Address discrepancies aren't the end of the road, but they sure can be a bump in it. One of the handful of mandatory elements in the Red Flag guidelines, which focus on FACTA Sections 114 and 315, is the implementation of Section 315.  Section 315 provides guidance regarding reasonable policies and procedures that a user of consumer reports must employ when a consumer reporting agency sends the user a notice of address discrepancy.  A couple of common questions and answers to get us started: 1.  How do the credit reporting agencies display an address discrepancy? Each credit reporting agency displays an “address discrepancy indicator,” which typically is simply a code in a specified field. Each credit reporting agency uses a different indicator. Experian, for example, supplies an indicator for each displayable address that denotes a match or mismatch to the address supplied upon inquiry. 2.  How do I “form a reasonable belief” that a credit report relates to the consumer for whom it was requested? Following procedures that you have implemented as a part of your Customer Identification Program (CIP) under the USA PATRIOT Act can and should satisfy this requirement. You also may compare the credit report with information in your own records or information from a third-party source, or you may verify information in the credit report with the consumer directly. In my last posting, I discussed the value of a risk-based approach to Red Flag compliance.  Foundational to that value is the ability to efficiently and effectively reconcile Red Flag conditions…including addressing discrepancies on a consumer credit report. Arguably, the biggest Red Flag problem we solve for our clients these days is in responding to identified and detected Red Flag conditions as part of their Identity Theft Prevention Program.  There are many tools available that can detect Red Flag conditions.  The best-in-class solutions, however, are those that not only detect these conditions, but allow for cost-effective and accurate reconciliation of high risk conditions.  Remember, a Red Flag compliant program is one that identifies and detects high risk conditions, responds to the presence of those conditions, and is updated over time as risk and business processes change. A recent Experian analysis of records containing an address discrepancy on the credit profile showed that the vast majority of these could be positively reconciled (a.k.a. authenticated) via the use of alternate data sources and scores.  Layer on top of a solid decisioning strategy using these elements, the use of consumer-facing knowledge-based authentication questions, and nearly all of that potential referral volume can be passed through automated checks without ever landing in a manual referral queue or call center.  Now that address discrepancies can no longer be ignored, this approach can save your operations team from having to add headcount to respond to this initially detected condition.  

Recently we conducted an informal survey, the results of which indicate that loan portfolio growth is still a major target for 2009.  But, when asked what specific areas in the loan portfolio -- or how loan pricing and profitability -- will drive that growth, there was little in the way of specifics available.  This lack of direction (better put, vision) is a big problem in credit risk management today. We have to remember that our loan portfolio is the biggest investment vehicle that we have as a financial institution.  Yes; it is an investment. We choose not to invest in treasuries or fed funds -- and to invest in loan balances instead -- because loan balances provide a better return.  We have to appropriately assess the risk in each individual credit relationship; but, when it comes down to the basics, when we choose to make a loan, it is our way of investing our depositors’ money and our capital in order to make a profit. When you compare lending practices of the past to that of well-tested investment techniques, we can see that we have done a poor job with our investment management.  Remember the basics of investing, namely: diversification; management of risk; and review of performance.  Your loan portfolio should be managed using these same basics.  Your loan officers are pitching various investments based on your overall investment goals (credit policy, pricing structure, etc.).  Your approval authority is the final review of these investment options.  Ongoing monitoring is management of the ongoing risk involved with the loan itself. What is your vision for your portfolio?  What type of diversification model do you have?  What type of return is required to appropriately cover risk?  Once you have determined your overall vision for the portfolio, you can begin to refine your lending strategy.

By: Tom Hannagan Part 2 In my last post, I started my review of the Uniform Bank Performance Reports for the two largest financial institution peer groups through the end of 2008. Now, lets look at the resutls relating to credit cost, loss allowance accounts and the impacts on earnings. Again, as you look at these results, I encourage you to consider the processes that your bank currently utilizes for credit risk modeling and financial risk management. Credit costs More loans, especially in an economic downturn, mean more credit risk. Credit costs were up tremendously. The Peer group 1 banks reported net loan losses of .89% of total loans. This is an increase from .28% in 2007, which was up from an average of 18 basis points on the portfolio in 2006/2005.  The Peer group 2 banks reported net loan losses of .74%. This is also up substantially from 24 basis points in 2007 and an average of 15 basis points in 2006/2005. The net loan losses reported in the fourth quarter significantly boosted both groups’ year-end loss percentages above where they stood through the first three quarters last year. Loss allowance accounts Both groups also ramped up their reserve for future expected losses substantially. The year-end loss allowance account (ALLL) as a percent of total loans stood at 1.81% for the largest banks. This is an increase of almost 50% from an average of 1.21% in the years 2007/2004. Peer group 2 banks saw their reserve for losses go up to 1.57% from an average of 1.24% in the years 2007/2004. The combination of covering the increased net loan losses and also increasing the loss reserve balance required a huge provision expenses. So, loan balances were up even in the face of increased write-offs and expected forward losses. Impacts on earnings Obviously, we would expect this provisioning burden to negatively impact earnings. It did, greatly. Peer group 1 banks saw a decline in return on assets to a negative .07%. This is just below break-even as a group. The average net income percentage stood at .42% of average assets at the end of the third quarter. So, the washout in the fourth quarter reports took the group average to a net loss position for the year. The ROA was at .96% in 2007 and an average of 1.26% in 2006/2005. That is a 111% decline in ROA from 2007. Return on equity also went into the red, down from 11.97% in 2007. ROE stood at 14.36% in 2005. For the $1B to $3B banks, ROA stood at .35%. This is still a positive number, however, it is way down from 1.08% in 2007, 1.30% in 2006 and 1.33% in 2005. The decline in 2008 was 67% from 2007. ROE for the group was also down, at 4.11% from 12.37% in 2007. The drops in profitability were not entirely the result of credit losses, but this was by far the largest impact from 2007. The seriously beefed-up ALLL accounts would seem to indicate that, as a group, the banks expect further loan losses, at least through 2009.  These numbers largely pre-dated the launch of the Troubled Asset Relief Program and the tier one funding it provided in 2008. But, it is clear that banks had not contracted lending for all of 2008, even in the face of mounting credit issues and a declining economic picture. It will be interesting to see how things unfold in the next several quarters.

By: Tom Hannagan Part 1 It may be quite useful to compare your financial institution's portfolio risk management process or your investment plans , to the results of peer group averages. Not all banks are the same -- believe it or not. Here are the averages. You should look for differences in your target institution. About half of them beat certain performance numbers and the other half may be naturally worse. As promised, I have again reviewed the Uniform Bank Performance Reports for the two largest peer groups through the end 2008. The Uniform Bank Performance Report (UBPR) is a compilation of the FDIC, based on the call reports submitted by insured banks. The FDIC reports peer averages for various bank size groupings and here are a few notable findings for the two largest groups that covers 494 reporting banks. Peer group 1 Peer group 1 consisted of 189 institutions over $3 billion in average total assets for the year. Net loans accounted for 67.31% of average total assets, which is up from 65.79 % in 2007. Loans, as a percent of assets, have increased steadily since at least 2004. The loan-to-deposit ratio for the largest banks was also up to 96% from 91% in 2007 and 88% in both 2006 and 2005. So, it appears these banks were lending more in 2008 as an allocation of their total asset base and relative to their deposit sources of funding. In fact, net loans grew at a rate of 9.34% for this group, which is down from the average growth rate of 15.07% for the years 2005 through 2007.  The growth rate in loans is down, which is probably due to tightened credit standards. However, it is still growth. And, since total average assets also had growth of 11.58% in 2008, the absolute dollars of loan balances increased at the largest banks. Peer group 2 Peer group 2 consisted of 305 reporting financial institutions between $1B and $3B in total assets. The net loans accounted for 72.96% of average total assets, up from 71.75% in 2007. Again, the loans as a percent of total assets have increased steadily since at least 2004. The loan-to-deposit ratio for these banks was up to 95% from 92% in 2007 and an average of 90% for 2006 and 2005. So, these banks are also lending more in 2008 as a portion of their asset base and relative to their deposit source of funding. Net loans grew at a rate of 10.48% for this group in 2008 which is down from 11.94% growth in 2007 and down from an average growth of 15.04% for 2006 and 2005. And, since total average assets also had growth of 10.02% in 2008, the absolute dollars of loan balances also increased at the intermediate size banks. Again here, the growth rate in loans is down, probably due to tightened credit standards, but it is still growth and it is at a slightly more aggressive rate than the largest bank group. Combined, for these 494 largest financial institutions, loans were still growing through 2008 both as a percentage of asset allocation and in absolute dollars. Tune in to my next blog to read more about the results shown relating to credit costs, loss allowance accounts and the impacts on earnings.

By: Tom Hannagan This post is a feature from my colleague and guest blogger, John Robertson, Senior Process Architect in Advisory Services at Baker Hill, a part of Experian. Years ago, I attended a seminar at which the presenter made a statement that struck me as odd, but has proven to be quite prophetic.  He simply stated, “margins will continue to narrow … forever!” He was spot on. At that time, a variety of loan products (such as mortgage loans) were becoming commoditized and this emerging market acted as an intermediary for needed cash to provide banks the wherewithal to continue to lend in their respective locales. The presenter continued by making a call for a systematic and effective pricing methodology then and “forever”. Pricing loans in a competitive market does not necessarily translate into smaller yields. Nor should banks be willing to accept smaller yields for less than quality loans. There are several viable options to consider when loan pricing in a market where the margins continue to shrink. Cutting operating expenses Generally, a financial institution’s first reaction to narrowing margins is to cut operating expenses. Periodically the chaff does need culling, but most banks run efficient shops by depending heavily on technology to create those efficiencies and for risk management. They continually measure themselves with efficiency ratios which, in part, help to drive their strategic operating decisions. So, when the edict comes from above to cut operating expenses, there aren’t too many options. So, why is a bank’s first reaction usually an all-out call to cut operating expenses? Generally, it’s because these operating expenses are more easily identifiable and banks still lack effective tools to measure the value of their customers and relationships. Couple that with the perception that there is no control over a competitive market with narrowing margins. As a result, banks price accordingly -- just to get the deal. Consequently, their efficiency ratios may look good, but what about the potential impact on yield, service and internal morale? Community banks, in particular, pride themselves on customer service and, in fact, site it as one of their strengths against larger banks. Do you give up that advantage? Relationship management To price effectively in a market where margins have narrowed, the bank has to also consider the relationship’s value. The value of deposits should be measured and included to allow for more competitive pricing. The influence of deposits on the relationship allows the bank to be more aggressive in its loan pricing or can enhance the relationship yield itself. Loan pricing in a competitive market does not have to translate into smaller yields and/or credit quality. The key to staying ahead of competition is measuring the value of the relationship and applying any or all of the outlined effective risk-based pricing methodologies to position the bank to win the deal and still meet the targeted return objectives. While the phrase “margins will continue to narrow … forever” may seem to hold true, banks can counter by using the “power of pricing” to offset the impact to earnings …forever!

At which stage of the application process does the Red Flags Rule apply? The Red Flag Rule would apply whenever you detect a Red Flag in connection with an application. This could occur as soon as you receive an application, for example: if the application appears to have been altered or forged; or the consumer’s identification appears to be forged or is inconsistent with the information on the application. Is the social security number (SSN) check a requirement? No, but an invalid SSN may be a Red Flag – i.e., an indicator of possible identity theft – and obtaining and verifying a SSN may be a reasonable means of application risk management to detect this Red Flag when opening accounts. You may be able to utilize your existing procedures under your Customer Identification Program under the USA PATRIOT Act.  

After reviewing more details around the "The President's Identity Theft Task Force Report" (September 2008), and some of the activities surrounding it, I find myself again pondering how all of this may be impacting our clients.  Does heightened consumer awareness around both identity theft Red Flags rules and government initiatives (like the task force report) put more pressure on various industries to have buttoned up identity theft prevention programs that are not only effective, but also "marketed" to consumers?  Are consumers now expecting to see more blatant identity theft prevention measures in place each time they transact with a service provider…any service provider?Lots of questions here, so let me know if you are feeling residual pressures from your consumer base as a result of any of the latest initiatives or reports.  I can say that we do have some clients that believe effective identity theft measures matter to their customers and use their protection measures as marketing messages.  For example, the use of knowledge-based authentication questions during an application or transaction approval process is not only effective in preventing fraud, but also leaves customers with a sense of security and an understanding that their financial institutions are working to combat identify theft..

What to do when you see a Red Flag. Your Identity Theft Prevention Program should include appropriate responses when you detect a Red Flag. You must assess whether the Red Flag evidences a risk of identity theft. If so, your response must be commensurate with the degree of risk posed. Depending on the level of risk, an appropriate response may include contacting your applicant, not opening a new account or even determining that no response is necessary.  

By: Tom Hannagan Part 2 There is one rather interesting clause that appears to represent an open-ended business porfolio risk management decision for the future. It is one small paragraph, named Amendment, in the middle of Article V - Miscellaneous, just ahead of governing law (which is federal law, backed up by the laws of the State of New York). Amendment begins normally enough, requiring the usual signed agreement of each party, but then states: “provided that the Investor may unilaterally amend any provision of this Agreement to the extent required to comply with any changes after the Signing Date in applicable federal statutes.” Wow. My understanding of this is that if Congress in the future, enacts anything that Treasury finds (or Congress requires Treasury to find) applicable to any aspect of the previously signed TARP Agreement, the bank is bound to adhere. Forget about the non-voting aspect of the preferred shares issued to the Treasury. Once the TARP Agreement is executed by the bank, management is not only bound by what’s in the document to begin with, it is in addition, subject to future federal law as long as the TARP shares are held by the government. So, this new major owner does have a voice. The Purchase Agreement covers what the new owner wants now and may decide it wants in the future. This a form of strategic business risk that comes with accepting the capital infusion, along with the various financial implications of the funding.

By: Tom Hannagan Part 1 Beyond the risk management considerations related to a bank’s capital position, which is directly impacted by Troubled Asset Relief Program (TARP) participation, it should be clear that TARP also involves business (or strategic) risk.  We have spoken in the past of several major categories of risk: credit risk, market risk, operational risk and business risk. Business risk includes: A variety of risks associated with the outcomes from strategic decision making; Governance considerations; Executive behavior (for lack of better terminology); Management succession events or other leadership occurrences that may affect the performance and financial viability of the business. Aside from the monetary impact on the bank’s capital position, TARP involves a new capital securities owner being in the mix. And, with a 20% infusion of added tier 1 capital, we are almost always talking about a very large, new owner relative to existing shareholders. The United States Department of the Treasury is the investor or holder of the newly issued preferred stock and warrants. The Treasury Department does not have voting rights like common shareholders, but the Treasury’s Securities Purchase Agreement – Standard Form includes at least 35 pages of terms, plus the required Letter Agreement, Schedules attached to the Letter Agreement and at least five significant Annex’s to the Purchase Agreement. It’s NOT an easy, quick or fun read. In the Recitals section, it states that the bank: “agrees to expand the flow of credit to U.S. consumers and businesses on competitive terms as appropriate to strengthen the health of the U.S. economy” and, later, “agrees to work diligently, under existing programs, to modify the terms of residential mortgages as appropriate to strengthen the health of the U.S. economy.” Fortunately, if you’re a banker, these topics are not (currently) revisited elsewhere in the document, period. However, these are examples of the new shareholder effecting business decision making without the need to be on the Board of Directors, or voting common shares. The Agreement covers a number of other requirements and limitations, such as executive compensation, dividend payments, other capital sourcing and retention of bank holding company status. None of these are particularly onerous, but they must be taken into account by management. Visit my next post to read about the very interesting Amendment clause that may represent an open-ended business portfolio risk management decision for the future.

We have been hearing quite a bit about the ponzi scheme that was created and managed by Bernie Madoff.  Almost $50 billion dollars was taken from those that were considered to be sophisticated and definitely not the typical type to be scammed.  So, what created the environment that allowed such large sums of money to be lost in such a basic con game as a ponzi scheme?  I believe there are a few basic factors that prompted these seemingly sophisticated people to invest in this ill-fated “investment.” A strong desire to generate investment returns when the typical channels were not delivering. The reputation(s) of the existing client list -- If they invested why shouldn’t I? The thought that if it paid off with smaller dollar investments, just think what could be made with larger dollars! Hmmm!  Sounds like how we got ourselves into today’s credit situation.  Basically, we were distracted by the items noted above and ignored the warning signs. Putting the items above into credit industry terms it can be summed up as follows: We have to continue to grow and we are pressured to find more opportunities.  If we go lower in the credit quality spectrum, it can generate immediate volume from the existing application volume. Other financial institutions have gone into this type of lending and they aren’t showing any signs of significant distress in their portfolios.  We need to do the same.  (Everyone in the herd in favor of this action please respond by saying “Moo.”) Our test portfolio has performed acceptably, so let’s increase the volume. Let’s continue the correlation between these two “problems.”  In the Madoff ponzi scheme, there were warning signs that cropped up - some earlier than others. These included: In 2000, the Securities and Exchange Commission received a letter from an outside money manager which warned of a possible scheme. In 2005, the Bostonian submitted an 18-page document to the SEC citing 29 red flags and indicated some level of corruption within Madoff’s investment company. The SEC’s own earlier investigation conducted in 1999, included an acknowledgement that they had received “credible allegations” but these allegations were ignored. So, what were the signs that were in front of us but we simply chose to ignore? Were the portfolios turning over so fast that we could not actually gather statistically valid data to support performance? Since we were selling off the loans, either individually or in bulk, did we ignore the actual risk that was taken by the industry? Were we appropriately monitoring the portfolio growth and performance, utilizing risk reduction and risk avoidance techniques, doing regular rescores and tracking potential behavioral issues? Whether the signs were visible to us or not, the fact remains that they existed in the past and they will likely exist in the future.  As we continue to clean up the mess of our past, we need to consider a few items: What we did in the past will no longer be acceptable going forward. We must change. We must improve. Regulatory pressures will increase and changes will continue to be made. We will not have the luxury of time to respond to these pressures and/or changes. We must act now. What is a financial institution to do?  Well, the worst thing we can do is wait for the regulators to tell us what to do because that is simply too late.  We need to act and act now. Assess the risk management methods that were employed in the past and determine deficiencies. Note the gaps between the historical tools and data sources compared with the updated credit decisioning tools and sources available in the industry. Develop a plan for implementing the new risk reduction methods and tools. Determine the estimated lift and manage/monitor your performance against your estimates. Don’t forget about the new additions to the portfolio. Once you have the existing risk identified, you should make the appropriate adjustments to the product risk parameters and terms and conditions to improve the overall quality of the new portfolio. Overall, the worst thing that we can do is nothing. Remember, “Those who do not remember the past are condemned to repeat it.” George Santayana, a philosopher, essayist, poet, and novelist

How do I know which Red Flags apply to me? The Red Flag guidelines that will apply to you depend on a number of factors including: The types of covered accounts you offer and how those accounts may be opened and accessed Your previous experiences with identity theft In order to determine the applicable Red Flags, you must consider these factors as well as various sources and categories of Red Flags identified in the Guidelines. There are many resources available to help you gain the upper hand on Identity Theft Red Flags. I encourage you to visit this site for more information including a white paper, webinar, data sheet and more.  

There seems to be some ground-laying for follow-on Red Flag compliance guidelines to emerge either pre- or post- May 1, 2009.  Whether they arrive in the form of clarifying statements by the Red Flags Rule drafting agencies, or separate guidelines beyond the current Rule, the ambiguity associated with the current set of parameters leads me to believe that:The door is open for many entities, not clearly called out in the Red Flags Rule as 'covered' to be more formally placed under that umbrella, andA new series of mandates may be on the horizon as the focus on identity theft prevention and, of critical note, consumer protection continues to sharpen.I look at "The President's Identity Theft Task Force Report" (September 2008) as a potential catalyst for the publication of more formal directives around consumer identity theft prevention programs.  While the report currently sits in the form of recommendations, it is likely that some of these recommendations may evolve into more definitive enactments.  Additionally, it's clear that even commercial entities that are potentially not covered by the Red Flag Rule today are called out as still in need of stringent and diligent identity theft prevention measures.  More to follow next time on this report.

The difference between market risk and credit risk By: Tom Hannagan Market risk is different than credit risk. The bank’s assets are mostly invested in loans and securities (about 90% of average assets). These loans and securities have differing interest rate structures – some are fixed and some are floating. They also have differing maturities. Meanwhile, the bank’s liabilities, deposits and borrowings also have differing maturities and interest rate characteristics. If the bank’s (asset-based) interest income structure is not properly aligned with the (liability-based) interest expense structure, the result is interest rate risk. As market rates change (up or down), the bank’s earning are impacted (positively or negatively) based on the mismatch in its balance sheet structure. The bank can offset market risk by purchasing interest rate swaps or other interest rate derivatives. The impact of insufficient attention to interest rate risk can damage earnings and may, again, negatively affect the bank’s capital position. So, ultimately, the bank’s risk-based capital acts as the last line of defense against the negative impact from, you guessed it, unpredictable variability – or “risk.” That is why equity is considered risk-based capital. Good risk management, predicting and risk-based pricing leads to safer earnings performance and equity position.

By: Tom Hannagan In my past postings, we’ve discussed financial risk management, the role of risk-based capital, measuring profitability based on risk characteristics and the need for risk-based loan pricing (credit risk modeling). I thought it might be worthwhile to take one step back and explain what we mean by the term “risk.” “Risk” means unpredictable variability. Reliable predictions of an outcome tend to reduce the risk associated with that outcome. Similarly, low levels of variability also tend to reduce risk. People who are “set in their ways” tend to lead less risky lives than the more adventuresome types. Insurance companies love the former and charge additional premiums to the latter. This is a terrific example of risk-based pricing. Financial services involve risk. Banks have many of the same operational risks as other non-financial businesses. They additionally have a lot of credit risk associated with lending money to individuals and businesses. Further, banks are highly leveraged, borrowing funds from depositors and other sources to support their lending activities. Because banks are both collecting interest income and incurring interest expense, they are subject to market, or interest rate, risk. Banks create credit policies and processes to help them manage credit risk. They try to limit the level of risk and predict how much they are incurring so they can reserve some funds to offset losses. To the extent that banks don’t do this well, they are acting like insurance companies without good actuarial support. It results in a practice called “adverse selection” – incorrectly pricing risk and gathering many of the worst (riskiest) customers. Sufficiently good credit risk management practices control and predict most of the bad outcomes most of the time, at least at portfolio levels. Bad outcomes (losses) that are not well-predicted, and therefore mitigated with sufficient loan-loss reserves, will negatively impact the bank’s earnings and capital position. If the losses are large enough, they can wipe out capital and result in the bank’s failure.