Loan review or credit risk review is a significant risk management function. According to the 2020 regulatory guidance on credit risk review, it is integral to every insured depository institution’s safe and sound operation.
To be sure to get the most out of the loan review function, financial institutions should have a charter in place. They should structure loan review so that it reports up through the audit function, according to Ancin Cooley, CIA CISA, Principal and Founder of Synergy Bank Consulting and Synergy Credit Union Consulting.
Cooley says one way to make sure that your financial institution optimizes its loan review or credit review function is to start with a charter, a document outlining its purpose and other important matters.
“Why? Because it outlines the rules of engagement between the loan review function and the loan production function,” he says. Outlining the “rules of engagement” is important to ensure the loan or credit risk review is independent and objective.
The charter also outlines the budget for the loan review function, including a budget for loan review employees and their training, Cooley says. “It outlines the organizational structure and the reporting structure, as well as it outlines what meetings and what scope loan review will be responsible for.”
Such guard rails are important for loan review to ensure such decisions don’t come down to “My opinion versus somebody else’s opinion,” Cooley says.
He adds that loan review charters should be reviewed and approved by the financial institution’s board of directors.
A second way to make sure your financial institution optimizes its loan review or credit review function is to have it report up through the audit area of the bank or credit union.
“As a best practice, loan review should report up through the audit function,” Cooley says. “I’ve had the pleasure of teaching loan review courses for the last nine years, and so I’ve had a lot of conversations with loan review and credit risk professionals. One of the things I hear sometimes is that they can’t be independent when they’re reporting up to the CEO.”
What can happen if the loan review function does not report to auditing? One possibility is that the loan reviewer won’t downgrade a loan that they perhaps should downgrade “because they either report to the CEO, the Chief Credit Officer, or the Chief Risk Officer, who all report back up to the CEO,” Cooley says.
“If you want to create a culture where you can go fast, and you want to be certain that the health of your portfolio is accurate and is what it reflects in your loan review reports, your loan review function should report up through audit,” he adds.
“Some of you will say, ‘My outsourced loan review function reports to the Chief Credit Officer; isn’t that individual independent? Well, who does that Chief Credit Officer report to?’”
Cooley suggests considering the function of loan review, how that ties in with the reporting structure, and how the reporting structure could influence the content of the
For example, a loan reviewer reporting to the Chief Credit Officer might find it difficult or awkward to disparage other areas under that executive’s management.
“How am I going to criticize the credit analysis, the appraisal management function, the appraisal review function, or maybe how we’re monitoring things at a portfolio level?” he asks.
The first line of defense for mitigating credit risk is loan production, and the second line of defense is credit administration and loan administration. Audit and review make up the third line of defense, Cooley adds.
“So, in closing, if you want to hear the truth from loan review, make sure that they have a functional dotted line to audit and report administratively to someone in management,” Cooley says.