OCC Bulletin 2020-81| September 10, 2020
Credit Risk: Risk Management of Loan Purchase Activities
Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties
The Office of the Comptroller of the Currency (OCC) today issued this bulletin to inform banks1 of sound risk management principles regarding loan purchase activities.2 Commercial and retail loan purchase activities include purchasing whole loans, loan pools, loan portfolios, loan participations, or participations in syndicated loans from other banks or nonbank lenders.3 Lending activities, including loan purchase activities, are subject to certain regulatory standards and long-standing risk management guidelines. The OCC expects banks to engage in loan purchase activities in a safe and sound manner and in compliance with applicable accounting standards, laws, and regulations. Loan purchase activities should align with banks' strategic plans and be supported by sound risk management systems.4
This bulletin rescinds Banking Circular 181 (REV), "Purchases of Loans in Whole or in Part—Participations," issued on August 2, 1984.
Note for Community Banks
This bulletin applies to community banks engaged in loan purchase activities.
A bank's loan purchase activities should be handled consistently with its other lending activities, that is, with sound risk management commensurate with the bank's size, complexity, and risk profile. This bulletin covers the following topics regarding a bank's loan purchase activities:
- Strategic plan and risk appetite
- Lending policies and procedures
- Credit administration
- Due diligence and independent credit analysis.
- Additional considerations for loan portfolio and pool purchases
- Recourse arrangements
Risk Management of Loan Purchase Activities
Loan purchase activities are long-standing banking practices that serve the legitimate business needs of the buying and selling institutions and the public interest. The extensive network of loan-broker channels and increased involvement of nonbank lenders have resulted in growth in the availability of loans for purchase. Loan purchase activities can provide many benefits to banks, including diversifying portfolios, improving net interest margins, and supplementing organic growth. Failure to engage in sound risk management of loan purchase activities can subject banks to unwarranted risks such as elevated loan losses, increased legal expenses, and noncompliance with safety and soundness standards.
Pursuant to 12 CFR 30, appendix A, the OCC expects banks to establish and maintain loan documentation and prudent credit underwriting practices. The guidelines in 12 CFR 30, appendix A, apply to all lending activities, including loan purchase activities.
A bank's loan purchase activities would typically be handled in a manner consistent with its other lending activities, including sound risk management commensurate with the bank's size, complexity, and risk profile. Large or complex banks and banks engaged or planning to engage in high volumes of loan purchase activities typically have more sophisticated and formal risk management systems than small or non-complex banks. Sound risk management of loan purchase activities generally includes
- a well-defined strategic plan and risk appetite that appropriately cover loan purchase activities.
- risk limits for loan purchase activities.
- policies and procedures governing loan purchase activities.
- underwriting analysis and due diligence of the loans, independent of analysis provided by the selling institution (referred to as the seller), before purchase.
- agreement by the borrower(s) to make full and timely credit information available to the seller or the underwriting institution.
- agreement by the seller to provide the purchaser with necessary information to make an informed credit decision and conduct ongoing credit monitoring.
- written documentation of transfer, servicing, events of default, collections, and recourse arrangements outlining the rights and obligations of each party.
- effective credit administration practices, including management and board reports.
Entering into new, modified, or expanded products or services (collectively, new activities) could change a bank's risk profile. Accordingly, bank management should engage in sound risk management to identify, measure, monitor, and control the risks associated with new loan purchase activities.5
Strategic Plan and Risk Appetite
As with loan originations, loan purchases should be consistent with the bank's strategic plan and risk appetite. Sound risk management includes evaluating how loan purchase activities could affect credit, strategic, reputation, interest rate, liquidity, compliance, and operational risks. Loan purchase activities that are inconsistent with the bank's risk appetite or beyond management's ability to manage can pose material risks to the bank's financial condition and resilience and can constitute unsafe or unsound practices.
Lending Policies and Procedures
Sound risk management includes policies that are consistent with the bank's strategic plan and risk appetite, while procedures support effective processes for engaging in loan purchase activities. Typically, policies and procedures address
- approval limits and personnel authorized to engage in loan purchases.
- acceptable credit types and portfolio characteristics (e.g., loan types, credit grade or risk rating, acceptable credit score range, collateralization, collateral characteristics, credit concentrations, and loan structures).6
- acceptable sources from which to purchase loans, including standards for selecting sellers and concentration limits for seller volume.
- requirements for purchase agreements, including rights and obligations concerning repurchase or recourse arrangements.
- expectations regarding the level of due diligence to be performed in assessing the potential purchase of loans, such as standards for
- pre-purchase documentation.
- independent credit and underwriting analysis.
- determining the collateral value and confirming the lien status.
- requirements for obtaining ongoing financial and nonfinancial information for the term of the loan.7
- credit administration requirements, including post-purchase management, risk rating, credit scoring, loan loss allowances, and problem loan management.
Credit administration for purchased loans is similar to credit administration for loans originated by the bank, but there are some unique aspects to loan purchase activities. In addition to sound credit administration practices that apply to both originated and purchased loans, credit administration of purchased loans generally includes
- monitoring the seller's compliance with the terms of the contract.
- engaging with the seller to monitor credit quality and borrower compliance with loan covenants.
- monitoring and reporting of seller performance and concentration limits.
- processes for verifying the assignment of notes and perfection of interests in collateral.
- internal controls and physical security to safeguard personal information and the transfer of notes from the seller to the purchaser.
- processes for evaluating the quality of original due diligence based on ongoing performance.
- appropriate legal and accounting expertise to review and validate transactions.
Sound risk management of loan purchase activities also relies on effective management and board reports that are specific to these activities. Reporting specifically for purchased loans is important to provide bank management the ability to monitor performance and for post-purchase management. Reports that compare performance between purchased loans and those the bank originated can provide management with key information to make future loan purchase-related decisions.
Sound risk management of loan purchase activities includes compliance risk management. There are numerous consumer protection-related laws and regulations as well as reporting and other requirements under the Bank Secrecy Act (BSA) and sanctions program administered by the Office of Foreign Assets Control (OFAC) that are relevant to loan purchase activities. For example, the Truth in Lending Act requires certain mortgage transfer disclosures such as notice of new owner, no later than 30 calendar days after the date on which a mortgage loan is acquired by or sold, assigned, or otherwise transferred to a third party.
Audit and independent credit risk review8 play important roles, in conjunction with front-line units, to identify, measure, monitor, and control the risks associated with loan purchase activities. The frequency and nature of audit and independent credit risk review should be commensurate with the level of risk from loan purchase activities.
Due Diligence and Independent Credit Analysis
Several factors may be considered when determining the appropriate nature and extent of due diligence, including credit analysis independent of the seller. These factors generally include
- the transaction's complexity.
- the purchaser's lending policies and procedures.
- the transaction's size relative to the bank's existing loan portfolio, concentrations, and capital levels.
- the purchasing bank personnel's expertise regarding the types of loans purchased.
A bank should perform due diligence before purchasing loans. Due diligence promotes a well-performing, stable loan portfolio with identified risks that are within the bank's capabilities to control. Generally, due diligence includes
- credit analysis independent of the seller that includes assessing whether the loan(s) meet the bank's underwriting standards and other loan policy criteria.
- assessing the quality of the collateral and the appropriateness of collateral valuation methods.
- analyzing the purchasing bank's history with the seller and the seller's experience with the lending product and financial capacity.
- risk assessment of all applicable risks.
- thorough assessment and legal review of the purchase contract, including recourse and risk-sharing arrangements, loan administration, and collateral controls.
- assessing accounting implications, such as sales treatment and loan loss allowances.
High-quality, independent credit analysis is important in loan purchase activities. To make a prudent credit decision, a purchaser would conduct an initial (i.e., pre-purchase) credit analysis independent of the seller to confirm that the loans meet the purchaser's standards and risk appetite. For example, a bank with a well-defined process for evaluating participations or syndicated loans could leverage its internal underwriting policies and procedures to complete the independent credit analysis.
Sound risk management also includes regularly conducting credit analysis, similar to the analysis the bank conducts on other loans in the portfolio. Once a purchase is complete, sound risk management includes obtaining credit and other pertinent information (e.g., financial performance, payment history, and credit scores) to monitor performance, determine risk ratings and accrual status, and appropriately make provisions for loan loss allowances.
The indirect relationship between the borrower and the purchaser can make it challenging for the purchaser to conduct credit analysis without the cooperation of the seller or servicer. Purchase, participation, or syndication contracts between the purchaser and seller typically include an agreement by the seller to provide available credit information to the purchaser before any loan purchase activity and regularly thereafter.9 Timely receipt of full credit information contributes to the purchasing bank's ability to conduct ongoing analysis and make timely and accurate assessments of credit risk.
Full credit information transferred to the purchasing bank ordinarily includes
- credit agreement(s).
- underwriting documentation.
- borrower-supplied documents used during underwriting and ongoing monitoring, including financial statements.
- collateral description and values, and documentation supporting asset valuation methods.
- security agreements, lien or mortgage status, and supporting documents.
- status of principal and interest payments including accrual status.
- any other facts bearing on the continuing creditworthiness of the borrower(s).
Credit and loan performance analyses by the seller or underwriter, a credit rating institution, or another third party not contracted by the purchasing bank may be considered during due diligence; these analyses, however, do not replace an independent credit analysis conducted by the purchasing bank or by a third party engaged by the purchasing bank. Some banks outsource certain aspects of independent credit analysis, such as credit risk reviews. When entered into with appropriate controls, such arrangements may be a valid part of independent credit analysis.10
Loan Portfolio and Pool Purchases
Commercial and retail loan pool and portfolio purchases (commonly referred to as bulk purchases) can result in significant credit, compliance, reputation, and operational risks, as well as have legal, tax, accounting, and staffing implications. Due diligence on bulk loan purchases generally warrants further credit analysis than discrete loan purchase transactions. Bulk purchases of loans could materially increase an asset concentration, represent a significant expansion in a lending activity or geography, or represent a new loan type for the bank, and thus may warrant additional due diligence.11
Performing due diligence and independent credit analysis on a pool or portfolio of loans can be critical for supporting the proper structuring and pricing of the purchase transaction and the appropriate transfer of the loans. A bank's due diligence and independent credit analysis for loan pool or portfolio purchases generally includes an assessment of
- credit agreements and supporting legal documentation.
- loan portfolio metrics and performance data.
- the adequacy of loan sampling criteria used to evaluate the pool or portfolio.
- the originating institution's underwriting of loans in the pool or portfolio.
- characteristics governing the use of credit scoring by the seller (if applicable).
- collateral description, value, lien status, and method of asset valuation for loans in the pool or portfolio.
- portfolio credit characteristics (e.g., credit scores or risk ratings, debt-to-income or debt service coverage, and loan-to-value).
- any outstanding legal and compliance concerns related to the pool or portfolio.
- the quality of loan servicing and account management activities.
A purchasing bank's management should understand contractual language that provides opportunities to request that the seller repurchase loans. Contracts generally include a description of events that may result in a seller's failure to meet representations, warranties, and time frames for notifying the seller of such events. Other requirements for repurchase may result from defects in the underlying loans. Examples of common events requiring repurchase, whether through misrepresentation or error, include (1) loans that do not meet certain criteria such as a minimum credit score, (2) a first-payment default, or (3) a lien that was not perfected as required.
The quality of a repurchase or recourse agreement relies on the financial stability and strength of the seller's liquidity. When loans are purchased with recourse, the purchasing bank should assess the seller's ability to meet recourse and repurchase obligations.
Recourse and repurchase agreements could affect the sales accounting for loan purchase activities under generally accepted accounting principles (GAAP) and for call report purposes.12 These agreements may also affect compliance with legal lending limits under 12 USC 84 (national banks and CSAs), 12 USC 1464(u) (FSAs), and 12 CFR 32.
Please contact Lou Ann Francis, Director for Commercial Credit Risk, or Terri Barger, Credit Risk Specialist, at (202) 649-6670, or Steven Jones, Director for Retail Credit Risk, at (202) 649-6220.
Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy
2 This bulletin does not address risk management of loans purchased for trading accounts or those debt securities purchased by national banks and CSAs (12 CFR 1.3, "Limitations on Dealing In, Underwriting, and Purchase and Sale of Securities"). Further, this bulletin does not apply to the purchase of debt securities or commercial paper by an FSA under 12 USC 1464(c)(2)(D), "Consumer Loans and Certain Securities," and 12 CFR 160.40, "Commercial Paper and Corporate Debt Securities."
4 A bank's risk management system includes policies, processes, personnel, and control systems. Refer to the "Corporate and Risk Governance" booklet of the Comptroller's Handbook for an expanded discussion of risk management.
6 Some banks use their internal underwriting criteria for in-house originations to define acceptable loan purchases. It is not necessary in all cases to separately define purchase characteristics in a stand-alone document.
7 Nonfinancial information for commercial loans may include the borrower's business plans and objectives, experience of senior managers of the borrowing entity, changes in business structure, or other information that may affect the borrower's ability to repay the loan. Nonfinancial information for retail borrowers may include time in residence, employment status and history, homeownership, and other information that may affect the borrower's ability to repay the loan.
8 OCC Bulletin 2020-50, "Interagency Guidance on Credit Risk Review Systems," discusses a system of independent, ongoing credit review designed for sound management of credit risk. OCC Bulletin 2020-50 applies to loan purchase activities.
9 Transfers of credit information are subject to certain laws and regulations and must not include confidential regulatory information, including supervisory risk ratings assigned by the originating institution. Transfers of confidential regulatory information could constitute a violation of 12 CFR 4, subpart C, "Release of Non-Public OCC Information." A knowing misrepresentation of credit quality may violate 18 USC 1014, "Loans and Credit Applications Generally; Renewals and Discounts; Crop Insurance."
10 For more information, refer to OCC Bulletin 2020-50; OCC Bulletin 2020-10, "Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29"; and OCC Bulletin 2013-29, "Third-Party Relationships: Risk Management Guidance."