Managing Credit Card Risk in the Golden Age of Regulations

The nature of credit risk management in the credit card industry has changed. The current regulatory environment has put financial institutions in an interesting bind. On the one hand, credit card is and has historically been a profit center for banks. They want to continue to grow their credit card portfolios. On the other hand, every bank is actively trying to limit their risk exposure. They are focused on managing risk across every part of the organization, including the credit card division.

This friction between account acquisition and risk management has always existed. It’s natural and desirable for banks’ marketing and credit risk groups to butt heads in pursuit of their distinct objectives. In the end, a reasonable middle course between aggressive account acquisition and restrictive risk management is chartered.

However, in recent years, this friction has become much harder to manage. The reason for this is that recent regulations have made it harder for banks to effectively manage the risk of their credit card portfolios. Take the 2009 Credit CARD Act for example. The CARD Act was designed to protect consumers by establishing more transparent and fair practices around credit cards. The law arguably did achieve these goals, but as with many laws, there were some unintended consequences. One of these consequences was a reduced ability, for banks’ portfolio managers, to actively manage the risk of their credit card portfolios. This was the result of numerous provisions in the CARD Act like those that prevent lenders from raising interest rates on accounts with late payments of less than 60 days or requiring a 45 day notification period before changing interest rates.

The core problem with these types of provisions is that they prevent lenders from quickly responding to changes in the risks posed by their existing credit card customers. If a consumer loses their job and suddenly can’t make their credit card payments (which isn’t exactly a rare occurrence in today’s economy), lenders can’t raise the interest rate to mitigate that increase in risk in less than 3 months. That’s unacceptable. Banks can’t wait 3 months to protect themselves from increases in their portfolio risk, but current regulations won’t let them move any faster.

So how do financial institutions respond? How do they mitigate their risk while still continuing to acquire new credit card accounts? We have seen two primary strategies:

1. Preemptively Hedge your Bets- If you can’t quickly adjust your terms in response to changes in risk, do it at the beginning. Hedge on the possibility of default by offering cards with annual fees, higher interest rates, and lower credit limits. By not offering customers the best possible terms upfront, banks can minimize the damage of any risk fluctuations during the length of the customer relationship. This approach is low cost and low reward. It’s easy to create products with less desirable terms and it will certainly soften the impact of any negative changes in the portfolio’s risk. However, this approach puts you at a competitive disadvantage. It limits the effectiveness of your customer acquisition and marketing strategies. It prevents you from offering the most attractive terms and thus prevents you from attracting the most profitable, low risk consumers.
2. Make Better Credit Risk Decisions- This is much more difficult than it sounds, but the idea is pretty simple. If regulations are limiting your ability to control your risk during portfolio management, then you need to do a better job of segmenting out unacceptable risks during the origination process. This can be accomplished by integrating more sophisticated data and risk analysis into that origination process. Industry standard credit scores are not perfectly predictive. Every consumer with a 690 FICO score doesn’t present the exact same credit risk. Within traditional credit scores, there is a surprising amount of variability. Some consumers with a 690 FICO score act like a 690 FICO score. However, other consumers with a 690 FICO score might actually behave from a risk standpoint very differently—displaying either higher or lower performance. In other words, the actual risk that they pose is not perfectly reflected in their score. The imperfection of traditional credit scores has introduced an opportunity for non-traditional data and analytics providers to step in with alternative and supplementary scoring solutions. These scores provide an additional layer of segmentation during the risk decisioning part of the origination process.

For example, if a bank’s credit risk policy requires a FICO score cut-off of 690, but due to the imperfect predictiveness of traditional scores the actual risk of those consumers might be closer to a 680 or 675. So, in effect, they are approving consumers for credit cards who (according to their own credit risk policy) are unacceptably likely to default. This is where those alternative scores come into play. I have seen data studies from several alternative data providers that demonstrate the potential for a 10-15% reduction in defaults without a decrease in the overall number of approved applications. If the bank can screen out these faux-690 consumers using an alternative risk score, they can improve the risk profile of their credit card portfolio and reduce the need for corrective rate adjustments in the future.

Banks cannot afford to stop competing for credit card accounts. Regulatory changes like the CARD Act have increased the friction between banks’ marketing and credit risk efforts. In order for credit risk to do their job without crippling marketing’s ability to do theirs, financial institutions need to adopt a more sophisticated approach to risk decisioning. Thanks to the introduction of new, alternative data and analytic products, this is now a realistic strategy for banks to pursue.