Comment: Interagency Guidance on Credit Risk Review Systems

December 16, 2019

Gerard Poliquin

Secretary of the Board

National Credit Union Administration

1775 Duke Street

Alexandria, VA 22314

Re: NASCUS Comments on Interagency Guidance on Credit Risk Review Systems


Dear Mr. Poliquin:

The National Association of State Credit Union Supervisors (NASCUS)[1] submits the following in response to the National Credit Union Administration’s (NCUA’s) request for comments on the proposed Interagency Guidance on Credit Risk Review Systems (proposed Guidance).[2] The proposed Guidance outlines the key elements of a credit risk review system and the effective characteristics of a credit risk rating system.[3] NASCUS concurs with NCUA and the co-signed federal bank agencies (FBAs) that the proposed Guidance is a sound update to previously issued accounting and risk management guidance and will help further mitigate risk in credit unions and other depository institutions. As reflected in our comments below, there are some areas of the proposed Guidance in which regulatory balance could be improved by providing institutions greater flexibility. Other aspects of the proposed Guidance’s application to credit unions would benefit from further clarification.

NCUA Should Clarify Expectations Related to Uniform Rating Systems and Federally Insured Credit Unions

In its comment letters, NASCUS often encourages NCUA to align the agency’s regulation and guidance with its FBA peers where appropriate. We commend NCUA for joining the FBAs in issuing guidance in 2006 on Allowance for Loan and Lease Losses (ALLL) and in this proposed guidance on mitigating credit risk.[4] However, because of differences in how NCUA and the FBAs treat the entirety of both commercial and consumer credit risk review and differences between common practices between banks and credit unions, we recommend NCUA add a section to this guidance clarifying expectations for federally insured credit unions (FICUs) in implementing credit risk ratings systems for consumer credit.

In the proposed Guidance’s section entitled “Credit Risk Rating (or Grading) Framework” NCUA identifies a Credit Risk Rating system as the foundation of any effective Credit Risk Review framework. However, as noted in the proposal’s footnote 7, NCUA does not require credit unions to adopt a uniform regulatory classification system.[5] As we read the proposed Guidance, it does not appear NCUA intends to require credit unions to change current practices and adopt a uniform classification system. To prevent confusion, NCUA should state explicitly whether the proposed Guidance requires credit unions adopt a uniform classification system or otherwise deviate from existing credit union specific guidance issued by NCUA.[6]

The Proposed Guidance Would Benefit from Additional Discussion of Appropriate Credit Risk Review Systems in Modest-Sized Institutions

The proposed Guidance notes that the principles of a sound Credit Risk Review function are scalable to the size, complexity, portfolio, and risk profile, among other factors.[7] However, the proposed Guidance maintains the need for complete independence of an internal review function from both the credit granting decision as well as internal audit.

As stated above, NASCUS agrees that a robust and effective Credit Risk Review system is an essential element of a meaningful enterprise risk mitigation program. Furthermore, NASCUS believes credit unions of all sizes and complexities should maintain a program for monitoring and reviewing credit risk. Our concern with the proposed Guidance as drafted is that as a practical matter, it provides but a single option for smaller credit unions: third-party verification.

In many modest-sized credit unions, the availability of qualified, independent staff to serve as Credit Risk Review personnel to the extent envisioned by the proposed Guidance is limited. Rather, we believe many modest-sized institutions utilize credit risk review committees to review existing loan portfolios. Often, these review committees have as members the individuals (including senior management) that approved the initial loans. The modest-sized credit unions rely on the “group” dynamic to honestly evaluate the quality and condition of the loans. However, the proposed Guidance would seem to prohibit this form of review structure and require modest sized credit unions to outsource the credit review function or add staff explicitly to perform the Credit Review. Footnote 6 of the proposed Guidance reads as follows:

Small or rural institutions that have few resources or employees may adopt modified credit risk review procedures and methods to achieve a proper degree of independence. For example, in the review process, such an institution may use qualified members of the staff, including loan officers, other officers, or directors, who are not involved with originating or approving the specific credits being assessed and whose compensation is not influenced by the assigned risk ratings. It is appropriate to employ such modified procedures when more robust procedures and methods are impractical. Institution management should have reasonable confidence that the personnel chosen will be able to conduct reviews with the needed independence despite their position within the loan function.

-84 Fed. Reg. 55682 (October 17, 2019)

Requiring modest-sized credit unions to hire staff explicitly to perform the independent review or retain an outside party to conduct the independent reviews is a costly mandate. If in fact that is the only effective risk mitigation structure acceptable from a supervisory perspective, NASCUS would like to see a more detailed discussion and analysis of the performance of Credit Risk Review efforts as currently conducted in modest-sized credit unions.

NCUA Should consider a Risk Focused Approach to Credit Risk Review Systems

The proposed Guidance reiterates that an independent Credit Risk Review should be conducted on all loans at least annually, or more frequently as necessary.[8] In discussing the possible need for more frequent reviews, the proposed Guidance cites the institution’s experience with the portfolio.[9] NASCUS recommends NCUA consult with state regulators and commence discussions with stakeholders as to whether there is room to employ some elements of a risk-focused approach to the Credit Risk Review process. For example, while experience with a portfolio might trigger more frequent reviews, might experience with specific loans or portfolios be grounds for less frequent reviews. If the proposed Guidance is confirmed to require third party reviews in smaller credit unions, allowing for periodic rather than annual reviews might result in significant resource savings for those institutions.

NASCUS appreciates the opportunity to submit comments on the NCUA’s proposed Interagency Guidance on Credit Risk Review Systems. We agree the review of credit risk is an essential element of risk management. We support the issuance of the proposed Guidance and are happy to discuss our recommendations further at your convenience.


– signature redacted for electronic publication –


Brian Knight

Executive Vice President & General Counsel


[1] NASCUS is the professional association of the nation’s 45 state credit union regulatory agencies that charter and supervise over 2,100 credit unions.

[2] 84 Fed. Reg. 55679 (October 17, 2019).

[3] Id. at 55861.

[4] See NCUA Accounting Bulletin No. 06–01 (December 2006). Available at

[5] 84 Fed. Reg. 55683 (October 17, 2019).

[6] NCUA guidance such NCUA Letters to Credit Unions 10–CU–02, ‘‘Current Risks in Business Lending and Sound Risk Management Practices,’’(January 2010) and 10–CU–03, ‘‘Concentration Risk,’’ (March 2010).

[7] 84 Fed. Reg. 55682 (October 17, 2019).

[8] 84 Fed. Reg. 55683 (October 17, 2019).

[9] Ibid.


NASCUS Comments – Interagency Guidance on Credit Risk Review Systems 2019 – final