Using automation to optimize CECL compliance

The Current Expected Credit Loss (CECL) accounting standard aligns potential loan loss provision to the life of a loan. Using forward-looking models to estimate potential loan losses in a portfolio, it encourages lenders to account for loss provisions more realistically.

As well as an accounting standard, regulators are also now using CECL to assess regulatory capital provision, so CECL is changing how banks launch new products, manage their capital, and their overall cost of capital.

Banks are challenged to manage their data, their models, and their processes to deliver CECL compliance. Automated processes provide an opportunity to deliver compliance accurately and cost-effectively, to manage their cost base, and reduce the cost of capital.

Effective CECL Compliance – Using automation to achieve your goals

CECL is a step-change in the way that institutions manage their loan origination, loan management, and loss provisioning processes, as well as their policy management and compliance processes. It raises expectations about how institutions manage and control their data, create and manage their forward-looking models, calculate and audit their results, as well as define the policies and compliance procedures that cover CECL.

The CECL framework is designed to be implemented flexibly so that the smallest institutions can use Excel spreadsheets to support CECL, while others can make use of more complex IT databases, applications and environments to deliver compliance.

However institutions implement CECL, there are some key issues they must be able to address transparently, accurately and efficiently:

Data management: Institutions need to understand where their internal and external comes from, ensure that it is clean, accurate and complete, and ensure it meets data management standards.

Model Management: The key issues here are who owns and designs the CECL models, what data sources are used to calculate the core PD, LGD and economic metrics, how does the model work, and how is that validated? Issues around document management, change management and approvals are also important.

Reporting: Accurate and transparent reporting is core to CECL. The key issues include how are CECL results consolidated, reviewed and approved? How are issues in the results checked, changed and finally approved?

Policy Management: CECL covers a range of functions in the business, including IT, finance, compliance, modelling, risk management and others. Each will have their own policies and procedures, so the issue is how best does an institution implement a CECL policy for all these areas, to ensure CECL, as well as other policies, are complied with. Issues like ownership and change approval of the CECL policy need to be agreed, as well as how to best to review periodically against changing business and economic and regulatory needs.

Compliance: CECL compliance, from an accounting and regulatory perspective, covers deliver the results accurately and on time, as well as the validation of those results. This covers the data, the change management, the model definition, as well as IT security for example. Actions, as well as results, need to be able to stand up to scrutiny, for weeks and months after a deadline.

CECL compliance requires a range of functions, processes, and policies to work together seamlessly. There is a premium on delivering a compliance framework that is cost effective, efficient and non-disruptive to the business.

Core capabilities for CECL compliance

However an organization is approaching CECL, there are some core capabilities that will help achieve its objectives. 

Spreadsheet Risk Management:

Whether a business is using spreadsheets as the core application for CECL compliance, or using them as part of wider CECL application environment, their power and flexibility, combined with their lack of management controls and transparency mean they have scope to compromise the integrity and accuracy of the final CECL results.

To manage this risk, it is essential that institutions find the core CECL spreadsheets, risk assess them in terms of their importance to the CECL process, and then finally proactively monitor them, for errors, stale data, missing data and so forth. Change controls, with approvals and full auditability are a core element managing CECL effectively.

Model Risk Management:

The CECL model is a core element to compliance. Some institutions will resort to a model environment managed, by the corporate IT function, working to corporate standards. However, a large majority may opt for a CECL model environment run by end users, utilizing platforms such as MATLAB, Python or spreadsheets for example. Without suitable controls, change approvals, or document management, there is significant scope for model risk compromising the accuracy and integrity of the final CECL results.

Policy Management:

Defining and adhering to an institution’s CECL policy is a core element of effective CECL compliance. While organizations will be familiar with policy management for a range of topics, the integrated nature of CECL, covering risk, finance, IT, model management and compliance, means that a unified policy framework is essential. CECL will require a policy environment that is centralized and managed, but flexible too, perhaps utilizing templates that allow each function to follow the CECL framework, but in a way that fits in with their unique environment, language and processes.

Compliance Management:

The scale and diversity of those involved in the CECL process means that ensuring that everyone is complying with the overall policy is both important and time consuming. Again having disparate compliance systems and processes can works against an integrated compliance framework that CECL demands. Automation can be used to drive efficiency and effectiveness.


For CECL compliance, you need to meet your needs comprehensively and efficiently with proven, peer-tested solutions for streamlining CECL compliance processes and cutting costs.

Policy Management

A policy management solution like Mitratech’s PolicyHub saves time and improves efficiency, supporting effective CECL compliance by automating and streamlining the processes involved, and removing the complexities and errors involved. So you can build an ethical and defensible compliance program.

Enterprise Content Management

An ECM solution provides complete control over the capture, indexing, archival, retrieval, accessibility, delivery and retention of every item of business-critical information in an organization, via a secure central repository.  For financial services firms, this is especially vital.

EUC/Shadow IT Management

An automated tool like ClusterSeven lets you proactively discover, monitor, review, and audit changes made to End User Application spreadsheets and other “Shadow IT” data assets hidden across your enterprise that could impact CECL compliance.  Gain a centralized view of enterprise-wide critical spreadsheet use, assess and prioritize critical spreadsheets, and provide transparency for management and auditors about your most important files.

Compliance & Obligations Management

A compliance and obligations management solution, like Mitratech’s CMO offering, uses a simple, intuitive interface to let employees and auditors be proactive in incident and audit management, including Volcker Rule obligations, controls, investigations, and non-conformance reporting. Easily report incidents, understand your obligations, and continuously improve your compliance performance.

Enterprise Legal Management

With a top-tier ELM platform like TeamConnect, a corporate legal department can track and manage the many compliance-related matters associated with data privacy regulations, and reduce the outside legal spend involved in handling them.

Workflow Automation

A best-in-class workflow automation solution like Mitratech’s TAP is easy to adopt and use, and delivers nearly instant ROI as it allows form and process customization, reduces errors, accelerates workflows, builds collaboration, and provides automated archiving and e-signature integration, too.

CECL and compliance blog posts
Read how regulatory demands can impact your operations, and what some of the steps are to mitigate impacts.

See more compliance posts