Best Practices in Credit Risk Management - SAS

1 WHITE PAPERBest Practices in Credit Risk ManagementChallenges to and Opportunities for Rebuilding TrustSAS White PaperTable of ContentsCredit Risk Management Challenges and Opportunities ..1 Internal Rating Systems ..1 The Basel II Framework ..1 Internal Ratings ..3 LGD Modeling ..7 Exposure Calculation ..9 Internal Credit Portfolio Models ..10 Approaches to Modeling Credit Portfolios ..10 Risk-Adjusted Performance Measurement and Pricing ..14 Stress Testing ..16 Basel Committee Recommendations for Improved Stress Testing ..17 Credit Derivatives ..18 Credit Default Swaps ..18 Securitizations and Asset-Backed Securities ..19 Collateralized Debt Obligations ..20 Important Considerations for the Modeling of Securitizations ..22 Counterparty Exposure.

2 23 SAS Solutions for Credit Risk Management ..25 SAS Enterprise Miner ..26 SAS Credit Scoring for Banking ..26 SAS Credit Risk Management for Banking ..27 SAS Risk Management for Banking ..27 Conclusion ..29 Appendix ..30 Loss Distribution of a Homogeneous Portfolio ..30 Further Reading ..31 References ..321 Best Practices in Credit Risk ManagementCredit Risk Management Challenges and OpportunitiesIt was the summer of 2007 . The banking sector had only recently adopted Basel II regulations and begun to feel at ease with its Credit risk Management systems when the US subprime crisis erupted, subsequently spilling over into the most severe financial crisis since the Great Depression . A March 2008 survey of the Senior Supervisors Group a group of senior financial supervisors from 10 countries noted: Generally, Management at the better performing firms had more adaptive (rather than static) risk measurement processes and systems that could rapidly alter underlying assumptions in risk measures to reflect current circumstances.

3 1 Internal Rating SystemsBanks have been using internal ratings to assess customers creditworthiness for a long time . Over the years, different banks developed different rating schemes based on their own needs . With the advent of Basel II, however, the importance of internal rating systems was raised to a new level .The Basel II FrameworkIn the area of Credit risk, the Basel II framework allowed banks, for the first time, to use their own estimates of certain risk parameters to determine the regulatory capital required for an exposure . In the internal ratings-based (IRB) approach, a bank may base regulatory capital calculations on its internal rating systems, provided that the internal rating systems meet several minimum requirements . Using internal Credit portfolio models to determine the necessary regulatory capital, however, is not allowed.

4 The Basel II definition of an internal rating system is very broad: The term rating system comprises all of the methods, processes, controls, and data collection and IT systems that support the assessment of Credit risk, the assignment of internal risk ratings and the quantification of default and loss estimates . 2 In general, an internal rating system has to assess the default risk independently from transaction-specific factors . Banks are expected to come up with their own estimates for a borrower s probability of default (PD), and in the advanced IRB approach for loss given default (LGD) and exposure at default (EAD) of a transaction .1 SSG 2008, p. 42 BCBS 2006, 3942 SAS White PaperRegulatory Minimum RequirementsThe aim of the minimum requirements is to make sure that an internal rating system is implemented consistently and that it can evaluate the Credit risk in a transaction with sufficient accuracy.

5 These requirements and their associated details, which were outlined in Basel II,3 set the bar very high both for data Management and reporting systems and for model development, monitoring and validation capabilities .As an example, Basel II stated that reporting to senior Management must include risk profile by grade, migration across grades, estimation of the relevant parameters per grade and comparison of realized default rates (and LGDs and EADs for banks on advanced approaches) against expectations . 4 Similarly, the responsibilities of the Credit risk control unit(s) include: Production and analysis of summary reports from the bank s rating system, to include historical default data sorted by rating at the time of default and one year prior to default, grade migration analyses, and monitoring of trends in key rating criteria.

6 5 Furthermore, the minimum requirements set forth guidelines concerning both the structure and documentation of rating systems, the rating processes, the use test and senior Management involvement .Disclosure RequirementsIn addition to the minimum requirements, the disclosure requirements of Pillar 3 must be met . They are also substantial and detailed, especially for IRB banks, and call for an integrated and comprehensive database system with sufficient analysis and reporting power on top .Effects of Basel IIThe Basel II requirements have led to the standardization of certain aspects of internal rating systems . Notably, internal rating systems in the post-Basel II realm: Tend to be more objective and repeatable, less expert- and more model-based, offer a greater number of distinct grades and enable consistent ratings.

7 Must be calibrated on a long-run history of default and loss experience for internal or external ratings . Are part of a comprehensive rating and risk Management II also recognizes that the development and validation of models is more than the production of statistics; it recognizes the essential subjective factor the art of risk ratings .3 See BCBS 2006, Part 2, BCBS 2006, 4405 BCBS 2006, 441 This SAS White Paper Header stays on all left pages3 Best Practices in Credit Risk ManagementInternal RatingsAlthough the following denominations and classifications are not unequivocal, an internal rating model in a restricted sense often refers only to the default risk component of a rating system . Internal ratings may be developed via empirical models (e.)

8 G ., Credit risk scorecards) or expert-based models . In addition, external ratings, as well as ratings from market-driven rating models, are widely employed . From a terminology perspective, Credit scoring (which results in a Credit score ) is most often used in the retail banking segment, while the term risk rating is used in wholesale banking units to define the same process of producing risk ratings for counterparties . Credit ScoringCredit scoring is used extensively in the retail customer segment, and has been for several decades in the more mature banking markets . Typically, this segment comprises a large number of customers with similar characteristics or product requirements . The availability of large amounts of internal and external (i .e ., Credit bureau) data enables the development of scorecards using predictive modeling techniques and the performance of robust data mining.

9 Several statistical methods may be used, with logistic regression being the most popular . Credit scorecards are usually developed, at minimum, for each product (e .g ., a Credit card) . Depending on the amount of data available, further scorecards are created for product sub-segments (e .g ., by origination channel, age, new/existing customer, etc .) . Depending on whether or not there is prior knowledge about the customer or his/her use of a product, one distinguishes: Application scoring for new customers or for customers requesting a certain product for the first time . Behavioral scoring for customers who already have a Credit history with the resulting score can be used in various Credit risk Management contexts . For example, application scoring is relevant for the following types of decisions: Risk-based pricing/down payment/deposit.

10 Credit /loan limit. Cross-sell/up-sell offers. Product upgrade/downgrade. Due diligence optimization. ATM limits. Adjudication/collection workflow optimization. Quality of business/underwriting evaluation. Payment terms. Regulatory/economic the customer side, ongoing behavior scoring is most often used for things such as: Ongoing Credit -limit setting. Regulatory/economic capital. Credit card/phone usage White Paper Renewal/reissue/re-pricing strategies. Credit card authorization strategy. Collections strategy. direct marketing prequalification. Evaluating/pricing portfolios. Cross-selling to existing Credit score is linked to a probability of default, which can then be used for portfolio modeling, pricing and capital allocation purposes.