By: Staci Baker Just before the holidays, the Fed released proposed rules, which implement Sections 165 and 166 of the Dodd-Frank Act. According to The American Bankers Association, “The proposals cover such issues as risk-based capital requirements, leverage, resolution planning, concentration limits and the Fed’s plans to regulate large, interconnected financial institutions and nonbanks.” How will these rules affect you? One of the biggest concerns that I have been hearing from institutions is the affect that the proposed rules will have on profitability. Greater liquidity requirements, created by both the Dodd-Frank Act and Basel III Rules, put pressure on banks to re-evaluate which lending segments they will continue to participate in, as well as impact the funds available for lending to consumers.   What are you doing to proactively combat this? Within the Dodd-Frank Act is the Durbin Amendment, which regulates the interchange fee merchants are charged. As I noted in my prior blog detailing the fee cap associated with the Durbin Amendment, it’s clear that these new regulations in combination with previous rulings will continue to put downward pressures on bank profitability. With all of this to consider, how will banks modify their business models to maintain a healthy bottom line, while keeping customers happy? Over my next few blog posts, I will take a look at the Dodd-Frank Act’s affect on an institution’s profitability and highlight best practices to manage the impact to your organization.

As we kick off the new year, I thought I’d dedicate a few blog posts to cover what some of the consumer credit trends are pointing to for potential growth opportunities in 2012, specifically on new loan originations for bankcard, automotive and real estate lending. With the holiday season behind us (and if you’re anything like me, you have the credit card statements to prove it!), I thought I’d start off with bankcards for my first post of the year. Everyone’s an optimist at the start of a new year and bankcard issuers have a right to feel cautiously optimistic about 2012 based on the trends of last year.  In the second quarter of 2011, origination volumes grew to nearly $47B, up 28% from the same quarter a year earlier.  Actually, originations have been steadily growing since the middle of 2010 with increasing distribution across all VantageScore risk bands and an impressive 42% increase in A paper volume.  So, is bankcard the new power portfolio for growth in 2012? The broad origination risk distribution may signal the return of balance-carrying consumers (aka:  revolvers) from those that pay with credit cards, but pay off the balance every month (aka: transactors).  The tighter lending criteria imposed in recent years has improved portfolio performance significantly, but at the expense of interest fee profitability from revolver use.  This could change as more credit cards are put in the hands of a broader consumer risk base.  And as consumer confidence continues to grow, (it reached 64.5 in December, 10 points higher than November according to the Conference Board) , consumers in all risk categories will no doubt begin to leverage credit cards more heavily for continued discretionary spend, as highlighted in the most recent Experian – Oliver Wyman quarterly webinar. Of course, portfolio growth with the increased risk exposure requires a watchful eye on the delinquency performance of outstanding balances.  We continue to be at or near historic lows for delinquency, but did see a small uptick in early stage delinquencies in the third quarter of 2011. That being said, issuers appear to have a good pulse on the card-carrying consumer and are capitalizing on the improved payment behavior to maximize their risk/reward payoff.   So all-in-all, strong 2011 results and portfolio positioning has set the table for a promising 2012.  Add an improving economy to the mix and card issuers could shift from cautious to confident in their optimism for the new year.  

By: Joel Pruis Small Business Application Requirements The debate on what constitutes a small business application is probably second only to the ongoing debate around centralized vs. decentralized loan authority (but we will get to that topic in a couple of blogs later). We have a couple of topics that need to be considered in this discussion, namely: 1.     When is an application an application? 2.     Do you process an incomplete application? When is an application an application? Any request by a small business with annual sales of $1,000,000 or less falls under Reg B.  As we all know because of this regulation we have to maintain proper records of when we received an application and when a decision on the application was made as well as communicated to the client. To keep yourself out of trouble, I recommend that there be a small business application form (paper or electronic) and that you have clearly stated the information required for a completed application in your small business application procedures. The form removes ambiguities in the application process and helps with the compliance documentation. One thing is for certain – when you request a personal credit bureau on the small business owner(s)/guarantor(s) and you currently do not have any credit exposure to the individual(s) – you have received an application and to this there is no debate. Bottom line is that you need to define your application and do so using objective criteria. Subjective criteria leaves room for interpretation and individual interpretation leaves doubt in the compliance area. Information requirements Whether or not you use a generic or custom small business scorecard or no scorecard at all, there are some baseline data segments that are important to collect on the small business applicant: ·         Requested amount and purpose for the funds ·         Collateral (if necessary based upon the product terms and conditions) ·         General demographics on the business o    Name and location o    Business Entity type (corporation, llc, partnership, etc.) o    Product and/or service provided o    Length of time in business o    Current banking relationship ·         General demographics on the owners/guarantors o    Names and addresses o    Current banking relationship o    Length of time with the business ·         External data reports on the business and/or guarantors o    Business Report o    Personal Credit Bureau on the owners/guarantors ·         Financial Statements (?) – we’ll talk about that in part II of this post. The demographics and the existing banking relationship are likely not causing any issues with anyone and the requested amount and use of funds is elementary to the process. Probably the greatest debate is around the collection of financial information and we are going to save that debate for the next post. The non-financial information noted above provides sufficient data to pull personal credit bureaus on the owners/guarantors and the business bureau on the actual borrower. We have even noted some additional data informing us the length of time the business has been in existence and where the banking relationship is currently held for both the business and the owners. But what additional information should be requested or should I say required? We have to remember that the application is not only to support the ability to render a decision but also supports the ability to document the loan and maybe even serve as a portion of the loan documentation.  We need to consider the following: ·         How standardized are the products we offer? ·         Do we allow for customization of collateral to be offered? ·         Do we have standard loan/fee pricing? ·         Is automatic debit for the loan payments required? Optional? Not available? ·         Are personal guarantees required? Optional? We again go back to the 80/20 rule. Product standardization is beneficial and optimal when we have high volumes and low dollars. The smaller the dollar size of the request/relationship the more standardized we need to have our products and as a result our application can be more streamlined. When we do not negotiate rate, we do not need to have a space to note requested rate. When we do not negotiate on personal guarantees we always require the personal financial information be collected on all owners of the business (some exceptions for very small ownership interests). Auto-debit for the loan payments means we always need to have some form of a DDA account with our institution. I think you get the point that for the highest volume of applications we standardize and thus streamline the process through the removal of ambiguity. Do you process an incomplete application? The most common argument for processing an incomplete application is that if we know we are going to decline the application based upon information on the personal credit bureau, why go through the effort of collecting and spreading the financial information. Two significant factors make this argument moot:   customer satisfaction and fair lending regulation. Customer satisfaction This is based upon the ease of doing business with the financial institution. More specifically the number of contact points or information requests that are required during the process. Ideally the number of contact points that are required once the applicant has decided to make a financing request should be minimal the information requirements clearly communicated up front and fully collected prior to rendering a decision. The idea that a quick no is preferable to submitting a full application actually is working to make the declination process more efficient than the actual approval process. So in other words we are making the process more efficient and palatable for those clients we do NOT consider acceptable versus those clients that ARE acceptable. Secondly, if we accept and process incomplete applications, we are actually mis-prioritizing the application volume. Incomplete applications should never be processed ahead of completed packages yet under the quick no objective, the incomplete application is processed ahead of completed applications simply based upon date and time of submission. Consequently we are actually incenting and fostering the submission of incomplete applications by our lenders. Bluntly this is a backward approach that only serves to make the life of the relationship manager more efficient and not the client. Fair lending regulation This perspective poses a potential issue when it comes to consistency.  In my 10 years working with hundreds of financial institutions, only a very small minority of times have I encountered a financial institution that is willing to state with absolute certainty that a particular characteristic will cause an application to e declined 100% of the time. As a result, I wish to present this scenario: ·         Applicant A provides an incomplete application (missing financial statements, for example). o    Application is processed in an incomplete status with personal and business bureaus pulled. o    Personal credit bureau has blemishes which causes the financial institution to decline the application o    Process is complete ·         Applicant B provides a completed application package with financial statements o    Application is processed with personal and business bureaus pulled, financial statements spread and analysis performed o    Personal credit bureau has the same blemishes as Applicant A o    Financial performance prompts the underwriter or lender to pursue an explanation of why the blemishes occurred and the response is acceptable to the lender/underwriter. Assuming Applicant A had similar financial performance, we have a case of inconsistency due to a portion of the information that we “state” is required for an application to be complete yet was not received prior to rendering the decision. Bottom line the approach causes doubt with respect to inconsistent treatment and we need to avoid any potential doubt in the minds of our regulators. Let’s go back to the question of financial statements. Check back Thursday for my follow-up post, or part II, where we’ll cover the topic in greater detail.

By: Joel Pruis The debate on what constitutes a small business application is probably second only to the ongoing debate around centralized vs. decentralized loan authority (but we will get to that topic in a couple of blogs later).  We have a couple of topics that need to be considered in this discussion, namely:      1.      When is an application an application?      2.     Do you process an incomplete application? When is an application an application? Any request by a small business with annual sales of $1,000,000 or less falls under Reg B.  As we all know because of this regulation we have to maintain proper records of when we received an application and when a decision on the application was made as well as communicated to the client.  To keep yourself out of trouble, I recommend that there be a small business application form (paper or electronic) and that you have clearly stated the information required for a completed application in your small business application procedures.  The form removes ambiguities in the application process and helps with the compliance documentation. One thing is for certain – when you request a personal credit bureau on the small business owner(s)/guarantor(s) and you currently do not have any credit exposure to the individual(s) – you have received an application and to this there is no debate. Bottom line is that you need to define your application and do so using objective criteria.  Subjective criteria leaves room for interpretation and individual interpretation leaves doubt in the compliance area. Information requirements Whether or not you use a generic or custom small business scorecard or no scorecard at all, there are some baseline data segments that are important to collect on the small business applicant: Requested amount and purpose for the funds Collateral (if necessary based upon the product terms and conditions) General demographics on the business Name and location Business Entity type (corporation, llc, partnership, etc.) Product and/or service provided Length of time in business Current banking relationship General demographics on the owners/guarantors Names and addresses Current banking relationship Length of time with the business External data reports on the business and/or guarantors Business Report Personal Credit Bureau on the owners/guarantors Financial Statements (??) – we’ll talk about that in part II of this post. The demographics and the existing banking relationship are likely not causing any issues with anyone and the requested amount and use of funds is elementary to the process.  Probably the greatest debate is around the collection of financial information and we are going to save that debate for the next post. The non-financial information noted above provides sufficient data to pull personal credit bureaus on the owners/guarantors and the business bureau on the actual borrower.  We have even noted some additional data informing us the length of time the business has been in existence and where the banking relationship is currently held for both the business and the owners.  But what additional information should be requested or should I say required? We have to remember that the application is not only to support the ability to render a decision but also supports the ability to document the loan and maybe even serve as a portion of the loan documentation.  We need to consider the following: How standardized are the products we offer? Do we allow for customization of collateral to be offered? Do we have standard loan/fee pricing? Is automatic debit for the loan payments required?  Optional? Not available? Are personal guarantees required?  Optional? We again go back to the 80/20 rule.  Product standardization is beneficial and optimal when we have high volumes and low dollars.  The smaller the dollar size of the request/relationship the more standardized we need to have our products and as a result our application can be more streamlined.  When we do not negotiate rate, we do not need to have a space to note requested rate.  When we do not negotiate on personal guarantees we always require the personal financial information be collected on all owners of the business (some exceptions for very small ownership interests).  Auto-debit for the loan payments means we always need to have some form of a DDA account with our institution.  I think you get the point that for the highest volume of applications we standardize and thus streamline the process through the removal of ambiguity. Do you process an incomplete application? The most common argument for processing an incomplete application is that if we know we are going to decline the application based upon information on the personal credit bureau, why go through the effort of collecting and spreading the financial information.  Two significant factors make this argument moot: customer satisfaction and fair lending regulation. Customer satisfaction This is based upon the ease of doing business with the financial institution.  More specifically the number of contact points or information requests that are required during the process.  Ideally the number of contact points that are required once the applicant has decided to make a financing request should be minimal the information requirements clearly communicated up front and fully collected prior to rendering a decision.  The idea that a quick no is preferable to submitting a full application actually is working to make the declination process more efficient than the actual approval process.  So in other words we are making the process more efficient and palatable for those clients we do NOT consider acceptable versus those clients that ARE acceptable.  Secondly, if we accept and process incomplete applications, we are actually mis-prioritizing the application volume.  Incomplete applications should never be processed ahead of completed packages yet under the quick no objective, the incomplete application is processed ahead of completed applications simply based upon date and time of submission.  Consequently we are actually incenting and fostering the submission of incomplete applications by our lenders.  Bluntly this is a backward approach that only serves to make the life of the relationship manager more efficient and not the client. Fair lending regulation This perspective poses a potential issue when it comes to consistency.  In my 10 years working with hundreds of financial institutions, only a very small minority of times have I encountered a financial institution that is willing to state with absolute certainty that a particular characteristic will cause an application to e declined 100% of the time.  As a result, I wish to present this scenario: Applicant A provides an incomplete application (missing financial statements, for example).  {C}Application is processed in an incomplete status with personal and business bureaus pulled. Personal credit bureau has blemishes which causes the financial institution to decline the application Process is complete Applicant B provides a completed application package with financial statements Application is processed with personal and business bureaus pulled, financial statements spread and analysis performed Personal credit bureau has the same blemishes as Applicant A Financial performance prompts the underwriter or lender to pursue an explanation of why the blemishes occurred and the response is acceptable to the lender/underwriter. Assuming Applicant A had similar financial performance, we have a case of inconsistency due to a portion of the information that we “state” is required for an application to be complete yet was not received prior to rendering the decision.  Bottom line the approach causes doubt with respect to inconsistent treatment and we need to avoid any potential doubt in the minds of our regulators. Let’s go back to the question of financial statements.  Check back Thursday for my follow-up post, or part II, where we’ll cover the topic in greater detail. 

Within the world of cyber security, a great deal of attention has been focused lately on the escalating hazards and frequency of data breaches, with considerable discussion on the high cost of such breaches.  But as the industry has assessed the financial toll of breaches, it has never taken into account how data breaches harm reputations, brand image, and consequently a company's bottom line. Until now. A recently released Ponemon Institute study, sponsored by Experian’s Data Breach Resolution and believed to be the first of its kind, explores the “Reputation Impact of a Data Breach” to provide more context for the full scope of data breaches.  The findings draw enlightening conclusions around the financial toll that data breaches wreak upon harmed corporate reputations, including these key takeaways: Reputation is one of an organization’s most important and valuable assets. Reputation and brand image are perceived as very valuable…and highly vulnerable to negative events, including a data breach. Calculating the value of reputation and brand reveals how valuable these assets are to an organization. The average value of brand and reputation for the study’s participating organizations was determined to be approximately $1.5 billion.  Depending upon the type of information lost as a result of the breach, the average loss in the value of the brand ranged from $184 million to more than $330 million. Depending upon the type of breach, the value of brand and reputation could decline as much as 17 percent to 31 percent. Not all data breaches are equal. Some breaches are more devastating than others to an organization’s reputation and brand image, with the loss or theft of customer information ranked as the most devastating (followed by confidential financial business information and confidential non-financial business information). Data breaches occur in most organizations represented in this study and have at least a moderate or a significant impact on reputation and brand image. According to 82 percent of respondents, their organizations had a data breach involving sensitive or confidential information.  Fifty-three percent say the data breaches had a moderate impact on reputation and brand image and 23 percent say it was significant. Most organizations in the study have had a data breach involving the theft of sensitive or confidential business information. On average these types of breaches have occurred 2.9 times in surveyed organizations, with the theft or loss of confidential financial information having the most significant impact on reputation and brand. Respondents strongly believe in understanding the root cause of the breach and protecting victims from identity theft. When asked what their organizations did following a breach to preserve or restore brand and reputation, the top three steps are: conduct investigations and forensics, work closely with law enforcement and protect those affected from potential harms such as identity theft. The Ponemon study clearly shows that when data breaches occur, the collateral damage of a company’s brand and reputation become significant hard costs that must be factored into the total financial loss. Download the Ponemon Reputation Impact Study

Case studies Experian’s products help clients profitably manage and optimize their customer relationships. We regularly publish case studies highlighting our clients’ successes. »  View client case studies »  Contact us at decisionanalytics@experian.com to request a client reference   Newsletters Experian publishes newsletters on a variety of credit trends and decisioning topics, ranging from recent industry news and regulations, to exclusive offers and updates. »  View latest editions, archives and join our mailing list.   Webinars Experian provides interactive education for credit professionals. View our complimentary webinars and learn how we help you build successful relationships with your customers. »  Register for current and view past credit trends and decisioning Webinars »  View all available Experian Webinars   White papers Experian publishes regular research reports and white papers on industry-relevant topics and issues. »  Download research reports and white papers

By: Joel Pruis Part I – New Application Volume and the Business Banker: Generating small business or business banking applications may be one of the hottest topics in this segment at this time. Loan demand is down and the pool of qualified candidates seems to be down as well. Trust me, I am not going to jump on the easy bandwagon and state that the financial institutions have stopped pursuing small business loan applications. As I work across the country, I have yet to see a financial institution that is not actively pursuing small business loan applications. Loan growth is high on everyone’s priority and it will be for some time. But where have all the applicants gone? Based upon our data, the trend in application volume from 2006 to 2010 is as follows: Chart displays 2010 values: So at face value, we see that actually, overall applications are down (1,032 in 2006 to 982 in 2010) while the largest financial institutions in the study were actually up from 18,616 to 25,427. Furthermore the smallest financial institutions with assets less than $500 million showed a significant increase from 167 to 276. An increase of 65% from the 2006 levels! But before we get too excited, we need to look a little further. When we are talking about increasing application volume we are focusing on applications for new exposure or a new extension of credit and not renewals. The application count in the above chart includes renewals. So let’s take a look at the comparison of New Request Ratio between 2006 and 2010. Chart displays 2010 values: So using this data in combination with the total application count we get the following measurements of new application volume in actual numbers. So once we get under the numbers, we see that the gross application numbers truly don’t tell the whole story. In fact we could classify the change in new application volume as follows: So why did the credit unions and community banks do so well while the rest held steady or dropped significantly? The answer is based upon a few factors: In this blog we are going to focus on the first – Field Resources. The last two factors – Application Requirements and Underwriting Criteria – will be covered in the next two blogs. While they have a significant impact on the application volume and likely are the cause of the application volume shift from 2006 to 2010, each represents a significant discussion that cannot be covered as a mere sub topic. More to come on those two items. Field Resources pursuing Small Business Applications The Business Banker Focus. Focus. Focus. The success of the small business segment depends upon the focus of the field pursuing the applications. As we move up in the asset size of the financial institution we see more dedicated field resources to the Small Business/Business Banking segment. Whether these roles are called business bankers, small business development officers or business banking specialists, the common denominator is that they are dedicated to the small-business/ business banking space. Their goals depend on their performance in this segment and they cannot pursue other avenues to achieve their targets or goals. When we start to review the financial institutions in the less than $20B segment, the use of a dedicated business banker begins to diminish. Marketing segments and/or business development segmentation is blurred at best and the field resource is better characterized as a Commercial Lender or Commercial Relationship Manager. The Commercial Lender is tasked with addressing the business lending needs across a particular region. Goals are based upon total dollars generated and there is no restriction outside of the legal or in house lending limit of the specific financial institution. In this scenario, the notion of any focus on small business is left to the individual commercial lender. You will find some commercial lenders that truly enjoy and devote their efforts to the small business/business banking space. These individuals enjoy working with the smaller business for a variety of reasons such as the consultative approach (small businesses are hungry for advice while the larger businesses tend to get their advice elsewhere) or the ability to use one’s lending authority. Unfortunately while your financial institution may have such commercial lenders (one’s that are truly working solely in the small business or business banking segment) to change that individual’s title or formally commit them to working only in the small business/business banking segment is often perceived as a demotion. It is this perception that continues to hinder the progress of financial institutions with assets between $500 million and $20 billion from truly excelling in the small business/business banking space. Reality is that the best field resource to generate the small business/business banking application volume available to your financial institution is through the dedicated individual known as the Business Banker. Such an individual is capable of generate up to 250 applications (for the truly high performing) per year. Even if we scale this back to 150 applications in a given year for new credit volume at an average request of $106,929 (the lowest dollar of the individual peer groups), the business banker would be generating total application dollars of $16,039,350. If we imply a 50% approval/closure rate, the business banker would be able to generate a total of $8,019,675 in new credit exposure annually. Such exposure would have the potential of generating a net interest margin of $240,590 assuming a 3% NIM.   Not too bad.

By: Joel Pruis Basic segmentation strategy for business banking asks the following questions: - Is there a uniform definition of small business across the industry? - How should small business be defined?  Sales size of the applicant?  Exposure to the financial institution? - Is small business/business banking a retail or commercial line of business? No One Size Fits All The notion of a single definition for small business for any financial institution is inappropriate as the intent for segmentation is to focus marketing efforts, establish appropriate products to support the segment, develop appropriate delivery methods and use appropriate risk management practices.  For the purpose of this discussion we will restrict our content to developing the definition of the segment and high level credit product terms and conditions to support the segment. The confusion on how to define the segment is typically due to the multiple sources of such definitions.  The Small Business Administration, developers of generic credit risk scorecards (such as Experian), marketing firms and the like all have multiple ways to define small business.  While they all have a different method of defining small business, the important factor to consider is that each definition serves the purpose of the creator.  As such, the definition of small business should serve the purpose of the specific financial institution. A general rule of thumb is the tried and true 80/20 rule.  Assess your financial institution’s business purpose portfolio by rank ordering individual relationships by total dollar exposure.  Using the 80/20 rule, determine the smallest 80% of the number of relationships by exposure.  Typically the result is that the largest 20% of relationships will cover approximately 80% of the total dollars outstanding in your business purpose portfolio.  Conversely the smallest 80% of relationships will cover only about 20% of the total dollars outstanding. Just from this basic analysis we can see the primary need for segmentation between the business banking and the commercial (middle market, commercial real estate, etc.) portfolios.  Assuming we do not segment we have a significant imbalance of effort vs. actual risk.  Meaning if we treat all credit relationships the same we are spending up to 80% of our time/resources on only 20% of our dollar risk.  Looking at this from the other direction we are only spending 20% of our credit resources assessing 80% of our total dollar risk.  Obviously this is a very basic analysis but any way that you look at it, the risk assessment (underwriting and portfolio management) must be “right-sized” in order to provide the appropriate risk management while working to maximize the return on such portfolio segments. The realities of the credit risk assessment practices without segmentation is that the small business segment will be managed by exception, at best.  Given the large number of relationships and the small impact that the small business segment has on traditional credit quality metrics such as past dues and charge offs, the performance of the small business portfolio can, in fact, be hidden.  Such metrics focus on percentage of dollars that are past due or charged off against the entire portfolio.  Since the largest dollars are in the 20% of relationships, it will take a significant number of individual small business relationships being delinquent or charged off before the overall metric would become alarming. Working with our clients in defining small business, one of the first exercises that we recommend is assessing the actual delinquency and charge off rates in the newly defined small business/business banking portfolio.  Simply put, determine the total dollars that fit the new definition and apply the charge-offs by borrowers that meet the definition that have occurred over the past 12 months divided by total outstanding in the new portfolio segment.  Similarly determine the current dollars past due of relationships meeting the definition of small business divided by the total outstanding of said segment.  Such results typically are quite revealing and will at least provide a baseline for which the financial institution can measure improvement and/or success.  Without such initial analysis, we have witnessed financial institutions laying blame on the new underwriting and portfolio management processes for such performance when it existed all along but was never measured. So basically our first attempt to define the segment has created a total credit exposure limit.  Such limits should be used to determine the appropriate underwriting and portfolio management methods (both of which we will discuss further subsequent blogs), but this type of a definition does little to support a business development effort as the typical small business does not always borrow nor can we accurately assess the potential dollar exposure of any given business until we actually gather additional data.  Thus for business development purposes we establish the definition of small business primarily by sales size.  Looking at the data from your existing relationships, your financial institution can get an accurate indication of the maximum sales size that should be considered in the business development efforts. As a result we have our business development definition by sales size of a given company and our underwriting and portfolio management defined by total exposure.  You may be thinking that such definitions are not always in sync with each other and you would be correct.  You will have some companies with total sales under your definition that borrower more than your total exposure limits while companies with total exposure that falls under small business but the total sales of such companies may exceed the business development limit.  It is impossible to catch every possibility and to do so is an exercise in futility.  Better that you start with the basics of the segmentation and then measure the new applications that exceed the total exposure or the relationships meeting the total exposure cap but exceed the sales limitation.  During the initial phase, judgment on a case by case basis will need to be used. Questions such as: Is the borrower that exceeds our sales limitations likely to need to borrow more in the near future? Is the exposure of the borrower that meets our sales size requirement likely to quickly reduce its exposure to meet our definition? Will our underwriting techniques be adequate to assess the risk of this relationship? Will our portfolio monitoring methods be sufficient to assess the changes in the risk profile after it has been booked? Will the relationship management structure be sufficient to support such a borrower? As you encounter these situations it will become obvious to the financial institution the frequency and consistency of such exceptions to the existing definition and prompt adjustments and/or exclusions.  But to try and create the exclusions before collecting the data or examining the actual application volumes is where the futility lies. Best to avoid the futility and act only on actual data. Further refinement of the segment definition will also be based on the above assessment.  Additional criteria will be added such as: Industry segments (Commercial Real Estate, for example) Product types (construction lending) Just know that the definition will not stay static.  Based upon the average credit request changes from 2006 to 2010, changes can and will be significant.  The following graph represents the average request amounts from 2010 data compared to the dollar amounts from 2006 (noted below the chart). So remember that where you start is not where you have to stay.  Keep measuring, keep adjusting and your segmentation strategy will serve you very well. Look for my next post on generating small business applications.  Specifically I’ll cover who should be involved in the outbound marketing efforts of your small business segment. I look forward to your continued comments, challenges and debate as we continue our discussion around small business/business banking.  And if you're interested, I'm hosting a 3-part Webinar series, Navigating Through The Challenges Affecting Portfolio Performance, that will evaluate how statistics and modeling, combined with strategies from traditional credit management, can create a stronger methodology and protect your bottom line.

By: Mike Horrocks Earlier this week, my wife and I were discussing the dinner plans for Thanksgiving.  The yams, cranberries, and pumpkin pies were purchased and the secret family recipes were pulled out of the cupboard.  Everything was ready…we thought.  Then the topic of the turkey was brought up.  In the buzz of work, family, kids, etc., both of us had forgotten to get the turkey.   We had each thought the other was covering this purchase and had scratched if off our respective lists.  Our Thanksgiving dinner was at risk!  This made me think of what best practices from our industry could be utilized if I was going to mitigate risks and pull off the perfect dinner.  So I pulled the page from the Basel Committee on Banking Supervision that defines operational risk as "the risk of loss resulting from inadequate or failed internal processes, people, systems or external events” and I have some suggestions that I think work for both your Thanksgiving dinner and for your existing loan portfolios. First, let’s cover “inadequate or failed processes”.  Clearly our shopping list process failed.   But how are your portfolio management processes?  Are they clearly documented and can they be implemented throughout the organization?  Your processes should be as well communicated and documented as the “Smashed Yam Bake” recipe or you may be at risk. Next, let focus on the “people and systems”.    People make mistakes – learn from them, correct them, and try to get the “systems” to make it so there are fewer mistakes.  For example, I don’t want the risk of letting the turkey cook too long, so I use a remote meat thermometer.  Ok, it is a little geeky; however the turkey has come out perfect every year.    What systems do you have in place to make your quarterly reviews of the portfolio more consistent and up to your standards?  Lastly, how do I mitigate those “external events”?  Odds are I will be able to still get a turkey tonight.  If not, I talked to a friend of mine who is a chef and I have the plans for a goose.   How flexible are your operations and how accessible are you to the subject matter experts that can get you out of those situations?  A solid risk management program takes into account unforeseen events and can make them into opportunities. So as the Horrocks family gathered in Norman Rockwell like fashion this Thanksgiving, a moment of thanks was given to the folks on the Basel committee.  Likewise in your next risk review, I hope you can give thanks for the minimized losses and mitigated risks.  Otherwise, we will have one thing very much in common…our goose will be cooked.

This is last question in our five-part series on the FFIEC guidance on what it means to Internet banking, what you need to know and how to prepare for the January 2012 deadline.   Q: How are organizations responding? Experian estimates that less than half of the institutions impacted by this guidance are prepared for the examinations.   Many of the fraud tools in the marketplace, particularly those that are used to authenticate individuals were deployed as point-solutions.  Few support the need for a feedback loop to identify vulnerabilities, or the ability to employ a risk-based, “layered” approach that the guidance is seeking. _____________ This is the last of our five-part series but we're happy to answer more questions as we know you need to know how to prepare for the January 2012 deadline.    

This is fourth question in our five-part series on the FFIEC guidance and what it means Internet banking. Check back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline.  If you missed parts 1-3, there's no time to waste, check them out here: Go to question one: What does “multi-factor” authentication actually mean? Go to question two: Who does this guidance affect?  And does it affect each type  of credit grantor/ lender differently? Go to question three: What does “layered security” actually mean? Today's Q&A: What will the regulation do to help mitigate fraud risk in the near-term, and long-term? The FFIEC’s guidance will encourage financial institutions to re-examine their processes. The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system by exposing vulnerabilities in the way we exchange goods, services and currencies. It is important that members of the financial services community understand their role in protecting our economy from fraud. Fraud is not the result of a static set of tactics employed by criminals. Fraud tactics evolve constantly and the tools that combat them have to evolve as well.   Considering the impact that technology is having on commerce, it is more important than ever to review the processes that we once thought made our businesses “safe.” The architecture and flexibility of fraud prevention “capabilities” is a weapon unto itself. The guidance provides a perspective on why it is important to be able to understand the risk and to respond accordingly. At the end of the day, the guidance is less about a need to take a specific action---and more about the “capability” to recognize when those actions are needed, and how they should be structured so that high-risk actions are met with strong and sophisticated defenses. _____________ Look for part five, the final in our series tomorrow. 

  This is third question in our five-part series on the FFIEC guidance and what it means Internet banking.  If you missed the firstand second question, you can still view - our answer isn't going anywhere.  Check back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline. Question: Who does this guidance affect? And does it affect each type of credit grantor/ lender differently? The guidance pertains to all financial institutions in the US that fall under the FFIEC’s influence. While the guidance specifically mentions authenticating in an on-line environment, it’s clear that the overall approach advocated by the FFIEC applies to authentication in any environment. As fraud professionals know, strengthening the defenses in the on-line environment will drive the same fraud tactics to other channels. The best way to apply this guidance is to understand its intent and apply it across call centers and in-person interactions as well. _____________ Look for part four of our five-part series tomorrow.  If you have a related question that needs an answer, submit in the comments field below and we'll answer those questions too.  Chances are if you are questioning something, others are too - so let's cover it here!  Or, if you would prefer to speak with one of our Fraud Business Consultants directly, complete a contact form and we'll follow up promptly.  

This is second question in our five-part series on the FFIEC guidance and what it means Internet banking.  If you missed the first question, don't worry, you can still go back.  Check back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline. Question: What does “multi-factor” authentication actually mean?    “Multi- Factor” authentication refers to the combination of different security requirements that would be unlikely to be compromised at the same time. A simple example of multi-factor authentication is the use of a debit card at an ATM machine.   The plastic debit card is an item that you must physically possess to withdraw cash, but the transaction also requires the PIN number to complete the transaction. The card is one factor, the PIN is a second. The two combine to deliver a multi-factor authentication. Even if the customer loses their card, it (theoretically) can’t be used to withdraw cash from the ATM machine without the PIN. _____________ Look for part three of our five-part series tomorrow.

This first question in our five-part series on the FFIEC guidance and what it means Internet banking.  Check back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline. Question: What does “layered security” actually mean?   “Layered” security refers to the arrangement of fraud tools in a sequential fashion. A layered approach starts with the most simple, benign and unobtrusive methods of authentication and progresses toward more stringent controls as the activity unfolds and the risk increases. Consider a customer who logs onto an on-line banking session to execute a wire transfer of funds to another account. The layers of security applied to this activity might resemble: 1.       Layer One- Account log-in. Security = valid ID and Password must be provided 2.       Layer Two- Wire transfer request. Security= IP verification/confirmation that this PC has been used to access this account previously. 3.       Layer Three- Destination Account provided that has not been used to receive wire transfer funds in the past. Security= Knowledge Based Authentication Layered security provides an organization with the ability to handle simple customer requests with minimal security, and to strengthen security as risks dictate.  A layered approach enables the vast majority of low risk transactions to be completed without unnecessary interference while the high-risk transactions are sufficiently verified. _____________ Look for part two of our five-part series tomorrow. 

By: John Straka For many purposes, national home-price averages, MSA figures, or even zip code data cannot adequately gauge local housing markets. The higher the level of the aggregate, the less it reflects the true variety and constant change in prices and conditions across local neighborhood home markets. Financial institutions, investors, and regulators that seek out and learn how to use local housing market data will generally be much closer to true housing markets. When houses are not good substitutes from the viewpoint of most market participants, they are not part of the same housing market.  Different sizes and types and ages of homes, for example, may be in the same county, zip code, block, or even right next door to each other, but they are generally not in the same housing market when they are not good substitutes.  This highlights the importance of starting with detailed granular information on local-neighborhood home markets and homes.  To be sure, greater granularity in neighborhood home-market evaluation requires analysts and modelers to deal with much more data on literally hundreds of thousands of neighborhoods in the U.S. It is fair to ask if zip-code level data, for example, might not be generally sufficient. Most housing analysts and portfolio modelers, in fact, have traditionally assumed this, believing that reasonable insights can be gleaned from zip code, county-level, or even MSA data. But this is fully adequate, strictly speaking, only if neighborhood home markets and outcomes are homogenous—at least reasonably so—within the level of aggregation used. Unfortunately, even at zip-code level, the data suggests otherwise.  Examples All of the home-price and home-valuation data for this report was supplied by Collateral Analytics. I have focused on zip7s, i.e. zip+2s, which are a more granular neighborhood measure than zip codes. A Hodrick-Prescott (H-P) Filter was applied by Collateral Analytics to the raw home-price data in order to attenuate short-term variation and isolate the six-year trends. But as we’ll see this dampening still leaves an unrealistically high range of variation within zip codes, for reasons discussed below. Fortunately there is an easy way to control for this, which we’ll apply for final estimates of the range of within-zip variation in home-price outcomes.  The three charts below show the H-P filtered 2005-2011 percent changes in home-price per square foot of living area within three different types of zip codes in San Diego county. Within the first type of zip code, 92319 in this case, the home-price changes in recent years have been relatively homogenous, with a range of -56% to -40% home-price change across the zip7s (i.e., zip+2s) in 92319. But the second type of zip code, illustrated by 92078, is more typical. In this type of case the home-price changes across the zip7s have varied much more. The 2055-2011 zip7 %chg in home prices within 92078 have varied by over 40 percentage points, from -51% to -10%. In the third type of zip code, less frequent but surprisingly common, the home-price changes across the zip7s have had a truly remarkable range of variation. This is illustrated here by zip code 92024 in which the home price outcomes have varied from -51% to +21%, or a 71 percentage point range of difference—and this is not the zip code with the maximum range of variation observed! All of the San Diego County zip codes are summarized in the bar chart below. Nearly two-thirds of the zip codes, 65%, have more than 30 percentage points within-zip difference in the 2005-2011 zip7 %changes in home prices. 40% have more than a 40 percentage point range of different home-price outcomes, 23% have more than a 50 percentage point range, and 13% have more than a 70 percentage point range of differences. The average range of the zip7 within-zip code differences is a 37 percentage point median, 41 percentage-point mean. These high numbers are surprising, and are most likely unrealistically high. Summary of Within-Zip (Zip+2 level) Ranges of Variation in Home-Price Changes in San Diego: Percentage of Zips by Range Across Zip+2s in Home Price/Living Area %Change 2005-2011 Controlling for Factors Inflating the Range of Variation Such sizable differences within a typical single zip code clearly suggest materially different neighborhood home markets. While this qualitative conclusion is supported further below, the magnitudes of the within-zip variation in home-price changes shown above are quite likely inflated. There is a tendency for a limited number of observations in various zip7s to create statistical “noise” outliers, and the inclusion of distressed property sales here can create further outliers, with cases of both limited observations and distress sales particularly capable of creating more negative outliers that are not representative of the true price changes for most homes and their true range of variation within zip codes.  (My earlier blog on June 29th discussed the biases from including distressed property sales while trying to gauge general price trends for most properties.) Fortunately, I’ve been able to access a very convenient way to control for these factors by using the zip7 averages of Collateral Analytics’ AVM (Automated Valuation Model) values rather than simply the home price data summarized above. These industry-leading AVM home valuations have been designed, in part, to filter out statistical noise problems.  The bar chart below shows the still significant zip7 ranges within San Diego County zip codes using the AVM values, but the distribution is now shifted considerably, and more realistically, to a much smaller share of the zip codes with remarkably high zip7 variation. Compared with the chart above, now just 1% of the zips have a zip7 range greater than 60 percentage points, 5% greater than 50, and 11% greater than 40, but there are still 36% greater than 30. To be sure, this distribution, and the average range of zip7 differences—which is now a 25 percentage-point median, 26 percent age-point mean—do show a considerable range of local home market variation within zip codes. It seems fair to conclude that the typical zip code does not contain the uniformity in home price outcomes that most housing analysts and modelers have tended to simply assume. The difference between the effects on consumer wealth and behavior of a 10% home price decline, for example, vs. a 35 to 50% decline, would seem to be sizable in most cases. This kind of difference within a zip code is not at all unusual in these data. How About a Different Type of Urban Area—More Uniform? It might be thought that the diversity of topography, etc., across San Diego County (from the sea to the mountains) makes its variation of home market outcomes within zip codes unusually high. To take a quick gauge of this hypothesis, let’s look at a more topographically uniform urban area: Columbus, Ohio. When I informally polled some of my colleagues asking what their prior belief would be about the within-zip code variation in home price outcomes in Columbus vs. San Diego County, there was unanimous agreement with my prior belief. We all expected greater within-zip uniformity in Columbus. I find it interesting to report here that we were wrong. Both the H-P filtered raw home-price information and the AVM values from Collateral Analytics show relatively greater zip7 variation within Columbus (Franklin County) zip codes than in San Diego County.  The bar chart below shows the best-filtered, most attenuated results,  the AVM values. 5% of the Columbus zips have a zip7 range greater than 70 percentage points, 8% greater than 60, 23% greater than 50, 35% greater than 40, and 65% greater than 30. The average range of zip7 within-zip code differences in Columbus is a 35 percentage point median, 38 percentage-point mean. Conclusion These data seem consistent with what experienced appraisers and real estate agents have been trying to tell economists and other housing analysts, investors, and financial institutions and policymakers for quite a long time. Although they have quite reasonable uses for aggregate time-series and forecasting purposes, more aggregate-data based models of housing markets actually miss a lot of the very real and material variation in local neighborhood housing markets.  For home valuation and many other purposes, even models that use data which gets down to the zip code level of aggregation—which most analysts have assumed to be sufficiently disaggregated—are not really good enough. These models are not as good as they can or should be. These facts are indicative of the greater challenge to properly define local housing markets empirically, in such a way that better data, models, and analytics can be more rapidly developed and deployed for greater profitability, and for sooner and more sustainable housing market recoveries. I thank Michael Sklarz for providing the data for this report and for comments, and I thank Stacy Schulman for assistance in this post.