Seal of the Board of Governors of the Federal Reserve System

WASHINGTON, D. C.  20551


SR 98-25 (SUP)
September 21, 1998


SUBJECT: Sound Credit Risk Management and the Use of Internal Credit Risk Ratings at Large Banking Organizations

Introduction and Summary

                     Techniques, practices, and tools for credit risk management are evolving rapidly, as are the challenges that banking organizations face in their business lending activities.  For larger institutions, the number and geographic dispersion of their borrowers make it increasingly difficult for such institutions to manage their loan portfolios simply by remaining closely attuned to the performance of each borrower.  As a result, one increasingly important component of the systems for controlling credit risk at larger institutions is the identification of gradations in credit risk among their business loans, and assignment of internal credit risk ratings to loans that correspond to these gradations.  The Federal Reserve believes that the use of such an internal rating process is appropriate and, indeed, necessary for sound risk management at large institutions.

                     This SR letter describes certain elements of internal rating systems that are necessary to support sophisticated credit risk management.  This letter also underlines the need for supervisors and examiners, both in their onsite examinations and inspections and in their other contacts with banking organizations, to emphasize the importance of development and implementation of effective internal credit rating systems and the critical role such systems should play in the credit risk management process at sound large institutions.  In part, this SR letter expands upon issues raised in SR letter 98-18 (Lending Standards for Commercial Loans).

                     This SR letter should be disseminated to the large and complex banking organizations (both foreign and domestic) supervised by the Federal Reserve, as well as other institutions for which Reserve Bank staff believes it would be beneficial.  A suggested transmittal letter is attached for your use. 

                     Internal rating systems are currently being used at large institutions for a range of purposes.  At one end of this range they are primarily used to determine approval requirements and identify problem loans, while at the other they are also an integral element of credit portfolio monitoring and management, capital allocation, pricing of credit, profitability analysis, and detailed analysis to support loan loss reserving.  Internal rating systems being used for the latter purposes should be significantly richer and more robust than systems used for the former purposes.

                     As with all material bank activities, a sound risk management process should adequately illuminate the risks being taken and apply appropriate controls to allow the institution to balance risks against returns and the institution's overall appetite for risk, giving due consideration to the uncertainties faced by lenders and the long-term viability of the bank.  Accordingly, large banking organizations should have strong risk rating systems.  These systems should take proper account of gradations in risk and the overall composition of portfolios in originating new loans, assessing overall portfolio risks and concentrations, and reporting on risk profiles to directors and management.  Moreover, such rating systems also should play an important role in establishing an appropriate level for the allowance for loan and lease losses, conducting internal bank analysis of loan and relationship profitability, assessing capital adequacy, and possibly performance-based compensation.

                     For their part, examiners should evaluate the adequacy of internal credit risk rating systems, including ongoing development efforts, when assessing both asset quality and the overall strength of risk management at large institutions.  Recognizing that a strong risk rating system is an important element of sound credit risk management for such institutions, examiners should specifically evaluate the adequacy of internal risk rating systems at large institutions as one factor in determining the strength of credit risk management.  In doing so, examiners should be cognizant that an internal risk identification and monitoring system should be consistent with the nature, size and complexity of the banking organization's activities.  In this context, those institutions with significant involvement in relevant secondary market credit activities, such as securitization of business loans or credit derivatives, should have more elaborate and formal approaches for managing the risks associated with these activities.1  Whether or not they are active in such secondary market credit activities, however, larger and complex institutions typically would require a more structured and sophisticated set of arrangements for managing credit risk than smaller regional and community banks.  In performing their evaluation, examiners should also consider whether other elements of the risk management process might compensate for any specific weaknesses attributable to an inadequate rating system.

                     In addition, examiners should review internal management reports to determine whether the portion of bank loans in lower-quality pass grades has grown significantly over time, and whether any such change might have negative implications for the adequacy of risk management or capital at the institution.  Examiners should also consider whether a significant shift toward higher-risk pass grades, or an overall large proportion of loans in a higher-risk pass grade, should have negative implications for the institution's asset quality rating, including the adequacy of the loan loss reserve.  To some extent such reviews are already an informal part of the current examination process.  Examiners should also continue the longstanding practice of evaluating trends in categories associated with problem assets.

                     Examiners should discuss these issues, including plans to enhance existing credit rating systems, with bank management and directors and should incorporate comments on the adequacy of risk rating systems and the credit quality of the pass portfolio in examination reports, noting deficiencies where appropriate.

                     The guidance set forth in this SR letter does not constitute a regulation, nor does it seek to establish new regulatory requirements.  The guidance and sound practices set forth in this SR letter are designed to assist examiners in assessing the quality of the credit risk management process, and to inform the industry of some of the factors examiners will consider and evaluate during on-site examinations.

Preliminary Findings of the Federal Reserve's Analysis of Internal Risk Management Reports

                     As part of its ongoing risk focused examination program, the Federal Reserve reviews internal risk management reports, particularly those involving credit, interest rate, and market risk.  The analysis of these reports at large and complex banking organizations provides a basis for assessing the strengths and weaknesses of individual institutions, in the context of the risk-focused program of supervision for large institutions, and the industry in general.

                     In connection with the supervisory assessment of credit risk, the Federal Reserve reviews internal management reports describing the institution's credit exposure by internal risk grade.  Since the supervisory assessment of these reports began, Federal Reserve staff has been engaged in a detailed analysis of internal credit risk rating systems and exposures at large institutions, with the near-term goal of identifying sound practices in their use, and the long-term goal of encouraging broader adoption of such practices as well as further innovation and enhancements. 

                     This ongoing staff analysis has identified certain practices in the use of internal risk ratings that could materially limit their value in monitoring and managing credit risk, and could limit the ability of supervisors to utilize such processes and information in performing risk assessments at large institutions.  These practices fall into two broad categories:

  • Function and Design:  The risk rating system by its construction may not meaningfully distinguish among the strata of risk within the "pass" loans in the portfolio.
  • Assignment and Validation of Grades:  The process of assigning a risk grade to a transaction - and/or associated processes for monitoring and validating their accuracy - may not provide for sufficient consistency or independence.

                     The next two sections of this SR letter describe sound practices in risk ratings in these two areas.  In addition, this SR letter addresses the application of grades in several key areas of the risk management process, namely, influencing credit limits and approval authorities, monitoring credit risk in the pass loan portfolio, supporting the determination of the allowance for loan and lease losses, assisting in balancing risk and return in loan pricing, and influencing internal capital allocations within the organization.

Sound Practices in Function and Design of Internal Rating Systems

                     A consistent and meaningful internal risk rating system is a useful means of differentiating the degree of credit risk in loans and other sources of credit exposure.  This consistency and meaning is rooted in the design of the risk grading system itself.  Although assigning such risk ratings - as with ratings issued by public rating agencies - necessarily involves subjective judgment and experience, a properly designed rating system will allow this judgment to be applied in a structured, more or less formal, manner.

                     Credit risk ratings are designed to reflect the quality of a loan or other credit exposure, and thus - explicitly or implicitly - the loss characteristics of that loan or exposure.  Increasingly, large institutions link definitions to one or more measurable outcomes such as the probability of a borrower's default or expected loss (which couples the probability of default with some estimate of the amount of loss to be incurred in the event a default occurs).  In addition, credit risk ratings may reflect not only the likelihood or severity of loss but also the variability of loss over time, particularly as this relates to the effect of the business cycle.  Linkage to these measurable outcomes gives greater clarity to risk rating analysis and allows for more consistent evaluation of performance against relevant benchmarks.  The degree of linkage varies from institution to institution, however.

                     Although the degree of formality may vary, most institutions distinguish the riskiness of the borrowing entity (essentially default risk) from the risks associated with a particular transaction or structure (more oriented to loss in event of default).  In documenting their credit administration procedures, institutions should clearly identify whether risk ratings reflect the risk of the borrower or the risk of the specific transaction.  In this regard, many large institutions currently assign both a borrower and facility rating, requiring explicit analysis of both the loan's obligor and how the structure and terms of the particular loan being evaluated (i.e., collateral or guarantees) might strengthen or weaken the quality of the loan.

                     The rating scale chosen should meaningfully distinguish gradations of risk within the institution's portfolio, so that there is clear linkage to loan quality (and/or loss characteristics), rather than just to levels of administrative attention.  To do so, the rating system should be designed to address the range of risks typically encountered in the underlying businesses of the institutions.  One reflection of this degree of meaning is that there should be a fairly wide distribution of portfolio outstandings or exposure across grades, unless the portfolio is genuinely homogenous.  Many current rating systems include grades intended solely to capture credits needing heightened administrative attention, such as so-called "watch" grades.  Prompt and systematic tracking of credits in need of such attention is an essential element of managing credit risk.  However, to the extent that loans in need of attention vary in the risk they pose, isolating them in a single grade may detract from that system's ability to indicate risk.  One alternative is the use of separate or auxiliary indicators for those loans needing such administrative attention. 

                     Indeed, those institutions whose risk rating systems are least effective in distinguishing risk use them primarily to identify loans that are classified for supervisory purposes or that bank management otherwise believes should be given increased attention (i.e., "watch" loans).  Such systems contribute little or nothing to evaluating the bulk of loans in the portfolio - that is, loans for which no specific difficulties are present or foreseen.  In some cases these institutions might also establish one or two risk grades for loans having very little perceived risk, such as those collateralized by cash or liquid securities or those to "blue-chip" private firms.  Although the foregoing gradations are well-defined in terms of the relative credit risk they represent, the consequence for these least effective systems is that the bulk of the loan portfolio falls into one or two remaining broad risk grades - representing "pass" loans that are neither extremely low-risk nor that are current or emerging problem credits - even though such grades may encompass many different levels of underlying credit risk.

Sound Practices in Assigning Internal Risk Ratings

                     Experience and judgment, as well as more objective elements, are critical both in making the credit decision and in assigning internal risk grades.  Institutions should provide in their credit policies clear and explicit criteria for each risk grade as well as other guidance to promote consistency in assigning and reviewing grades.  Criteria should be specified, even when addressing subjective or qualitative considerations, that allow for consistent assignment of risk grades to similarly risky transactions.  Such criteria should include guidance both on the factors that should be considered in assigning a grade, and how these factors should be weighed in arriving at a final grade.

                     Such criteria can promote consistency in assessing the financial condition of the borrower and other objective indicators of the risk of the transaction.  One vehicle for enhancing the degree of consistency and accuracy is the use of "guidance" or "target" financial ratios or other objective indicators of the borrower's financial performance as a point of comparison when assigning grades.  Banking organizations may also provide explicit linkages between internal grades and credit ratings issued by external parties as a reference point, for example, senior public debt ratings issued by one or more major ratings agencies.  The use of default probability models, bankruptcy scoring, or other analytical tools can also be useful as supporting analysis.  However, the use of such techniques requires institutions to identify the probability of default that is "typical" of each grade.  The borrower's primary industry may also be considered, both in terms of establishing the broad characteristics of borrowers in an industry (e.g., degree of vulnerability to economic cycles or long-term favorable or unfavorable trends in the industry) and in terms of a borrower's position within the industry.

                     In addition to quantitative indications and tools, credit policies and ratings definitions should also cite qualitative considerations that should affect ratings.  These might include factors such as the strength and experience of the borrower's management, the quality of financial information provided, and the access of the borrower to alternative sources of funding. Addressing qualitative considerations in a structured and consistent manner when assigning a risk rating can be difficult, and requires the application of experience and business judgment.  Nonetheless, adequate consideration of these factors is important to assessing the risk of a transaction appropriately.  In this regard, institutions may choose to cite significant and specific points of comparison for qualitative factors in describing how such considerations can affect the rating (e.g., whether a borrower's financial statements have been audited or merely compiled by its accountants, or whether collateral has been independently valued).

                     Although the rating process requires the exercise of good business judgment and does not lend itself to formulaic solutions, some formalization of the process can be helpful in promoting accuracy and consistency.  For example, use of a "risk ratings analysis form" can be important in providing a clear structure for identifying and addressing the relevant qualitative and quantitative elements to be considered in determining internal risk grades, and for documenting how those grades were set by requiring analysis or discussion of key quantitative and qualitative elements of a transaction.

                     Risk ratings should be reviewed, if not assigned, by independent credit risk management or loan review personnel both at the inception of a transaction and periodically over the life of the loan.  Such independent reviewers should, themselves, reflect a level of experience and business judgment that is comparable to that of the line staff responsible for assigning and reviewing initial risk grades. Among the elements of such independent review should be whether risk rating changes (and particularly downgrades) have been timely and appropriate. Such independent reviews of individual ratings support the discipline of the rating assignments by allowing management to evaluate the performance of those individuals assigning and reviewing risk ratings.  If an institution places reliance on outside consultants, auditors, or other third parties to perform all or part of this review role, such individuals should have a clear understanding of the institution's "credit culture" and its risk rating process in addition to commensurate experience and competence in making credit judgments.

                     Finally, institutions should track performance of grades over time to gauge migration, consistency, and default/loss characteristics to allow evaluation of how well risk grades are being assigned.  Such tracking also allows for ex post analysis of the loss characteristics of loans in each risk grade.

                     Because ratings are typically applied to different types of loans - for example, both commercial real estate and commercial loans - it is important that each grade retains the same meaning to the institution (in terms of overall risk) across the exposure types.  Such comparability allows management to treat loans in high-risk grades as a potential concentration of credit risk and to manage them accordingly.  It also allows management and supervisors to monitor the overall degree of risk, and changes in the risk makeup, of the portfolio.  Such consistency further permits risk grades to become a reliable input into portfolio credit risk models.2

Application of Internal Risk Ratings to Internal Management and Analysis

                     Robust internal credit rating systems are, as noted earlier, an important element in several key areas of the risk management process.  Although nearly all large institutions currently make use of risk ratings, many of the institutions need to develop further these systems so that they provide accurate and consistent indications of risk and sufficient granularity in distinguishing among risks.  This section describes approaches to risk management and analysis that are based upon robust internal risk rating systems and are currently being used at some banking organizations.  These techniques appear to be emerging sound practices in the use of risk ratings.

                     Limits and approval requirements:  Many large institutions have different approval requirements and thresholds for different internal grades, allowing less scrutiny and greater latitude in decision-making for loans with lesser risk.  While this appears reasonable, institutions should also consider whether the degree of eased approval requirements (or the degree to which limits are higher) is supported by the degree of reduced risk and uncertainty associated with these lower-risk credits.  If not, they may provide incentives to rate loans too favorably, particularly in the current benign economic environment, with resulting underassessment of transaction risks.

                     Reporting to management on credit risk profile of the portfolio:  As part of reports analyzing the overall credit risk in the institution's portfolio, management and directors should receive information on the profile of actual outstandings, exposure, or both by internal risk grade.  Such information can thus be one consideration - among others, such as concentrations in particular industries or borrower types - in evaluating an institution's appetite for originating various types of new loans.  Portfolio analysis may range from simple tallies of aggregates by risk grade to a formal model of portfolio behavior that incorporates diversification and other elements of the interaction among individual loan types.  In this more complex analysis, gradations of risk reflect only one among many dimensions of portfolio risk, along with potential industry concentrations, exposure to an unfavorable turn in the business cycle, geographical concentrations, and other factors.

                     Allowance for loan and lease losses:  The makeup of the loan portfolio and the loss characteristics of each grade - including individual pass grades - should be considered, along with other factors, in internal analysis of the adequacy of an institution's allowance for loan and lease losses.  As described in the December 1993 Interagency Policy Statement on the Allowance for Loan and Lease Losses, internal risk rating systems and/or supporting documentation should enable examiners to reconcile an institution's internal risk ratings with the categories used by the federal banking agencies for those loans graded below "pass" (i.e., other assets especially mentioned, substandard, doubtful, and loss).  The guidance contained in this SR letter complements this earlier guidance by addressing internal credit grading systems as they relate to "pass" credits.

                     Pricing and profitability: In competitive marketplaces, it is properly the role of bankers rather than supervisors to judge the appropriateness of pricing, particularly with regard to any single transaction or group of transactions.  One way that some institutions choose to discipline their overall pricing practices across their portfolio is by incorporating risk-rating-specific loss factors in determining the minimum profitability requirements (i.e., "hurdle rates").  Following this practice may render such institutions less likely to price loans well below the level indicated by the long-term risk of the transaction.  Given that bank lending - and particularly pricing - has become highly competitive in recent years, application of appropriate discipline to pricing, in conjunction with a clear and meaningful assessment of the risks inherent in each transaction and in the portfolio as a whole, can be an important tool in avoiding competitive excesses in the future.

                     Internal allocation of capital:  Those institutions choosing to perform this analysis use their internal risk grades as important inputs in identifying appropriate internal capital allocations.  Use of appropriately allocated capital in evaluating profitability offers many advantages, including the incentive to consider both risk and return in making lending decisions rather than merely rewarding loan volume and short-term fee revenue.  Under appropriate circumstances - that is, where internal capital allocations are sufficiently consistent, rigorous, and well-documented - such allocations may also be considered as one input into supervisory evaluations of capital adequacy.

                     Questions or comments on the contents of this SR letter may be addressed to William Treacy, Supervisory Financial Analyst, at (202) 452-3859.

Richard Spillenkothen


                     Suggested transmittal letter

Cross References:  SR 98-18   (Lending Standards for Commercial Loans, June 1998)
SR 97-21  (Risk Management and Capital Adequacy of Exposures Arising from Secondary Market Credit Activities, July 1997)


1.   Secondary market credit activities generally include loan syndications, loan sales and participations, credit derivatives, and asset securitizations, as well as the provision of credit enhancements and liquidity facilities to such transactions. Such activities are described further in SR letter 97-21 (Risk Management and Capital Adequacy of Exposures Arising from Secondary Market Credit Activities).  Return to text

2.   For a discussion of these models and the role played by internal credit risk ratings, see “Credit Risk Models at Major U.S. Banking Institutions: Current State of the Art and Implications for Assessments of Capital Adequacy,” Report of the Federal Reserve System Task Force on Internal Credit Risk Models, May 1998.  This report is available on the Board’s Web site (  Return to text

Suggested Transmittal Letter to
the Chief Executive Officer
of Large and Complex Domestic and Foreign Banking Organizations
Supervised by the Federal Reserve

Subject:       Sound Credit Risk Management and the Use of Internal Credit Risk Ratings at Large Banking Organizations

                     As part of its ongoing supervision and examination programs and its longstanding emphasis on sound credit risk management processes, the Federal Reserve reviews internal credit risk management reports and supporting documents.  Based largely on these reviews, Federal Reserve staff has identified broad practices in the use of internal credit risk ratings that support strong credit risk management systems at large banking organizations.

                     To assist supervisors and examiners in their evaluations of the quality of credit risk management processes within banking organizations, the Federal Reserve has developed additional guidance that reflects the benefit of our supervisory efforts to date in this area.  The enclosed Supervisory Letter outlines the Federal Reserve's new guidance, and sound practices in the use of such internal rating systems at large institutions, as well as what appear to be emerging sound practices in how these grades are integrated into other key elements of the risk management processes at these organizations.  This guidance is in keeping with the risk-focused framework for the supervision of large complex banking organizations.

                     Any questions you may have on this guidance should be directed to [insert name and phone number] at this Reserve Bank.


[Insert name]


SR letters | 1998