Risk Management in the Lending Business

We are excited to welcome Timur Bugaevskiy, the Head of Data Science Lab, a division of the Space Crew Finance group, as our special guest today. 

In this interview, we will explore how our loan originator partners meticulously select suitable loan recipients, the innovative technologies they employ, and the reasons why investing in the loan business, even in developing countries, can be highly lucrative.

Hello, Timur! We sincerely appreciate your willingness to share insights into risk management. To begin, could you please highlight the primary challenges faced in risk management within the lending industry?

Hi! Thank you for having me. I'm always enthusiastic to discuss my work. When it comes to our business, I would like to outline the following challenges:

Firstly, we encounter fraud, which includes unauthorized access to customer accounts or document forgery. We will delve into the measures we have in place to prevent such occurrences later in our discussion.

Secondly, we face the challenge of adapting to changes in legislation and application requirements for platforms like Play Market and App Store.

Another challenge arises from the limited availability of data for comprehensive client credit assessments. This includes restricted access to state registries (such as passports, income records, and addresses) and credit bureau information for financial institutions.

Additionally, negative perceptions surrounding financial and collection companies in the public domain create an illusion that debts cannot be repaid.

Lastly, the volatile market environment impacted by competitors, political conditions, and economic fluctuations poses risks. To effectively manage these risks, we rely on stable product conditions and essential Key Performance Indicators (KPIs) that form the foundation for scorecards and allow us to experiment with various approaches to credit decisions.

The points you described are quite impressive! Could you please elaborate on the methods and tools you utilize to assess and manage risks within your companies?

We leverage our extensive experience across various markets such as Ukraine, Vietnam, Sri Lanka, and Poland, allowing us to assess risks swiftly and effectively. Although we may face limitations in terms of quantitative and statistical data for analysis when entering new markets, we build our lending process based on the experiences of other countries. Moreover, we actively engage local specialists to incorporate country-specific nuances and characteristics.

To expedite our progress, we seek local outsourcing options for ready-made and efficient models. We establish agreements with data verification providers, both local (such as mobile operators and payment platforms) and global (for example, email validity checks). Initially, we begin our operations by issuing small loans using manual underwriting. Through short loan terms, we swiftly accumulate internal statistics, enabling us to develop our own scoring models for borrower evaluation.

Our goal is to cultivate a portfolio of reliable borrowers, commencing with promotional loans of small amounts, without any interest. Over time, we gradually increase the loan amount for clients with a positive payment history. Simultaneously, we enhance customer loyalty by offering bonuses and convenient debt restructuring options.

In addition, we continuously enhance and optimize our debt collection strategy through the expertise of competent employees.

Let's assume a potential borrower has approached you. Could you please provide a detailed explanation of the application validation process?

Certainly! When it comes to validating a borrower's application, we have a comprehensive process in place to ensure thorough assessment and mitigate risks. 

Here's an overview of the steps involved:

We begin by conducting online identification, which involves video verification of the client's identity and documents. This step ensures that the application is completed personally by the client, reducing the risk of fraud through fake documents or stolen identities.

Next, we verify the application for compliance with public risk requirements. This includes assessing factors such as the client's age, employment status, absence of active loans with our company, and a positive credit history for previous loans.

In addition, we perform checks against internal and external databases to identify any negative information or inconsistencies. These checks help us eliminate unreliable borrowers and minimize the risk of fraudulent activities.

To further validate the application, we collect external data from various sources, such as credit bureaus, mobile operators, payment partners, and banks. This data provides valuable insights into the applicant's creditworthiness and helps us make informed decisions.

We utilize a scoring process, utilizing a mathematical model, to assess the client's creditworthiness and calculate the probability of default on the loan. This enables us to make accurate risk assessments and determine suitable loan terms.

To prevent fraud, we’ve implemented robust anti-fraud risk measures. These measures include rules and checks to detect and prevent fraudulent attempts, such as the use of genuine data from creditworthy clients in fake applications.

Furthermore, we’ve established guidelines for calculating the client's budget and determining the optimal loan amount. These guidelines consider various factors to ensure responsible lending and provide counter-offers that align with the client's financial situation.

In certain cases, we may also conduct manual underwriting, which involves personal contact with the client and relevant third parties (where legally permissible). This allows us to gather additional information, verify employment data, and ensure the accuracy of application details.

Lastly, we verify the ownership of the account to which the loan will be disbursed. This can be done through automated tools or manual verification by our underwriters, ensuring that the funds are directed to the intended recipient.

By following this meticulous validation process, we aim to make informed and responsible lending decisions while minimizing risks associated with fraud and default.

What factors do you use to determine the risk of loan approval?

We use as many characteristics as possible that can describe the client's solvency. A critical role is played by personal information, including salary, as well as credit history. As a result, we use hundreds of characteristics that, using machine learning, create a forecast of the probability of return of each loan.

How do you establish the criteria for approving a loan?

The loan approval process consists of 2 main components: client verification and loan repayment assessment.

Client verification involves a combination of automated and manual checks conducted by our underwriting team. The level of automation depends on the availability of official data. The more comprehensive the data, the higher the level of automation we can achieve.

Loan repayment assessment, on the other hand, is completely automated, relying on machine learning models. The aim is to strike a balance between maximizing the loan portfolio volume while minimizing defaults. Our machine learning models play a crucial role in this assessment process.

Do you use AI for credit risk assessment and control? If so, could you provide specific details?

In the realm of consumer credit risk management, we have effectively employed Machine Learning techniques to enhance our loan decision-making processes. This entails developing various scoring models using Python.

Additionally, we leverage Computer Vision capabilities for document recognition and validation. This includes automated comparison of facial features on official documents with corresponding selfies.

What methods are implemented to assess the creditworthiness of borrowers?

The creditworthiness of borrowers is evaluated using several methods, including:

• Default score model: We utilize a default score model that assesses the likelihood of a borrower defaulting on their loan.

• Credit history checks: We conduct credit history checks, both within our organization and with our partners, whenever Credit Bureau Information (CBI) is available.

• Calculation of credit burden: We calculate the credit burden on the client by considering factors such as the Payment-to-Income ratio (PTI) and Debt-to-Income ratio (DTI).

• Underwriting: Our underwriting process involves thorough checks by verifiers to verify the information provided by the borrower.

Could you provide further insights into underwriting and its role within your processes? 

Underwriting plays a vital role in our operations. We use local operating units to verify applications, particularly in cases where building a fully automated credit decision process is not feasible or manual checks are necessary to prevent fraud and handle applications in the “gray area”. In such cases, the system handles the loan amount of calculation and client credit checks.

Verifiers work based on alerts generated by our risk system. Their expertise and human logic are invaluable in verifying borrower information. Their main responsibility involves making calls to clients and relevant third parties, subject to privacy policies and regulations regarding the storage and transfer of contact data. These calls aim to verify personal data such as employment details, income level, and the purpose of the loan.

In certain instances, specific local restrictions require underwriters to complete the underwriting process. For example, verifying a handwritten Sri Lankan identity document in Sinaloa may necessitate human intervention, since such documents cannot be easily processed using automatic character recognition (OCR) technology.

These countries may not have specific risk management requirements, but credit risk is indirectly influenced by legal restrictions, such as:

• Licensing: Certain licensing regulations impact credit risk management. This includes restrictions on licensing for specific entities like pawnshops and IT companies, limiting their access to certain resources.

• Credit Bureau Access: In these countries, access to credit bureau information is typically restricted to licensed companies and banks. This information may not be available to pawnshops and IT companies.

• Ban on Third-Party Calls: Legal restrictions might prohibit making calls to third parties for verification purposes, which can impact the effectiveness of credit risk assessment.

• Rate Cap: There may be a limit on interest rates or rate caps in place, affecting the overall credit risk and loan terms.

How do you manage fraud, and what are its various types?

Fraud can be categorized into internal and external, and we implement a comprehensive set of measures to detect, assess, and prevent all forms of fraudulent activities.

Internal fraud primarily involves client database loss or manipulation of payment details for financed loans. To prevent internal fraud, we employ the following measures:

• Post control of applications by an independent unit tasked with detecting internal fraud among verifiers, with specific Key Performance Indicators (KPIs).

• Monitoring verifiers' KPIs, closely tracking extreme values such as excessively high approval rates, high default rates, missed calls on applications, or refusals to creditworthy clients.

• Utilizing polygraph tests during the hiring process and periodically throughout employment.

• Restricting data downloading from the system and implementing a controlled access system for reports and client information.

• Prohibiting the ability to edit fields in loan applications, ensuring that only clients can modify their payment details.

By distributing applications to verifiers based on an algorithm configured within the system, we minimize the risk of collusion between verifiers and clients to finance fraudulent applications.

External fraud is more diverse, inventive, and constantly evolving. The main types of external fraud include:

• Document forgery and loan registration based on stolen documents.

• Identity theft, gaining unauthorized access to a client's phone or bank account and processing loans in their name.

• False brokers collecting data and issuing loans for commissions, fraudulent borrower activities, and misappropriation of credit funds.

• Generation of loan applications by bots using fake documents.

• To detect and prevent fraud, we employ the following strategies:

• Utilizing a system of risk-level indicators to identify causes of surges or sharp drops.

• Paying attention to customer complaints about fictitious loan processing based on stolen or lost documents.

• Monitoring the level of collection calls, as a significant drop may indicate fraudulent activity requiring thorough investigation.

• Sharing information about identified fraud with competitors, establishing valuable partnerships in this domain.

To prevent fraud, we employ the following measures:

• Utilizing face comparison technologies to verify document authenticity and compare selfies attached to applications.

• Identifying identical faces with different profile parameters.

• Maintaining negative information on clients and maintaining blacklists.

• Cross-checking application data with external sources, including credit bureaus, mobile operator databases, and government registries.

• Providing instructions, trainings, and workshops to verifiers to identify forged documents.

• Incorporating external specialized tools to enhance fraud prevention measures.

What is a risk model, and what settings does it use?

A risk model is a machine learning model that calculates the probability of a specific event occurring. In the context of credit risk assessment, the most common type of risk model is the credit risk model, which predicts the likelihood of default or delay in loan repayments by clients. These models rely on personal data and customer behavioral information to make accurate risk assessments.

Classic input parameters used in risk models include:

• Personal data (such as gender, age, profession, etc.)

• Application details (such as application timing, requested amounts, loan periods, etc.)

• Credit history (both within our service and information from external sources)

• Information from client/mobile sessions (language, screen resolution, device type, etc.)

• Payment information (bank account details, electronic wallet information, etc.)

• Information about related clients

• External services (external scores, device information, insurance data, presence in other credit companies, etc.)

Furthermore, models can also be developed to predict other customer behaviors. For instance, they can determine the likelihood of a customer paying without a reminder or only after a collection call, or whether it's more effective to contact the client before deciding. These models aid in optimizing operational processes within the company.

In general, the success of a risk modeling project relies on the availability of sufficient, high-quality data and the stability of the conditions under which the data were collected. This encompasses the stability of the market environment, the consistent characteristics of the loan product, and the quality of the incoming flow of applications (including the channels used to attract customers).

How often is the risk model updated, based on what characteristics?

Risk models are typically updated regularly, with intervals ranging from every 3-4 months to 2 years. The decision to update a risk model is driven by several factors.

Firstly, we consider performance improvement. Updates aim to enhance the model's performance by incorporating new techniques, refining existing algorithms, or introducing advanced methodologies that improve accuracy and predictive power.

Secondly, the relevance to the portfolio is considered. If there have been significant changes in the portfolio over time, such as shifts in client behavior or loan characteristics, an update may be necessary to ensure the model remains aligned with the evolving dynamics of the business.

Furthermore, updates can be triggered by changes in incoming data. This may include disruptions in external services that supply data, alterations in the client registration process, or the availability of new and valuable sources of customer data that were previously untapped.

In addition, updates may be prompted by changing business requirements. If the current risk model no longer meets the new needs or goals of the business, an update becomes essential to align with the evolving requirements and ensure optimal risk management.

By considering these characteristics and regularly updating our risk models, we strive to maintain the highest level of accuracy, adaptability, and effectiveness in our risk management practices.

What are the key risk management metrics in the lending business?

In the lending business, we use various metrics to effectively manage risk and ensure responsible lending practices. Through our automated reporting system, we track several key risk management metrics. Here are some of the main metrics we monitor:

• Conversion from application to loan: This metric measures the rate at which loan applications successfully convert into approved loans. It provides insights into our ability to attract and convert potential borrowers.

• Application cut-off level: We track the level at which applications are declined during different stages of verification. By categorizing the reasons for refusal, we gain valuable information about the quality and eligibility of applicants.

• Manual review approval level: This metric calculates the percentage of applications that are approved during the manual review process. It helps us evaluate the effectiveness of our manual underwriting procedures.

• Share of automatic decisions: We examine the proportion of decisions that are made automatically by our system without manual intervention. This metric reflects the efficiency and accuracy of our automated decision-making process.

• Average checks on loans: We determine the average number of verifications performed on loans, including data verification, credit history checks, and other relevant assessments. This metric provides insights into the level of due diligence applied to loan applications.

• Arrears rate: We monitor the rate of delinquency at specific intervals after the scheduled repayment date, such as 1-30-60 days. This metric helps us assess the effectiveness of our collections and risk mitigation strategies.

• Recovery level: This metric measures the success of our efforts in recovering outstanding loan amounts. It allows us to evaluate the effectiveness of our collection practices and the overall recovery rate.

• Reserves amount: We track the amount of reserves allocated for potential losses. This metric ensures that we maintain adequate provisions to mitigate risks and absorb any potential losses.

• Fraud-related losses: We quantify the amount of losses incurred due to fraudulent activities. Tracking this metric helps us identify potential vulnerabilities and implement measures to prevent fraud.

• Amount of fraud prevented: We calculate the value of potential losses averted by effectively preventing fraudulent attempts. This metric highlights the importance of our anti-fraud measures and the impact they have on protecting our business and clients.

These metrics are analyzed using different approaches, considering factors such as client type (new or repeat), loan product type, the number of closed loans per borrower, and the original and current loan repayment schedules. By monitoring and analyzing these risk management metrics, we can make informed decisions, optimize our processes, and ensure the integrity and stability of our lending operations.

What are the consequences of not adhering to risk rules, and how can they be addressed?

If the risk rules are not followed, it can have severe negative consequences for the company. These consequences can trigger various scenarios that impact different aspects:

• Operational risk: Failure in processes, increased application queue, longer decision-making time, leading to reduced conversion from applications to loans, loss of potential customers, higher marketing costs, incorrect credit decisions, and issuance to fraudsters, among others.

• Credit risk: Increased delinquency rates, posing a potential threat to the company's financial stability.

• Financial risk: Additional reservations and direct losses for the company.

• Reputation risk: Customer complaints, including those lodged with regulatory bodies, negative press reviews, and damage to the company's image.

To address the consequences of non-compliance with risk rules, the following steps should be taken:

• Working on bug fixes and addressing issues promptly.

• Urgently halting decisions with errors and suspending financing for loans with incorrect decisions.

• Performing additional processing on erroneous applications and conducting specialized communication with clients (such as promotions, debt forgiveness, or restructuring).

• Documenting and describing all changes, maintaining a risk log.

• Forecasting the impact of changes by comparing actual risk values with predicted values and considering similar changes.

• Monitoring the quality and stability of risk scoring models.

• Monitoring the performance of external services that provide data for verification and scoring, and addressing any malfunctions.

• Searching for and negotiating with alternative external data providers, establishing backup integrations with minimum call volume and the ability to scale up in case the main provider's services are disconnected.

• Selling problem portfolios and outsourcing collections.

• Implementing penalties (bonuses, layoffs) for operational employees with poor performance.

• Involving the police in the fight against fraudsters.

• Engaging PR companies to enhance customer loyalty.

What technological innovations can help improve risk management in business?

There are several technological innovations that can enhance risk management in our business. These include:

• Advanced borrower identification technologies: Technologies such as Liveness detection, face recognition, and face matching are already being used and further developed. These tools help in verifying the identity of borrowers and detecting fraudulent activities like document forgery. However, there is a need for continuous improvement and cost optimization to streamline the customer onboarding processes.

• Big data analytics: Utilizing big data for building alternative scoring models can be beneficial in assessing the creditworthiness of borrowers, especially in cases where access to traditional credit histories is limited. Analyzing various data points and patterns can provide valuable insights into a borrower's financial behavior and help make more accurate risk assessments.

• Transaction data analysis: The development of technologies within the framework of PSD 2 (Payment Services Directive) and PSD 3 has opened up opportunities for analyzing transaction data on customer accounts. This data can provide valuable information for risk management, enabling the identification of suspicious activities, early warning signs of potential default, and improved fraud detection.

• Collaborative platforms and associations: In the context of limited access to credit bureaus for financial companies, the establishment of associations or collaborative platforms among partner players in the consumer lending market has shown promise. Such initiatives facilitate the sharing of negative credit history information and fraudulent data, helping to mitigate risk and enhance risk management practices across the industry.

To summarize our discussion, risk management is a fundamental aspect of the lending business. From addressing fraud risks to adapting to changing regulations, our interview with Timur Bugaevsky, Head of Data Science Lab, shed light on the various challenges and strategies involved.

By incorporating advanced technologies, such as machine learning models and data analysis, we aim to make accurate credit decisions, protect our customers, and ensure the overall success and sustainability of our lending operations. With a strong focus on risk management, we are committed to providing a secure and trustworthy platform for borrowers and investors alike.