Interagency Guidance on Credit Risk Review Systems, 33278-33287 [2020-10292]
Download as PDF
<![CDATA[
33278
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
[Docket ID OCC–2019–0018]
FEDERAL RESERVE SYSTEM
[Docket ID OP–1679]
FEDERAL DEPOSIT INSURANCE
CORPORATION
RIN 3064–ZA09
NATIONAL CREDIT UNION
ADMINISTRATION
RIN 3133–AF05
Interagency Guidance on Credit Risk
Review Systems
Office of the Comptroller of the
Currency (OCC), Treasury; Board of
Governors of the Federal Reserve
System (Board); Federal Deposit
Insurance Corporation (FDIC); and
National Credit Union Administration
(NCUA).
ACTION: Final guidance.
AGENCY:
The OCC, the Board, the
FDIC, and the NCUA (collectively, the
agencies) are issuing final guidance for
credit risk review (final guidance). This
guidance is relevant to all institutions
supervised by the agencies and replaces
Attachment 1 of the 2006 Interagency
Policy Statement on the Allowance for
Loan and Lease Losses. The final
guidance discusses sound management
of credit risk, a system of independent,
ongoing credit review, and appropriate
communication regarding the
performance of the institution’s loan
portfolio to its management and board
of directors.
DATES: The final guidance is available
on June 1, 2020.
FOR FURTHER INFORMATION CONTACT:
OCC: Beth Nalyvayko, Bank
Examiner, or Lou Ann Francis, Director,
Commercial Credit Risk, (202) 649–
6670; or Kevin Korzeniewski, Counsel,
Chief Counsel’s Office, (202) 649–5490.
For persons who are hearing impaired,
TTY, (202) 649–5597.
Board: Constance Horsley, Deputy
Associate Director, (202) 452–5239;
Kathryn Ballintine, Manager, (202) 452–
2555; or Carmen Holly, Lead Financial
Institution Policy Analyst (202) 973–
6122; or Alyssa O’Connor, Attorney,
Legal Division, (202) 452–3886, Board of
Governors of the Federal Reserve
System, 20th and C Streets NW,
Washington, DC 20551.
FDIC: Thomas F. Lyons, Chief, Policy
& Program Development, tlyons@
jbell on DSKJLSW7X2PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
fdic.gov (202) 898–6850); George J.
Small, Senior Examination Specialist,
Risk Management Policy, gsmall@
fdic.gov (917) 320–2750, Risk
Management Supervision; Ann M.
Adams, Senior Examination Specialist,
Risk Management Policy, annadams@
fdic.gov (347) 751–2469, Risk
Management Supervision; or Andrew B.
Williams II, Counsel, andwilliams@
fdic.gov; (202) 898–3591), Supervision
and Legislation Branch, Legal Division,
Federal Deposit Insurance Corporation;
550 17th Street NW, Washington, DC
20429.
NCUA: Vincent H. Vieten, Senior
Credit Specialist (703) 518–6618; Uduak
Essien, Director (703) 518–6399,
Division of Credit Markets; or Ian
Marenna, Associate General Counsel
(703) 518–6554, Office of General
Counsel.
SUPPLEMENTARY INFORMATION:
I. Background
In 2006, the OCC, the Board, the
FDIC, and the NCUA (collectively
referred to as the agencies) issued the
Interagency Policy Statement on the
Allowance for Loan and Lease Losses.1
Attachment 1 of that statement, entitled
‘‘Loan Review Systems,’’ served as the
agencies’ guidance on credit risk review
(Attachment 1). Attachment 1
supplemented and aligned with other
relevant agency issuances on credit
review, including the Interagency
Guidelines Establishing Standards for
Safety and Soundness.2
In October 2019, the agencies invited
public comment on proposed guidance
on credit risk review (proposed
guidance or proposal).3 The proposed
guidance would update and clarify
Attachment 1. It also would adjust
terminology to be consistent with the
current expected credit losses (CECL)
methodology, a recent accounting
standards change.4 The agencies are
adopting the proposed guidance in final
form (final guidance), with certain
revisions as discussed below. The final
guidance replaces Attachment 1 as the
1 See OCC Bulletin 2006–47; FDIC Financial
Institution Letter FIL–105–2006; Federal Reserve
Supervision and Regulation (SR) letter 06–17;
NCUA Accounting Bulletin No. 06–01.
2 12 CFR part 30, appendix A (OCC); 12 CFR part
208, appendix D–1 (Board); 12 CFR part 364
appendix A (FDIC). Also see 12 CFR part 723
(NCUA).
3 Interagency Guidance on Credit Risk Review
Systems, 84 FR 55679 (Oct. 17, 2019).
4 See Financial Accounting Standards Board’s,
Accounting Standards Codification Topic 326,
which revises the accounting for the allowances for
credit losses (ACLs) and introduces the CECL
methodology. [The agencies’ final guidance on
CECL is contained in a separate document
published elsewhere in this issue of the Federal
Register.]
PO 00000
Frm 00200
Fmt 4703
Sfmt 4703
agencies’ guidance on credit risk review
systems for all supervised institutions
and is being issued as a standalone
document. Attachment 1 is rescinded as
of June 1, 2020.
II. Overview of Comments
The agencies collectively received 19
comments on the proposed guidance.
Commenters included trade
associations, banks, credit unions, and
members of the public.
Most commenters expressed general
support for the guidance. Commenters
noted that the proposed guidance
reflected sound practices and
principles, incorporated the core
elements of credit risk review, and did
not represent a fundamental shift from
Attachment 1. Some commenters raised
concerns including that the guidance
was too prescriptive.
The comments addressed a wide
range of topics, and in some instances,
commenters requested clarifications to
certain aspects of the proposed
guidance. For example, commenters
discussed the role of credit risk review
including its relation to other functions,
such as internal audit; the appropriate
scope, depth and frequency of credit
risk review activities; internal
responsibility for an institution’s risk
rating framework; the process for
adjudicating risk rating disputes; the
communication of credit risk review
results and qualifications of credit risk
review personnel; credit risk review in
the context of retail portfolios; and the
use of technology and data in credit risk
review.
A number of commenters expressed
concern with what they viewed as the
one-size-fits-all approach of the
proposed guidance and the potential
burden to smaller institutions.
Commenters requested that the agencies
specifically tailor the guidance to
emphasize flexibility based on an
institution’s risk profile or even exempt
small institutions from the guidance.
Some commenters discussed
independence of the credit risk review
function and acknowledged that credit
risk review provides a critical and
independent assurance role but noted
that role has expanded in scope and
may overlap with duties performed by
other functions resulting in a
duplication of efforts.
Commenters also expressed concern
generally with the implementation of
the CECL methodology; the relationship
of the proposed guidance to Allowances
for Credit Losses (ACL); and whether
CECL would make credit risk review
more burdensome, particularly for
smaller institutions.
E:\FR\FM\01JNN1.SGM
01JNN1
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
III. Discussion of Comments on the
Proposed Guidance
The agencies are finalizing the
guidance with targeted changes and
clarifications to address the concerns
raised by commenters. The comments,
and any revisions to the final guidance,
are discussed below and grouped based
on the three questions posed in the
proposal and other related topics raised
by commenters. The agencies’ three
questions asked whether the proposed
guidance reflected sound practices,
whether the proposed guidance was
appropriate for institutions of differing
sizes, and whether the agencies should
include additional factors in the
proposed guidance to help credit risk
review achieve a sufficient degree of
independence.5
The agencies emphasize that credit
risk review is a significant risk
management function separate from the
determination of the appropriate reserve
for credit losses. While the results of the
credit risk review can help ensure that
the ACLs or Allowance for Loan and
Lease Losses (ALLL) adequately reflects
risk in the institution’s loan portfolio,
the agencies are addressing the
implementation of CECL separately
from the final guidance.
jbell on DSKJLSW7X2PROD with NOTICES
A. General Application of Guidance
Some commenters indicated the
guidance was too prescriptive; in one
case, a commenter considered the
guidance excessively detailed and not
aligned with current practices for credit
unions in particular. Others indicated
that the proposed guidance reflected
foundational principles and outlined
elements of a sound credit risk program
without mandating how credit risk
review should operate. Commenters also
raised concerns that the proposed
guidance would be enforced as a
regulation.
An effective credit risk review
function is integral to the safe and
sound operation of every insured
depository institution. To assist
institutions in the creation and
operation of such functions, the
5 Question 1: To what extent does the proposed
credit review guidance reflect current sound
practices for an institution’s credit risk review
activities? What elements should be added or
removed, and why? Question 2: To what extent is
the proposed credit review guidance appropriate for
institutions of all asset sizes? What elements should
be added or removed for institutions of differing in
sizes, and why? Question 3: What, if any, additional
factors should the agencies consider incorporating
into the guidance to help achieve a sufficient degree
of independence and why? To what extent does the
approach described for small or rural institutions
with fewer resources or employees provide for an
appropriate degree of independence in the credit
review function? What if any modifications should
the agencies consider and why?
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
agencies have developed the final
guidance to describe a broad set of
practices and principles for developing
and maintaining a credit risk review
function consistent with safe and sound
credit risk management practices and
the Interagency Guidelines Establishing
Standards for Safety and Soundness.6
However, the final guidance does not
establish any requirements or rules, nor
does it mandate implementation of a
specific system or prescribe specific
actions with which institutions must
comply.
One commenter expressed general
concern about guidance being
applicable to all institutions, including
credit unions, because the commenter
considered credit union operational
practices as distinct from those of other
institutions. Another commenter called
for the guidance to address how it
intersects with the NCUA Examiner’s
Guide. The NCUA notes that credit risk
is related to the characteristics of the
loan, and not the type of institution
providing the financing. This guidance
is an appropriate reference to assist in
establishing a credit risk review
function for both credit union and other
institutions’ loan portfolios.
Furthermore, the final guidance aligns
with the NCUA Examiner’s Guide for
commercial loans 7 and 12 CFR part 723
of the NCUA’s regulations, and the
NCUA supports the recommendations
in this final guidance as it pertains to
retail and consumer loan portfolios. The
NCUA Examiner’s Guide will be
updated to reflect this new guidance.
B. Elements of the Guidance
Commenters addressed the role of
credit risk review; scope, depth, and
frequency of reviews; responsibility for
and determination of risk ratings; timely
communication of results; qualifications
of credit risk review personnel; tailoring
of the guidance to retail portfolios; and
use of technology in the credit risk
review process.
1. Role of Credit Risk Review
Some commenters called for the
guidance to better delineate between the
responsibilities of credit risk review and
other functions. As provided in footnote
5 8 of the final guidance, the role of
6 Supra
note 2.
the Commercial and Member Business
Loans section of the NCUA Examiner’s Guide
(Commercial and Member Business Loans >
Commercial Loan Administration≤Independent
Loan Review).
8 Footnote 5 states that credit risk review may be
referred to as loan review, credit review, asset
quality review, or another name as chosen by an
institution. The role of, expectations for, and scope
of credit risk review as discussed in this document
are distinct from the roles, expectations, and scope
7 See
PO 00000
Frm 00201
Fmt 4703
Sfmt 4703
33279
credit risk review is distinct from the
roles of other groups within an
institution that are also responsible for
monitoring, managing, and reporting
credit risk. The agencies reiterate that
institutions have flexibility to determine
the specific roles, responsibilities, and
duties of these different groups. The
core responsibilities of a credit risk
review system are discussed in the final
guidance under the objectives of an
effective credit risk review system, and
include the prompt identification of
loans with credit weaknesses and the
validation and adjustment of risk
ratings.
One commenter disagreed that a
primary objective of credit risk review
was to promptly identify all loans with
actual and potential credit weaknesses.
The commenter believed that this
responsibility primarily lies with the
credit administration function while
credit risk review would identify such
loans using a sample-based approach.
The guidance does not singularly assign
the process of risk identification to
credit risk review; effective ongoing
credit administration practices allow
other credit risk functions to have a role
in the prompt detection of changes in
loan quality and appropriate
adjustments to the risk rating. As part of
its independent risk rating validation
process, credit risk review may identify
loans with significant weaknesses and
identifiable losses and adjust the risk
rating accordingly. The emphasis for
credit risk review or any party
identifying credit risk is on timely and
accurate identification of credit
weaknesses so that action can be taken
to strengthen credit quality and
minimize loss.
Several commenters asked for
clarification of credit risk review’s role
in relation to internal audit. As
discussed in footnote 4 9 of the final
of work performed by other groups within an
institution that are also responsible for monitoring,
managing and reporting credit risk. Examples may
be those involved with lending functions,
independent risk management, loan work outs, and
accounting. Each institution indicates in its own
policies and procedures the specific roles and
responsibilities of these different groups, including
separation of duties. A credit risk review unit, or
individuals serving in that role, can rely on
information provided by other units in developing
its own independent assessment of credit risk in
loan portfolios, but the credit risk review unit
critically evaluates such information to maintain its
own view, as opposed to relying exclusively on
such information.
9 Footnote 4 states that the credit risk review
function is not intended to be performed by an
institution’s internal audit function. However, as
discussed in the agencies’ March 2003 Interagency
Policy Statement on the Internal Audit Function
and its Outsourcing (2003 policy statement), some
institutions coordinate the internal audit function
E:\FR\FM\01JNN1.SGM
Continued
01JNN1
33280
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
jbell on DSKJLSW7X2PROD with NOTICES
guidance, the credit risk review function
is not intended to be performed by an
institution’s internal audit function. The
March 2003 Interagency Statement on
the Internal Audit Function and Its
Outsourcing (2003 policy statement) 10
discusses the coordination of the
internal audit function with risk
monitoring functions, such as the credit
risk review function. The 2003 policy
statement provides that coordination of
credit risk review with the internal
audit function can facilitate the
reporting of material risk and control
issues to the audit committee, increase
the overall effectiveness of these
monitoring functions, better utilize
available resources, and enhance the
institution’s ability to comprehensively
manage risk.
Commenters noted that credit risk
review and other banking units should
coordinate their activities and requested
clarification of whether it would be
appropriate for credit risk review or for
other internal functions within a credit
risk review system to perform activities
that are compliance or operational in
nature, such as confirming proper lien
perfection and collateral
documentation. Commenters also stated
that credit risk review provides support
to financial and regulatory reporting
functions but does not directly deliver
outputs to these functions, and
requested that the proposed guidance be
clarified in this regard.
While duties such as assuring lien
perfection and collateral confirmation
might not be directly undertaken by the
credit risk review function, evaluation
and confirmation of such actions is
within the scope of the credit risk
review function and a key aspect of an
assessment of the overall quality of the
credit. The credit risk review function
may use information generated by other
functions when developing an
independent assessment of credit risk,
but footnote 5 of the final guidance
provides that such information is
typically subject to critical challenge
and evaluation and a credit risk review
with several risk monitoring functions, such as the
credit risk review function. The 2003 policy
statement states that coordination of credit risk
review with the internal audit function can
facilitate the reporting of material risk and control
issues to the audit committee, increase the overall
effectiveness of these monitoring functions, better
utilize available resources, and enhance the
institution’s ability to comprehensively manage
risk. However, an effective internal audit function
maintains the ability to independently audit the
credit risk review function. (The NCUA was not an
issuing agency of the 2003 policy statement.)
10 The 2003 policy statement was issued by the
Board, OCC, and FDIC on March 17, 2003. See SR
Letter 03–5, OCC Bulletin 2003–12, FDIC Financial
Institution Letter FIL–21–2003. NCUA was not a
party to the issuance.
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
function typically does not rely
exclusively on such information.
Some commenters indicated that
credit risk review should not have a role
in evaluating workout plans, and
requested that related language be
eliminated from the guidance. An
effective workout plan is typically
designed to rehabilitate a troubled credit
or to maximize the amount of
repayment ultimately collected and is
therefore a loss mitigation strategy. For
this reason, Attachment 1 included
similar language to the proposed
guidance on workout plans, as effective
workout plans are critical to managing
risk in a loan portfolio. Since
assessment of such strategies is within
the scope of the credit risk review’s role,
the final guidance retains the reference
to evaluating workout plans.
One commenter stated that one part of
the proposed guidance allows
institutions to have a system concept for
structuring credit risk review whereas
the latter part of the proposed guidance
defined specific roles for a credit review
function. The commenter requested
clarification on the words ‘‘system’’ and
‘‘function’’ as used in the guidance. The
agencies have seen institutions use both
terms when referring to credit risk
review, with the term used generally
depending on the size of the institution
and composition of its risk review
framework. While the agencies
incorporated both terms to provide
flexibility to institutions, the terms can
be used interchangeably depending on
the institution’s existing framework.
2. Scope
Commenters suggested that the
agencies consider the nature of a loan
portfolio and the history and experience
of an institution’s management team
when determining the scope of credit
risk review. Commenters requested that
the proposed guidance indicate that
credit review practices can be tailored
when loans are seasoned and have a
history of performance and enhanced
collateral positions. Some commenters
recommended that credit risk review
focus on higher risk or newer loans. The
agencies reaffirm that, as stated in the
proposal, institutions may tailor their
credit risk review practices based on a
number of factors, including the nature
of the institution’s loan portfolio and
overall risk profile.
Commenters requested clarification
about whether the proposed guidance
covered non-lending activities. One
commenter indicated that these
activities should not be within the scope
of credit risk review, while other
commenters disagreed. Some
commenters suggested that all
PO 00000
Frm 00202
Fmt 4703
Sfmt 4703
references to ‘‘loans’’ in the proposed
guidance be changed to a broader term
that incorporates assets other than
loans, such as securities.
In response, the agencies recognize
that credit risk may arise from activities
that are not specific to lending and
encourage institutions to consider
whether such activities should be
included in the scope of the credit risk
review function. For example,
institutions that hold investment
securities or engage in capital markets,
treasury, or automated clearinghouse
activities may elect to include the credit
risk related to these activities in the
scope of a review. While the examples
of non-lending credit activities cited
here are not exhaustive, and may not
apply to all institutions, they illustrate
other areas that management and the
board of directors may consider in the
development of a review plan that
reflects the risk profile of the institution.
Further, some commenters expressed
the view that smaller banks and credit
unions may have difficulty in
identifying concentrations of credit risk
and other loans affected by common
repayment factors. Commenters stated
that the phrase ‘‘common repayment
factors’’ could lead to a much larger
scope of review. The OCC, Board, and
FDIC note that, under the Interagency
Guidelines Establishing Standards for
Safety and Soundness,11 insured
depository institutions should establish
and maintain a system that is
commensurate with the institution’s
size and the nature and scope of its
operations to identify problem assets
and prevent deterioration in those
assets, which includes considering the
size and potential risks of material asset
concentrations. The reference to
‘‘common repayment factors’’ is meant
to provide flexibility to institutions to
consider a variety of factors that are
applicable to the institution’s
circumstances and which may lead to a
concentration of credit risk.
Commenters suggested that credit risk
review focus on loans that contain
major, significant, or critical exceptions
to policy, rather than ‘‘approved’’
exceptions or loans with minor or
administrative policy exceptions.
Commenters also suggested that there
may be ‘‘major’’ exceptions to policy
with strong mitigating factors that
suggest these exceptions may not
warrant a focus in the review process.
The final guidance is not prescriptive
and allows for institutions to set their
own parameters for determining the
materiality of policy exceptions that
11 Supra
E:\FR\FM\01JNN1.SGM
note 2.
01JNN1
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
jbell on DSKJLSW7X2PROD with NOTICES
should fall into the scope of a credit
review.
Further, commenters suggested that
credit risk review focus on loans with
high-risk indicators and asked the
agencies to clarify that institutions can
define ‘‘segments of the loan portfolio
experiencing rapid growth.’’
Commenters suggested that it is
appropriate for banks and credit unions
to define their own ‘‘rapid growth’’
targets for credit review and to have
independent loan review verify those
targets. This final guidance emphasizes
that an effective scope is risk-based and
includes loans or portfolios that have
high-risk indicators, exceptions to
policy, are experiencing rapid growth,
or have other risk attributes. The final
guidance provides examples of high-risk
indicators and other characteristics of
loans that may warrant additional
review, but does not prescribe specific
targets or thresholds. Institutions can
select their own high-risk indicators,
keeping in mind how the indicators fit
the characteristics of the overall
portfolio and how the indicators help to
reinforce safe and sound practices.
3. Depth
Commenters noted that the language
in the proposed guidance stating that
loans selected for credit risk review are
evaluated for ‘‘sufficiency of credit and
collateral documentation’’ was too
broad. The final guidance does not
recommend that credit risk review
perform or oversee the loan
documentation process. However,
because inadequate loan documentation
and lien perfection may adversely
impact the risk rating and could result
in losses for a financial institution,
effective credit risk review often
includes the evaluation of loan
documentation as part of the overall
assessment of the credit risk of a
particular transaction. In doing so,
effective credit risk review assesses and
evaluates information from departments
responsible for loan documentation and
highlights identified concerns in the
reports to management, including
recommendations for their resolution.
One commenter recommended
removing language in the proposed
guidance stating that loans selected for
credit risk review are evaluated for
‘‘quality of the information used in the
credit loss estimation process, including
the reasonableness of assumptions used
and the timeliness of charge-offs.’’ The
commenter suggested that credit review
should not validate the translation of
loss numbers; rather, internal audit and
external auditors should review
accuracy, timeliness, and consistency of
charge-offs.
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
The bullet in the proposed guidance
mentioning quality of the information
used in the credit loss estimation
process was not intended to expand the
review of such information beyond that
of the original Attachment 1. The focus
of Attachment 1 was on assessing the
adequacy of the identification and
related impairment calculation of
individually impaired loans under the
ALLL methodology, a process which
will no longer be applicable to loans
evaluated under CECL. In order to direct
the focus and applicability of the review
under both allowance methodologies,
the agencies have revised the language
in the final guidance to read as follows:
‘‘The appropriateness of credit loss
estimation for those credits with
significant weaknesses including the
reasonableness of assumptions used,
and the timeliness of charge-offs.’’
Additionally, the agencies acknowledge
that the calculation of estimated ACL or
ALLL is not the role of credit risk
review. However, effective credit risk
review results help ensure that the ACL
or ALLL adequately reflects risk in the
credit portfolio. In performing its
assessment of reasonableness, credit risk
review can leverage work performed in
this area by other functions, such as
internal audit.
Several commenters suggested that
evaluating the validity of underwriting
assumptions was too broad of an
activity for credit risk review, and could
imply that credit risk review is
responsible for back testing
assumptions. Commenters suggested
that the agencies should instead refer to
evaluating the ‘‘reasonableness’’ of
assumptions, such as borrower cash
flow forecasts. In response, the final
guidance has been revised to provide
that such loans, and segments of
portfolios, selected for review are
generally reviewed for the
reasonableness of assumptions. Back
testing the validity of assumptions is
often a part of the underwriting and
monitoring processes. Credit risk review
can use this information, if available,
when making their assessments.
Commenters indicated that
institutions should receive credit during
a review if back testing of initial loan
risk ratings shows a high level of
accuracy. Similarly, commenters
suggested that the agencies’ guidance
should focus less on risk evaluation, but
instead focus on the front-end loan
evaluation by bank staff. The focus of
the credit risk review system is on the
assessment of credit quality in the credit
portfolios, which is an important input
into the determination of the ACL and
ALLL. An effective credit risk review
system considers any information
PO 00000
Frm 00203
Fmt 4703
Sfmt 4703
33281
available that can impact or provide
insight into the quality of the portfolio.
To the extent that back testing results
are available, they can be considered by
credit risk review staff in their
assessment of credit quality.
4. Frequency
Several commenters raised questions
about the frequency of credit risk
reviews and requested clarification as to
when it is appropriate for reviews to be
conducted less frequently than
annually. Commenters suggested there
are instances in which less frequent
reviews are appropriate, such as for
well-managed institutions with lower
risk portfolios. Commenters also
requested that the proposed guidance
respect the authority of a board of
directors to approve when audits and
loan reviews are completed, and how
frequently reports are reviewed. With
respect to the credit risk review policy,
one commenter suggested that
frequency of review should be
determined by a firm’s board of
directors.
Consistent with the principles in the
final guidance, each institution has the
flexibility to set the scope of coverage
and frequency of reviews based on the
institution’s specific circumstances
while continuing to operate in a safe
and sound manner. Accordingly, the
agencies have clarified in the final
guidance that effective credit risk
reviews are typically performed
annually. However, in certain
circumstances more frequent reviews
may be necessary. Reviews that are less
frequent are typically well supported
and reflective of low risk portfolios, are
conducted consistent with safe and
sound practices, and are approved by
the institution’s board of directors or
board committee thereof. The agencies
have clarified in the final guidance that
an effective credit risk review system
starts with a written credit risk review
policy that is typically reviewed and
approved at least annually.
5. Risk rating responsibility and
adjudication
Several commenters observed that the
proposed guidance provided an
opportunity to establish which area or
department at the institution will have
responsibility over risk rating
dispositions within the credit review
function. Commenters asked if credit
risk review should always be the final
arbiter of a risk rating, even if credit risk
review’s rating is less conservative than
that determined by the business line.
Commenters requested that the
proposed guidance clarify that an
institution’s board of directors retains
E:\FR\FM\01JNN1.SGM
01JNN1
33282
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
the responsibility for maintaining a
bank’s credit risk rating and establishing
relevant policies. Some commenters
questioned whether the proposed
guidance would require institutions to
employ an arbitration process.
The agencies believe that the language
as proposed describes a clear
disposition process for adjudicating risk
ratings that is flexible for institutions of
all sizes. In particular, the final
guidance addresses risk rating
differences between the credit risk
review and areas responsible for loan
approval. Typically, the lower credit
quality classification or risk rating
assigned by credit risk review prevails
unless there is additional information
that would support a higher credit
quality classification or risk rating. The
final guidance also discusses a risk
rating framework that is consistent with
safe and sound practices and the
agencies’ guidelines for supervisory
classifications.12
6. Communication of Results
jbell on DSKJLSW7X2PROD with NOTICES
In general, commenters expressed
support for credit risk review reporting
directly to the board of directors. Other
commenters indicated that the language
in the proposed guidance was too
prescriptive, particularly regarding
communication to the board at least
quarterly. Commenters recommended
that the proposed guidance permit
boards of directors to tailor their
policies based on the size, scope, and
complexity of the loan portfolio, as well
as to the complexity of a loan itself.
The agencies believe that it is
consistent with safe and sound lending
practices to have the credit risk review
function report findings regularly and
directly to the institution’s board of
directors or a committee thereof.
Institutions have discretion to
determine the frequency and extent of
such reporting, taking into account the
nature of their loan portfolios and the
importance of informing the board of
directors on credit risk. To clarify this
flexibility, the proposed guidance was
revised to state that effective
communication typically involves
providing results of the credit risk
12 Two commenters requested clarification from
the NCUA regarding whether credit unions are
required to adopt the loan classification system
described in footnote 7 of the guidance. The NCUA
does not require credit unions to adopt the
regulatory classifications of substandard, doubtful
or loss. However, NCUA does support the use of
these classifications, as defined by the other
banking agencies, as an effective method for rating
adversely classified loan risk. See the Commercial
and Member Business Loans section of the NCUA
Examiner’s Guide (Commercial and Member
Business Loans > Credit Risk Rating Systems≤
Credit Risk Rating Categories).
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
reviews to the board of directors or
appropriate board committee quarterly.
This change emphasizes that quarterly
reporting of results is a typical practice,
but institutions have room to adjust the
frequency given their risk profile and
consistent with safety and soundness.
One commenter noted that the
guidance should specifically
recommend tracking forward-looking
indicators to help identify risk trends to
support informed decisions and
proactive risk mitigation. The agencies
acknowledge that forward-looking
indicators such as portfolio
concentration trends, shifting
underwriting standards, and risk rating
migrations are consistent with proactive
risk management activities. The
agencies recognize that institutions may
develop internal parameters for
establishing, tracking, and reporting
forward-looking indicators of credit
exposure that are specific to the
institution’s business model and
lending activities. The agencies believe
that language in the proposed guidance
is sufficient to address this issue.
Commenters also requested that the
agencies clarify that only ‘‘material’’
deficiencies and weaknesses that remain
unresolved beyond the scheduled time
frames for correction should be
promptly reported to senior
management and the board of directors
or appropriate board committee. The
agencies believe that an effective credit
review system should report all noted
deficiencies and weaknesses to the
board of directors. Credit review may
prioritize findings of weaknesses or
deficiencies; however, allowing
management to determine the
materiality of findings can compromise
the independence of the credit review
process.
7. Qualifications of Personnel
One commenter suggested that
footnote 4 of the proposed guidance be
revised to emphasize the importance of
the qualifications, independence, and
expertise of personnel conducting the
internal audit of a credit risk review
system or function. The OCC, Board,
and FDIC believe that the qualifications
of audit personnel are sufficiently
addressed in the 2003 policy statement,
which is referenced in the final
guidance.
One commenter noted that with
respect to credit risk review staff,
knowledge of an institution’s
membership and experience with
underwriting are key factors in
determining the qualifications of credit
risk review personnel. This final
guidance broadly addresses the
experience of personnel, which would
PO 00000
Frm 00204
Fmt 4703
Sfmt 4703
include knowledge of the institution’s
portfolio and experience with
underwriting. Specific personnel
qualifications are the purview of
management and the board and are
typically reflective of the institution’s
business model.
8. Retail and Consumer Portfolios
The agencies received a number of
comments regarding the differences in
characteristics between retail
(consumer) and commercial loan
portfolios, as well as the processes,
techniques, tools, data and technology
used to conduct credit risk review of
retail loan portfolios. One commenter
stated that the proposed guidance
inadequately differentiated between
product types and exposures of
commercial and retail loans. The
commenter stated that the use of manual
review of individual loans to assign and
validate risk ratings would be
impractical for a large portfolio of
smaller retail loans.
The agencies recognize that
differences between retail and most
commercial loans and portfolios may
justify differences in approaches,
techniques, and tools for conducting
credit risk review. The proposed
guidance was designed so that
institutions may apply its principles to
the review of all loans and portfolios,
including retail loan portfolios. In
response to comments received, the
agencies have made revisions to the
final guidance in order to provide
flexibility to institutions in determining
the scope and depth of the loan review
for all loan portfolios. The revisions for
the final guidance discussed below
reflect existing industry practices. They
are applicable to all types of loan
portfolios, but especially for retail
portfolios.
Specifically, the final guidance
includes language in a new bullet under
the ‘‘Scope of Reviews’’ section, which
acknowledges that institutions may
determine the scope of the credit risk
review by segmenting or grouping loans
based on similar risk characteristics,
such as those related to borrower risk,
transaction risk, and other risk factors.
The new bullet is intended to provide
clarity and reflect existing industry
practices for retail portfolios. Similar
references to portfolio segments have
been made in the ‘‘Depth of Transaction
or Portfolio Reviews’’ and
‘‘Communication and Distribution of
Results’’ sections.
Additionally, the final guidance
includes language in a new sub-bullet
under ‘‘Depth of Transaction Reviews.’’
The sub-bullet indicates that, with
regard to evaluating credit quality,
E:\FR\FM\01JNN1.SGM
01JNN1
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
soundness of underwriting and risk
identification, borrower performance,
and adequacy of the sources of
repayment, ‘‘[w]hen applicable, this
evaluation includes the appropriateness
of automated underwriting and credit
scoring, including prudent use of
overrides, as well as the effectiveness of
account management strategies,
collections, and portfolio management
activities in managing credit risk.’’
The agencies have added the new subbullet in response to commenter
requests for more guidance on the
applicability of the guidance to retail
loan portfolios. The new sub-bullet
takes into account the fact that some
institutions, especially those with large
retail portfolios, may use models or
other automated decision tools in their
credit decision or risk rating processes,
and thus clarifies that effective credit
risk review can consider the
appropriateness of the business line’s
application of these tools in these
processes. Further, an effective credit
risk review can consider the
effectiveness of account management
strategies, such as credit line
management, re-aging, and extension/
renewal in managing credit risk. An
effective credit risk review can also
consider whether portfolio management
activities, such as risk identification and
performance monitoring, and collection
policies and practices are commensurate
with the institution’s risk profile and
complexity of the products and loan
structures offered.
jbell on DSKJLSW7X2PROD with NOTICES
9. Technology
Commenters posed a number of
questions and comments related to the
use and governance of technology in
credit risk review. Commenters
discussed the use of analytical and
management information system tools,
particularly for consumer loans, and
suggested that the guidance recommend
automation of risk data aggregation. The
agencies believe institutions have
significant flexibility to use various
types of technology to assist in the
credit risk review process; as such, the
agencies decline to recommend the use
of any specific types of technology.
One commenter expressed concern
about the potential risks associated with
the use of models in various credit
processes and suggested that the
proposed guidance emphasize the
appropriateness and effectiveness of
reviewing credit model design,
performance, and governance. A
commenter indicated that the guidance
should include robust governance of
artificial intelligence algorithms. The
agencies recognize the importance of
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
model risk management, which is
discussed in other existing guidance.13
C. Scalability of the Guidance
The agencies received numerous
comments about whether the proposed
guidance is appropriate for institutions
of all sizes. Several commenters
expressed concern with what they
viewed as a one-size-fits-all nature, and
called for the proposed guidance to be
tailored based on the size and activities
of the institution, as well as the
complexity of the loan portfolio.
Commenters also requested
accommodations for smaller
institutions, including credit unions.
One commenter stated the proposed
guidance could impose higher costs on
smaller institutions because such costs
cannot be spread across a large asset
base and requested the guidance
provide more flexibility for review
activities. One commenter suggested
that the proposed guidance would
benefit from additional discussion and
analysis of how modest-sized
institutions with limited personnel
would implement the guidance. This
commenter expressed concern that the
proposed guidance would be
burdensome for such institutions and
potentially require outsourcing of credit
risk review. Another commenter
requested that the proposed guidance
specifically exempt small, non-complex
rural institutions, thereby allowing them
to utilize their existing review
functions. Another commenter
requested that the agencies clarify the
proposed guidance’s applicability to
large banks, including defining a large
institution based on asset size and
examples of complex institutions and
explaining how supervisors make these
determinations.
The agencies believe that the final
guidance provides both small and large
institutions flexibility to tailor the credit
review function to the activities of the
institution. For example, the final
guidance states that the nature of credit
risk review varies based on an
institution’s size, complexity, loan
types, risk profile, and risk management
framework. In addition, as described
under ‘‘Independence of Credit Risk
Review Personnel,’’ smaller or less
complex institutions have flexibility to
use an independent committee of
13 See the interagency statement titled,
Supervisory Guidance on Model Risk Management,
published by the Board in SR Letter 11–7 and OCC
Bulletin 2011–12 on April 4, 2011. The FDIC
adopted the interagency statement on June 7, 2017.
Institutions supervised by the FDIC should refer to
FIL 22–2017, Adoption of Supervisory Guidance on
Model Risk Management, including the statement of
applicability in the FIL.
PO 00000
Frm 00205
Fmt 4703
Sfmt 4703
33283
outside directors or qualified members
of the staff to perform the credit risk
review function. Footnote 6 14 of the
final guidance emphasizes that small or
rural institutions that have few
resources or employees may adopt
modified credit risk review procedures
and methods to achieve a proper degree
of independence. As the final guidance
notes, doing so is appropriate when
more robust procedures and methods
are impractical. The final guidance also
notes that credit risk review systems in
larger institutions may include a
dedicated credit risk review function.
Institutions of all sizes have the
flexibility to tailor the various
principles and practices in the final
guidance to systems appropriate for
their circumstances.
D. Independence Considerations
Some commenters suggested that
creating the independence structure
described in the proposed guidance
would be a problem for small banks and
credit unions. Commenters stated that
doing so could lead to duplicative
functions and compliance burden for
small banks and credit unions, which
have limited staffing. Commenters also
stressed that small credit unions may
find it costly to hire third parties to
ensure the independence of the credit
review function. One commenter called
for an exemption for small institutions
and requested that the agencies adopt
alternative independence standards,
such as those articulated in the
agencies’ appraisal guidance, which
would allow third-party staff members
or an independent lender to confirm the
risk rating of another lender. This
commenter also suggested a rotation of
duties as a way to achieve
independence in the credit risk review
function. Another commenter noted that
the boards of directors of small, closely
held institutions may be involved in the
credit process from the beginning, and
the board’s input and participation in
loan origination can be more important
14 Footnote 6 states that small or rural institutions
that have few resources or employees may adopt
modified credit risk review procedures and
methods to achieve a proper degree of
independence. For example, in the review process,
such an institution may use qualified members of
the staff, including loan officers, other officers, or
directors, who are not involved with originating or
approving the specific credits being assessed and
whose compensation is not influenced by the
assigned risk ratings. It is appropriate to employ
such modified procedures when more robust
procedures and methods are impractical. Institution
management and the board, or a board committee,
should have reasonable confidence that the
personnel chosen will be able to conduct reviews
with the needed independence despite their
position within the loan function.
E:\FR\FM\01JNN1.SGM
01JNN1
33284
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
jbell on DSKJLSW7X2PROD with NOTICES
than the subsequent credit review that
happens post origination.
As stated above, the agencies
recognize that small institutions with
few resources may need to adopt
modified credit risk review procedures
in order to achieve a proper degree of
independence, as previously referenced
in footnote 6 of the proposed guidance.
That footnote states that small or rural
institutions with few resources may use
qualified members of the staff, including
loan officers, other officers, or directors,
who are not involved with originating or
approving the specific credits being
assessed and whose compensation is not
influenced by the assigned risk ratings
in the credit risk review process. The
footnote also states that institution
management and the board, or board
committee, should have reasonable
confidence that the personnel chosen
will be able to conduct reviews with the
needed independence despite their
position within the loan function.
Commenters asked for clarification on
the reporting structure of credit risk
review. The OCC, Board, and FDIC note
that the Interagency Guidelines
Establishing Standards for Safety and
Soundness 15 state that an institution
should have internal controls and
information systems that are appropriate
to the size of the institution, as well as
nature, scope and risk of its activities,
including clear lines of authority and
responsibility for monitoring adherence
to established policies. This statement
applies to policies for a system of
independent, ongoing credit review and
appropriate communication to
management and to the board of
directors. Whether or not the institution
has a dedicated credit risk review
department, it is prudent for the credit
risk review function to report directly to
the institution’s board of directors or a
committee thereof. This reporting
structure allows the credit risk review
function to provide the board of
directors with an independent
assessment of the overall quality of loan
portfolios and other areas of credit
exposure as mandated. Senior
management may be responsible for
appropriate administrative functions,
provided such an arrangement does not
compromise the independence of the
credit risk review function.
E. Current Expected Credit Losses
The agencies received a number of
comments related to the CECL
methodology as described in FASB ASC
Topic 326.16 Some commenters
note 2.
to the final Interagency Policy Statement
on Allowances for Credit Losses published
cautioned the agencies against
incorporating FASB ASC Topic 326 into
the credit review final guidance because
this would create a complex
methodology that many institutions
would be unable to implement. For
example, one commenter expressed
concern with maintaining historical loss
experience on a segment level because
loan segmentation under FASB ASC 326
may be more granular than what is
currently maintained and may change
over time. Commenters on the proposed
credit review guidance noted that while
institutions with large and complex loan
portfolios typically maintain records of
their historical loss experience for
credits in each of the categories in their
risk rating framework, this may not be
the case in smaller institutions.
The final guidance is intended to be
flexible and consistent with CECL, but
it does not incorporate FASB Topic 326.
The agencies have observed that
maintenance of historical loss
information has traditionally been part
of an effective credit risk grading
framework for institutions of all sizes as
it provides a basis for credit loss
estimation for various credit types.
Institutions have flexibility in how
historical loss data information is
maintained to the extent that it provides
sufficient information to inform and
help confirm the accuracy of risk rating
similar credits. To provide further
clarity and to emphasize the flexibility
available to institutions, the agencies
have modified the final guidance to read
‘‘evaluation of the institution’s
historical loss experience for each of the
groups of loans with similar risk
characteristics into which it has
segmented its loan portfolio.’’
Some commenters recommended that
the agencies clarify credit risk review’s
role in determining ACLs. One
commenter asked for clarification on
whether credit risk review functions
must conduct risk-specific assessments
on the valuations of financial assets
measured at an amortized cost basis,
such as held-to-maturity securities.
With regard to institutions that produce
economic forecast estimations as a
component of their ACL estimate, the
commenter also asked whether credit
risk review functions should integrate
and align the economic forecast
estimations into qualitative assessments
of individual loans and portfolios.
As discussed previously, the agencies
are issuing this final guidance as a
standalone document separate from any
guidance on estimation of expected
credit losses, as credit risk review is an
15 Supra
16 Refer
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
elsewhere in this issue of the Federal Register for
more details on CECL methodology.
PO 00000
Frm 00206
Fmt 4703
Sfmt 4703
important component of safety and
soundness on its own. Commenters
should refer to the Interagency Policy
Statement on Allowances for Credit
Losses 17 regarding how credit risk
review can facilitate the loss estimation
process.
IV. Paperwork Reduction Act
In accordance with the requirements
of the Paperwork Reduction Act of 1995
(PRA),18 the agencies may not conduct
or sponsor, and the respondent is not
required to respond to, an information
collection unless it displays a currently
valid Office of Management and Budget
(OMB) control number.
The final guidance will not create any
new or revise any existing collections of
information under the PRA. Therefore,
no information collection request will
be submitted to the OMB for review.
V. Final Guidance
The text of the final guidance is as
follows:
INTERAGENCY GUIDANCE ON
CREDIT RISK REVIEW SYSTEMS
Introduction
The Interagency Guidelines
Establishing Standards for Safety and
Soundness (Guidelines) 1 underscore the
critical importance of credit risk review
and set safety and soundness standards
for insured depository institutions to
establish a system for independent,
ongoing credit risk review, and for
appropriate communication to their
management and boards of directors.2
This guidance, which aligns with the
Guidelines, is appropriate for all
institutions 3 and describes a broad set
of practices that can be used either
within a dedicated unit or across
multiple units throughout an institution
to form a credit risk review system that
is consistent with safe and sound
lending practices. This guidance
outlines principles that an institution
17 This guidance is contained in a separate
document published elsewhere in this issue of the
Federal Register.
18 44 U.S.C. 3501–3521.
1 12 CFR part 30, appendix A (OCC); 12 CFR part
208, appendix D–1 (Board); and 12 CFR part 364,
appendix A (FDIC). Part 723 of NCUA Rules and
Regulations (12 CFR part 723).
2 For foreign banking organization branches,
agencies, or subsidiaries not operating under single
governance in the United States, the U.S. risk
committee would serve in the role of the board of
directors for purposes of this guidance.
3 For purposes of this guidance, regulated
institutions are those supervised by the following
agencies: The Board of Governors of the Federal
Reserve System (Board), the Federal Deposit
Insurance Corporation (FDIC), the National Credit
Union Administration (NCUA), and the Office of
the Comptroller of the Currency (OCC), hereafter
referred to as the ‘‘agencies.’’
E:\FR\FM\01JNN1.SGM
01JNN1
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
should consider in developing and
maintaining an effective credit risk
review system.
jbell on DSKJLSW7X2PROD with NOTICES
Overview of Credit Risk Review
Systems
The nature of credit risk review
systems 4 varies based on an
institution’s size, complexity, loan
types, risk profile, and risk management
practices. For example, in smaller or
less complex institutions, a credit risk
review system may include qualified
members of the staff, including loan
officers, other officers, or directors, who
are independent of the credits being
assessed. In larger or more complex
institutions, a credit risk review system
may include components of a dedicated
credit risk review function that are
independent of the institution’s lending
function.5 A credit risk review system
may also include various
responsibilities assigned to credit
underwriting, loan administration, a
problem loan workout group, or other
organizational units of an institution.
Among other responsibilities, these
groups may administer the internal
problem loan reporting process,
maintain the integrity of the credit risk
rating process, confirm that timely and
appropriate changes are made to risk
ratings, and support the quality of
information used to estimate the
4 The credit risk review function is not intended
to be performed by an institution’s internal audit
function. However, as discussed in the agencies’
March 2003 Interagency Policy Statement on the
Internal Audit Function and its Outsourcing (2003
policy statement), some institutions coordinate the
internal audit function with several risk monitoring
functions, such as the credit risk review function.
The 2003 policy statement states that coordination
of credit risk review with the internal audit
function can facilitate the reporting of material risk
and control issues to the audit committee, increase
the overall effectiveness of these monitoring
functions, better utilize available resources, and
enhance the institution’s ability to comprehensively
manage risk. However, an effective internal audit
function maintains the ability to independently
audit the credit risk review function. (The NCUA
was not an issuing agency of the 2003 policy
statement.)
5 Credit risk review may be referred to as loan
review, credit review, asset quality review, or
another name as chosen by an institution. The role
of, expectations for, and scope of credit risk review
as discussed in this document are distinct from the
roles, expectations, and scope of work performed by
other groups within an institution that are also
responsible for monitoring, managing and reporting
credit risk. Examples may be those involved with
lending functions, independent risk management,
loan work outs, and accounting. Each institution
indicates in its own policies and procedures the
specific roles and responsibilities of these different
groups, including separation of duties. A credit risk
review unit, or individuals serving in that role, can
rely on information provided by other units in
developing its own independent assessment of
credit risk in loan portfolios, but the credit risk
review unit critically evaluates such information to
maintain its own view, as opposed to relying
exclusively on such information.
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
Allowance for Credit Losses (ACL) or
the Allowance for Loan and Lease
Losses (ALLL), as applicable.
Additionally, some or all of the credit
risk review function may be performed
by a qualified third party.
Regardless of the structure, an
effective credit risk review system
accomplishes the following objectives:
• Promptly identifies loans with
actual and potential credit weaknesses
so that timely action can be taken to
strengthen credit quality and minimize
losses.
• Appropriately validates and, if
necessary, adjusts risk ratings,
especially for those loans with potential
or well-defined credit weaknesses that
may jeopardize repayment.
• Identifies relevant trends that affect
the quality of the loan portfolio and
highlights segments of those portfolios
that are potential problem areas.
• Assesses the adequacy of and
adherence to internal credit policies and
loan administration procedures and
monitors compliance with applicable
laws and regulations.
• Evaluates the activities of lending
personnel and management, including
compliance with lending policies and
the quality of their loan approval,
monitoring, and risk assessment.
• Provides management and the
board of directors with an objective,
independent, and timely assessment of
the overall quality of the loan portfolio.
• Provides management with accurate
and timely credit quality information for
financial and regulatory reporting
purposes, including the determination
of an appropriate ACL or ALLL, as
applicable.
Credit Risk Rating (or Grading)
Framework
The foundation for any effective
credit risk review system is accurate and
timely risk ratings to assess credit
quality and identify or confirm problem
loans. An effective credit risk rating
framework includes the monitoring of
individual loans and retail credit
portfolios, or segments thereof, with
similar risk characteristics. An effective
framework also provides important
information on the collectibility of each
portfolio for use in the determination of
an appropriate ACL or ALLL, as
applicable. Further, an effective
framework generally places primary
reliance on the lending staff to assign
accurate and timely risk ratings and
identify emerging loan problems.
However, given the importance of the
credit risk rating framework, the lending
personnel’s assignment of risk ratings is
typically subject to review by qualified
and independent: (i) Peers, managers, or
PO 00000
Frm 00207
Fmt 4703
Sfmt 4703
33285
loan committee(s); (ii) part-time or fulltime employee(s); (iii) internal
departments staffed with credit review
specialists; or (iv) external credit review
consultants. A risk rating review that is
independent of the lending function and
approval process can provide a more
objective assessment of credit quality.6
An effective credit risk rating
framework includes the following
attributes:
• A formal credit risk rating system in
which the ratings reflect the risk of
default and credit losses, and for which
a written description of the credit risk
framework is maintained, including a
discussion of the factors used to assign
appropriate risk ratings to individual
loans and retail credit portfolios, or
segments thereof, with similar risk
characteristics.7
• Identification or grouping of loans
that warrant the special attention of
management or other designated ‘‘watch
lists’’ of loans that management is more
closely monitoring.8
• Clear explanation of why particular
loans warrant the special attention of
6 Small or rural institutions that have few
resources or employees may adopt modified credit
risk review procedures and methods to achieve a
proper degree of independence. For example, in the
review process, such an institution may use
qualified members of the staff, including loan
officers, other officers, or directors, who are not
involved with originating or approving the specific
credits being assessed and whose compensation is
not influenced by the assigned risk ratings. It is
appropriate to employ such modified procedures
when more robust procedures and methods are
impractical. Institution management and the board,
or a board committee, should have reasonable
confidence that the personnel chosen will be able
to conduct reviews with the needed independence
despite their position within the loan function.
7 A bank or savings association may have a credit
risk rating framework that differs from the
framework for loan classifications used by the
Federal banking agencies. Such banks and savings
associations should maintain documentation that
translates their risk ratings into the regulatory
classification framework used by the Federal
banking agencies. This documentation will enable
examiners to reconcile the totals for the various
loan classifications or risk ratings under the
institution’s system to the Federal banking agencies’
categories contained in the Uniform Agreement on
the Classification and Appraisal of Securities Held
by Depository Institutions Attachment 1—
Classification Definitions (OCC: OCC Bulletin
2013–28; Board: SR Letter 13–18; and FDIC: FIL–
51–2013). The NCUA does not require credit unions
to adopt a uniform regulatory classification system.
Risk rating guidance for credit unions is set forth
in NCUA letters to credit unions 10–CU–02,
‘‘Current Risks in Business Lending and Sound Risk
Management Practices,’’ issued January 2010 and
10–CU–03, ‘‘Concentration Risk,’’ issued March
2010. See also the Commercial and Member
Business Loans section of the NCUA Examiner’s
Guide (Commercial and Member Business Loans >
Credit Risk Rating Systems) and the preamble to 1
CFR parts 701, 723, and 741 Member Business
Loans; Commercial Lending: Proposed Rule July
2015.
8 In addition to loans designated as ‘‘watch list,’’
this identification typically includes loans rated
special mention, substandard, doubtful, or loss.
E:\FR\FM\01JNN1.SGM
01JNN1
33286
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
management or have received an
adverse risk rating.
• Evaluation of the effectiveness of
approved workout plans.
• A method for communicating
direct, periodic, and timely information
to the institution’s senior management
and the board of directors or appropriate
board committee on the status of loans
identified as warranting special
attention or adverse classification, and
the actions taken by management to
strengthen the credit quality of those
loans.
• Evaluation of the institution’s
historical loss experience for each of the
groups of loans with similar risk
characteristics into which it has
segmented its loan portfolio.9
Elements of an Effective Credit Risk
Review System
An effective credit risk review system
starts with a written credit risk review
policy 10 that is reviewed and typically
approved at least annually by the
institution’s board of directors or
appropriate board committee to
evidence its support of, and
commitment to, maintaining an effective
system. Effective policies include a
description of the overall risk rating
framework and establish responsibilities
for loan review based on the portfolio
being assessed. An effective credit risk
review policy addresses the following
elements, described in more detail
below: the qualifications and
independence of credit risk review
personnel; the frequency, scope, and
depth of reviews; the review of findings
and follow-up; and communication and
distribution of results.
jbell on DSKJLSW7X2PROD with NOTICES
Qualifications of Credit Risk Review
Personnel
An effective credit risk review
function is staffed with personnel who
are qualified based on their level of
education, experience, and extent of
formal credit training. Qualified
personnel are knowledgeable in both
sound lending practices and the
institution’s lending guidelines for the
types of loans offered by the institution.
The level of experience and expertise
for all personnel involved in the credit
risk review process is expected to be
commensurate with the nature of the
9 In particular, institutions with large and
complex loan portfolios typically maintain records
of their historical loss experience for credits in each
of the categories in their risk rating framework. For
banks and savings associations, these categories are
either those used by, or those that can be translated
into those used by, the Federal banking agencies.
10 See 12 CFR part 30, appendix A (OCC); 12 CFR
part 208, appendix D–1 (Board); and 12 CFR part
364, appendix A (FDIC). See also 12 CFR part 723
(NCUA).
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
risk and complexity of the portfolios. In
addition, qualified credit risk review
personnel possess knowledge of
relevant laws, regulations, and
supervisory guidance.
Independence of Credit Risk Review
Personnel
An effective credit risk review system
incorporates both the initial
identification of emerging problem
loans by loan officers and other line
staff, and an assessment of loans by
personnel independent of the credit
approval process. Placing primary
responsibility on loan officers, risk
officers, and line staff is important for
continuous portfolio analysis and
prompt identification and reporting of
problem loans. Because of frequent
contact with borrowers, loan officers
and line staff can usually identify
potential problems before they become
apparent to others. However,
institutions should be careful to avoid
over-reliance on loan officers and line
staff for identification of problem loans.
An independent assessment of risk is
achieved when personnel who perform
the loan review do not have control over
the loan and are not part of or
influenced by individuals associated
with the loan approval process.
While a larger institution may
establish a separate department staffed
with credit review specialists, cost and
volume considerations may not justify
such a system in a smaller institution.
For example, in the review process,
smaller institutions may use an
independent committee of outside
directors or qualified members of the
staff, including loan officers, other
officers, or directors, who are not
involved with originating or approving
the specific credits being assessed and
whose compensation is not influenced
by the assigned risk ratings. Whether or
not the institution has a dedicated credit
risk review department, it is prudent for
the credit risk review function to report
directly to the institution’s board of
directors or a committee thereof,
consistent with safety and soundness
standards. Senior management may be
responsible for appropriate
administrative functions provided such
an arrangement does not compromise
the independence of the credit risk
review function.
The institution’s board of directors, or
a committee thereof, may outsource the
credit risk review function to an
independent third party.11 However, the
11 For supervisory guidance related to outside
service providers, refer to SR letter 13–19/CA letter
13–21, ‘‘Guidance on Managing Outsourcing Risk,’’
issued by the Board on December 5, 2013; FIL–44–
PO 00000
Frm 00208
Fmt 4703
Sfmt 4703
responsibility for maintaining a sound
credit risk review system remains with
the institution’s board of directors. In
any case, institution personnel who are
independent from the lending function
typically assess risks, develop the credit
risk review plan, and verify appropriate
follow-up of findings. Outsourcing of
the credit risk review function to the
institution’s external auditor may raise
additional independence
considerations.12
Frequency of Reviews
An effective credit risk review system
provides for review and evaluation of an
institution’s significant loans, loan
products, or groups of loans typically
annually, on renewal, or more
frequently when internal or external
factors indicate a potential for
deteriorating credit quality or the
existence of one or more other risk
factors. The credit risk review function
can also provide useful continual
feedback on the effectiveness of the
lending process in order to identify any
emerging problems. Ongoing or periodic
review of an institution’s loan portfolio
is particularly important to the
estimation of ACLs or the ALLL because
loss expectations may change as the
credit quality of a loan changes. Use of
key risk indicators or performance
metrics by credit risk review
management can support adjustments to
the frequency and scope of reviews.
Scope of Reviews
Comprehensive and effective reviews
cover all segments of the loan portfolio
that pose significant credit risk or
concentrations, and other loans that
meet certain institution-specific criteria.
A properly designed scope considers the
current market conditions or other
external factors that may affect a
borrower’s current or future ability to
repay the loan. Establishment of an
appropriate review scope also helps
ensure that the sample of loans selected
for review, or portfolio segments
selected for review, is representative of
the portfolio as a whole and provides
reasonable assurance that any credit
quality deterioration or unfavorable
trends are identified. An effective credit
risk review function also considers
industry standards for credit risk review
coverage consistent with the
2008, ‘‘Guidance for Managing Third-Party Risk,’’
issued by the FDIC on June 6, 2008; and OCC
Bulletin 2013–29, ‘‘Third-Party Relationships: Risk
Management Guidance,’’ issued by the OCC on
October 30, 2013. For credit unions, refer to NCUA
letters to credit unions 01–CU–20 ‘‘Due Diligence
over Third Party Service Providers,’’ issued
November 2001 and 07–CU–13 ‘‘Evaluating Third
Party Relationships,’’ issued December 2007.
12 See footnote 4.
E:\FR\FM\01JNN1.SGM
01JNN1
Federal Register / Vol. 85, No. 105 / Monday, June 1, 2020 / Notices
jbell on DSKJLSW7X2PROD with NOTICES
institution’s size, complexity, loan
types, risk profile, and risk management
practices and helps to verify whether
the review scope is appropriate. The
institution’s board of directors or
appropriate board committee typically
approves the scope of the credit risk
review on an annual basis or whenever
significant interim changes are made in
order to adequately assess the quality of
the current portfolio. An effective scope
of credit risk review is risk-based and
typically includes:
• Loans over a predetermined size;
• A sufficient sample of smaller
loans, new loans, and new loan
products;
• Loans with higher risk indicators,
such as low credit scores, high credit
lines, or those credits approved as
exceptions to policy;
• Segments of loan portfolios,
including retail, with similar risk
characteristics such as those related to
borrower risk (e.g. credit history),
transaction risk (e.g. product and/or
collateral type), or other risk factors as
appropriate;
• Segments of the loan portfolio
experiencing rapid growth;
• Exposures from non-lending
activities that also pose credit risk;
• Past due, nonaccrual, renewed, and
restructured loans;
• Loans previously adversely
classified and loans designated as
warranting the special attention of the
institution’s management; 13
• Loans to insiders or related parties;
• Loans to affiliates;
• Loans constituting concentrations
of credit risk and other loans affected by
common repayment factors.
Depth of Transaction or Portfolio
Reviews
Loans and portfolio segments selected
for review are typically evaluated for:
• Credit quality, soundness of
underwriting and risk identification,
borrower performance, and adequacy of
the sources of repayment;
Æ When applicable, this evaluation
includes the appropriateness of
automated underwriting and credit
scoring, including prudent use of
overrides, as well as the effectiveness of
account management strategies,
collections, and portfolio management
activities in managing credit risk;
• Reasonableness of assumptions;
• Creditworthiness of guarantors or
sponsors;
• Sufficiency of credit and collateral
documentation;
• Proper lien perfection;
• Proper approvals consistent with
internal policies;
13 See
footnote 8.
VerDate Sep<11>2014
19:40 May 29, 2020
Jkt 250001
• Adherence to loan agreement
covenants;
• Adequacy of, and compliance with,
internal policies and procedures (such
as those related to nonaccrual and
classification or risk rating policies),
laws, and regulations;
• The appropriateness of credit loss
estimation for those credits with
significant weaknesses including the
reasonableness of assumptions used,
and the timeliness of charge-offs;
• The accuracy of risk ratings and the
appropriateness and timeliness of the
identification of problem loans by loan
officers.
Review of Findings and Follow-Up
An important activity of an effective
credit risk review system is the
discussion of the review findings,
including all noted deficiencies,
identified weaknesses, and any existing
or planned corrective actions (including
time frames for correction) with
appropriate loan officers, department
managers, and senior management. An
effective system includes processes for
all noted deficiencies and weaknesses
that remain unresolved beyond the
scheduled time frames for correction to
be promptly reported to senior
management and the board of directors
or appropriate board committee.
It is important to resolve risk rating
differences between loan officers and
loan review personnel according to a
pre-arranged process. That process may
include formal appeals procedures and
arbitration by an independent party or
may require default to the assigned
classification or risk rating that
indicates lower credit quality. If credit
risk review personnel conclude that a
loan or loan portfolio is of a lower credit
quality than is perceived by the
portfolio management staff, the lower
classification or risk rating typically
prevails unless internal parties identify
additional information sufficient to
obtain the concurrence of the
independent reviewer or arbiter on the
higher credit quality classification or
risk rating.
Communication and Distribution of
Results
Personnel involved in the credit risk
review process typically prepare a list of
all loans (and portfolio segments)
reviewed, the date of review, and a
summary analysis that substantiates the
risk ratings assigned to the loans
reviewed. Effective communication also
typically involves providing results of
the credit risk reviews to the board of
directors or appropriate board
PO 00000
Frm 00209
Fmt 4703
Sfmt 4703
33287
committee quarterly.14 Comprehensive
reporting includes comparative trends
that identify significant changes in the
overall quality of the loan portfolio, the
adequacy of, and adherence to, internal
policies and procedures, the quality of
underwriting and risk identification,
compliance with laws and regulations,
and management’s response to
substantive criticisms or
recommendations. Such comprehensive
reporting provides the board of directors
or appropriate board committee with
insight into the portfolio and the
responsiveness of management and
facilitates timely corrective action of
deficiencies.
Joseph M. Otting,
Comptroller of the Currency.
By order of the Board of Governors of the
Federal Reserve System.
Ann Misback,
Secretary of the Board.
Federal Deposit Insurance Corporation.
Dated at Washington, DC, on or about May
7, 2020.
Robert E. Feldman,
Executive Secretary.
By the National Credit Union
Administration Board.
Gerard Poliquin,
Secretary of the Board.
[FR Doc. 2020–10292 Filed 5–29–20; 8:45 am]
BILLING CODE 4810–33–P; 6210–01–P; 6714–01–P;
7535–01–P
DEPARTMENT OF VETERANS
AFFAIRS
Advisory Committee: VA National
Academic Affiliations Council, Notice
of Meeting
The Department of Veterans Affairs
(VA) gives notice under the Federal
Advisory Committee Act that the VA
National Academic Affiliations Council
(NAAC) will meet via conference call on
July 15, 2020, from 1:00 p.m. to 3:00
p.m. EST. The meeting is open to the
public.
The purpose of the Council is to
advise the Secretary on matters affecting
partnerships between VA and its
academic affiliates.
On July 15, 2020, the Council will
receive updates about VA’s COVID–19
response; receive briefings from its
Subcommittees; receive an update about
14 An effective credit risk review system provides
for informing the board of directors or appropriate
board committee more frequently than quarterly
when material adverse trends are noted. When an
institution conducts loan file reviews less
frequently than quarterly, the board or appropriate
board committee will typically receive results on
other credit risk review activities quarterly.
E:\FR\FM\01JNN1.SGM
01JNN1
]]>Agencies
[Federal Register Volume 85, Number 105 (Monday, June 1, 2020)]
[Notices]
[Pages 33278-33287]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-10292]
[[Page 33278]]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
[Docket ID OCC-2019-0018]
FEDERAL RESERVE SYSTEM
[Docket ID OP-1679]
FEDERAL DEPOSIT INSURANCE CORPORATION
RIN 3064-ZA09
NATIONAL CREDIT UNION ADMINISTRATION
RIN 3133-AF05
Interagency Guidance on Credit Risk Review Systems
AGENCY: Office of the Comptroller of the Currency (OCC), Treasury;
Board of Governors of the Federal Reserve System (Board); Federal
Deposit Insurance Corporation (FDIC); and National Credit Union
Administration (NCUA).
ACTION: Final guidance.
-----------------------------------------------------------------------
SUMMARY: The OCC, the Board, the FDIC, and the NCUA (collectively, the
agencies) are issuing final guidance for credit risk review (final
guidance). This guidance is relevant to all institutions supervised by
the agencies and replaces Attachment 1 of the 2006 Interagency Policy
Statement on the Allowance for Loan and Lease Losses. The final
guidance discusses sound management of credit risk, a system of
independent, ongoing credit review, and appropriate communication
regarding the performance of the institution's loan portfolio to its
management and board of directors.
DATES: The final guidance is available on June 1, 2020.
FOR FURTHER INFORMATION CONTACT:
OCC: Beth Nalyvayko, Bank Examiner, or Lou Ann Francis, Director,
Commercial Credit Risk, (202) 649-6670; or Kevin Korzeniewski, Counsel,
Chief Counsel's Office, (202) 649-5490. For persons who are hearing
impaired, TTY, (202) 649-5597.
Board: Constance Horsley, Deputy Associate Director, (202) 452-
5239; Kathryn Ballintine, Manager, (202) 452-2555; or Carmen Holly,
Lead Financial Institution Policy Analyst (202) 973-6122; or Alyssa
O'Connor, Attorney, Legal Division, (202) 452-3886, Board of Governors
of the Federal Reserve System, 20th and C Streets NW, Washington, DC
20551.
FDIC: Thomas F. Lyons, Chief, Policy & Program Development,
[email protected] (202) 898-6850); George J. Small, Senior Examination
Specialist, Risk Management Policy, [email protected] (917) 320-2750,
Risk Management Supervision; Ann M. Adams, Senior Examination
Specialist, Risk Management Policy, [email protected] (347) 751-2469,
Risk Management Supervision; or Andrew B. Williams II, Counsel,
[email protected]; (202) 898-3591), Supervision and Legislation
Branch, Legal Division, Federal Deposit Insurance Corporation; 550 17th
Street NW, Washington, DC 20429.
NCUA: Vincent H. Vieten, Senior Credit Specialist (703) 518-6618;
Uduak Essien, Director (703) 518-6399, Division of Credit Markets; or
Ian Marenna, Associate General Counsel (703) 518-6554, Office of
General Counsel.
SUPPLEMENTARY INFORMATION:
I. Background
In 2006, the OCC, the Board, the FDIC, and the NCUA (collectively
referred to as the agencies) issued the Interagency Policy Statement on
the Allowance for Loan and Lease Losses.\1\ Attachment 1 of that
statement, entitled ``Loan Review Systems,'' served as the agencies'
guidance on credit risk review (Attachment 1). Attachment 1
supplemented and aligned with other relevant agency issuances on credit
review, including the Interagency Guidelines Establishing Standards for
Safety and Soundness.\2\
---------------------------------------------------------------------------
\1\ See OCC Bulletin 2006-47; FDIC Financial Institution Letter
FIL-105-2006; Federal Reserve Supervision and Regulation (SR) letter
06-17; NCUA Accounting Bulletin No. 06-01.
\2\ 12 CFR part 30, appendix A (OCC); 12 CFR part 208, appendix
D-1 (Board); 12 CFR part 364 appendix A (FDIC). Also see 12 CFR part
723 (NCUA).
---------------------------------------------------------------------------
In October 2019, the agencies invited public comment on proposed
guidance on credit risk review (proposed guidance or proposal).\3\ The
proposed guidance would update and clarify Attachment 1. It also would
adjust terminology to be consistent with the current expected credit
losses (CECL) methodology, a recent accounting standards change.\4\ The
agencies are adopting the proposed guidance in final form (final
guidance), with certain revisions as discussed below. The final
guidance replaces Attachment 1 as the agencies' guidance on credit risk
review systems for all supervised institutions and is being issued as a
standalone document. Attachment 1 is rescinded as of June 1, 2020.
---------------------------------------------------------------------------
\3\ Interagency Guidance on Credit Risk Review Systems, 84 FR
55679 (Oct. 17, 2019).
\4\ See Financial Accounting Standards Board's, Accounting
Standards Codification Topic 326, which revises the accounting for
the allowances for credit losses (ACLs) and introduces the CECL
methodology. [The agencies' final guidance on CECL is contained in a
separate document published elsewhere in this issue of the Federal
Register.]
---------------------------------------------------------------------------
II. Overview of Comments
The agencies collectively received 19 comments on the proposed
guidance. Commenters included trade associations, banks, credit unions,
and members of the public.
Most commenters expressed general support for the guidance.
Commenters noted that the proposed guidance reflected sound practices
and principles, incorporated the core elements of credit risk review,
and did not represent a fundamental shift from Attachment 1. Some
commenters raised concerns including that the guidance was too
prescriptive.
The comments addressed a wide range of topics, and in some
instances, commenters requested clarifications to certain aspects of
the proposed guidance. For example, commenters discussed the role of
credit risk review including its relation to other functions, such as
internal audit; the appropriate scope, depth and frequency of credit
risk review activities; internal responsibility for an institution's
risk rating framework; the process for adjudicating risk rating
disputes; the communication of credit risk review results and
qualifications of credit risk review personnel; credit risk review in
the context of retail portfolios; and the use of technology and data in
credit risk review.
A number of commenters expressed concern with what they viewed as
the one-size-fits-all approach of the proposed guidance and the
potential burden to smaller institutions. Commenters requested that the
agencies specifically tailor the guidance to emphasize flexibility
based on an institution's risk profile or even exempt small
institutions from the guidance.
Some commenters discussed independence of the credit risk review
function and acknowledged that credit risk review provides a critical
and independent assurance role but noted that role has expanded in
scope and may overlap with duties performed by other functions
resulting in a duplication of efforts.
Commenters also expressed concern generally with the implementation
of the CECL methodology; the relationship of the proposed guidance to
Allowances for Credit Losses (ACL); and whether CECL would make credit
risk review more burdensome, particularly for smaller institutions.
[[Page 33279]]
III. Discussion of Comments on the Proposed Guidance
The agencies are finalizing the guidance with targeted changes and
clarifications to address the concerns raised by commenters. The
comments, and any revisions to the final guidance, are discussed below
and grouped based on the three questions posed in the proposal and
other related topics raised by commenters. The agencies' three
questions asked whether the proposed guidance reflected sound
practices, whether the proposed guidance was appropriate for
institutions of differing sizes, and whether the agencies should
include additional factors in the proposed guidance to help credit risk
review achieve a sufficient degree of independence.\5\
---------------------------------------------------------------------------
\5\ Question 1: To what extent does the proposed credit review
guidance reflect current sound practices for an institution's credit
risk review activities? What elements should be added or removed,
and why? Question 2: To what extent is the proposed credit review
guidance appropriate for institutions of all asset sizes? What
elements should be added or removed for institutions of differing in
sizes, and why? Question 3: What, if any, additional factors should
the agencies consider incorporating into the guidance to help
achieve a sufficient degree of independence and why? To what extent
does the approach described for small or rural institutions with
fewer resources or employees provide for an appropriate degree of
independence in the credit review function? What if any
modifications should the agencies consider and why?
---------------------------------------------------------------------------
The agencies emphasize that credit risk review is a significant
risk management function separate from the determination of the
appropriate reserve for credit losses. While the results of the credit
risk review can help ensure that the ACLs or Allowance for Loan and
Lease Losses (ALLL) adequately reflects risk in the institution's loan
portfolio, the agencies are addressing the implementation of CECL
separately from the final guidance.
A. General Application of Guidance
Some commenters indicated the guidance was too prescriptive; in one
case, a commenter considered the guidance excessively detailed and not
aligned with current practices for credit unions in particular. Others
indicated that the proposed guidance reflected foundational principles
and outlined elements of a sound credit risk program without mandating
how credit risk review should operate. Commenters also raised concerns
that the proposed guidance would be enforced as a regulation.
An effective credit risk review function is integral to the safe
and sound operation of every insured depository institution. To assist
institutions in the creation and operation of such functions, the
agencies have developed the final guidance to describe a broad set of
practices and principles for developing and maintaining a credit risk
review function consistent with safe and sound credit risk management
practices and the Interagency Guidelines Establishing Standards for
Safety and Soundness.\6\ However, the final guidance does not establish
any requirements or rules, nor does it mandate implementation of a
specific system or prescribe specific actions with which institutions
must comply.
---------------------------------------------------------------------------
\6\ Supra note 2.
---------------------------------------------------------------------------
One commenter expressed general concern about guidance being
applicable to all institutions, including credit unions, because the
commenter considered credit union operational practices as distinct
from those of other institutions. Another commenter called for the
guidance to address how it intersects with the NCUA Examiner's Guide.
The NCUA notes that credit risk is related to the characteristics of
the loan, and not the type of institution providing the financing. This
guidance is an appropriate reference to assist in establishing a credit
risk review function for both credit union and other institutions' loan
portfolios. Furthermore, the final guidance aligns with the NCUA
Examiner's Guide for commercial loans \7\ and 12 CFR part 723 of the
NCUA's regulations, and the NCUA supports the recommendations in this
final guidance as it pertains to retail and consumer loan portfolios.
The NCUA Examiner's Guide will be updated to reflect this new guidance.
---------------------------------------------------------------------------
\7\ See the Commercial and Member Business Loans section of the
NCUA Examiner's Guide (Commercial and Member Business Loans >
Commercial Loan Administration>Independent Loan Review).
---------------------------------------------------------------------------
B. Elements of the Guidance
Commenters addressed the role of credit risk review; scope, depth,
and frequency of reviews; responsibility for and determination of risk
ratings; timely communication of results; qualifications of credit risk
review personnel; tailoring of the guidance to retail portfolios; and
use of technology in the credit risk review process.
1. Role of Credit Risk Review
Some commenters called for the guidance to better delineate between
the responsibilities of credit risk review and other functions. As
provided in footnote 5 \8\ of the final guidance, the role of credit
risk review is distinct from the roles of other groups within an
institution that are also responsible for monitoring, managing, and
reporting credit risk. The agencies reiterate that institutions have
flexibility to determine the specific roles, responsibilities, and
duties of these different groups. The core responsibilities of a credit
risk review system are discussed in the final guidance under the
objectives of an effective credit risk review system, and include the
prompt identification of loans with credit weaknesses and the
validation and adjustment of risk ratings.
---------------------------------------------------------------------------
\8\ Footnote 5 states that credit risk review may be referred to
as loan review, credit review, asset quality review, or another name
as chosen by an institution. The role of, expectations for, and
scope of credit risk review as discussed in this document are
distinct from the roles, expectations, and scope of work performed
by other groups within an institution that are also responsible for
monitoring, managing and reporting credit risk. Examples may be
those involved with lending functions, independent risk management,
loan work outs, and accounting. Each institution indicates in its
own policies and procedures the specific roles and responsibilities
of these different groups, including separation of duties. A credit
risk review unit, or individuals serving in that role, can rely on
information provided by other units in developing its own
independent assessment of credit risk in loan portfolios, but the
credit risk review unit critically evaluates such information to
maintain its own view, as opposed to relying exclusively on such
information.
---------------------------------------------------------------------------
One commenter disagreed that a primary objective of credit risk
review was to promptly identify all loans with actual and potential
credit weaknesses. The commenter believed that this responsibility
primarily lies with the credit administration function while credit
risk review would identify such loans using a sample-based approach.
The guidance does not singularly assign the process of risk
identification to credit risk review; effective ongoing credit
administration practices allow other credit risk functions to have a
role in the prompt detection of changes in loan quality and appropriate
adjustments to the risk rating. As part of its independent risk rating
validation process, credit risk review may identify loans with
significant weaknesses and identifiable losses and adjust the risk
rating accordingly. The emphasis for credit risk review or any party
identifying credit risk is on timely and accurate identification of
credit weaknesses so that action can be taken to strengthen credit
quality and minimize loss.
Several commenters asked for clarification of credit risk review's
role in relation to internal audit. As discussed in footnote 4 \9\ of
the final
[[Page 33280]]
guidance, the credit risk review function is not intended to be
performed by an institution's internal audit function. The March 2003
Interagency Statement on the Internal Audit Function and Its
Outsourcing (2003 policy statement) \10\ discusses the coordination of
the internal audit function with risk monitoring functions, such as the
credit risk review function. The 2003 policy statement provides that
coordination of credit risk review with the internal audit function can
facilitate the reporting of material risk and control issues to the
audit committee, increase the overall effectiveness of these monitoring
functions, better utilize available resources, and enhance the
institution's ability to comprehensively manage risk.
---------------------------------------------------------------------------
\9\ Footnote 4 states that the credit risk review function is
not intended to be performed by an institution's internal audit
function. However, as discussed in the agencies' March 2003
Interagency Policy Statement on the Internal Audit Function and its
Outsourcing (2003 policy statement), some institutions coordinate
the internal audit function with several risk monitoring functions,
such as the credit risk review function. The 2003 policy statement
states that coordination of credit risk review with the internal
audit function can facilitate the reporting of material risk and
control issues to the audit committee, increase the overall
effectiveness of these monitoring functions, better utilize
available resources, and enhance the institution's ability to
comprehensively manage risk. However, an effective internal audit
function maintains the ability to independently audit the credit
risk review function. (The NCUA was not an issuing agency of the
2003 policy statement.)
\10\ The 2003 policy statement was issued by the Board, OCC, and
FDIC on March 17, 2003. See SR Letter 03-5, OCC Bulletin 2003-12,
FDIC Financial Institution Letter FIL-21-2003. NCUA was not a party
to the issuance.
---------------------------------------------------------------------------
Commenters noted that credit risk review and other banking units
should coordinate their activities and requested clarification of
whether it would be appropriate for credit risk review or for other
internal functions within a credit risk review system to perform
activities that are compliance or operational in nature, such as
confirming proper lien perfection and collateral documentation.
Commenters also stated that credit risk review provides support to
financial and regulatory reporting functions but does not directly
deliver outputs to these functions, and requested that the proposed
guidance be clarified in this regard.
While duties such as assuring lien perfection and collateral
confirmation might not be directly undertaken by the credit risk review
function, evaluation and confirmation of such actions is within the
scope of the credit risk review function and a key aspect of an
assessment of the overall quality of the credit. The credit risk review
function may use information generated by other functions when
developing an independent assessment of credit risk, but footnote 5 of
the final guidance provides that such information is typically subject
to critical challenge and evaluation and a credit risk review function
typically does not rely exclusively on such information.
Some commenters indicated that credit risk review should not have a
role in evaluating workout plans, and requested that related language
be eliminated from the guidance. An effective workout plan is typically
designed to rehabilitate a troubled credit or to maximize the amount of
repayment ultimately collected and is therefore a loss mitigation
strategy. For this reason, Attachment 1 included similar language to
the proposed guidance on workout plans, as effective workout plans are
critical to managing risk in a loan portfolio. Since assessment of such
strategies is within the scope of the credit risk review's role, the
final guidance retains the reference to evaluating workout plans.
One commenter stated that one part of the proposed guidance allows
institutions to have a system concept for structuring credit risk
review whereas the latter part of the proposed guidance defined
specific roles for a credit review function. The commenter requested
clarification on the words ``system'' and ``function'' as used in the
guidance. The agencies have seen institutions use both terms when
referring to credit risk review, with the term used generally depending
on the size of the institution and composition of its risk review
framework. While the agencies incorporated both terms to provide
flexibility to institutions, the terms can be used interchangeably
depending on the institution's existing framework.
2. Scope
Commenters suggested that the agencies consider the nature of a
loan portfolio and the history and experience of an institution's
management team when determining the scope of credit risk review.
Commenters requested that the proposed guidance indicate that credit
review practices can be tailored when loans are seasoned and have a
history of performance and enhanced collateral positions. Some
commenters recommended that credit risk review focus on higher risk or
newer loans. The agencies reaffirm that, as stated in the proposal,
institutions may tailor their credit risk review practices based on a
number of factors, including the nature of the institution's loan
portfolio and overall risk profile.
Commenters requested clarification about whether the proposed
guidance covered non-lending activities. One commenter indicated that
these activities should not be within the scope of credit risk review,
while other commenters disagreed. Some commenters suggested that all
references to ``loans'' in the proposed guidance be changed to a
broader term that incorporates assets other than loans, such as
securities.
In response, the agencies recognize that credit risk may arise from
activities that are not specific to lending and encourage institutions
to consider whether such activities should be included in the scope of
the credit risk review function. For example, institutions that hold
investment securities or engage in capital markets, treasury, or
automated clearinghouse activities may elect to include the credit risk
related to these activities in the scope of a review. While the
examples of non-lending credit activities cited here are not
exhaustive, and may not apply to all institutions, they illustrate
other areas that management and the board of directors may consider in
the development of a review plan that reflects the risk profile of the
institution.
Further, some commenters expressed the view that smaller banks and
credit unions may have difficulty in identifying concentrations of
credit risk and other loans affected by common repayment factors.
Commenters stated that the phrase ``common repayment factors'' could
lead to a much larger scope of review. The OCC, Board, and FDIC note
that, under the Interagency Guidelines Establishing Standards for
Safety and Soundness,\11\ insured depository institutions should
establish and maintain a system that is commensurate with the
institution's size and the nature and scope of its operations to
identify problem assets and prevent deterioration in those assets,
which includes considering the size and potential risks of material
asset concentrations. The reference to ``common repayment factors'' is
meant to provide flexibility to institutions to consider a variety of
factors that are applicable to the institution's circumstances and
which may lead to a concentration of credit risk.
---------------------------------------------------------------------------
\11\ Supra note 2.
---------------------------------------------------------------------------
Commenters suggested that credit risk review focus on loans that
contain major, significant, or critical exceptions to policy, rather
than ``approved'' exceptions or loans with minor or administrative
policy exceptions. Commenters also suggested that there may be
``major'' exceptions to policy with strong mitigating factors that
suggest these exceptions may not warrant a focus in the review process.
The final guidance is not prescriptive and allows for institutions to
set their own parameters for determining the materiality of policy
exceptions that
[[Page 33281]]
should fall into the scope of a credit review.
Further, commenters suggested that credit risk review focus on
loans with high-risk indicators and asked the agencies to clarify that
institutions can define ``segments of the loan portfolio experiencing
rapid growth.'' Commenters suggested that it is appropriate for banks
and credit unions to define their own ``rapid growth'' targets for
credit review and to have independent loan review verify those targets.
This final guidance emphasizes that an effective scope is risk-based
and includes loans or portfolios that have high-risk indicators,
exceptions to policy, are experiencing rapid growth, or have other risk
attributes. The final guidance provides examples of high-risk
indicators and other characteristics of loans that may warrant
additional review, but does not prescribe specific targets or
thresholds. Institutions can select their own high-risk indicators,
keeping in mind how the indicators fit the characteristics of the
overall portfolio and how the indicators help to reinforce safe and
sound practices.
3. Depth
Commenters noted that the language in the proposed guidance stating
that loans selected for credit risk review are evaluated for
``sufficiency of credit and collateral documentation'' was too broad.
The final guidance does not recommend that credit risk review perform
or oversee the loan documentation process. However, because inadequate
loan documentation and lien perfection may adversely impact the risk
rating and could result in losses for a financial institution,
effective credit risk review often includes the evaluation of loan
documentation as part of the overall assessment of the credit risk of a
particular transaction. In doing so, effective credit risk review
assesses and evaluates information from departments responsible for
loan documentation and highlights identified concerns in the reports to
management, including recommendations for their resolution.
One commenter recommended removing language in the proposed
guidance stating that loans selected for credit risk review are
evaluated for ``quality of the information used in the credit loss
estimation process, including the reasonableness of assumptions used
and the timeliness of charge-offs.'' The commenter suggested that
credit review should not validate the translation of loss numbers;
rather, internal audit and external auditors should review accuracy,
timeliness, and consistency of charge-offs.
The bullet in the proposed guidance mentioning quality of the
information used in the credit loss estimation process was not intended
to expand the review of such information beyond that of the original
Attachment 1. The focus of Attachment 1 was on assessing the adequacy
of the identification and related impairment calculation of
individually impaired loans under the ALLL methodology, a process which
will no longer be applicable to loans evaluated under CECL. In order to
direct the focus and applicability of the review under both allowance
methodologies, the agencies have revised the language in the final
guidance to read as follows: ``The appropriateness of credit loss
estimation for those credits with significant weaknesses including the
reasonableness of assumptions used, and the timeliness of charge-
offs.'' Additionally, the agencies acknowledge that the calculation of
estimated ACL or ALLL is not the role of credit risk review. However,
effective credit risk review results help ensure that the ACL or ALLL
adequately reflects risk in the credit portfolio. In performing its
assessment of reasonableness, credit risk review can leverage work
performed in this area by other functions, such as internal audit.
Several commenters suggested that evaluating the validity of
underwriting assumptions was too broad of an activity for credit risk
review, and could imply that credit risk review is responsible for back
testing assumptions. Commenters suggested that the agencies should
instead refer to evaluating the ``reasonableness'' of assumptions, such
as borrower cash flow forecasts. In response, the final guidance has
been revised to provide that such loans, and segments of portfolios,
selected for review are generally reviewed for the reasonableness of
assumptions. Back testing the validity of assumptions is often a part
of the underwriting and monitoring processes. Credit risk review can
use this information, if available, when making their assessments.
Commenters indicated that institutions should receive credit during
a review if back testing of initial loan risk ratings shows a high
level of accuracy. Similarly, commenters suggested that the agencies'
guidance should focus less on risk evaluation, but instead focus on the
front-end loan evaluation by bank staff. The focus of the credit risk
review system is on the assessment of credit quality in the credit
portfolios, which is an important input into the determination of the
ACL and ALLL. An effective credit risk review system considers any
information available that can impact or provide insight into the
quality of the portfolio. To the extent that back testing results are
available, they can be considered by credit risk review staff in their
assessment of credit quality.
4. Frequency
Several commenters raised questions about the frequency of credit
risk reviews and requested clarification as to when it is appropriate
for reviews to be conducted less frequently than annually. Commenters
suggested there are instances in which less frequent reviews are
appropriate, such as for well-managed institutions with lower risk
portfolios. Commenters also requested that the proposed guidance
respect the authority of a board of directors to approve when audits
and loan reviews are completed, and how frequently reports are
reviewed. With respect to the credit risk review policy, one commenter
suggested that frequency of review should be determined by a firm's
board of directors.
Consistent with the principles in the final guidance, each
institution has the flexibility to set the scope of coverage and
frequency of reviews based on the institution's specific circumstances
while continuing to operate in a safe and sound manner. Accordingly,
the agencies have clarified in the final guidance that effective credit
risk reviews are typically performed annually. However, in certain
circumstances more frequent reviews may be necessary. Reviews that are
less frequent are typically well supported and reflective of low risk
portfolios, are conducted consistent with safe and sound practices, and
are approved by the institution's board of directors or board committee
thereof. The agencies have clarified in the final guidance that an
effective credit risk review system starts with a written credit risk
review policy that is typically reviewed and approved at least
annually.
5. Risk rating responsibility and adjudication
Several commenters observed that the proposed guidance provided an
opportunity to establish which area or department at the institution
will have responsibility over risk rating dispositions within the
credit review function. Commenters asked if credit risk review should
always be the final arbiter of a risk rating, even if credit risk
review's rating is less conservative than that determined by the
business line. Commenters requested that the proposed guidance clarify
that an institution's board of directors retains
[[Page 33282]]
the responsibility for maintaining a bank's credit risk rating and
establishing relevant policies. Some commenters questioned whether the
proposed guidance would require institutions to employ an arbitration
process.
The agencies believe that the language as proposed describes a
clear disposition process for adjudicating risk ratings that is
flexible for institutions of all sizes. In particular, the final
guidance addresses risk rating differences between the credit risk
review and areas responsible for loan approval. Typically, the lower
credit quality classification or risk rating assigned by credit risk
review prevails unless there is additional information that would
support a higher credit quality classification or risk rating. The
final guidance also discusses a risk rating framework that is
consistent with safe and sound practices and the agencies' guidelines
for supervisory classifications.\12\
---------------------------------------------------------------------------
\12\ Two commenters requested clarification from the NCUA
regarding whether credit unions are required to adopt the loan
classification system described in footnote 7 of the guidance. The
NCUA does not require credit unions to adopt the regulatory
classifications of substandard, doubtful or loss. However, NCUA does
support the use of these classifications, as defined by the other
banking agencies, as an effective method for rating adversely
classified loan risk. See the Commercial and Member Business Loans
section of the NCUA Examiner's Guide (Commercial and Member Business
Loans > Credit Risk Rating Systems> Credit Risk Rating Categories).
---------------------------------------------------------------------------
6. Communication of Results
In general, commenters expressed support for credit risk review
reporting directly to the board of directors. Other commenters
indicated that the language in the proposed guidance was too
prescriptive, particularly regarding communication to the board at
least quarterly. Commenters recommended that the proposed guidance
permit boards of directors to tailor their policies based on the size,
scope, and complexity of the loan portfolio, as well as to the
complexity of a loan itself.
The agencies believe that it is consistent with safe and sound
lending practices to have the credit risk review function report
findings regularly and directly to the institution's board of directors
or a committee thereof. Institutions have discretion to determine the
frequency and extent of such reporting, taking into account the nature
of their loan portfolios and the importance of informing the board of
directors on credit risk. To clarify this flexibility, the proposed
guidance was revised to state that effective communication typically
involves providing results of the credit risk reviews to the board of
directors or appropriate board committee quarterly. This change
emphasizes that quarterly reporting of results is a typical practice,
but institutions have room to adjust the frequency given their risk
profile and consistent with safety and soundness.
One commenter noted that the guidance should specifically recommend
tracking forward-looking indicators to help identify risk trends to
support informed decisions and proactive risk mitigation. The agencies
acknowledge that forward-looking indicators such as portfolio
concentration trends, shifting underwriting standards, and risk rating
migrations are consistent with proactive risk management activities.
The agencies recognize that institutions may develop internal
parameters for establishing, tracking, and reporting forward-looking
indicators of credit exposure that are specific to the institution's
business model and lending activities. The agencies believe that
language in the proposed guidance is sufficient to address this issue.
Commenters also requested that the agencies clarify that only
``material'' deficiencies and weaknesses that remain unresolved beyond
the scheduled time frames for correction should be promptly reported to
senior management and the board of directors or appropriate board
committee. The agencies believe that an effective credit review system
should report all noted deficiencies and weaknesses to the board of
directors. Credit review may prioritize findings of weaknesses or
deficiencies; however, allowing management to determine the materiality
of findings can compromise the independence of the credit review
process.
7. Qualifications of Personnel
One commenter suggested that footnote 4 of the proposed guidance be
revised to emphasize the importance of the qualifications,
independence, and expertise of personnel conducting the internal audit
of a credit risk review system or function. The OCC, Board, and FDIC
believe that the qualifications of audit personnel are sufficiently
addressed in the 2003 policy statement, which is referenced in the
final guidance.
One commenter noted that with respect to credit risk review staff,
knowledge of an institution's membership and experience with
underwriting are key factors in determining the qualifications of
credit risk review personnel. This final guidance broadly addresses the
experience of personnel, which would include knowledge of the
institution's portfolio and experience with underwriting. Specific
personnel qualifications are the purview of management and the board
and are typically reflective of the institution's business model.
8. Retail and Consumer Portfolios
The agencies received a number of comments regarding the
differences in characteristics between retail (consumer) and commercial
loan portfolios, as well as the processes, techniques, tools, data and
technology used to conduct credit risk review of retail loan
portfolios. One commenter stated that the proposed guidance
inadequately differentiated between product types and exposures of
commercial and retail loans. The commenter stated that the use of
manual review of individual loans to assign and validate risk ratings
would be impractical for a large portfolio of smaller retail loans.
The agencies recognize that differences between retail and most
commercial loans and portfolios may justify differences in approaches,
techniques, and tools for conducting credit risk review. The proposed
guidance was designed so that institutions may apply its principles to
the review of all loans and portfolios, including retail loan
portfolios. In response to comments received, the agencies have made
revisions to the final guidance in order to provide flexibility to
institutions in determining the scope and depth of the loan review for
all loan portfolios. The revisions for the final guidance discussed
below reflect existing industry practices. They are applicable to all
types of loan portfolios, but especially for retail portfolios.
Specifically, the final guidance includes language in a new bullet
under the ``Scope of Reviews'' section, which acknowledges that
institutions may determine the scope of the credit risk review by
segmenting or grouping loans based on similar risk characteristics,
such as those related to borrower risk, transaction risk, and other
risk factors. The new bullet is intended to provide clarity and reflect
existing industry practices for retail portfolios. Similar references
to portfolio segments have been made in the ``Depth of Transaction or
Portfolio Reviews'' and ``Communication and Distribution of Results''
sections.
Additionally, the final guidance includes language in a new sub-
bullet under ``Depth of Transaction Reviews.'' The sub-bullet indicates
that, with regard to evaluating credit quality,
[[Page 33283]]
soundness of underwriting and risk identification, borrower
performance, and adequacy of the sources of repayment, ``[w]hen
applicable, this evaluation includes the appropriateness of automated
underwriting and credit scoring, including prudent use of overrides, as
well as the effectiveness of account management strategies,
collections, and portfolio management activities in managing credit
risk.''
The agencies have added the new sub-bullet in response to commenter
requests for more guidance on the applicability of the guidance to
retail loan portfolios. The new sub-bullet takes into account the fact
that some institutions, especially those with large retail portfolios,
may use models or other automated decision tools in their credit
decision or risk rating processes, and thus clarifies that effective
credit risk review can consider the appropriateness of the business
line's application of these tools in these processes. Further, an
effective credit risk review can consider the effectiveness of account
management strategies, such as credit line management, re-aging, and
extension/renewal in managing credit risk. An effective credit risk
review can also consider whether portfolio management activities, such
as risk identification and performance monitoring, and collection
policies and practices are commensurate with the institution's risk
profile and complexity of the products and loan structures offered.
9. Technology
Commenters posed a number of questions and comments related to the
use and governance of technology in credit risk review. Commenters
discussed the use of analytical and management information system
tools, particularly for consumer loans, and suggested that the guidance
recommend automation of risk data aggregation. The agencies believe
institutions have significant flexibility to use various types of
technology to assist in the credit risk review process; as such, the
agencies decline to recommend the use of any specific types of
technology.
One commenter expressed concern about the potential risks
associated with the use of models in various credit processes and
suggested that the proposed guidance emphasize the appropriateness and
effectiveness of reviewing credit model design, performance, and
governance. A commenter indicated that the guidance should include
robust governance of artificial intelligence algorithms. The agencies
recognize the importance of model risk management, which is discussed
in other existing guidance.\13\
---------------------------------------------------------------------------
\13\ See the interagency statement titled, Supervisory Guidance
on Model Risk Management, published by the Board in SR Letter 11-7
and OCC Bulletin 2011-12 on April 4, 2011. The FDIC adopted the
interagency statement on June 7, 2017. Institutions supervised by
the FDIC should refer to FIL 22-2017, Adoption of Supervisory
Guidance on Model Risk Management, including the statement of
applicability in the FIL.
---------------------------------------------------------------------------
C. Scalability of the Guidance
The agencies received numerous comments about whether the proposed
guidance is appropriate for institutions of all sizes. Several
commenters expressed concern with what they viewed as a one-size-fits-
all nature, and called for the proposed guidance to be tailored based
on the size and activities of the institution, as well as the
complexity of the loan portfolio. Commenters also requested
accommodations for smaller institutions, including credit unions. One
commenter stated the proposed guidance could impose higher costs on
smaller institutions because such costs cannot be spread across a large
asset base and requested the guidance provide more flexibility for
review activities. One commenter suggested that the proposed guidance
would benefit from additional discussion and analysis of how modest-
sized institutions with limited personnel would implement the guidance.
This commenter expressed concern that the proposed guidance would be
burdensome for such institutions and potentially require outsourcing of
credit risk review. Another commenter requested that the proposed
guidance specifically exempt small, non-complex rural institutions,
thereby allowing them to utilize their existing review functions.
Another commenter requested that the agencies clarify the proposed
guidance's applicability to large banks, including defining a large
institution based on asset size and examples of complex institutions
and explaining how supervisors make these determinations.
The agencies believe that the final guidance provides both small
and large institutions flexibility to tailor the credit review function
to the activities of the institution. For example, the final guidance
states that the nature of credit risk review varies based on an
institution's size, complexity, loan types, risk profile, and risk
management framework. In addition, as described under ``Independence of
Credit Risk Review Personnel,'' smaller or less complex institutions
have flexibility to use an independent committee of outside directors
or qualified members of the staff to perform the credit risk review
function. Footnote 6 \14\ of the final guidance emphasizes that small
or rural institutions that have few resources or employees may adopt
modified credit risk review procedures and methods to achieve a proper
degree of independence. As the final guidance notes, doing so is
appropriate when more robust procedures and methods are impractical.
The final guidance also notes that credit risk review systems in larger
institutions may include a dedicated credit risk review function.
Institutions of all sizes have the flexibility to tailor the various
principles and practices in the final guidance to systems appropriate
for their circumstances.
---------------------------------------------------------------------------
\14\ Footnote 6 states that small or rural institutions that
have few resources or employees may adopt modified credit risk
review procedures and methods to achieve a proper degree of
independence. For example, in the review process, such an
institution may use qualified members of the staff, including loan
officers, other officers, or directors, who are not involved with
originating or approving the specific credits being assessed and
whose compensation is not influenced by the assigned risk ratings.
It is appropriate to employ such modified procedures when more
robust procedures and methods are impractical. Institution
management and the board, or a board committee, should have
reasonable confidence that the personnel chosen will be able to
conduct reviews with the needed independence despite their position
within the loan function.
---------------------------------------------------------------------------
D. Independence Considerations
Some commenters suggested that creating the independence structure
described in the proposed guidance would be a problem for small banks
and credit unions. Commenters stated that doing so could lead to
duplicative functions and compliance burden for small banks and credit
unions, which have limited staffing. Commenters also stressed that
small credit unions may find it costly to hire third parties to ensure
the independence of the credit review function. One commenter called
for an exemption for small institutions and requested that the agencies
adopt alternative independence standards, such as those articulated in
the agencies' appraisal guidance, which would allow third-party staff
members or an independent lender to confirm the risk rating of another
lender. This commenter also suggested a rotation of duties as a way to
achieve independence in the credit risk review function. Another
commenter noted that the boards of directors of small, closely held
institutions may be involved in the credit process from the beginning,
and the board's input and participation in loan origination can be more
important
[[Page 33284]]
than the subsequent credit review that happens post origination.
As stated above, the agencies recognize that small institutions
with few resources may need to adopt modified credit risk review
procedures in order to achieve a proper degree of independence, as
previously referenced in footnote 6 of the proposed guidance. That
footnote states that small or rural institutions with few resources may
use qualified members of the staff, including loan officers, other
officers, or directors, who are not involved with originating or
approving the specific credits being assessed and whose compensation is
not influenced by the assigned risk ratings in the credit risk review
process. The footnote also states that institution management and the
board, or board committee, should have reasonable confidence that the
personnel chosen will be able to conduct reviews with the needed
independence despite their position within the loan function.
Commenters asked for clarification on the reporting structure of
credit risk review. The OCC, Board, and FDIC note that the Interagency
Guidelines Establishing Standards for Safety and Soundness \15\ state
that an institution should have internal controls and information
systems that are appropriate to the size of the institution, as well as
nature, scope and risk of its activities, including clear lines of
authority and responsibility for monitoring adherence to established
policies. This statement applies to policies for a system of
independent, ongoing credit review and appropriate communication to
management and to the board of directors. Whether or not the
institution has a dedicated credit risk review department, it is
prudent for the credit risk review function to report directly to the
institution's board of directors or a committee thereof. This reporting
structure allows the credit risk review function to provide the board
of directors with an independent assessment of the overall quality of
loan portfolios and other areas of credit exposure as mandated. Senior
management may be responsible for appropriate administrative functions,
provided such an arrangement does not compromise the independence of
the credit risk review function.
---------------------------------------------------------------------------
\15\ Supra note 2.
---------------------------------------------------------------------------
E. Current Expected Credit Losses
The agencies received a number of comments related to the CECL
methodology as described in FASB ASC Topic 326.\16\ Some commenters
cautioned the agencies against incorporating FASB ASC Topic 326 into
the credit review final guidance because this would create a complex
methodology that many institutions would be unable to implement. For
example, one commenter expressed concern with maintaining historical
loss experience on a segment level because loan segmentation under FASB
ASC 326 may be more granular than what is currently maintained and may
change over time. Commenters on the proposed credit review guidance
noted that while institutions with large and complex loan portfolios
typically maintain records of their historical loss experience for
credits in each of the categories in their risk rating framework, this
may not be the case in smaller institutions.
---------------------------------------------------------------------------
\16\ Refer to the final Interagency Policy Statement on
Allowances for Credit Losses published elsewhere in this issue of
the Federal Register for more details on CECL methodology.
---------------------------------------------------------------------------
The final guidance is intended to be flexible and consistent with
CECL, but it does not incorporate FASB Topic 326. The agencies have
observed that maintenance of historical loss information has
traditionally been part of an effective credit risk grading framework
for institutions of all sizes as it provides a basis for credit loss
estimation for various credit types. Institutions have flexibility in
how historical loss data information is maintained to the extent that
it provides sufficient information to inform and help confirm the
accuracy of risk rating similar credits. To provide further clarity and
to emphasize the flexibility available to institutions, the agencies
have modified the final guidance to read ``evaluation of the
institution's historical loss experience for each of the groups of
loans with similar risk characteristics into which it has segmented its
loan portfolio.''
Some commenters recommended that the agencies clarify credit risk
review's role in determining ACLs. One commenter asked for
clarification on whether credit risk review functions must conduct
risk-specific assessments on the valuations of financial assets
measured at an amortized cost basis, such as held-to-maturity
securities. With regard to institutions that produce economic forecast
estimations as a component of their ACL estimate, the commenter also
asked whether credit risk review functions should integrate and align
the economic forecast estimations into qualitative assessments of
individual loans and portfolios.
As discussed previously, the agencies are issuing this final
guidance as a standalone document separate from any guidance on
estimation of expected credit losses, as credit risk review is an
important component of safety and soundness on its own. Commenters
should refer to the Interagency Policy Statement on Allowances for
Credit Losses \17\ regarding how credit risk review can facilitate the
loss estimation process.
---------------------------------------------------------------------------
\17\ This guidance is contained in a separate document published
elsewhere in this issue of the Federal Register.
---------------------------------------------------------------------------
IV. Paperwork Reduction Act
In accordance with the requirements of the Paperwork Reduction Act
of 1995 (PRA),\18\ the agencies may not conduct or sponsor, and the
respondent is not required to respond to, an information collection
unless it displays a currently valid Office of Management and Budget
(OMB) control number.
---------------------------------------------------------------------------
\18\ 44 U.S.C. 3501-3521.
---------------------------------------------------------------------------
The final guidance will not create any new or revise any existing
collections of information under the PRA. Therefore, no information
collection request will be submitted to the OMB for review.
V. Final Guidance
The text of the final guidance is as follows:
INTERAGENCY GUIDANCE ON CREDIT RISK REVIEW SYSTEMS
Introduction
The Interagency Guidelines Establishing Standards for Safety and
Soundness (Guidelines) \1\ underscore the critical importance of credit
risk review and set safety and soundness standards for insured
depository institutions to establish a system for independent, ongoing
credit risk review, and for appropriate communication to their
management and boards of directors.\2\ This guidance, which aligns with
the Guidelines, is appropriate for all institutions \3\ and describes a
broad set of practices that can be used either within a dedicated unit
or across multiple units throughout an institution to form a credit
risk review system that is consistent with safe and sound lending
practices. This guidance outlines principles that an institution
[[Page 33285]]
should consider in developing and maintaining an effective credit risk
review system.
---------------------------------------------------------------------------
\1\ 12 CFR part 30, appendix A (OCC); 12 CFR part 208, appendix
D-1 (Board); and 12 CFR part 364, appendix A (FDIC). Part 723 of
NCUA Rules and Regulations (12 CFR part 723).
\2\ For foreign banking organization branches, agencies, or
subsidiaries not operating under single governance in the United
States, the U.S. risk committee would serve in the role of the board
of directors for purposes of this guidance.
\3\ For purposes of this guidance, regulated institutions are
those supervised by the following agencies: The Board of Governors
of the Federal Reserve System (Board), the Federal Deposit Insurance
Corporation (FDIC), the National Credit Union Administration (NCUA),
and the Office of the Comptroller of the Currency (OCC), hereafter
referred to as the ``agencies.''
---------------------------------------------------------------------------
Overview of Credit Risk Review Systems
The nature of credit risk review systems \4\ varies based on an
institution's size, complexity, loan types, risk profile, and risk
management practices. For example, in smaller or less complex
institutions, a credit risk review system may include qualified members
of the staff, including loan officers, other officers, or directors,
who are independent of the credits being assessed. In larger or more
complex institutions, a credit risk review system may include
components of a dedicated credit risk review function that are
independent of the institution's lending function.\5\ A credit risk
review system may also include various responsibilities assigned to
credit underwriting, loan administration, a problem loan workout group,
or other organizational units of an institution. Among other
responsibilities, these groups may administer the internal problem loan
reporting process, maintain the integrity of the credit risk rating
process, confirm that timely and appropriate changes are made to risk
ratings, and support the quality of information used to estimate the
Allowance for Credit Losses (ACL) or the Allowance for Loan and Lease
Losses (ALLL), as applicable. Additionally, some or all of the credit
risk review function may be performed by a qualified third party.
---------------------------------------------------------------------------
\4\ The credit risk review function is not intended to be
performed by an institution's internal audit function. However, as
discussed in the agencies' March 2003 Interagency Policy Statement
on the Internal Audit Function and its Outsourcing (2003 policy
statement), some institutions coordinate the internal audit function
with several risk monitoring functions, such as the credit risk
review function. The 2003 policy statement states that coordination
of credit risk review with the internal audit function can
facilitate the reporting of material risk and control issues to the
audit committee, increase the overall effectiveness of these
monitoring functions, better utilize available resources, and
enhance the institution's ability to comprehensively manage risk.
However, an effective internal audit function maintains the ability
to independently audit the credit risk review function. (The NCUA
was not an issuing agency of the 2003 policy statement.)
\5\ Credit risk review may be referred to as loan review, credit
review, asset quality review, or another name as chosen by an
institution. The role of, expectations for, and scope of credit risk
review as discussed in this document are distinct from the roles,
expectations, and scope of work performed by other groups within an
institution that are also responsible for monitoring, managing and
reporting credit risk. Examples may be those involved with lending
functions, independent risk management, loan work outs, and
accounting. Each institution indicates in its own policies and
procedures the specific roles and responsibilities of these
different groups, including separation of duties. A credit risk
review unit, or individuals serving in that role, can rely on
information provided by other units in developing its own
independent assessment of credit risk in loan portfolios, but the
credit risk review unit critically evaluates such information to
maintain its own view, as opposed to relying exclusively on such
information.
---------------------------------------------------------------------------
Regardless of the structure, an effective credit risk review system
accomplishes the following objectives:
Promptly identifies loans with actual and potential credit
weaknesses so that timely action can be taken to strengthen credit
quality and minimize losses.
Appropriately validates and, if necessary, adjusts risk
ratings, especially for those loans with potential or well-defined
credit weaknesses that may jeopardize repayment.
Identifies relevant trends that affect the quality of the
loan portfolio and highlights segments of those portfolios that are
potential problem areas.
Assesses the adequacy of and adherence to internal credit
policies and loan administration procedures and monitors compliance
with applicable laws and regulations.
Evaluates the activities of lending personnel and
management, including compliance with lending policies and the quality
of their loan approval, monitoring, and risk assessment.
Provides management and the board of directors with an
objective, independent, and timely assessment of the overall quality of
the loan portfolio.
Provides management with accurate and timely credit
quality information for financial and regulatory reporting purposes,
including the determination of an appropriate ACL or ALLL, as
applicable.
Credit Risk Rating (or Grading) Framework
The foundation for any effective credit risk review system is
accurate and timely risk ratings to assess credit quality and identify
or confirm problem loans. An effective credit risk rating framework
includes the monitoring of individual loans and retail credit
portfolios, or segments thereof, with similar risk characteristics. An
effective framework also provides important information on the
collectibility of each portfolio for use in the determination of an
appropriate ACL or ALLL, as applicable. Further, an effective framework
generally places primary reliance on the lending staff to assign
accurate and timely risk ratings and identify emerging loan problems.
However, given the importance of the credit risk rating framework, the
lending personnel's assignment of risk ratings is typically subject to
review by qualified and independent: (i) Peers, managers, or loan
committee(s); (ii) part-time or full-time employee(s); (iii) internal
departments staffed with credit review specialists; or (iv) external
credit review consultants. A risk rating review that is independent of
the lending function and approval process can provide a more objective
assessment of credit quality.\6\
---------------------------------------------------------------------------
\6\ Small or rural institutions that have few resources or
employees may adopt modified credit risk review procedures and
methods to achieve a proper degree of independence. For example, in
the review process, such an institution may use qualified members of
the staff, including loan officers, other officers, or directors,
who are not involved with originating or approving the specific
credits being assessed and whose compensation is not influenced by
the assigned risk ratings. It is appropriate to employ such modified
procedures when more robust procedures and methods are impractical.
Institution management and the board, or a board committee, should
have reasonable confidence that the personnel chosen will be able to
conduct reviews with the needed independence despite their position
within the loan function.
---------------------------------------------------------------------------
An effective credit risk rating framework includes the following
attributes:
A formal credit risk rating system in which the ratings
reflect the risk of default and credit losses, and for which a written
description of the credit risk framework is maintained, including a
discussion of the factors used to assign appropriate risk ratings to
individual loans and retail credit portfolios, or segments thereof,
with similar risk characteristics.\7\
---------------------------------------------------------------------------
\7\ A bank or savings association may have a credit risk rating
framework that differs from the framework for loan classifications
used by the Federal banking agencies. Such banks and savings
associations should maintain documentation that translates their
risk ratings into the regulatory classification framework used by
the Federal banking agencies. This documentation will enable
examiners to reconcile the totals for the various loan
classifications or risk ratings under the institution's system to
the Federal banking agencies' categories contained in the Uniform
Agreement on the Classification and Appraisal of Securities Held by
Depository Institutions Attachment 1--Classification Definitions
(OCC: OCC Bulletin 2013-28; Board: SR Letter 13-18; and FDIC: FIL-
51-2013). The NCUA does not require credit unions to adopt a uniform
regulatory classification system. Risk rating guidance for credit
unions is set forth in NCUA letters to credit unions 10-CU-02,
``Current Risks in Business Lending and Sound Risk Management
Practices,'' issued January 2010 and 10-CU-03, ``Concentration
Risk,'' issued March 2010. See also the Commercial and Member
Business Loans section of the NCUA Examiner's Guide (Commercial and
Member Business Loans > Credit Risk Rating Systems) and the preamble
to 1 CFR parts 701, 723, and 741 Member Business Loans; Commercial
Lending: Proposed Rule July 2015.
---------------------------------------------------------------------------
Identification or grouping of loans that warrant the
special attention of management or other designated ``watch lists'' of
loans that management is more closely monitoring.\8\
---------------------------------------------------------------------------
\8\ In addition to loans designated as ``watch list,'' this
identification typically includes loans rated special mention,
substandard, doubtful, or loss.
---------------------------------------------------------------------------
Clear explanation of why particular loans warrant the
special attention of
[[Page 33286]]
management or have received an adverse risk rating.
Evaluation of the effectiveness of approved workout plans.
A method for communicating direct, periodic, and timely
information to the institution's senior management and the board of
directors or appropriate board committee on the status of loans
identified as warranting special attention or adverse classification,
and the actions taken by management to strengthen the credit quality of
those loans.
Evaluation of the institution's historical loss experience
for each of the groups of loans with similar risk characteristics into
which it has segmented its loan portfolio.\9\
---------------------------------------------------------------------------
\9\ In particular, institutions with large and complex loan
portfolios typically maintain records of their historical loss
experience for credits in each of the categories in their risk
rating framework. For banks and savings associations, these
categories are either those used by, or those that can be translated
into those used by, the Federal banking agencies.
---------------------------------------------------------------------------
Elements of an Effective Credit Risk Review System
An effective credit risk review system starts with a written credit
risk review policy \10\ that is reviewed and typically approved at
least annually by the institution's board of directors or appropriate
board committee to evidence its support of, and commitment to,
maintaining an effective system. Effective policies include a
description of the overall risk rating framework and establish
responsibilities for loan review based on the portfolio being assessed.
An effective credit risk review policy addresses the following
elements, described in more detail below: the qualifications and
independence of credit risk review personnel; the frequency, scope, and
depth of reviews; the review of findings and follow-up; and
communication and distribution of results.
---------------------------------------------------------------------------
\10\ See 12 CFR part 30, appendix A (OCC); 12 CFR part 208,
appendix D-1 (Board); and 12 CFR part 364, appendix A (FDIC). See
also 12 CFR part 723 (NCUA).
---------------------------------------------------------------------------
Qualifications of Credit Risk Review Personnel
An effective credit risk review function is staffed with personnel
who are qualified based on their level of education, experience, and
extent of formal credit training. Qualified personnel are knowledgeable
in both sound lending practices and the institution's lending
guidelines for the types of loans offered by the institution. The level
of experience and expertise for all personnel involved in the credit
risk review process is expected to be commensurate with the nature of
the risk and complexity of the portfolios. In addition, qualified
credit risk review personnel possess knowledge of relevant laws,
regulations, and supervisory guidance.
Independence of Credit Risk Review Personnel
An effective credit risk review system incorporates both the
initial identification of emerging problem loans by loan officers and
other line staff, and an assessment of loans by personnel independent
of the credit approval process. Placing primary responsibility on loan
officers, risk officers, and line staff is important for continuous
portfolio analysis and prompt identification and reporting of problem
loans. Because of frequent contact with borrowers, loan officers and
line staff can usually identify potential problems before they become
apparent to others. However, institutions should be careful to avoid
over-reliance on loan officers and line staff for identification of
problem loans. An independent assessment of risk is achieved when
personnel who perform the loan review do not have control over the loan
and are not part of or influenced by individuals associated with the
loan approval process.
While a larger institution may establish a separate department
staffed with credit review specialists, cost and volume considerations
may not justify such a system in a smaller institution. For example, in
the review process, smaller institutions may use an independent
committee of outside directors or qualified members of the staff,
including loan officers, other officers, or directors, who are not
involved with originating or approving the specific credits being
assessed and whose compensation is not influenced by the assigned risk
ratings. Whether or not the institution has a dedicated credit risk
review department, it is prudent for the credit risk review function to
report directly to the institution's board of directors or a committee
thereof, consistent with safety and soundness standards. Senior
management may be responsible for appropriate administrative functions
provided such an arrangement does not compromise the independence of
the credit risk review function.
The institution's board of directors, or a committee thereof, may
outsource the credit risk review function to an independent third
party.\11\ However, the responsibility for maintaining a sound credit
risk review system remains with the institution's board of directors.
In any case, institution personnel who are independent from the lending
function typically assess risks, develop the credit risk review plan,
and verify appropriate follow-up of findings. Outsourcing of the credit
risk review function to the institution's external auditor may raise
additional independence considerations.\12\
---------------------------------------------------------------------------
\11\ For supervisory guidance related to outside service
providers, refer to SR letter 13-19/CA letter 13-21, ``Guidance on
Managing Outsourcing Risk,'' issued by the Board on December 5,
2013; FIL-44-2008, ``Guidance for Managing Third-Party Risk,''
issued by the FDIC on June 6, 2008; and OCC Bulletin 2013-29,
``Third-Party Relationships: Risk Management Guidance,'' issued by
the OCC on October 30, 2013. For credit unions, refer to NCUA
letters to credit unions 01-CU-20 ``Due Diligence over Third Party
Service Providers,'' issued November 2001 and 07-CU-13 ``Evaluating
Third Party Relationships,'' issued December 2007.
\12\ See footnote 4.
---------------------------------------------------------------------------
Frequency of Reviews
An effective credit risk review system provides for review and
evaluation of an institution's significant loans, loan products, or
groups of loans typically annually, on renewal, or more frequently when
internal or external factors indicate a potential for deteriorating
credit quality or the existence of one or more other risk factors. The
credit risk review function can also provide useful continual feedback
on the effectiveness of the lending process in order to identify any
emerging problems. Ongoing or periodic review of an institution's loan
portfolio is particularly important to the estimation of ACLs or the
ALLL because loss expectations may change as the credit quality of a
loan changes. Use of key risk indicators or performance metrics by
credit risk review management can support adjustments to the frequency
and scope of reviews.
Scope of Reviews
Comprehensive and effective reviews cover all segments of the loan
portfolio that pose significant credit risk or concentrations, and
other loans that meet certain institution-specific criteria. A properly
designed scope considers the current market conditions or other
external factors that may affect a borrower's current or future ability
to repay the loan. Establishment of an appropriate review scope also
helps ensure that the sample of loans selected for review, or portfolio
segments selected for review, is representative of the portfolio as a
whole and provides reasonable assurance that any credit quality
deterioration or unfavorable trends are identified. An effective credit
risk review function also considers industry standards for credit risk
review coverage consistent with the
[[Page 33287]]
institution's size, complexity, loan types, risk profile, and risk
management practices and helps to verify whether the review scope is
appropriate. The institution's board of directors or appropriate board
committee typically approves the scope of the credit risk review on an
annual basis or whenever significant interim changes are made in order
to adequately assess the quality of the current portfolio. An effective
scope of credit risk review is risk-based and typically includes:
Loans over a predetermined size;
A sufficient sample of smaller loans, new loans, and new
loan products;
Loans with higher risk indicators, such as low credit
scores, high credit lines, or those credits approved as exceptions to
policy;
Segments of loan portfolios, including retail, with
similar risk characteristics such as those related to borrower risk
(e.g. credit history), transaction risk (e.g. product and/or collateral
type), or other risk factors as appropriate;
Segments of the loan portfolio experiencing rapid growth;
Exposures from non-lending activities that also pose
credit risk;
Past due, nonaccrual, renewed, and restructured loans;
Loans previously adversely classified and loans designated
as warranting the special attention of the institution's management;
\13\
---------------------------------------------------------------------------
\13\ See footnote 8.
---------------------------------------------------------------------------
Loans to insiders or related parties;
Loans to affiliates;
Loans constituting concentrations of credit risk and other
loans affected by common repayment factors.
Depth of Transaction or Portfolio Reviews
Loans and portfolio segments selected for review are typically
evaluated for:
Credit quality, soundness of underwriting and risk
identification, borrower performance, and adequacy of the sources of
repayment;
[cir] When applicable, this evaluation includes the appropriateness
of automated underwriting and credit scoring, including prudent use of
overrides, as well as the effectiveness of account management
strategies, collections, and portfolio management activities in
managing credit risk;
Reasonableness of assumptions;
Creditworthiness of guarantors or sponsors;
Sufficiency of credit and collateral documentation;
Proper lien perfection;
Proper approvals consistent with internal policies;
Adherence to loan agreement covenants;
Adequacy of, and compliance with, internal policies and
procedures (such as those related to nonaccrual and classification or
risk rating policies), laws, and regulations;
The appropriateness of credit loss estimation for those
credits with significant weaknesses including the reasonableness of
assumptions used, and the timeliness of charge-offs;
The accuracy of risk ratings and the appropriateness and
timeliness of the identification of problem loans by loan officers.
Review of Findings and Follow-Up
An important activity of an effective credit risk review system is
the discussion of the review findings, including all noted
deficiencies, identified weaknesses, and any existing or planned
corrective actions (including time frames for correction) with
appropriate loan officers, department managers, and senior management.
An effective system includes processes for all noted deficiencies and
weaknesses that remain unresolved beyond the scheduled time frames for
correction to be promptly reported to senior management and the board
of directors or appropriate board committee.
It is important to resolve risk rating differences between loan
officers and loan review personnel according to a pre-arranged process.
That process may include formal appeals procedures and arbitration by
an independent party or may require default to the assigned
classification or risk rating that indicates lower credit quality. If
credit risk review personnel conclude that a loan or loan portfolio is
of a lower credit quality than is perceived by the portfolio management
staff, the lower classification or risk rating typically prevails
unless internal parties identify additional information sufficient to
obtain the concurrence of the independent reviewer or arbiter on the
higher credit quality classification or risk rating.
Communication and Distribution of Results
Personnel involved in the credit risk review process typically
prepare a list of all loans (and portfolio segments) reviewed, the date
of review, and a summary analysis that substantiates the risk ratings
assigned to the loans reviewed. Effective communication also typically
involves providing results of the credit risk reviews to the board of
directors or appropriate board committee quarterly.\14\ Comprehensive
reporting includes comparative trends that identify significant changes
in the overall quality of the loan portfolio, the adequacy of, and
adherence to, internal policies and procedures, the quality of
underwriting and risk identification, compliance with laws and
regulations, and management's response to substantive criticisms or
recommendations. Such comprehensive reporting provides the board of
directors or appropriate board committee with insight into the
portfolio and the responsiveness of management and facilitates timely
corrective action of deficiencies.
---------------------------------------------------------------------------
\14\ An effective credit risk review system provides for
informing the board of directors or appropriate board committee more
frequently than quarterly when material adverse trends are noted.
When an institution conducts loan file reviews less frequently than
quarterly, the board or appropriate board committee will typically
receive results on other credit risk review activities quarterly.
Joseph M. Otting,
Comptroller of the Currency.
By order of the Board of Governors of the Federal Reserve
System.
Ann Misback,
Secretary of the Board.
Federal Deposit Insurance Corporation.
Dated at Washington, DC, on or about May 7, 2020.
Robert E. Feldman,
Executive Secretary.
By the National Credit Union Administration Board.
Gerard Poliquin,
Secretary of the Board.
[FR Doc. 2020-10292 Filed 5-29-20; 8:45 am]
BILLING CODE 4810-33-P; 6210-01-P; 6714-01-P; 7535-01-P
