October 2015 Credit Data Management Looking Beyond DFAST, Basel III, and CECL By Oleg A. Blokhin, Jack A. Gregory, and David W. Keever Audit  |  Tax  |  Advisory  |  Risk  |  Performance .

An array of new and evolving regulatory requirements is driving U.S. banks to enhance significantly their credit data management capabilities. They must upgrade their approaches for capturing credit data from numerous sources and then store, transform, integrate, and analyze that data in ways that not only meet regulator expectations but also provide useful and actionable business and management insights. . Credit Data Management: Looking Beyond DFAST, Basel III, and CECL Upgrading or developing data management capabilities to meet these objectives requires a multiyear effort, a significant commitment to planning, and the provision of adequate resources, but the effort can add genuine value to the organization. What’s Driving the Demand for Better Credit Data? Many forces are driving today’s growing demand for improved credit data management capabilities. For purposes of discussion, these forces can be organized into two major categories: 1) those that result from changing regulatory and reporting requirements and 2) those that reflect fundamental changes within the financial services industry itself. Among the most widely recognized factors in the first category of driving forces is the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) and its many requirements, particularly those related to the reporting of capital stress-testing (DFAST) results. The expansion of the DFAST reporting mandate in the summer of 2015 is driving a number of medium-size institutions (those with $10 billion to $50 billion in assets) to recognize the need for improved credit data management. Meanwhile, others – including smaller institutions now nearing the $10 billion threshold – are also reassessing their ability to maintain and access the data that is needed to comply. Dodd-Frank’s effects extend far beyond stress testing, however.

Agencies authorized by Dodd-Frank, such as the Consumer Financial Protection Bureau (CFPB), require a growing array of regulatory reports and other information, all of which mean banks must be able to access timely and accurate credit data quickly and consistently. Regulatory and financial reporting standards, in addition to DFAST, also are imposing new credit data requirements on banks and other financial institutions. Examples include implementation of the Basel III rules for capital adequacy and planning for the Financial Accounting Standards Board’s soon-to-be-released standard on current expected credit losses (CECL). The second category of forces driving the need for improved credit data capabilities are those stemming from changes within the industry itself. As customer needs and expectations evolve, banks must respond with new methods and tools for meeting these needs. As a consequence, investors, management, and other stakeholders are changing their expectations as they devise new ways to use credit data and analytics to support business needs, implement more efficient processes, and, ultimately, achieve strategic goals.

Credit data is needed to support a spectrum of business needs, from valuation of purchased loan portfolios to the pricing of loan product offerings. www.crowehorwath.com 3 . Crowe Horwath LLP Where Banks Stand Today Responding to these regulatory and business forces, financial institutions are taking on increasingly ambitious data warehousing projects. There are indications, however, that they are not universally successful in doing so. For example, in a recent online webinar on credit data management hosted by Crowe Horwath LLP, bank executives were asked to characterize their organizations’ capabilities for managing and analyzing credit data. Of the more than 110 bank executives who responded, barely one-third (34 percent) said their institutions had comprehensive credit data and analytics management capabilities. Nearly a quarter (23 percent) had no formal credit data program or management capabilities in place. The remainder (43 percent) either had limited, “boutique”-style data capabilities or had effective data but no analytics capacity.

(See exhibit below.) Of course, the results of an online survey should not be regarded as a precise reading on the state of the industry. Nevertheless, the overall direction of the survey responses does make it clear that many institutions are struggling to develop the credit data warehousing and management systems they need to meet current and expected regulatory and business requirements. Exhibit: How Bank Executives View Their Current Credit Data Capabilities 23% 34% No formal credit data program or management Boutique data – flea market style Effective data, no analytics 23% 20% Comprehensive credit data and analytics management Source: Crowe online survey 4 . Credit Data Management: Looking Beyond DFAST, Basel III, and CECL Obstacles to Effective Data Warehousing The survey responses also suggest an obvious follow-up question: What’s preventing banks from developing more effective credit data management and analytics capabilities? As they attempt to upgrade their credit data warehousing, banks typically encounter a number of common obstacles. These include: Data quantity challenges. Data must be gathered from many disparate sources, both internal and external to the organization. Inevitably, this means some data will be gathered without context, clear ownership, and traceability to its source. Quality assurance concerns.

The wide variety of data sources has obvious implications for the quality of the data being used. Missing or incorrect data or data that is untrustworthy or irregularly maintained makes successful software testing inefficient or, worse, ineffective. Performance concerns. The data warehouse must be designed, tuned, and maintained carefully to meet the specific data purposes for which it is intended. Access and security concerns often compete and conflict. Misunderstanding the analytics.

Business users must be able to define precisely what types of analyses they need to perform so that analytics and reporting capabilities can be designed specifically to address those needs. Inadequate warehouse design. The careful definition of requirements at the beginning of a data warehouse project sometimes feels like an ineffective use of time and resources to business users. Nevertheless, this deliberate input and the extensive definition of requirements are essential to an effective design. Poor user acceptance.

Poor user acceptance often is a direct consequence of inadequate needs definition. This condition is exacerbated when redesign and redefinition become necessary. Cost concerns. Designing, developing, and implementing effective data management capabilities are not inexpensive efforts, but the investment of time and resources ultimately pays off – provided that adequate resources and disciplines are committed from the start.

False economics or unrealistic expectations upfront often will result in cost overruns and even larger final costs. Ongoing maintenance can represent substantial costs beyond initial development. www.crowehorwath.com 5 . Crowe Horwath LLP Prerequisites for Effective Credit Data Management With those obstacles in mind, another logical follow-up question arises: What will be needed to overcome the obstacles? Industry experience reveals that certain recurring characteristics are essential prerequisites to most successful credit data management efforts. These prerequisites include: Data standardization and aggregation for reporting and monitoring. The goal is to establish a single and trusted source of credit data that serves the needs of all users. To achieve this, data must be standardized across all sources and platforms, with sufficient granularity to enable risk management and supervisory analysis.

Data quality standards must be rigidly maintained, with sufficient data history to provide confidence and context. A front-to-back operating model. All risk-related processes should be designed and managed with an end-to-end perspective. This means the risk and finance processes (and their relevant data) should be aligned for consistency, and all risk-related processes should be aligned with the organization’s risk appetite. Appropriate infrastructure, architecture, and applications.

The data project should methodically cover all material regulatory and management requirements, including both current requirements and those envisioned in the foreseeable future. The use of flexible architecture, a layered integration approach, and modular components can be extremely useful tools in this effort. Addressing Specific Regulatory Data Issues Because compliance is one of the primary drivers in most data warehousing projects, it is important that data capabilities be developed in a way that integrates the requirements of the various regulatory systems and reporting standards in question. These systems and standards include: DFAST.

In addition to specific financial data (both operational and historical), DoddFrank stress-testing reports require careful validation of other data sources, including the input of macroeconomic data for the various scenarios being tested, as well as relevant market data, input assumptions, and reporting standards. Variations or inconsistencies in any of these areas can cause inaccurate stress-testing results. CECL. The CECL standard for calculating the appropriate allowance for loan and lease losses (ALLL) will use new models that will require much more data gathering than previous ALLL standards.

These data requirements will include more robust portfolio data, borrower and economic data, exposure-level data, historical balances, risk ratings, and charge-off and recovery data. Failure to capture the right peer or industry data will affect the accuracy of the institution’s risk analysis and credit loss allowance and could invite additional scrutiny from examiners. Basel III. The new Basel III rules for capital adequacy also require consistent data sourcing and reconciliation to accurately calculate important ratios, such as the liquidity coverage ratio and net stable funding ratio, as well as to accurately monitor liquidity risk, concentration of funding calculations, and the calculation of available unencumbered assets. 6 .

Credit Data Management: Looking Beyond DFAST, Basel III, and CECL Lessons Learned So how can an organization begin to address these numerous credit data management challenges, goals, and prerequisites? There is no single correct method, but the most successful efforts typically follow a logical sequence of phases, such as: â– â–  Phase one: Define the scope, and initiate the effort. Credit data stored in a centralized data warehouse usually differs from transactional data. Stored credit data often is archived and summarized, remaining static until it is refreshed or updated for analysis. Understanding this distinction can help define the scope of the credit data management effort in a more meaningful way. â– â–  Phase two: Gather information, and assess the current state.

This phase typically includes a gap analysis and capabilities assessment to identify strengths and weaknesses. â– â–  Phase three: Define needs, and assess maturity. In addition to comparing the organization’s existing capabilities with regulatory requirements, it is important to compare existing capabilities with anticipated business needs for added value. â– â–  Phase four: Develop a multiyear road map. Identify significant milestones associated with impending regulatory requirements, and use these markers to help define the project pace and priorities.

In addition, identify coming high-level strategic goals that the credit data warehouse must support, and determine the timing for the required upgrades. â– â–  Phase five: Define high-level plans. Define the specific organizational support and controls that will be needed for the project, including the estimated resources and costs that will be associated with it. â– â–  Phase six-plus: Execute, evaluate, and repeat. Ideally, upgrading credit data capabilities should not be regarded as a one-time event but rather as an ongoing process of continuous improvement. In carrying out such a phased approach, financial institutions should bear in mind some practical lessons learned in recent years from other data projects.

For example, the credit data management system – like all data systems in financial institutions – should be scalable, flexible, and capable of integrating new credit data sources that might arise due to changing business practices or future mergers or acquisitions. In addition, it should be adaptable to address future regulatory requirements. Above all, the credit data management tools that are implemented must be capable of supporting not only the institution’s regulatory compliance and financial reporting functions but also its capital planning and strategic planning needs. This broader view of the usefulness of credit data is necessary to achieve genuine business value from the effort and to help the organization realize a more favorable return on the investment of time and resources that will be required. www.crowehorwath.com 7 .

Contact Information Oleg Blokhin is with Crowe Horwath LLP and can be reached at +1 415 590 3885 or oleg.blokhin@crowehorwath.com. Jack Gregory is an information management consultant contracted by Crowe and can be reached at +1 269 365 2783 or jack.gregory@crowehorwath.com. Dave Keever is a principal with Crowe and can be reached at +1 317 706 2669 or dave.keever@crowehorwath.com. www.crowehorwath.com In accordance with applicable professional standards, some firm services may not be available to attest clients. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance specific to your organization from qualified advisers in your jurisdiction. © 2015 Crowe Horwath LLP, an independent member of Crowe Horwath International crowehorwath.com/disclosure FS-16005-011E .