• We believe the scope of application is comprehensive and adequate. We agree with the exclusion of debt securities from the scope of application as they follow different origination and monitoring procedures from those applied to loans.
• We do believe that the guidelines should also apply to loans originated granted to financial institutions and governments as they should follow the same rationale and criteria as those applied to consumers and professionals.
• We agree with the principles of proportionality in the implementation of the guidelines
• At A&M, we have developed a self assessment tool to evaluate the level of maturity of institutions against the EBA guidelines on loan origination and monitoring. Based on our overall assessment of the level of maturity of the industry across the spectrum of 335 capabilities required in the EBA guidelines and some aggregation criteria, we have arrived at an overall industry compliance score of 4.2 out of 5. Our view is that the industry meets most of the EBA requirements with exceptions in certain areas.
Figure 1 – A&M Loan Origination and Monitoring Implementation Scorecard
• Governance and Loan Origination are the most robust areas (displaying compliance scores of 4,4 and 4,7 respectively) with obstacles identified to arrive at full compliance in the following areas:
o Cascading down of risk appetite to credit portfolios and new origination KRIs
o Lending standards for Technology Enabled Innovation Lending given the emerging aspects and lack of testing of new origination techniques through a credit downturn
o Lending standards for Environmental & Green Lending due to emerging nature of green lending activities and explicit climate risk analysis and measurement (e.g. transition risk and physical risk)
o Full integration of AML into credit monitoring activities. In particular, we observe gaps in credit monitoring activities performed by second line and credit audits performed by 3rd line which typically focus on credit risk and do not integrate ALM / CFT standards.
o Data infrastructure gaps exist particularly in the area of tracking and monitoring KRIs and risk metrics for new origination (many institutions did experience data gaps when gathering KRIs at origination as requested by the recent ECB Credit Underwriting Exercise)
• Pricing (displays compliance score of 3,2). Most institutions have developed comprehensive risk-based pricing methods that include all components included in the guidelines. However, we see obstacles to implementation in the following areas:
o The level of sophistication and granularity of pricing methods differs across banks. Areas that might generate gaps include cost of capital (regulatory vs. economic), cost allocation of operating expenses, inclusion of MREL/TLAC requirements in cost of funding and IFRS9 considerations in cost of credit
o There are gaps in the area of profitability measurement for new business. In addition, implementation gaps in certain institutions exist when monitoring hurdle rates based on risk-adjusted profitability targets of new origination.
• Collateral Valuation (displays compliance score of 4,3). We expect implementation obstacles in the area of collateral monitoring and revaluation, particularly around the frequency and quality of collateral revaluation processes including sensitivity assessment.
• Monitoring (displays compliance score of 4,1). Most institutions have established and mature credit monitoring processes in place. Areas that display implementation obstacles include stress testing of portfolios (which is currently geared towards compliance with regulatory exercises rather than portfolio management applications) and scope / depth of scenario analysis that test borrower creditworthiness. Furthermore, there are gaps in the implementation of formal triggers, escalation procedures and assigned responsibilities for Early Warning Indicators (EWIs)
Technology Enabled Innovation
• Given increased technology enabled credit granting solutions by banks and challengers and lack of testing of such techniques through credit downturn, we expect most institutions to have emerging practices in this area that require of further development and testing
• One particular concern in this area is the interaction of credit risk with fraud and cyber risks. The technology enabled innovation underwriting methods, models and criteria should take into account scenarios where fraudulent activity or cyber incidents take place that could alter the normal underwriting of transactions within digital channels.
• Another future proof observation to consider relates to the lack of comparable historical data sets by industry to assess whether clients that originate credit through digital channels are less risky or riskier than those loans originated through traditional channels. Banks will have to define whether technology enabled lending is subject to different capital and provisions levels than traditional lending based on loss experience observed through the credit cycle.
• Loan vintage analysis comparing performance of traditional vs. new channels would be the best way to anticipate different behaviors and identify root causes. Non-financial risk assessments should be also included in the credit granting process design in order to avoid risks such as fraud, data, AML and conduct for both traditional and technology enabled channels.
• To avoid entering into high risk segments through technology enabled innovation tools, internal models should be promoted for capital and provisioning purposes so risk levels are properly captured and measured (standard models applied to this type of lending might not capture risks adequately).
• Level playing field requirements for new channels would help banks to better invest money improving the underwriting process.
Environmental Factors and Green Lending
• Due to emerging nature of green lending activities we expect to see gaps in industry.
• Same point related to capital and provision requirements of technology enabled vs. traditional lending (mentioned above) applies to environmentally friendly vs. unfriendly lending to be tested with loss experience observed through the credit cycle.
• Climate change impact assessment covering transitional and physical risks can imply higher costs of compliance. As a result, regulatory incentives that promote lower capital requirements for these loans would be beneficial to promote green lending markets.
• To promote competitive level playing field and consistent industry practices, common taxonomies and rules for risk assessment should be developed.
• Most institutions have well developed, documented and established credit risk policies through the end-to-end cycle (loan origination, pricing, collateral management, monitoring, default management and recovery).
• We believe if supplemented with EBA NPL guidance expectations, the guideline requirements for policies and procedures are comprehensive and adequate to cover the entire credit cycle.
• The data infrastructure requirements of the guidelines should cover data storage, availability and quality expectations aligned with the BCBS239 principles to ensure better monitoring of the granting process.
• Credit governance standards are well established at most institutions
• The EBA guideline requirements for governance for credit granting and monitoring are comprehensive and adequate.
• As an area of industry gap to be noted relates to the fact that not all institutions develop comprehensive and regular staffing plans for their credit areas that cover resource level and skill set based on strategy and risk profile trends (as expected in the resources and skills subsection of Section 4).
• Entities should focus in credit granting monitoring and backtesting for complex individuals algorithms or multilevel decision making processes in SMEs and Corporates. Not all institutions can track and measure the effectiveness of their credit decision making processes vs. predefined policies.
• Most institutions have adopted a three lines of defense model consistently with the EBA guidelines. We believe the guidelines should be more explicit about the roles and responsibilities related to credit risk management for the three lines of defense. In addition, there are some banks that have recently separated their Chief Credit Officer (outside the line of business) from their Chief Risk Officer, effectively building a 4 line of defense model instead of a model based on three lines of defense. See figure 2 for an illustrative model with roles and responsibilities along the three lines of defense for credit risk management. Roles and responsibilities should be defined along the risk management cycle including business planning, execution and performance monitoring / evaluation phases. In our proposed model, we defend that although there might be business aligned credit functions within the second line of defense, these should report through the CRO function.
Figure 2 – A&M Proposal for Credit Risk Management Roles along the three lines of defense
• Credit rating and scoring models cover all the information requirements identified in section 5.1 for lending to consumers and lending to professionals.
• Credit scoring and rating models have a long track record and IRB/IFRS9 requirements have forced models to pass multiple Internal and external validations thus promoting sound performance and granularity. The approval and use of IRB models should be promoted to ensure adequate performance of credit scoring and rating models (e.g., there are still some markets where the use of the standardised capital approach is high thus not promoting adequate risk capture).
• Draft guidelines related to collection of information and documentation from clients should apply principles of proportionality to balance adequate risk assessment and customer experience (e.g., strict and frequent data requirements might be cumbersome to clients)
• Level playing field in this area is key as non-banking competitors do not have the same requirements in terms of data collection and credit assessment.
• Monitoring of creditworthiness should be also integrated within conduct risk assessment identifying and limiting not properly granted loans.
• Data gathering and storage procedures must ensure data availability for performance and models monitoring. RDA principles must apply to credit assessment information.
Lending to Consumers
• Credit rating and scoring models cover all the information requirements identified in section 5.2 for assessment of borrower’s creditworthiness of consumer loans.
• Sensitivity analyses at origination reflecting potential negative scenarios in the future that impact creditworthiness are very limited and there is a lot of room of improvement in this area
Lending to Professionals
• Credit rating and scoring models cover all the information requirements identified in section 5.2 for assessment of borrower’s creditworthiness of professional loans.
• Sensitivity analyses at origination reflecting potential negative scenarios in the future that impact creditworthiness are very limited and there is a lot of room of improvement in this area. Sensitivity analysis for idiosyncratic events are not usually included in credit assessment.
• KRIs and ratings must be aligned and frequently monitored (e.g., recent credit underwriting exercise evidenced some inconsistencies between KRIs and credit risk parameters driving ratings)
• The proper rating calculation must be monitored when expert judgement is applied. Rating challenge and 2nd review for random samples is a useful tool.
• Scope of assets classes and products covered in Section 5 is comprehensive and adequate. Detailed annexes included in guidelines provide sufficient detail in metrics and information to be considered for assessing creditworthiness.
• The level of sophistication and granularity of pricing methods differs across banks. Areas that might generate gaps include cost of capital (regulatory vs. economic), cost allocation of operating expenses, inclusion of MREL/TLAC requirements in cost of funding and IFRS9 considerations in cost of credit.
• A particular area of concern not covered in the guidelines is how institutions should use regulatory capital for pricing decisions. There are institutions that only consider economic capital in their pricing models, therefore originating transactions that do not meet cost of capital requirements particularly in cases where economic capital is substantially lower than regulatory capital.
• Loan prices are not always fully aligned with the risk profile of the loans originated due to market competition reasons that can drive mispricing risks. Adequate monitoring of new origination that does not fully cover all allocated costs can help banks understand and manage value creation. Due to heavy competition and margin pressure, there are today loan segments in Europe that do not meet the cost of capital. Supervisors should monitor these cases and control for mispricing loan segments.
• There are gaps in the area of profitability measurement for new business. In addition, implementation gaps in certain institutions exist when monitoring hurdle rates based on risk-adjusted profitability targets of new origination.
• We believe more detailed guidelines for pricing should have been given in the following areas
o Methodology
Costs analysis and quantification (funding, expected loss, cost of capital, operating cost…) and proper allocation by business / channels / products / customers / contracts.
Use of return on regulatory capital (including Basel IV considerations) vs. return on economic capital
Use of full costing vs. marginal costing assumptions
Use of lifetime projections vs. accounting based measures
Use of point in time vs. through the cycle expected loss measures
Definition of different type of hurdle rates (minimum vs. recommended level) and setting criteria
Definition of hurdle rates by business, portfolio, client and product
o Governance
Split of roles between business line, risk management and finance
Functioning and existence of pricing committees
Linkage between pricing hurdle rates and risk appetite / budget targets
• Banks must define and implement better processes and procedures for collateral valuation. This must include review pricing procedures and incentives for valuers.
• Mandatory rotation is not always necessarily the best solution for ensuring adequate valuation standards. Better and more detailed valuation rules and regulation of valuation companies can be an incentive for more effective valuation practices.
• For some random samples a second valuation (valuation challenge) can identify inadequate valuation practices. For those cases, penalties to valuation companies, mandatory rotation and/or adjustments to historical valuations should be applied.
• Banks should implement collateral valuation practices to promote sound internal risk
• Entities have proper behaviour models but sometimes are not really used for monitoring processes. In some cases, credit monitoring only starts just after some days loans become past due.
• Entities have implemented Watchlist processes but room for improvement in anticipatory modelling and sensitivity analysis (e.g., reliance on certain borrower triggers instead of conducting comprehensive and granular peer analysis)
• Results of watchlist are effective to identify and classify clients but should become better monitoring, anticipation and customer recovery management tools.
• Sensitivity analysis and stress testing is not commonly used in portfolios monitoring. In the case of relevant exposures is even less common to use macro or idiosyncratic impact analysis in the credit monitoring.
