Lending Risk

Risk – noun – exposure to the chance of injury or loss; a hazard or dangerous chance

Principles of Lending Risk

Lending risk is just one area of overall risk management in the credit union. It is one of the most important areas to consider as not managing and controlling lending risk can quickly lead to the failure of a credit union.

A credit union cannot avoid the risks involved in lending. However, through using credit assessment techniques such as credit scoring and assessing a member’s capacity to repay a loan, they can manage the risk. The only way risk can be avoided altogether is to not make any loans, which defeats the object of being a credit union.

The overall principles of risk management apply to lending risk as well as any other area

What is Risk?

• Identifiable and potential things that can go wrong
• Things that we can’t control, e.g. the risk of a recession, or of our employer-sponsor going bust (especially employee based credit unions)
• Things that we can control, e.g. who we offer loans to
• Things that we can manage, e.g. a short term liquidity problem

Identifying Risk

What can go wrong? This forms the basis for a risk log

What is the probability that it can go wrong? Probability can be high, medium or low, e.g. it can be quite likely to make a keying error when capturing application details to the system; it can be somewhat likely for borrower to miss signing agreement form; or it would be very unlikely for loan policy not to incorporate PRA rules.

What will the consequences be? Consequences can range from minimal to severe, e.g. consequences of not capturing the loan repayment date correctly onto the member system can be minor, because the mistake can be rectified. However, not making loans in accordance with PRA regulations could be very severe, as the PRA could stop the credit union from making any further loans.

Managing Risk

What can stop when things go wrong? The risk log is the key document for monitoring risk; it should show both all risks identified and also what the management actions are.  It should also include the measure of probability mentioned above. Taking action if a risk materialises is very important, e.g. if there is a contingency plan in place in case the office floods then test the plan regularly, make sure everyone knows what the plan is, and put it into action as soon as the office floods!  If loan losses are higher than budgeted then review the lending policy immediately.

What can we do to minimise the consequences? Controls are put in place to minimise risk, and are monitored by management, the Supervisory Committee and Board, e.g. having two cheque signatories on each cheque written is a control to minimise risk of fraud. Supervisory Committee checks that sample of cheques are signed within mandate levels. Reports to the Board that it has carried out its oversight function

Who is responsible for managing risk? The Board is responsible for overall risks and ensuring that responsibility for identifying, managing and monitoring risk is assigned to specific people/roles, e.g. Credit Committee may have function of overseeing lending specific risks.

Poor Risk Management

Poor risk management includes: lack of understanding; no thought given to what can go wrong; no appreciation of consequences; no risk register; or no account of risk when setting prices.

Furthermore, poor risk management in terms of staff and volunteers includes lack of responsibility, no clear roles, no accountability  and no monitoring.

Northern Rock was a former building society, which was brought down by poor risk management. Its key risk was the over-reliance on wholesale funding to increase its lending. Because the likelihood and severity of a loss of wholesale funding was underestimated it ran into liquidity problems when wholesale funding dried up in 2007. This was compounded by adverse PR (reputational risk) which led to depositors queuing to get their money back. The consequence of this was the failure of Northern Rock, and its subsequent nationalisation

What could have been done differently? If Northern Rock had better risk management would it have got into the same situation?

Key Principles or lending Risk

• Lending risk is a key risk to the credit union
• Everyone has a responsibility for managing risk
  Ensure clarity about who is responsible for which aspect
• Think about lending risk:

            External risk – outside credit union control

Internal risk – credit union can control

Come up with some examples of external and internal lending risks within your credit union and the actions you would take to mitigate them.