Depending on the methodology elections an institution makes under the current expected credit loss (CECL) model, risk ratings can be an absolutely critical input for loss rate calculations. This is especially true for migration analysis.
But even more broadly, risk ratings play an essential role in understanding, measuring and limiting credit risk to the institution. Consequently, the risk rating policy that defines measurement criteria, timing and use-cases is an important document under both incurred and expected loss models. An institution must develop appropriate policies and procedures based on its size and the complexity of its portfolio. These governing documents should require credit analysts to maintain timely and accurate risk ratings with appropriate oversight.
Ahead of CECL, then, an institution can rethink its risk rating policy to ensure alignment. Three key areas to cover when developing risk rating policies include determining grades based on portfolio complexity, vesting risk rating responsibility appropriately and requiring additional approval levels and reviews.
Determine Number of Risk Ratings Based on Portfolio Complexity
Regulators expect a bank or credit union’s risk rating system to distinguish between criticized and classified assets. Additionally, even the smallest and least complex institution is expected to have some gradation within its non-criticized or Pass categories. Larger, more complex institutions would have more stratification with grades. The majority of a healthy institution’s loans should be rated Pass. However, if Pass assets have no further distinction, the institution will find it difficult to use risk rating to manage the portfolio. The rating system, according to the OCC, “should reflect the complexity of its lending activities and the overall level of risk involved.”
With risk levels defined, policies can be according adapted to risk levels. As a simple example, the institution can tie the frequency of review to risk ratings. A bank with 5 grades of Pass along with Special Mention, Substandard, Doubtful and Loss might set account review frequency for a commercial and industrial loan portfolio as follows:
Assign Risk Rating Responsibility Carefully
Final authority for risk rating should be structured to ensure the rating is safeguarded from both undue influence and the perception of undue influence. For this reason, the credit department is typically empowered to assign the final rating. The credit analyst may consult with other constituents, such as the lender, to incorporate all relevant information.
Some institutions may also use a committee structure to discuss risk ratings. However, the final responsibility should be separate from anyone compensated by loan volume. Additionally, the person responsible for assigning the final rating should not be the same person who approves the loan if loan approval authorities are governed by rating.
Require Additional Approval Levels and Reviews
An institution may require additional approvals in certain circumstances. Common reasons for additional approvals are large size, a change in risk rating from prior period or a final risk rating that differs from the scorecard output. Policies may further distinguish between situations that require approval before a rating is finalized and those that merit periodic monitoring. The emphasis should be on ensuring risk ratings are assigned accurately and timely.
There are a number of variants that an institution could employ. For example, an institution may allow a credit analyst to approve a final rating that differs from the scorecard by one grade and require a manager to approve any other differences. The institution would then review all differences periodically. Similarly, an institution’s policy may require a manager to approve a change of two or more grades from the prior period because this level of change should occur rarely. It would review overall migration periodically as part of portfolio monitoring.
In September 2017, Sageworks polled bank and credit union executives on their risk rating policy and found that 44 percent of responding institutions require approval beyond a credit analysis in certain situations, and 20 percent always require added approvals.
Losses may be uncommon or low for many institutions given the current market, but that allows the institution time to rethink and potentially retool risk rating policies in advance of the expected loss model transition. Download the free eBook Commercial Risk Ratings Considerations to learn best practices for building your risk rating system.