FRM协会分享丨如何降低信用报告公司风险？

信用报告本质上是一种商品业务，这里的商品是数据。数十年来，信息经纪人将原始信贷数据转化为银行和其他信贷机构需要的信息增值产品，从而使信用报告公司获利颇丰。然而，这种模式已经被打破了。这个行业在处理对贷方和消费者同样敏感的信息方面普遍缺乏风险管理。

　　美国信用报告公司(CRC)的国会听证会再次成为消费者信贷市场的焦点，市场和监管改革已经是燃眉之急。一年半前发生的Equifax数据泄露事件导致近1.5亿消费者的个人信息遭到泄露，该事件使得信用报告公司的业务运行、监管和潜在的改革重新被提上议程。

　　信用报告本质上是一种商品业务，这里的商品是数据。数十年来，信息经纪人将原始信贷数据转化为银行和其他信贷机构需要的信息增值产品，从而使信用报告公司获利颇丰。然而，这种模式已经被打破了 —— 这个行业在处理对贷方和消费者同样敏感的信息方面普遍缺乏风险管理。

　　信用报告公司具有令人羡慕的商业模式。他们免费从银行和其他贷方机构获得个人信用信息，并作为回报将该数据和其他数据产品批发或零售给贷方和个人。

　　从表面上看，这种商业模式似乎令人难以置信，但它的根源可以追溯到信息时代和云计算之前。几十年前，信用信息在一个相对巴尔干化分裂的市场内交换。随着时间的推移，零售商和其他信贷方开始合作，互相提供其消费者信用记录数据。逐渐地，三个大型信用报告公司(Equifax，Experian和TransUnion)形成规模，开始为美国和全球客户提供信用报告。

　　美国《公平信用报告法(the Fair Credit Reporting Act, FCRA)》的出台进一步巩固了信用报告公司的地位，它要求机构提供准确的消费者信用信息报告，而较小机构可能无力提供。从历史上看，由于一系列监管、技术和业务相关问题，银行和其他贷方尚未发掘直接投资信贷数据和系统巨大的战略价值。因此，他们往往全权委托信用报告公司处理。

　　1. 监管和风险管理不足

　　Over time CRCs, grew in scale and scope. But, unfortunately, their risk management practices and regulatory oversight did not keep up with this growth. The FCRA designated the Federal Trade Commission with primary oversight (if you can call it that) over the CRCs. Lamentably, compared with the level of regulatory oversight in banking, the FTC's oversight of CRCs was – and is – wholly inadequate.

　　Although the CRCs manage some of the most important and sensitive data for millions of individuals worldwide, they operate with little rigor with respect to risk governance and industry standard risk management practices. Indeed, according to their websites and annual reports, the CRCs do not feature a chief risk officer among their top executives. Moreover, their boards lack risk committees.

　　The concept of risk governance, such as the “three lines of defense” doctrine, also appears to be generally lacking among the CRCs. For instance, at Equifax, among the CFO's duties are audit functions – clearly a responsibility that would call attention to any large bank with a similar CFO role. It seems only natural that in light of the Equifax data breach, any reform of the CRCs must require robust risk management practices be put in place to protect consumers.

　　2. 不要忘记FICO风险

　　Even though it's critically important to the credit-granting process, FICO – the software vendor that provides credit scores to each of the three CRCs – is another key market participant that goes relatively unnoticed in discussions of consumer credit information reform. The developers of FICO (also known as Fair Isaac) have essentially exerted an unregulated monopoly over credit grantors for decades, and their credit scores have become ubiquitous in the market as a result. Moreover, each CRC has its own version of FICO, which adds another dimension of confusion and over-engineering into the credit process for lenders and consumers.

　　FICO scores are based on statistical models leveraging millions of consumers' detailed credit history information. In the years following the financial crisis, model risk management regulatory oversight and practices strengthened – but those improvements did not apply directly to FICO.

　　To be sure, banks perform their own testing of FICO and its variants as an input to bank consumer models; however, FICO is not required to undergo the same level of model risk management and validation as would be found, for instance, in the OCC's 2011-12 model validation guidance.

　　As important as they are to bank lending activities and beyond, it only seems natural that FICO and the CRCs undergo the same level of testing and oversight required by the primary industry users of their scores.

　　3. 一些其他思考

　　Given the importance of consumer credit information and credit scores in lending decisions, a logical argument can be made for the CFPB becoming the primary regulator of the CRCs and FICO. Banks, meanwhile, should reevaluate the strategic value of credit data for several reasons. Breaking the CRCs' stranglehold on credit data would reduce the cost of this critical information to banks and provide more accessibility to nontraditional and existing sources of credit data, enabling banks to make better-informed credit portfolio decisions.

　　Today, the cost for a bank to pull updated credit attribute data for loans in their portfolio can be extremely expensive (based on what the CRCs charge for credit archive extracts), which prevents many firms from marking their credit portfolios to market on an ongoing basis.

　　As the primary contributors of credit, lenders and other credit grantors should establish their own CRC market utility. This would essentially “starve” the CRCs out of existence over time.

　　The result would be a much better outcome for lenders and consumers alike.A single credit repository coupled with a single credit score would bring greater transparency to the market, reduce costs and, most importantly, improve the risk management of the credit reporting and data management process.

　　在今日错综复杂、瞬息万变的金融市场上，风险往往难以掌握。有效管理风险并从中获取利润成为金融企业成功的重要关键。

　　而这一攸关企业组织及其投资人命运的重要决策，需要众多的金融风险管理专业人士(Financial Risk Professionals)的参与，故FRM日益受到重视，已俨然成为全球瞩目的国际风险管理证照。

　　在国内，FRM正日益受到国家金融监管机构以及各家金融机构的重视。对于金融监管层，中国人民银行和中国银监会均把金融风险管理、维系金融稳定作为银行监管的重中之重。

　　对于大型金融机构，中国工商银行、中国建设银行、中国银行等国有商业银行纷纷将风险管理作为贯穿整个银行经营的核心。

　　同时，各大证券公司也对金融市场的资产定价和风险管理高度重视。因此，金融风险专业人员的需求日益壮大。