As the world braces itself for the economic impact of COVID-19, banks are looking to credit risk models in an attempt to quickly understand and forecast the effects of such rapid change. But putting these models to work is no easy task.
At its core, risk modeling is a field largely driven by reasonable assumptions and historical relationships in data – which are being turned on their heads in the face of the sharp and unprecedented events that have unfolded during the early stages of this pandemic. And sure enough, as the pandemic spreads, most banks are finding that traditional loss forecasting models are quickly breaking down against these new external forces.
Banks will need to react quickly to a set of unique challenges if they hope to protect themselves against the rising tide of risk. Time is of the essence, as initial assumptions will serve as the cornerstone of credit decisioning amidst the current crisis, informing subsequent steps to mitigate further risk in the coming months.
In the following post, we’ll lay out the various challenges facing banks and the tools they’re using to inform forecasts.
Especially in the face of a global pandemic, it's essential that banks start with well-grounded economic assumptions. In all likelihood, banks that are required to perform DFAST and CCAR stress tests are turning to those models, alongside the severely adverse scenario provided by the Fed, which borrows characteristics from the 2008 housing crisis. But these scenarios alone, are unlikely to produce an accurate representation of the increased risk because of the fundamental differences between this and previous recessions.
A few key differences that bear noting:
Moody’s pandemic scenarios (as of March 27th 2020)
In many ways, a model is only as good as its training data – the observed historical relationships which are used to construct a statistical model. But in the case of the COVID crisis, which has proven itself to be a unique actor, it’s likely that loss forecasters will run into trouble, even if they can arrive at perfect economic foresight over next several quarters.
For banks that weathered the storm of the Great Recession, a wealth of information exists on the relationship between economic downturn and borrower behavior in their portfolios. It is common for risk modelers to leverage this information, when available, to build the economically sensitive models which are needed for regulatory stress testing. But when the drivers of recession are different – a housing crisis versus a highly contagious health threat – and the regulatory environment is dramatically changed, it is likely these relationships will no longer hold and thus models will not perform as well.
For instance, while credit risk during the Great Recession was highly correlated with home prices, a recent study conducted by Zillow concluded that home prices are more likely to freeze during a pandemic than see dramatic drops, as it is harder for prices to change when there are few transactions. Additionally, government moratoriums on foreclosures and the additional direction to offer assistance on mortgages backed by Freddie Mac, Fannie Mae, or the Federal Housing Administration will likely keep the bottom from falling out in the same way as 2008. Lastly, regulatory changes in credit reporting and the transition to a digital marketplace may change the historically observed relationships between borrower characteristics, the economy and overall credit risk.
Every modeling framework must make certain assumptions, and these assumptions connect a loss forecasting model to an underlying business use case. As these assumptions change, predictions made by these models may drastically change as well. In a worst-case scenario, a change in a model assumption may break down the system entirely.
Loss forecasters will need to evaluate the risks of underlying assumptions changing in the face of COVID and deeply understand the effects it could have on their credit loss estimation system. And while government relief programs or changes to internal policy may provide support to those directly impacted, they may become a significant roadblock to arriving at a timely estimation of losses.
Internal policies often ground the underlying assumptions that models are built upon and could be baked into the most foundational aspects of the way it’s constructed. So, when a bank adjusts its delinquency or charge-off policies, for instance, the deferral program that freezes account status could render models relying on the flow rate between delinquency buckets unusable.
And when we expand that universe to federal and state governments, we introduce yet another layer of uncertainty. Moody’s Analytics estimated a range of policy scenarios that could arise over the next several months, which are by no means representative of the entire range of outcomes. These policy decisions could easily sway the resilience of specific subsegments of the bank’s overall portfolio (i.e. stimulus payments to individuals could shift risk away from individual consumers) and/or create changes in borrower behavior (i.e. the lack of evictions results in borrowers prioritizing paying off credit card debt over home loans).
Moody’s policy scenarios (as of March 27, 2020)
Unless you’ve been under a rock for the last 12 years, you understand the pace of the digital marketplace, something that existed to a far lesser extent during the Great Recession. This go-around, banks will need to ensure that their credit risk models are robust to rapid change and new risk splitters.
Static models traditionally used in credit risk modeling are oftentimes built on a fixed population of loans, to draw predictive power from historical relationships. Under this framework, as new data flows in from month to month, traditional frameworks may not incorporate the newest information into the build population of the loss forecast. In this way, newly revealed relationships buried in the latest data may be overlooked. Models that do not take the latest information from the COVID crisis into account may not be robust to the changing environment and could see significant misses in identifying previously unobserved relationships.
Banks that have not reevaluated model inputs to include information related to the digital banking age may also face roadblocks in adapting to the current crisis. For instance, with an increased number of people sheltering in place, banks may see a dramatic rise in digital banking activity. Models that do not include information related to digital banking may miss obvious risk indicators that could otherwise be captured by this information. To that point, banks may want to consider adjusting which data features are examined during their credit risk analysis, particularly with data which may not have existed or been relevant during the great recession.
The speed at which COVID threatens to affect the economy makes this a truly unprecedented crisis. Whereas standard forecasts of economic stress from the federal reserve often take place gradually over several quarters, COVID threatens to affect rapid change over the span of just a few months. Because of this pace, it’s inevitable banks will feel the pressure of delivering quick insight into the various impact points of the crisis on their overall exposure to risk.
As is the case with large, unwieldy organizations, banks are bound to run into bottlenecks with making rapid updates to key processes across multiple scenarios. And even those with highly automated processes may be insufficiently resourced to run models at the pace of change or struggle to meet regulatory assurances from second second-line teams.
Given the mountain of challenges and variables that lay before us, it’s likely that banks will need to lean heavily on heuristics, back of the envelope calculations, and subject matter expertise to apply judgmental overlays to existing models. This will allow for the newest insights to be more quickly incorporated, as opposed to going through the lengthy model development process.
At this point in time, uncertainty reigns supreme. While banks are doing their best to make informed decisions, at the end of the day it’s still anybody’s best guess just how bad things will get. In the meantime, banks should place particular focus on quickly assessing the data and assumptions that their credit models are built upon and work to take them into account during their COVID analysis.
It is inevitable that loss forecasters will find weaknesses bubbling up in most models during the next several months, some of which are unexpected. Relying on a range of outcomes will be key to avoid over hedging on a specific methodology, and banks should aim to evaluate risk through a suite of different models and heuristics that cover each other’s blind spots.
Now more than ever, it is important for model development teams and business experts to form deep relationships to accurately understand how companywide and government policy will affect loss forecasting models. In times where forecasting becomes more difficult, banks with well-established processes for quickly monitoring credit at a daily level and then translate that knowledge into decisive action will be better poised to ride the rising tide of risk.
Many believe it is inevitable that COVID will leave a long-lasting impact on the world, lingering after the pandemic ends. And while we can’t foresee the endpoint, it is a certainty that this shift will also transform the way banks approach credit risk modeling, and that the imprint of this event will live on in risk management for many years to come.
If you’ve spent any time in the last ten years in or around compliance, you’ve likely heard about the “three lines of defense” (3LOD) model – business units are primarily accountable for compliance and are considered the first line; the compliance team is the second line, checking the work for the first line; and internal audit operates as an independent third line assessing the first two lines. While the model has been widely accepted (and in most cases expected by regulators), the approach has been gaining some critics. The growth of the FinTech industry has caused many to question how viable and applicable the 3LOD model is for smaller organizations. While the concept is solid, it’s time to adapt the model to account for the wide array of organizations now operating in Financial Services.
Regulatory Compliance & Risk Management 2 minute read
Market conditions are constantly changing, which means businesses must have the flexibility to adapt to operate successfully. But all the flexibility in the world could not have prepared businesses for the impact of the novel coronavirus. Almost immediately after COVID-19 began spreading across the United States, the economy took a huge hit that included major job losses.
Critical Initiative Delivery, Business Analytics & Data Management, Regulatory Compliance & Risk Management, Webinar 2 minute read
The Big Picture Pick up recent copies of The Wall Street Journal or American Banker, and you’ll see headline after headline about consent orders and hefty fines issued by the Consumer Financial Protection Bureau to mortgage companies caught using deceptive advertising practices. This summer alone, eight have been issued. Two things immediately strike me when I see these stories: Many of these cases didn’t have to happen. And while these particular consent orders were concentrated in the mortgage sector, similarly problematic issues are most certainly occurring in other lending segments across the financial services industry. After a hundred years or so, you’d think we would know how to follow regulatory rules –particularly those put in place to protect consumers. Indeed, the first such laws were framed by the states before World War I – although the first meaty federal law, the Truth in Lending Act, wasn’t passed until 1968. Every new regulation layered in since then largely continues to further shield consumers from unfair practices – which often start with glossy ad campaigns designed to get them in the physical or digital door. The reasons why we’re still struggling with compliance aren’t too difficult to understand: turnover within organizations, competing priorities, a lack of sound controls, new staffers who are unfamiliar with existing regulations, and a never-ending list of new ones, including Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) and the Mortgage Acts and Practices (MAP) – Advertising Rule. There’s also often a gap between the intent of any new regulation and how marketing teams interpret it. The risks of not crossing every “t” and dotting every “i” are significant, as evidenced by these recent consent orders. Doing things the wrong way also can mean costly penalties, time-consuming regulatory remediation, and loss of customer trust – which can translate into higher complaint volumes and even lawsuits. Let’s explore some long-lingering myths about how banks advertise their lending products – and, more importantly, what your financial institution should be doing. MYTH: Legal and Compliance don’t need to review my ad since I’m the expert in marketing. FACT: This is the biggest myth that persists in financial services marketing and advertising. Every word you use to communicate has specific and nuanced meanings, and your legal and compliance teams have a responsibility to protect your company and consumers alike. No external ads or marketing materials should be released until you get signoff from your legal or compliance team. It’s not any more complicated than that. MYTH: Our marketing team knows what Legal and Compliance have told us. We get it, but we need leeway to make our ads eye-catching and even a bit sexy so we can get business in the door. One little word change doesn’t really make a difference. FACT: Remember how former President Bill Clinton faced legal drilling over his interpretation of the word “is”? You’d be surprised at exactly what a bank must validate before it advertises anything as “free.” That word “free” – and countless more – are triggers, often requiring specific disclosures on how they apply to what you’re advertising right at that moment. Ideally, your marketing and advertising teams should collaborate almost daily with your legal and compliance teams. Of course there’s going to be some friction between the advertising folks, who see in every color of the rainbow, and the legal and compliance folks, who typically only see in black and white. The important thing is to build processes and procedures that enable effective and efficient reviews of all advertising and marketing materials, and that begins with concepts. When you involve those responsible with compliance up front, they can help rethink an approach in ways that ensure the final ad meets regulatory requirements. Also, try taking their early “no” to mean “not yet” and be open to ideas on what could translate into an easy reframing. But go to them at the end with an ad that fails on every compliance front, and their “no” will be just that. When I was at a bank that now has more than $30 billion in assets, my compliance team worked diligently to become a strategic partner to the marketing team. It took some time, but our peers came to see that we never aimed to derail their vision. As our relationship evolved, so did our interactions. In fact, we created a desktop resource that allowed marketers to easily look up the latest laws or match sales terms with the necessary disclosures, delivering a self-service tool that also empowered them to create responsibly and expedite the review process. Rest assured, the goal of your bank’s lawyers and compliance officers is not to thwart creativity, but to ensure that amazing ad concepts give consumers precise, clear information about the company’s products and services, allowing them to make smart financial decisions. Believe me: Compliance teams want powerful, compelling and even award-winning advertising that brings more revenue in the door, because when you have that, everyone benefits. MYTH: Our market competitor ran an ad just like that. If they got away with it, then it’s OK and the legal and compliance team is overreacting. FACT: This is the corporate version of your mother asking you, “If everyone was jumping off a cliff, would you do it, too?” The only truth here is that your competitor ran an ad. You don’t really know if that financial institution “got away with it.” In fact, you might learn not too far down the road that your competitor actually got caught red-handed with a compliance violation. After all, the underlying premise of advertising is to spread the word, and regulators are paying close attention. Frankly, you should be analyzing what your competitors are doing, but I’m not talking about their advertising. Take a good look at every consent order or other regulatory action you hear about and compare it to what’s happening in your shop. Are you doing things the right way? Are you identifying and avoiding the possible risks in your process? In other words, consider that the teacher has given you every answer to the test, and you don’t want to fail down the road. MYTH: The bank’s advertising agency developed that campaign – not our internal team – so we’re not going to get in any trouble. FACT: Time and time again, oversight organizations stress that any third-party vendor – whether it’s an ad agency or a cross-sell phone queue – is a seamless extension of your financial institution. If they get it wrong, so do you. You don’t outsource the compliance responsibility along with the work. MYTH: All of that applies to my bank or mortgage company – not to me as a loan officer. I’ll post a special offer on my social channels just for my customers. FACT: Your very title of “loan officer” means you’re an officer of your financial institution, and the same exact requirements apply to you. Without question, the growing influence of social media makes consumer outreach easy, but the brevity and ease of these same platforms also make it more difficult to keep your team members from going rogue. The same compliance standards apply to all of your advertising, including any unsanctioned materials. Every employee needs to understand this responsibility. (BTW, don’t forget about old-fashioned tactics, such as a quick sales flyer that a teller might create and post in a branch. Whether that flyer meets your advertising brand standards is the least of your worries, because you’re most likely out of regulatory compliance.) MYTH: Getting an internal review takes so much time that we’re losing competitive advantage. FACT: Doing it right takes a fraction of the time needed to fix things – particularly if you’re cited for a regulatory infraction – and maintains your institution’s reputation. Yes, a legal or compliance review is another step in your marketing process, but it’s a short blip in the lifetime of a successful business. In my previous role, I was intentional about building interactions with the marketing team that served everyone’s needs as efficiently as possible. If a federal agency comes at you with a consent order or Matter Requiring Attention, you’re going to spend significantly more time finding the root issue, solving for your misstep, gaining regulatory signoff and getting back to work. You also can’t rebuild consumer confidence overnight – even with the most attractive offers in your marketplace. After all, if your customers know you’ve been under scrutiny before, do you think they’re going to trust that you’re being straight with them this time around?
Regulatory Compliance & Risk Management, Compliance, Risk Management 5 minute read
Like how we think? Subscribe to have our articles delivered direct to your inbox each month.
Headquarters: 8000 Franklin Farms Drive, Suite 100, Richmond, VA 23229
©2020 Spinnaker Consulting Group. All rights reserved.