This article is drawn from examiner observations about the loan risk grading systems- at selected large state nonmember banks and is intended to illustrate credit grading systems, policies, and processes that were observed to be effective, repeatable, well-governed, and able to mature with business model changes. While much of the discussion is most relevant to larger or more complex banks, some smaller banks may find the topics to be of interest as well. As usual with Supervisory Insights, the article is intended as an informational resource for interested persons and does not create new requirements or establish new supervisory expectations.
Effective management of the lending function is central to the business of banking. In turn, an effective risk evaluation process is a pre-requisite for successful lending. Banks’ processes for risk rating or grading loans help management make informed lending decisions and monitor risk on an ongoing basis. The implications of grading processes are far-reaching and can extend to approving credits, setting loan terms, monitoring the loan portfolio and mitigating risk, establishing an appropriate allowance for credit losses, maintaining adequate capital, and strategic planning more broadly.
Banks employ a wide range of practices when measuring credit risk and assigning credit grades. For community banks, the process may involve a straightforward approach using expert judgment to map credits to regulatory rating definitions, (i.e., Pass, Special Mention, Substandard, Doubtful, and Loss).1 Community banks often apply broad judgmental factors to grade credits using these definitions and may rely less on quantitative measures. As the size and complexity of operations of an institution increases, more sophisticated methodologies may be applied to measuring and monitoring credit risk. For example, a bank may develop unique internal scorecards or expected loss models for significant portfolios that numerically rank- order credit risk. Additionally, some banks may adopt more complex methodologies to support Current Expected Credit Losses (CECL) adoption.
How Banks Use Credit Grading Systems
There is no one correct system for grading loans, and as noted, approaches vary widely across banks of different sizes and levels of complexity. Regardless of the size and complexity of an institution, credit grading systems are integral to ongoing credit portfolio risk monitoring because they enable management to differentiate risk by individual credit facility, relationship, or portfolio; to monitor movement between credit risk grades over time; and to allocate reserves to plan for potential loss.
Effective loan risk grading helps management minimize credit risk both at origination and on an ongoing basis. Credit risk grading systems are often used as part of the credit underwriting and approval processes by providing input for determining the appropriate structure of a credit facility (e.g., term, fixed/variable, guarantor support, etc.), as well as how to best price the loan based on risk. On an ongoing basis, an effective credit risk grading system can provide a framework to ensure that riskier credits are reviewed more frequently, which can result in early identification of developing problems and lead to timely risk mitigation efforts including credit restructuring, obtaining additional collateral, or attaining guarantor support. Credit risk grading systems also provide a key input for management information systems (MIS),2 which allow senior executives and board members (Board) to more readily aggregate and assess risk in support of strategic decision-making. For example, risk grade analyses can help shape underwriting criteria, loan growth plans, and a bank’s overall risk appetite.
Institutions use credit risk grades to determine the appropriate level of the allowance for credit losses.3 Looking ahead, credit risk grading could play a role as banks implement the CECL methodology. The Frequently Asked Questions (FAQs) on the New Accounting Standard on Financial Instruments – Credit Losses issued by the FDIC on December 19, 2016, notes that CECL requires banks to measure expected credit losses on financial assets when similar risk characteristics exist. According to the FAQs, loans can be segmented by credit grades to meet the risk characteristic requirement.4
The FDIC analyzed the credit risk grading programs at 16 large state nonmember banks representing a range of commercial and commercial real estate lending activities
and geographic markets.5 These institutions had differing programs in terms of the number of risk grades, definitions associated with each risk grade, and methodologies to assign grades. The following is an overview of examiner observations from the horizontal analysis.
Importance of Risk Grading Definitions
Several of the credit grading programs reviewed had grades with risk categories that were extremely broad or that used terms to describe credit risk that were not well defined. For example, banks would describe a risk grade “4” as acceptable risk with acceptable debt service coverage capability but not define the term acceptable or tie the definition to financial metric thresholds. Several credit grading processes were not transparent to an independent reviewer. That is, the process for assigning grades to specific credits was not obvious or intuitive based on a review of definitions and other available information. Opaque grading processes make it challenging for credit reviewers to assess the appropriateness of grading, which limits the ability of the second line of defense to affirm risk. Certain credit grading processes did not consistently rank-order risk. For example, a loan with better performance and financial metrics was graded lower or classified as riskier than loans with worse performance or financial metrics. The following sections highlight the importance of clear risk grade definitions and grading methodologies that rank-order risk.
Use of Expert Judgement
In general, smaller institutions used expert judgment based systems wherein a loan officer or relationship manager assigns a grade based on their judgment and knowledge of the credit. A primary challenge of an expert judgment system is ensuring that the criteria for grading credits is clear and that grades are applied consistently so that the process is repeatable. The following examples demonstrate instances where expert judgment can result in credit grading that is not accurate or directionally consistent:
Two loans are secured by similar properties that are ten blocks apart in a major metropolitan area. The credits are generally structured the same (i.e., term, rate, etc.) but have different guarantors. The guarantors have similar liquidity positions. The loans are serviced by different relationship managers. The following table compares important financial metrics and levels of guarantor support for each loan.
|Property Type||Risk Grade||Guarantor||Loan-to- Value||Bank Debt Service Coverage Ratio|
|1 – Apartment building||5 – Lowest Pass||Unlimited||56.96%||1.66|
|2 – Apartment building||4 – Acceptable||Limited – Carve Outs 6||57.41%||1.31|
In this example, the loans have consistent repayment histories and similar loan-to-value (LTV) ratios. Loan 1 has unlimited guarantor support whereas Loan 2 has only limited guarantor support. Additionally, Loan 1 has more cash flow available to service the debt. It is unclear why Loan 1 was assigned a lower risk grade, given its stronger guarantor support and debt service coverage. The process relied on expert judgment, allowing relationship managers to assign any grade, and did not apply any thresholds in terms of financial metrics or other factors to help define the risk grades or better inform their decision. Further, the loan review function did not compare grades in the portfolio to determine whether grading was consistent and appropriately rank-ordered risk.
Two loans are secured by similar properties and have the same guarantor. The credits are generally structured the same (i.e., term, fixed, etc.) and have the same relationship manager. The following table compares important financial metrics and levels of guarantor support for each loan.
|Property Type||Risk Grade||Guarantor||Loan-to- Value||Bank Debt Service Coverage Ratio|
|1 – Mixed Use Building – retail and apartments||4 – Acceptable||Unlimited||70.72%||1.31|
|2 – Mixed Use Building – retail and apartments||5 – Low Pass||Unlimited||56.98%||1.79|
The loans have consistent repayment histories. Loan 2 has more collateral support, based on a lower LTV ratio, and substantially more cash flow available to service the debt. These credits are serviced by the same relationship manager and were graded within days of each other. It is unclear why Loan 2 was given a lower risk grade given the stronger collateral and cash flow support. This risk grading system was also expert judgment based, and the risk grades assigned by the relationship manager do not appear directionally consistent.
These examples are intended to suggest the importance of having clear definitions and thresholds for credit risk grades, as well as a robust credit review function to determine whether grading is conducted transparently and consistently, that is, so an independent reviewer of the process can understand how grades are assigned based on available policies and documentation. This independent review function provides necessary internal controls so that management and boards can rely on internal reports documenting the levels and trends of credit risk.
Use of Scorecards and Models
Certain banks in the horizontal assessment used scorecards or modeled approaches to assign credit grades. In general, as banks grew in size and complexity, management would transition from an expert judgment based system to a quantitative scorecard or modeled approach with qualitative adjustments. A standardized scorecard or modeled approach may be employed to promote consistency in assigning credit grades across a bank’s geographic footprint, since relationship managers in different locations may not grade credits similarly based on a myriad of factors. Scorecard or modeled approaches might eliminate the inconsistencies noted in Examples 1 and 2.
Scorecard and modeled approaches were generally more transparent and repeatable than expert judgment systems, but these approaches require considerable staff expertise and training, as well as substantial historical data to support the approaches. The horizontal assessment observed that scorecard and model approaches were more effective when lending staff were involved in development and implementation to ensure that the quantitative approach or qualitative adjustments are able to capture idiosyncratic risks unique to the bank’s credits. Examples of scorecard and modeled approaches ranged from a simple spreadsheet that applies well-supported weighting factors on financial and qualitative metrics, to a more complex expected loss approach using statistical modeling to generate probability of default, loss given default, and exposure at default values. In most of the institutions reviewed, the scorecards or models were subject to the bank’s model risk management framework and validated appropriately.
Some institutions purchase credit grading scorecard and statistical models from external vendors. Vendor models can be expensive, but may be less resource intensive for an institution in other ways, such as requiring fewer model development staff. Such products range from basic models that are relatively inflexible and limit customization to more advanced models that allow an institution to customize parameters to better align with the institution’s unique risk factors. Additionally, some of these vendor models use public rating agency data to risk grade credits. Such ratings may not be reflective of a bank’s borrowers, may not be updated as rapidly as a bank requires, or may not have the same sensitivity to macroeconomic market changes as a bank’s loan portfolios. Institutions that implemented third-party models relied on both their model risk management and vendor or third-party risk management frameworks to assess models and vendors before, during, and after deployment, and often ran the models in parallel with old credit risk grading systems during testing.
Data Usage and Retention
Prior to development of an expert judgment, scorecard, or modeled credit risk grading approach, management may want to determine data needs such as:
- What data such as debt service coverage ratios (DSCR), LTV ratios, net operating income (NOI), credit bureau scores, vacancy rates, etc. are required;
- How many years’ worth of data are necessary;
- Whether the bank has sufficient internal data for the desired approach;
- How data such as DSCR or NOI are calculated;
- Whether data obtained from a merger or acquisition are complete, need to be quality checked, or should be transformed to align with the bank’s data;
- How often information needs to be refreshed;
- Whether the bank has the capability to retain data; and
- What data should be retained.
Certain institutions used financial metrics such as DSCR and LTV provided by external vendors. External vendors can offer large, geographically diverse data sets, but these records may be challenging to filter to align with a bank’s credit profile and market. Other institutions relied entirely on internal data, and some banks used a blended approach combining internal and external metrics. No matter what borrower or collateral information is used, consistent calculations of financial metrics such as DSCR will enhance credit grade accuracy and facilitate a transparent and repeatable system. Similarly, qualitative adjustments made to calculations should be clear and well supported to aid assessments by the credit review function. The following example highlights some questions that could be considered when evaluating data accuracy and consistency.
A loan relationship manager in office X calculates a DSCR for a non-owner occupied multi-family credit using projected rents and an average of the last three years’ expenses. The loan relationship manager in office Y calculates a DSCR for a similar property using actual rents and expenses from the prior year.
- Are those two DSCRs comparable?
- Are the relationship managers using similar source documents such as quarterly income statements?
- Are the relationship managers making similar qualitative adjustments such as adjustments for management fee estimates?
- Are those adjustments reasonable and well supported?
- Do the adjustments tie back to historical income statements or some other source?
- Would an independent party be able to easily replicate the calculation?
- Would using different calculation methods as inputs potentially skew or statistically bias scorecard or model results?
- Does the way one DSCR is calculated versus another alter the overall risk position of a portfolio or alter ongoing trend analysis?
- Do different calculations materially impact Board reports, and if so, does the Board still receive sufficient information to make accurate and timely strategic decisions or react to risk profile changes?
As noted in the Winter 2017 Supervisory Insights Journal article on Credit Management Information Systems, additional data challenges “may occur when a bank converts to a new data processing system, or acquires another institution that may have different data management and reporting capabilities.”7 Being aware of data availability and integrity shortcomings before developing a new credit risk grading system can help management determine resource allocation, better inform credit risk grading project timelines, and limit the potential costs and scale of data remediation work.
For certain modeled or scorecard approaches analyzed by the FDIC’s supervisory team, banks placed heavy weight on collateral values, which were generally not refreshed as often as borrower financial information. In certain cases, collateral values were not refreshed, even after market conditions had changed materially or a borrower’s operating income had changed substantially. Using stale collateral values with up-to-date financial metrics could skew results and result in risk not being identified appropriately. When using relevant and up-to-date borrower and collateral information, scorecard or modeled approaches can provide additional insight into a bank’s risk position because the results can be sensitivity tested to reflect more benign or severe financial stress.
Several institutions that relied on internal data were not retaining their historical borrower information in a database or other centralized repository. The lack of retention made testing, ongoing performance monitoring, or redeveloping scorecard or modeled approaches time consuming and costly because management teams had to search loan files, re-enter borrower information, and quality check inputs. The retention issues highlight the importance of assessing data needs prior to implementing a scorecard or modeled approach. Depending on the loss estimation approach a bank adopts under the FASB CECL issuance,8 assessing and retaining available data may become a high priority to ensure a bank is able to implement the planned approach.
Governance and Risk Management Process
The horizontal review assessed whether grade definitions established a risk management framework that rank-ordered risk and provided timely and accurate individual risk grades for pass, criticized, and classified credits. The reviewers observed that certain banks were able to assess grade accuracy well by comparing key borrower financial metrics (i.e., DSCR, LTV ratio, etc.) and the internal grades across loans of a similar type. Grading inaccuracies, grading practices that do not align with bank policies, or instances of grading that are not directionally consistent as noted in the tables accompanying Examples 1 and 2 were of concern, particularly if inconsistencies understated the bank’s overall risk position. The horizontal review also noted that override rates or data on how often grades are adjusted or replaced can provide useful information about the reliability of the grading system to senior management. Several grading systems reviewed had significant rates of grade overrides or management did not track overrides. Consistently overriding credit grades could result in a bank exceeding Board-established risk appetite limits, since it is challenging to determine if the grading system is working as intended if grades are altered or if the volume of changes are not tracked. Based on the FDIC’s supervisory experience and the results of the horizontal assessment, banks were encouraged to implement credit risk grading systems with such features as:
- Board-approved lending or credit administration policies with clear grade definitions that tie narrative phrasing such as “acceptable risk” to quantitative financial factors (e.g., metrics or thresholds). These financial factors should reflect the risk of default and credit losses.
- Comprehensive internal or external data sets and robust data governance frameworks.
- Data sets that are periodically assessed for quality, including missing data, and refreshed regularly. Data gaps that are remediated timely, and historic data are retained.
- Data that are organized logically, and controls are maintained to prevent users from manipulating the data.
- Data definitions, such as how a DSCR was calculated, to ensure consistent application across the organization. Data are subject to quality assurance checks.
- Independent loan review functions that assess both pass and criticized or classified credits and ensure that loan grading methodologies are applied accurately and timely across the organization.
- Vendor management and model risk management programs that can be leveraged to select external data sets and/or models, as appropriate.
- Weights applied to grading factors in scorecards or models that are well documented and supported.
- Well-supported adjustments or overlays to expert judgment, scorecard, or modeled grading systems. Adjustments or overlays can generally be tied to historical borrower information such as income statements and are reviewed independently for appropriateness.
- Methods to track grade overrides. Override rates can be used to periodically assess the grading system accuracy.
Existing Regulations and Guidance
There is no regulatory requirement that mandates a credit risk grading system be structured in a particular way. However, the approach for a bank’s credit risk grading system should align with the bank’s size and complexity to facilitate accurate risk identification, measurement, monitoring, and reporting.9 There are existing rules and regulatory statements that address credit risk management processes that may be of particular interest in this context. For example, Appendix A to 12 CFR Part 364 of the FDIC’s Rules and Regulations (Appendix A) notes that banks should have internal controls and information systems that provide for effective risk assessment, timely and accurate reporting, and procedures to safeguard and manage assets.10 Appendix A describes a broad framework for credit risk management and loan review that is further detailed in other Statements of Policy.
For example, the Policy Statement on Allowance for Loan and Lease Losses Methodologies and Documentation for Banks and Savings Institutions11 expands on the broad framework in Appendix A noting that banks should establish a system of internal controls used to ensure the ALLL is maintained in accordance with GAAP and supervisory guidance. Effective internal controls include an effective loan grading system that is consistently applied, identifies different risk characteristics and loan quality problems accurately and timely, and prompts appropriate administrative actions. The Policy Statement further notes that banks should maintain written supporting documentation for loan grading systems or processes.12
Similarly, the Interagency Policy Statement on the Allowance for Loan and Lease Losses highlights the importance of having policies and procedures that outline an effective loan review system, which includes a loan classification or credit grading system to identify, monitor, and control asset quality problems.13 Attachment 1 of the Statement of Policy notes that each bank should ensure its loan review system includes:
- A formal loan classification or credit grading system in which loan classifications or credit grades reflect the risk of default and credit losses and for which a written description is maintained, including a discussion of the factors used to assign appropriate classifications or credit grades to loans;
- Identification or grouping of loans that warrant the special attention of management or other designated “watch lists” of loans that management is more closely monitoring and documentation supporting those designations;
- A mechanism for direct, periodic, and timely reporting to senior management and the Board on the status of loans meriting special attention or adversely classified and actions taken by management; and
- Documentation of the bank’s historical loss experience for each group of loans with similar risk characteristics.14
As is typical with Statements of Policy, the Interagency Policy Statement on the Allowance for Loan and Lease Losses articulates the principles the agencies look to in examining and supervising banks for safety-and-soundness. Application of these principles depends on individual circumstances, including the scope and complexity of an institution’s operations.
Credit risk grading systems vary greatly across the banking system, but are integral to a bank’s ability to identify, measure, monitor, and control risk. Risk grading can impact the adequacy of allowances for credit losses and, looking ahead, may assist in the implementation of the CECL accounting standard. Boards rely on accurate risk grade information and trend analyses to make enterprise- wide strategic decisions. Risk grading systems should reflect the size and complexity of a bank’s lending activities, while sufficiently measuring risk. Effective credit risk grading systems rely on timely and accurate data, are transparent and repeatable, and rank-order risk appropriately through all definitions and grades. Strengthening risk grading frameworks and assessing data availability and accuracy now may enhance a bank’s ability to identify risk early during times of economic stress.
Division of Risk Management Supervision
1 FDIC Risk Management Manual of Examination Policies, Section 3-2 – Loan Classification and Definitions; https://www.fdic.gov/regulations/safety/manual/section3-2.pdf. Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, “The Uniform Agreement on the Classification and Appraisal of Securities Held by Depository Institutions,” Attachment 1 – Classification Definitions, October 29, 2013; https://www.fdic.gov/news/news/financial/2013/fil13051a.pdf. Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, “Uniform Retail Credit Classification and Account Management Policy,” June 12, 2000, Footnote 1;
2 Michael McGarvey. “Credit Management Information Systems: A Forward-Looking Approach,” Supervisory Insights, Winter 2017, page 5; https://www.fdic.gov/regulations/examinations/supervisory/insights/siwin17/siwin17.pdf.
3 Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, National Credit Union Administration, “Interagency Policy Statement on the Allowance for Loan and Lease Losses,” Attachment 1 – Loan Classification and Credit Grading Systems, December 13, 2006; https://www.fdic.gov/regulations/laws/rules/5000-4700.html#fdic5000interagencypso.
4 Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, National Credit Union Administration, “Joint Statement on the New Accounting Standard on Financial Instruments - Credit Losses,” June 17, 2016; https://www.fdic.gov/news/news/press/2016/pr16051a.pdf. Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, National Credit Union Administration , “Frequently Asked Questions on the New Accounting Standard on Financial Instruments – Credit Losses,” December 19, 2016, Question 8; https://www.fdic.gov/news/inactive-financial-institutionletters/2017/fil17041a.pdf.
5 The analysis was conducted on state nonmember banks with total assets greater than $10 billion. Information was collected through normal target examination processes.
6 Limited carve outs in these examples refer to a guaranty that is limited to bad acts that create limited liability on the debt to the extent of losses are caused by fraud or misrepresentation, gross negligence or willful conduct, failure to maintain insurance, and failure to pay taxes.
7 Michael McGarvey. “Credit Management Information Systems: A Forward-Looking Approach,” Supervisory Insights, Winter 2017, page 9; https://www.fdic.gov/regulations/examinations/supervisory/insights/siwin17/siwin17.pdf.
8 Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, National Credit Union Administration, “Joint Statement on the New Accounting Standard on Financial Instruments - Credit Losses,” June 17, 2016; https://www.fdic.gov/news/news/press/2016/pr16051a.pdf. Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, National Credit Union Administration , “Frequently Asked Questions on the New Accounting Standard on Financial Instruments – Credit Losses,” September 06, 2017; https://www.fdic.gov/news/inactive-financial-institution-letters/2017/fil17041.html.
9 Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, “Appendix A to Part 364 – Interagency Guidelines Establishing Standards for Safety and Soundness,” October 28, 2015; https://www.fdic.gov/regulations/laws/rules/2000-8630.html#fdic2000appendixatopart364.
11 During the transition to CECL, the Policy Statement on Allowance for Loan and Lease Losses Methodologies
and the Interagency Policy Statement on the Allowance for Loan and Lease Losses still apply.
12 Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, National Credit Union Administration, Securities and Exchange Commission, “Policy Statement on Allowance for Loan and Lease Losses Methodologies and Documentation for Banks and Savings Institutions,” July 2, 2001; https://www.fdic.gov/regulations/laws/rules/5000-4650.html#fdic5000psalll.
13 Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, National Credit Union Administration, “Interagency Policy Statement on the Allowance for Loan and Lease Losses,” December 13, 2006; https://www.fdic.gov/regulations/laws/rules/5000-4700.html#fdic5000interagencypso.
14 Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, FDIC, National Credit Union Administration, “Interagency Policy Statement on the Allowance for Loan and Lease Losses,” Attachment 1 – Loan Classification and Credit Grading Systems, December 13, 2006; https://www.fdic.gov/regulations/laws/rules/5000-4700.html#fdic5000interagencypso.