We have talked about: the creation of the vision for our loan portfolios (current state versus future state) – e.g. the strategy for moving our current portfolio to the future vision. Now comes the time for execution of that strategy. In changing portfolio composition and improving credit quality, the discipline of credit must be strong (this includes in the arenas of commercial loan origination, loan portfolio monitoring, and credit risk modeling of course). Consistency, especially, in the application of policy is key. Early on in the change/execution process there will be strong pressure to revert back to the old ways and stay in a familiar comfort zone.  Credit criteria/underwriting guidelines will have indeed changed in the strategy execution. In the coming blogs we will be discussing: assessment of the current state in your loan portfolio; development of the specific strategy to effect change in the portfolio from a credit quality perspective and composition; business development efforts to affect change in the portfolio composition; and policy changes to support the strategy/vision.  

As stated in an earlier posting, healthcare providers should ensure appropriate compliance with the Red Flags Rule.  There continues to be healthy debate as to what level of applicability the Red Flags Rule has in this market.  That said, the link below, to a recent article by the FTC, highlights some relevant points to think about as healthcare providers consider whether or not they are 'covered' and, if so, the appropriate measures to be taken in developing their Identity Theft Prevention Program.Of note, the article points out that "health care providers are creditors if they bill consumers after their services are completed. Health care providers that accept insurance are considered creditors if the consumer ultimately is responsible for the medical fees. However, simply accepting credit cards as a form of payment does not make you a creditor under the Red Flags Rule."  Based on this definition, it appears to some extent, that the majority of healthcare providers will be covered under the Red Flag Rule as creditors.I encourage you to have a look at this article if you are still on the fence: http://www.ftc.gov/bcp/edu/pubs/articles/art11.shtm

If the business is a creditor or a “financial institution” (defined as a depository institution) that offers covered accounts, you must develop a Program to detect possible identity theft in the accounts and respond appropriately. The federal banking agencies, the NCUA and the FTC have issued Guidelines to help covered entities identify, detect and respond to indicators of possible identity theft, as well as to administer the Program. A copy of the Red Flag Guidelines can be found: Federal Reserve Board – 12 C.F.R. pt 222, App. J Federal Deposit Insurance Corporation – 12 C.F.R. pt 334, App. J FTC – 16 C.F.R. pt 681, App. A NCUA – 12 C.F.R. pt 717, App. J Office of the Comptroller of the Currency - 12 C.F.R. pt 41, App. J Office of Thrift Supervision - 12 C.F.R. pt 571, App. J  

They have started to shift away from time-based collections management activities (the 30-, 60-, 90-day bucket approach).  Instead, the focus is migrating towards the development of collections strategy that is based on the underlying risk of the individual – to look at how he is performing on all of the obligations in the total relationship to determine the likelihood of repayment and the associated activities that can facilitate that repayment.  They’ve found they can’t rely purely on traditional models anymore because consumer behavior has dramatically changed and an account only approach doesn’t reflect the true risk and value of the individual’s relationship.

By: Prince Varma Good day all. My last blog revolved around practical approaches to effective client relationship management. It time to get back to a “risk” type conversation. I recently told my wife that if I hear the phrase “…in this economic environment …” uttered as a caveat one more time, I’m going to scream. I have truly come to anticipate the beginning or introduction to interviews and articles to lead in with this sentiment and it’s driving me nuts. In these economic times (you can tell I’m from the sales side, I cleverly changed the phrase), it is clearly not business as usual within most financial institutions. Conversations with CEOs and bank presidents over the past two months have usually followed the same theme, “I’ve got money to lend, but I just can’t find a decent deal” or “I’ve got applications up the wazoo, but the quality just isn’t there.” So, what is going on? The obvious answer is that we are looking at applications more closely and the credit side (risk management guys) is deliriously happy because everytime they make a recommendation about “reviewing the opportunity further” they also don’t hesitate to mention, “in this economic environment.” Really, what is the scoop and how do we adjust on the front line? Clearly, we know that deeper reviews and management of risk is being undertaken. The problem is that the established standards are no longer valid. Yes, the basics ratios still need to be run, but let’s face it, in this economic environment a company’s historical performance is no longer an effective indicator as to their future performance. The playing field is no longer consistent. The past two to three years of financials are based on circumstances that no longer apply. This means that the analysts are having a difficult time establishing effective benchmarks from which to apply credit policy – and we know that those guys are the paragons of adaptability. We are being asked to evaluate risk in an uncertain circumstance. We are looking at projected revenues and earnings and examining receivables. We are also comparing this business to others in the industry, determining which other market segments have a direct (and indirect) impact on the performance of this one, reviewing business plans and evaluating management depth and experience. And, at the end of the day, either saying no, saying yes but not so much or holding our breath and hoping that divine intervention shows us the way. Does any of this should sound familiar to you? It should. We see these type of deals all of the time and we call them the start-ups. Ok, so what am I recommending? Quite simply, that we take a step back from our typical approach to the established business and engage with them the way we would a start-up. When an opportunity or request presents itself, restrain the urge to go down the garden path. Slow down! No... stop! Take a deep breath, put on your “economic development hat ” and approach the deal the way you would if it were a start-up (and I don’t mean running away at top speed in the opposite direction screaming). You should: look for or help them construct a short term (next four to six month) tactical action/priority plan; help them or review their 12-month business plan; o NOTE: If the business hasn’t realized that they need a short-term survival plan and a mid-term business plan… run! Run far and run fast! examine their market and have them explain why they will make it versus the competition; dig into their management expertise (think AIG); have them explain how their tactical and 12-month business plan will keep the doors open and the lights on (since its coming into summer we’ll cut them some slack on the heat); and finally review and revise their projections. If at the end of this, you still feel that the deal has legs, it probably does, and you’ve done a pretty thorough job building the business case for the credit side. Or, you could just lament that there really isn’t much out there in this economic environment.

By: Prince Varma Part 2 Two additional tactics that you should incorporate into your relationship management penetration strategy include: Conducting relationship reviews in addition to loan reviews; and Identifying and proactively monitoring changes in client behavior. Relationship reviews Relationship reviews are a comprehensive and thorough examination of the client’s business and should be the foundation for your relationship management process. They seek to provide both the client and the relationship manager with a roadmap for the upcoming 14- to 16-month period by identifying specific goals and concerns, as well as constructing a snapshot of the client today. The purpose of a relationship review is to understand the broader direction.  Bluntly put, an annual loan review is not a penetration activity. Its primary focus is to verify the ongoing credit worthiness of an existing deal in the books. More details will come about this topic in a future blog. Monitoring changes in behavior Monitoring changes in client behavior through the use of “activity thresholding” is quickly becoming a mainstay in the financial industry. The idea isn’t new; however, the application of the concept to penetration is. Instead of having changes in credit score trigger an alert related to risk management and mitigation, we would instead look at thresholds related to line usage, number of deposit transactions, changes in average deposit amount and credit card transactions. These kinds of client behaviors and activities provide insight into what is occurring within a clients business and as such, allow us to provide recommendations for products and services that are meaningful and appropriate.

This post is a feature from my colleague and guest blogger, Barry Timm, Senior Process Architect in Advisory Services at Baker Hill, a part of Experian. 2008 has proven to be an unbelievably challenging year for the economy as a whole, let alone the financial industry.  Never before have we experienced the type and degree of turmoil that we did in 2008, even since the “Great Depression”. These economic challenges have been quick, severe and widespread; and, from large corporations to the individual consumer, all have been impacted to some degree.  The stock market is down, unemployment up, consumer confidence down, delinquencies up ….not exactly a pleasant roller coaster ride. And, there is no longer any projecting as to when the “bubble” is going to burst.  It happened.   Decreased real estate values have occurred not only in high impact geographic regions but throughout the country.  While home equity products have traditionally been the “golden child” of consumer loan product offerings, recent economic changes have caused a shift in that perspective.  As a result, tightened underwriting standards have limited the availability of the product as a whole.  In some markets the product offering has even been temporarily halted. We frequently hear the terminology “bailout” being used in the news.  While we all have expectations as it relates to the bailout approach, I thought I would “Google” the word “bailout” to see what would magically appear.  Interestingly enough, the first listing was titled “Walk away from your home”, with a link to the home page for a mortgage default legal team.  This is not exactly what I was expecting to find, but is definitely reflective of the times. And, according to the FDIC, there have been 25 failed financial instituions in the year 2008.  This single year number equates to the total number of failed financial institutions between the prior periods 2001 through 2007. Okay … enough doom and gloom.  In spite of all that has occurred within the economy, some financial institutions continue to maintain a strong credit quality position in their consumer portfolios and have maintained profitability throughout all of the market volatility. What are the strong survivors doing that differentiates themselves from the others? 1. They understand their portfolio.   Advisory Services frequently assists clients with various types of portfolio management analysis and often presents those findings to senior management.  We often hear that management is surprised by the results of that analysis. The point is that high-level management reporting is not enough these days. Additional detail and depth are necessary. More specifically, as opposed to evaluating payment performance at the portfolio level, it is important to consider the following: Do you know your delinquency numbers at the product level? How do delinquencies compare to your product approval rates? Do you routinely compare approval/decline rates and delinquencies to scorecard results and/or credit bureau scores? Do you know where pricing exceptions are being made and are you receiving sufficient return for the level of risk? 2. A focused strategy is in place. It is important to re-emphasize the specific, strategic direction and focus of your defined market.  Now is not the time to be “pushing the envelope” and extending into untested waters.  There is something to be said about focusing on your strengths, staying within your defined footprint and meeting the needs of your core, proven line of business while following sound financial risk management. 3. The underwriting process is under control. This does not automatically mean that a “tightening” of underwriting standards is necessary.  It does mean, however, that stronger attention to detail is warranted.  It is important that underwriting criteria is reviewed and that you are sure that defined underwriting practices are consistently applied.  As noted in item number one above, this may require digging a little deeper and reviewing current and past decisioned loans (preferably with a critical eye of an independent third party).  Assessing the underwriting process becomes increasing complex and more critical with a decentralized underwriting approach. Focus on the positive Now that 2008 is behind us, let’s continue to focus on the positives to come in 2009.  Reflect on the past, but strive to center your attention on ongoing portfolio monitoring, financial risk management assessments and improvements for the future.  

The credit reporting agencies will not identify Red Flags, as such, on a credit report. However, there may be certain information on a credit report that you have determined to be an indicator of possible identity theft and have incorporated into your Program, such as a consumer fraud alert or a notice of address discrepancy. In addition, the Red Flag Guidelines specify that a credit report indicating a pattern of inconsistent or unusual recent activity might be a Red Flag.

By: Tom Hannagan   Part 6 Peer Group 2 fee income Non-interest income again, as a percent of average total assets, declined to .86 percent from .95 percent in 2007. For Peer Group 2 (PG2), fees have also been steadily declining relative to asset size, down from 1.04 percent of assets in 2005. A smaller, non-interest bearing deposit base with no other new and offsetting sources of fee income will lead to increased pressure on this metric. Operating expenses Operating expenses also put more pressure on earnings on these smaller banks. They increased from 2.79 percent to 2.83 percent of average assets. That’s four basis points on the negative. Historically, this metric has been flattering for this size bank and usually moves up or down from year-to-year. It was almost equal at 2.82 percent of assets in 2004. As a result of the sizeable decline in margins, the continued decline in fee income and the slight increase in operating expenses PG2’s efficiency ratio lost ground from 59.52 percent in 2007 to only 64.72 percent in 2008. That means that every dollar in gross revenue cost them almost 65 cents in administrative expenses this year. This metric averaged 56 cents in 2005/2006. It’s amazing how close these numbers are for banks of very different size where you would expect clear economies of scale. The total impact of margin performance, fee income and operating expenses, plus the huge increase in provision expense of 59 basis points leads us to a total decline in pre-tax operating income of .96 percent on total assets. That is a total decline from 1.58 percent pre-tax ROA in 2007 to .64 percent pre-tax ROA, a loss of 61 percent from the pre-tax performance in 2007. My same conclusion as above would hold regarding the pricing of risk into bank lending (although the smaller banks didn’t perform a badly as the larger in this regard). Although all 490 banks are declining in all profit metrics, the smaller banks seem to have an edge in pricing loans, but not deposits. Although up dramatically in 2007, and even more in 2008 for both groups, the PG2 banks seem to be suffering fewer credit losses relative to their asset size than their larger brethren. Both groups have resulting huge profit declines, but the largest banks are under the most pressure through this period. An interesting point, with higher loan yields and fewer apparent losses, is whether PG2 banks are somewhat better at risk-based pricing (for whatever reason) than the largest bank group. Results are results. The 2009 numbers aren’t expected to show a lot of improvement as the general economy continues to slow and credit and financial risk management issues continue. We’ll probably comment on 2009 as the quarterlies become available this year.  

If you have detected a Red Flag in connection with a credit application, are you prohibited from opening the account when following the Red Flag guidelines?First, you must assess whether the Red Flag evidences a risk of identity theft and your response must be commensurate with the degree of risk that is posed. You generally are not prohibited from opening the account, unless the only appropriate response in light of the degree of risk posed by the Red Flag would be not to open the account. In some instances, for example, you may be able to contact the applicant directly to verify that the application is legitimate. 

Part fourImproved change management process is one of the items at the very top of many collections professional’s wish list. In most legacy collections systems, the change management process is slow, expensive and labor intensive. It is not uncommon for an organization to take three, six or even 12 months to implement a system change, depending on the complexity of the request. Additionally, the expenses for a vendor or internal IT department to code, test and deploy the change can cost tens or hundreds of thousands of dollars. Aside from the cost and timelines, the impact to the business can be suffocating, particularly when the business users are unable to keep up with rapidly changing requirements.Change controlOne of the most exciting and innovative features of next generation collection management software systems is the ability to make changes quickly and efficiently, without the need for hard coding or extensive testing. Additionally, change control responsibilities can be granted to business users, who can then be empowered to make system changes, without the support of the software vendors or their internal IT departments. If desired, the change controls can be segmented or shared to ensure (via secure access rights) that only qualified individuals are empowered to make changes and that their skill and knowledge align with the assigned access. Regardless of where the control lies, the entire organization benefits from a change management process that is fast, efficient and easy to manage.The types of system changes that benefit from modern technology include just about any imaginable task. Simple screen or scripting changes fall on one side of the complexity spectrum, while modifications to database layouts lean towards the other end. Linking to other complimentary systems and data sources is also quicker and easier which enables hooks to be implemented in days and weeks rather than months or years.Financial benefitThe financial benefit metric of improved change management is relatively straight forward, although it is not always possible to accurately gauge the benefit ahead of the change event itself. For example, the financial value can be calculated as the benefit of the change itself (considering only the time it is in production) ahead of when it would have been deployed in a legacy environment. Additionally, we must factor the labor and fees that would have been spent to implement the change in the legacy system, less what was actually spent. For example, let’s assume a given change adds $50,000 in monthly benefits. Let’s also assume that we can implement and test the change in a next generation system in one week, while the same change could take six months in a legacy system. The value of the faster change is then $300,000 and we have saved a significant amount of money in labor and fees above and beyond that. One of the key benefits of next generation systems is that these collections efficiency changes can be made in days or weeks rather than months or years. Considering that in a year an organization with modern technology could design and implement many beneficial changes rather than just a handful, the return on investment increases exponentially with additional change management activity.My next blog will be the last in this “next generation collections systems” series and brings together the financial benefits highlighted in my previous blogs in the form of an ROI case study. Common objections and relevant considerations will also be discussed.Stay tuned! 

For all you folks who, like me, waited until the last minute to knock out a term paper or class project in school, here is a friendly reminder…Yes, the Federal Trade Commission (FTC) pushed out the enforcement deadline of the Red Flags Rule to May 1, 2009.  Yes, a sigh of relief was heard across compliance officers and operations managers nationwide.  However, you should still keep a few things in mind as we approach May 1.  First, per the FTC, "many entities also noted that because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the requirements of the rule too late to be able to come into compliance by November 1, 2008."  Those of you, who have not been subject to FTC enforcement in the past are quite possibly still subject to the Red Flags Rule based on your institution maintaining 'covered accounts' per the definition in the Red Flags Rule itself.  Double check if you think otherwise. Second, the FTC was clear in stating that "this delay in enforcement is limited to the Identity Theft Red Flags Rule (16 CFR 681.2), and does not extend to the rule regarding address discrepancies applicable to users of consumer reports (16 CFR 681.1), or to the rule regarding changes of address applicable to card issuers (16 CFR 681.3)."  So, while May 1 is still a few weeks away, if you are accessing consumer credit reports, for example, you should already have a formal written and operational process to detect and respond to address discrepancies on those credit reports.

Red Flags Rule I've heard more than one institution claim that they may limit and even reduce the identity elements (perhaps down to just name and address) that are captured during consumer applications or other transactions.  Their rationale is that the fewer identity elements they request or require during these processes, the less information they will need to authenticate as part of their Red Flags Identity Theft Prevention Program.  While this argument seems logical on the surface, I would suggest that if securely gathered/stored and appropriate to the nature of your business, additional data elements such as Social Security Number (SSN), date of birth and phone number can actually allow you to accomplish a few things to your benefit.  1.  Analysis of our consumer authentication products shows that contributing SSN, date of birth, and phone (in addition to name and address) to an authentication process, will actually improve your ability to positively authenticate a consumer via an overall risk-based strategy.  2.  The use of additional data elements, such as the phone number, can unlock additional data sources for use in verifying not only that phone number, but the inquiry name and address as well.  3.  Just because you don't capture certain identity elements, doesn't mean the risk goes away.  In providing additional identity elements for authentication, you can gain a more holistic view of a consumer - be that good, bad or ugly.  It’s better to figure this out up front versus down the road when bills go unpaid and the bad guys scatter.

By: Prince Varma Hello. My name is Prince Varma and I’ve spent the better part of the last 16 years helping financial institutions (FI) successfully improve their in business development, portfolio growth and client relationship management practices. So, since the focus of this blog is to speak to readers about risk management, many of you are probably wondering what a “sales and business development” guy is doing writing a piece related to mitigating and managing risk? Great question! The simple fact is that the traditional or prevailing sentiment or definition related to risk management – mitigating credit risk -- is incomplete. A more accurate and comprehensive approach would be to recognize, acknowledge and address that “risk” cuts across the entire client relationship spectrum of: client penetration/growth; client retention; and client credit risk mitigation. How do penetration and retention count as “risk factors”? (this is where the sales guy stuff comes in) From a penetration perspective, the failure to recognize potential opportunities either within the existing client base or in the operating market, introduces revenue growth risk (meaning we aren’t keeping our eye on the top line). Ultimately it impacts the FI’s ability to add assets (either deposits or loans) and also has a direct affect on efficiency and deposit to loan ratios. From a retention perspective, the risk is even more obvious. Our most valued clients are the ones that we must continuously engage in a proactive manner. Let’s face it. In even the smallest markets, there are no less than four to six other institutions waiting to jump on your client in the event that you grow complacent. There is a huge difference between selection and satisfaction. And, if we aren’t focused on keeping a client after securing them, our net portfolio growth targets will be impossible to achieve. Considering the current market environment, now more than ever, effectively managing these three elements of “risk/exposure to the FI” is crucial to an institutions success both practically and pragmatically. Everyone internally at the bank is focused on the “credit risk mitigation” piece. The conversations that are occurring outside of the bank’s walls however are focused on the “L” word or liquidity and getting credit flowing again. How many times have we read or more frankly been beaten with this comment from business owners “…there’s no one making loans anymore…” or “…its impossible to get credit…?” That should be read as … penetration and retention Striking a balance between effective and appropriate credit risk exposure and deepening or growing the portfolio has been a challenge facing those of us in the front office for as long as I can remember. The “sales revolution” is effectively over. We’ve learned the critical lesson that we need to evolve beyond being strictly a credit officer (you did learn that right??!!). And, you didn’t/shouldn’t become a “banking products generalist” with no analytical depth. Knowing all this, it is important that we return to the guiding principles of effective lending which include: - evaluating the scope of the opportunity; - isolating the risk and identifying a reasonable and realistic recovery/mitigation remedy; - determining what other alternatives the borrower might be considering; and - being willing to let the “bad deals” walk. In subsequent blogs, I’ll provide you with specific tactics aimed at optimizing penetration and retention efforts and implementing effective and practical client management strategies. After all what would you expect from a business development guy…

When you begin thinking about financial risk management, you must begin with a vision for your loan portfolio and the similarity of a loan portfolio to that of an investment portfolio.  Now that you have that vision in place, we can focus on the overall strategy to achieve that vision. A valuable first step in loan portfolio monitoring is to establish a targeted value by a certain time (say, our targeted retirement age).  Similarly, it’s important that we establish our vision for the loan portfolio regarding overall diversification, return and the management of risk levels. The next step is to create a strategy to achieve the targeted state.  By focusing on the gaps between our current state and the vision state we have created, we can develop an action plan for achieving the future/vision state.  I am going to introduce some rather unique ideas here. Consider which of your portfolio segments are overweight?  One that comes to mind would be the commercial real estate portfolio.  The binge that has taken place over the past five plus years has resulted in an unhealthy concentration of loans in the commercial real estate segment.  In this one area alone, we will face the greatest challenge of right-sizing our portfolio mix and achieving the appropriate risk model per our vision. We have to assess our overall credit risk in the portfolios next.  For small business and consumer portfolios, this is relatively easy using the various credit scores that are available to assess the current risk.  For the larger commercial and industrial portfolios and the commercial real estate portfolios, we must employ some more manual processes to assess risk.  Unfortunately, we have to perform appropriate risk assessments (current up-to-date risk assessments) in order to move on to the next stage of this overall process (which is to execute on the strategy). Once we have the dollar amounts of either growth or divestiture in various portfolio segments, we can employ the risk assessment to determine the appropriate execution of either growth or divestiture.