Skip to Main Content

10 Things to Look for in a Modern Credit Risk Rating System

DRR Blog 4 10 Things To Look For 1168X660

Not all credit risk rating systems are created equal, but the goal of any such system is essentially the same: effectively manage risk to protect portfolio quality and, in turn, bank profitability. So, when RMA, a century-old association with a mission to advance sound risk management, set out to develop our own risk rating system in late 2019, what did we look for to meet that goal for our members?

Just as we would recommend our members do, we started by seeking out best practices – the kind that only RMA can source from our unparalleled network of risk professionals – and built from there. Here is a rundown of 10 of the best practices we used to guide the development of RMA Dual Risk Rating – and the 10 things you should look for in your bank’s risk rating system:

1. Dual 

Dual risk rating has been the industry standard for over two decades. Using dual scales to calculate probability of default (PD) and loss given default (LGD), banks can separate out the borrower risk and PD from the collateral coverage that factors into LGD. Single rating systems either only look at the borrower risk, or blend borrower risk with collateral coverage.

2. Granularity

Granularity in the risk ratings themselves – especially among the pass grades – is the key to improving decision-making and portfolio management. The more granularity, the easier it is to manage the portfolio with intelligence. For example, some banks might overuse a single pass rating – let’s call it a Pass 4 – but a more granular rating scale might split that overused rating into three, for example: 4+, 4, and 4-.

3. Consistency 

The system should produce consistent, balanced ratings across scorecards, lines of business, analysts, and time. In other words, a 5 is a 5 is a 5, no matter who the customer is, who calculated the rating, and when it was created.  

4. Data-driven

Ideally, all scorecards would rely on clear unimpeachable data, such as the Debt Service Coverage Ratio. And most scorecards tend to weigh objective data more heavily than subjective data. But the subjective data, such as “Management Experience in this Industry,” can also be part of a strong scorecard. Subjective factors can be improved by providing clear, unambiguous definitions. For example, a “Strong” means the management team has served in the industry for 15+ years or more successfully, and a “Weak” means this is their first year in business.

5. Transparency

The inputs, calculations, and outputs should be clear and available to the analyst and other relevant parties. As a result, the final risk rating documentation for the file will include all that information, so that loan review, a different analyst, or an examiner can clearly see how the rating was derived.

6. Technology

Word- and Excel-based risk rating systems are better than none at all, but the challenges seriously diminish the benefits. Oftentimes, data is buried in the document and not available for portfolio reporting, plus these kinds of systems are notorious for version control issues and faulty calculation logic. The best practice for modern times is to have the system deployed as a ready-to-use software solution with an intuitive user interface or integrated into a loan origination or spreading system already in use.

7. Rank order 

This one is obvious but worth noting. The system should clearly rank order the risk from least to most. When coupled with the facility LGD rating, rank ordered granularity increases, and the bank can differentiate ‘strong 5’s’ from ‘weak 5’s’, for example.

8. Reporting 

The system should store data and provide ad hoc reporting capabilities to analyze the portfolio from numerous perspectives, such as ratings concentration and migration over time. This is critical to effective portfolio management.

9. Documentation

Without proper risk rating system documentation to provide common instruction and define key terms and goals, implementing and using the system will be more difficult and yield potentially subpar results.

10. Easy to use

Many of the qualities of a good risk rating system come together to increase overall ease of use. Less confusion about what a risk rating means in practice, less effort to utilize the system in regular loan management workflows, and fewer grey areas all result in more ease of use for the business. Notably, from a technology standpoint, best practices that promote ease of use for users include making it so data only needs to be entered once, having data linked with core systems, providing drop-down choices instead of a free form text box, and offering options for user help.

Looking back to before we launched RMA Dual Risk Rating earlier this year, it is interesting to think about how all these best practices have manifested themselves in the solution to, as we said before, help RMA members “effectively manage risk to protect portfolio quality and, in turn, bank profitability.” Plus, it is the first solution to bring all these best practices together that is available at a competitive price point!

If you are interested in learning more about these best practices and how we have built them into our solution, please contact us today!


Steven is the Director of Business Solutions at RMA, responsible for all five of its core products. He is a 25+ year veteran of the banking industry with proven expertise in successfully developing and implementing bank technology. Most recently, Steven was VP at Sageworks, helping financial institutions modernize lending. Steven holds an MBA from Stanford University.