Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Best practices in risk rating policies

October 11, 2017
Read Time: 0 min

Policies are “the cornerstones for sound lending and loan administration,” and risk rating policies are a key component. Regulatory agencies lay out elements that loan policies should cover, such as what types of loans an institution will make and what information will be required from borrowers, but they rarely dictate the details.

An institution must develop appropriate policies and procedures based on its size and the complexity of its portfolio. These governing documents should require credit analysts to maintain timely and accurate risk ratings with appropriate oversight.

Here are three best practices when developing risk rating policies.

Determine Number of Risk Ratings Based on Portfolio Complexity

Regulators expect a lending institution to have a risk rating system that can distinguish criticized and classified assets. Additionally, even the smallest and least complex institution is expected to have some gradation within its non-criticized (i.e., Pass) assets. Larger, more complex institutions would have more stratification. An institution should align these distinctions to its processes. As a simple example, the institution can tie the frequency of review to risk ratings. A bank with 5 grades of Pass along with Special Mention, Substandard, Doubtful and Loss might set account review frequency for its C&I portfolio as follows:

Risk Rating Review Frequency
Pass (1-3)Annual
Pass (4-5)Semi-Annual
Special Mention (6)Quarterly
Substandard (7)Monthly
Doubtful & Loss (8-9)Weekly

Grow your loan portfolio while mitigating risk.

Learn More

Vest Risk Rating Responsibility Appropriately

Risk rating assignment should be separate from loan origination in order to limit bias - both real and perceived. The credit analyst may discuss the risk rating with the lender since the lender is likely to have additional perspective on the borrower’s state. Some institutions may also use a committee structure to discuss risk ratings. However, the final responsibility should be with the credit department. This separation of responsibilities safeguards the risk rating from undue influence.

Require Additional Approval Levels and Reviews

An institution may require additional approvals in certain circumstances. Common reasons for additional approvals are large size, a change in risk rating from prior period or a final risk rating that differs from the scorecard output. Policies may further distinguish between situations that require approval before a rating is finalized and those that merit periodic monitoring. The emphasis should be on ensuring risk ratings are assigned accurately and timely.

There are a number of variants that an institution could employ. For example, an institution may allow a credit analyst to approve a final rating that differs from the scorecard by one grade and require a manager to approve any other differences. The institution would then review all differences periodically. Similarly, an institution’s policy may require a manager to approve a change of two or more grades from the prior period because this level of change should occur rarely. It would review overall migration periodically as part of portfolio monitoring.

The current environment of low defaults could easily create complacency. It is critical to maintain strong risk rating policies and use them to identify troubled credits early to maximize a lender’s recovery with swift intervention.


About the Author


Raleigh, N.C.-based Sageworks, a leading provider of lending, credit risk, and portfolio risk software that enables banks and credit unions to efficiently grow and improve the borrower experience, was founded in 1998. Using its platform, Sageworks analyzed over 11.5 million loans, aggregated the corresponding loan data, and created the largest

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.