Getting Ready for CECL
I was at a risk conference put on by the ABA a couple of years ago and one of the hot topics was the coming new rules and adoption of Current Expected Credit Loss (CECL) accounting standard. At that time, the larger institutions had begun implementing their various strategies and approaches to meeting the new demands.
While the larger banks in the conference debated proxies that would be satisfactory be leading economic indicators, or the challenges in completeness of historical data (especially those that grew through mergers), there was the cadre of small bank’s sunk in the corners of the room, chewing on their breakfast sweetbread- relieved that they didn’t have to yet wade into the heady changes on how portfolio health and reserves should be accounted for under this standard approved by the Financial Accounting Standard Board.
Well put down the blueberry muffin cause the day is here at last. I had a community bank client call recently and ask about the process and challenges. The Supervisory Guidance on Model Risk Management (SR 11-7/OCC 2011-12) that was adopted by the FDIC in June of 2017 will indeed be in effect for smaller bank’s come the end of this year.
First things first- Panic and Don’t Panic
Yes, action taken at this time should be to first document your model processes used to estimate your allowance for credit loss (ACL). And ye best make sure that your senior risk officer has time put on the Board or at least Audit Committee (or Risk Committee) docket in the near future to review the options of what method and (if appropriate when outsourcing) what firm you have selected to help. Be ready to explain the suitability of the firm, model, and inputs to your institution’s risk appetite, portfolio composition, geography, and business focus. If your bank is focused on Commercial Real Estate on the beach, this exposure and risk should be reflected and documented in your selection.
Many clients that started this process would understandably focus on the account level data availability first. This can be a mistake as while these quantitative variables are going to be important in building the needed portfolio performance algorithm, equally important will be considering the quantitative factors that drive broader economic influences on the overall modeling process. If commercial office and professional buildings are an important focus of your lending activity, then variables such as price changes of leasing cost or vacancy in conjunction with unemployment rate might be an important leading indicator to represent the overall regional economic health. With these types of qualitative factors in mind, you want to ensure that these are not double counted in individual account level data such as vacancy space for an individual credit. Don’t forget that these forward-looking lead indicators of a softening economic cycle and should be paramount in your Enterprise Risk Scorecard key indicator (if you want to demonstrate connectivity to your overall enterprise risk framework!).
And yes, as shown back at the old ABA risk conference, data will be a challenge. Regardless of if you buy the data or have it in house, if it isn’t perfect- don’t panic- it doesn’t need to be. It DOES have to be persistent and constant (in other words, if there is a flaw in the data, if it is the same flaw, statistically it won’t harm the reserve calculation). Be sure to include documenting the testing and sampling of the data within your overall board review and discussion (at least annually). If you have data issues- if you can prove understanding of these faults and pinpoint or fence in the issues, this will go a long way with helping your regulators to understand you are heading in the right direction.
Many banks are utilizing outsourced third party model providers which can be expedient and economical. Be sure to avoid the “black box” syndrome, where algorithms or calculations are deemed proprietary by the vendor. Many clients have fallen into the trap of having a vague or fuzzy understanding of the critical variables and drivers of a given model- which led to blank stares when you need to prove why your CECL calculation is uniquely suitable for your institution when facing regulator questions. Again, make sure there is adequate working papers and documentation that align your model to your specific business risks or portfolio behaviors.
What’s the Monitoring Plan?
It is important to have an ongoing process to measure the model’s effectiveness. No sense in reinventing the wheel as this can be part of your internal audit model risk assessment. This could include stress testing (for extreme conditions), sensitivity testing of assumptions like probability to default/recovery time, or risk grade time lag, or back testing (as time allows going forward). Make monitoring and ongoing adjustments part of the implementation and you will be ahead of the game when it comes to the transition.
Putting it all Together
It is important that the modeling process isn’t relegated to just one corner of the organization. This effort should be part of a cross functional endeavor as it affects several areas of the bank; Credit risk, ALCO, accounting/finance, audit, board oversight, and sales to name a few. In personal experience, I feel that incorporating this process into your overall Enterprise Risk Management framework can work ideal for a number of reasons.
ERM, used primarily by large institutions, are now being adopted by smaller banks as an ideal way to ensure line of sight understanding of key risk, controls, indicator trends, and mitigating actions. This fits in well with ensuring the board, management and regulators all have a clear and collective understanding of the risk tolerance window of the bank and the tools that are in place to ensure course correction action is taken when needed. Items like model documentation (purpose, limitations, method, limitation, data dependencies, sensitivity and source of input and output), financial exposure, staffing (mandates, training), organizational structure, committee review, and controls, needed to satisfy the regulatory requirements, fit in well with a ERM framework discipline. In doing so, you are embedding a process that can be duplicated for other significant drivers of risk within the franchise- and thus no reinventing the wheel as changes occur.