Enhancing Credit Risk Management Frameworks for Non-Systemic UK Deposit Takers

Enhancing Credit Risk Management Frameworks for Non-Systemic UK Deposit Takers
Listen to this article

Introduction

The Bank of England’s Prudential Regulation Authority (PRA) recently published a letter summarizing the findings from an internal audit (IA) review of the Credit Risk Management Framework (CRMF) for non-systemic UK deposit takers (UKDT), including smaller banks and building societies. The purpose of the review was to assess the effectiveness of CRMF controls, particularly in light of economic uncertainties that have heightened credit risk.

This article, written by T3 Consultants, outlines the key thematic findings from the IA review, focusing on areas of concern such as governance, portfolio management, and control processes. It is aimed at risk managers and senior executives in the banking and financial services sector who are responsible for managing credit risk within their organizations.


1. Macroeconomic Context and the Review’s Objectives

The audit was initiated in response to economic uncertainties, including high inflation, rising interest rates, and potential credit deterioration. With a focus on non-systemic UKDTs, the PRA sought assurance on the effectiveness of credit risk management controls, especially in light of potential future economic challenges. The overarching aim was to ensure that credit portfolios were resilient, with lending practices that could withstand macroeconomic pressures.

Subsection 1.1: Focus of the Review

The review concentrated on:

  • Credit and affordability assessments: Evaluating whether institutions properly assess borrowers’ ability to repay loans.
  • Approval processes: Ensuring that credit decisions adhere to institutional policies.
  • Portfolio management: Investigating how firms manage and monitor their lending books, considering potential macroeconomic shifts.

The primary focus was to see if these controls were robust enough to handle heightened risks during uncertain times.


2. Key Findings: Gaps in Credit Risk Management

The IA review covered 33 non-systemic UKDT firms, representing 13% of overall non-systemic lending exposure. Of the 236 findings, the majority (53%) were rated as moderate breaches of control procedures. The results highlighted critical areas requiring improvement, particularly around affordability assessments and portfolio management.

Subsection 2.1: Affordability Assessments

One of the most pressing concerns was the need for improved controls around affordability assessments. The review found that many firms lagged in updating their stress tests and buffer judgments in response to economic conditions like inflation or changing interest rates. For instance, some institutions had not integrated frequent updates from sources such as the Office for National Statistics (ONS) into their models, potentially resulting in outdated affordability evaluations.

Subsection 2.2: Quality Assurance and Underwriting

Another significant gap was the lack of robust quality assurance (QA) processes. Several firms relied on just one line of defense, either from the first or second line, rather than having a comprehensive QA framework. Furthermore, some institutions did not have documented QA policies, which could lead to inconsistent underwriting practices and unchecked risks.

Subsection 2.3: Management Information (MI)

The review also highlighted shortcomings in management information (MI). Many institutions lacked forward-looking metrics and supporting commentary in their reports, making it difficult for boards to make informed decisions on credit risk. Moreover, there were inconsistencies in the data being reported, particularly regarding risk appetite metrics and portfolio performance.


3. Governance and Control Environment: Areas Needing Improvement

The audit findings pointed to several weaknesses in the governance and control environment surrounding credit risk. Many firms lacked sufficient mechanisms to ensure that credit risk appetite and lending policies aligned with business strategies.

Subsection 3.1: Credit Risk Appetite (CRA)

The review identified the need for firms to calibrate credit risk appetite limits more accurately. In some cases, there were discrepancies between the information presented in credit risk MI and actual lending practices, leading to misalignment in risk monitoring. Furthermore, several institutions lacked mechanisms to escalate breaches in credit risk appetite, which could lead to unchecked risks and breaches remaining unaddressed.

Subsection 3.2: Lending Policies and Practices

Lending policies across many firms were found to be outdated or poorly enforced. Many firms did not update their policies to reflect changes in business strategies, and in some cases, exceptions to lending policies were not documented properly. A particular concern was the lack of detailed guidelines on “out of policy” loans, which exposed institutions to the risk of unvetted lending practices.


4. Collections and Proactive Customer Engagement

A key aspect of credit risk management, particularly in times of economic difficulty, is how firms handle collections and interactions with customers in financial distress. The IA findings revealed that many firms had inadequate contingency plans to manage an expected rise in arrears and customer defaults due to economic downturns.

Subsection 4.1: Collections Processes

Most firms lacked clear contingency plans to address an increase in arrears cases. Auditors found that resource planning for handling distressed customers was either insufficient or nonexistent. Without a clear strategy for allocating resources in the event of rising defaults, firms risk being overwhelmed by the volume of cases.

Subsection 4.2: Early Warning Indicators and Customer Segmentation

Early warning systems were often found lacking, especially in identifying vulnerable or higher-risk customer segments. The absence of proactive contact strategies for these customers increased the risk that early interventions could be missed, potentially leading to higher default rates and longer recovery times.


5. Next Steps for Firms: Enhancing Credit Risk Management Frameworks

The PRA’s letter serves as a call to action for firms to review and enhance their CRMF. Firms are encouraged to strengthen their affordability assessments, QA processes, management information, and lending policies in line with the observations from the review.

Subsection 5.1: Immediate Actions

Firms should prioritize the following actions based on the review’s findings:

  • Enhancing affordability assessments: Regularly update economic assumptions and incorporate external data such as ONS statistics into their affordability checks.
  • Strengthening QA processes: Ensure a robust QA framework across both lines of defense, with documented processes and frequent reviews.
  • Improving MI: Provide forward-looking, data-driven insights to boards and include relevant risk metrics that align with the firm’s risk appetite.

Subsection 5.2: Long-term Strategic Improvements

In the longer term, firms should work on aligning their credit risk appetite with their business strategies and ensure that any breaches are promptly escalated. Additionally, more comprehensive lending policies, including clear guidelines for “out of policy” loans and exception processes, should be put in place. Lastly, proactive collections strategies and early-warning systems will be essential as the economic environment continues to pose challenges.


Conclusion

The PRA’s findings highlight several critical areas where non-systemic UKDT firms must improve their credit risk management frameworks. As firms navigate a challenging macroeconomic environment, they must ensure that their CRMF is robust, adaptable, and well-aligned with business strategies. By taking immediate action on the audit’s recommendations, institutions can better manage credit risk, protect their portfolios, and ensure long-term sustainability.

Interested in speaking with our consultants? Click here to get in touch

 

Some sections of this article were crafted using artificial intelligence technology