Current Expected Credit Loss (CECL)

Effective CECL Compliance – Using automation to achieve your goals

CECL is a step-change in the way that institutions manage their loan origination, loan management, and loss provisioning processes, as well as their policy management and compliance processes. It raises expectations about how institutions manage and control their data, create and manage their forward-looking models, calculate and audit their results, as well as define the policies and compliance procedures that cover CECL.

The CECL framework is designed to be implemented flexibly so that the smallest institutions can use Excel spreadsheets to support CECL, while others can make use of more complex IT databases, applications and environments to deliver compliance.

However institutions implement CECL, there are some key issues they must be able to address transparently, accurately and efficiently:

Data management: Institutions need to understand where their internal and external comes from, ensure that it is clean, accurate and complete, and ensure it meets data management standards.

Model Management: The key issues here are who owns and designs the CECL models, what data sources are used to calculate the core PD, LGD and economic metrics, how does the model work, and how is that validated? Issues around document management, change management and approvals are also important.

Reporting: Accurate and transparent reporting is core to CECL. The key issues include how are CECL results consolidated, reviewed and approved? How are issues in the results checked, changed and finally approved?

Policy Management: CECL covers a range of functions in the business, including IT, finance, compliance, modelling, risk management and others. Each will have their own policies and procedures, so the issue is how best does an institution implement a CECL policy for all these areas, to ensure CECL, as well as other policies, are complied with. Issues like ownership and change approval of the CECL policy need to be agreed, as well as how to best to review periodically against changing business and economic and regulatory needs.

Compliance: CECL compliance, from an accounting and regulatory perspective, covers deliver the results accurately and on time, as well as the validation of those results. This covers the data, the change management, the model definition, as well as IT security for example. Actions, as well as results, need to be able to stand up to scrutiny, for weeks and months after a deadline.

CECL compliance requires a range of functions, processes, and policies to work together seamlessly. There is a premium on delivering a compliance framework that is cost effective, efficient and non-disruptive to the business.

Core capabilities for CECL compliance

However an organization is approaching CECL, there are some core capabilities that will help achieve its objectives. 

Spreadsheet Risk Management:

Whether a business is using spreadsheets as the core application for CECL compliance, or using them as part of wider CECL application environment, their power and flexibility, combined with their lack of management controls and transparency mean they have scope to compromise the integrity and accuracy of the final CECL results.

To manage this risk, it is essential that institutions find the core CECL spreadsheets, risk assess them in terms of their importance to the CECL process, and then finally proactively monitor them, for errors, stale data, missing data and so forth. Change controls, with approvals and full auditability are a core element managing CECL effectively.

Model Risk Management:

The CECL model is a core element to compliance. Some institutions will resort to a model environment managed, by the corporate IT function, working to corporate standards. However, a large majority may opt for a CECL model environment run by end users, utilizing platforms such as MATLAB, Python or spreadsheets for example. Without suitable controls, change approvals, or document management, there is significant scope for model risk compromising the accuracy and integrity of the final CECL results.

Policy Management:

Defining and adhering to an institution’s CECL policy is a core element of effective CECL compliance. While organizations will be familiar with policy management for a range of topics, the integrated nature of CECL, covering risk, finance, IT, model management and compliance, means that a unified policy framework is essential. CECL will require a policy environment that is centralized and managed, but flexible too, perhaps utilizing templates that allow each function to follow the CECL framework, but in a way that fits in with their unique environment, language and processes.

Compliance Management:

The scale and diversity of those involved in the CECL process means that ensuring that everyone is complying with the overall policy is both important and time consuming. Again having disparate compliance systems and processes can works against an integrated compliance framework that CECL demands. Automation can be used to drive efficiency and effectiveness.