The board of directors is responsible for conducting the bank's affairs, including credit card activities. Credit card programs differ considerably among banks because a myriad of factors influence the lending environment. In general, factors include the type of institution, management's objectives and philosophies on diversification and risk, the accessibility of funds, credit demand, and available expertise. Establishing and maintaining a successful credit card program requires careful management attention to ensure that the risks (such as credit, market, operating/transaction, reputation, strategic, compliance, legal, and liquidity) are addressed. Active planning and oversight; competent personnel; adequate policies, processes, and controls; a comprehensive appropriate audit program and internal control environment; and effective risk monitoring and Management Information Systems (MIS) all demonstrate sound management practices that examiners should look for.
Examiners are tasked with determining whether management has ensured, prior to engaging in credit card lending, that proposed activities are consistent with the bank's overall business strategy and risk tolerances. Such an expectation applies to any type of credit card activity, including, but not limited to, purchasing a credit card portfolio or originating its own portfolio. Proceeding slowly and cautiously while developing the program helps minimize the impact of unforeseen personnel, technology, or internal control problems and determine if profitability estimates are realistic and sustainable. Examiners should look for evidence that the decision to implement any new project or program has been based on a thorough quantitative and qualitative analysis of the bank's current operations as well as the impact of the proposed program on the bank's future operations. Examiners should determine whether management adequately provides for proper identification, measurement, monitoring, and controlling of the risks of credit card activities, both in the program development stages and while offering credit card programs.
When determining the adequacy of management's planning process, examiners should consider the formality of the planning process in relation to the size and sophistication of the activities conducted (or proposed), the composition of the team involved in the process, the realistic nature of assumptions used, the monitoring of performance against plan, and the consideration of alternative plans in response to changing conditions. Examiners should not only evaluate the process, but should also evaluate the plan itself, taking into account the personnel, financial resources, and operating circumstances and conditions unique to the bank. When the goals and objectives chosen by directors are likely to or have resulted in significant financial harm to the bank, examiners are tasked with identifying the deficiencies in the plan and attempting to effect necessary changes. Glaring weaknesses in the plan or the absence of a satisfactory planning process are considered in the appraisal of management.
Risk Assessment
Management is responsible for performing a comprehensive and effective risk assessment consistent with the size and nature of the planned credit card activities prior to engaging in such credit card activities. Examiners should look for evidence that all involved parties have properly acknowledged and addressed critical business risk issues and that the risk assessment process is well-documented, extends beyond credit risk to appropriately incorporate other applicable risks, and considers external and internal factors. Common external factors that influence the risks include, but are not limited to: technology changes, competition, economic conditions and forecasts, political and regulatory conditions, and accounting guidance. Common internal factors that influence the risks include, but are not limited to: staffing, funding, information systems, growth, and risk appetite.
Subprime Lending
As part of the planning process, management might consider whether or not they intend to target the subprime market and/or purchase subprime credit card loans. Well-managed subprime credit card lending can be a profitable business; however, it is a high-risk activity and, as such, receives intense regulatory scrutiny. Successful subprime credit card lenders carefully control the elevated credit, operating, compliance, legal, market, and reputation risks as well as the higher overhead costs associated with more labor-intensive underwriting, servicing, and collections. For banks that are targeting the subprime market or purchasing subprime credit card loans, examiners should determine whether management has a clear understanding of the business and its inherent risks and has determined these risks to be acceptable and controllable given the bank's staff, financial condition, size, and level of capital support. Additional comments on subprime credit card lending are interjected in applicable sections throughout this manual.
Management Expertise and Staffing Needs
Examiners should identify whether the board has ensured that management and staff possess sufficient expertise to appropriately manage the risks involved with credit card lending and that staffing levels are adequate for the planned volume and complexity of the activity. Credit card lending requires specialized knowledge and skills, and, as such, the selection of competent management is critical to the successful operation of a bank's credit card program. Examiners are tasked with determining whether management has sufficiently identified key positions needed to carry out the program(s) and developed written descriptions of the positions' qualifications, responsibilities and expectations. Staffing levels are expected to be commensurate with the nature and volume of card activities undertaken. For example, entities engaging in higher-risk programs, such as those targeting the subprime market, may require additional collection staff compared to those conducting lesser-risk programs. Examiners should review the bank's organizational chart, staffing levels for credit card operations, and the qualifications of management to determine whether management and operational expertise as well as staff size are commensurate with the size, complexity, and risk profile of the bank and its credit card programs. Other examination tasks include ascertaining the appropriateness of salary levels and compensation arrangements and, if management relies on external advisors or consultants, determining whether the reliance is effective and properly managed.
Laws, Regulations, and Other Guidance
A keen awareness of the applicable and ever-changing laws, regulations, and other guidance is also key to the successful establishment and operation of credit card activities. Some laws, regulations, and guidance apply to all types of credit card programs. For example, the January 8, 2003 Account Management and Loss Allowance Guidance for Credit Card Lending generally applies to all banks that offer credit card programs. Other guidance, such as the March 1, 1999 Interagency Guidance on Subprime Lending, only applies to specific types of credit card lending (in this case, subprime). A wide assortment of other laws and guidance also apply, including, but not limited to, state laws and Association rules.
Examiners should review management's system to effect and monitor compliance with the laws, regulations, and guidance. Systems that lack provisions for training personnel or for making corrections as quickly as possible when violations do occur are normally cause for concern.
Committees
When determining an appropriate organizational structure in relation to planned activities, the board often appoints and authorizes committees to perform specific tasks and supervise certain phases of credit card operations. Examples of committees commonly encountered include:
- Underwriting Committee.
- Collections Committee.
- Credit Policy Committee.
- Marketing Committee.
- Audit Committee.
- Funds Management Committee.
- Securitization Committee.
Examiners should evaluate whether the committee structure reflects careful consideration by the board for ensuring that it is effective and adds value to the organization. Use of committees does not relieve the board of its fundamental responsibilities for actions taken by those groups. Review of committee meeting minutes commonly is not only a standard part of board meetings, but of examinations as well. Examiners review the committee structure (including charters and member lists) and sample the committee minutes to determine whether the board has provided a valuable committee structure that is consistent with the size, complexity, and nature of the bank and its credit card activities and that each committee is effectively fulfilling its role.
Policies and Procedures
The depth and detail of written policies varies, depending on the nature, scope, and complexity of the credit card operations. However, all banks should have written policies which are relevant to the bank's needs and circumstances and readily understood by all affected parties. Such policies should be in place before engaging in credit card activities and kept up to date thereafter.
Guidelines within lending policies demonstrate management's risk philosophy and strategic goals. Adherence to the policies demonstrates its ability to communicate, implement, and carry-out the directives. While not exhaustive, the following items illustrate broad areas of consideration almost always necessary to be addressed in the bank's lending policies.
- Guidelines governing the types of card products offered, methods of soliciting accounts, use of credit scoring systems, and the analysis of applicants.
- Goals for portfolio mix and risk diversification.
- Guidelines for interest rates, fees, and terms of repayment.
- Standards for documentation.
- Criteria for approving applicants and determining credit lines.
- Procedures for overriding policy and/or scoring system recommendations.
- Procedures for authorization and credit line increases as well as practices to reissue cards.
- Requirements for risk-identification systems and portfolio review, including monitoring delinquency and other asset quality indicators.
- Guidelines for the maintenance of an adequate ALLL and/or other loss allowances.
- Procedures for reducing or freezing credit lines.
- Guidelines for collections, including criteria for re-aging accounts, procedures for delinquency notification, and rules for using workout or other collection programs.
- Procedures for placing accounts on nonaccrual.
- Controls to prevent and detect fraud.
- Lending limits for credit analysts, supervisors, and officers.
- Charge-off guidelines.
- Adherence to consumer compliance rules and regulations.
Expanded discussions and examples of policies of particular importance are discussed in applicable sections of this manual. Those policies may act as stand-alone policies or may be incorporated into the lending policy. Examples include, but are not limited to:
- Marketing Policy.
- Underwriting Policy.
- Account Management Policies such as:
- Re-aging Policy.
- Over-limit Policy.
- Collection Program Policies.
- Credit Line Management Policy.
- Securitization Policy.
An appraisal of policy adequacy and the adherence thereto is one of the most important aspects of the examination process. For example, the conclusions regarding the condition of the bank and the quality of management are usually weighted heavily by findings during policy review. In addition to identifying the credit card policies used and assessing the policies' adequacy, examiners should also look for evidence that management has appropriately considered the bank's credit card activities in other bank policies, such as those covering asset/liability and funds management, profit planning and budgeting, capital planning, internal routine and controls, audit programs, consumer compliance, and vendor or third-party management. Examinations generally also include identifying whether management evaluates the effectiveness of, reviews, and revises policies as needed. When reviewing the policies, examiners gain an understanding of management's risk philosophy and strategic goals, the volume (or allowed volume) of credit card loans in relation to the bank's asset structure, the inherent risk of loss in the loans, and how the risk may impact not only the asset quality rating but other component areas as well.
Information System Needs
Examiners should confirm whether directors have considered information system needs relative to the planned credit card activities. Concern arises when management has not developed and implemented information systems that provide sufficient and accurate data to make informed decisions and to effectively monitor and manage credit card operations. Information system requirements vary depending on the size and complexity of the credit card operations but generally include the capability to provide information in a variety of ways (such as portfolio by portfolio; managed, securitized, and owned). An effective information system includes information from a number of sources, and the information serves a number of users, each having various needs. Quality, quantity, and timeliness are factors that determine the effectiveness of the information system environment. Examiners should verify the board's practices for ensuring that it receives pertinent information about the bank's credit card operations in concise, meaningful, and written form and management's practices for making certain that directors are kept fully informed on all important matters and that the records clearly reflect this.
Audits and Internal Controls
Examiners expect directors to remain well informed of the adequacy, effectiveness, and efficiency of accounting, operating, and administrative controls as well as the quality of ongoing credit card operations. Examiners should determine whether the board has carefully considered the extent of auditing needed to effectively monitor operations, internal controls, and financial reporting. Proper determination of necessary audit resources, either internal or external, considers the nature, complexity, and risk profile of the credit card activities as well as of the bank itself. Factors such as the dynamics of the card industry or increases in asset size normally result in the need for a continually growing and changing series of interrelated operating procedures, and these changes normally require management to periodically review and update the internal control system to ensure its effectiveness.
Testing and Product Roll Out
The intense competition within the credit card industry sometimes results in substantial pressures on management to roll out new products and marketing campaigns quickly, without customary and effective testing, in the hopes of capturing a product market before competitors. Product roll out without proper testing can result in substantial risk to the institution, including, but not limited to, sizable credit losses. In establishing a credit card program, management should ensure that it provides proper time and attention to product testing and roll out.
Examiners should evaluate the bank's testing and product roll out procedures including identifying the analytical procedures used to project the results of a particular solicitation or product and determining how management verifies projections before proceeding with a full-scale program. Management's testing timeframes may vary depending on the complexity of the product involved, but if the testing timeframe does not cover a sufficient period to properly determine performance, risk to the bank could be substantial. Testing methods are discussed in the Marketing and Acquisition chapter.
