INTERNAL RISK RATINGS

Credit Risk-Rating Systems

by Tom Yu, Tom Garside, and Jim Stoker

n this first of two articles, the authors describe the capabilities, desired attributes, and potential accruing benefits of effective risk-rating systems. The practical issues arising in an over- haul, the main theme of the second article, will be shown through a case study of one regional bank’s initiative to upgrade its man- agement process. redit risk ratings provide a models cannot be improved but portfolios. For corporate lending, common language for that the process of implementation credit scoring has been an impor- describing credit risk is challenging. Ratings are so tight- tant accelerator for . exposure within an organization ly woven into the fabric of most and, increasingly, with parties out- institutions that they are part of the Justification for Change side the organization. As such, they culture. And any significant change A decade of advancements in drive a wide range of credit to the culture is difficult. quantitative measures of credit risk processes—from origination to However, the pressures to have led to better risk management monitoring to securitization to change are mounting from both at the transaction level as well as workout—and it is logical that bet- internal and external sources. the portfolio level. Lenders can ter credit risk ratings can lead to Internally, it may be the desire to actively manage their portfolio better credit risk management. Yet price more aggressively or to risks and returns relative to the many lenders are using ratings sys- support a more economically institution’s risk appetite and per- tems that were put in place 10 or attractive CLO structure. formance targets. more years ago. Externally, the capital markets At the same time, it is becom- The primary barrier to change, desire more detailed, more finely ing increasingly clear that banks, in it seems, is not that the old rating differentiated measures of credit spite of their historical role, are actu- © 2001 by RMA. Yu is a senior manager specializing in North American work at Oliver, Wyman & Company (OWC) in New York; Garside is director and head of the firm’s Risk Management Practice in London; and Stoker is a senior manager specializing in Risk, based in New York. The authors acknowledge the assistance of George Morris, Jim Wiener, and John Stroughair, directors, and John Stewart, senior manager, all at OWC. Oliver, Wyman & Company is a strategy consulting firm dedicated exclusively to the financial services industry. Contact Stoker at [email protected]; visit OWC’s Web site at www.owc.com

38 The RMA Journal September 2001 Effective Credit Risk Rating Systems ally disadvantaged holders of credit the mean loss that can be expected nation for that seem identi- risk. The combination of high capital from holding the asset. This is cal- cal to the credit officer considering requirements and double taxation culated as the product of three com- the loans, damages the credibility of means that credit extension is typical- ponents: the model and makes it difficult to ly not contributing positively to Expected Loss (EL) 5 employ as a decision-support tool. shareholder value creation. Improved Probability of (PD) 3 Unconstrained model development risk ratings can improve the returns Exposure At Default (EAD) 3 also runs the risk of creating a in this business by significantly low- Loss Given Default (LGD). black-box solution; to the extent This article concentrates on the ering risk and process costs. possible, a new rating system success of a credit rating system in Some leading players are (joined with good internal training) rethinking the business model as a terms of its ability to quantify PD should produce results with which and LGD. For most commercial credit conduit. The originate-and- people are intuitively comfortable exposures, EAD is generally treated hold strategy is being replaced with and be capable of providing guid- one of originate-package-distribute. independently from the risk ratings, ance on why discrepancies have and this article will treat it as such. Credit risk is becoming managed in arisen. At times, this will require a The important risk drivers that much the same way as interest rate high-level design decision regarding risk or equity risk. To make this affect PD and LGD vary from asset the balance between complexity and class to asset class. For example, strategy work, it is essential that clarity within the institution. While the drivers of risk vary widely credit risk is measured in a more complexity can add to a model’s standardized, accurate, and timely between retail, commercial, and predictive power, it can also reduce asset-backed lending. Therefore, a fashion. organizational buy-in by making the successful credit risk rating system Additional impetus is provided system less intuitive, dramatically by the proposed reforms to bank reg- that covers material exposures reducing its practical value. Good across a bank will necessarily be ulation put forward by the Bank for rating systems should improve quite complex, with numerous dis- International Settlements (commonly process efficiency by reducing known as Basel II) that are intended tinct models. process costs and freeing time for This points to a second goal of to supersede the straight 8% mini- sales and relationship management. a credit risk rating system: It is not mum capital charge levied on banks All of these points require trust in since 1988. The expectations inher- enough to accurately measure risk, the rating system—users must be it also must provide the bank with a ent in this reform adds to the pres- confident that it works—with vali- unified view of its credit risk. It sures for changing internal risk rat- dation and back-testing as crucial ing systems. The promise is that less needs to ensure that a rating system elements in achieving this. permits the simple aggregation of capital will be required for banks Designing a system to include risk—by obligor, portfolio, line of using more advanced ratings. Many all the qualities listed above is chal- banks will find that without a sub- business, and product type—and lenging, because it involves both a thus allow the institution to make stantial overhaul, their credit risk-rat- technical excellence during the decisions based on solid estimation ing system will fail to meet Basel II development stage and potentially guidelines. of the credit risk being taken. far-reaching organizational and cul- Simply put, being “right” is not tural realignments. enough. The system must be easily Steps Toward Change Begin with Understanding the Goal understood by a wide range of peo- Components of a Successful ple and be useful for management The fundamental goal of a System decision taking. credit risk rating system is to esti- There are three key dimensions mate the credit risk of a given trans- For the user, this means that it to a risk rating system, as seen in should behave in an intuitive and action or portfolio of transactions Figure 1. To be effective, a system predictive fashion. For example, a /assets. The industry standard must be successful in all three “building block” for quantifying system that generates dramatically dimensions: different risk ratings, without expla- credit risk is Expected Loss (EL), 1. Ratings Scale addresses the

39 Effective Credit Risk Rating Systems

but often this Figure 1 is not the case with specific credit expo- sures being overlooked, such as letters of credit or the counterparty credit risk aris- ing from trad- ing positions. To get an accu- rate profile of an institution’s credit risk institution-wide metric against basis but poorly in gauging an exposure, every credit exposure which all assets will be com- absolute level of expected loss of needs a comparable risk rating. The pared. each. key is to use a “master scale”—a 2. Ratings Assignment addresses Most rating systems use a two- single scale to which all counterpar- the actual ratings process. dimensional scale to solve this prob- ties are mapped. It should be noted 3. Validation addresses confidence lem, with the that having such a universal ratings in the system, both internally (PD) and the loss given default scale does not imply that all asset and externally. (LGD) being quantified separately classes use the entire scale. For (consistent with the proposed Basel Ratings scale. A risk rating example, you would expect corpo- II guidelines). The first dimension system uses an objective scale to rate loans to be concentrated at the (PD) is primarily determined by the rank credits according to risk. In top end of the scale (with low prob- obligor characteristics. The second defining the scale, we answer three ability of default) and retail loans to dimension estimates how the facility questions: be concentrated towards the lower- structure affects the LGD. • What does a given rating middle part of the scale. A key element in the definition mean? Ratings assignment. After the of a ratings scale is the determina- • How many ratings should there ratings scale is defined, it is neces- tion of the appropriate level of gran- be? sary to choose an approach for ularity. Each grade should have • To which credits does the scale assigning ratings to counterparties, markedly (and measurably) different apply? and this raises several issues: risk characteristics. If the level of The ultimate goal is to provide • How are ratings assigned for granularity is too small (that is, there a measure of the loss expected for each business unit? are too few grades), the system will booking a credit and the capital • Who assigns the ratings? not be a useful decision support tool required to support it. By examining • What tools are used in the for management. Conversely, too the ratings of any two credits in a assignment process? much granularity may lead to a false portfolio, we would like to know The answers to these questions sense of accuracy (with models which credit is riskier and the typically differ by business unit. assumed better than they, in fact, are) expected loss associated with each. Figure 2 classifies alternative or too much detail as a basis for Obviously, if we can answer the sec- ratings approaches—in practice; management’s strategic decisions. ond question, we know the answer to banks use a mixture of these, Finally, an effective ratings the first part. As mentioned, many depending on customer type. The scale must be applicable across the credit rating systems perform well in choice between methods should bank’s entire credit portfolio. Banks defining credit risk on a relative depend on their cost/benefit charac- should strive to rate all exposures,

40 The RMA Journal September 2001 Effective Credit Risk Rating Systems

Figure 2

teristics. For example, the use of for achieving this will differ not The first two questions are extensive financial and nonfinancial only from business line to business answered jointly, since validation (subjective) data may result in line but also from bank to bank. At requires data. In fact, Basel II is increased accuracy but can slow the some banks, ratings assignments for explicit about the need to validate process, thereby adding cost. Such corporate and/or commercial credits internal ratings with historical data. analyses should be used only when will be undertaken by the line, by Validation—the process of ensuring the benefits from the marginal the credit function, or jointly. For that the ratings are accurately con- increase in accuracy are great. This retail portfolios, it’s common for veying the bank’s credit risk— applies to corporate lending, where centralized underwriting to assign includes: many banks use a combination of ratings. The key is to ensure that it • Checking accuracy of rat- financial and subjective information is clear who is responsible for ings—for example, are the to drive a scoresheet approach to assigning the relevant ratings, be it model’s predicted results con- assign ratings. In some cases, the line, credit, or centralized under- sistent with the default history scoresheets may also be supple- writing, and that whoever assigns of the bank? If not, are the mented by a model-based approach, the rating thoroughly understands models inappropriate, being such as Moodys RiskCalc. the ratings approach. misused, or miscalibrated (both Conversely, where the marginal ben- for PD and LGD)? Validation. A key, but often efit of increased accuracy at an indi- • Checking raters’ perform- overlooked, part of a ratings system vidual asset level is not as great— ance—for example, if there is a is a well-defined process to ensure for example, in small business lend- subjective component in the that it is working well. Three ques- ing —banks are making aggressive ratings process, does the rater’s tions must be answered: use of pure model approaches, simi- judgment improve the ratings 1. How are ratings validated? lar to those used to manage retail or not? 2. What data is needed for valida- credit card portfolios. • Checking applicability of mod- tion and model refinement? There should be a clear articu- els and tools—for example, has 3. Who is responsible for the lation of responsibility for ratings enough data been collected for analysis? assignment. The best mechanism further refinements? Are there 41 Effective Credit Risk Rating Systems

newly available vended models Consistency Figure 3 that outperform the current within a portfo- Applications That Rely on Risk Ratings one? lio. Two individ- Without an effective process of ual raters inde- Process/Decision Credit Risk Rating System Role validation, ratings will never pro- pendently evalu- Approval (new applications) Measure risk vide confidence, either internally or ating a credit Test pricing adequacy externally (and will not be accepted package should Syndications Pricing deal by regulators for the purpose of cap- assign the same Increase market share in relation to risk appetite ital allocation). At a minimum, the rating (or very required data for these analyses close), assuming Limit Setting Assist in determining capital cost of increased concentration should be explicitly specified and that both have data-capture systems should be the same infor- Capital Management Loss forecasting and provisioning Capital requirements implemented to collect the data. It mation. Intra- should be noted that all the data in portfolio ratings Risk Transfer Benefits of risk transfer depends on estimate of risk the world is worthless, unless some- inconsistency one within the bank reviews and negatively affects RAROC Determine risk-adjusted profits Economic capital estimates analyzes it. Banks vary in their the efficiency of a function of risk approaches, but the responsibility approvals and Customer Profitability Estimate of customer-level for data analysis must be clearly pricing and may Measurement risk-adjusted profit specified. In some banks, this func- generate dis- tion is delegated back to the busi- agreements nesses, while in others it is central- between the line and credit func- Independent of regulatory pressure, ized. tions. most banks have already been increasing the granularity of their What makes a risk rating Consistency across portfolios. risk-rating systems to meet compet- system effective? Nearly all banks Credit risk should be discussed itive needs. have risk rating systems, but not all across the entire organization in Calibration. A risk rating sys- systems perform well. A sound rat- common terms, facilitated by the tem should be calibrated to the ing system should improve a bank’s use of the central master scale, bank’s own historical experience. downstream tactical and strategic described earlier. Inconsistency in Improper calibration leads to incor- applications. Perversely, this is often the measurement of risk across rect measures of credit risk and an area of unexpected gain—ratings portfolios undermines most portfo- potentially value-destroying deci- are improved for regulatory reasons lio-level decisions and processes sions being taken. It also under- but are subsequently found to pay and severely impairs the credibility mines the system’s credibility, since off in other areas. Banks miss sub- and usefulness of bank-wide one should expect the line to notice stantial opportunities if they view the RAROC / SVA systems. that the ratings are not providing development of credit ratings prima- Granularity. To effectively dis- accurate information on the bank’s rily as a regulatory compliance issue. tinguish between risk levels, ratings own experienced losses. Robust credit rating systems have systems need a fairly high level of Calibration, like validation, requires the potential for significant bottom- granularity, with increased granular- data and should be an ongoing line impact and improved sharehold- ity in the portfolio subsegments process with regular refinement as er value creation. Some examples of having a high concentration of cred- increased data becomes available. value-adding applications are given it. Many first-generation rating tools in Figure 3. with between five and 10 pass Speed and accuracy. Speed is a An effective risk rating system grades are unsuitable for value- highly desirable goal but sometimes should bolster these applications adding applications, such as risk- is obtained only at the cost of accu- and processes. Those that do so adjusted pricing, portfolio manage- racy, particularly in judgmental sys- exhibit certain features: ment, and securitization intiatives. tems. When specifically analyzed, banks are often surprised by the

42 The RMA Journal September 2001 Effective Credit Risk Rating Systems costs of origination, approval, and a reduction of loss volatility—and the bank expects greater losses or monitoring. Faster processes are consequently economic capital con- there is most uncertainty.The same favorable, since they reduce these sumption—by 20-30%. The pro- approach can be taken throughout costs and improve the customer’s posed Basel II guidelines provide an the value chain—from approvals, experience with banks. The key is additional regulatory carrot, whereby through monitoring, to recoveries— to optimize the potental tradeoff banks with more advanced credit rat- but only if the risk inherent in each between speed and accuracy. ing systems will also enjoy reduced credit is well measured. Banks that regulatory capital requirements as have been aggressive in credit Benefits of a Leading-edge applied to their lending activities. process redesign have seen large cost Ratings System reductions in credit-related process- Increased risk-adjusted prof- Implementation of leading edge es. In many instances, banks have itability. Generally, we expect risk-rating systems can have sub- reduced credit-related expenses by enhanced credit risk measurement to stantial costs. Costs include devel- 25-30%. boost risk-adjusted profitability by opment staff (internal and external); supporting improvements in pricing software/ modeling costs; IT and Conclusion discipline. Risk-adjusted pricing infrastructure costs; and training Upon reviewing the Basel II facilitates the cherry picking of costs. Given these not inconsider- guidelines relating to internal credit higher quality credits from banks able costs, banks should expect sig- risk models, many credit risk man- with less robust risk measurement nificant benefits from ratings sys- agers at banks globally are faced capabilities and also ensures ade- tems implementation in addition to with the reality that their internal quate compensation from riskier regulatory compliance. Substantial risk-rating systems fall short of what credits. It is possible to realize risk- benefits can be achieved as applica- is necessary for compliance. What adjusted improvements in profitabil- tions leverage a leading-edge rat- options are available? What is the ity of 10-15 bps of assets per year ings system, including a reduction cost-benefit of each? The answers to through these mechanisms. The net in risk cost, increased risk-adjusted these questions are constrained by present value of this benefit, assum- profitability, and cost reduction available time, data, IT systems, and ing a 15% discount rate, is 80-90 through credit process redesign. organizational needs. In the perfect bps of assets minus the fixed costs situation, highly customized ratings Reduction in risk cost. Banks associated with the project. systems with internally calibrated, face two costs of credit risk: expect- Cost reduction through quantitative models can be designed ed losses and the cost of the capital credit process redesign. Leading- and rolled out. This may be desir- required to protect the bank against edge risk rating systems allow banks able for the many banks that are the volatility of losses. The direct to reduce costs in many credit-relat- partway there already. For others, benefit from the introduction of an ed processes. The key benefit of rat- this may be impractical. Regardless improved rating system is the reduc- ings tools is that they allow the of the approach, all models need to tion in credit losses due to improved streamlining of the entire credit follow the same basic outline. The asset selection and the avoidance of process along risk-adjusted lines. benefits generated from putting in “winner’s curse,” whereby a bank Simply cutting costs across the board such a system can far outweigh the that systematically misprices loans may, in the long term, actually costs, even without considering the suffers from negative selection. An increase losses as appropriate con- regulatory advantages, and the value indirect benefit from improved rating trols are compromised. Instead, of such a system can only increase. systems is the more efficient use of efforts are reconcentrated on the p economic capital through improved areas where additional, costly assess- portfolio composition. Active man- ments have the greatest pay-back. agement of the credit portfolio, The approvals process, in relation to underpinned by robust risk and valu- low-risk transactions, can be semi- ation metrics, can dramatically automated while efforts are recon- improve risk/return characteristics. centrated on those deals for which In many instances, it also can lead to 43