Risk management has assumed increased importance of regulatory compliance point of view. Credit risk, being an important component of risk, has been adequately focused upon. Credit risk management can be viewed at two levels—at the level of an individual asset or exposure and at the portfolio level. Credit risk management tools, therefore, have to work at both individual and portfolio levels.

Traditional tools of credit risk management include loan policies, standards for presentation of credit proposals, delegation of loan approving powers, multi-tier credit approving systems, prudential limits on credit exposures to companies and groups, stipulation of financial covenants, standards for collaterals, limits on asset concentrations and independent loan review mechanisms. Monitoring of non-performing loans has, however, a focus on remedy rather than advance warning or prevention. Banks assign internal ratings to borrowers, which will determine the interest spread charged over PLR. These ratings are also used for monitoring of loans.

Some central banks like the RBI have suggested the use of rating models like Altman’s Z score models at individual loan/company level and risk models like CreditMetrics and CreditRisk+ at the portfolio level. While evaluating credit and monitoring, banks use a number of financial ratios. There have been studies of predictive ability of various ratios. Attempts at combining different ratios into a single measure by using the statistical technique of "multiple discriminant analysis" have also been made. Among these, Altman’s Z-Score is well known.

It forecasts the probability of a company entering bankruptcy. The model combines five financial ratios into a single index.

Practitioners, however, had difficulties in using the model, as the classification error is high for more than one year in advance.

Thus, by the time the model could be applied on published financial data, it would be too late for any action to be taken.

Recently, significant advances have been made in credit risk modeling at the portfolio level. The interest is not confined to academicians alone. Policy makers and practitioners are also working on applying these models. CreditMetrics and CreditRisk+ were released in 1997.

CreditMetrics was developed by JP Morgan and focuses on estimating the volatility of asset values caused by variations in the quality of assets. To compute volatility, the model tracks the "rating migration"—the probability that a borrower of one risk rating migrates to another risk rating. CreditRisk+ was developed by Credit Suisse Financial Products. It is a statistical method for measuring and accounting for credit risk. The model is based on actuarial calculation of expected default rates and unexpected losses from default. The model is based on insurance industry models of event risk. Under CreditRisk+, each individual obligor has a default probability. The default probability is not constant over time but changes in response to background economic factors.

To the extent that more than obligors are sensitive to the same background economic factors, their default probabilities move together, which can lead to correlations in defaults. Can banks go ahead and adopt models in their credit risk management process? Which model to go for? A direct comparison of models is not simple, as different models may be presented with rather different mathematical frameworks. For example, given the same portfolio of credit exposures, the two models mentioned above have been found to be, in general, yielding differing evaluations of credit risk.

The problem is not just that of selection of a model but that of validating the model chosen. As credit risk models employ relatively longer time horizons (one year to several years), their validation poses major difficulties in requiring many years of historical data spanning multiple credit cycles for estimating key parameters accurately. As a contrast, market risk models use a much shorter time horizon and their "backtesting" becomes simpler. Practitioners and researchers alike have reported "data insufficiency" to be a key impediment to design and implementation. However, it is critical that regulators are confident that models are conceptually sound and empirically validated before they can be used in the process of supervisory process and computation of capital requirements.

The task force has rightly recognized that data availability and model validation are two hurdles to be crossed before the next step is taken. In fact, the recent revisions to the 1988 Basel Accord, do not envisage permitting banks to set their capital requirements solely on the basis of their own credit risk models.

Internationally, the degree to which models have been incorporated into the credit management and economic capital allocation process varies greatly between banks. Large-sized banks across the world have put in place risk adjusted return on capital framework for pricing of loans. Banks have implemented different models for corporate and retail businesses.

While only a small number of banks are currently using models for active credit risk management, the internal applications are varied and include setting of concentration and exposure limits, risk-based pricing, evaluation of risk-adjusted performance of business lines or managers and customer profitability analysis. As discussed above, credit risk models require, most importantly, historical loan loss data and other model variables, spanning multiple credit cycles.

Banks must, therefore, as a first step, endeavor building adequate database for implementing credit risk modeling over a period of time.

Most banks will need expert help in the preparatory and implementation phases – education and training, study of available models, building models depending on a bank’s business profile, model validation, data sufficiency studies and building systems for ongoing data build up.

To be able to move swiftly in this area, banks need to work from the sides of both the business analytics and the supporting technology infrastructure. It is going to be some significant investment, but considering that it is "risk management" that they are going to spend on, it should be worthwhile!

The author, H S Rajashekhar, is with i-flex Consulting, India. The views expressed in this article are his own.