Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

IFSLeaseWorks is now part of Abrigo.

Diversify your portfolio and earn additional interest income. End-to-end lease origination and administration automation make it possible.

Read the press announcement

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

Journey Technology Solutions is now part of the Abrigo family.

Turn complex data into actionable insights for faster, more informed decision-making.

Read the press release

360 View is now part of the Abrigo family.

Turn relationship data into cross-sell, onboarding, and retention strategies.

Read the press release

Portfolio Risk & CECL Loan Review and Due Diligence

Focus on loan review fundamentals when regulatory winds shift

Kent Kirby
March 23, 2026
0 min read

This article covers these key topics: 

Regulatory relief & the impact on loan review teams 

Even if financial regulatory agencies evolve or priorities shift, banks and credit unions must maintain these loan review fundamentals to maintain institutional safety and soundness.

The winds of change: Loan review impacts

Change has finally arrived in the regulatory world. For example, the OCC and FDIC have rescinded the 2013 Leveraged Lending Guidance, updated capital requirements are out for comment, and “tailoring” of supervision is gaining momentum.

In the practice of independent loan review, it’s tempting to assume these shifts will lighten our load. That’s probably wishful thinking.

Regulatory shifts may change the mechanics of supervision, but they don’t lessen the responsibility of financial institutions’ credit risk review teams. If anything, they make our role more essential in helping institutions navigate evolving expectations and maintain discipline.

Abrigo's AI solutions are practical, secure, and regulator-ready. Learn more about AI at our AI hub

See AI resources

Key characteristics of effective credit risk review

Still, now is an ideal moment to revisit what loan review is fundamentally about. A good starting point is the 2020 guidance on credit risk review systems. It outlines several key characteristics of an effective credit risk review framework, which fall neatly into three categories:


Credit

  • Prompt identification of actual or potential loan weaknesses
  • Validation and adjustment of risk ratings

Portfolio

  • Recognition of trends affecting portfolio quality
  • Assessment of policy adequacy and adherence
  • Evaluation of lending personnel and management

Results

  • Objective, independent assessments for management and the board
  • Accurate, timely credit-quality information for financial and regulatory reporting

 

Focusing on what matters most for credit risk review

From this, our core mandates for loan review become clear:

  1. Ensure risk ratings tell the truth

Are loans rated accurately, and does the rating system itself allow the institution to understand the level and direction of risk? A simple litmus test: if more than 20–25% of portfolio exposure concentrates in a single risk grade, the framework isn’t properly calibrated. In my experience, when a single grade carries more than a quarter of the exposure, it’s usually a sign that the scale isn’t distinguishing risk effectively. The loan review function must call that out and insist on a structure that distinguishes risk, not hides it.

  1. Evaluate policy adequacy, not just adherence

Loan review teams often fixate on exceptions—sometimes obsessively. But the more important question is whether credit policies and guidelines are adequate for how the institution actually operates. If there’s a disconnect between the stated guardrails and day-to-day practice, that’s a policy adequacy problem, and no amount of exception tracking compensates for it.

For example, from a policy perspective, unsecured lending is considered undesirable and should only be made on an exception basis. Yet, a review of an institution’s portfolio indicates that a third of loans are unsecured. Further analysis indicates 95% of exposure is risk rated “4” (assuming a six-point pass scale with 4 as Average) or better, so there is no real concern on credit quality. Yet, this institution has created a rash of exceptions (a third of the portfolio!), which are unnecessary and do nothing more than create noise. The policy needs to be revisited.

If anything, labeling unsecured lending as an exception should only apply to loans risk rated 5 or worse. More appropriately however, it’s not a policy issue at all. It’s simply a portfolio segment to monitor and perhaps apply a capital allocation. It’s harder to make this kind of a call, but it’s the one that truly matters.

  1. Assess whether people are doing their jobs

Years ago, I reviewed a small market where the four largest loans were nonaccrual with partial charge-offs. Management had been replaced, and the new folks had worked tirelessly to stabilize them. By our mechanical scoring system, however, the overall examination rating would have been “Unsatisfactory.” That was unfair. I overrode the score and argued for a more reasonable rating.

Too often, examinations elevate process over substance. The real question is whether people—lenders, managers, and the oversight function (i.e. credit)—are doing their jobs. Today, as more institutions adopt automated scoring and workflow tools, this principle matters even more. Technology can support judgment, but it can’t replace the need to understand when people are doing the right work for the right reasons. As financial institutions’ loan review software tools get more sophisticated, the discipline to challenge them—not just follow them—will be what separates effective institutions from merely compliant ones.

  1. Communicate clearly to the board and executives

Your audience does not want a 25-page tome of charts and grids that says nothing. Keep the credit risk review report to 3–5 pages and make sure to:

  • State the overall portfolio condition and its trajectory
  • Highlight risk ratings, policy adequacy, and personnel performance
  • Identify action items, expected outcomes, and agreed-upon timelines

Everything else—scorecards, detail schedules, loan-level grids—belongs in an appendix.

In my early career, a boss distinguished between the “regulatory” and the “righteous.” Regulatory meant required. Righteous meant it made sense. Everything above falls into the righteous category. Even if agencies evolve or priorities shift, these fundamentals remain essential to institutional safety and soundness.

Standing still means falling behind

While the core mandates of credit risk review aren’t changing, there are areas where standing still means falling behind:

  1. Automation is no longer optional

Automation was once limited to large institutions, but now it has become critical for community banks as well. Portfolios are more complex. Leadership talent from larger banks is migrating into smaller organizations, often bringing higher risk appetites. Borrowers themselves are more sophisticated, managing supply chains aggressively and pursuing opportunities with greater confidence.

If you are still relying on Word and Excel, and your view of portfolio risk is constrained by data built for operations rather than risk discovery, it is time to adopt a workflow platform. Automation not only accelerates the review cycle, it surfaces the “hidden mickeys” of risk that manual processes continually miss.

  1. Artificial intelligence: Beyond the hype

AI may straddle the line between fad and transformative force, but the “righteous” use case is clear: eliminating rote, time-consuming work.

Even as a speed reader, it takes me an hour or more to scan a loan agreement. An AI-powered loan review solution like Abrigo’s can do the first pass in minutes—accurately flagging issues, freeing humans to focus on judgment, decisions, and action. Of course, like any powerful tool, AI works best with reasonable oversight. Validating outputs and keeping humans in the loop ensure technology enhances judgment rather than dilutes it. AI can draft exam results, summarize trends, and spotlight previously invisible risk pockets. This isn’t science fiction; it’s here, and it’s practical. It can speed loan reviews by 30%.

 

The more things change…

The more things change, the more the fundamentals of loan review stand out. Regulatory priorities will evolve, guidance will come and go, and supervisory approaches will shift. But the responsibility of loan review does not. At its core, the function exists to ensure that credit risk is accurately understood, clearly communicated, and actively managed.

That’s the standard that matters—not whether every box is checked, but whether the work leads to sound judgment and better decisions. Institutions that navigate change successfully will be those that stay grounded in these principles while embracing tools and approaches that strengthen them. In the end, safety and soundness is driven by how well we execute on the fundamentals, regardless of the environment.

Did you know? Abrigo provides one platform for growth, efficiency & risk intelligence.

Explore our solutions
Webinar

Improving risk oversight for today’s loan portfolios

Read More
Whitepaper

7 Questions to move from AI curiosity to AI confidence

Read More
Whitepaper

Ahead of the curve: A banker’s podcast episode 11 – Exploring agentic tools with Ravi Nemalikanti (at AWS Re:Invent)

Read More
About the Author

Kent Kirby

Senior Consultant, Portfolio Risk
Kent Kirby is a retired banker with over 39 years of experience in all aspects of commercial banking: lending, loan review, back-room operations, credit administration, portfolio management and analytics and credit policy.  As Senior Consultant in the Portfolio Risk practice, Kirby assists institutions in the review and enhancement of commercial

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.