This post is a feature from my colleague and guest blogger, Stephanie Butler, manager of Process Architects in Advisory Services at Baker Hill, a part of Experian. Are you tired of the economic doom and gloom yet?  I am.  I’m not in denial about what is happening -- far from it.  But, we can wallow or move forward, and I chose to move forward.  Let’s look at a few of the many lessons that can be learned from the year and some action steps for the future. 1. Collateral does not make a bad loan good  Remember this one? If you didn’t relearn this in 2008, you are in trouble.  Using real estate as collateral does not guarantee a loan will be paid back.  In small business/commercial lending, we should be looking at time in business, repayment trends and personal credit.  In consumer lending, time with an employer, time at the residence and net revolving burden are all key.  If these are weak, collateral will not make things all better. 2. Balance the loan portfolio  Too much of a good thing is ultimately never a good thing.  First, we loaded our portfolios with real estate because real estate could never go bad.  Now, financial institutions are trying to diversify out of real estate and move into the “next great thing.”  Is it consumer credit cards, commercial C&I, or small business lines of credit?  It’s anyone’s guess.  The key is to balance the portfolio.  A balanced portfolio can help smooth the impact of economic trends and help managing uncertainty.  We all know that policy requires monitoring industry concentrations.  But, balancing the portfolio means more than that.  You also need to look at the product mix, collateral taken, loan size and customer location.  Are you too concentrated in unsecured lending?  How about lines of credit?  Are all of your customers in three zip codes? 3. Proactive vs. reactive The days of using past dues for portfolio risk management are gone.  We need to understand our customers by using relationship management and looking for proactive markers to anticipate problems.  Whether this is done manually or through the use of technology, a process must be in place to gather data, analyze and anticipate loans that may need extra attention.  Proactive portfolio risk management can lessen potential charge-offs and allow the bank to renegotiate loans from a position of strength. Be sure to check my next post as Stephanie continues with tips on how to get back to risk management basics.

Part 2 My colleague, Prince Varma, Senior Client Partner -- Portfolio Growth and Client Management, shares his advice on the best practices for portfolio risk management in these trying times. Boy; this is an interesting time. Banks today are at a critical threshold -- the biggest question that they are trying to answer is, "How do we continue to grow -- or at least avoid contracting -- without sacrificing profitability or credit quality?” The urge to overcompensate, or engage in ultra conservative lending practices, must be resisted.  That said, we are already seeing a trend in which mid-sized and regional lenders are abandoning mid-tier credit. This vacuum is being filled by community banks and credit unions which are implementing aggressive risk-based pricing programs in order to target the small business market. These organizations are also introducing "safe and secure" campaigns that specifically target existing clients of banks in the news -- and attempting to entice those clients to switch over. We are strongly urging banks to engage in an analysis of their existing portfolios in order to pinpoint opportunities for expanding their relationships with existing key clients. Many senior executives are expressing apprehension about undertaking new projects given current levels of uncertainty.  Our best advice is two-fold.. First, focus on identifying those areas where process remediation will have long term and sustained value. Second, do not allow uncertainty to paralyze your internal improvement efforts.  Strong business cases lead to good decisions; don't let fear and apprehension cloud what you know needs to be done.

By: Tom Hannagan Part 2 This post continues my discussion of the reasons for going through the time and trouble to analyze risk-based pricing for loans. For the discussion of the key elements involved in risk-adjusted loan pricing, please visit my earlier posts. In my last blog we discussed reason number one: good corporate governance. Governance, or responsible and disciplined leadership, makes a lot of sense and promotes trust and confidence which has been missing lately in many large financial institutions. The results can be seen in the market in multiples now and are associated with both the struggling companies and, through guilt by association, the rest of the industry.  But, let’s move beyond the “soft” reason. The second major justification for going through the effort to risk-adjust loan pricing as a normal part of the lending function is financial. Profit performance By financial, we mean profit performance or bottom line earnings. This reason relies on the key belief that risk has a cost. Just because risk can be difficult to measure and/or is not addressed within GAAP, doesn’t mean it can’t ultimately cost you something. If, for any reason, you believe you can get away with taking on any unmitigated risk without it ever costing anything, do not continue reading this or any of my other posts. You are wasting your valuable time. Risk will surface The saying that “risk will out,” I believe, is true. The question is not if risk will eventually surface, but when, how and how hard it will bite.  Risk can be transferred (hedges, swaps and so on), but it doesn’t disappear from the universe. Once risk is created, someone owns it. The news headlines of the past 18 months are replete with stories of huge writedowns of toxic assets. The securitized assets and/or their collateral loans always contained risk – from the moment the underlying loan was closed. The loans and their payment streams were sliced a dozen ways, repackaged and resold. The risk was also sliced up, but like mercury, it all remained in the system.  Another familiar casino saying that brings this to mind is: “If you don’t know who the ‘mark’ at the table is, it’s you.” There are now several world class examples of such marks. Some have now failed completely and many more would have without federal intervention. Lending, in the leveraged/banking sense, involves all major types of risk: credit risk, market risk, operational risk and business risk. And, beyond the identifiable and potentially insurable portions of these risks, like any business, it includes the risk of unexpected loss, which needs to be covered by capital. Banks have developed policies and guidelines to mitigate, identify and measure many of their risks. These all fall under the world of risk management and these efforts all cost something. There is no free way to offset risk – other than not doing the loan at all. But lending is the business of banking, isn’t it? Further, the risk mitigation efforts cost more or less depending on the various risk characteristics of the bank’s loan portfolio each loan. For instance, a floating rate loan involves little market risk and requires little if any expense to offset. A five-year fixed rate, interest-only loan involves a lot of market risk and that costs something to offset. Alternatively, a loan with a pass risk rating of ‘2’ involves a much lower likelihood of defaulting than a loan with a pass risk rating of ‘4’. The lower risk loan; therefore, involves less of an ALLL (Allowance for Loan and Lease Losses) reserve and provisioning expense.  Also, an owner occupied commercial mortgage is normally much less expensive to monitor than a credit backing a floor plan or construction project. Those cost differences could be reflected in the pricing. Finally, for today, the amount of risk capital needed to back these kinds of differing loan characteristics, for purposes of unexpected loss, is substantially different. If these kinds of differences are not priced into the loans somehow, one of two situations exists: Either the bank is not getting paid for the risk it is incurring; or, If it is, it is charging the lower risk borrowers a rate that pays for added risk-adjusted expenses of the higher risk borrowers. The business risk to the bank then becomes losing the better clients over time in lieu of attracting the riskier deals. This process has a name: adverse selection. The ongoing expenses of risk mitigation and the negative impact of unexpected losses on retained earnings, over time, materially hurt the bank’s earnings. Someone is paying for all of the risks of being in the business of lending and it’s usually one of two groups: the customers or the shareholders. In the worst of cases, it’s also the taxpayers. The idea of risk-based pricing, at the loan level, is to have the clients pay for the risks the bank is incurring on their behalf by pricing the loan appropriately from the beginning. As a result: This tends to protect, and often enhance, the bank’s financial performance; It is clever; It puts some teeth in the bank’s already existing risk management policies; It is justifiable to the client; and It even makes sense to most lending officers. Fortunately, loan pricing analysis is a scalable activity and possible for most any size bank. It is a smarter way of banking than a one-size-fits-all approach -- even without considering the governance improvement.  

By: Tom Hannagan Part 1 In my last three posts, we have covered the key parts of how risk-based loan pricing works. We have discussed how the key foundational elements involved in risk-adjusted loan pricing can and should relate to the bank’s accounting results and strategic policies. We went from the pricing analysis of an individual loan on a risk-adjusted basis to solving for a bank-wide target or guideline return. We also mentioned how this analysis can be expanded to the client relationship level, both producing a relationship management view of any existing loans and the impact of pricing a renewal or new credit to impact the client-level return. Finally, I mentioned that although this capability can exist (and does in more banks than ever before), it isn’t an easy undertaking in an industry that is historically keyed to volume goals rather than transaction profit (let alone risk-adjusted profit). So, why go through the effort? Moving to a risk-adjusted view of lending and relationship management requires serious thought, effort and resolve. It involves change and teaching lenders a new trick. It even suggests that the lending executive (perhaps the next president of the bank) hasn’t been doing the best job possible to protect and advance the bank’s margins. Any new undertaking involves management risk. And, accurate or not, bank executives are not generally viewed as terrific change agents. Is this concept of risk-based pricing worth all the time and trouble? We think so – for two general reasons. Corporate governance Almost any business, if not any undertaking of any kind, involves risk to some degree. Finance in general, and commercial banking, specifically, involves several kinds of risk. The most obvious risk is repayment or credit risk. Banks have been lending money successfully for a long time. The funny thing is that often, when we’ve studied the actual loan rates of a bank’s portfolio versus the bank’s own risk ratings (or risk grades), we see almost no difference in loan pricing. The banks have credit policies that discuss the different ratings in some detail. And, the banks usually have some sort of provisioning process or ALLL (Allowance for Loan and Lease Losses) logic that uses these differences in risk rating. Loan review guidelines often use the differences in risk rating to gauge the review frequency and depth. So, the banks know what’s going on. They know that a higher risk borrower/loan is less likely to be repaid in full than a lower credit risk borrower/loan. But, the lending operation goes on as if they were all about the same. There seems to be a disconnect (kind of like when my arms and brain disconnect when I swing a golf club). I know if I slow down I’ll hit a better shot, but I still swing way too fast. It seems to me that since the bank has all of these terrific policies in place dealing with credit risk, that good governance would require that credit risk be reflected more fully when loans are marketed, negotiated and agreed to – rather than just when they go awry. I would make the same general argument for management consistency associated with other risk types. If the loan duration is longer, good governance would reflect (pay for) a realistic marginal funding cost of the same duration. This would help to align the loan pricing effort with the guidelines or policies associated with ALCO or Asset and Liability Policy Committee and Interest Rate Risk (IRR) management. If a loan involves higher or lower risk of unexpected loss based on loan/collateral type and risk rating, then the risk capital associated with the loan should vary accordingly. The risk-based allocation of capital will then require different pricing in order for the loan to hit a targeted return. This protection of return, on a risk-adjusted basis, is the final step in good governance – in this case, to protect the shareholders specific contribution (of their equity) to funding the loan in question. Finally, if I were a director, regulator or an auditor (again), and I reviewed all of these fine policies related to risk management, and did not see them reflected in deal pricing, I would have to ask “why?”.  It would seem that either executive management doesn’t really believe in their own policies, or they are willing to set them aside when negotiating deals for the added business. Maybe loan management doesn’t want to be bothered by the policies while they’re out there in the “real world” fighting for added loan volume. Either way, there seems to be a governance disconnect. Which I know on the golf course, leads to lost balls and unnecessary poor scores. My second major reason will follow in my next blog.

By: Tom Hannagan Part 1 Risk-based pricing starts as a product-level reflection of a bank’s financial and risk characteristics. In my last few posts we have covered the key parts of how risk-based loan pricing works. In doing so, we have discussed how the key foundation elements involved in risk-adjusted loan pricing can (and should) relate to the bank’s accounting results and strategic policies: Loan balance, rate and fee data relates to the bank’s actual general ledger amounts; The administrative costs are also derived from actual non-interest expenses; The cost of funds is aligned with the policies used in the ALCO operation and in the IRR management processes; The statistical cost of credit risk used in pricing (providing sensitivity to the loan’s risk rating) is derived partially from the bank’s credit and provisioning policies; The taxes are the bank’s actual average experience; and For banks using ROE/RAROC, the equity allocation is related to the bank’s overall (unexpected) risk posture and its capital sufficiency policies. Once a bank understands risk-adjusted pricing and can calculate the risk-adjusted return (ROA or ROE/RAROC) for a given loan, what more can we do to help the lender close the deal? And, what can we do to help lenders assist the bank with meeting profit goals? The answer to both questions is: “quite a lot”. First, bank management and lending executives can set various risk-based goals or guidelines that are based on the same data and foundation logic that was used to create the risk-based profit calculations. This analytical form of targeting helps take the profit (and therefore pricing) process out of the realm of “blue sky” numbers or simply wishful thinking on the part of management. The risk-based targeting guidelines benefit from the same analytical processes that went into the logic behind creating the profit calculations. The targets should be as well-founded as the analysis that went into the profit calculations. Then the fun begins. First at the loan level: Once we have the ability to calculate risk-adjusted loan profit and we have similarly founded targets or guidelines, we can easily use the profit calculations in reverse to solve for a required loan rate and/or origination fee that will meet the target profit. The lender can change a structural aspect of the loan under consideration and quickly see the impact on risk-adjusted profit. More importantly, they can see how these changes relate to the guidelines or target. In fact, the lender could look at any number of changes to the loan amount, tenor, amortization rate, moving the risk rating up or down, and changing the rate from fixed to floating impact to see what relative impact the change has on risk-adjusted profit. Because knowledge is one key to successful negotiation, the lender is in a substantially stronger position to conduct the sales and negotiation phases of landing the deal. There is a substantially higher likelihood the resulting loan will be a better risk-adjusted return for the bank than would take place by ignoring such pricing practices. Add up all of the loan and lines done in the course of a year and you see a significant impact on the bank’s overall performance. In my next post, I’ll expand this concept to the relationship management level.

So here it is!  The moment you all have been waiting for--the top ten hot topics of 2009 (in no particular order of importance). 1. Portfolio Risk Management – You should really focus on this topic in 2009.  With many institutions already streamlining the origination process, portfolio management is the logical next step.  While the foundation is based in credit quality, portfolio management is not just for the credit side. 2. Review of Data (aka “Getting Behind the Numbers”) – We are not talking about scorecard validation; that’s another subject.  This is more general.  Traditional commercial lending rarely maintains a sophisticated database on its clients.  Even when it does, traditional commercial lending rarely analyzes the data. 3. Lowering Costs of Origination – Always a shoe-in for a goal in any year!  But how does an institution make meaningful and marked improvements in reducing its costs of origination? 4. Scorecard Validation – Getting more specific with the review of data.  Discuss the basic components of the validation process and what your institution can do to best prepare itself for analyzing the results of a validation.  Whether it be an interim validation or a full-sized one, put together the right steps to ensure your institution derives the maximum benefit from its scorecard. 5. Turnaround Times (Response to Client) –Rebuild it.  Make the origination process better, stronger and faster.  No; we aren’t talking about bionics here -- nor how you can manipulate the metrics to report a faster turnaround time.  We are talking about what you can do from a loan applicant perspective to improve turnaround time. 6. Training – Where are all the training programs?  Send in all the training programs!  Worry, because they are not here.  (Replace training programs with clowns and we might have an oldies song.)  Can’t find the right people with the right talent in the marketplace? 7. Application Volume/Marketing/Relationship Management – You can design and execute the most efficient origination and portfolio management processes.   But, without addressing client and application volume, what good are they? 8. Pricing/Yield on Portfolio – “We compete on service, not price.” We’ve heard this over and over again.  In reality, the sales side always resorts to price as the final differentiator.  Utilizing standardization and consistency can streamline your process and drive improved yields on your portfolio. 9. Management Metrics – How do I know that I am going in the right direction?  Strategize, implement, execute, measure and repeat.  Learn how to set your targets to provide meaningful bottom line results. 10. Operational Risk Management – Different from credit risk, operational risk and its management, operational risk management deals with what an institution should do to make sure it is not open to operational risk in the portfolio. Items totally in the control of the institution, if not executed properly, can cause significant loss.   Well, that’s it.  We encourage your feedback on this list.  Let us know which of these ten topics is a priority for your institution and what specific areas in each topic you would like to see addressed.

I’m speculating a bit here, but I have a feeling that as the first wave of Red Flag rule examinations occurs, one of the potential perceived weak points in your program(s) may be your vendor relationships.  Of particular note are collections agencies.  Per the guidelines, “Section 114 applies to financial institutions and creditors.” Under the FCRA, the term “creditor” has the same meaning as in section 702 of the Equal Credit Opportunity Act (ECOA), 15 U.S.C. 1691a.15 ECOA defines “creditor” to include a person who arranges for the extension, renewal or continuation of credit, which in some cases could include third-party debt collectors.  Therefore, the Agencies are not excluding third-party debt collectors from the scope of the final rules and “a financial institution or creditor is ultimately responsible for complying with the final rules and guidelines even if it outsources an activity to a third-party service provider.” A general rule of thumb in any examination process is to look closely at activities that are the most difficult for the examinee to control.  Third-party relationship management certainly falls into this category.  So, make sure your written and operational programs have procedures in place to ensure and regularly monitor appropriate Red Flag compliance -- even when customer (or potential customer) activities occur outside your walls. Good luck!

By: Tom Hannagan Part 2   Return on Equity (ROE) ROE is the risk-adjusted profit divided by the equity amount associated with the loan in question.   ROE =      Risk-adjusted profit Equity amount of the loan   There are two large advantages to using ROE. One, you can use it to compare profit performance across asset-based and non-asset-based products. This can’t be done with ROA – if there’s no “A”, you can’t create the ratio. This seems to be a crucial consideration if you are serious about cross-selling non-asset-based products (such as deposits and a long list of non-credit financial services) and if you are serious about being a truly client relationship oriented organization.   Second, by using ROE you have the possibility of risk-adjusting the amount of equity used in the denominator of the calculation.  Adjusting the equity amount based on risk, in a credible manner, creates risk-adjusted ROE, or what is referred to as risk adjusted return on capital (RAROC). The equity amount applied to the loan represents all of the remaining risk or unexpected loss (UL).instance that we did not account for in the steps that got us to the risk-adjusted profit result. RAROC, or risk-adjusted ROE, is a fully risk-adjusted representation of relative value. This level of risk-based performance measurement also has the advantage of relating pricing and relationship management activities to the bank’scapital management process.   So far, we have covered several of the key parts of how risk-based pricing can work. In doing so, we have discussed how the various elements involved in pricing relate to the bank’s books and policies. The loan balance, rate and fee data relates to the banks actual general ledger amounts. The administrative costs are also derived from actual non-interest expenses. The cost of funds is aligned with the policies used in ALSO and in IRR management processes. The cost of credit risk is related to the bank’s credit and provisioning policies. The taxes are the bank’s actual average experience. And, for banks using ROE/RAROC, the equity allocation is related to the bank’s overall risk posture and its capital sufficiency policies.   I stated earlier that “Risk-based pricing analysis is a product-level microcosm of risk-based bank performance”. It is that and more. In addition to pricing’s linkage to financial figures and results, risk-based pricing should also be a reflection of the bank’s most critical risk management policies and governance processes.

By: Tom Hannagan Part 1 In my last post about risk-based pricing, we started a discussion of the major elements involved in the risk adjustment of loan pricing. We got down to a risk-adjusted pre-tax profit amount. Not to divert the present discussion too much, but we often use pre-tax performance numbers for entity level comparisons to avoid the vagaries of tax treatments. Some banks are sub-S corporations, while most are C corporations. There are differences in state tax levels and, there may be other tax deferral strategies such as, leasing activity and/or securities adjustments that can affect these after-tax numbers. So, pre-tax data can be very useful.   After-tax profit and profitability ratios For internal comparisons across loans, client, lenders and other lines of business; and to better understand how the risk-adjusted profit from a loan or a relationship relate to overall bank performance, we prefer to get to an after-tax profit and profitability ratio. This is also necessary to compare loans or portfolios involving tax-exempt entities to loans with taxable interest income. To do this, we apply the bank’s average effective income tax rate (including federal and state) to the pre-tax result, with the exception of tax exempt loans. This gives us risk-adjusted net income (or profit) at the loan level.   By arriving at risk-based profit estimates at the product level, we then have the opportunity to accumulate these for multi-product client relationships, or at lender or market segment levels. Clients can then go on to analyze the profit results in comparison to their distribution of risk ratings and break the risk-adjusted returns down by loan/collateral type, client geography or industry. Some banks have graphical displays of these results.   In addition to profit level, and to assist with comparative capability, we continue to one or more profitability ratios. You can divide the profit amount by the average loan balance to get a risk-adjusted return on assets (ROA).   ROA =        Profit amount Average loan balance   This is very helpful for looking at asset product performance and has been used historically by the banking industry for risk-based pricing. Many banks have moved beyond ROA and now focus on return on equity (ROE). For a more comprehensive discussion of ROA and ROE see my post from December 6, 2008.   I will continue in my next post about Return on Equity.

Part 2 To continue the discussion from my last post, we also must realize that the small business borrower typically doesn’t wait until we are ready to perform our regularly scheduled risk management review to begin to show problems.  While a delinquent payment is a definite sign of a problem with the borrower, the occurrence of a delinquent payment is often simply too late for any type of corrective action and will result in a high rate of loss or transfer to special assets. There are additional pitfalls around the individual risk rating of the small business borrower or the small business loans; but, I won’t discuss those here.  Suffice to say, we can agree that the following holds true for portfolio risk management of small business loans: Active portfolio management is a must; Traditional commercial portfolio management techniques are not applicable due to the cost and effectiveness for the typical small business portfolio; and Collection efforts conducted at the time of a delinquency is too late in the process. One last thing, the regulators are starting to place higher demands on financial institutions for the identification and management of risk in the small business portfolio.  It is becoming urgent and necessary to take a different approach to monitor that portfolio. Just as we have learned from the consumer approach for originating the loans, we can also learn from the basic techniques used for consumer loan portfolio risk management. We have to rely upon information that is readily available and does not require the involvement of the borrower to provide such information.  Basically, this means that we need to gather information (such as updated business scores and behavioral data) from our loan accounting platforms to provide us with an indication of potential problems.  We need to do that in an automated fashion.  From such information we can begin to monitor: Changes in the business score of the small business borrower; Frequency and severity of delinquencies; Balances maintained on a line of credit; and Changes in deposit balances or activity including overdraft activity. This list is not exhaustive, but it represents a solid body of information that is both readily available and useful in determining the risk present in our small business portfolio.  With technology enabling a more automated assessment of these factors, we have laid the groundwork to develop an efficient and effective approach to small business portfolio management.  Such an approach provides real- time regular assessment of the portfolio, its overall composition and the necessary components needed to identify the potential problem credits within the portfolio. It is past time to take a new approach toward the proactive portfolio management of our small business loan portfolio retaining the spirit of commercial credit while adapting the techniques of consumer portfolio management to the small business portfolio.

Part 1 In reality, we are always facing potential issues in our small business portfolio, it is just the nature of that particular beast. Real problems occur, though, when we begin to take the attitude that nothing can go wrong, that we have finally found the magic formula that has created the invincible portfolio.  We’re in trouble when we actually believe that we have the perfect origination machine to generate a portfolio that has a constant and acceptable delinquency and charge-off performance. So, we all can agree that we need to keep a watchful eye on the small business portfolio.  But how do we do this?  How do we monitor a portfolio that has a high number of accounts but a relatively low dollar amount in actual outstandings? The traditional commercial portfolio provides sufficient operating income and poses enough individual client credit risk that we can take the same approach on each individual credit and still maintain an acceptable level of profitability.  But, the small business portfolio doesn’t generate sufficient profitability nor has individual loan risk to utilize the traditional commercial loan portfolio risk management techniques. Facing these economic constraints, the typical approach is to simply monitor by delinquency and address the problems as they arise.  One traditional method that is typically retained is the annual maturity of the lines of credit.  Because of loan matures, financial institutions are performing annual renewals and re-underwriting these lines of credit -- and complete that process through a full re-documentation of the line. We make nominal improvements in the process by changing the maturity dates of the lines from one year to two or three year maturities or, in the case of real estate secured lines, a five year maturity.  While such an approach reduces the number of renewals that must be performed in a particular year, it does not change the basic methodology of portfolio risk management, regularly scheduled reviews of the lines.  In addition, such methodology simply puts us back to the use of collections to actually manage the portfolio and only serves to extend the time between reviews. Visit my next post for the additional pitfalls around individual risk rating and ways to better monitor your small business portfolio.

I have heard this question posed and you may be asking yourselves: Why are referral volumes (the potential that the account origination or maintenance process will get bogged down due to a significant number of red flags detected) such a significant operations concern? These concerns are not without merit.  Because of the new Red Flag Rules, financial institutions are likely to be more cautious.  As a result, many transactions may be subject to greater customer identification scrutiny than is necessary. Organizations may be able to control referral volumes through the use of automated tools that evaluate the level of identity theft risk in a given transaction.  For example, customers with a low-risk authentication score can be moved quickly through the account origination process absent any additional red flags detected in the ordinary course of the application or transaction.  In fact, using such tools may allow organizations to quicken the origination process for customers. They can then identify and focus resources on transactions that pose the greatest potential for identity theft. A risk-based approach to Red Flags compliance affords an institution the ability to reconcile the majority of detected Red Flag conditions efficiently, consistently and with minimal consumer impact.  Detection of Red Flag conditions is only half the battle.  Responding to those conditions is a substantial problem to solve for most institutions.  A response policy that incorporates scoring, alternate data sources and flexible decisioning can reduce the majority of referrals to real-time approvals without staff intervention or customer hardship.   

What is your greatest concern as the May 1, 2009 enforcement date approaches for all guidelines in the Identity Theft Red Flags Rule?

By: Tom Hannagan I have referred to risk-adjusted commercial loan pricing (or the lack of it) in previous posts. At times, I’ve commented on aspects of risk-based pricing and risk-based bank performance measurement, but I haven’t discussed what risk-based pricing is -- in a comprehensive manner. Perhaps I can begin to do that now and in my next posts. Risk-based pricing analysis is a product-level microcosm of risk-based bank performance. It begins by looking at the financial implications of a product sale from a cost accounting perspective. This means calculating the revenues associated with a loan, including the interest income and any fee-based income.  These revenues need to be spread over the life of the loan, while taking into account the amortization characteristics of the balance (or average usage for a line of credit). To save effort (and to provide good client relationship management), we often download the balance and rate information for existing loans from a bank’s loan accounting system. To “risk-adjust” the interest income, you need to apply a cost of funds that has the same implied market risk characteristics as the loan balance. This is not like the bank’s actual cost of funds for several reasons. Most importantly, there is usually no automatic risk-based matching between the manner in which the bank makes loans and the term characteristics of its deposits and/or borrowing. Once we establish a cost of funds approach that removes interest rate risk from the loan, we subtract the risk-adjusted interest expense from the revenues to arrive at risk-adjusted net interest income, or our risk-adjusted gross margin. We then subtract two types of costs. One cost includes the administrative or overhead expenses associated with the product. Our best practice is to derive an approach to operating expense breakdowns that takes into account all of the bank’s non-interest expenses. This is a “full absorption” method of cost accounting. We want to know the marginal cost of doing business, but if we just apply the marginal cost to all loans, a large portion of real-life expenses won’t be covered by resulting pricing. As a result, the bank’s profits may suffer. We fully understand the argument for marginal cost coverage, but have seen the unfortunate end. Using this lower cost factor can hurt a bank’s bottom line. Administrative cost does not normally require additional risk adjustment, as any risk-based operational expenses and costs of mitigating operation risk are already included in the bank’s general ledger for non-interest expenses. The second expense subtracted from net interest income is credit risk cost. This is not the same as the bank’s provision expense, and is certainly not the same as the loss provision in any one accounting period.  The credit risk cost for pricing purposes should be risk adjusted based on both product type (usually loan collateral category) and the bank’s risk rating for the loan in question. This metric will calculate the relative probability of default for the borrower combined with the loss given default for the loan type in question. We usually annualize the expected loss numbers by taking into account a multi-year history and a one- or two-year projection of net loan losses. These losses are broken down by loan type and risk rating based on the bank’s actual distribution of loan balances. The risk costs by risk rating are then created using an up-sloping curve that is similar in shape to an industry default experience curve. This assures a realistic differentiation of losses by risk rating. Many banks have loss curves that are too flat in nature, resulting in little or no price differentiation based on credit quality. This leads to poor risk-based performance metrics and, ultimately, to poor overall financial performance. The loss expense curves are fine-tuned so that over a period of years the total credit risk costs, when applied to the entire portfolio, should cover the average annual expected loss experience of the bank. By subtracting the operating expenses and credit risk loss from risk-adjusted net interest income, we arrive at risk-adjusted pre-tax income. In my next post I’ll expand this discussion further to risk-adjusted net income, capital allocation for unexpected loss and profit ratio considerations.

 I’ve talked (sorry, blogged) previously about taking a risk-based approach to reconciling initial Red Flag Rule conditions in your applications, transactions, or accounts.  In short, that risk-based approach incorporates a more holistic view of a consumer in determining overall risk associated with that identity.  This risk can be assessed via an authentication score, alternate data sources and/or verification results.  I also want to point out the potential value of knowledge-based authentication (a.k.a. out-of-wallet questions) in providing an extra level of confidence in progressing a consumer transaction or application in light of an initially detected Red Flag condition. In Experian’s Fraud and Identity Solutions business, we have some clients who are effectively embedding the use of knowledge-based authentication into their overall Red Flags Identity Theft Prevention Program.  In doing so, they are able to identify the majority of higher risk conditions and transactions and positively authenticate those initiating consumers via a series of interactive questions designed to be more easily answered by a legitimate individual -- and more difficult for a fraudster.  Using knowledge-based authentication can provide the following values to your overall process: 1. Consistency: Utilizing a hosted and standard process can reduce potential subjectivity in decisioning.  Subjectivity is not a friend to examiners or to your bottom line. 2. Measurability: Question performance and reporting allows for ongoing monitoring and optimization of decisioning strategies.  Plus, examiners will appreciate the metrics. 3. Customer Experience: This is a buzzword these days for sure.  Better to place a customer through a handful of interactive questions, than to ask them to fax in documentation --or to take part in a face-to-face authentication. 4. Cost: See the three values above…Plus, a typical knowledge-based authentication session may well be more cost effective from an FTE/manual review perspective. Now, keep in mind that the use of knowledge-based authentication is certainly a process that should be approved by your internal compliance and legal teams for use in your Red Flags Identity Theft Prevention Program.  That said, with sound decisioning strategies based on authentication question performance in combination with overall authentication results and scores, you can be well-positioned to positively progress the vast majority of consumers into profitable accounts and transactions without incurring undue costs.