The current expected credit loss (CECL) accounting standard has certainly been a focus for financial institutions the past few years. Now, it’s knocking at your door. You have likely worked through your data, picked the models you’ll use, and started to run parallel analysis with your allowance for loan losses. What happens next?
The work is not done after you select your model
Consider how to prepare for your institution’s first audit or examination. It all comes down to documentation. You might need to completely update and enhance your internal controls, policies, procedures, and qualitative and environmental analysis.
Overall, management is responsible for developing, maintaining, and documenting a systematic, disciplined, and consistently applied process for determining your allowance for credit losses (ACL). The goal is to design, document, and implement policies, procedures, internal controls, systems, and models that result in management’s best estimate of the ACL. Remember CECL is a different model, so your institution must design and document new and redesigned controls.
Review Implementation Steps
While you design and document your internal control environment, consider key steps of the process, including model selection, segmentation, data, analysis, forecasting, reversion, and protection.
Consider and document these risks:
- Relevance and reliability, including completeness and accuracy of data, such as:
- Historical loss data.
- Prepayment rates.
- Contractual terms.
- Payment structure.
- Selection and application of model(s).
- Information systems (data integrity).
- Potential for management bias.
- Estimation uncertainty (preciseness).
- Transparency and clarity of ACL disclosures.
Put specific controls into place upon implementation:
- Segregation of duties (access to core system, data, and to model software).
- Approval controls (approval of charge-offs).
- Verification controls (tracing loan data to signed notes to confirm they are coded to proper loan segment).
- Reconciliation controls (loan data from ACL system to core).
- Management review and approvals (who and how documented).
Review these additional considerations when using a third-party vendor:
- Management cannot rely solely on the vendor.
- Management must take responsibility for the model and have a clear understanding of how the model works, such as: key inputs, assumptions, and reasonableness of output.
- Obtain SOC 1 reports from the vendor to verify controls at the third-party are in place and working.
- Request your provider has a model validation performed.
Documentation Is Key
As you evaluate the above, show your auditors, regulators, and governance the why behind the model. Documenting this takes significant time and effort and might involve many departments at your institution, so do not delay.
Whether you are running an in-house developed model or are working with a third-party provider, there will be ongoing model risk management aspects to consider. Validate your CECL model once it is up and running — preferably before CECL is implemented — so you can make tweaks and changes.
As discussed in the Final Interagency Policy Statement on Allowances for Credit Losses, model validation is an essential element to a properly functioning process. Validations are designed to help the models perform as expected and meet the objectives of the users.
Model validations should evaluate design and theory as well as assumptions, validate data, and provide an understanding of management’s knowledge of the model functions and output. CECL model validations should also assess ongoing monitoring, process verification, benchmarking, outcomes analysis, and backtesting.
Answer Important Questions Confidently
Your auditors and examiners will ask specific questions. Your policies, procedures, and controls — along with key members of management — should be able to answer them.
- Are you familiar with CECL?
- Are you familiar with the interagency statement and frequently asked questions?
- Do you have a CECL implementation plan?
- Have you discussed CECL with your audit firm?
- Have you formed a CECL implementation committee?
- How are you retaining data for the calculation (including data from third-party service providers)?
- Do you plan to use a third party to calculate your ACL?
- Have you determined the impact on your net worth?
- Why did management select the model(s)/methodology?
- How did management determine the relevant data and assumptions are appropriate?
- What system, data, or model limitations were identified and how did management address these issues?
- What is management’s ongoing process for evaluation of data and model(s)?
- Are inputs and outputs from the model(s) complete and accurate?
- Does management document and have support for the key assumptions, including the factors?
- Are financial statement disclosures appropriate?
- Is the ACL sufficient?
Fully document your entire CECL process to help make your institution’s next audits and examinations go smoothly. Your auditors will use this process when they evaluate your control environment, your ACL opening adjustment, and the year-end ACL balance.
Remember, your job is not over once you select the model(s) used to calculate your ACL. Start documenting the process now while the information is still top of mind.
For more information on CECL models, contact Bryan W. Mogensen at bryan.mogensen@CLAconnect.com or 602-604-3551.
The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting, investment, or tax advice or opinion provided by CliftonLarsonAllen LLP (CliftonLarsonAllen) to the reader. For more information, visit CLAconnect.com.
CLA exists to create opportunities for our clients, our people, and our communities through our industry-focused wealth advisory, outsourcing, audit, tax, and consulting services. Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.