QUESTION
Our regulator has said we have numerous defects in our credit risk practices for loan underwriting. This came as a shock to us since we have a low foreclosure rate. Nevertheless, the examiner says we have no control process for a self-assessment.
To satisfy the regulator, we must put together a self-assessment policy and procedure to handle credit risk underwriting. We don’t know where to start.
If we knew the control areas of credit risk management that the examiner wants us to self-assess, we could draft a self-assessment process. So, we’re writing you for some feedback. Thank you for these weekly newsletters!
What are some controls involving credit risk underwriting practices?
ANSWER
You bring up an important distinction that many companies do not consider. There is a difference between risk assessments generally and the correlative control areas subject to review. The control areas are the framework on which the risk assessments are built. But you must outline those areas, or the self-assessment is an aimless set of procedures with limited value to management.
To begin, you should define the regulatory risk. For instance, you could define the self-assessment’s purpose as evaluating the underwriting practices for new loans in residential real estate. Keep in mind that your assessment would consider the guidelines provided by investors and state and federal agencies.
You must assess your risks and adjust your approach to make informed underwriting decisions and manage credit risks throughout the life of the loans, if applicable. I will provide a few control areas that should be the bases on which the self-assessment is established. My suggestions are by no means to be viewed as comprehensive. In fact, I am only touching on the ‘tip of the iceberg’ in self-assessments involving credit risk management.
The goal is to elucidate a credit risk management process that covers steps for conducting a thorough credit risk management evaluation to determine what you need to do to update your institution’s credit risk controls and reduce your underwriting risks.
Suggested Control Areas for Credit Risk Management
· Management controls, including prudence, separation of duties, quality, and capital
· Administration and Business line practices
· Credit approval process for loan types, terms, and conditions
· Follow-up measures related to a borrower’s performance, default exposures, and servicing reports
· System support to assist with credit analysis
· Substandard borrowers and the administrative system needed to manage these loan transactions
· Collateral and guarantees
· Loan policy controls, including Board of Directors approvals, periodic reevaluations, violations noted, and policy audits
· Loan review controls, including independence requirements, periodic adjustments, approvals, and reporting requirements
· Controls over past due and charge-off loans, including Watch lists, review categories, evaluation of reasons, and follow-up measures
· Controls over real estate owned (REO), including ownership rights, records, holding periods, and the sales process
· Foreclosed property controls, including status reports, property maintenance, and the sale decisions
· Loan accounting controls, including the accuracy of records, the adjustment process, exception management, quality controls, and the reporting process
· Compliance with certain specified regulations, acts, and practices
Lenders Compliance Group