Interagency Guidance on Credit Risk Review Systems, 55679-55684 [2019-22656]

Agencies

• FEDERAL DEPOSIT INSURANCE CORPORATION
• FEDERAL RESERVE SYSTEM
• National Credit Union Administration
• Department of Treasury
• Office of the Comptroller of the Currency

[Federal Register Volume 84, Number 201 (Thursday, October 17, 2019)]
[Notices]
[Pages 55679-55684]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-22656]


-----------------------------------------------------------------------

DEPARTMENT OF TREASURY

Office of the Comptroller of the Currency

[Docket ID OCC-2019-0018]

FEDERAL RESERVE SYSTEM

[Docket ID OP-1679]

FEDERAL DEPOSIT INSURANCE CORPORATION

RIN 3064-ZA09

NATIONAL CREDIT UNION ADMINISTRATION

RIN 3133-AF05


Interagency Guidance on Credit Risk Review Systems

AGENCY: Office of the Comptroller of the Currency (OCC), Treasury; 
Board of Governors of the Federal Reserve System (Board); Federal 
Deposit Insurance Corporation (FDIC); and National Credit Union 
Administration (NCUA).

ACTION: Proposed guidance.

-----------------------------------------------------------------------

SUMMARY: The OCC, the Board, the FDIC, and the NCUA (collectively, the 
agencies) are inviting comment on proposed guidance for credit risk 
review systems. This proposed guidance is relevant to all institutions 
supervised by the agencies. The proposed guidance discusses sound 
management of credit risk, a system of independent, ongoing credit 
review, and appropriate communication regarding the performance of the 
institution's loan portfolio to its management and board of directors.

DATES: Comments must be received by December 16, 2019.

ADDRESSES: Interested parties are encouraged to submit written comments 
to any or all of the agencies listed below. The agencies will share 
comments with each other.
    Comments should be directed to:
    OCC: You may submit comments to the OCC by any of the methods set 
forth below. Commenters are encouraged to submit comments through the 
Federal eRulemaking Portal or email, if possible. Please use the title 
``Interagency Guidance on Credit Risk Review Systems'' to facilitate 
the organization and distribution of the comments. You may submit 
comments by any of the following methods:
     Federal eRulemaking Portal--``Regulations.gov'': Go to 
www.regulations.gov. Enter ``Docket ID OCC-2019-0018'' in the Search 
Box and click ``Search.'' Click on ``Comment

[[Page 55680]]

Now'' to submit public comments. Click on the ``Help'' tab on the 
Regulations.gov home page to get information on using Regulations.gov, 
including instructions for submitting public comments.
     Email: [email protected].
     Mail: Chief Counsel's Office, Attn: Comment Processing, 
Office of the Comptroller of the Currency, 400 7th Street SW, Suite 3E-
218, Washington, DC 20219.
     Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218, 
Washington, DC 20219.
    Instructions: You must include ``OCC'' as the agency name and 
``Docket ID OCC-2019-0018'' in your comment. In general, the OCC will 
enter all comments received into the docket and publish the comments on 
the Regulations.gov website without change, including any business or 
personal information provided such as name and address information, 
email addresses, or phone numbers. Comments received, including 
attachments and other supporting materials, are part of the public 
record and subject to public disclosure. Do not include any information 
in your comment or supporting materials that you consider confidential 
or inappropriate for public disclosure.
    You may review comments and other related materials that pertain to 
this rulemaking action by any of the following methods:
     Viewing Comments Electronically: Go to 
www.regulations.gov. Enter ``Docket ID OCC-2019-0018'' in the Search 
box and click ``Search.'' Click on ``Open Docket Folder'' on the right 
side of the screen. Comments and supporting materials can be viewed and 
filtered by clicking on ``View all documents and comments in this 
docket'' and then using the filtering tools on the left side of the 
screen. Click on the ``Help'' tab on the Regulations.gov home page to 
get information on using Regulations.gov. The docket may be viewed 
after the close of the comment period in the same manner as during the 
comment period.
     Viewing Comments Personally: You may personally inspect 
comments at the OCC, 400 7th Street SW, Washington, DC 20219. For 
security reasons, the OCC requires that visitors make an appointment to 
inspect comments. You may do so by calling (202) 649-6700 or, for 
persons who are deaf or hearing impaired, TTY, (202) 649-5597. Upon 
arrival, visitors will be required to present valid government-issued 
photo identification and submit to security screening in order to 
inspect comments.
    Board: When submitting comments, please consider submitting your 
comments by email or fax because paper mail in the Washington, DC area 
and at the Board may be subject to delay.
    You may submit comments, identified by OP-1679, by any of the 
following methods:
     Agency website: https://www.federalreserve.gov. Follow the 
instructions for submitting comments at https://www.federalreserve.gov/generalinfo/foia/RevisedRegs.cfm.
     Email: [email protected]. Include docket 
and RIN numbers in the subject line of the message.
     Fax: (202) 452-3819 or (202) 452-3102.
     Mail: Ann E. Misback, Secretary, Board of Governors of the 
Federal Reserve System, 20th Street and Constitution Avenue NW, 
Washington, DC 20551.
    All public comments will be made available on the Board's website 
at: https://www.federalreserve.gov/generalinfo/foia/RevisedRegs.cfm as 
submitted, unless modified for technical reasons or to remove 
personally identifiable information at the commenter's request. 
Accordingly, comments will not be edited to remove any identifying or 
contact information. Public comments may also be viewed electronically 
or in paper in Room 3515, 1801 K Street NW (between 18th and 19th 
Streets NW), between 9:00 a.m. and 5:00 p.m. on weekdays.
    FDIC: You may submit comments, identified by FDIC RIN 3064-ZA09, by 
any of the following methods:
     Agency website: https://www.fdic.gov/regulations/laws/federal/. Follow instructions for submitting comments on the Agency 
website.
     Mail: Robert E. Feldman, Executive Secretary, Attention: 
Comments/Legal ESS, Federal Deposit Insurance Corporation, 550 17th 
Street NW, Washington, DC 20429.
     Hand Delivery/Courier: Comments may be hand-delivered to 
the guard station at the rear of the 550 17th Street NW building 
(located on F Street) on business days between 7:00 a.m. and 5:00 p.m.
     Email: [email protected]. Comments submitted must include 
``FDIC'' and ``RIN 3064-ZA09'' on the subject line of the message.
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Public Inspection: All comments received must include 
``FDIC'' and ``RIN 3064-ZA09'' for this rulemaking. All comments 
received will be posted without change to https://www.fdic.gov/regulations/laws/federal/, including any personal information provided.
    NCUA: You may submit comments by any one of the following methods 
(please send comments by one method only):
     Federal rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Email: Address to [email protected]. Include ``[Your 
name]--Comments on ``Interagency Guidance on Credit Risk Review 
Systems'' in the email subject line.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Gerard Poliquin, Secretary of the Board, 
National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.
    Public Inspection: You can view all public comments on NCUA's 
website at https://www.ncua.gov/regulation-supervision/rules-regulations/proposed-pending-and-recently-final-regulations as 
submitted, except for those we cannot post for technical reasons. NCUA 
will not edit or remove any identifying or contact information from the 
public comments submitted. You may inspect paper copies of comments in 
NCUA's law library at 1775 Duke Street, Alexandria, Virginia 22314, by 
appointment weekdays between 9:00 a.m. and 3:00 p.m. To make an 
appointment, call (703) 518-6546 or send an email to [email protected].

FOR FURTHER INFORMATION CONTACT: 
    OCC: Beth Nalyvayko, Bank Examiner, or Lou Ann Francis, Director, 
Commercial Credit Risk, (202) 649-6670; or Kevin Korzeniewski, Counsel, 
Chief Counsel's Office, (202) 649-5490. For persons who are hearing 
impaired, TTY, (202) 649-5597.
    Board: Constance Horsley, Deputy Associate Director, (202) 452-
5239; Virginia Gibbs, Manager, (202) 452-2521; or Carmen Holly, Lead 
Financial Institution Policy Analyst (202) 973-6122, the Division of 
Supervision and Regulation; or Alyssa O'Connor, Attorney, Legal 
Division, (202) 452-3886, Board of Governors of the Federal Reserve 
System, 20th and C Streets NW, Washington, DC 20551.
    FDIC: Thomas F. Lyons, Chief, Policy & Program Development, 
fdic.gov">[email protected]fdic.gov (202) 898-6850; George J. Small, Senior Examination 
Specialist, Risk Management Policy, fdic.gov">[email protected]fdic.gov (917) 320-2750, 
Risk Management Supervision; Ann M. Adams, Senior Examination 
Specialist, Risk Management Policy,

[[Page 55681]]

[email protected]fdic.gov (347) 751-2469, Risk Management Supervision; or 
Andrew B. Williams II, Counsel, fdic.gov">[email protected]fdic.gov; (202) 898-3581, 
Supervision and Legislation Branch, Legal Division, Federal Deposit 
Insurance Corporation; 550 17th Street NW, Washington, DC 20429.
    NCUA: Vincent H. Vieten, Senior Credit Specialist (703) 518-6618; 
Uduak Essien, Director (703) 518-6399, Division of Credit Markets; or 
Ian Marenna, Associate General Counsel (703) 518-6554, Office of 
General Counsel.

SUPPLEMENTARY INFORMATION: 

I. Background

    The agencies' current credit risk review guidance is contained in 
Attachment 1--Loan Review Systems--of the Interagency Policy Statement 
on the Allowance for Loan and Lease Losses (ALLL) (2006 attachment 
1).\1\ The agencies are proposing to update that guidance to reflect 
the current expected credit losses methodology (CECL).\2\ Further, the 
agencies recognize that credit risk review systems have a broader 
application in risk management programs than just providing information 
on the collectibility of an institution's loan portfolio for 
determining an appropriate level for the ACLs or Allowance for Loan and 
Lease Losses (ALLL), as applicable. Therefore, the agencies are 
proposing to issue guidance on credit risk review systems as a 
standalone guidance document and accordingly rescind the 2006 
attachment 1. The proposed guidance on credit risk review will continue 
to be applicable to all supervised institutions.
---------------------------------------------------------------------------

    \1\ See OCC Bulletin 2006-47 (December 13, 2006); FDIC Financial 
Institution Letter FIL-105-2006 (December 13, 2006); Federal Reserve 
Supervision and Regulation (SR) letter 06-17 (December 13, 2006); 
NCUA Accounting Bulletin No. 06-01 (December 2006).
    \2\ The Financial Accounting Standards Board's (FASB's) 
Accounting Standards Update 2016-13, Financial Instruments--Credit 
Losses (Topic 326): Measurement of Credit Losses on Financial 
Instruments and subsequent amendments issued since June 2016 are 
codified in Accounting Standards Codification (ASC) Topic 326, 
Financial Instruments--Credit Losses (FASB ASC Topic 326). FASB ASC 
Topic 326 revises the accounting for the allowances for credit 
losses (ACLs) and introduces CECL. The proposed guidance on CECL is 
contained in a separate notice published in today's Federal 
Register.
---------------------------------------------------------------------------

II. Overview of the Proposed Interagency Guidance on Credit Risk Review 
Systems

    The proposed guidance aligns with the Interagency Guidelines 
Establishing Standards for Safety and Soundness (Guidelines) \3\ which 
sets out safety and soundness standards for insured depository 
institutions to establish a system for independent, ongoing credit risk 
review, and including regular communication to its management and board 
of directors regarding the institution's loan portfolio performance.\4\ 
This guidance is appropriate for all institutions \5\ and describes a 
broad set of practices that can occur either within a dedicated unit or 
multiple units throughout an institution to form a credit risk review 
system consistent with safe-and-sound lending practices and the 
Guidelines. This guidance outlines principles for use in developing and 
maintaining an effective credit risk review system. The nature of 
credit risk review systems typically varies based on an institution's 
size, complexity, loan types, risk profile, and risk management 
practices. Therefore, the proposed guidance attempts to highlight 
principles that can be scaled to an institution's loan activity.
---------------------------------------------------------------------------

    \3\ 12 CFR part 30, Appendix A (OCC); 12 CFR part 208 Appendix 
D-1 (Board); and 12 CFR part 364 Appendix A (FDIC). See Part 723 of 
the NCUA Rules and Regulations.
    \4\ For foreign banking organization branches, agencies, or 
subsidiaries not operating under single governance in the United 
States, the U.S. risk committee would serve in the role of the board 
of directors for purposes of this guidance.
    \5\ For purposes of this guidance, regulated institutions are 
those supervised by the following agencies: The Board of Governors 
of the Federal Reserve System (Board), the Federal Deposit Insurance 
Corporation (FDIC), the National Credit Union Administration (NCUA), 
and the Office of the Comptroller of the Currency (OCC).
---------------------------------------------------------------------------

    The proposed guidance incorporates and updates the principles 
enumerated in 2006 attachment 1 and reaffirms the key elements of an 
effective credit risk review system, including qualifications and 
independence of credit risk review personnel; the frequency, scope and 
depth of reviews; and the review of findings and follow-up; 
communication, and distribution of results. The proposed guidance 
includes updates to reflect current industry credit review practices 
and examples of credit risk review procedures and methods to help 
ensure a proper degree of independence for small institutions. The 
proposed guidance also outlines characteristics of an effective credit 
risk rating framework, including the factors used to assign ratings to 
promote an effective risk review by qualified, independent parties. As 
described in the proposed guidance, independence from the lending 
function is an important characteristic for personnel who assess credit 
risks, develop the credit review plan, and follow-up on review 
findings.
    The proposed guidance discusses various criteria for consideration 
in determining the scope of a risk-based loan review, including factors 
such as loan size, credit information, borrower relationship, 
concentration levels, performance, and other risk indicators. Further, 
it articulates expectations for communicating review results. The 
proposed guidance also discusses resolving risk rating differences 
between loan officers and credit risk review personnel; conducting 
discussions with appropriate loan officers and department managers; and 
obtaining management responses for corrective action to address credit 
risk review findings.

III. Request for Comment

    The agencies request comments on all aspects of this proposed 
guidance, including, but not limited to, those set forth below.
    Question 1: To what extent does the proposed credit review guidance 
reflect current sound practices for an institution's credit risk review 
activities? What elements should be added or removed, and why?
    Question 2: To what extent is the proposed credit review guidance 
appropriate for institutions of all asset sizes? What elements should 
be added or removed for institutions of differing sizes, and why?
    Question 3: What if any additional factors should the agencies 
consider incorporating into the guidance to help achieve a sufficient 
degree of independence and why? To what extent does the approach 
described for small or rural institutions with fewer resources or 
employees provide for an appropriate degree of independence in the 
credit review function? What if any modifications should the agencies 
consider and why?

IV. The Paperwork Reduction Act

    In accordance with the requirements of the Paperwork Reduction Act 
of 1995 (PRA),\6\ the agencies may not conduct or sponsor, and the 
respondent is not required to respond to, an information collection 
unless it displays a currently valid Office of Management and Budget 
(OMB) control number.
---------------------------------------------------------------------------

    \6\ 44 U.S.C. 3501-3521.
---------------------------------------------------------------------------

    The proposed guidance will not create any new or revise any 
existing collections of information under the PRA. Therefore, no 
information collection request will be submitted to the OMB for review.

V. Proposed Guidance

    The text of the proposed guidance is as follows:

[[Page 55682]]

INTERAGENCY GUIDANCE ON CREDIT RISK REVIEW SYSTEMS

Introduction

    The Interagency Guidelines Establishing Standards for Safety and 
Soundness (Guidelines) \1\ underscore the critical importance of credit 
risk review and set safety and soundness standards for insured 
depository institutions to establish a system for independent, ongoing 
credit risk review, and for appropriate communication to its management 
and board of directors.\2\ This guidance, which aligns with the 
Guidelines, is appropriate for all institutions \3\ and describes a 
broad set of practices that can be used either within a dedicated unit 
or across multiple units throughout an institution to form a credit 
risk review system that is consistent with safe-and-sound lending 
practices. This guidance outlines principles that an institution should 
consider in developing and maintaining an effective credit risk review 
system.
---------------------------------------------------------------------------

    \1\ 12 CFR part 30, Appendix A (OCC); 12 CFR part 208 Appendix 
D-1 (Board); and 12 CFR part 364 Appendix A (FDIC). Part 723 of NCUA 
Rules and Regulations.
    \2\ For foreign banking organization branches, agencies, or 
subsidiaries not operating under single governance in the United 
States, the U.S. risk committee would serve in the role of the board 
of directors for purposes of this guidance.
    \3\ For purposes of this guidance, regulated institutions are 
those supervised by the following agencies: The Board of Governors 
of the Federal Reserve System (Board), the Federal Deposit Insurance 
Corporation (FDIC), the National Credit Union Administration (NCUA), 
and the Office of the Comptroller of the Currency (OCC) hereafter 
referred to as the ``agencies.''
---------------------------------------------------------------------------

Overview of Credit Risk Review Systems

    The nature of credit risk review systems \4\ varies based on an 
institution's size, complexity, loan types, risk profile, and risk 
management practices. For example, in smaller or less complex 
institutions, a credit risk review system may include qualified members 
of the staff, including loan officers, other officers, or directors, 
who are independent of the credits being assessed. In larger or more 
complex institutions, a credit risk review system may include 
components of a dedicated credit risk review function that are 
independent of the institution's lending function. A credit risk review 
system may also include various responsibilities assigned to credit 
underwriting, loan administration, a problem loan workout group, or 
other organizational units of an institution. Among other 
responsibilities, these groups may administer the internal problem loan 
reporting process, maintain the integrity of the credit risk rating 
process, confirm that timely and appropriate changes are made to loan 
risk ratings, and support the quality of information used to estimate 
the Allowance for Credit Losses (ACL) or the Allowance for Loan and 
Lease Losses, (ALLL), as applicable.\5\ Additionally, some or all of 
the credit risk review function may be outsourced to a qualified third 
party.
---------------------------------------------------------------------------

    \4\ The credit risk review function is not intended to be 
performed by an institutions' internal audit function. However, as 
discussed in the agencies' March 2003 Interagency Policy Statement 
on the Internal Audit Function and its Outsourcing (2003 policy 
statement), some institutions coordinate the internal audit function 
with several risk monitoring functions, such as the credit risk 
review function. The 2003 policy statement states that coordination 
of credit risk review with the internal audit function can 
facilitate the reporting of material risk and control issues to the 
audit committee, increase the overall effectiveness of these 
monitoring functions, better utilize available resources, and 
enhance the institution's ability to comprehensively manage risk. 
However, an effective internal audit function maintains the ability 
to independently audit the credit risk review function. (The NCUA 
was not an issuing agency of the 2003 policy statement.)
    \5\ Credit risk review may be referred to as loan review, credit 
review, asset quality review, or another name as chosen by an 
institution. The role of and expectations for credit risk review as 
discussed in this document are distinct from the roles and 
expectations for other groups within an institution that are also 
responsible for monitoring, managing and reporting credit risk. 
Examples may be those involved with lending functions, independent 
risk management, loan work outs, and accounting. Each institution 
indicates in its own policies and procedures the specific roles and 
responsibilities of these different groups, including separation of 
duties. A credit risk review unit, or individuals serving in that 
role, can rely on information provided by other units in developing 
its own independent assessment of credit risk in loan portfolios, 
but should critically evaluate such information to maintain its own 
view, and not rely exclusively on such information.
---------------------------------------------------------------------------

    Regardless of the structure, an effective credit risk review system 
accomplishes the following objectives:
     Promptly identifies loans with actual and potential credit 
weaknesses so that timely action can be taken to strengthen credit 
quality and minimize losses.
     Appropriately validates and, if necessary, adjusts risk 
ratings, especially for those loans with potential or well-defined 
credit weaknesses that may jeopardize repayment.
     Identifies relevant trends that affect the quality of the 
loan portfolio and highlights segments of the loan portfolio that are 
potential problem areas.
     Assesses the adequacy of and adherence to internal credit 
policies and loan administration procedures and monitors compliance 
with applicable laws and regulations.
     Evaluates the activities of lending personnel, including 
their compliance with lending policies and the quality of their loan 
approval, monitoring, and risk assessment.
     Provides management and the board of directors with an 
objective, independent, and timely assessment of the overall quality of 
the loan portfolio.
     Provides management with accurate and timely credit 
quality information for financial and regulatory reporting purposes, 
including the determination of appropriate ACL or ALLL, as applicable.

Credit Risk Rating (or Grading) Framework

    The foundation for any effective credit risk review system is 
accurate and timely risk ratings to assess credit quality and identify 
or confirm problem loans. An effective credit risk rating framework 
includes the monitoring of individual loans and retail portfolios, or 
segments thereof, with similar risk characteristics. An effective 
framework also provides important information on the collectibility of 
the portfolio for use in the determination of an appropriate ACL or 
ALLL, as applicable. Further, an effective framework generally places 
primary reliance on the lending staff to assign accurate and timely 
risk ratings and identify emerging loan problems. However, given the 
importance of the credit risk rating framework, the lending personnel's 
assignment of particular risk ratings is typically subject to review by 
qualified and independent: (i) Peers, managers, or loan committee(s); 
(ii) part-time or full-time employee(s); (iii) internal departments 
staffed with credit review specialists; or (iv) external credit review 
consultants. A risk rating review that is independent of the lending 
function and approval process can provide a more objective assessment 
of credit quality.\6\
---------------------------------------------------------------------------

    \6\ Small or rural institutions that have few resources or 
employees may adopt modified credit risk review procedures and 
methods to achieve a proper degree of independence. For example, in 
the review process, such an institution may use qualified members of 
the staff, including loan officers, other officers, or directors, 
who are not involved with originating or approving the specific 
credits being assessed and whose compensation is not influenced by 
the assigned risk ratings. It is appropriate to employ such modified 
procedures when more robust procedures and methods are impractical. 
Institution management should have reasonable confidence that the 
personnel chosen will be able to conduct reviews with the needed 
independence despite their position within the loan function.
---------------------------------------------------------------------------

    An effective credit risk rating framework includes the following 
attributes:
     A formal credit risk rating system in which the ratings 
reflect the risk of default and credit losses, and for which a written 
description of the credit risk framework is maintained, including a

[[Page 55683]]

discussion of the factors used to assign appropriate risk ratings to 
individual loans and retail portfolios, or segments thereof, with 
similar risk characteristics.\7\
---------------------------------------------------------------------------

    \7\ A bank or savings association may have a credit risk rating 
framework that differs from the framework for loan classifications 
used by the federal banking agencies. Such banks and savings 
associations should maintain documentation that translates their 
risk ratings into the regulatory classification framework used by 
the federal banking agencies. This documentation will enable 
examiners to reconcile the totals for the various loan 
classifications or risk ratings under the institution's system to 
the federal banking agencies' categories contained in the Uniform 
Agreement on the Classification and Appraisal of Securities Held by 
Depository Institutions Attachment 1--Classification Definitions 
(OCC: OCC Bulletin 2013-28; Board: SR Letter 13-18; and FDIC: FIL-
51-2013). The NCUA does not require credit unions to adopt a uniform 
regulatory classification system. Risk rating guidance for credit 
unions is set forth in NCUA letters to credit unions 10-CU-02, 
``Current Risks in Business Lending and Sound Risk Management 
Practices,'' issued January 2010 and 10-CU-03, ``Concentration 
Risk,'' issued March 2010. See also the Commercial and Member 
Business Loans section of the NCUA Examiner's Guide (Commercial and 
Member Business Loans > Credit Risk Rating Systems).
---------------------------------------------------------------------------

     Identification or grouping of loans that warrant the 
special attention of management or other designated ``watch lists'' of 
loans that management is more closely monitoring.\8\
---------------------------------------------------------------------------

    \8\ In addition to loans designated as ``watch list,'' this 
identification typically includes loans rated special mention, 
substandard, doubtful or loss.
---------------------------------------------------------------------------

     Clear explanation of why particular loans warrant the 
special attention of management or have received an adverse risk 
rating.
     Evaluation of the effectiveness of approved workout plans.
     A method for communicating direct, periodic, and timely 
information to the institution's senior management and the board of 
directors or appropriate board committee on the status of loans 
identified as warranting special attention or adverse classification, 
and the actions taken by management to strengthen the credit quality of 
those loans.
     Information on the institution's historical loss 
experience for each segment of the loan portfolio.\9\
---------------------------------------------------------------------------

    \9\ In particular, institutions with large and complex loan 
portfolios typically maintain records of their historical loss 
experience for credits in each of the categories in their risk 
rating framework. For banks and savings associations, these 
categories are either those used by, or those that can be translated 
into those used by, the federal banking agencies.
---------------------------------------------------------------------------

Elements of an Effective Credit Risk Review System

    An effective credit risk review system starts with a written credit 
risk review policy \10\ that is reviewed and approved at least annually 
by the institution's board of directors or appropriate board committee 
to evidence its support of, and commitment to, maintaining an effective 
system. Effective policies include a description of the overall risk 
rating framework, and establish responsibilities for loan review based 
on the portfolio being assessed. An effective credit risk review policy 
addresses the following elements, described in more detail below: The 
qualifications and independence of credit risk review personnel; the 
frequency, scope, and depth of reviews; the review of findings and 
follow-up; and communication and distribution of results.
---------------------------------------------------------------------------

    \10\ See the Guidelines.
---------------------------------------------------------------------------

Qualifications of Credit Risk Review Personnel

    An effective credit risk review function is staffed with personnel 
who are qualified based on their level of education, experience, and 
extent of formal credit training. Qualified personnel are knowledgeable 
in both sound lending practices and the institution's lending 
guidelines for the types of loans offered by the institution. The level 
of experience and expertise for all personnel involved in the credit 
risk review process is expected to be commensurate with the nature of 
the risk and complexity of the portfolios. In addition, qualified 
credit risk review personnel possess knowledge of relevant laws, 
regulations, and supervisory guidance.

Independence of Credit Risk Review Personnel

    An effective credit risk review system uses both the initial 
identification of emerging problem loans by loan officers and other 
line staff, and an assessment of loans by personnel independent of the 
credit approval process. Placing primary responsibility on loan 
officers, risk officers, and line staff is important for continuous 
portfolio analysis and prompt identification and reporting of problem 
loans. Because of frequent contact with borrowers, loan officers and 
line staff can usually identify potential problems before they become 
apparent to others. However, institutions should be careful to avoid 
over-reliance on loan officers and line staff for identification of 
problem loans. An independent assessment of risk is achieved when 
personnel who perform the loan review do not have control over the loan 
and are not part of, or influenced by individuals associated with, the 
loan approval process.
    While a larger institution may establish a separate department 
staffed with credit review specialists, cost and volume considerations 
may not justify such a system in a smaller institution. For example, in 
the review process, smaller institutions may use an independent 
committee of outside directors or qualified members of the staff, 
including loan officers, other officers, or directors, who are not 
involved with originating or approving the specific credits being 
assessed and whose compensation is not influenced by the assigned risk 
ratings. Whether or not the institution has a dedicated credit risk 
review department, it is prudent for the credit risk review function to 
report directly to the institution's board of directors or a committee 
thereof, consistent with safety and soundness standards. Senior 
management may be responsible for appropriate administrative functions 
provided such an arrangement does not compromise the independence of 
the credit risk review function.
    The institution's board of directors, or a committee thereof, may 
outsource the credit risk review function to an independent third 
party.\11\ However, the responsibility for maintaining a sound credit 
risk review process remains with the institution's board of directors. 
In any case, institution personnel who are independent from the lending 
function typically assess risks, develop the credit risk review plan, 
and verify appropriate follow-up of findings. Outsourcing of the credit 
risk review function to the institution's external auditor requires 
additional independence considerations.\12\
---------------------------------------------------------------------------

    \11\ For a discussion of the expectations for institutions that 
use outside service providers, refer to SR letter 13-19/CA letter 
13-21, ``Guidance on Managing Outsourcing Risk,'' issued by the 
Board on December 5, 2013; FIL-44-2008, ``Guidance for Managing 
Third-Party Risk,'' issued by the FDIC on June 6, 2008; and OCC 
Bulletin 2013-29, ``Third-Party Relationships: Risk Management 
Guidance,'' issued by the OCC on October 30, 2013. For credit 
unions, refer to NCUA letters to credit unions 01-CU-20 ``Due 
Diligence over Third Party Service Providers,'' issued November 2001 
and 07-CU-13 ``Evaluating Third Party Relationships'' issued 
December 2007.
    \12\ For further information with respect to restrictions for 
external auditors performing internal bank functions, refer to the 
Interagency Policy Statement on the Internal Audit Function and its 
Outsourcing, Part III Independence of the Independent Public 
Accountant.
---------------------------------------------------------------------------

Frequency of Reviews

    An effective credit risk review system provides for review and 
evaluation of an institution's significant loans, loan products, or 
groups of loans at least annually, on renewal, or more frequently when 
internal or external factors indicate a potential for deteriorating 
credit quality or the existence of one or more other risk factors. The 
credit risk review function can also provide useful continual feedback 
on the effectiveness of the

[[Page 55684]]

lending process in order to identify any emerging problems. Ongoing or 
periodic review of an institution's loan portfolio is particularly 
important to the estimation of ACLs or the ALLL because loss 
expectations may change as the credit quality of a loan changes. Use of 
key risk indicators or performance metrics by credit risk review 
management can support adjustments to the frequency and scope of 
reviews.

Scope of Reviews

    Comprehensive and effective reviews cover all segments of the loan 
portfolio that pose significant credit risk or concentrations, and 
other loans that meet certain institution-specific criteria. A properly 
designed scope considers the current market conditions or other 
external factors that may affect a borrower's current or future ability 
to repay the loan. Establishment of an appropriate review scope also 
helps ensure that the sample of loans selected for review is 
representative of the portfolio as a whole and provides reasonable 
assurance that any credit quality deterioration or unfavorable trends 
are identified. An effective credit risk review function also considers 
industry standards for credit risk review coverage consistent with the 
institution's size, complexity, loan types, risk profile, and risk 
management practices and helps to verify whether the review scope is 
appropriate. The institution's board of directors or appropriate board 
committee typically approves the scope of the credit risk review on an 
annual basis or whenever significant interim changes are made in order 
to adequately assess the quality of the current portfolio. An effective 
scope of credit risk review is generally risk-based and typically 
includes:
     Loans over a predetermined size.
     A sufficient sample of smaller loans, new loans, and new 
loan products.
     Loans with higher risk indicators, such as low credit 
scores, high credit lines, or those credits approved as exceptions to 
policy.
     Segments of the loan portfolio experiencing rapid growth.
     Exposures from non-lending activities that also pose 
credit risk.
     Past due, nonaccrual, renewed, and restructured loans.
     Loans previously adversely classified and loans designated 
as warranting the special attention of the institution's 
management.\13\
---------------------------------------------------------------------------

    \13\ See footnote 8.
---------------------------------------------------------------------------

     Loans to insiders or related parties.
     Loans to affiliates.
     Loans constituting concentrations of credit risk and other 
loans affected by common repayment factors.

Depth of Transaction Reviews

    Loans selected for review are typically evaluated for:
     Credit quality, soundness of underwriting and risk 
identification, borrower performance, and adequacy of the sources of 
repayment.
     Validity of assumptions.
     Creditworthiness of guarantors or sponsors.
     Sufficiency of credit and collateral documentation.
     Proper lien perfection.
     Proper approvals consistent with internal policies.
     Adherence to any loan agreement covenants.
     Compliance with internal policies and procedures (such as 
nonaccrual, and classification or risk rating policies), laws, and 
regulations.
     Quality of the information used in the credit loss 
estimation process, including the reasonableness of assumptions used 
and the timeliness of charge-offs.
     The accuracy of risk ratings and the appropriateness and 
timeliness of the identification of problem loans by loan officers.

Review of Findings and Follow-Up

    An important activity of an effective credit risk review system is 
the discussion of the review findings, including all noted 
deficiencies, identified weaknesses, and any existing or planned 
corrective actions (including time frames for correction) with 
appropriate loan officers, department managers, and senior management. 
An effective system includes processes for all noted deficiencies and 
weaknesses that remain unresolved beyond the scheduled time frames for 
correction to be promptly reported to senior management and the board 
of directors or appropriate board committee.
    It is important to resolve risk rating differences between loan 
officers and loan review personnel according to a pre-arranged process. 
That process may include formal appeals procedures and arbitration by 
an independent party or may require default to the assigned 
classification or grade that indicates lower credit quality. If credit 
risk review personnel conclude that a borrower is less creditworthy 
than is perceived by the institution, the lower credit quality 
classification or grade typically prevails unless internal parties 
identify additional information sufficient to obtain the concurrence of 
the independent reviewer or arbiter on the higher credit quality 
classification or grade.

Communication and Distribution of Results

    Personnel involved in the credit risk review process typically 
prepare a list of all loans reviewed, the date of review, and a summary 
analysis that substantiates the risk ratings assigned to the loans 
reviewed. Effective communication involves providing results of the 
credit risk reviews to the board of directors or appropriate board 
committee at least quarterly.\14\ Comprehensive reporting includes 
comparative trends that identify significant changes in the overall 
quality of the loan portfolio, the adequacy of, and adherence to, 
internal policies and procedures, the quality of underwriting and risk 
identification, compliance with laws and regulations, and management's 
response to substantive criticisms or recommendations. Such 
comprehensive reporting provides the board of directors or appropriate 
board committee with insight into the portfolio and the responsiveness 
of management and facilitates timely corrective action of deficiencies.
---------------------------------------------------------------------------

    \14\ A board of directors or appropriate board committee should 
be informed more frequently than quarterly when material adverse 
trends are noted. When an institution conducts loan file reviews 
less frequently than quarterly, the board or appropriate board 
committee will typically receive results on other credit risk review 
activities quarterly.

    Dated: October 1, 2019
Joseph M. Otting,
Comptroller of the Currency.
    By order of the Board of Governors of the Federal Reserve 
System, October 3, 2019.
Ann E. Misback,
Secretary of the Board.
Federal Deposit Insurance Corporation.

    Dated at Washington, DC, on September 20, 2019.
Robert E. Feldman,
Executive Secretary.
    By the National Credit Union Administration Board on September 
20, 2019.
Gerard Poliquin,
Secretary of the Board.
[FR Doc. 2019-22656 Filed 10-16-19; 8:45 am]
 BILLING CODE 4810-33-P; 6210-01-P; 6714-01-P; 7535-01-P