FinanceOctober 22, 2018

The dangers of ‘DIY’: Why banks may struggle with in-house solutions to CECL compliance

If you want something done right, do it yourself, the saying goes – but when it comes to some aspects of compliance this may not apply. As the Current Expected Credit Loss (CECL) standard looms, we’ve noticed many banks are considering developing solutions in-house to meet their CECL needs. In this piece, we’ll explore the risks of this approach, and explain why CECL will in most cases warrant seeking external support.

At heart, CECL may seem relatively simple. It will require financial institutions to estimate the losses associated with credit instruments throughout their entire lifecycle at the time of origination or purchase, essentially shifting banks from a retroactive, incurred loss model to a forward-looking expected loss framework. It’s also easy enough to understand the arguments for a self-build approach to CECL. Many banks have already invested heavily in systems and teams that can generate a range of sophisticated calculations to meet reporting requirements, and see no reason why, with a few tweaks, these shouldn’t be capable of meeting CECL-related demands. 

However, in our view the far-reaching changes that CECL will introduce to credit risk management and reporting mean it is significantly more complex and demanding than it may initially appear, and likely to strain even the most robust in-house solution. Broadly, CECL covers six major areas:

  1. Data Management and Governance
  2. Segmentation and Credit Risk Assessment
  3. Macro Variabilities Impact
  4. Expected Credit Loss Calculation
  5. Accounting
  6. Disclosures

Each of these will require detailed and transparent reconciliations, and complete auditability of data. Adding to the challenge are a few distinct characteristics of CECL:

The need for speed: Unlike traditional stress tests, which are conducted on an annual or biannual basis, CECL processes will need to be performed regularly and at the speed of business closing cycles. Even if banks run these processes in arrears and save reconciliations for later, they will take up a substantial amount of time and significant system resources on a near-constant basis.

Managing multiplicity: The number of departments and distinct processes covered in the six CECL steps make acquiring and managing the necessary data no small task. In addition, any self-built system needs to be Sarbanes-Oxley compliant, another goal that will take time to vet and document. And banks will be contending with this while attempting to address the requirements, reconciliations and auditing needs associated with other prudential regulatory reports.

Manufacturing models: Existing stress-testing models may prove suitable for CECL with appropriate modifications – but those modifications are often more intensive than banks expect, and many have decided to abandon the effort and build new models from scratch (the only option for those not already performing mandated stress testing).

Challenging ratios: CECL will inevitably result in larger allowances being set aside than the current incurred loss standard, and its impact on capital planning will need to be factored into any self-built systems or processes. These systems can create ‘what if’ scenarios and analyzing the impact of possible CECL-induced volatility on capital levels and reported earnings. It’s worth remembering that forecasts must not only satisfy internal demands but also withstand the scrutiny of analysts and the wider market.

Protecting profitability: Larger allowances mean return on equity and economic value added (EVA) levels are likely to decline, a fact that is already driving behavioral changes by financial institutions under the international equivalent of CECL, IFRS 9 – changes that are likely to draw the attention of regulators focused on fair lending and other compliance issues. CECL functionality must also be incorporated into budgeting and planning processes, and examiners and auditors will expect to see reconciliation and analysis of actual versus projected CECL results.

Detailed disclosures: CECL will require an unprecedented degree of granularity throughout the six major areas mentioned, as well as in explanations of changes in credit instruments and associated impacts on forecasts, scenarios and models. What’s more, the standard itself is certain to undergo change as its effects are better understood, meaning self-built systems will in effect be dealing with a moving target.

The burden of self-build

Building a system capable of addressing all these needs consistently throughout an end-to-end process is a formidable task, but in effect only half the battle, since CECL will also require the development of governance and compliance processes to support this technological infrastructure. It’s little surprise, then, that banks that have attempted to build IFRS 9 solutions without external support – the closest scenario to going it alone with a CECL implementation – have in many cases discovered those systems are not adequate.

This builds the case for partnering with a vendor with deep sector expertise that can offer a dedicated CECL solution. Working with a qualified third party allows the bank to benefit from their experience, and to in effect import the best practices the vendor has established through previous CECL implementations.

A CECL solution will be most effective if it is modular and flexible, equally fit for being used as a point solution to cover specific gaps in the bank’s existing framework, or serving as a strategic platform for end-to-end CECL compliance.

Bearing in mind the complexity of CECL, the solution should be capable of processing, monitoring and generating data on a wide range of financial products and events throughout their lifecycle, and versatile enough to assess credit risk by applying a range of advanced and historical models and calculations. It should also enable full data transparency and traceability to satisfy current and emerging disclosure needs.

It is natural that some internal teams would have concerns about the disruptive impact of such a wide-ranging solution on existing systems or processes, or even on their own roles. But if a CECL solution is based on open architecture it can be easily integrated into the bank’s existing technology infrastructure. It can also create new business possibilities, freeing teams from the burden of addressing more compliance deadlines and demands, and shifting their focus from data processing to data analysis.

As CECL has far-reaching implications for finance, risk and regulatory reporting alike, a robust solution can pave the way for greater communication and collaboration among these functions, enabling data to be shared and manipulated in a way that supports enhanced analysis, forecasting, budgeting and planning. Rather than outsourcing or a tacit admission of inadequacy, engaging an external partner to support CECL compliance should be viewed as a tactical decision that ‘de-risks’ a difficult regulatory transformation, enabling related teams to not only weather the change, but contribute more effectively to their organizations.

by William Newcomer, VP Strategy and Business Development, Wolters Kluwer, Finance, Risk and Reporting
OneSumX for Finance, Risk and Regulatory Reporting
A best-in-class integrated regulatory compliance and reporting solution suite that establishes a single source of data for finance, risk and regulatory reporting.