Industries

By: Tom Hannagan Part 2 This post continues my discussion of the reasons for going through the time and trouble to analyze risk-based pricing for loans. For the discussion of the key elements involved in risk-adjusted loan pricing, please visit my earlier posts. In my last blog we discussed reason number one: good corporate governance. Governance, or responsible and disciplined leadership, makes a lot of sense and promotes trust and confidence which has been missing lately in many large financial institutions. The results can be seen in the market in multiples now and are associated with both the struggling companies and, through guilt by association, the rest of the industry.  But, let’s move beyond the “soft” reason. The second major justification for going through the effort to risk-adjust loan pricing as a normal part of the lending function is financial. Profit performance By financial, we mean profit performance or bottom line earnings. This reason relies on the key belief that risk has a cost. Just because risk can be difficult to measure and/or is not addressed within GAAP, doesn’t mean it can’t ultimately cost you something. If, for any reason, you believe you can get away with taking on any unmitigated risk without it ever costing anything, do not continue reading this or any of my other posts. You are wasting your valuable time. Risk will surface The saying that “risk will out,” I believe, is true. The question is not if risk will eventually surface, but when, how and how hard it will bite.  Risk can be transferred (hedges, swaps and so on), but it doesn’t disappear from the universe. Once risk is created, someone owns it. The news headlines of the past 18 months are replete with stories of huge writedowns of toxic assets. The securitized assets and/or their collateral loans always contained risk – from the moment the underlying loan was closed. The loans and their payment streams were sliced a dozen ways, repackaged and resold. The risk was also sliced up, but like mercury, it all remained in the system.  Another familiar casino saying that brings this to mind is: “If you don’t know who the ‘mark’ at the table is, it’s you.” There are now several world class examples of such marks. Some have now failed completely and many more would have without federal intervention. Lending, in the leveraged/banking sense, involves all major types of risk: credit risk, market risk, operational risk and business risk. And, beyond the identifiable and potentially insurable portions of these risks, like any business, it includes the risk of unexpected loss, which needs to be covered by capital. Banks have developed policies and guidelines to mitigate, identify and measure many of their risks. These all fall under the world of risk management and these efforts all cost something. There is no free way to offset risk – other than not doing the loan at all. But lending is the business of banking, isn’t it? Further, the risk mitigation efforts cost more or less depending on the various risk characteristics of the bank’s loan portfolio each loan. For instance, a floating rate loan involves little market risk and requires little if any expense to offset. A five-year fixed rate, interest-only loan involves a lot of market risk and that costs something to offset. Alternatively, a loan with a pass risk rating of ‘2’ involves a much lower likelihood of defaulting than a loan with a pass risk rating of ‘4’. The lower risk loan; therefore, involves less of an ALLL (Allowance for Loan and Lease Losses) reserve and provisioning expense.  Also, an owner occupied commercial mortgage is normally much less expensive to monitor than a credit backing a floor plan or construction project. Those cost differences could be reflected in the pricing. Finally, for today, the amount of risk capital needed to back these kinds of differing loan characteristics, for purposes of unexpected loss, is substantially different. If these kinds of differences are not priced into the loans somehow, one of two situations exists: Either the bank is not getting paid for the risk it is incurring; or, If it is, it is charging the lower risk borrowers a rate that pays for added risk-adjusted expenses of the higher risk borrowers. The business risk to the bank then becomes losing the better clients over time in lieu of attracting the riskier deals. This process has a name: adverse selection. The ongoing expenses of risk mitigation and the negative impact of unexpected losses on retained earnings, over time, materially hurt the bank’s earnings. Someone is paying for all of the risks of being in the business of lending and it’s usually one of two groups: the customers or the shareholders. In the worst of cases, it’s also the taxpayers. The idea of risk-based pricing, at the loan level, is to have the clients pay for the risks the bank is incurring on their behalf by pricing the loan appropriately from the beginning. As a result: This tends to protect, and often enhance, the bank’s financial performance; It is clever; It puts some teeth in the bank’s already existing risk management policies; It is justifiable to the client; and It even makes sense to most lending officers. Fortunately, loan pricing analysis is a scalable activity and possible for most any size bank. It is a smarter way of banking than a one-size-fits-all approach -- even without considering the governance improvement.  

I’m speculating a bit here, but I have a feeling that as the first wave of Red Flag rule examinations occurs, one of the potential perceived weak points in your program(s) may be your vendor relationships.  Of particular note are collections agencies.  Per the guidelines, “Section 114 applies to financial institutions and creditors.” Under the FCRA, the term “creditor” has the same meaning as in section 702 of the Equal Credit Opportunity Act (ECOA), 15 U.S.C. 1691a.15 ECOA defines “creditor” to include a person who arranges for the extension, renewal or continuation of credit, which in some cases could include third-party debt collectors.  Therefore, the Agencies are not excluding third-party debt collectors from the scope of the final rules and “a financial institution or creditor is ultimately responsible for complying with the final rules and guidelines even if it outsources an activity to a third-party service provider.” A general rule of thumb in any examination process is to look closely at activities that are the most difficult for the examinee to control.  Third-party relationship management certainly falls into this category.  So, make sure your written and operational programs have procedures in place to ensure and regularly monitor appropriate Red Flag compliance -- even when customer (or potential customer) activities occur outside your walls. Good luck!

Part 1 In reality, we are always facing potential issues in our small business portfolio, it is just the nature of that particular beast. Real problems occur, though, when we begin to take the attitude that nothing can go wrong, that we have finally found the magic formula that has created the invincible portfolio.  We’re in trouble when we actually believe that we have the perfect origination machine to generate a portfolio that has a constant and acceptable delinquency and charge-off performance. So, we all can agree that we need to keep a watchful eye on the small business portfolio.  But how do we do this?  How do we monitor a portfolio that has a high number of accounts but a relatively low dollar amount in actual outstandings? The traditional commercial portfolio provides sufficient operating income and poses enough individual client credit risk that we can take the same approach on each individual credit and still maintain an acceptable level of profitability.  But, the small business portfolio doesn’t generate sufficient profitability nor has individual loan risk to utilize the traditional commercial loan portfolio risk management techniques. Facing these economic constraints, the typical approach is to simply monitor by delinquency and address the problems as they arise.  One traditional method that is typically retained is the annual maturity of the lines of credit.  Because of loan matures, financial institutions are performing annual renewals and re-underwriting these lines of credit -- and complete that process through a full re-documentation of the line. We make nominal improvements in the process by changing the maturity dates of the lines from one year to two or three year maturities or, in the case of real estate secured lines, a five year maturity.  While such an approach reduces the number of renewals that must be performed in a particular year, it does not change the basic methodology of portfolio risk management, regularly scheduled reviews of the lines.  In addition, such methodology simply puts us back to the use of collections to actually manage the portfolio and only serves to extend the time between reviews. Visit my next post for the additional pitfalls around individual risk rating and ways to better monitor your small business portfolio.

I have heard this question posed and you may be asking yourselves: Why are referral volumes (the potential that the account origination or maintenance process will get bogged down due to a significant number of red flags detected) such a significant operations concern? These concerns are not without merit.  Because of the new Red Flag Rules, financial institutions are likely to be more cautious.  As a result, many transactions may be subject to greater customer identification scrutiny than is necessary. Organizations may be able to control referral volumes through the use of automated tools that evaluate the level of identity theft risk in a given transaction.  For example, customers with a low-risk authentication score can be moved quickly through the account origination process absent any additional red flags detected in the ordinary course of the application or transaction.  In fact, using such tools may allow organizations to quicken the origination process for customers. They can then identify and focus resources on transactions that pose the greatest potential for identity theft. A risk-based approach to Red Flags compliance affords an institution the ability to reconcile the majority of detected Red Flag conditions efficiently, consistently and with minimal consumer impact.  Detection of Red Flag conditions is only half the battle.  Responding to those conditions is a substantial problem to solve for most institutions.  A response policy that incorporates scoring, alternate data sources and flexible decisioning can reduce the majority of referrals to real-time approvals without staff intervention or customer hardship.   

What is your greatest concern as the May 1, 2009 enforcement date approaches for all guidelines in the Identity Theft Red Flags Rule?

By: Tom Hannagan I have referred to risk-adjusted commercial loan pricing (or the lack of it) in previous posts. At times, I’ve commented on aspects of risk-based pricing and risk-based bank performance measurement, but I haven’t discussed what risk-based pricing is -- in a comprehensive manner. Perhaps I can begin to do that now and in my next posts. Risk-based pricing analysis is a product-level microcosm of risk-based bank performance. It begins by looking at the financial implications of a product sale from a cost accounting perspective. This means calculating the revenues associated with a loan, including the interest income and any fee-based income.  These revenues need to be spread over the life of the loan, while taking into account the amortization characteristics of the balance (or average usage for a line of credit). To save effort (and to provide good client relationship management), we often download the balance and rate information for existing loans from a bank’s loan accounting system. To “risk-adjust” the interest income, you need to apply a cost of funds that has the same implied market risk characteristics as the loan balance. This is not like the bank’s actual cost of funds for several reasons. Most importantly, there is usually no automatic risk-based matching between the manner in which the bank makes loans and the term characteristics of its deposits and/or borrowing. Once we establish a cost of funds approach that removes interest rate risk from the loan, we subtract the risk-adjusted interest expense from the revenues to arrive at risk-adjusted net interest income, or our risk-adjusted gross margin. We then subtract two types of costs. One cost includes the administrative or overhead expenses associated with the product. Our best practice is to derive an approach to operating expense breakdowns that takes into account all of the bank’s non-interest expenses. This is a “full absorption” method of cost accounting. We want to know the marginal cost of doing business, but if we just apply the marginal cost to all loans, a large portion of real-life expenses won’t be covered by resulting pricing. As a result, the bank’s profits may suffer. We fully understand the argument for marginal cost coverage, but have seen the unfortunate end. Using this lower cost factor can hurt a bank’s bottom line. Administrative cost does not normally require additional risk adjustment, as any risk-based operational expenses and costs of mitigating operation risk are already included in the bank’s general ledger for non-interest expenses. The second expense subtracted from net interest income is credit risk cost. This is not the same as the bank’s provision expense, and is certainly not the same as the loss provision in any one accounting period.  The credit risk cost for pricing purposes should be risk adjusted based on both product type (usually loan collateral category) and the bank’s risk rating for the loan in question. This metric will calculate the relative probability of default for the borrower combined with the loss given default for the loan type in question. We usually annualize the expected loss numbers by taking into account a multi-year history and a one- or two-year projection of net loan losses. These losses are broken down by loan type and risk rating based on the bank’s actual distribution of loan balances. The risk costs by risk rating are then created using an up-sloping curve that is similar in shape to an industry default experience curve. This assures a realistic differentiation of losses by risk rating. Many banks have loss curves that are too flat in nature, resulting in little or no price differentiation based on credit quality. This leads to poor risk-based performance metrics and, ultimately, to poor overall financial performance. The loss expense curves are fine-tuned so that over a period of years the total credit risk costs, when applied to the entire portfolio, should cover the average annual expected loss experience of the bank. By subtracting the operating expenses and credit risk loss from risk-adjusted net interest income, we arrive at risk-adjusted pre-tax income. In my next post I’ll expand this discussion further to risk-adjusted net income, capital allocation for unexpected loss and profit ratio considerations.

 I’ve talked (sorry, blogged) previously about taking a risk-based approach to reconciling initial Red Flag Rule conditions in your applications, transactions, or accounts.  In short, that risk-based approach incorporates a more holistic view of a consumer in determining overall risk associated with that identity.  This risk can be assessed via an authentication score, alternate data sources and/or verification results.  I also want to point out the potential value of knowledge-based authentication (a.k.a. out-of-wallet questions) in providing an extra level of confidence in progressing a consumer transaction or application in light of an initially detected Red Flag condition. In Experian’s Fraud and Identity Solutions business, we have some clients who are effectively embedding the use of knowledge-based authentication into their overall Red Flags Identity Theft Prevention Program.  In doing so, they are able to identify the majority of higher risk conditions and transactions and positively authenticate those initiating consumers via a series of interactive questions designed to be more easily answered by a legitimate individual -- and more difficult for a fraudster.  Using knowledge-based authentication can provide the following values to your overall process: 1. Consistency: Utilizing a hosted and standard process can reduce potential subjectivity in decisioning.  Subjectivity is not a friend to examiners or to your bottom line. 2. Measurability: Question performance and reporting allows for ongoing monitoring and optimization of decisioning strategies.  Plus, examiners will appreciate the metrics. 3. Customer Experience: This is a buzzword these days for sure.  Better to place a customer through a handful of interactive questions, than to ask them to fax in documentation --or to take part in a face-to-face authentication. 4. Cost: See the three values above…Plus, a typical knowledge-based authentication session may well be more cost effective from an FTE/manual review perspective. Now, keep in mind that the use of knowledge-based authentication is certainly a process that should be approved by your internal compliance and legal teams for use in your Red Flags Identity Theft Prevention Program.  That said, with sound decisioning strategies based on authentication question performance in combination with overall authentication results and scores, you can be well-positioned to positively progress the vast majority of consumers into profitable accounts and transactions without incurring undue costs.

Hello Red Flaggers!  I’m still getting some questions from our clients these days around the FTC enforcement extension.  My concern is that there seems to be a perception that May 1, 2009 is the enforcement date for all of the guidelines in the Red Flags Rule.  In reading through the recently released FTC Enforcement Policy (Identity Theft Red Flags Rule, 16 CFR, 681.2), it clearly states the following: This delay in enforcement is limited to the Identity Theft Red Flags Rule (16 CFR 681.2), and does not extend to the rule regarding address discrepancies applicable to users of consumer reports (16 CFR 681.1), or to the rule regarding changes of address applicable to card issuers (16 CFR 681.3). So, while you may be breathing a sigh of relief as far as the implementation of your overall Identity Theft Prevention Program is concerned, be advised that the May 1, 2009 extension does not cover the need to detect and/or respond to address discrepancies on consumer reports or during address changes on card accounts. As previously mentioned in an earlier blog of mine (see Nov. 13 blog), responding to address discrepancies on consumer reports may be the biggest challenge for many of our clients, as (depending on market served) the percentage of consumer reports with an address discrepancy can number over 20 percent.  This can create an operational burden from the perspective of cost, customer experience, and the ability to quickly book legitimate and profitable customers.  Have a look at my previous blog on a risk based approach to address discrepancies for a refresher on this subject.  Good luck!!

By: Tom Hannagan Here’s a further review of results from the Uniform Bank Performance Reports, courtesy of the FDIC, through the third quarter of this year. (See my Dec. 18 post.) The UBPR is based on quarterly call reports that insured banks are required to submit. I wanted to see how the various profit performance components compare to the costs of credit risks discussed in my previous post. The short of it is that banks have a ways to go to be fully pricing for both expected and unexpected risk. (See my Dec. 5 blog dealing with risk definitions.) The FDIC compiles peer averages for various bank size groupings. Here are some findings for the two largest groups, covering 490 reporting banks. Here are the results: Peer Group 1 consists of 186 institutions with over $3 billion in average total assets for the first nine months. • Net interest income was 5.34 percent of average total assets for the period. This is down, as we might expect based on this year’s decline in the general level of interest rates, from 6.16 percent in 2007. • Net interest expense was also down from 2.98 percent in 2007 to 2.16 percent for the nine months to September 30th. • Net interest margin, the difference between the two metrics, was down slightly from 3.16 percent in 2007 to 3.14 percent so far in 2008, or a loss of 2 basis points. It should be noted that net interest margins have been in steady decline for at least ten years, with a torturous regular drop of 2 to 5 basis points per annum in recent years. This year’s drop is not that bad, although it does add to the difficulty in generating bottom-line profits. To find out a bit more about the drop in margins, especially in light of the steady increase in lending over the same past decade, I looked at loans yields. • Loan yields averaged 6.22 percent for 2008, down (again, expectedly) from 7.32 percent in 2007. This is a drop of 110 basis points or a decline of 15 percent. • Meanwhile, rates paid on interest-earning deposits dropped from 3.41 percent in 2007 to 2.48 percent so far in 2008. This 93 basis point decline represents a 27 percent lower cost of interest-bearing deposits.   It seems as though margins should have improved somewhat -- not declined for these banks.   Digging a bit deeper, I see two possible reasons. • First, total deposit balances declined from 72 percent of average assets to 70 percent, meaning a larger amount had to be borrowed to fund assets. • Second, non-interest bearing demand deposits declined from 4.85 percent of average assets to 4.49 percent.   So, fewer deposit balances relative to total asset size, along with a lower proportion of interest-cost-free deposits, appear to have made the difference. Unfortunately, the ”big news” is that margins were only down a bit. Let’s move on to fee income. Non-interest income, again, as a percent of average total assets, was down to 1.14 percent from 1.23 percent in 2007. For this bank group, fees have also been steadily declining relative to asset size, down from 1.49 percent of assets in 2005. A lot of fee income is deposit based, and largely based on non-interest bearing deposits – and, thus, a source of pressure on fee income. Operating expenses constituted some good news as they declined from 2.63 percent to 2.61 percent of average assets. That’s 2 basis points to the good. Hey, an improvement is an improvement. Historically this metric has generally moved down, but irregularly from year to year. The number stood at 2.54 percent in 2006, for instance. As a result of the slight decline in margins and the larger percentage decline in fee income, the Peer Group 1 efficiency ratio lost ground from 57.71 percent in 2007 to only 58.78 percent in 2008. That means the every dollar in gross revenue [net interest income plus fee income] cost them almost 58 cents in administrative expenses so far this year. This metric averaged 55 cents in 2005/2006. The total impact of margin performance, fee income and operating expenses, if you’ve been tallying along, is a net decline of 0.09 percent on total assets. When we add this to the 2008 increase in provision expense of 57 basis points, we arrive at a total decline in pre-tax operating income of 0.66 percent on total assets. (See my Dec. 18 post.) That is a total decline of 44 percent from the pre-tax performance in 2007 for banks over $3 billion in assets. It would appear that banks are not pricing enough risk into their loan rates yet – for their own bottom line performance. This would be further confirmed if you compared bank loan rates to the historic risk spreads and absolute rates that the market currently has priced into investment grade and other corporate bonds. They are probably at extremes but still they say more credit risk is present than bank lending rates/yields would indicate.   For Peer Group 2, consisting of 304 reporting banks between $1 billion and $3 billion in assets: • Net interest income was 5.87 percent of average total assets for the period. This is also down, as expected, from 6.73 percent in 2007. • Net interest expense was also down from 3.07 percent in 2007 to 2.39 percent for the nine months to September 30th. • Net interest margin, was down from 3.66 percent in 2007 to 3.48 percent so far in 2008, or a loss of 18 basis points. These margins are at somewhat higher levels than found in Peer Group 1, but the drop of .18 percent was much larger than the decline in Peer Group 1.   As with all banks, net interest margins have been in steady chronic decline, but the drops for Peer Group 2 have been coming in larger chunks the last two years, down 18 points this year so far, after dropping 16 points from 2006 to 2007. Behind the drop in margins, loans yields are 6.69 percent for 2008, down from 7.82 percent in 2007. This is a drop of 113 basis points or a decline of 14 percent. Meanwhile rates paid on interest-earning deposits dropped from 3.70 percent in 2007 to 2.85 percent so far in 2008. This 85 basis point decline represents a 23 percent lower cost of interest-bearing deposits. Again, with a steeper decline in interest costs, you’d think margins should have improved somewhat. That didn’t happen. I notice the same two culprits. • Total deposit balances declined from 78 percent of average assets to 76 percent, meaning, again, a larger amount had to be borrowed to fund assets. • Also, non-interest bearing demand deposits continued an already steady decline from 5.58 percent of average assets in 2007 to 5.08 percent.   Fewer deposit balances relative to total asset size…along with a lower proportion of interest-cost-free deposits…and we know the result. Now, about fee income for these banks… Non-interest income, again as a percent of average total assets, was down to 0.92 percent from 0.95 percent in 2007. For this bank group, fees have also been steadily declining relative to asset size, down from 1.04 percent of assets in 2005. A smaller non-interest bearing deposit base, without other new and offsetting sources of fee income, will mean pressure on this metric. Operating expenses constituted some good news here as well. They declined from 2.79 percent to 2.75 percent of average assets. That’s 4 basis points to the good. Historically this metric has been flatter for this size bank, moving up or down a bit from year to year. As a result of the not-so-slight decline in margins and the continued decline in fee income, the Peer Group 2 efficiency ratio lost ground from 59.52 percent in 2007 to only 61.86 percent in 2008. That means the every dollar in gross revenue cost these banks almost 62 cents in administrative expenses so far this year. This metric averaged 56 cents in 2005/2006. The total impact of margin performance, fee income and operating expenses is a net decline of 0.17 percent on total assets. When we add this to the 2008 increase in provision expense of 36 basis points, we arrive at a total decline in pre-tax operating income of 0.53 percent on total assets. (See my Dec. 18 post.) That is a total decline of 34 percent from the pre-tax performance in 2007. As I concluded above, more credit risk is present than bank lending rates/yields would indicate. Although all 490 banks are declining in efficiency, the larger banks have a scale edge in this regard. The somewhat smaller banks seem to have an edge in pricing loans, but not regarding deposits. Although up dramatically in 2007 and even more this year for both groups, the Peer Group 2 banks seem to be suffering fewer credit losses relative to their asset size than their larger brethren. Both groups have resulting huge profit declines, but the largest banks are under the most pressure through this period. It’s interesting to note that, with higher loan yields and fewer apparent losses, Peer Group 2 banks are somewhat better at risk-adjusted loan pricing than the largest bank group. Results are results. The fourth quarter numbers aren’t expected to show a lot of improvement as the general economy continues to slow and credit issues continue. I’ll comment on entire year’s results in posts early next year.     Next year, too, look for my comments on risk management solutions especially relevant to enterprise risk management.

By: Tom Hannagan I reviewed the Uniform Bank Performance Reports (UBPR: (http://www2.fdic.gov/ubpr/ReportTypes.asp ) for selected clients through the third quarter of this year. The UBPR is a compilation of the FDIC, based on the call reports submitted by insured banks. The FDIC reports peer averages for various bank size groupings.   Here are a few findings for the two largest groups, covering 490 banks. Peer Group 1 consists of 186 institutions over $3 billion in average total assets for the first nine months. Net loans accounted for 67.59 percent of average total assets, up from 65.79 percent in 2007. Loans, as a percent of assets, have increased steadily since at least 2005. The loan-to-deposit ratio for the largest banks was also up to 97 percent, from 91 percent in 2007 and 88 percent in both 2006 and 2005. So, it appears these banks are lending more, at least through the September quarter, as an allocation of their asset base and relative to their deposit source of funding. In fact, net loans grew at a rate of 11.51 percent for the group through September, which is down from the average growth rate of 15.07 percent for the years 2005 through 2007.  But, it is still growth. For Peer Group 2, consisting of 304 reporting banks between $1billion and $3 billion in assets, net loans accounted for 72.57 percent of average total assets, up from 71.75 percent in 2007. Again, the loans as a percent of assets have increased steadily since at least 2005. The loan-to-deposit ratio for these banks was up to 95 percent, from 92 percent in 2007 and an average of 90 percent for 2006 and 2005. So, these banks are also lending more, at least through the September quarter, as a portion of their asset base and relative to their deposit source of funding. In fact, net loans grew at a rate of 12.57 percent for the group through September, which is up from 11.94 percent growth in 2007 and down from an average growth of 15.04 percent for 2006 and 2005.  Combined, for these 490 largest institutions, loans were still growing through September. More loans probably mean more credit risk. Credit costs were up. The Peer Group 1 banks reported net loan losses of 0.67 percent of total loans, up from 0.28 percent in 2007, which was up from an average of 18 basis points on the portfolio in 2006/2005.  The Group 2 banks reported net loan losses of 0.54 percent, also up substantially from 24 basis points in 2007, and an average of 15 basis points in 2006/2005. Both groups also ramped up their reserve for future expected losses substantially. The September 30th allowance for loan and lease losses (ALLL) as a percent of total loans stood at 1.52 percent for the largest banks, up from 1.20 percent in 2007 and an average of 1.11 percent in 2006/2005. Peer Group 2 banks saw their allocation for losses up to 1.40 percent from 1.22 percent in 2007 and 1.16 percent in 2006. So, lending is up even in the face of increased write-offs, increased expected losses and the burden of higher expenses for these increased loss reserves. Obviously, we would expect this to negatively impact earnings. It did, greatly. Peer Group 1 banks saw a decline in return on assets to 0.42 percent, from 0.96 percent in 2007 and an average of 1.26 percent in 2006/2005. That is a decline in return on assets (ROA) of 56 percent from 2007 and a decline of 68 percent from the 2006/2005 era. Return on equity declined even more. ROE was at 5.21 percent through September for the large bank group, down from 11.97 percent in 2007. ROE stood at 14.36 percent in 2005. For the $1 billion to $3 billion banks, ROA stood at 0.66 percent for the nine months, down from 1.08 percent in 2007, 1.30 percent in 2006 and 1.33 percent in 2005. The decline in 2008 was 39 percent from 2007. Return on equity (ROE) for the group was also down at 7.71 percent from 12.37 percent in 2007. The drops in profitability were not entirely the result of credit losses, but this was by far the largest impact from 2007 and earlier. The beefed-up ALLL accounts would seem to indicate that, as a group, the banks expect further loan losses in the remainder of 2008 and into 2009.  All of these numbers pre-dated the launch of the TARP program, but it is clear that banks had not contracted lending through the first three quarter of 2008, even in the face of mounting credit issues, cost of credit, challenges regarding loan pricing and profitability, net interest margins,  and the generally declining economic picture. It will be interesting to see how things unfold in the next several quarter [See my December 5th post about ROE versus ROA.] Disclosure: No positions.

We continue to receive inquiries from our clients, and the market in general, around whether they are required to comply with the Red Flag Rule or not. That final decision can be found with the legal and compliance teams within your organization. I am finding, however, that there generally seems to be too literal and narrow an interpretation of the terms ‘creditor’ or ‘financial institution’ as described in the guidelines.  I often hear an organization state that they don’t believe they’re covered because they are not one of those types of entities. Ultimately, as I said, that’s up to your internal team(s) to establish. I would recommend, however, that you ensure that opinion and ultimate determination is well researched. It may sound simple, but reach out to your examining agencies or the Federal Trade Commission (FTC) and discuss any ambiguities you feel exist related to covered accounts.  There is some great clarifying language out there beyond the initial Red Flag Rule. For example, the FTC provided a very useful article (www.ftc.gov/bcp/edu/pubs/articles/art11.shtm) that described how even health care providers can be covered under the Red Flag Rule.  At first glance, they may not seem to fall under the umbrella of a ‘creditor or financial institution.’ As stated in the article, the extension of credit “means an arrangement by which you defer payment of debts or accept deferred payments for the purchase of property or services. In other words, payment is made after the product was sold or the service was rendered. Even if you’re a non-profit or government agency, you still may be a creditor if you accept deferred payments for goods or services.” Maybe it’s just me, but that description is arguably much broader-reaching than one might initially think. Long story short: do your research, and don’t assume you or your accounts are not covered under the guidelines. Better to find out now instead of after your first examination….for obvious reasons.

We have talked about: the creation of the vision for our loan portfolios (current state versus future state) – e.g. the strategy for moving our current portfolio to the future vision. Now comes the time for execution of that strategy. In changing portfolio composition and improving credit quality, the discipline of credit must be strong (this includes in the arenas of commercial loan origination, loan portfolio monitoring, and credit risk modeling of course). Consistency, especially, in the application of policy is key. Early on in the change/execution process there will be strong pressure to revert back to the old ways and stay in a familiar comfort zone.  Credit criteria/underwriting guidelines will have indeed changed in the strategy execution. In the coming blogs we will be discussing: • assessment of the current state in your loan portfolio; • development of the specific strategy to effect change in the portfolio from a credit quality perspective and composition; • business development efforts to affect change in the portfolio composition; and • policy changes to support the strategy/vision. More to come.

In my last blog, I talked about the overall need for a vision for your loan portfolio and the similarity of a loan portfolio to that of an investment portfolio.  Now that we have that vision in place, we can focus on the overall strategy to achieve that vision. A valuable first step in managing an investment portfolio is to establish a targeted value by a certain time (say, our targeted retirement age).  Similarly, it’s important that we establish our vision for the loan portfolio regarding overall diversification, return and risk levels. The next step is to create a strategy to achieve the targeted state.  By focusing on the gaps between our current state and the vision state we have created, we can develop an action plan for achieving the future/vision state.  I am going to introduce some rather unique ideas here. Consider which of your portfolio segments are overweight?  One that comes to mind would be the commercial real estate portfolio.  The binge that has taken place over the past five plus years has resulted in an unhealthy concentration of loans in the commercial real estate segment.  In this one area alone, we will face the greatest challenge of right-sizing our portfolio mix and achieving the appropriate risk model per our vision. We have to assess our overall credit risk in the portfolios next.  For small business and consumer portfolios, this is relatively easy using the various credit scores that are available to assess the current risk.  For the larger commercial and industrial portfolios and the commercial real estate portfolios, we must employ some more manual processes to assess risk.  Unfortunately, we have to perform appropriate risk assessments (current up-to-date risk assessments) in order to move on to the next stage of this overall process (which is to execute on the strategy). Once we have the dollar amounts of either growth or divestiture in various portfolio segments, we can employ the risk assessment to determine the appropriate execution of either growth or divestiture. Stick with me on this topic because in my next blog we will discuss appropriate risk assessment methodologies and determine appropriate portfolio distributions/segmentations.

By: Tom Hannagan I was hoping someone would ask about this. Return on Equity (ROE) is generally net income divided by equity, while Return on Assets (ROA) is net income divided by average assets. There you have it. The calculations are pretty easy. But, what do they mean? ROA tends to tell us how effectively an organization is taking earnings advantage of its base of assets.  This used to be the most popular way of comparing banks to each other -- and for banks to monitor their own performance from period to period. Many banks and bank executives still prefer to use ROA…though typically at the smaller banks. ROE tends to tell us how effectively an organization is taking advantage of its base of equity, or capital. This has gained in popularity for several reasons and has become the preferred measure at larger banks. One huge reason for the growing popularity of ROE is, simply, that it is not asset-dependent. ROE can be applied to any line of business or any product. You must have “assets” for ROA, since one cannot divide by zero. This flexibility allows banks with differing asset structures to be compared to each other, or even for banks to be compared to other types of businesses. The asset-independency of ROE also allows a bank to compare internal product line performance to each other. Perhaps most importantly, this permits looking at the comparative profitability of lines of business like deposit services. This would be difficult, if even possible, using ROA. If you are interested in how well a bank is managing its assets, or perhaps its overall size, ROA may be of assistance. Lately, what constitutes a good and valid portrayal of assets has come into question at several of the largest banks. Any measure is only as good as its components. Be sure you have a good measure of asset value, including credit risk adjustments. ROE on the other hand looks at how effectively a bank (or any business) is using shareholders’ equity. Many observers like ROE, since equity represents the owners’ interest in the business. Their equity investment is fully at risk compared to other sources of funds supporting the bank. Shareholders are the last in line if the going gets rough. So, equity capital tends to be the most expensive source of funds, carrying the largest risk premium of all funding options. Its deployment is critical to the success, even the survival, of the bank. Indeed, capital allocation or deployment is the most important executive decision facing the leadership of any organization. If that isn’t enough, ROE is also Warren Buffet’s favorite measure of performance. Finally, there are the risk implications of the two metrics. ROA can be risk-adjusted up to a point. The net income figure can be risk adjusted for mitigated interest rate risk and for expected credit risk that is mitigated by a loan loss provision. The big missing element in even a well risk-adjusted ROA metric is unexpected loss (UL). Unexpected loss, along with any unmitigated expected loss, is covered by capital. Further, aside from the economic capital associated with unexpected loss, there are regulatory capital requirements. This capital is left out of the ROA metric. This is true at the entity level and for any line-of-business performance measures internally. Since ROE uses shareholder equity as its divisor, and the equity is risk-based capital, the result is, more or less, automatically risk-adjusted. In addition to the risk adjustments in its numerator, net income, ROE can use an economic capital amount. The result is a risk-adjusted return on capital, or RAROC. RAROC takes ROE to a fully risk-adjusted metric that can be used at the entity level and that can also be broken down for any and all lines of business within the organization. As discussed in the last post, ROE and RAROC help a bank get to the point where they are more fully “accounting” for risk – or “unpredictable variability”. Sorry about all of the alphabet soup, but there is a natural progression that I’m pointing to that we do see banks working their way through. That progression is being led by the larger banks that need to meet more sophisticated capital reporting requirements, and is being followed by other banks as they get more interested in risk-adjusted monitoring as a performance measurement. The better bank leadership is at measuring risk-adjusted performance, using ROE or RAROC, the better leadership can become at pricing for all risk at the client relationship and product levels.

The Federal Trade Commission (FTC) suspended enforcement of the new Red Flag Rule until May 1, 2009.  According to the FTC’s Enforcement Policy, “…during the course of the Commission’s education and outreach efforts following publication of the rule, the Commission has learned that some industries and entities within the FTC’s jurisdiction have expressed confusion and uncertainty about their coverage under the rule.  These entities indicated that they were not aware that they were undertaking activities that would cause them to fall within FACTA Sections 114 and 315 definitions of ‘creditor’ or ’financial institution’.” So, depending upon which enforcement entity (or entities) will be knocking on your door in the coming months, you may (and I emphasize “may”) have some extra time to get your house in order.   While many of you are likely confident that you have a compliant written and operational Identity Theft Prevention Program, this break in the action can be a great time to take care of setting up some ongoing procedures for keeping your program up to date.  Here are some ideas to keep in mind along the way: 1. Make sure you have clear responsibilities and accountabilities identified and assigned to appropriate persons.  Lack thereof may lead to everyone thinking someone else is keeping tabs. 2. Start setting the stage for a process to update your program based on: a. Your new experiences with identity theft; b. Changes in methods of identity theft; c. Changes in methods to detect, prevent, and mitigate identity theft; d. Changes in the types of accounts you offer or maintain; and e. Changes in your business arrangements, including mergers, acquisitions, alliances, joint ventures and service provider arrangements. 3. Set up a process for program review at the board level.  Remember that your program does not have to be approved by your board of directors annually, but the board (or a committee of the board) or senior management must review reports regarding your program each year.  They must approve any material changes to your program should they occur. 4. Prepare now for follow up actions associated with your first Red Flag Rule examination(s).  There will surely be suggestions or mandates stemming from that exercise, and now is a good time to start securing appropriate resources and time. My key message here is that, while there may be lull in the world of Red Flags activity, this is a great time to keep momentum in your program development and upkeep by planning for the next wave of updates and your impending examinations.  Best of luck.