Skip to Content

Notice

Interagency Guidance on Credit Risk Review Systems

This document has a comment period that ends in 5 days. (12/16/2019) Submit a formal comment

Read the 7 public comments

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Enhanced Content

Relevant information about this document from Regulations.gov provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Office of the Comptroller of the Currency (OCC), Treasury; Board of Governors of the Federal Reserve System (Board); Federal Deposit Insurance Corporation (FDIC); and National Credit Union Administration (NCUA).

ACTION:

Proposed guidance.

SUMMARY:

The OCC, the Board, the FDIC, and the NCUA (collectively, the agencies) are inviting comment on proposed guidance for credit risk review systems. This proposed guidance is relevant to all institutions supervised by the agencies. The proposed guidance discusses sound management of credit risk, a system of independent, ongoing credit review, and appropriate communication regarding the performance of the institution's loan portfolio to its management and board of directors.

DATES:

Comments must be received by December 16, 2019.

ADDRESSES:

Interested parties are encouraged to submit written comments to any or all of the agencies listed below. The agencies will share comments with each other.

Comments should be directed to:

OCC: You may submit comments to the OCC by any of the methods set forth below. Commenters are encouraged to submit comments through the Federal eRulemaking Portal or email, if possible. Please use the title “Interagency Guidance on Credit Risk Review Systems” to facilitate the organization and distribution of the comments. You may submit comments by any of the following methods:

  • Federal eRulemaking Portal—“Regulations.gov”: Go to www.regulations.gov. Enter “Docket ID OCC-2019-0018” in the Search Box and click “Search.” Click on “Comment Start Printed Page 55680Now” to submit public comments. Click on the “Help” tab on the Regulations.gov home page to get information on using Regulations.gov, including instructions for submitting public comments.
  • Email: regs.comments@occ.treas.gov.
  • Mail: Chief Counsel's Office, Attn: Comment Processing, Office of the Comptroller of the Currency, 400 7th Street SW, Suite 3E-218, Washington, DC 20219.
  • Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218, Washington, DC 20219.

Instructions: You must include “OCC” as the agency name and “Docket ID OCC-2019-0018” in your comment. In general, the OCC will enter all comments received into the docket and publish the comments on the Regulations.gov website without change, including any business or personal information provided such as name and address information, email addresses, or phone numbers. Comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not include any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure.

You may review comments and other related materials that pertain to this rulemaking action by any of the following methods:

  • Viewing Comments Electronically: Go to www.regulations.gov. Enter “Docket ID OCC-2019-0018” in the Search box and click “Search.” Click on “Open Docket Folder” on the right side of the screen. Comments and supporting materials can be viewed and filtered by clicking on “View all documents and comments in this docket” and then using the filtering tools on the left side of the screen. Click on the “Help” tab on the Regulations.gov home page to get information on using Regulations.gov. The docket may be viewed after the close of the comment period in the same manner as during the comment period.
  • Viewing Comments Personally: You may personally inspect comments at the OCC, 400 7th Street SW, Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 649-6700 or, for persons who are deaf or hearing impaired, TTY, (202) 649-5597. Upon arrival, visitors will be required to present valid government-issued photo identification and submit to security screening in order to inspect comments.

Board: When submitting comments, please consider submitting your comments by email or fax because paper mail in the Washington, DC area and at the Board may be subject to delay.

You may submit comments, identified by OP-1679, by any of the following methods:

All public comments will be made available on the Board's website at: http://www.federalreserve.gov/​generalinfo/​foia/​RevisedRegs.cfm as submitted, unless modified for technical reasons or to remove personally identifiable information at the commenter's request. Accordingly, comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper in Room 3515, 1801 K Street NW (between 18th and 19th Streets NW), between 9:00 a.m. and 5:00 p.m. on weekdays.

FDIC: You may submit comments, identified by FDIC RIN 3064-ZA09, by any of the following methods:

  • Agency website: https://www.fdic.gov/​regulations/​laws/​federal/​. Follow instructions for submitting comments on the Agency website.
  • Mail: Robert E. Feldman, Executive Secretary, Attention: Comments/Legal ESS, Federal Deposit Insurance Corporation, 550 17th Street NW, Washington, DC 20429.
  • Hand Delivery/Courier: Comments may be hand-delivered to the guard station at the rear of the 550 17th Street NW building (located on F Street) on business days between 7:00 a.m. and 5:00 p.m.
  • Email: comments@FDIC.gov. Comments submitted must include “FDIC” and “RIN 3064-ZA09” on the subject line of the message.
  • Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
  • Public Inspection: All comments received must include “FDIC” and “RIN 3064-ZA09” for this rulemaking. All comments received will be posted without change to http://www.fdic.gov/​regulations/​laws/​federal/​, including any personal information provided.

NCUA: You may submit comments by any one of the following methods (please send comments by one method only):

  • Federal rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
  • Email: Address to regcomments@ncua.gov. Include “[Your name]—Comments on “Interagency Guidance on Credit Risk Review Systems” in the email subject line.
  • Fax: (703) 518-6319. Use the subject line described above for email.
  • Mail: Address to Gerard Poliquin, Secretary of the Board, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.
  • Hand Delivery/Courier: Same as mail address.

Public Inspection: You can view all public comments on NCUA's website at https://www.ncua.gov/​regulation-supervision/​rules-regulations/​proposed-pending-and-recently-final-regulations as submitted, except for those we cannot post for technical reasons. NCUA will not edit or remove any identifying or contact information from the public comments submitted. You may inspect paper copies of comments in NCUA's law library at 1775 Duke Street, Alexandria, Virginia 22314, by appointment weekdays between 9:00 a.m. and 3:00 p.m. To make an appointment, call (703) 518-6546 or send an email to OGCMail@ncua.gov.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

OCC: Beth Nalyvayko, Bank Examiner, or Lou Ann Francis, Director, Commercial Credit Risk, (202) 649-6670; or Kevin Korzeniewski, Counsel, Chief Counsel's Office, (202) 649-5490. For persons who are hearing impaired, TTY, (202) 649-5597.

Board: Constance Horsley, Deputy Associate Director, (202) 452-5239; Virginia Gibbs, Manager, (202) 452-2521; or Carmen Holly, Lead Financial Institution Policy Analyst (202) 973-6122, the Division of Supervision and Regulation; or Alyssa O'Connor, Attorney, Legal Division, (202) 452-3886, Board of Governors of the Federal Reserve System, 20th and C Streets NW, Washington, DC 20551.

FDIC: Thomas F. Lyons, Chief, Policy & Program Development, tlyons@fdic.gov (202) 898-6850; George J. Small, Senior Examination Specialist, Risk Management Policy, gsmall@fdic.gov (917) 320-2750, Risk Management Supervision; Ann M. Adams, Senior Examination Specialist, Risk Management Policy, Start Printed Page 55681 annadams@ fdic.gov (347) 751-2469, Risk Management Supervision; or Andrew B. Williams II, Counsel, andwilliams@fdic.gov; (202) 898-3581, Supervision and Legislation Branch, Legal Division, Federal Deposit Insurance Corporation; 550 17th Street NW, Washington, DC 20429.

NCUA: Vincent H. Vieten, Senior Credit Specialist (703) 518-6618; Uduak Essien, Director (703) 518-6399, Division of Credit Markets; or Ian Marenna, Associate General Counsel (703) 518-6554, Office of General Counsel.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

I. Background

The agencies' current credit risk review guidance is contained in Attachment 1—Loan Review Systems—of the Interagency Policy Statement on the Allowance for Loan and Lease Losses (ALLL) (2006 attachment 1).[1] The agencies are proposing to update that guidance to reflect the current expected credit losses methodology (CECL).[2] Further, the agencies recognize that credit risk review systems have a broader application in risk management programs than just providing information on the collectibility of an institution's loan portfolio for determining an appropriate level for the ACLs or Allowance for Loan and Lease Losses (ALLL), as applicable. Therefore, the agencies are proposing to issue guidance on credit risk review systems as a standalone guidance document and accordingly rescind the 2006 attachment 1. The proposed guidance on credit risk review will continue to be applicable to all supervised institutions.

II. Overview of the Proposed Interagency Guidance on Credit Risk Review Systems

The proposed guidance aligns with the Interagency Guidelines Establishing Standards for Safety and Soundness (Guidelines) [3] which sets out safety and soundness standards for insured depository institutions to establish a system for independent, ongoing credit risk review, and including regular communication to its management and board of directors regarding the institution's loan portfolio performance.[4] This guidance is appropriate for all institutions [5] and describes a broad set of practices that can occur either within a dedicated unit or multiple units throughout an institution to form a credit risk review system consistent with safe-and-sound lending practices and the Guidelines. This guidance outlines principles for use in developing and maintaining an effective credit risk review system. The nature of credit risk review systems typically varies based on an institution's size, complexity, loan types, risk profile, and risk management practices. Therefore, the proposed guidance attempts to highlight principles that can be scaled to an institution's loan activity.

The proposed guidance incorporates and updates the principles enumerated in 2006 attachment 1 and reaffirms the key elements of an effective credit risk review system, including qualifications and independence of credit risk review personnel; the frequency, scope and depth of reviews; and the review of findings and follow-up; communication, and distribution of results. The proposed guidance includes updates to reflect current industry credit review practices and examples of credit risk review procedures and methods to help ensure a proper degree of independence for small institutions. The proposed guidance also outlines characteristics of an effective credit risk rating framework, including the factors used to assign ratings to promote an effective risk review by qualified, independent parties. As described in the proposed guidance, independence from the lending function is an important characteristic for personnel who assess credit risks, develop the credit review plan, and follow-up on review findings.

The proposed guidance discusses various criteria for consideration in determining the scope of a risk-based loan review, including factors such as loan size, credit information, borrower relationship, concentration levels, performance, and other risk indicators. Further, it articulates expectations for communicating review results. The proposed guidance also discusses resolving risk rating differences between loan officers and credit risk review personnel; conducting discussions with appropriate loan officers and department managers; and obtaining management responses for corrective action to address credit risk review findings.

III. Request for Comment

The agencies request comments on all aspects of this proposed guidance, including, but not limited to, those set forth below.

Question 1: To what extent does the proposed credit review guidance reflect current sound practices for an institution's credit risk review activities? What elements should be added or removed, and why?

Question 2: To what extent is the proposed credit review guidance appropriate for institutions of all asset sizes? What elements should be added or removed for institutions of differing sizes, and why?

Question 3: What if any additional factors should the agencies consider incorporating into the guidance to help achieve a sufficient degree of independence and why? To what extent does the approach described for small or rural institutions with fewer resources or employees provide for an appropriate degree of independence in the credit review function? What if any modifications should the agencies consider and why?

IV. The Paperwork Reduction Act

In accordance with the requirements of the Paperwork Reduction Act of 1995 (PRA),[6] the agencies may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number.

The proposed guidance will not create any new or revise any existing collections of information under the PRA. Therefore, no information collection request will be submitted to the OMB for review.

V. Proposed Guidance

The text of the proposed guidance is as follows:Start Printed Page 55682

INTERAGENCY GUIDANCE ON CREDIT RISK REVIEW SYSTEMS

Introduction

The Interagency Guidelines Establishing Standards for Safety and Soundness (Guidelines) [1] underscore the critical importance of credit risk review and set safety and soundness standards for insured depository institutions to establish a system for independent, ongoing credit risk review, and for appropriate communication to its management and board of directors.[2] This guidance, which aligns with the Guidelines, is appropriate for all institutions [3] and describes a broad set of practices that can be used either within a dedicated unit or across multiple units throughout an institution to form a credit risk review system that is consistent with safe-and-sound lending practices. This guidance outlines principles that an institution should consider in developing and maintaining an effective credit risk review system.

Overview of Credit Risk Review Systems

The nature of credit risk review systems [4] varies based on an institution's size, complexity, loan types, risk profile, and risk management practices. For example, in smaller or less complex institutions, a credit risk review system may include qualified members of the staff, including loan officers, other officers, or directors, who are independent of the credits being assessed. In larger or more complex institutions, a credit risk review system may include components of a dedicated credit risk review function that are independent of the institution's lending function. A credit risk review system may also include various responsibilities assigned to credit underwriting, loan administration, a problem loan workout group, or other organizational units of an institution. Among other responsibilities, these groups may administer the internal problem loan reporting process, maintain the integrity of the credit risk rating process, confirm that timely and appropriate changes are made to loan risk ratings, and support the quality of information used to estimate the Allowance for Credit Losses (ACL) or the Allowance for Loan and Lease Losses, (ALLL), as applicable.[5] Additionally, some or all of the credit risk review function may be outsourced to a qualified third party.

Regardless of the structure, an effective credit risk review system accomplishes the following objectives:

  • Promptly identifies loans with actual and potential credit weaknesses so that timely action can be taken to strengthen credit quality and minimize losses.
  • Appropriately validates and, if necessary, adjusts risk ratings, especially for those loans with potential or well-defined credit weaknesses that may jeopardize repayment.
  • Identifies relevant trends that affect the quality of the loan portfolio and highlights segments of the loan portfolio that are potential problem areas.
  • Assesses the adequacy of and adherence to internal credit policies and loan administration procedures and monitors compliance with applicable laws and regulations.
  • Evaluates the activities of lending personnel, including their compliance with lending policies and the quality of their loan approval, monitoring, and risk assessment.
  • Provides management and the board of directors with an objective, independent, and timely assessment of the overall quality of the loan portfolio.
  • Provides management with accurate and timely credit quality information for financial and regulatory reporting purposes, including the determination of appropriate ACL or ALLL, as applicable.

Credit Risk Rating (or Grading) Framework

The foundation for any effective credit risk review system is accurate and timely risk ratings to assess credit quality and identify or confirm problem loans. An effective credit risk rating framework includes the monitoring of individual loans and retail portfolios, or segments thereof, with similar risk characteristics. An effective framework also provides important information on the collectibility of the portfolio for use in the determination of an appropriate ACL or ALLL, as applicable. Further, an effective framework generally places primary reliance on the lending staff to assign accurate and timely risk ratings and identify emerging loan problems. However, given the importance of the credit risk rating framework, the lending personnel's assignment of particular risk ratings is typically subject to review by qualified and independent: (i) Peers, managers, or loan committee(s); (ii) part-time or full-time employee(s); (iii) internal departments staffed with credit review specialists; or (iv) external credit review consultants. A risk rating review that is independent of the lending function and approval process can provide a more objective assessment of credit quality.[6]

An effective credit risk rating framework includes the following attributes:

  • A formal credit risk rating system in which the ratings reflect the risk of default and credit losses, and for which a written description of the credit risk framework is maintained, including a Start Printed Page 55683discussion of the factors used to assign appropriate risk ratings to individual loans and retail portfolios, or segments thereof, with similar risk characteristics.[7]
  • Identification or grouping of loans that warrant the special attention of management or other designated “watch lists” of loans that management is more closely monitoring.[8]
  • Clear explanation of why particular loans warrant the special attention of management or have received an adverse risk rating.
  • Evaluation of the effectiveness of approved workout plans.
  • A method for communicating direct, periodic, and timely information to the institution's senior management and the board of directors or appropriate board committee on the status of loans identified as warranting special attention or adverse classification, and the actions taken by management to strengthen the credit quality of those loans.
  • Information on the institution's historical loss experience for each segment of the loan portfolio.[9]

Elements of an Effective Credit Risk Review System

An effective credit risk review system starts with a written credit risk review policy [10] that is reviewed and approved at least annually by the institution's board of directors or appropriate board committee to evidence its support of, and commitment to, maintaining an effective system. Effective policies include a description of the overall risk rating framework, and establish responsibilities for loan review based on the portfolio being assessed. An effective credit risk review policy addresses the following elements, described in more detail below: The qualifications and independence of credit risk review personnel; the frequency, scope, and depth of reviews; the review of findings and follow-up; and communication and distribution of results.

Qualifications of Credit Risk Review Personnel

An effective credit risk review function is staffed with personnel who are qualified based on their level of education, experience, and extent of formal credit training. Qualified personnel are knowledgeable in both sound lending practices and the institution's lending guidelines for the types of loans offered by the institution. The level of experience and expertise for all personnel involved in the credit risk review process is expected to be commensurate with the nature of the risk and complexity of the portfolios. In addition, qualified credit risk review personnel possess knowledge of relevant laws, regulations, and supervisory guidance.

Independence of Credit Risk Review Personnel

An effective credit risk review system uses both the initial identification of emerging problem loans by loan officers and other line staff, and an assessment of loans by personnel independent of the credit approval process. Placing primary responsibility on loan officers, risk officers, and line staff is important for continuous portfolio analysis and prompt identification and reporting of problem loans. Because of frequent contact with borrowers, loan officers and line staff can usually identify potential problems before they become apparent to others. However, institutions should be careful to avoid over-reliance on loan officers and line staff for identification of problem loans. An independent assessment of risk is achieved when personnel who perform the loan review do not have control over the loan and are not part of, or influenced by individuals associated with, the loan approval process.

While a larger institution may establish a separate department staffed with credit review specialists, cost and volume considerations may not justify such a system in a smaller institution. For example, in the review process, smaller institutions may use an independent committee of outside directors or qualified members of the staff, including loan officers, other officers, or directors, who are not involved with originating or approving the specific credits being assessed and whose compensation is not influenced by the assigned risk ratings. Whether or not the institution has a dedicated credit risk review department, it is prudent for the credit risk review function to report directly to the institution's board of directors or a committee thereof, consistent with safety and soundness standards. Senior management may be responsible for appropriate administrative functions provided such an arrangement does not compromise the independence of the credit risk review function.

The institution's board of directors, or a committee thereof, may outsource the credit risk review function to an independent third party.[11] However, the responsibility for maintaining a sound credit risk review process remains with the institution's board of directors. In any case, institution personnel who are independent from the lending function typically assess risks, develop the credit risk review plan, and verify appropriate follow-up of findings. Outsourcing of the credit risk review function to the institution's external auditor requires additional independence considerations.[12]

Frequency of Reviews

An effective credit risk review system provides for review and evaluation of an institution's significant loans, loan products, or groups of loans at least annually, on renewal, or more frequently when internal or external factors indicate a potential for deteriorating credit quality or the existence of one or more other risk factors. The credit risk review function can also provide useful continual feedback on the effectiveness of the Start Printed Page 55684lending process in order to identify any emerging problems. Ongoing or periodic review of an institution's loan portfolio is particularly important to the estimation of ACLs or the ALLL because loss expectations may change as the credit quality of a loan changes. Use of key risk indicators or performance metrics by credit risk review management can support adjustments to the frequency and scope of reviews.

Scope of Reviews

Comprehensive and effective reviews cover all segments of the loan portfolio that pose significant credit risk or concentrations, and other loans that meet certain institution-specific criteria. A properly designed scope considers the current market conditions or other external factors that may affect a borrower's current or future ability to repay the loan. Establishment of an appropriate review scope also helps ensure that the sample of loans selected for review is representative of the portfolio as a whole and provides reasonable assurance that any credit quality deterioration or unfavorable trends are identified. An effective credit risk review function also considers industry standards for credit risk review coverage consistent with the institution's size, complexity, loan types, risk profile, and risk management practices and helps to verify whether the review scope is appropriate. The institution's board of directors or appropriate board committee typically approves the scope of the credit risk review on an annual basis or whenever significant interim changes are made in order to adequately assess the quality of the current portfolio. An effective scope of credit risk review is generally risk-based and typically includes:

  • Loans over a predetermined size.
  • A sufficient sample of smaller loans, new loans, and new loan products.
  • Loans with higher risk indicators, such as low credit scores, high credit lines, or those credits approved as exceptions to policy.
  • Segments of the loan portfolio experiencing rapid growth.
  • Exposures from non-lending activities that also pose credit risk.
  • Past due, nonaccrual, renewed, and restructured loans.
  • Loans previously adversely classified and loans designated as warranting the special attention of the institution's management.[13]
  • Loans to insiders or related parties.
  • Loans to affiliates.
  • Loans constituting concentrations of credit risk and other loans affected by common repayment factors.

Depth of Transaction Reviews

Loans selected for review are typically evaluated for:

  • Credit quality, soundness of underwriting and risk identification, borrower performance, and adequacy of the sources of repayment.
  • Validity of assumptions.
  • Creditworthiness of guarantors or sponsors.
  • Sufficiency of credit and collateral documentation.
  • Proper lien perfection.
  • Proper approvals consistent with internal policies.
  • Adherence to any loan agreement covenants.
  • Compliance with internal policies and procedures (such as nonaccrual, and classification or risk rating policies), laws, and regulations.
  • Quality of the information used in the credit loss estimation process, including the reasonableness of assumptions used and the timeliness of charge-offs.
  • The accuracy of risk ratings and the appropriateness and timeliness of the identification of problem loans by loan officers.

Review of Findings and Follow-Up

An important activity of an effective credit risk review system is the discussion of the review findings, including all noted deficiencies, identified weaknesses, and any existing or planned corrective actions (including time frames for correction) with appropriate loan officers, department managers, and senior management. An effective system includes processes for all noted deficiencies and weaknesses that remain unresolved beyond the scheduled time frames for correction to be promptly reported to senior management and the board of directors or appropriate board committee.

It is important to resolve risk rating differences between loan officers and loan review personnel according to a pre-arranged process. That process may include formal appeals procedures and arbitration by an independent party or may require default to the assigned classification or grade that indicates lower credit quality. If credit risk review personnel conclude that a borrower is less creditworthy than is perceived by the institution, the lower credit quality classification or grade typically prevails unless internal parties identify additional information sufficient to obtain the concurrence of the independent reviewer or arbiter on the higher credit quality classification or grade.

Communication and Distribution of Results

Personnel involved in the credit risk review process typically prepare a list of all loans reviewed, the date of review, and a summary analysis that substantiates the risk ratings assigned to the loans reviewed. Effective communication involves providing results of the credit risk reviews to the board of directors or appropriate board committee at least quarterly.[14] Comprehensive reporting includes comparative trends that identify significant changes in the overall quality of the loan portfolio, the adequacy of, and adherence to, internal policies and procedures, the quality of underwriting and risk identification, compliance with laws and regulations, and management's response to substantive criticisms or recommendations. Such comprehensive reporting provides the board of directors or appropriate board committee with insight into the portfolio and the responsiveness of management and facilitates timely corrective action of deficiencies.

Start Signature

Dated: October 1, 2019

Joseph M. Otting,

Comptroller of the Currency.

By order of the Board of Governors of the Federal Reserve System, October 3, 2019.

Ann E. Misback,

Secretary of the Board.

Federal Deposit Insurance Corporation.

Dated at Washington, DC, on September 20, 2019.

Robert E. Feldman,

Executive Secretary.

By the National Credit Union Administration Board on September 20, 2019.

Gerard Poliquin,

Secretary of the Board.

End Signature End Supplemental Information

Footnotes

1.  See OCC Bulletin 2006-47 (December 13, 2006); FDIC Financial Institution Letter FIL-105-2006 (December 13, 2006); Federal Reserve Supervision and Regulation (SR) letter 06-17 (December 13, 2006); NCUA Accounting Bulletin No. 06-01 (December 2006).

Back to Citation

2.  The Financial Accounting Standards Board's (FASB's) Accounting Standards Update 2016-13, Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments and subsequent amendments issued since June 2016 are codified in Accounting Standards Codification (ASC) Topic 326, Financial Instruments—Credit Losses (FASB ASC Topic 326). FASB ASC Topic 326 revises the accounting for the allowances for credit losses (ACLs) and introduces CECL. The proposed guidance on CECL is contained in a separate notice published in today's Federal Register.

Back to Citation

3.  12 CFR part 30, Appendix A (OCC); 12 CFR part 208 Appendix D-1 (Board); and 12 CFR part 364 Appendix A (FDIC). See Part 723 of the NCUA Rules and Regulations.

Back to Citation

4.  For foreign banking organization branches, agencies, or subsidiaries not operating under single governance in the United States, the U.S. risk committee would serve in the role of the board of directors for purposes of this guidance.

Back to Citation

5.  For purposes of this guidance, regulated institutions are those supervised by the following agencies: The Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC).

Back to Citation

1.  12 CFR part 30, Appendix A (OCC); 12 CFR part 208 Appendix D-1 (Board); and 12 CFR part 364 Appendix A (FDIC). Part 723 of NCUA Rules and Regulations.

Back to Citation

2.  For foreign banking organization branches, agencies, or subsidiaries not operating under single governance in the United States, the U.S. risk committee would serve in the role of the board of directors for purposes of this guidance.

Back to Citation

3.  For purposes of this guidance, regulated institutions are those supervised by the following agencies: The Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC) hereafter referred to as the “agencies.”

Back to Citation

4.  The credit risk review function is not intended to be performed by an institutions' internal audit function. However, as discussed in the agencies' March 2003 Interagency Policy Statement on the Internal Audit Function and its Outsourcing (2003 policy statement), some institutions coordinate the internal audit function with several risk monitoring functions, such as the credit risk review function. The 2003 policy statement states that coordination of credit risk review with the internal audit function can facilitate the reporting of material risk and control issues to the audit committee, increase the overall effectiveness of these monitoring functions, better utilize available resources, and enhance the institution's ability to comprehensively manage risk. However, an effective internal audit function maintains the ability to independently audit the credit risk review function. (The NCUA was not an issuing agency of the 2003 policy statement.)

Back to Citation

5.  Credit risk review may be referred to as loan review, credit review, asset quality review, or another name as chosen by an institution. The role of and expectations for credit risk review as discussed in this document are distinct from the roles and expectations for other groups within an institution that are also responsible for monitoring, managing and reporting credit risk. Examples may be those involved with lending functions, independent risk management, loan work outs, and accounting. Each institution indicates in its own policies and procedures the specific roles and responsibilities of these different groups, including separation of duties. A credit risk review unit, or individuals serving in that role, can rely on information provided by other units in developing its own independent assessment of credit risk in loan portfolios, but should critically evaluate such information to maintain its own view, and not rely exclusively on such information.

Back to Citation

6.  Small or rural institutions that have few resources or employees may adopt modified credit risk review procedures and methods to achieve a proper degree of independence. For example, in the review process, such an institution may use qualified members of the staff, including loan officers, other officers, or directors, who are not involved with originating or approving the specific credits being assessed and whose compensation is not influenced by the assigned risk ratings. It is appropriate to employ such modified procedures when more robust procedures and methods are impractical. Institution management should have reasonable confidence that the personnel chosen will be able to conduct reviews with the needed independence despite their position within the loan function.

Back to Citation

7.  A bank or savings association may have a credit risk rating framework that differs from the framework for loan classifications used by the federal banking agencies. Such banks and savings associations should maintain documentation that translates their risk ratings into the regulatory classification framework used by the federal banking agencies. This documentation will enable examiners to reconcile the totals for the various loan classifications or risk ratings under the institution's system to the federal banking agencies' categories contained in the Uniform Agreement on the Classification and Appraisal of Securities Held by Depository Institutions Attachment 1—Classification Definitions (OCC: OCC Bulletin 2013-28; Board: SR Letter 13-18; and FDIC: FIL-51-2013). The NCUA does not require credit unions to adopt a uniform regulatory classification system. Risk rating guidance for credit unions is set forth in NCUA letters to credit unions 10-CU-02, “Current Risks in Business Lending and Sound Risk Management Practices,” issued January 2010 and 10-CU-03, “Concentration Risk,” issued March 2010. See also the Commercial and Member Business Loans section of the NCUA Examiner's Guide (Commercial and Member Business Loans > Credit Risk Rating Systems).

Back to Citation

8.  In addition to loans designated as “watch list,” this identification typically includes loans rated special mention, substandard, doubtful or loss.

Back to Citation

9.  In particular, institutions with large and complex loan portfolios typically maintain records of their historical loss experience for credits in each of the categories in their risk rating framework. For banks and savings associations, these categories are either those used by, or those that can be translated into those used by, the federal banking agencies.

Back to Citation

10.  See the Guidelines.

Back to Citation

11.  For a discussion of the expectations for institutions that use outside service providers, refer to SR letter 13-19/CA letter 13-21, “Guidance on Managing Outsourcing Risk,” issued by the Board on December 5, 2013; FIL-44-2008, “Guidance for Managing Third-Party Risk,” issued by the FDIC on June 6, 2008; and OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” issued by the OCC on October 30, 2013. For credit unions, refer to NCUA letters to credit unions 01-CU-20 “Due Diligence over Third Party Service Providers,” issued November 2001 and 07-CU-13 “Evaluating Third Party Relationships” issued December 2007.

Back to Citation

12.  For further information with respect to restrictions for external auditors performing internal bank functions, refer to the Interagency Policy Statement on the Internal Audit Function and its Outsourcing, Part III Independence of the Independent Public Accountant.

Back to Citation

13.  See footnote 8.

Back to Citation

14.  A board of directors or appropriate board committee should be informed more frequently than quarterly when material adverse trends are noted. When an institution conducts loan file reviews less frequently than quarterly, the board or appropriate board committee will typically receive results on other credit risk review activities quarterly.

Back to Citation

[FR Doc. 2019-22656 Filed 10-16-19; 8:45 am]

BILLING CODE 4810-33-P; 6210-01-P; 6714-01-P; 7535-01-P