The Australian Prudential Regulation Authority (APRA) has penned a letter to authorised deposit-taking institutions (ADIs), expressing concern that an increasing number of small and medium-sized ADIs have been entering into funding arrangements with third-party lenders, such as peer-to-peer (P2P) lenders, which could give rise to “high credit risk”.
“In particular, ADIs do not appear to have undertaken their own credit assessment on loans underwritten by third-party lenders. This gives rise to potential differences in the quality of those loans compared with loans underwritten directly by the ADI,” the letter states.
“ADIs have no direct recourse to the ultimate borrower and little to no history of how these loans have historically performed.”
Following a review of small to medium-sized ADIs’ exposures to third-party lenders, the prudential regulator found that some had “lacked a well thought-through or defined strategic rationale for funding third-party lenders” and “conducted little to no due diligence prior to committing to these arrangements”.
“This included a lack of appropriate consideration to the setting, management and monitoring of inherent credit risks arising from these exposures,” APRA wrote in its letter to ADIs.
As such, prior to entering into an arrangement with a third-party lender, APRA said it expects the ADI to:
- have an approved strategy for P2P lending arrangements that is within board-approved risk appetite settings and setting out appropriate controls and review trigger events; and
- perform due diligence on the proposed exposures, which would include a comprehensive assessment to understand the risk characteristics of the prospective and actual exposures, timely access to performance information on the exposures, and a comprehensive understanding of all structural features of the transaction.
The prudential regulator also observed inconsistencies in how ADIs had classified P2P funding exposures (i.e. loan exposures versus investment securities) and how they applied specific provisioning methodologies for P2P exposures.
APRA’s proposed new standard, to be named Prudential Standard APS 220 Credit Risk Management, therefore requires more “consistent classification of credit exposures, by aligning recent accounting standard changes on loan provisioning requirements, as well as other guidance on credit-related matters of the Basel Committee on Banking Supervision.”
Further, the regulator found through its analysis that not all ADIs have “risk appetite metrics to manage and monitor exposures to individual third-party lenders”, adding that it expects all ADIs to have such metrics in place in addition to an “aggregate concentration metric reflecting all third-party arrangements”.
According to APRA, ADIs should also have “targeted risk metrics and controls that can measure the quality and ongoing performance of the loans originated by the lenders”, including the number, value and proportion of loans in arrears or loans that have been written off.
“Understanding the risk profile and performance of the third-party arrangement is critical in informing any potential adverse impact to the ADI’s earnings, adequacy of provisions and capital position,” the regulator’s letter states.
APRA reiterated that it considers P2P lending as “high risk” and will “actively adjust capital requirements if considered necessary”.
The letter was published at the same time as APRA released its proposed new standard on credit risk management requirements for ADIs, which underwent no major revision in more than a decade, taking into account the “significant evolution in credit risk practices”.
The proposed changes pertain to credit risk management, the role of the board and senior management, credit risk policies and processes, credit origination, credit assessment and approval, monitoring and management of credit portfolios, stress testing, collateral valuations and supervisory discretion to impose limits on lending and require independent reviews of an ADI’s credit risk management practices, among others.