portfolio management.  Such an approach provides real- time regular assessment of the portfolio, its overall composition and the necessary components needed to identify the potential problem credits within the portfolio. It is past time to take a new approach toward the proactive portfolio management of our small business loan portfolio retaining the spirit of commercial credit while adapting the techniques of consumer portfolio management to the small business portfolio.

Part 1 In reality, we are always facing potential issues in our small business portfolio, it is just the nature of that particular beast. Real problems occur, though, when we begin to take the attitude that nothing can go wrong, that we have finally found the magic formula that has created the invincible portfolio.  We’re in trouble when we actually believe that we have the perfect origination machine to generate a portfolio that has a constant and acceptable delinquency and charge-off performance. So, we all can agree that we need to keep a watchful eye on the small business portfolio.  But how do we do this?  How do we monitor a portfolio that has a high number of accounts but a relatively low dollar amount in actual outstandings? The traditional commercial portfolio provides sufficient operating income and poses enough individual client credit risk that we can take the same approach on each individual credit and still maintain an acceptable level of profitability.  But, the small business portfolio doesn’t generate sufficient profitability nor has individual loan risk to utilize the traditional commercial loan portfolio risk management techniques. Facing these economic constraints, the typical approach is to simply monitor by delinquency and address the problems as they arise.  One traditional method that is typically retained is the annual maturity of the lines of credit.  Because of loan matures, financial institutions are performing annual renewals and re-underwriting these lines of credit -- and complete that process through a full re-documentation of the line. We make nominal improvements in the process by changing the maturity dates of the lines from one year to two or three year maturities or, in the case of real estate secured lines, a five year maturity.  While such an approach reduces the number of renewals that must be performed in a particular year, it does not change the basic methodology of portfolio risk management, regularly scheduled reviews of the lines.  In addition, such methodology simply puts us back to the use of collections to actually manage the portfolio and only serves to extend the time between reviews. Visit my next post for the additional pitfalls around individual risk rating and ways to better monitor your small business portfolio.

I have heard this question posed and you may be asking yourselves: Why are referral volumes (the potential that the account origination or maintenance process will get bogged down due to a significant number of red flags detected) such a significant operations concern? These concerns are not without merit.  Because of the new Red Flag Rules, financial institutions are likely to be more cautious.  As a result, many transactions may be subject to greater customer identification scrutiny than is necessary. Organizations may be able to control referral volumes through the use of automated tools that evaluate the level of identity theft risk in a given transaction.  For example, customers with a low-risk authentication score can be moved quickly through the account origination process absent any additional red flags detected in the ordinary course of the application or transaction.  In fact, using such tools may allow organizations to quicken the origination process for customers. They can then identify and focus resources on transactions that pose the greatest potential for identity theft. A risk-based approach to Red Flags compliance affords an institution the ability to reconcile the majority of detected Red Flag conditions efficiently, consistently and with minimal consumer impact.  Detection of Red Flag conditions is only half the battle.  Responding to those conditions is a substantial problem to solve for most institutions.  A response policy that incorporates scoring, alternate data sources and flexible decisioning can reduce the majority of referrals to real-time approvals without staff intervention or customer hardship.   

What is your greatest concern as the May 1, 2009 enforcement date approaches for all guidelines in the Identity Theft Red Flags Rule?

By: Tom Hannagan I have referred to risk-adjusted commercial loan pricing (or the lack of it) in previous posts. At times, I’ve commented on aspects of risk-based pricing and risk-based bank performance measurement, but I haven’t discussed what risk-based pricing is -- in a comprehensive manner. Perhaps I can begin to do that now and in my next posts. Risk-based pricing analysis is a product-level microcosm of risk-based bank performance. It begins by looking at the financial implications of a product sale from a cost accounting perspective. This means calculating the revenues associated with a loan, including the interest income and any fee-based income.  These revenues need to be spread over the life of the loan, while taking into account the amortization characteristics of the balance (or average usage for a line of credit). To save effort (and to provide good client relationship management), we often download the balance and rate information for existing loans from a bank’s loan accounting system. To “risk-adjust” the interest income, you need to apply a cost of funds that has the same implied market risk characteristics as the loan balance. This is not like the bank’s actual cost of funds for several reasons. Most importantly, there is usually no automatic risk-based matching between the manner in which the bank makes loans and the term characteristics of its deposits and/or borrowing. Once we establish a cost of funds approach that removes interest rate risk from the loan, we subtract the risk-adjusted interest expense from the revenues to arrive at risk-adjusted net interest income, or our risk-adjusted gross margin. We then subtract two types of costs. One cost includes the administrative or overhead expenses associated with the product. Our best practice is to derive an approach to operating expense breakdowns that takes into account all of the bank’s non-interest expenses. This is a “full absorption” method of cost accounting. We want to know the marginal cost of doing business, but if we just apply the marginal cost to all loans, a large portion of real-life expenses won’t be covered by resulting pricing. As a result, the bank’s profits may suffer. We fully understand the argument for marginal cost coverage, but have seen the unfortunate end. Using this lower cost factor can hurt a bank’s bottom line. Administrative cost does not normally require additional risk adjustment, as any risk-based operational expenses and costs of mitigating operation risk are already included in the bank’s general ledger for non-interest expenses. The second expense subtracted from net interest income is credit risk cost. This is not the same as the bank’s provision expense, and is certainly not the same as the loss provision in any one accounting period.  The credit risk cost for pricing purposes should be risk adjusted based on both product type (usually loan collateral category) and the bank’s risk rating for the loan in question. This metric will calculate the relative probability of default for the borrower combined with the loss given default for the loan type in question. We usually annualize the expected loss numbers by taking into account a multi-year history and a one- or two-year projection of net loan losses. These losses are broken down by loan type and risk rating based on the bank’s actual distribution of loan balances. The risk costs by risk rating are then created using an up-sloping curve that is similar in shape to an industry default experience curve. This assures a realistic differentiation of losses by risk rating. Many banks have loss curves that are too flat in nature, resulting in little or no price differentiation based on credit quality. This leads to poor risk-based performance metrics and, ultimately, to poor overall financial performance. The loss expense curves are fine-tuned so that over a period of years the total credit risk costs, when applied to the entire portfolio, should cover the average annual expected loss experience of the bank. By subtracting the operating expenses and credit risk loss from risk-adjusted net interest income, we arrive at risk-adjusted pre-tax income. In my next post I’ll expand this discussion further to risk-adjusted net income, capital allocation for unexpected loss and profit ratio considerations.

 I’ve talked (sorry, blogged) previously about taking a risk-based approach to reconciling initial Red Flag Rule conditions in your applications, transactions, or accounts.  In short, that risk-based approach incorporates a more holistic view of a consumer in determining overall risk associated with that identity.  This risk can be assessed via an authentication score, alternate data sources and/or verification results.  I also want to point out the potential value of knowledge-based authentication (a.k.a. out-of-wallet questions) in providing an extra level of confidence in progressing a consumer transaction or application in light of an initially detected Red Flag condition. In Experian’s Fraud and Identity Solutions business, we have some clients who are effectively embedding the use of knowledge-based authentication into their overall Red Flags Identity Theft Prevention Program.  In doing so, they are able to identify the majority of higher risk conditions and transactions and positively authenticate those initiating consumers via a series of interactive questions designed to be more easily answered by a legitimate individual -- and more difficult for a fraudster.  Using knowledge-based authentication can provide the following values to your overall process: 1. Consistency: Utilizing a hosted and standard process can reduce potential subjectivity in decisioning.  Subjectivity is not a friend to examiners or to your bottom line. 2. Measurability: Question performance and reporting allows for ongoing monitoring and optimization of decisioning strategies.  Plus, examiners will appreciate the metrics. 3. Customer Experience: This is a buzzword these days for sure.  Better to place a customer through a handful of interactive questions, than to ask them to fax in documentation --or to take part in a face-to-face authentication. 4. Cost: See the three values above…Plus, a typical knowledge-based authentication session may well be more cost effective from an FTE/manual review perspective. Now, keep in mind that the use of knowledge-based authentication is certainly a process that should be approved by your internal compliance and legal teams for use in your Red Flags Identity Theft Prevention Program.  That said, with sound decisioning strategies based on authentication question performance in combination with overall authentication results and scores, you can be well-positioned to positively progress the vast majority of consumers into profitable accounts and transactions without incurring undue costs.