Article

Financial services organizations should monitor and refresh CECL models

A model risk assessment should be the first step for many organizations

Dec 05, 2022

Key takeaways

Economic headwinds and uncertainty underscore the importance of scenario modeling.

Model risk assessment, ongoing monitoring, and documentation considerations are key.

Financial institutions need to put resources into continually assessing their models.

#
Financial services CECL

Many organizations are preparing for compliance with the current expected credit losses (CECL) standard, Accounting Standards Codification (ASC) Topic 326, which after Jan. 1, 2023, will be a requirement for every business that holds financial assets recorded at amortized cost, with certain exceptions.

For financial services organizations that are further along in their CECL journey, it will be crucial to examine how their CECL model is already working, the functionality of monitoring systems already in place, and ways they may need to refresh the model.

This is especially important because CECL requirements are more robust for organizations in the financial services space; for banks and other financial institutions, for instance, their entire loan and lease portfolio and certain securities are subject to the accounting standard.

Economic headwinds and uncertainty in the market could also lead to more loan and lease portfolio risk, which underscores the importance of modeling various scenarios and getting quality outputs from that modeling. Institutions should zero in on model risk assessment, ongoing monitoring, and documentation considerations to make their CECL compliance more robust.

Risk assessment considerations

A model risk assessment can determine the current-year model validation scope and frequency of validation activities and should be the first step for many financial services organizations evaluating their CECL models. Items to consider in such an assessment include:

  • Results of prior-year model validation activities and the status of any open findings
  • Results of ongoing monitoring activities
  • Updates and/or changes to model assumptions
  • Updates and/or changes to model documentation
  • Changes to model use or environment (applicable to the portfolio, economic conditions or other factors)

“One of the areas we see institutions struggling with around the model risk assessment is that they treat CECL differently from any of their other models,” says Nicholas Hahn, a risk consulting partner at RSM US LLP. That’s in part because of its significance and in part because it’s an accounting standard, rather than a model to forecast, project or improve performance, he adds. Treating CECL as a stand-alone model often means the organization may not have a proper model risk framework in place—and a solid framework is key to understanding how frequently the organization should validate the model.

“That risk assessment piece is crucial because it assesses not only the level of risk, but also sets the table for how the organization needs to manage the risk it just assessed,” Hahn says.

The assessment process can also help determine how frequently to revisit the model in the context of economic turbulence, interest rate changes and credit deterioration.                            

That risk assessment piece is crucial because it assesses not only the level of risk, but also sets the table for how the organization needs to manage the risk it just assessed.
Nicholas Hahn, risk consulting partner at RSM US LLP

Ongoing monitoring

Along with risk assessments, ongoing monitoring is central to understanding the performance of a CECL model. A challenge with CECL models, however, is projecting losses over the lives of loans that have constantly changing variables. That means models based on statistics or machine learning don’t always suffice. Instead, financial services organizations must rely on other techniques for monitoring.

Here are some important considerations for ongoing monitoring efforts:

  • Inputs, outputs and performance: Foundationally, organizations need to ensure the data elements they use in their model are consistent with how the model was built. They should also periodically and formally evaluate inputs and assumptions, as well as the model’s sensitivity to those assumptions.
  • Benchmarking and testing: Parallel testing, stress testing and sensitivity testing are all useful tools to test the boundaries of the model and ensure the team understands those boundaries.
  • Escalation framework: Institutions should have a clear framework that defines the thresholds that would call for escalation to senior leadership for review.

Just as importantly, financial services organizations need processes in place to ensure a smooth handoff of oversight from what is usually a cross-functional CECL committee—often put in place to bring a CECL model online—to the institution’s accounting function.

“Institutions need to understand when that shift might happen and what it means for oversight,” says Hahn. “It will also have implications for the control structure. As you move from a more cross-functional team with lots of eyes to more periodic, ongoing monitoring, there should still be meetings throughout the year to assess whether the model still makes sense.”

As part of that transition, organizations should also assess who has access to the model and its information and who might need—or no longer need—access.

“It’s one thing to have a model that puts out information to a board of directors, but if the board never sees it, that’s a huge problem,” Hahn says.

Documentation considerations

Alongside access issues, financial services organizations need to make sure their CECL model documentation clearly identifies users, owners, governance parties and anyone else involved in monitoring.

“Due to the complexities associated with CECL, model documentation is key and has taken on additional importance with relation to CECL compliance, especially due to its association with model risk,” says Andrew Broucek, a risk consulting director at RSM. “This documentation provides a road map not only for management’s CECL compliance but will be a key element of review by third parties, including regulators and auditors.”

The documentation should also clearly spell out the control structure of the model and identify to whom situations get escalated, whether that is the board of directors, a specific committee or another group.

Due to the complexities associated with CECL, model documentation is key and has taken on additional importance with relation to CECL compliance, especially due to its association with model risk. This documentation provides a road map not only for management’s CECL compliance but will be a key element of review by third parties, including regulators and auditors.
Andrew Broucek, risk consulting director at RSM

The takeaway

Because CECL calculations must include considerations related to historical performance as well as current and future trends affecting credit defaults and losses, financial institutions will need to put resources into continually assessing and revisiting their models. The judgments and estimates used in the forecasting process will need to continue to be refined and updated as actual and forecasted economic conditions change.

RSM contributors

  • Nicholas Hahn
    Partner
  • Andrew Broucek
    Partner

Subscribe to Financial Services Insights

Sign up now for a monthly update on the marketplace trends important to financial institutions, capital markets, asset management and other financial services.