Banking Case Studies General Consulting Regulatory Compliance Regulatory Readiness Preparation Scorecard Builds/Validation

PAG adds processes and reports to help lender convince regulators its exception documentation was sound


A large unsecured loan provider in the United States was having challenges with its model suite and convincing its regulator and partners that its models were compliant and in control. The client had a few Matters Requiring Attention (MRAs) and other regulatory issues threatening to disrupt its business and didn’t have a large budget to hire a full modeling team to close the gaps.

PAG Solution:

PAG was hired to do a complete end-to-end review of three different models and assess their overall performance and compliance relative to industry expectations. PAG was able to determine that all three models were built from sound assumptions, and the performance seen in the development samples was consistent with production.

The client, however, had a number of issues with exceptions in its lending process and a complete lack of model documentation that confused regulators about performance and compliance. PAG created a report to separate underwriting performance on loans within the credit sandbox versus those approved on exception. We also compared the client’s model documentation to the OCC’s requirements and identified the missing documentation. PAG put a six-month plan together to close all gaps and identified an ongoing governance structure that the regulator blessed, and the enhancement work began.

Client Benefits:
  1. PAG successfully built out its client’s enhancement plan to close down its areas of opportunity in the model governance space to the point it was able to meet monthly with its regulator to review progress.
  2. PAG’s staff allowed the client to focus on documenting its model practices while we educated the model team on ongoing governance, saving the client hundreds of thousands of dollars on personnel costs.
  3. PAG was able to help get the client’s current MRAs closed and allow it to go back to running its business.
  4. The client successfully passed a regulatory audit after one year with zero significant findings or MRA’s.
Case Studies Regulatory Compliance

PAG helps new affinity card issuer build compliance infrastructure


Company: New Market Entrant – US Co-Brand & Branded

Company was planning to enter the US Credit Card Market and had no compliance personnel or infrastructure to support their efforts. As they were looking to procure affinity partners, they were facing numerous audits for documentation and processes that did not exist.

PAG Solution:
PAG was engaged in a 3-stage approach, which started with PAG building out over 50 policies and supporting procedures to govern regulatory expectations and to support ongoing call center operations. From there, PAG documented technical requirements to help the client’s engineers program the regulatory requirements and controls directly into the proprietary card system. PAG then built user test cases and performed user acceptance testing to ensure all programmed controls were working as intended. PAG also supplied the client with a highly qualified Chief Compliance Officer to help guide their internal efforts, hiring practices, and to represent them in customer facing meetings.

Client Benefits:

  1. PAG was able to successfully build out our client’s complete Compliance Management System allowing them to successfully pass multiple prospective partner audits which led to several lucrative affinity relationships.
  2. PAG’s staff allowed the client to focus us their system engineering efforts while saving time, money, and resources on needed Compliance activities.
  3. PAG assisted the client’s eventual hiring of their internal Compliance Department by interviewing prospective employees and training them to be successful in taking over PAG Compliance duties in time.
  4. Our client was able to successfully pass a regulatory audit after 1 year in practice with zero significant findings or MRA’s.
Banking Regulatory Compliance

Strong risk management isn’t about stopping risk. It’s about managing that risk effectively

risk management

Risk is inherent in everything we do. Whether it be choosing to leave the house, turning on a burner, bungee jumping from a cliff, every action has the potential for something to go wrong. The same is true in business: business decisions carry risk. Sometimes it’s the expansion or growth that drives risk – but doing nothing is often a risk as well. A competitor could be leaping ahead while you are standing still. Inevitably there’s money that could have been made, if you had taken a chance.

Thus, strong risk management isn’t about stopping risk; it’s about managing risk effectively.

Effective risk management is a term that’s often thrown about as a sound bite. What does it really mean, and how do you get there?

  1. Balance risk and reward: Ensure you are getting paid (or value) commensurate with the risk. In finance this means setting pricing and fees at a point that balances future risk; in a casino, this means driving volume to offset wins or regulatory hassle; in health care this means driving enough timely value and customer satisfaction to offset the cost and regulatory headache.
  2. Measure small, miss small: Develop reporting and data infrastructure to measure and monitor the risk short term. Reporting at a more granular / marginal level soon after implementation drives faster response to problems and greater long-term savings. Many banks responded far too late during the Great Recession, primarily because they were monitoring the long-term blended performance. The short-term marginal performance gave early warning signals that were missed by many due to inadequate measures and reporting.
  3. Open Discussion and Debate: Robust discussion and debate of risks allows decision makers to be fully informed in making the risk / reward decisions. Hiding potential negatives may smooth the path to approval today, but they will usually come back to hurt the company (and your career) long-term. Identifying risks and mitigations before implementation ensures that risk management is effective. This process cannot be a rote repetition of last month’s risks. Critically thinking about what risks apply and what makes this decision or action different than others is just as important as thinking about how the decision and actions are the same. Reporting and measurements must be matched up to risks as mitigating factors that drive successful early identification and action on issues as they arise.
  4. Triggers: Of particular use in tracking performance vs. expectations, triggers are metrics that are established prior to implementation and set at expected levels with a small cushion. The cushion should consider the standard deviation / seasonal movement of the metric within normal conditions and be set to ensure that any unusual movement triggers for a response. Most often, these are established with red, yellow, and green indicators to show if a metric is within tolerance. Measures that go above the limit will be flagged for deeper analysis or explanation to management. This ensures that decisions are followed and monitored to ensure they perform as expected.
  5. Opportunity Cost: Decision making must also consider opportunity costs associated with taking or not taking an action. If you commit resources to this project, what other projects or needs are sidelined? If you don’t act on this opportunity, will your competitors steal market share? Will you lose customers?

In Ben Franklin’s words: “An ounce of prevention is worth a pound of cure.”