Decisioning Strategies

--by Tom Hannagan

I was hoping someone would ask about these risk management terms…and someone did. The obvious answer is that the “A” and the “O” are reversed. But, there’s more to it than that. First, let’s see how the acronyms were derived. RORAC is Return on Risk-Adjusted Capital. RAROC is Risk-Adjusted Return on Capital. Both of these five-letter abbreviations are a step up from ROE.

This is natural, I suppose, since ROE, meaning Return on Equity of course, is merely a three-letter profitability ratio. A serious breakthrough in risk management and profit performance measurement will have to move up to at least six initials in its abbreviation. Nonetheless, ROE is the jumping-off point towards both RORAC and RAROC.

ROE is generally Net Income divided by Equity, and ROE has many advantages over Return on Assets (ROA), which is Net Income divided by Average Assets. I promise, really, no more new acronyms in this post.

The calculations themselves are pretty easy. ROA tends to tell us how effectively an organization is generating general ledger earnings on its base of assets.  This used to be the most popular way of comparing banks to each other and for banks to monitor their own performance from period to period. Many bank executives in the U.S. still prefer to use ROA, although this tends to be those at smaller banks.

ROE tends to tell us how effectively an organization is taking advantage of its base of equity, or risk-based capital. This has gained in popularity for several reasons and has become the preferred measure at medium and larger U.S. banks, and all international banks. One huge reason for the growing popularity of ROE is simply that it is not asset-dependent. ROE can be applied to any line of business or any product. You must have “assets” for ROA, since one cannot divide by zero. Hopefully your Equity account is always greater than zero. If not, well, lets just say it’s too late to read about this general topic.

The flexibility of basing profitability measurement on contribution to Equity allows banks with differing asset structures to be compared to each other.  This also may apply even for banks to be compared to other types of businesses. The asset-independency of ROE can also allow a bank to compare internal product lines to each other. Perhaps most importantly, this permits looking at the comparative profitability of lines of business that are almost complete opposites, like lending versus deposit services. This includes risk-based pricing considerations. This would be difficult, if even possible, using ROA.

ROE also tells us how effectively a bank (or any business) is using shareholders equity. Many observers prefer ROE, since equity represents the owners’ interest in the business. As we have all learned anew in the past two years, their equity investment is fully at-risk. Equity holders are paid last, compared to other sources of funds supporting the bank. Shareholders are the last in line if the going gets rough. So, equity capital tends to be the most expensive source of funds, carrying the largest risk premium of all funding options. Its successful deployment is critical to the profit performance, even the survival, of the bank. Indeed, capital deployment, or allocation, is the most important executive decision facing the leadership of any organization.

So, why bother with RORAC or RAROC? In short, it is to take risks more fully into the process of risk management within the institution. ROA and ROE are somewhat risk-adjusted, but only on a point-in-time basis and only to the extent risks are already mitigated in the net interest margin and other general ledger numbers. The Net Income figure is risk-adjusted for mitigated (hedged) interest rate risk, for mitigated operational risk (insurance expenses) and for the expected risk within the cost of credit (loan loss provision).

The big risk management elements missing in general ledger-based numbers include: market risk embedded in the balance sheet and not mitigated, credit risk costs associated with an economic downturn, unmitigated operational risk, and essentially all of the strategic risk (or business risk) associated with being a banking entity. Most of these risks are summed into a lump called Unexpected Loss (UL). Okay, so I fibbed about no more new acronyms. UL is covered by the Equity account, or the solvency of the bank becomes an issue.

RORAC is Net Income divided by Allocated Capital. RORAC doesn’t add much risk-adjustment to the numerator, general ledger Net Income, but it can take into account the risk of unexpected loss. It does this, by moving beyond just book or average Equity, by allocating capital, or equity, differentially to various lines of business and even specific products and clients. This, in turn, makes it possible to move towards risk-based pricing at the relationship management level as well as portfolio risk management.  This equity, or capital, allocation should be based on the relative risk of unexpected loss for the different product groups. So, it’s a big step in the right direction if you want a profitability metric that goes beyond ROE in addressing risk. And, many of us do.

RAROC is Risk-Adjusted Net Income divided by Allocated Capital. RAROC does add risk-adjustment to the numerator, general ledger Net Income, by taking into account the unmitigated market risk embedded in an asset or liability. RAROC, like RORAC, also takes into account the risk of unexpected loss by allocating capital, or equity, differentially to various lines of business and even specific products and clients. So, RAROC risk-adjusts both the Net Income in the numerator AND the allocated Equity in the denominator. It is a fully risk-adjusted metric or ratio of profitability and is an ultimate goal of modern risk management. 

So, RORAC is a big step in the right direction and RAROC would be the full step in management of risk. RORAC can be a useful step towards RAROC. RAROC takes ROE to a fully risk-adjusted metric that can be used at the entity level.  This  can also be broken down for any and all lines of business within the organization. Thence, it can be further broken down to the product level, the client relationship level, and summarized by lender portfolio or various market segments. This kind of measurement is invaluable for a highly leveraged business that is built on managing risk successfully as much as it is on operational or marketing prowess.

Please refer to my blogs five and six for more information about ROE and the term “unpredictable variability:”  http://www.decisionanalyticsblog.experian.com/blog/risk-based-pricing-2

RORAC versus RAROC ?
--by Tom Hannagan

I was hoping someone would ask about these risk management terms…nd someone did. The obvious answer is that the “A” and the “O” are reversed. But, there’s more to it than that. First, let’s see how the acronyms were derived. RORAC is Return on Risk-Adjusted Capital. RAROC is Risk-Adjusted Return on Capital. Both of these five-letter abbreviations are a step up from ROE. This is natural I suppose since ROE, meaning Return on Equity of course, is merely a three-letter profitability ratio. A serious breakthrough in risk management and profit performance measurement will have to move up to at least six initials in its abbreviation. Nonetheless, ROE is the jumping-off point towards both RORAC and RAROC.

ROE is generally Net Income divided by Equity, and ROE has many advantages over Return on Assets (ROA), which is Net Income divided by Average Assets. I promise, really, no more new acronyms in this post.

The calculations themselves are pretty easy. ROA tends to tell us how effectively an organization is generating general ledger earnings on its base of assets.  This used to be the most popular way of comparing banks to each other and for banks to monitor their own performance from period to period. Many bank executives in the U.S. still prefer to use ROA, although this tends to be those at smaller banks.

ROE tends to tell us how effectively an organization is taking advantage of its base of equity, or risk-based capital. This has gained in popularity for several reasons and has become the preferred measure at medium and larger U.S. banks, and all international banks. One huge reason for the growing popularity of ROE is simply that it is not asset-dependent. ROE can be applied to any line of business or any product. You must have “assets” for ROA, since one cannot divide by zero. Hopefully your Equity account is always greater than zero. If not, well, lets just say it’s too late to read about this general topic.

The flexibility of basing profitability measurement on contribution to Equity allows banks with differing asset structures to be compared to each other.  This also may apply even for banks to be compared to other types of businesses. The asset-independency of ROE can also allow a bank to compare internal product lines to each other. Perhaps most importantly, this permits looking at the comparative profitability of lines of business that are almost complete opposites, like lending versus deposit services. This includes risk-based pricing considerations. This would be difficult, if even possible, using ROA.

ROE also tells us how effectively a bank (or any business) is using shareholders equity. Many observers prefer ROE, since equity represents the owners’ interest in the business. As we have all learned anew in the past two years, their equity investment is fully at-risk. Equity holders are paid last, compared to other sources of funds supporting the bank. Shareholders are the last in line if the going gets rough. So, equity capital tends to be the most expensive source of funds, carrying the largest risk premium of all funding options. Its successful deployment is critical to the profit performance, even the survival, of the bank. Indeed, capital deployment, or allocation, is the most important executive decision facing the leadership of any organization.

So, why bother with RORAC or RAROC? In short, it is to take risks more fully into the process of risk management within the institution. ROA and ROE are somewhat risk-adjusted, but only on a point-in-time basis and only to the extent risks are already mitigated in the net interest margin and other general ledger numbers. The Net Income figure is risk-adjusted for mitigated (hedged) interest rate risk, for mitigated operational risk (insurance expenses) and for the expected risk within the cost of credit (loan loss provision).

The big risk management elements missing in general ledger-based numbers include: market risk embedded in the balance sheet and not mitigated, credit risk costs associated with an economic downturn, unmitigated operational risk, and essentially all of the strategic risk (or business risk) associated with being a banking entity. Most of these risks are summed into a lump called Unexpected Loss (UL). Okay, so I fibbed about no more new acronyms. UL is covered by the Equity account, or the solvency of the bank becomes an issue.

RORAC is Net Income divided by Allocated Capital. RORAC doesn’t add much risk-adjustment to the numerator, general ledger Net Income, but it can take into account the risk of unexpected loss. It does this, by moving beyond just book or average Equity, by allocating capital, or equity, differentially to various lines of business and even specific products and clients. This, in turn, makes it possible to move towards risk-based pricing at the relationship management level as well as portfolio risk management.  This equity, or capital, allocation should be based on the relative risk of unexpected loss for the different product groups. So, it’s a big step in the right direction if you want a profitability metric that goes beyond ROE in addressing risk. And, many of us do.

RAROC is Risk-Adjusted Net Income divided by Allocated Capital. RAROC does add risk-adjustment to the numerator, general ledger Net Income, by taking into account the unmitigated market risk embedded in an asset or liability. RAROC, like RORAC, also takes into account the risk of unexpected loss by allocating capital, or equity, differentially to various lines of business and even specific products and clients. So, RAROC risk-adjusts both the Net Income in the numerator AND the allocated Equity in the denominator. It is a fully risk-adjusted metric or ratio of profitability and is an ultimate goal of modern risk management. 

So, RORAC is a big step in the right direction and RAROC would be the full step in management of risk. RORAC can be a useful step towards RAROC. RAROC takes ROE to a fully risk-adjusted metric that can be used at the entity level.  This  can also be broken down for any and all lines of business within the organization. Thence, it can be further broken down to the product level, the client relationship level, and summarized by lender portfolio or various market segments. This kind of measurement is invaluable for a highly leveraged business that is built on managing risk successfully as much as it is on operational or marketing prowess.

Please refer to my blogs five and six for more information about ROE and the term “unpredictable variability:”  http://www.decisionanalyticsblog.experian.com/blog/risk-based-pricing-2

--by Keir Breitenfeld
 
Many compliance regulations such the Red Flags Rule, USA Patriot Act, and ESIGN require specific identity elements to be verified and specific high risk conditions to be detected. However, there is still much variance in how individual institutions reconcile referrals generated from the detection of high risk conditions and/or the absence of identity element verification. With this in mind, risk-based authentication, (defined in this context as the “holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time") offers institutions a viable strategy for balancing the following competing forces and pressures:

• Compliance – the need to ensure each transaction is approved only when compliance requirements are met;
• Approval rates – the need to meet business goals in the booking of new accounts and the facilitation of existing account transactions;
• Risk mitigation – the need to minimize fraud exposure at the account and transaction level.

A flexibly-designed risk-based authentication strategy incorporates a robust breadth of data assets, detailed results, granular information, targeted analytics and automated decisioning. This allows an institution to strike a harmonious balance (or at least something close to that) between the needs to remain compliant, while approving the vast majority of applications or customer transactions and, oh yeah, minimizing fraud and credit risk exposure and credit risk modeling.

 Sole reliance on binary assessment of the presence or absence of high risk conditions and identity element verifications will, more often than not, create an operational process that is overburdened by manual referral queues. There is also an unnecessary proportion of viable consumers unable to be serviced by your business. Use of analytically sound risk assessments and objective and consistent decisioning strategies will provide opportunities to calibrate your process to meet today’s pressures and adjust to tomorrow’s as well.
 
 
 

--by Roger Ahern

The value of a good decision can generate $150 or more in customer net present value, while the cost of a bad decision can cost you $1,000 or more.  For example, acquiring a new and profitable customer by making good prospecting and approval and pricing decisions and decisioning strategies may generate $150 or much more in customer net present value and help you increase net interest margin and other key metrics.  While the cost of a bad decision (such as approving a fraudulent applicant or inappropriately extending credit that ultimately results in a charge-off) can cost you $1,000 or more.

Why is risk management decisioning important?

This issue is critical because average-sized financial institutions or telecom carriers make as many as eight million customer decisions each year (more than 20,000 per day!).  To add to that, very large financial institutions make as many as 50 billion customer decisions annually.  By optimizing decisions, even a small 10-to-15 percent improvement in the quality of these customer life cycle decisions can generate substantial business benefit. 

Experian recommends that clients examine the types of decisioning strategies they leverage across the customer life cycle, from prospecting and acquisition, to customer management and collections.  By examining each type of decision, you can identify those opportunities for improvement that will deliver the greatest return on investment by leveraging credit risk attributes, credit risk modeling, predictive analytics and decision-management software.

--by Kelly Kent

When reviewing offers for prospective clients, lenders often deal with a significant amount of missing information in assessing the outcomes of lending decisions, such as:

• Why did a consumer accept an offer with a competitor?
• What were the differentiating factors between other offers and my offer, i.e. what were their credit score trends?
• What happened to consumers that we declined? Do they perform as expected or better than anticipated?
• What were their credit risk models?

While lenders can easily understand the implications of the loans they have offered and booked with consumers, they often have little information about two important groups of consumers:

1. Lost leads: consumers to whom they made an offer but did not book
2. Proxy performance: consumers to whom financing was not offered, but where the consumer found financing elsewhere

Performing a lost lead analysis on the applications approved and declined, can provide considerable insight into the outcomes and credit performance of consumers that were not added to the lender’s portfolio.

Lost lead analysis can also help answer key questions for each of these groups:

• How many of these consumers accepted credit elsewhere?
• What were their credit attributes?
• What are the credit characteristics of the consumers we're not booking?
• Were these loans booked by one of my peers or another type of lender?
• What were the terms and conditions of these offers?
• What was the performance of the loans booked elsewhere?
• Who did they choose for loan origination?

Within each of these groups, further analysis can be conducted to provide lenders with actionable feedback on the implications of their lending policies, possibly identifying opportunities for changes to better fulfill lending objectives. Some key questions can be answered with this information:

• Are competitors offering longer repayment terms?
• Are peers offering lower interest rates to the same consumers?
• Are peers accepting lower scoring consumers to increase market share?

The results of a lost lead analysis can either confirm that the competitive marketplace is behaving in a manner that matches a lender’s perspective.  It can also shine a light into aspects of the market where policy changes may lead to superior results. In both circumstances, the information provided is invaluable in making the best decision in today’s highly-sensitive lending environment.

 

--by Tracy Bremmer

There has been a lot of hype these days about people strategically defaulting on their mortgage loans. In other words, a consumer is underwater on their house and so he/she makes a strategic decision to walk away from it. In these instances, the consumer is current on all of their non-mortgage accounts, but because the value of their home is less than what they owe, they make the decision to default on their mortgage loan.

Experian and Oliver Wyman teamed up to really dig into this population and determine these issues:

• Does this population really exist?
• If so, what are the characteristics of this population, such as assessing credit risk or bankruptcy scores?
• How should loan modification strategies be differentiated based on this population?

This blog will be one of a three-part series that addresses these questions. Let’s begin with the first question.

1.  Does this population really exist?
The quick answer is yes – this population does indeed exist. In fact, in 2008 strategic defaulters represented 18 percent of all mortgage defaults, up 500 percent from 2004. When we conducted our study we found there were varying populations that also existed when it came to mortgage defaults. In fact, we classified mortgage defaulters into five categories: strategic defaulter, cash flow manager, distressed defaulter, no non-real estate trades, and pay-downs.

We defined these populations as follows:

• Strategic defaulter - Borrowers who are delinquent on their mortgages, even when they can afford the payment, because their loan balance exceeds the value of their home,
• Cash flow manager - Borrowers facing delinquency issues with their mortgage because of temporary distress, but continue to make payments on all credit obligations,
• Distressed defaulter - Borrowers facing potential affordability issues that go delinquent on their mortgage along with other credit obligations,
• No non-real estate trades – Borrowers who are delinquent on their mortgage, however they do not have any other non-mortgage trades to evaluate if they have strategically defaulted or are in distress,
• Pay-downs – Borrowers who pay down their mortgage loan.

In my next blog, I will address the characteristic differences in behavior between these populations. Specifically, I will evaluate what characteristics make strategic defaulters stand out from the rest and what is unique about the cash flow managers.

Source: Experian-Oliver Wyman Market Intelligence Reports; Understanding Strategic Default in Mortgage topical study / webinar. August 2009.

--by Kari Michel

Most lenders use a credit scoring model in their decision process for opening new accounts; however, between 35 and 50 million adults in the US may be considered unscoreable with traditional credit scoring models. That is equivalent to 18-to-25 percent of the adult population. 

Due to recent market conditions and shrinking qualified candidates lenders have placed a renewed interest in assessing the risk of this under served population.  Unscoreable consumers could be a pocket of missed opportunity for many lenders. To assess these consumers, lenders must have the ability to better distinguish between consumers with a clear track record of unfavorable credit behaviors versus those that are just beginning to develop their credit history and credit risk models.

Unscoreable consumers can be split out into three populations:

• Infrequent credit users:  Consumers who have not been active on their accounts for the past six months, and who prefer to use non-traditional credit tools for their financial needs.

• New entrants:  Consumers who do not have at least one account with more than six months of activity; including young adults just entering the workforce,  recently divorced or widowed individuals with little or no credit history in their name, newly arrived immigrants, or people who avoid the traditional system by choice.

• Thin file consumers:  Consumers who have less than three accounts and rarely utilize traditional credit and likely prefer using alternative credit tools and credit score trends.

A study done by VantageScore® Solutions, LLC shows that a large percentage of the
unscoreable population can be scored with VantageScore* and a portion of these are credit-worthy (defined as the population of consumers who have a cumulative likelihood to become 90 days or more delinquent is less than 5 percent).  The following is a high-level summary of the findings for consumers who had at least one trade:

Lenders can review their credit decisioning process to determine if they have the tools in place to assess the risk of those unscoreable consumers.  As with this population there is an opportunity for portfolio expansion as demonstrated by the VantageScore study.

*VantageScore is a generic credit scoring model introduced to meet the market demands for a highly predictive consumer score. Developed as a joint venture among the three major credit reporting companies (CRCs) – Equifax, Experian and TransUnion.

--by Keir Breitenfeld

Well, here we are at the beginning of November and The Red Flags Rule has been with us for nearly two years now.  And to add to that, the FTC’s November 1, 2009 enforcement date has passed (I know I’ve said that before).  There is little value in me chatting about the core requirements of the Red Flags Rule at this point.  Instead, I’d like to shed some light on what we are seeing and hearing these days from our clients and industry experts related to this initiative:

Red Flags Rule client comments

1. Most clients have a solid written and operational Identity Theft Prevention Program that arguably meets their interpretation of the Red Flags Rule requirements.

2. Most clients have a solid written and operational Identity Theft Prevention Program in place that creates a boat-load of referrals due to the address mismatches generated in their process(es) and the requirement to do something with them.

3. Most clients are now focusing on ways in which to reduce the number of referrals generated and procedures to clear the remaining referrals via a cost-effective and automated manner…of course, while preventing fraud and staying compliant..

In 2008, a key focus at Experian was to help educate the market around the Red Flags Rule concepts and requirements.

The concentration in 2009 of Red Flags Rule concepts has nearly fully shifted to assisting the market in creating risk-based authentication programs that leverage holistic views of a consumer, flexible tools that are pointed to a consumer based on that person’s authentication and risk profile. There is also an overall decisioning strategy that balances risk, compliance, and resource constraints.

Spirit of Red Flags Rule
The spirit of the Red Flags Rule is intended to ensure all covered institutions are employing basic identity theft prevention procedures (a pretty good idea).  I believe most of these institutions (even those that had very robust programs in place years before the rule was introduced) can appreciate this requirement that brings all institutions up to speed.  It is now, however, a matter of managing process within the realities of, and costs associated with, manpower, IT resources, and customer experience sensitivities.

--by Wendy Greenawalt

This blog kicks off a three part series exploring some common myths regarding credit attributes. Since Experian has relationships with thousands of organizations spanning multiple industries, we often get asked the same types of questions from clients of all sizes and industries. One of the questions we hear frequently from our clients is that they already have credit attributes in place, so there is little to no benefit in implementing a new attribute set.

Our response is that while existing credit attributes may continue to be predictive, changes to the type of data available from the credit bureaus can provide benefits when evaluating consumer behavior. To illustrate this point, let’s discuss a common problem that most lenders are facing today-- collections. Delinquency and charge-off continue to increase and many organizations are having difficulty trying to determine the appropriate action to take on an account because consumer behavior has drastically changed regarding credit attributes.

New codes and fields are now reported to the credit bureaus and can be effectively used to improve collection-related activities. Specifically, attributes can now be created to help identify consumers who are rebounding from previous account delinquencies. In addition, lenders can evaluate the number and outstanding balances of collection or other types of trades.  This can be achieved while considering the percentage of accounts that are delinquent and the specific type of accounts affected after assessing credit risk. The utilization of this type of data helps an organization to make collection decisions based on very granular account data.  This is done while considering new consumer trends such as strategic defaulters. Understanding all of the consumer variables will enable an organization to decide if the account should be allowed to self-cure.  If so, immediate action should be taken or modification of account terms should be contemplated. Incorporating new data sources and updating attributes on a regular basis allows lenders to react to market trends quickly by proactively managing strategies. 

 

--by Mike Sutton

In today’s collections environment, the challenges of meeting an organization’s financial objectives are more difficult than ever.  Case volumes are higher, accounts are more difficult to collect and changing customer behaviors are rendering existing business models less effective.

When responding to recent events, it is not uncommon for organizations to take what may seem to be the easiest path to success — simply hiring more staff. Perhaps in the short-term there may appear to be cash flow improvements, but in most cases, this is not the most effective way to cope with long-term business needs. As incremental staff is added to compensate for additional workloads, there is a point of diminishing return on investment and that can be difficult to define until after the expenditures have been made. Additionally, there are almost always significant operational improvements that can be realized by introducing new technology.  Furthermore, the relevant return on investment models often forecast very accurately.

So, where should a collections department consider investing to improve financial results? The best option may not be the obvious choice, and the mere thought can make the most seasoned collections professionals shutter at the thought of replacing the core collections system with modern technology. That said, let’s consider what has changed in recent years and explore why the replacement proposition is not nearly as difficult or costly as in the past.

Collection Management Software
The collections system software industry is on the brink of a technology evolution to modern and next-generation offerings. Legacy systems are typically inflexible and do not allow for an effective change management program. This handicap leaves collections departments unable to keep up with rapidly changing business objectives that are a critical requirement in surviving these tough economic times. Today’s collections managers need to reduce operational costs while improving these objectives: reducing losses, improving cash flow and promoting customer satisfaction (particularly with those who pose a greater lifetime profit opportunity).  The next generation collections software squarely addresses these business problems and provides significant improvement over legacy systems. Not only is this modern technology now available, but the return on investment models are extremely compelling and have been proven in markets where successful implementations have already occurred.

As an example of modern collections technologies that can help streamline operations, check out the overview and brief demonstration that is on this link:

www.experian.com/decision-analytics/tallyman-demo.html.
 

-- by Keir Breitenfeld

In my previous two blog postings, I’ve tried to briefly articulate some key elements of and value propositions associated with risk-based authentication.  In this entry, I’d like to suggest some best-practices to consider as you incorporate and maintain a risk-based authentication program.

1. Analytics – since an authentication score is likely the primary decisioning element in any risk-based authentication strategy, it is critical that a best-in-class scoring model is chosen and validated to establish performance expectations.  This initial analysis will allow for decisioning thresholds to be established.  This will also allow accept and referral volumes to be planned for operationally.  Further more, it will permit benchmarks to be established which follow on performance monitoring that can be compared.

2. Targeted decisioning strategies – applying unique and tailored decisioning strategies (incorporating scores and other high-risk or positive authentication results) to various access channels to your business just simply makes sense.  Each access channel (call center, Web, face-to-face, etc.) comes with unique risks, available data, and varied opportunity to apply an authentication strategy that balances these areas; risk management, operational effectiveness, efficiency and cost, improved collections and customer experience.  Champion/challenger strategies may also be a great way to test newly devised strategies within a single channel without taking risk to an entire addressable market and your business as a whole.

3. Performance Monitoring – it is critical that key metrics are established early in the risk-based authentication implementation process.  Key metrics may include, but should not be limited to these areas: 

• actual vs. expected score distributions;
• actual vs. expected characteristic distributions;
• actual vs. expected question performance;
• volumes, exclusions;
• repeats and mean scores;
• actual vs. expected pass rates;
• accept vs. referral score distribution;
• trends in decision code distributions; and
• trends in decision matrix distributions. 

Performance monitoring provides an opportunity to manage referral volumes, decision threshold changes, strategy configuration changes, auto-decisioning criteria and pricing for risk based authentication.

4. Reporting – it likely goes without saying, but in order to apply the three best practices above, accurate, timely, and detailed reporting must be established around your authentication tools and results.  Regardless of frequency, you should work with internal resources and your third-party service provider(s) early in your implementation process to ensure relevant reports are established and delivered. 

In my next posting, I will be discussing some thoughts about the future state of risk based authentication.

-- by Keir Breitenfeld
 
In my last blog posting, I presented the foundational elements that enable risk-based authentication.  These include data, detailed and granular results, analytics and decisioning.  The inherent value of risk-based authentication can be summarized as delivering an holistic assessment of a consumer and/or transaction with the end goal of applying the right authentication and decisioning treatment at the right time.  The opportunity, especially, to minimize fraud losses using fraud analytics as part of your assessment is significant.

What are some residual values of risk-based authentication? 

1. Minimized fraud losses involves the use of fraud analytics, and a more comprehensive view of a consumer identity (the good and the bad), in combination with consistent decisioning over time.  This analysis will outperform simple binary rules and more subjective decisioning.

2. Improved consumer experience.  By applying the right authentication and  treatment at the right time, consumers are subjected to processes that are proportional to the risk associated with their identity profile.  This means that lower-risk consumers are less likely to be put through more arduous courses of action, preserving a streamlined and often purely “behind the scenes” authentication process for the majority of consumers and potential consumers.  In other words, you are saving the pain for the bad guys -- and that can be a good thing.

3. Operational efficiencies can be successful with the implementation of a well-designed program. Much of the decisioning can be done without human intervention and subjective contemplation.  Use of score-driven policies affords businesses the opportunity to use automated authentication processes for the majority of their applicants or account management cases.  Fewer human resources will be required which usually means lower costs.  Or, it can mean the human resources you possess are more appropriately focused on the applications or transactions that warrant such attention.

4. Measurable performance is critical because understanding the past and current performance of risk-based authentication policies allows for the adjustment over time of such policies.  These adjustments can be made based on evolving fraud risks, resource constraints, approval rate pressures, and compliance requirements, just to name a few.  Given its importance, Experian recommends performance monitoring for our clients using our authentication products. 

In my next posting, I’ll discuss some best practices associated with implementing and managing a risk-based authentication program.

-- by Kelly Kent

In a recent article, www.CNNMoney.com reported that Federal Reserve Chairman, Ben Bernanke, said that the pace of recovery in 2010 would be moderate and added that the unemployment rate would come down quite slowly, due to headwinds on ongoing credit problems and the effort by families to reduce household debt.’

While some media outlets promote an optimistic economic viewpoint, clearly there are signs that significant challenges lie ahead for lenders. As Bernanke forecasts, many issues that have plagued credit markets will sustain themselves in the coming years. Therefore lenders need to be equipped to monitor these continued credit problems if they wish to survive this protracted time of distress.

While banks and financial institutions are implementing increasingly sophisticated and thorough processes to monitor fluctuations in credit trends, they have little intelligence to compare their credit performance to that of their peers.  Lenders frequently cite that they are concerned about their lack of awareness or intelligence regarding the credit performance and status of their peers.  Marketing intelligence solutions are important for management of risk, loan portfolio monitoring and related decisioning strategies.

Currently, many vendors offer data on industry-wide trends, but few vendors provide the information needed to allow a lender to understand its position relative to a well-defined group of firms that it considers its peers. As a result, too many lenders are performing benchmarking using data sources that are biased, incomplete, inaccurate, or that lack the detail necessary to derive meaningful conclusions.

If you were going to measure yourself personally against a group to understand your comparative performance, why would you perform that comparison against people who had little or nothing in common with you? Does an elite runner measure himself against a weekend warrior to gauge his performance? No; he segments the runners by gender, age, and performance class to understand exactly how he stacks up.

Today’s lending environment is not forgiving enough for lenders to make broad industry comparisons if they want to ensure long-term success. Lenders cannot presume they are leading the pack, when, in fact, the race is closer than ever.

-- by Keir Breitenfeld

The term “risk-based authentication” means many things to many institutions.  Some use the term to review to their processes; others, to their various service providers.  I’d like to establish the working definition of risk-based authentication for this discussion calling it:  “Holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time.” 

Now, that “holistic assessment” thing is certainly where the rubber meets the road, right? 

One can arguably approach risk-based authentication from two directions.  First, a risk assessment can be based upon the type of products or services potentially being accessed and/or utilized (example: line of credit) by a customer.  Second, a risk assessment can be based upon the authentication profile of the customer (example: ability to verify identifying information).  I would argue that both approaches have merit, and that a best practice is to merge both into a process that looks at each customer and transaction as unique and therefore worthy of  distinctively defined treatment.

In this posting, and in speaking as a provider of consumer and commercial authentication products and services, I want to first define four key elements of a well-balanced risk based authentication tool: data, detailed and granular results, analytics, and decisioning.

1.  Data: Broad-reaching and accurately reported data assets that span multiple sources providing far reaching and comprehensive opportunities to positively verify consumer identities and identity elements.

2.  Detailed and granular results: Authentication summary and detailed-level outcomes that portray the amount of verification achieved across identity elements (such as name, address, Social Security number, date of birth, and phone) deliver a breadth of information and allow positive reconciliation of high-risk fraud and/or compliance conditions.  Specific results can be used in manual or automated decisioning policies as well as scoring models,

3.  Analytics:  Scoring models designed to consistently reflect overall confidence in consumer authentication as well as fraud-risk associated with identity theft, synthetic identities, and first party fraud.  This allows institutions to establish consistent and objective score-driven policies to authenticate consumers and reconcile high-risk conditions.  Use of scores also reduces false positive ratios associated with single or grouped binary rules.  Additionally, scores provide internal and external examiners with a measurable tool for incorporation into both written and operational fraud and compliance programs,

4.  Decisioning: Flexibly defined data and operationally-driven decisioning strategies that can be applied to the gathering, authentication, and level of acceptance or denial of consumer identity information.  This affords institutions an opportunity to employ consistent policies for detecting high-risk conditions, reconcile those terms that can be changed, and ultimately determine the response to consumer authentication results – whether it be acceptance, denial of business or somewhere in between (e.g., further authentication treatments).

In my next posting, I’ll talk more specifically about the value propositions of risk-based authentication, and identify some best practices to keep in mind.

-- by Heather Grover

I’m often asked in various industry forums to give talks about, or opinions on, the latest fraud trends and fraud best practices. Let’s face it –  fraudsters are students of their craft and continue to study the latest defenses and adapt to controls that may be in place.

You may be surprised, then, to learn that our clients’ top-of-mind issues are not only how to fight the latest fraud trends, but how they can do so while maximizing use of automation, managing operational costs, and preserving customer experience -- all while meeting compliance requirements.

Many times, clients view these goals as being unique goals that do not affect one another. Not only can these be accomplished simultaneously, but, in my opinion, they can be considered causal. Let me explain.

By looking at fraud detection as its own goal, automation is not considered as a potential way to improve this metric. By applying analytics, or basic fraud risk scores, clients can easily incorporate many different potential risk factors into a single calculation without combing through various data elements and reports. This calculation or score can predict multiple fraud types and risks with less effort, than could a human manually, and subjectively reviewing specific results. Through an analytic score, good customers can be positively verified in an automated fashion; while only those with the most risky attributes can be routed for manual review. This allows expensive human resources and expertise to be used for only the most risky consumers.

Compliance requirements can also mandate specific procedures, resulting in arduous manual review processes. Many requirements (Patriot Act, Red Flag, eSignature) mandate verification of identity through match results. Automated decisioning based on these results (or analytic score) can automate this process – in turn, reducing operational expense.

While the above may seem to be an oversimplification or simple approach, I encourage you to consider how well you are addressing financial risk management.  How are you managing automation, operational costs, and compliance – while addressing fraud?

-- By Kari Michel

Bankruptcies continue to rise and are expected to exceed 1.4 million by the end of this year, according to American Bankruptcy Institute Executive Director, Samuel J. Gerdano.  Although, the overall bankruptcy rates for a lender’s portfolio is small (about 1 percent), bankruptcies result in high dollar losses for lenders.  Bankruptcy losses as a percentage of total dollar losses are estimated to range from 45 percent for bankcard portfolios to 82 percent for credit unions.  Additionally, collection activity is restricted because of legislation around bankruptcy.  As a result, many lenders are using a bankruptcy score in conjunction with their new applicant risk score to make better acquisition decisions. This concept is a dual score strategy.  It is key in management of risk, to minimize fraud, and in managing the cost of credit.

Traditional risk scores are designed to predict risk (typically predicting 90 days past due or greater).  Although bankruptcies are included within this category, the actual count is relatively small.   For this reason the ability to distinguish characteristics typical of a “bankruptcy” are more difficult.  In addition, often times a consumer who filed bankruptcy was in “good standings” and not necessarily reflective of a typical risky consumer.   By separating out bankrupt consumers, you can more accurately identify characteristics specific to bankruptcy.  As mentioned previously, this is important because they account for a significant portion of the losses.
 
Bankruptcy scores provide added value when used with a risk score. A matrix approach is used to evaluate both scores to determine effective cutoff strategies.   Evaluating applicants with both a risk score and a bankruptcy score can identify more potentially profitable applicants and more high- risk accounts.

-- by Wendy Greenawalt

In my last blog post I discussed the value of leveraging optimization within your collections strategy. Next, I would like to discuss in detail the use of optimizing decisions within the account management of an existing portfolio. Account Management decisions vary from determining which consumers to target with cross-sell or up-sell campaigns to line management decisions where an organization is considering line increases or decreases.  Using optimization in your collections work stream is key.

Let’s first look at lines of credit and decisions related to credit line management. Uncollectible debt, delinquencies and charge-offs continue to rise across all line of credit products. In response, credit card and home equity lenders have begun aggressively reducing outstanding lines of credit.    One analyst predicts that the credit card industry will reduce credit limits by $2 trillion by 2010. If materialized, that would represent a 45 percent reduction in credit currently available to consumers. This estimate illustrates the immediate reaction many lenders have taken to minimize loss exposure. However, lenders should also consider the long-term impacts to customer retention, brand-loyalty and portfolio profitability before making any account management decision.

Optimization is a fundamental tool that can help lenders easily identify accounts that are high risk versus those that are profit drivers. In addition, optimization provides precise action that should be taken at the individual consumer level.

For example, optimization (and optimizing decisions) can provide recommendations for:

• when to contact a consumer;
• how to contact a consumer; and
• to what level a credit line could be reduced or increased...

…while considering organizational/business objectives such as:

• profits/revenue/bad debt;
• retention of desirable consumers; and
• product limitations (volume/regional).

In my next few blogs I will discuss each of these variables in detail and the complexities that optimization can consider.

-- By Kari Michel

This blog completes my discussion on monitoring new account decisions with a final focus: scorecard monitoring and performance.  It is imperative to validate acquisitions scorecards regularly to measure how well a model is able to distinguish good accounts from bad accounts. With a sufficient number of aged accounts, performance charts can be used to:

• Validate the predictive power of a credit scoring model;
• Determine if the model effectively ranks risk; and
• Identify the delinquency rate of recently booked accounts at various intervals above and below the primary cutoff score.

To summarize, successful lenders maximize their scoring investment by incorporating a number of best practices into their account acquisitions processes:

1. They keep a close watch on their scores, policies, and strategies to improve portfolio strength.
2. They create monthly reports to look at population stability, decision management, scoring models and scorecard performance.
3. They update their strategies to meet their organization’s profitability goals through sound acquisition strategies, scorecard monitoring and scorecard management.
 

-- By Wendy Greenawalt

The combined impact of rising unemployment, increasing consumer debt burdens and decreasing home values have caused lenders to shift resources away from prospecting and acquisitions to collection and recovery activities. As delinquencies and charge-off rates continue to increase, the likelihood of collecting on delinquent accounts decreases -- because outstanding debts mount for consumers and their ability to pay declines. Integrating optimized decisions into a collection strategy enables a lenders to assign appropriate collection treatments by assessing the level of risk associated with a consumer while considering a customer’s responsiveness to particular treatment options.  

Specifically, collections optimization uses mathematical algorithms to maximize organizational goals while applying constraints such as budget and call center capacity  -- providing explicit treatment strategies at the consumer level -- while producing the highest probability of collecting outstanding dollars. Optimization can be integrated into a real-time call center environment by targeting the right consumers for outbound calls and assigning resources to consumers most likely to pay.  It can also be integrated into traditional lettering campaigns to determine the number and frequency of letters, and the tone of each correspondence. The options for account treatment are virtually limitless and, unlike other techniques, optimization will determine the most profitable strategy while meeting operational and business constraints without simplification of the problem.

By incorporating optimization into a collection strategy that includes a predictive model or score and advanced segmentation, an organization can maximize collected dollars, minimize the costs of collection efforts, improve collections efficiency, and determine which accounts to sell off – all while maximizing organizational profits.

There are a lot of areas covered in your comment: efficiency; credit quality (human side or character in an impersonal environment); and policy adherence. 

We define efficiency and effectiveness using these metrics:

• Turnaround time from application submission to decision;
• Resulting delinquencies based upon type of underwriting (centralized vs. decentralized);
• Production levels between centralized and decentralized;
• Performance of the portfolio based upon type of underwriting; and
• Turnaround time from application submission to decision

Due to the nature of Experian’s technology, we are able to capture start and stop times of the typical activities related to loan origination.  After analyzing the data from 160+ financial institutions of all sizes, Experian publishes an annual small business benchmark report that documents loan origination process efficiencies and inefficiencies, benchmarking these as industry standards.  

Turnaround Time

From the benchmark report, we’ve seen that institutions that are centralized have consistently had a turnaround time that is half of those with decentralized environments.

Interestingly, turnaround time is also much faster for the larger institutions than for smaller.  This is confusing because the smaller community banks tend to promote the close relationship they have with their clients and their communities. Yet, when it comes to actually making a loan decision, it tends to take longer.

In addition to speed, another aspect of turnaround is consistency.  We all can think of situations where we were able to beat the stated turnaround times of the larger or the centralized institutions.  Unfortunately, these tend to be isolated instances versus the consistent performance that is delivered in the centralized environment.

Resulting delinquencies based upon type of underwriting/Performance of the portfolio based upon type of underwriting

Again, referring to the annual small business lending benchmark report, delinquencies in a centralized environment are 50% of those in a decentralized environment. 

I have worked with a number of institutions that allow the loan officer/relationship manager to “reverse the decision” made by a centralized underwriting group.  The thinking is that the human aspect is otherwise missing in centralized underwriting.  When the data is collected, though, the incremental business/portfolio that is approved by the loan officer (who is close to the client and knows the human side) is not profitable from a credit quality perspective.  Specifically, this incremental portfolio typically has a net charge-off rate that exceeds the net interest margin -- and this is before we even consider the non-interest expense incurred. 

Your choice: is the incremental business critical to your success…or could you more fruitfully direct your relationship officer’s attention elsewhere?

Production levels between centralized and decentralized

Not to beat a dead horse, but the multiple of two comes into play here too.  As one looks at the throughput of each role (data entry, underwriter, relationship manager/lender), the production levels of a centralized environment are typically double that of a decentralized.

It’s clear that the data point to the efficiency and effectiveness of a centralized environment

--  Kari Michel

This blog is a continuation of my previous discussion about monitoring your new account acquisition decisions with a focus on decision management. 

Decision management reports provide the insight to make more targeted decisions that are sound and profitable. These reports are used to identify: which lending decisions are consistent with scorecard recommendations; the effectiveness of overrides; and/or whether cutoffs should be adjusted.

Decision management reports include:

• Accept versus decline score distributions
• Override rates
• Override reason report
• Override by loan officer
• Decision by loan officer

Successful lending organizations review this type of information regularly to make better lending policy decisions.  Proactive monitoring provides feedback on existing strategies and helps evaluate if you are making the most effective use of your score(s). It helps to identify areas of opportunity to improve portfolio profitability. 

In my next blog, I will discuss the last set of monitoring reports, scorecard performance.