Different Country Comparison on Risk Control

I have received tremendous input from Chief Risk Officers (CROs) using our Knowru product regarding financial risk management. Working with the CROs has given our team valuable feedback and understanding of their unique risk management methodologies, the underlying factors involved in the impact of each as well as differences among the individual country requirements.

One key discovery made in my time spent with various CROs, is that there is no one single management methodology for all scenarios. Solutions must be customized to comply with a country’s regulation, data-management and communication flow. While this presents itself as the not the most user-friendly option, it is of course a required necessity in order to meet the goals and measurement standards set forth by the CROs and federal governing agencies.

As more companies join our team in using Knowru for their financial risk management with respect to lending products, I’ve grown to learn about specific environmental differences across various countries. This has come about during my collaborative work with global Chief Risk Officers (CRO’s) in understanding their unique risk management methodologies and the underlying factors behind each of their implications, as well as the differences between them.

The main learning lesson, which I will impart in a concluding section, is that there is no ‘one single risk management methodology’ for all scenario. Solutions remain bespoke as CRO’s focus on understanding their own landscapes and evaluate the actions and results. This ensures at the very least that their measures are understandable and appropriate, though this may not present itself as the most user-friendly option.

Let’s explore three key differences below that highlight bespoke country specific requirements.

Image result for Risk Control

Credit Data Management

  • ID verification.


      • Not all countries have ID numbers. For example, in the United Kingdom (UK), a lending company has to use a combination of name, date of birth, address etc., to identify an applicant and thus be able to pull the applicant’s credit data from 3rd party sources. 


  • Credit data management entities.
      • With respect to China, there are other credit vendors, including the People’s Bank of China, a government agency that provides credit reports.
        This agency provides the most comprehensive data but passing their requirements and review on whether you can actually pull their report is very difficult.
        In the United States (US), major credit agencies (Equifax, Experian and TransUnion for example) all operate as private, for-profit entities.
        In 2012, the Consumer Financial Protection Bureau (CFPB) began supervising these agencies at the federal level. As a financial institution can report to individual agencies only, the amount of data and evaluation on an applicant over time, may be different across these credit agencies.
  • Credit data storage.
    • In South Korea, a financial institution cannot store credit data of applicants that are refused approvals in order to protect the applicants’ personal information.

Consumer Behavior

  • Payment methods.
      • In the US and South Korea, people mostly use credit or debit cards to make purchase payments. In China, a significant number of people use smartphone apps such as AliPay or WeChat Pay, that are connected to the users’ bank accounts.
        By contrast, in South East Asian countries, most people continue to use cash as their main process for payments. This influences a credit agencies’ cover rates. For example, an Indonesian credit agency’s cover rates as defined in aquiring any form of data on an applicant might not reach 40% and even then, the provided data might not fully describe the applicant’s credit history.
  • Communication methods.
    • In China, people rarely use emails to communicate personal matters. Therefore, risk management measures based on email addresses, such as using email addresses as means to register/verify or looking at email addresses’ histories won’t be effective in China.

Laws, Regulations and Government Policies

  • In the US, discrimination is a big topic of concern when the subject of credit approval is concerned. Lending companies must prove or explain that any given lending decision is not discriminatory and is based on (purely) its prediction on an applicants’ credit performance.
    Because of this requirement, companies tend to employ more explainable methods to address approval ratings such as regressions and score cards.
  • In China, cash loans are not allowed. Given this scenario, a lending product should be designed to serve certain purposes, such as buying electronics, furniture, travel etc. Markets selling these different types of goods are different (e.g. consumers applying for lending products in order to receive plastic surgeries are different from those purchasing smartphones). This scenario requires CROs to study each market’s participants, trends and consumer behaviors comprehensively in order to successfully establish risk management strategies targeted for the specific situation.
  • In South Korea, the government significantly influences financial institutions’ lending policies in its effort to achieve policy goals. For example, in the late 90s, it lowered the criteria in obtaining credit cards and thus promoted the adoption of credit cards among the public in order to boost consumption.
    In the last few years, it issued restrictive policies such as mandating banks to refuse applicants whose financial metrics (e.g. debt-to-income) goes above certain thresholds in order to curb the country’s ever-increasing real estate price.

So far, I have listed some examples that demonstrate how the landscape for consumer lending products can be different across many countries, notably at the lending decision stage. This stage is one of the most important risk management measures if not the most important. CROs need to carefully consider the following factors:

  • What data on applicants profiles are important
  • What data is available to use
  • How to validate the collected data’s integrity
  • How to obtain data that are important and available
  • How to make a decision based on the collected data
  • How to manage decisions and the collected data.

Indeed, even in a singular country, a CRO might face a situation where he/she is required to manage risk associated with a new product for different consumer groups, within different regulatory settings. I trust that the above examples help CROs in similar situations to brainstorm key factors in designing their risk management strategies.