Risk rating matrices, also called scorecards or templates, serve an important purpose for the commercial lender: they drive consistent risk ratings. The regulatory agencies do not prescribe what a risk rating system should look like at a given institution. Rather, the rating system “should reflect the complexity of its lending activities and the overall level of risk involved.” This discretion leaves the lender to develop its own risk rating process. Here are some best practices to consider when doing that.
Include Qualitative and Quantitative Factors
Limiting a risk rating matrix to only quantitative factors means that not all critical elements will be considered, making it more likely that the analyst will disagree with the outcome. If this happens often, analysts will discount the usefulness of the matrix and regulators will question the process.
It may seem counterintuitive that a matrix can include qualitative factors and still drive consistency. The key is to develop well-written choices for inputs. A discrete list is necessary to assign a value to each choice that will then be used in the rating calculation. Well-written choices ensure that analysts respond consistently to a question.
Consider the difference in the following options to capture “Management Experience.”
High: Senior management has 20+ years in the industry
Medium: Senior management has 10-20 years in the industry
Low: Senior management has <10 years in the industry
The second set removes ambiguity from the answer set and makes the qualitative element a little more quantitative. These descriptions could be expanded to include other relevant factors, such as how well they steered the borrower during a downturn or their ability to deliver on strategic objectives and budgets. What is important is to define the choices so that analysts apply them consistently.
Start with the 5Cs
It can be daunting to decide which factors to include. The 5Cs -- Character, Capacity, Capital, Conditions and Collateral -- provide a starting point. For purposes of the risk rating matrix, the 5Cs ensure each aspect of credit risk is considered, especially qualitative factors such as Conditions and Character.
Recognize Differences by Loan Type
An institution may think that it only needs a single matrix if the primary reason for using a risk rating matrix is to drive consistency. This approach neglects important differences inherent in some loan types. Some factors matter in one loan type and not in another. For example, loan to value is a critical element in real estate financing and is meaningless in an unsecured cash flow loan.
Starting from the same framework, such as the 5 Cs, helps the institution develop a coherent suite of matrices. It will then adjust certain factors to achieve an appropriate matrix for each loan type.
Focus on Drivers
This is likely one of the hardest recommendations to put into practice because institutions want their risk rating matrices to be comprehensive. After all, a secondary benefit of using one is a credit analysis process checklist to make sure the analyst has considered all the relevant factors. Why wouldn’t the matrix include every factor possible?
The reason is that some factors are more important than others, and even with weighting a critical element can be marginalized. For example, debt service coverage ratios (DSCR) are a key input in nearly every type of loan. Consider how the impact of this one factor would be significantly diluted if there are 20 factors being used versus 10 factors. If all factors other than DSCR are assigned 5%, then in the first case there is only 5% leftover for DSCR. In the second, you could allocate over 50% to DSCR. This is an extreme example but illustrates that at a certain point, more is not better because extraneous factors will reduce the impact of what is truly critical.
Test and Implement Changes Systematically
An institution needs systematic access to data to test changes efficiently and a controlled way to distribute updated scorecards. If risk ratings are done in a decentralized way, such as on individual spreadsheets, testing changes is resource intensive or may not be possible at all. Testing changes before deploying is crucial to make sure the immediate impact is understood and to confirm that the change is acting as expected. An institution that leverages technology to manage its risk rating process can also control distribution of updated scorecards more easily and ensure all ratings are based on the latest scorecard.
Learn more best practices for risk ratings by joining the upcoming webinar "Answers to the Most Often Asked Risk Rating Questions".