Scoring Models

--by Tom Hannagan

I was hoping someone would ask about these risk management terms…and someone did. The obvious answer is that the “A” and the “O” are reversed. But, there’s more to it than that. First, let’s see how the acronyms were derived. RORAC is Return on Risk-Adjusted Capital. RAROC is Risk-Adjusted Return on Capital. Both of these five-letter abbreviations are a step up from ROE.

This is natural, I suppose, since ROE, meaning Return on Equity of course, is merely a three-letter profitability ratio. A serious breakthrough in risk management and profit performance measurement will have to move up to at least six initials in its abbreviation. Nonetheless, ROE is the jumping-off point towards both RORAC and RAROC.

ROE is generally Net Income divided by Equity, and ROE has many advantages over Return on Assets (ROA), which is Net Income divided by Average Assets. I promise, really, no more new acronyms in this post.

The calculations themselves are pretty easy. ROA tends to tell us how effectively an organization is generating general ledger earnings on its base of assets.  This used to be the most popular way of comparing banks to each other and for banks to monitor their own performance from period to period. Many bank executives in the U.S. still prefer to use ROA, although this tends to be those at smaller banks.

ROE tends to tell us how effectively an organization is taking advantage of its base of equity, or risk-based capital. This has gained in popularity for several reasons and has become the preferred measure at medium and larger U.S. banks, and all international banks. One huge reason for the growing popularity of ROE is simply that it is not asset-dependent. ROE can be applied to any line of business or any product. You must have “assets” for ROA, since one cannot divide by zero. Hopefully your Equity account is always greater than zero. If not, well, lets just say it’s too late to read about this general topic.

The flexibility of basing profitability measurement on contribution to Equity allows banks with differing asset structures to be compared to each other.  This also may apply even for banks to be compared to other types of businesses. The asset-independency of ROE can also allow a bank to compare internal product lines to each other. Perhaps most importantly, this permits looking at the comparative profitability of lines of business that are almost complete opposites, like lending versus deposit services. This includes risk-based pricing considerations. This would be difficult, if even possible, using ROA.

ROE also tells us how effectively a bank (or any business) is using shareholders equity. Many observers prefer ROE, since equity represents the owners’ interest in the business. As we have all learned anew in the past two years, their equity investment is fully at-risk. Equity holders are paid last, compared to other sources of funds supporting the bank. Shareholders are the last in line if the going gets rough. So, equity capital tends to be the most expensive source of funds, carrying the largest risk premium of all funding options. Its successful deployment is critical to the profit performance, even the survival, of the bank. Indeed, capital deployment, or allocation, is the most important executive decision facing the leadership of any organization.

So, why bother with RORAC or RAROC? In short, it is to take risks more fully into the process of risk management within the institution. ROA and ROE are somewhat risk-adjusted, but only on a point-in-time basis and only to the extent risks are already mitigated in the net interest margin and other general ledger numbers. The Net Income figure is risk-adjusted for mitigated (hedged) interest rate risk, for mitigated operational risk (insurance expenses) and for the expected risk within the cost of credit (loan loss provision).

The big risk management elements missing in general ledger-based numbers include: market risk embedded in the balance sheet and not mitigated, credit risk costs associated with an economic downturn, unmitigated operational risk, and essentially all of the strategic risk (or business risk) associated with being a banking entity. Most of these risks are summed into a lump called Unexpected Loss (UL). Okay, so I fibbed about no more new acronyms. UL is covered by the Equity account, or the solvency of the bank becomes an issue.

RORAC is Net Income divided by Allocated Capital. RORAC doesn’t add much risk-adjustment to the numerator, general ledger Net Income, but it can take into account the risk of unexpected loss. It does this, by moving beyond just book or average Equity, by allocating capital, or equity, differentially to various lines of business and even specific products and clients. This, in turn, makes it possible to move towards risk-based pricing at the relationship management level as well as portfolio risk management.  This equity, or capital, allocation should be based on the relative risk of unexpected loss for the different product groups. So, it’s a big step in the right direction if you want a profitability metric that goes beyond ROE in addressing risk. And, many of us do.

RAROC is Risk-Adjusted Net Income divided by Allocated Capital. RAROC does add risk-adjustment to the numerator, general ledger Net Income, by taking into account the unmitigated market risk embedded in an asset or liability. RAROC, like RORAC, also takes into account the risk of unexpected loss by allocating capital, or equity, differentially to various lines of business and even specific products and clients. So, RAROC risk-adjusts both the Net Income in the numerator AND the allocated Equity in the denominator. It is a fully risk-adjusted metric or ratio of profitability and is an ultimate goal of modern risk management. 

So, RORAC is a big step in the right direction and RAROC would be the full step in management of risk. RORAC can be a useful step towards RAROC. RAROC takes ROE to a fully risk-adjusted metric that can be used at the entity level.  This  can also be broken down for any and all lines of business within the organization. Thence, it can be further broken down to the product level, the client relationship level, and summarized by lender portfolio or various market segments. This kind of measurement is invaluable for a highly leveraged business that is built on managing risk successfully as much as it is on operational or marketing prowess.

Please refer to my blogs five and six for more information about ROE and the term “unpredictable variability:”  http://www.decisionanalyticsblog.experian.com/blog/risk-based-pricing-2

RORAC versus RAROC ?
--by Tom Hannagan

I was hoping someone would ask about these risk management terms…nd someone did. The obvious answer is that the “A” and the “O” are reversed. But, there’s more to it than that. First, let’s see how the acronyms were derived. RORAC is Return on Risk-Adjusted Capital. RAROC is Risk-Adjusted Return on Capital. Both of these five-letter abbreviations are a step up from ROE. This is natural I suppose since ROE, meaning Return on Equity of course, is merely a three-letter profitability ratio. A serious breakthrough in risk management and profit performance measurement will have to move up to at least six initials in its abbreviation. Nonetheless, ROE is the jumping-off point towards both RORAC and RAROC.

ROE is generally Net Income divided by Equity, and ROE has many advantages over Return on Assets (ROA), which is Net Income divided by Average Assets. I promise, really, no more new acronyms in this post.

The calculations themselves are pretty easy. ROA tends to tell us how effectively an organization is generating general ledger earnings on its base of assets.  This used to be the most popular way of comparing banks to each other and for banks to monitor their own performance from period to period. Many bank executives in the U.S. still prefer to use ROA, although this tends to be those at smaller banks.

ROE tends to tell us how effectively an organization is taking advantage of its base of equity, or risk-based capital. This has gained in popularity for several reasons and has become the preferred measure at medium and larger U.S. banks, and all international banks. One huge reason for the growing popularity of ROE is simply that it is not asset-dependent. ROE can be applied to any line of business or any product. You must have “assets” for ROA, since one cannot divide by zero. Hopefully your Equity account is always greater than zero. If not, well, lets just say it’s too late to read about this general topic.

The flexibility of basing profitability measurement on contribution to Equity allows banks with differing asset structures to be compared to each other.  This also may apply even for banks to be compared to other types of businesses. The asset-independency of ROE can also allow a bank to compare internal product lines to each other. Perhaps most importantly, this permits looking at the comparative profitability of lines of business that are almost complete opposites, like lending versus deposit services. This includes risk-based pricing considerations. This would be difficult, if even possible, using ROA.

ROE also tells us how effectively a bank (or any business) is using shareholders equity. Many observers prefer ROE, since equity represents the owners’ interest in the business. As we have all learned anew in the past two years, their equity investment is fully at-risk. Equity holders are paid last, compared to other sources of funds supporting the bank. Shareholders are the last in line if the going gets rough. So, equity capital tends to be the most expensive source of funds, carrying the largest risk premium of all funding options. Its successful deployment is critical to the profit performance, even the survival, of the bank. Indeed, capital deployment, or allocation, is the most important executive decision facing the leadership of any organization.

So, why bother with RORAC or RAROC? In short, it is to take risks more fully into the process of risk management within the institution. ROA and ROE are somewhat risk-adjusted, but only on a point-in-time basis and only to the extent risks are already mitigated in the net interest margin and other general ledger numbers. The Net Income figure is risk-adjusted for mitigated (hedged) interest rate risk, for mitigated operational risk (insurance expenses) and for the expected risk within the cost of credit (loan loss provision).

The big risk management elements missing in general ledger-based numbers include: market risk embedded in the balance sheet and not mitigated, credit risk costs associated with an economic downturn, unmitigated operational risk, and essentially all of the strategic risk (or business risk) associated with being a banking entity. Most of these risks are summed into a lump called Unexpected Loss (UL). Okay, so I fibbed about no more new acronyms. UL is covered by the Equity account, or the solvency of the bank becomes an issue.

RORAC is Net Income divided by Allocated Capital. RORAC doesn’t add much risk-adjustment to the numerator, general ledger Net Income, but it can take into account the risk of unexpected loss. It does this, by moving beyond just book or average Equity, by allocating capital, or equity, differentially to various lines of business and even specific products and clients. This, in turn, makes it possible to move towards risk-based pricing at the relationship management level as well as portfolio risk management.  This equity, or capital, allocation should be based on the relative risk of unexpected loss for the different product groups. So, it’s a big step in the right direction if you want a profitability metric that goes beyond ROE in addressing risk. And, many of us do.

RAROC is Risk-Adjusted Net Income divided by Allocated Capital. RAROC does add risk-adjustment to the numerator, general ledger Net Income, by taking into account the unmitigated market risk embedded in an asset or liability. RAROC, like RORAC, also takes into account the risk of unexpected loss by allocating capital, or equity, differentially to various lines of business and even specific products and clients. So, RAROC risk-adjusts both the Net Income in the numerator AND the allocated Equity in the denominator. It is a fully risk-adjusted metric or ratio of profitability and is an ultimate goal of modern risk management. 

So, RORAC is a big step in the right direction and RAROC would be the full step in management of risk. RORAC can be a useful step towards RAROC. RAROC takes ROE to a fully risk-adjusted metric that can be used at the entity level.  This  can also be broken down for any and all lines of business within the organization. Thence, it can be further broken down to the product level, the client relationship level, and summarized by lender portfolio or various market segments. This kind of measurement is invaluable for a highly leveraged business that is built on managing risk successfully as much as it is on operational or marketing prowess.

Please refer to my blogs five and six for more information about ROE and the term “unpredictable variability:”  http://www.decisionanalyticsblog.experian.com/blog/risk-based-pricing-2

--by Keir Breitenfeld
 
Many compliance regulations such the Red Flags Rule, USA Patriot Act, and ESIGN require specific identity elements to be verified and specific high risk conditions to be detected. However, there is still much variance in how individual institutions reconcile referrals generated from the detection of high risk conditions and/or the absence of identity element verification. With this in mind, risk-based authentication, (defined in this context as the “holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time") offers institutions a viable strategy for balancing the following competing forces and pressures:

• Compliance – the need to ensure each transaction is approved only when compliance requirements are met;
• Approval rates – the need to meet business goals in the booking of new accounts and the facilitation of existing account transactions;
• Risk mitigation – the need to minimize fraud exposure at the account and transaction level.

A flexibly-designed risk-based authentication strategy incorporates a robust breadth of data assets, detailed results, granular information, targeted analytics and automated decisioning. This allows an institution to strike a harmonious balance (or at least something close to that) between the needs to remain compliant, while approving the vast majority of applications or customer transactions and, oh yeah, minimizing fraud and credit risk exposure and credit risk modeling.

 Sole reliance on binary assessment of the presence or absence of high risk conditions and identity element verifications will, more often than not, create an operational process that is overburdened by manual referral queues. There is also an unnecessary proportion of viable consumers unable to be serviced by your business. Use of analytically sound risk assessments and objective and consistent decisioning strategies will provide opportunities to calibrate your process to meet today’s pressures and adjust to tomorrow’s as well.
 
 
 

--by Kari Michel

The U.S. government and mortgage lenders have developed various loan modification programs to help homeowners better manage their mortgage debt so that they can meet their monthly payment obligations. Given these new programs, what is the impact to the consumer’s score? Do consumer scores drop more if they work with their lenders to get their mortgage loan restructured or if they file for bankruptcy?

The finding from a study conducted by VantageScore ^® Solutions* reveals that a delinquency on a mortgage has a greater impact on the consumer’s score than a loan modification. Bankruptcy, short sale, and foreclosure have the greatest impact to a score. A bankruptcy or poor bankruptcy score can negatively impact a consumer for a minimum of seven years with a potential score decrease of 365 points. However, with a loan modification, consumers can rehabilitate their scores to an acceptable risk level within nine months.  This depends on them bringing all their delinquent accounts to current status. Loan modifications have little impact on their consumer credit score and the influence on their score can range from a 20 point decrease to an increase of 30 points.

Lenders should proactively seek out a mortgage loan modification before consumers experience severe delinquency in their credit files and credit score trends. The restructured mortgage should provide sufficient cash availability to remain with the consumer.  This ensures that any other delinquent debts can be updated to current status. Whenever possible, bankruptcy should be avoided because it has the greatest consequences for the lender and the consumer.

*For more detailed information on this study, Credit Scoring and Mortgage Modifications: What lenders need to know, please click on this link to access an archived file of a recent webinar:

 http://register.sourcemediaconferences.com/click/clickReg.cfm?URLID=5258

--by Roger Ahern

The value of a good decision can generate $150 or more in customer net present value, while the cost of a bad decision can cost you $1,000 or more.  For example, acquiring a new and profitable customer by making good prospecting and approval and pricing decisions and decisioning strategies may generate $150 or much more in customer net present value and help you increase net interest margin and other key metrics.  While the cost of a bad decision (such as approving a fraudulent applicant or inappropriately extending credit that ultimately results in a charge-off) can cost you $1,000 or more.

Why is risk management decisioning important?

This issue is critical because average-sized financial institutions or telecom carriers make as many as eight million customer decisions each year (more than 20,000 per day!).  To add to that, very large financial institutions make as many as 50 billion customer decisions annually.  By optimizing decisions, even a small 10-to-15 percent improvement in the quality of these customer life cycle decisions can generate substantial business benefit. 

Experian recommends that clients examine the types of decisioning strategies they leverage across the customer life cycle, from prospecting and acquisition, to customer management and collections.  By examining each type of decision, you can identify those opportunities for improvement that will deliver the greatest return on investment by leveraging credit risk attributes, credit risk modeling, predictive analytics and decision-management software.

--by Kelly Kent

When reviewing offers for prospective clients, lenders often deal with a significant amount of missing information in assessing the outcomes of lending decisions, such as:

• Why did a consumer accept an offer with a competitor?
• What were the differentiating factors between other offers and my offer, i.e. what were their credit score trends?
• What happened to consumers that we declined? Do they perform as expected or better than anticipated?
• What were their credit risk models?

While lenders can easily understand the implications of the loans they have offered and booked with consumers, they often have little information about two important groups of consumers:

1. Lost leads: consumers to whom they made an offer but did not book
2. Proxy performance: consumers to whom financing was not offered, but where the consumer found financing elsewhere

Performing a lost lead analysis on the applications approved and declined, can provide considerable insight into the outcomes and credit performance of consumers that were not added to the lender’s portfolio.

Lost lead analysis can also help answer key questions for each of these groups:

• How many of these consumers accepted credit elsewhere?
• What were their credit attributes?
• What are the credit characteristics of the consumers we're not booking?
• Were these loans booked by one of my peers or another type of lender?
• What were the terms and conditions of these offers?
• What was the performance of the loans booked elsewhere?
• Who did they choose for loan origination?

Within each of these groups, further analysis can be conducted to provide lenders with actionable feedback on the implications of their lending policies, possibly identifying opportunities for changes to better fulfill lending objectives. Some key questions can be answered with this information:

• Are competitors offering longer repayment terms?
• Are peers offering lower interest rates to the same consumers?
• Are peers accepting lower scoring consumers to increase market share?

The results of a lost lead analysis can either confirm that the competitive marketplace is behaving in a manner that matches a lender’s perspective.  It can also shine a light into aspects of the market where policy changes may lead to superior results. In both circumstances, the information provided is invaluable in making the best decision in today’s highly-sensitive lending environment.

 

-- by Dan Buell

Towards the end of 2007, the management of Bay Area Credit Service embarked on an agressive strategy to dramatically enhance the company's market position and increase its collection revenues.  These goals could be achieved only through superior performance at competitive rates.  At the same time, though, the company needed to drastically reduce internal operating expenses while facing significant competition.  The company's major goals for 208 included:

*  Earn a much larger share of business from one of the nation's top five cellular phone service providers;

*  Become a major collections partner for one of the nation's largest banking institutions;

*  Earn more than 50 percent of the market in the pre-charge-off, early-out segment for the nation's largest landline communications provider;

*  Enhance the company's position in the secondary collections tier.

It's an interesting case study.  Navigate to the link to learn more: 

http://www.experian.com/whitepapers/index.html

--by Kari Michel

Most lenders use a credit scoring model in their decision process for opening new accounts; however, between 35 and 50 million adults in the US may be considered unscoreable with traditional credit scoring models. That is equivalent to 18-to-25 percent of the adult population. 

Due to recent market conditions and shrinking qualified candidates lenders have placed a renewed interest in assessing the risk of this under served population.  Unscoreable consumers could be a pocket of missed opportunity for many lenders. To assess these consumers, lenders must have the ability to better distinguish between consumers with a clear track record of unfavorable credit behaviors versus those that are just beginning to develop their credit history and credit risk models.

Unscoreable consumers can be split out into three populations:

• Infrequent credit users:  Consumers who have not been active on their accounts for the past six months, and who prefer to use non-traditional credit tools for their financial needs.

• New entrants:  Consumers who do not have at least one account with more than six months of activity; including young adults just entering the workforce,  recently divorced or widowed individuals with little or no credit history in their name, newly arrived immigrants, or people who avoid the traditional system by choice.

• Thin file consumers:  Consumers who have less than three accounts and rarely utilize traditional credit and likely prefer using alternative credit tools and credit score trends.

A study done by VantageScore® Solutions, LLC shows that a large percentage of the
unscoreable population can be scored with VantageScore* and a portion of these are credit-worthy (defined as the population of consumers who have a cumulative likelihood to become 90 days or more delinquent is less than 5 percent).  The following is a high-level summary of the findings for consumers who had at least one trade:

Lenders can review their credit decisioning process to determine if they have the tools in place to assess the risk of those unscoreable consumers.  As with this population there is an opportunity for portfolio expansion as demonstrated by the VantageScore study.

*VantageScore is a generic credit scoring model introduced to meet the market demands for a highly predictive consumer score. Developed as a joint venture among the three major credit reporting companies (CRCs) – Equifax, Experian and TransUnion.

-- by Kelly Kent

Source: Experian-Oliver Wyman Market Intelligence Reports

Analyzing recent trends from vintages published in the Experian-Oliver Wyman Market Intelligence Reports, there are numerous insights that can be gleaned from just a cursory review of the results.

Mortgage trends

As noted in an earlier posting, recent mortgage vintage analysis' show a broad range of behaviors between more recent vintages and older, more established vintages that were originated before the significant run-up of housing prices seen in the middle of the decade. The 30+ delinquency levels for mortgage vintages in 2005, 2006, and 2007 approach and in two cases exceed 10 percent of trades in the last 12 months of performance, and have spiked from historical trends, beginning almost immediately after origination. On the other end of the spectrum, the vintages from 2003 and 2002 have barely approached or exceeded 5 percent for the last 6 or 7 years.

Band card trends

As one would expect, the 30+ delinquency trends demonstrated within bankcard vintage analysis are vastly different from the trends of mortgage vintages. Firstly, card delinquencies show a clear seasonal trend, with a more consistent yearly pattern evident in all vintages, resulting from the revolving structure of the product. The most interesting trends within the card vintages do show that the more recent vintages, 2005 to 2008, display higher 30+ delinquency levels, especially the Q2 2007 vintage, which is far and away the underperformer of the group.

Within each vintage pool, an analysis can extend into the risk distribution and details of the portfolio and further segment the pool by credit score, specifically VantageScore.  In other words, the loans in this pool are only for the most creditworthy customers at the time of origination. The noticeable trend is that while these consumers were largely resistant to deteriorating economic conditions, each vintage segment has seen a spike in the most recent 9-12 months.

Given that these consumers tend to have the highest limits and lowest utilization of any VantageScore band, this trend encourages further account management consideration and raises flags about overall bankcard performance in coming months.

Even a basic review of vintage analysis pools and the subsequent analysis opportunities that result from this data can be extremely useful. This vintage analysis can add a new perspective to risk management, supplementing more established analysis techniques, and further enhancing the ability to see the risk within the risk.

--by Mike Sutton

In today’s collections environment, the challenges of meeting an organization’s financial objectives are more difficult than ever.  Case volumes are higher, accounts are more difficult to collect and changing customer behaviors are rendering existing business models less effective.

When responding to recent events, it is not uncommon for organizations to take what may seem to be the easiest path to success — simply hiring more staff. Perhaps in the short-term there may appear to be cash flow improvements, but in most cases, this is not the most effective way to cope with long-term business needs. As incremental staff is added to compensate for additional workloads, there is a point of diminishing return on investment and that can be difficult to define until after the expenditures have been made. Additionally, there are almost always significant operational improvements that can be realized by introducing new technology.  Furthermore, the relevant return on investment models often forecast very accurately.

So, where should a collections department consider investing to improve financial results? The best option may not be the obvious choice, and the mere thought can make the most seasoned collections professionals shutter at the thought of replacing the core collections system with modern technology. That said, let’s consider what has changed in recent years and explore why the replacement proposition is not nearly as difficult or costly as in the past.

Collection Management Software
The collections system software industry is on the brink of a technology evolution to modern and next-generation offerings. Legacy systems are typically inflexible and do not allow for an effective change management program. This handicap leaves collections departments unable to keep up with rapidly changing business objectives that are a critical requirement in surviving these tough economic times. Today’s collections managers need to reduce operational costs while improving these objectives: reducing losses, improving cash flow and promoting customer satisfaction (particularly with those who pose a greater lifetime profit opportunity).  The next generation collections software squarely addresses these business problems and provides significant improvement over legacy systems. Not only is this modern technology now available, but the return on investment models are extremely compelling and have been proven in markets where successful implementations have already occurred.

As an example of modern collections technologies that can help streamline operations, check out the overview and brief demonstration that is on this link:

www.experian.com/decision-analytics/tallyman-demo.html.
 

--by Kennis Wong

In Part 1 of Generic fraud score, we emphasized the importance of a risk-based approach when it comes to fraud detection. Here are some further questions you may want to consider.

What is the performance window?

When a model is built, it has a defined performance window. That means the score is predicting a certain outcome within that time period. For example, a traditional risk score may be predicting accounts that are decreasing in twenty-four months. That score may not perform well if your population typically worsens in two months. This question is particularly important when it relates to scoring your population. For example, if a bust-out score has a performance window of three months, and you score your accounts at the time of acquisition, it would only catch accounts that are busting-out within the next three months. As a result, you should score your accounts during periodic account reviews in addition to the time of acquisition to ensure you catch all bust-outs.  Therefore, bust out fraud is an important indicator. 

Which accounts should I score?

While it’s typical for creditors to use a fraud score on every applicant at the time of acquisition, they may not score all their accounts during review. For example, they may exclude inactive accounts or older accounts assuming those with a long history means less likelihood of fraud. This mistake may be expensive. For instance, the typical bust-out behavior is for fraudsters to apply for cards way before they intend to bust out. This may be forty-eight months or more. So when you think they are good and profitable customers, they can strike and leave you with seriously injury. Make sure that your fraud database is updated and accurate.  As a result, the recommended approach is to score your entire portfolio during account review. 

How often do I validate the score?

The answer is very often -- this may be monthly or quarterly. You want to understand whether the score is working for you – do your actual results match the volume and risk projections? Shifts of your score distribution will almost certainly occur over time. To meet your objectives over the long run, continue to monitor and adjust cutoffs.  Keep your fraud database updated at all times.

-- by Keir Breitenfeld

In my previous two blog postings, I’ve tried to briefly articulate some key elements of and value propositions associated with risk-based authentication.  In this entry, I’d like to suggest some best-practices to consider as you incorporate and maintain a risk-based authentication program.

1. Analytics – since an authentication score is likely the primary decisioning element in any risk-based authentication strategy, it is critical that a best-in-class scoring model is chosen and validated to establish performance expectations.  This initial analysis will allow for decisioning thresholds to be established.  This will also allow accept and referral volumes to be planned for operationally.  Further more, it will permit benchmarks to be established which follow on performance monitoring that can be compared.

2. Targeted decisioning strategies – applying unique and tailored decisioning strategies (incorporating scores and other high-risk or positive authentication results) to various access channels to your business just simply makes sense.  Each access channel (call center, Web, face-to-face, etc.) comes with unique risks, available data, and varied opportunity to apply an authentication strategy that balances these areas; risk management, operational effectiveness, efficiency and cost, improved collections and customer experience.  Champion/challenger strategies may also be a great way to test newly devised strategies within a single channel without taking risk to an entire addressable market and your business as a whole.

3. Performance Monitoring – it is critical that key metrics are established early in the risk-based authentication implementation process.  Key metrics may include, but should not be limited to these areas: 

• actual vs. expected score distributions;
• actual vs. expected characteristic distributions;
• actual vs. expected question performance;
• volumes, exclusions;
• repeats and mean scores;
• actual vs. expected pass rates;
• accept vs. referral score distribution;
• trends in decision code distributions; and
• trends in decision matrix distributions. 

Performance monitoring provides an opportunity to manage referral volumes, decision threshold changes, strategy configuration changes, auto-decisioning criteria and pricing for risk based authentication.

4. Reporting – it likely goes without saying, but in order to apply the three best practices above, accurate, timely, and detailed reporting must be established around your authentication tools and results.  Regardless of frequency, you should work with internal resources and your third-party service provider(s) early in your implementation process to ensure relevant reports are established and delivered. 

In my next posting, I will be discussing some thoughts about the future state of risk based authentication.

-- by Kristan Keelan

What do you think of when you hear the word “fraud”?  Someone stealing your personal identity?  Perhaps the recent news story of the five individuals indicted for gaining more than $4 million from 95,000 stolen credit card numbers?  It’s unlikely that small business fraud was at the top of your mind.   Yet, just like consumers, businesses face a broad- range of first- and third-party fraud behaviors, varying significantly in frequency, severity and complexity. Business-related fraud trends call for new fraud best practices to minimize fraud.

First let’s look at first-party fraud.  A first-party, or victimless, fraud profile is characterized by having some form of material misrepresentation (for example, misstating revenue figures on the application) by the business owner without  that owner’s intent or immediate capacity to pay the loan item.  Historically, during periods of economic downturn or misfortune, this type of fraud is more common.  This intuitively makes sense — individuals under extreme financial pressure are more likely to resort to desperate measures, such as misstating financial information on an application to obtain credit.  

Third-party commercial fraud occurs when a third party steals the identification details of a known business or business owner in order to open credit in the business victim’s name.  With creditors becoming more stringent with credit-granting policies on new accounts, we’re seeing seasoned fraudsters shift their focus on taking over existing business or business owner identities.

Overall, fraudsters seem to be migrating from consumer to commercial fraud.   I think one of the most common reasons for this is that commercial fraud doesn’t receive the same amount of attention as consumer fraud.  Thus, it’s become easier for fraudsters to slip under the radar by perpetrating their crimes through the commercial channel.   Also, keep in mind that businesses are often not seen as victims in the same way that consumers are.  For example, victimized businesses aren’t afforded the protections that consumers receive under identity theft laws, such as access to credit information.   These factors, coupled with the fact that business-to-business fraud is approximately three-to-ten times more “profitable” per occurrence than consumer fraud, play a role in leading fraudsters increasingly toward commercial fraud.
 

-- by Keir Breitenfeld

The term “risk-based authentication” means many things to many institutions.  Some use the term to review to their processes; others, to their various service providers.  I’d like to establish the working definition of risk-based authentication for this discussion calling it:  “Holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time.” 

Now, that “holistic assessment” thing is certainly where the rubber meets the road, right? 

One can arguably approach risk-based authentication from two directions.  First, a risk assessment can be based upon the type of products or services potentially being accessed and/or utilized (example: line of credit) by a customer.  Second, a risk assessment can be based upon the authentication profile of the customer (example: ability to verify identifying information).  I would argue that both approaches have merit, and that a best practice is to merge both into a process that looks at each customer and transaction as unique and therefore worthy of  distinctively defined treatment.

In this posting, and in speaking as a provider of consumer and commercial authentication products and services, I want to first define four key elements of a well-balanced risk based authentication tool: data, detailed and granular results, analytics, and decisioning.

1.  Data: Broad-reaching and accurately reported data assets that span multiple sources providing far reaching and comprehensive opportunities to positively verify consumer identities and identity elements.

2.  Detailed and granular results: Authentication summary and detailed-level outcomes that portray the amount of verification achieved across identity elements (such as name, address, Social Security number, date of birth, and phone) deliver a breadth of information and allow positive reconciliation of high-risk fraud and/or compliance conditions.  Specific results can be used in manual or automated decisioning policies as well as scoring models,

3.  Analytics:  Scoring models designed to consistently reflect overall confidence in consumer authentication as well as fraud-risk associated with identity theft, synthetic identities, and first party fraud.  This allows institutions to establish consistent and objective score-driven policies to authenticate consumers and reconcile high-risk conditions.  Use of scores also reduces false positive ratios associated with single or grouped binary rules.  Additionally, scores provide internal and external examiners with a measurable tool for incorporation into both written and operational fraud and compliance programs,

4.  Decisioning: Flexibly defined data and operationally-driven decisioning strategies that can be applied to the gathering, authentication, and level of acceptance or denial of consumer identity information.  This affords institutions an opportunity to employ consistent policies for detecting high-risk conditions, reconcile those terms that can be changed, and ultimately determine the response to consumer authentication results – whether it be acceptance, denial of business or somewhere in between (e.g., further authentication treatments).

In my next posting, I’ll talk more specifically about the value propositions of risk-based authentication, and identify some best practices to keep in mind.

-- By Ken Pruett

Earlier this week I blogged about some of the other types of frauds that impact our customers such as “never pay” and “bust out” fraud. Today I want to touch a bit on some of the third party fraud scenarios that are often top of mind with our customers: identity theft; synthetic identities; and account takeover.  

Identity Theft
Identity theft usually occurs during the acquisition stage of the customer life cycle. Simply put, identity theft is the use of stolen identity information to fraudulently open up a new account.  These accounts do not have to be just credit card related. For example, there are instances of people using others identities to open up wireless phone and utilities accounts 

Recent fraud trends show this type of fraud is on the rise again after a decrease over the past several years.  A recent Experian study found that people who have better credit scores are more likely to have their identity stolen than those with very poor credit scores. It does seem logical that fraudsters would likely opt to steal an identity from someone with higher credit limits and available purchasing power.  This type of fraud gets the majority of media attention because it is the consumer who is often the victim (as opposed to a major corporation). 

Fraud changes over time and recent findings show that looking at data from a historical perspective is a good way to help prevent identity theft.  For example, if you see a phone number being used by multiple parties, this could be an indicator of a fraud ring in action.  Using these types of data elements can make your fraud models much more predictive and reduce your fraud referral rates. 

Synthetic Identities
Synthetic Identities are another acquisition fraud problem.  It is similar to identity theft, but the information used is fictitious in nature.  The fraud perpetrator may be taking pieces of information from a variety of parties to create a new identity.  Trade lines may be purchased from companies who act as middle men between good consumers with good credit and perpetrators who creating new identities.   This strategy allows the fraud perpetrator to quickly create a fictitious identity that looks like a real person with an active and good credit history. 

Most of the trade lines will be for authorized users only.  The perpetrator opens up a variety of accounts in a short period of time using the trade lines. When creditors try to collect, they can’t find the account owners because they never existed.  As Heather Grover mentioned in her blog, this fraud has leveled off in some areas and even decreased in others, but is probably still worth keeping an eye on.  One concern on which to focus especially is that these identities are sometimes used for bust out fraud. 

The best approach to predicting this type of fraud is using strong fraud models that incorporate a variety of non-credit and credit variables in the model development process.  These models look beyond the basic validation and verification of identity elements (such as name, address, and social security number), by leveraging additional attributes associated with a holistic identity -- such as inconsistent use of those identity elements.

Account Takeover
Another type of fraud that occurs during the account management period of the customer life cycle is account takeover fraud.  This type of fraud occurs when an individual uses a variety of methods to take over an account of another individual. This may be accomplished by changing online passwords, changing an address or even adding themselves as an authorized user to a credit card.  

Some customers have tools in place to try to prevent this, but social networking sites are making it easier to obtain personal information for many consumers.  For example, a person may have been asked to provide the answer to a challenge question such as the name of their high school as a means to properly identify them before gaining access to a banking account.  Today, this piece of information is often readily available on social networking sites making it easier for the fraud perpetrators to defeat these types of tools. 

It may be more useful to use out of wallet, or knowledge-based authentication and challenge tools that dynamically generate questions based on credit or public record data to avoid this type of fraud. 

-- By Kari Michel

Bankruptcies continue to rise and are expected to exceed 1.4 million by the end of this year, according to American Bankruptcy Institute Executive Director, Samuel J. Gerdano.  Although, the overall bankruptcy rates for a lender’s portfolio is small (about 1 percent), bankruptcies result in high dollar losses for lenders.  Bankruptcy losses as a percentage of total dollar losses are estimated to range from 45 percent for bankcard portfolios to 82 percent for credit unions.  Additionally, collection activity is restricted because of legislation around bankruptcy.  As a result, many lenders are using a bankruptcy score in conjunction with their new applicant risk score to make better acquisition decisions. This concept is a dual score strategy.  It is key in management of risk, to minimize fraud, and in managing the cost of credit.

Traditional risk scores are designed to predict risk (typically predicting 90 days past due or greater).  Although bankruptcies are included within this category, the actual count is relatively small.   For this reason the ability to distinguish characteristics typical of a “bankruptcy” are more difficult.  In addition, often times a consumer who filed bankruptcy was in “good standings” and not necessarily reflective of a typical risky consumer.   By separating out bankrupt consumers, you can more accurately identify characteristics specific to bankruptcy.  As mentioned previously, this is important because they account for a significant portion of the losses.
 
Bankruptcy scores provide added value when used with a risk score. A matrix approach is used to evaluate both scores to determine effective cutoff strategies.   Evaluating applicants with both a risk score and a bankruptcy score can identify more potentially profitable applicants and more high- risk accounts.

-- by Wendy Greenawalt

In my last blog post I discussed the value of leveraging optimization within your collections strategy. Next, I would like to discuss in detail the use of optimizing decisions within the account management of an existing portfolio. Account Management decisions vary from determining which consumers to target with cross-sell or up-sell campaigns to line management decisions where an organization is considering line increases or decreases.  Using optimization in your collections work stream is key.

Let’s first look at lines of credit and decisions related to credit line management. Uncollectible debt, delinquencies and charge-offs continue to rise across all line of credit products. In response, credit card and home equity lenders have begun aggressively reducing outstanding lines of credit.    One analyst predicts that the credit card industry will reduce credit limits by $2 trillion by 2010. If materialized, that would represent a 45 percent reduction in credit currently available to consumers. This estimate illustrates the immediate reaction many lenders have taken to minimize loss exposure. However, lenders should also consider the long-term impacts to customer retention, brand-loyalty and portfolio profitability before making any account management decision.

Optimization is a fundamental tool that can help lenders easily identify accounts that are high risk versus those that are profit drivers. In addition, optimization provides precise action that should be taken at the individual consumer level.

For example, optimization (and optimizing decisions) can provide recommendations for:

• when to contact a consumer;
• how to contact a consumer; and
• to what level a credit line could be reduced or increased...

…while considering organizational/business objectives such as:

• profits/revenue/bad debt;
• retention of desirable consumers; and
• product limitations (volume/regional).

In my next few blogs I will discuss each of these variables in detail and the complexities that optimization can consider.

-- By Kari Michel

This blog completes my discussion on monitoring new account decisions with a final focus: scorecard monitoring and performance.  It is imperative to validate acquisitions scorecards regularly to measure how well a model is able to distinguish good accounts from bad accounts. With a sufficient number of aged accounts, performance charts can be used to:

• Validate the predictive power of a credit scoring model;
• Determine if the model effectively ranks risk; and
• Identify the delinquency rate of recently booked accounts at various intervals above and below the primary cutoff score.

To summarize, successful lenders maximize their scoring investment by incorporating a number of best practices into their account acquisitions processes:

1. They keep a close watch on their scores, policies, and strategies to improve portfolio strength.
2. They create monthly reports to look at population stability, decision management, scoring models and scorecard performance.
3. They update their strategies to meet their organization’s profitability goals through sound acquisition strategies, scorecard monitoring and scorecard management.
 

-- By Wendy Greenawalt

The combined impact of rising unemployment, increasing consumer debt burdens and decreasing home values have caused lenders to shift resources away from prospecting and acquisitions to collection and recovery activities. As delinquencies and charge-off rates continue to increase, the likelihood of collecting on delinquent accounts decreases -- because outstanding debts mount for consumers and their ability to pay declines. Integrating optimized decisions into a collection strategy enables a lenders to assign appropriate collection treatments by assessing the level of risk associated with a consumer while considering a customer’s responsiveness to particular treatment options.  

Specifically, collections optimization uses mathematical algorithms to maximize organizational goals while applying constraints such as budget and call center capacity  -- providing explicit treatment strategies at the consumer level -- while producing the highest probability of collecting outstanding dollars. Optimization can be integrated into a real-time call center environment by targeting the right consumers for outbound calls and assigning resources to consumers most likely to pay.  It can also be integrated into traditional lettering campaigns to determine the number and frequency of letters, and the tone of each correspondence. The options for account treatment are virtually limitless and, unlike other techniques, optimization will determine the most profitable strategy while meeting operational and business constraints without simplification of the problem.

By incorporating optimization into a collection strategy that includes a predictive model or score and advanced segmentation, an organization can maximize collected dollars, minimize the costs of collection efforts, improve collections efficiency, and determine which accounts to sell off – all while maximizing organizational profits.

There are a lot of areas covered in your comment: efficiency; credit quality (human side or character in an impersonal environment); and policy adherence. 

We define efficiency and effectiveness using these metrics:

• Turnaround time from application submission to decision;
• Resulting delinquencies based upon type of underwriting (centralized vs. decentralized);
• Production levels between centralized and decentralized;
• Performance of the portfolio based upon type of underwriting; and
• Turnaround time from application submission to decision

Due to the nature of Experian’s technology, we are able to capture start and stop times of the typical activities related to loan origination.  After analyzing the data from 160+ financial institutions of all sizes, Experian publishes an annual small business benchmark report that documents loan origination process efficiencies and inefficiencies, benchmarking these as industry standards.  

Turnaround Time

From the benchmark report, we’ve seen that institutions that are centralized have consistently had a turnaround time that is half of those with decentralized environments.

Interestingly, turnaround time is also much faster for the larger institutions than for smaller.  This is confusing because the smaller community banks tend to promote the close relationship they have with their clients and their communities. Yet, when it comes to actually making a loan decision, it tends to take longer.

In addition to speed, another aspect of turnaround is consistency.  We all can think of situations where we were able to beat the stated turnaround times of the larger or the centralized institutions.  Unfortunately, these tend to be isolated instances versus the consistent performance that is delivered in the centralized environment.

Resulting delinquencies based upon type of underwriting/Performance of the portfolio based upon type of underwriting

Again, referring to the annual small business lending benchmark report, delinquencies in a centralized environment are 50% of those in a decentralized environment. 

I have worked with a number of institutions that allow the loan officer/relationship manager to “reverse the decision” made by a centralized underwriting group.  The thinking is that the human aspect is otherwise missing in centralized underwriting.  When the data is collected, though, the incremental business/portfolio that is approved by the loan officer (who is close to the client and knows the human side) is not profitable from a credit quality perspective.  Specifically, this incremental portfolio typically has a net charge-off rate that exceeds the net interest margin -- and this is before we even consider the non-interest expense incurred. 

Your choice: is the incremental business critical to your success…or could you more fruitfully direct your relationship officer’s attention elsewhere?

Production levels between centralized and decentralized

Not to beat a dead horse, but the multiple of two comes into play here too.  As one looks at the throughput of each role (data entry, underwriter, relationship manager/lender), the production levels of a centralized environment are typically double that of a decentralized.

It’s clear that the data point to the efficiency and effectiveness of a centralized environment

--  Kari Michel

This blog is a continuation of my previous discussion about monitoring your new account acquisition decisions with a focus on decision management. 

Decision management reports provide the insight to make more targeted decisions that are sound and profitable. These reports are used to identify: which lending decisions are consistent with scorecard recommendations; the effectiveness of overrides; and/or whether cutoffs should be adjusted.

Decision management reports include:

• Accept versus decline score distributions
• Override rates
• Override reason report
• Override by loan officer
• Decision by loan officer

Successful lending organizations review this type of information regularly to make better lending policy decisions.  Proactive monitoring provides feedback on existing strategies and helps evaluate if you are making the most effective use of your score(s). It helps to identify areas of opportunity to improve portfolio profitability. 

In my next blog, I will discuss the last set of monitoring reports, scorecard performance.