News & Commentary

10:13 AM
Ed Bayer and Regan Camp, Sageworks
Ed Bayer and Regan Camp, Sageworks

The New FASB CECL Model’s Drastic Data Implications

Changes to the CECL model are going to require far more loan data and the input of new elements to keep the cost of compliance down.

Preparing for the Financial Accounting Standards Board’s (FASB) proposed Current Expected Credit Loss (CECL) model has been a topic of concern for many bankers, as they evaluate their preparedness for the forthcoming changes.

It has been widely publicized that many industry experts, including the OCC’s Thomas Curry, are anticipating the proposed changes will necessitate an increase in a bank’s ALLL reserve of up to 30 to 50 percent.

These predictions are further supported by bankers themselves, with 85 percent of 250 surveyed banking professionals estimating a required increase of up to 50 percent, according to a recent Sageworks survey. These increases in required reserves would, of course, impact an institution’s available capital levels and earnings – further adding to the anxiety surrounding the proposed changes.

Considering the proposed movement from an incurred loss model to a life-of-loan expected loss model and the potentially significant differences in accounting for such changes, institutions are warned to not passively wait for the approved proposal, only to react to the finalized changes. In that scenario, it is highly likely they may find themselves in a position of “too little, too late.” Rather, institutions should begin considering the possible changes and taking a proactive approach towards improving flexibility in their models and data to accommodate such changes.

The new model will likely necessitate gathering and computing up to 1,000 times more data, including new data elements like risk rating by individual loan, individual loan balance and individual loan segmentation. The chart below highlights the additional data that will likely be required.

If a bank does not have these new data elements, they will likely have to rely on peer data, which could prove costly, as shown in the infographic below.

Smaller financial institutions have had difficulties collecting and analyzing data currently necessary for defensible ALLL calculations, and many of those challenges stem from limited resources and insufficient data libraries. With the coming changes, these obstacles could be exacerbated.

As one way to prepare, banks are heeding Thomas Curry’s recent insight: “Third-party relationships help you acquire and leverage specialized expertise that you can’t afford to develop on your own.” There are several solutions that institutions can leverage to help collect, organize and analyze the necessary data. Other institutions are building out their own databases to start archiving loan-level data now.

A best practice for data storage is to keep the data in a dynamic setting where it could easily be pulled into multiple queries for more complex future calculations (CSV, Excel spreadsheet, etc.).

After twelve months, most banks’ core processing systems stop archiving data in a manner that allows for easy access and use. As a result, balances and further details are not readily accessible and would have to be manually transcribed from cumbersome archives if needed to perform the advanced calculations expected to be part of the final CECL model.

In the past, banks and credit unions utilized spreadsheets as a primary tool in risk management because of their familiarity and flexibility, as currently mentioned. Unfortunately, over-reliance on spreadsheets has become an area of serious regulatory concern, as many of the benefits offered are overshadowed by potentially significant risks like cell reference or formula errors.

Institutions that make the change now, from spreadsheets to an automated solution or data archive, will find it much easier to navigate regulatory changes and build a defensible ALLL calculation in the future.

Ed Bayer is the managing director of business development and market analysis, and Regan Camp is the senior risk management consultant, at Sageworks, which provides automated ALLL solutions.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.