Pub CH Credit Card PDF

Comptroller’s Handbook
Safety and Soundness

Capital Asset Sensitivity to Other
Adequacy Quality Management Earnings Liquidity Market Risk Activities
(C) (A) (M) (E) (L) (S) (O)
Credit Card Lending

Version 2.0, April 2021
Ofﬁce of the
Comptroller of the Currency
Washington, DC 20219
Version 2.0
Contents
Introduction ......................................................................................................................1
Overview ............................................................................................................... 1
Credit Card Products .............................................................................................. 3
General Purpose Cards ...................................................................................... 4
Proprietary or Private-Label Cards .................................................................... 6
Corporate or Commercial Cards ........................................................................ 7
Secured Cards................................................................................................... 7
Risks Associated With Credit Card Lending ............................................................ 8
Credit Risk ....................................................................................................... 8
Operational Risk ............................................................................................... 9
Liquidity Risk................................................................................................. 10
Strategic Risk ................................................................................................. 11
Reputation Risk .............................................................................................. 12
Interest Rate Risk............................................................................................ 12
Compliance Risk ............................................................................................ 13
Risk Management................................................................................................. 14
Information Technology.................................................................................. 16
Scoring Models............................................................................................... 17
Model Documentation ............................................................................... 22
Model Management and Tracking.............................................................. 22
Marketing and Underwriting of New Accounts ................................................ 26
Prescreened Solicitations ........................................................................... 27
Applications.............................................................................................. 30
Portfolio Acquisitions................................................................................ 32
Account Management ..................................................................................... 32
Line Increases and Decreases..................................................................... 34
Over-Limit Authorizations......................................................................... 34
Repricing of Accounts and Other Changes to Credit Terms......................... 35
Account Closures ...................................................................................... 35
Cross-Selling Initiatives............................................................................. 36
Retention Strategies................................................................................... 36
Other Account Management Tools............................................................. 36
Securitized Assets........................................................................................... 38
Collections ..................................................................................................... 38
Credit Losses ............................................................................................ 38
Re-Aging .................................................................................................. 41
Fixed Payment Programs ........................................................................... 42
Settlement Programs.................................................................................. 44
Consumer Credit Counseling ..................................................................... 44
Collections Reports ................................................................................... 45
Delinquency, Classification, and Charge-Off Policies................................. 46
Nonaccrual Status ..................................................................................... 47
Recoveries ................................................................................................ 48
Consumer Debt Sales ................................................................................ 48
Comptroller’s Handbook i Credit Card Lending

Version 2.0
Fraud Risk Management ................................................................................. 50

Purchased Credit Card Relationships ............................................................... 54
Allowance for Loan and Lease Losses or Allowance for Credit Losses ............. 54
ALLL Under the Incurred Loss Methodology............................................. 55
ACL Under the Current Expected Credit Losses Methodology.................... 56
Accounting for Rebate or Reward Programs............................................... 57
Reserving for Credit Card Partnership Programs ........................................ 58
Profit Analysis................................................................................................ 58
Ancillary Products: Debt Cancellation Contracts and Debt Suspension
Agreements............................................................................................... 60
Examination Procedures.................................................................................................65
Scope................................................................................................................... 65
Procedures ........................................................................................................... 67
Management................................................................................................... 68
Primary Examination Procedures ............................................................... 68
Supplemental Examination Procedures....................................................... 70
Risk Management ........................................................................................... 72
Information Technology.................................................................................. 82
Marketing and Product Development............................................................... 84
Underwriting .................................................................................................. 87
Account Management ..................................................................................... 92
Collections ..................................................................................................... 95
Profit Analysis.............................................................................................. 104
Supplemental Examination Procedures..................................................... 104
ALLL or ACL .............................................................................................. 106
Purchased Credit Card Relationships ............................................................. 107
Third-Party or Private-Label Partner Management ......................................... 109
Debt Suspension and Cancellation Programs.................................................. 114
Accounting for Rebate Programs ................................................................... 118
Comptroller’s Handbook ii Credit Card Lending

Version 2.0

Program Availability and Eligibility Standards .............................................. 119
Credit Terms and Methods of Payment.......................................................... 120
Credit Reporting ........................................................................................... 121
Compliance With Consumer Protection-Related Laws and Regulations .......... 121
Conclusions........................................................................................................ 122
Internal Control Questionnaire ............................................................................ 124
Verification Procedures ...................................................................................... 127
Appendixes....................................................................................................................128
Appendix A: Transaction Testing........................................................................ 128
Appendix B: Suggested Request Items for Credit Card Lending Activities ........... 135
Appendix C: Uniform Retail Credit Classification and
Account Management Policy Checklist (RCCP Checklist) ............................. 140
Appendix D: Account Management and Loss Allowance Guidance Checklist....... 144
Appendix E: Debt Suspension Agreement and
Debt Cancellation Contract Forms and Disclosure Worksheet ........................ 148
Appendix F: Debt Suspension and Debt Cancellation
Product Information Worksheet..................................................................... 152
Appendix G: Loss Forecasting Tools................................................................... 155
Appendix H: Credit Scoring and Development of Scoring Models ....................... 159
Appendix I: Profit Analysis................................................................................. 166
Appendix J: Glossary.......................................................................................... 169
Appendix K: Abbreviations ................................................................................ 176
References.....................................................................................................................178
Comptroller’s Handbook iii Credit Card Lending

Version 2.0
Introduction
The Office of the Comptroller of the Currency’s (OCC) Comptroller’s Handbook booklet,
“Credit Card Lending,” is prepared for use by OCC examiners in connection with their
examination and supervision of national banks, federal savings associations, and federal
branches and agencies of foreign banking organizations (collectively, banks). Each bank is
different and may present specific issues. Accordingly, examiners should apply the
information in this booklet consistent with each bank’s individual circumstances. When it is
necessary to distinguish between them, national banks, federal savings associations (FSA),
and covered savings associations are referred to separately.1
Overview
The credit card is one of the most universally accepted and convenient payment methods,
used by millions of consumers and merchants worldwide as a routine means of payment for a
variety of products and services.
Because of their profitability, credit cards play a role in the strategic plans of many banks
that may function as issuers, merchant acquirers, or agent banks. There are several major
issuers, very few of them are community banks. Many community banks use referral
programs or other contracted services provided by large bank issuers to provide credit cards
to their customers. Issuing banks hold or sell credit card loans and, therefore, bear some
credit risk. Some banks are involved in an arrangement commonly known as “rent-a-BIN.”
This arrangement allows an entity, such as a merchant processor, to conduct credit card
activities using a bank’s Visa bank identification number or Mastercard Interbank Card
Association number in return for a fee paid to the bank. 2
A merchant bank, or acquiring bank, is an entity that has entered into an agreement with a
merchant to accept deposits generated by credit card transactions. Processing merchant sales
drafts may result in customer chargebacks and, therefore, create operational, reputation,
strategic, and credit risks to the merchant bank.
An agent bank is a bank that has entered into an agreement to participate in an acquiring
bank’s merchant processing program. Many agent banks are community banks that offer
merchant processing as a customer service. Agent banks are exposed to reputation risk and
1
Generally, references to “national banks” throughout this booklet also apply to federal branches and agencies
of foreign banking organizations unless otherwise specified. Refer to the “Federal Branches and Agencies
Supervision” booklet of the Comptroller’s Handbook for more information regarding applicability of laws,
regulations, and guidance to federal branches and agencies. Certain FSAs may make an election to operate as a
covered savings association. For more information, refer to OCC Bulletin 2019-31, “Covered Savings
Associations Implementation: Covered Savings Associations,” and 12 CFR 101, “Covered Savings
Associations.”
2
For more information about rent-a-BIN arrangements, refer to the “Merchant Processing” booklet of the
Comptroller’s Handbook.
Comptroller’s Handbook 1 Credit Card Lending

Version 2.0
credit risk when executing merchant processing. For more information about merchant banks
and agent banks, refer to the “Merchant Processing” booklet of the Comptroller’s Handbook.
This “Credit Card Lending” booklet discusses the operations of issuing banks and provides
information for examiners regarding elements usually found in sound risk management
systems. Specific practices included in a bank’s risk management system will vary.
Examiners should consider the circumstances of the individual bank.
There are multiple laws and regulations applicable to credit card lending activities. The Truth
in Lending Act (TILA) (15 USC 1601 et seq.) was implemented by Regulation Z
(12 CFR 1026) and became effective on July 1, 1969, and has since been amended many
times. The Credit Card Accountability Responsibility and Disclosure Act (CARD Act)
further amended the TILA in 2009;3 those amendments are implemented in subparts B and G
of 12 CFR 1026. The CARD Act provisions require creditors to increase the amount of
notice consumers receive before the rate on a credit card account is increased or a significant
change is made to the account’s terms. The amendments allowed consumers to reject such
increases and changes by informing the creditor before the increase or change takes effect.
The CARD Act provisions also involve rules regarding interest rate increases, over-limit
transactions, and student cards. Lastly, the CARD Act addresses the reasonableness and
proportionality of penalty fees and charges and the reevaluation of rate increases.
Accordingly, throughout this booklet, there are references to the CARD Act and its
implementing regulation. For more information about the CARD Act requirements and
examination procedures, refer to the “Truth in Lending Act (Interagency)” booklet of the
The Home Owners’ Loan Act (HOLA) (12 USC 1461 et seq.), established the lending and
investment limitation of FSAs. The statute is implemented by 12 CFR 160, “Lending and
Investment.” Although FSAs are generally limited under 12 USC 1464(c)(2)(D) to investing
35 percent of assets in consumer loans and certain securities, section 5(c)(1)(T) of HOLA
(12 USC 1464(c)(1)(T)) authorizes FSAs to invest in credit cards and loans made through
credit card accounts without a statutory percentage of assets limitation. HOLA’s credit card
lending authorization is separate from, and in addition to, the investment limits for other
loans and investments authorized under HOLA. FSAs do not have to aggregate their
consumer-related credit cards with other consumer loans in determining compliance with the
limitations on consumer loans and certain other assets in section 5(c)(2)(D) of HOLA (12
USC 1464(c)(2)(D)). Similarly, FSAs do not have to aggregate business-related credit card
accounts with loans made under HOLA’s commercial loan authority.
Regulations and statutes are addressed throughout this booklet. Further, several sections of
this booklet include examples of transaction testing. Transaction testing is one of the most
important steps in the supervision of credit card lending because account-level testing allows
examiners to determine exactly what processes the bank is using and then assess those
3
Refer to Pub. L. 111-24.

Version 2.0
processes. Transaction testing also helps examiners determine the bank’s level of adherence
to its own policies and procedures as well as its implementation of sound risk management.4
An issuing bank’s success is highly dependent on how it manages every aspect of the lending
process given the dynamics of credit card lending. This booklet discusses each segment of an
issuing bank’s credit card operation, from marketing and account acquisition to account
management and collections.
Competition, market saturation, and changing consumer demographics and attitudes have
forced successful issuing banks to be innovative with the credit card products they offer,
customer selection, incentive programs, and management methods. This booklet discusses
various types of credit card programs, such as affinity and cobranded card programs, and the
unique characteristics, risks, and controls necessary for each. This booklet also includes a
discussion of credit scoring because all major issuers use this technology to help identify
possible customers and then manage cardholder accounts.
Banks may use securitization as a funding source for credit card lending. Securitization
provides banks some flexibility with respect to availability and cost of funding for the
portfolios. Banks account for these securitizations in accordance with Accounting Standards
Codification (ASC) Topic 810, “Consolidation,” and ASC Topic 860, “Transfers and
Servicing,” which generally do not allow for derecognition of the card receivables in most
traditional credit card securitization structures. For more information, refer to the “Asset
Securitization” booklet of the Comptroller’s Handbook for national banks and Office of
Thrift Supervision (OTS) Examination Handbook section 221, “Asset-Backed
Securitization,” for FSAs.
The credit card business has become one of the most complex and competitive areas in the
financial services industry. The market environment, through ever-evolving technology, has
become one of speed and volume. Due to the inherently significant credit and operational
risks, issuing banks’ written operating policies are typically tied to well-designed business
plans and risk management systems.
Credit Card Products

Credit card products generally fall into the following broad categories:
• General purpose cards (including charge cards)

• Proprietary or private-label cards
• Corporate or commercial cards
• Secured cards
4
For more information about transaction testing, refer to appendix A of this booklet.

Version 2.0
General Purpose Cards

General purpose bank cards, including affinity and cobranded cards, are branded credit cards
that are accepted by a wide variety of merchants and service providers. Banks that offer
general purpose cards are typically members of Mastercard or Visa, the two primary systems
for the settlement of interbank credit card transactions. Issuers may offer a “charge” card (on
which the balance must be paid in full each month) and a “credit” card where (the balance
can revolve month-over-month). Bank cards generate transaction-based interchange income
(generally a small percentage of each transaction to compensate the bank for processing the
transaction) in addition to finance charge and fee-related income.
Issuers of general purpose cards may form partnerships with businesses, associations, and
not-for-profit groups to market their credit cards. These credit cards, called affinity or
cobranded cards, are typically issued as American Express, Mastercard, or Visa cards. The
cards normally carry the affinity group or cobranding partner’s name and logo. These cards
can be used for purchases anywhere the applicable processing network (e.g., American
Express, Mastercard, Visa) is used and can sometimes be used for purchases of a partner’s
products and services. A bank issues the card under a contractual agreement with a partner.
Although compensation arrangements can vary, the partner typically endorses the bank’s
card in return for negotiated financial compensation based on customer acceptance and use of
the card.
Although the terms “affinity” and “cobranded” are sometimes used interchangeably, there are
differences. Generally, affinity cards are issued for a variety of groups and not-for-profit
organizations, such as alumni associations, professional organizations, and sports enthusiasts.
The cards provide cardholders with access to credit and a way to identify with the group. The
affinity group is compensated for endorsing the issuer’s card. Compensation can include a
portion of annual credit card fees, fees paid on renewal, a percentage of the interchange
income, a share of the interest income, or any combination of these. This arrangement
provides groups with a relatively low-cost source of income. The issuing bank expects to
benefit from the affinity group’s endorsement; while the affinity group introduces the bank to
what the bank hopes are high-quality and loyal customers. Members of affinity groups also
may be more responsive to credit card solicitations than consumers are to generic cards,
providing the issuer with more effective target marketing initiatives.
In cobranded card programs, the issuing bank forms partnerships with for-profit
organizations, such as retailers, hotels, gasoline companies, automobile manufacturers, and
airlines. The cobranding partner may receive part of the income that would normally go to
the issuer, such as interchange income, or may receive other compensation based on the
volume or activity of accounts opened through the card partnership. The cobranding partner
may also agree to share in a portion of credit losses or other expenses associated with the
card receivables. The partner is willing to share various income and expenses with the card
issuer because the issuer brings customer service and expertise in consumer lending to the
partnership. A bank card issuer generally benefits from a cobranding program through
increased credit card receivables.

Version 2.0
General purpose cards, including affinity and cobranded cards, often offer reward programs
as an incentive for cardholders to use a specific card. For affinity and cobranded cards, the
nonbank partner offers financial rewards, such as discounts tied to the partner’s product,
points, or even some percentage of cash back. Recently, these types of programs have been
adopted by other general purpose cards, although the rewards they offer are not tied to a
specific entity. 5
Underwriting standards, account management activities, and collection practices that are
important for safety and soundness also apply to affinity and cobranded cards. Examiners
should review and discuss with bank management any differences in terms, account
management activities, or collection practices that apply to affinity or cobranded cards versus
the bank’s other credit card products. Examiners should assess the appropriateness of any
differences and whether there are increased risks or safety and soundness or consumer
protection concerns. Examiners should be alert to situations in which the bank materially
alters these practices primarily to accommodate prospective affinity or cobranded card
customers as these situations are imprudent.
Issuing banks with numerous partnership program accounts tied to affinity or cobranded
programs can be seriously affected by a partner’s viability and commitment to the program.
Sound risk management includes analyzing of potential credit card lending partners before
finalizing contracts. 6 Negative publicity about the partner could reflect poorly on the bank.
Issuers of affinity cards should conduct appropriate due diligence before entering into third-
party relationships. Bank management’s assessment and monitoring of the financial status of
the bank’s cobranding partners is important because the bank might be exposed to liability
for unpaid rebates if the partner is not financially sound.
Contract terms should specify that control over the partnership program rests with the issuer.
Issuers typically track and monitor each partnership program, paying particular attention to
aspects of the program such as response and approval rates, utilization rates, purchase
volume, delinquencies, and charge-offs. The bank’s planning strategies should consider the
possibility of high attrition rates if a partner withdraws its endorsement from the bank. The
bank should periodically assess third-party relationships, typically including the profitability
of each relationship for its financial feasibility to continue offering the affinity or cobranded
card. Although the product may be profitable initially, the issuing bank may find that the
contract is no longer profitable as circumstances change. 7
Examiners should be aware that partnership agreements may include more than just credit
card lending. Partnership agreements may also include other lending facilities for the
borrower, such as operating lines of credit and real estate loans. Merchant services may also
be part of the agreement.
5
Refer to the “Accounting for Rebate Programs” section of this booklet for a discussion of risks associated with
rebates.
6
Refer to OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” and OCC Bulletin
2020-10, “Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29.”
7
Ibid.

Version 2.0
Proprietary or Private-Label Cards

Proprietary or private-label cards are generally accepted at only one retailer to facilitate the
purchase of that particular retailer’s goods and services. In addition to traditional retailers,
many sellers of high-cost goods (such as furniture, kitchen appliances, etc.) often offer their
own credit cards.
Proprietary or private-label card agreements may include various revenue and expense-
sharing arrangements as described in the “General Purpose Cards” section of this booklet.
One additional feature commonly associated with private-label cards, particularly for
retailers of high-cost goods, is the promotional period. Such programs often allow the
consumer a period of no interest on purchases they make from the retailer. Examples of this
type of offer appear in advertisements for various consumer goods from furniture stores
offering “No Interest for Two Years” on purchases made by a certain date. 8 These programs
can be structured in two ways: (1) interest accrues during the promotional period, and, if the
balance is not paid in full when the promotion expires, it is added to the outstanding balance
at the end of the period;9 or (2) no interest accrues during the promotional period, but interest
begins to accrue if the balance is not paid in full when the promotional period expires. 10
Some card issuers offer promotional programs that defer principal payments or have a
deferred payment option, which features a period during which no payments are required of
the consumer. These types of promotions are usually offered at the opening of the credit card
account and are limited to the highest credit quality borrowers. While banks (or their retail
partners) may offer “no interest” promotions, sound lending practices require monthly
minimum principal payments even during the promotional period. The minimum monthly
payment should be consistent with the issuer’s standard principal reduction for the product or
program, but in no event less than an amount that will amortize the current balance over a
reasonable period of time.
8
Solicitations, application, account-opening materials, or other disclosures must comply with Regulation Z and
laws prohibiting unfair, deceptive, or abusive acts or practices. For more information, refer to the “Unfair or
Deceptive Acts or Practices and Unfair, Deceptive, or Abusive Acts or Practices” booklet of the Comptroller’s
Handbook. Marketing materials for promotional annual percentage rate (APR) programs may risk being
deceptive if they do not clearly and prominently describe the material costs, conditions, and limitation of such
offers and the effect of promotional APR offers on the grace period for new purchases. The Consumer Financial
Protection Bureau (CFPB) has issued a bulletin advising credit card issuers of the risks associated with the
marketing of credit card promotional offers. Refer to CFPB Bulletin 2014-2, “Marketing of Credit Card
Promotional APR Offers.”
9
Under this program structure, accrued interest can be imposed only if the specified period is six months or
longer and, before the commencement of the promotional period, the issuer discloses in a clear and conspicuous
manner the length of the period and the rate at which interest will accrue. Refer to 12 CFR 1026.55(b)(1),
“Temporary Rate, Fee, or Charge Exception.”
10
Assuming the issuer promotes such a waiver, the cessation of the waiver if the balance is not paid in full at
the end of the promotional period constitutes an increase in the APR for the purposes of Regulation Z. Refer to
12 CFR 1026.55(e), “Promotional Waivers or Rebates of Interest, Fees, and Other Charges.” Such an increase is
permissible under 12 CFR 1026.55(b)(1) if the promotional period is six months or longer and, before the
beginning of the promotional period, the card issuer clearly disclosed the length of the period and the APR that
would apply after the period ended.

Version 2.0
Minimum monthly payments that amortize the current balance over a reasonable period of
time are a key tenet of safe and sound retail lending. Regular monthly payments add structure
and discipline to the lending arrangement, provide regular and ongoing contact with the
borrower, and allow the borrower to demonstrate, and the bank to assess, continued
willingness and ability to repay the obligation over time. Conversely, the absence of a regular
payment stream may result in protracted repayment and mask true portfolio performance and
quality.
Credit card accounts that receive these types of promotions may have a different rate of
default when compared to accounts without these types of promotions. Separating these
portfolios to monitor overall performance and by vintage is a prudent practice. Examiners
should understand the promotional offers, the targeted borrowers, and how management
measures the success and monitors performance of the promotional accounts originated.
Corporate or Commercial Cards

Corporate or commercial charge cards are usually issued to facilitate corporate or
government travel and entertainment (T&E) or procurement. Some banks also issue
consumer charge cards. Generally, the balance is due in full at the end of each billing cycle.
Although T&E cards are typically general purpose in nature, procurement cards may be
either general purpose or proprietary. Corporate cards are generally less profitable to banks
than consumer credit cards because users of corporate cards normally do not incur finance
charges. Rather, annual fees, interchange income, and other service fees are the primary
sources of income for banks that issue these cards. As a result, examiners should determine
whether management has analyzed the costs and risks associated with these programs and
possesses the necessary expertise to engage in this type of business. Corporate and
commercial cards are subject to the similar risk management principles as consumer cards.
Secured Cards
Secured cards look and function like traditional, unsecured credit cards, but the credit
extended by the issuer is partly or wholly secured by borrower collateral, typically in the
form of a bank deposit. These cards are generally marketed to individuals with limited or
blemished credit histories, who may not be eligible for unsecured credit. The cards may serve
as a means for those individuals to establish or improve their credit and to qualify for or
“graduate” to more traditional unsecured credit. 11
In a traditional secured card program, funds are transferred to the issuing bank by th e
consumer at account opening, pledged as security for the credit card account, and placed on
deposit (at the issuer or another depository institution) in the name of or for the benefit of the
consumer. The consumer generally may not access those funds. Rather, the funds remain on
deposit so that if the consumer defaults on his or her credit card account, the deposited funds
may be used to help satisfy the debt. Minimum bank deposits under secured credit card
11
Cards that are marketed as improving credit may carry heightened risk for unfair, deceptive, or abusive acts
or practices. For more information, refer to the “Unfair or Deceptive Acts or Practices and Unfair, Deceptive, or
Abusive Acts or Practices” booklet of the Comptroller’s Handbook.

Version 2.0
programs typically range from $100 to $500, although customers are often permitted to
deposit more if they choose. The deposit account may earn interest, depending on the terms
of the agreement. It is important for banks to have controls in place to avoid unintentionally
releasing collateral.
In some programs, security deposits and account opening fees are charged to the credit card
account. The CARD Act and Regulation Z limit fees issuers can charge before account
opening and during the first 12 months after account opening.12 Secured credit card accounts
are often high cost for the bank and generally have heightened compliance risk.
Risks Associated With Credit Card Lending

From a supervisory perspective, risk is the potential that events will have an adverse effect on
a bank’s current or projected financial condition13 and resilience.14 The OCC has defined
eight categories of risk for bank supervision purposes: credit, interest rate, liquidity, price,
operational, compliance, strategic, and reputation. These categories are not mutually
exclusive. Any product or service may expose a bank to multiple risks. Risks also may be
interdependent and may be positively or negatively correlated. Examiners should be aware of
and assess this interdependence. Examiners also should be alert to concentrations that can
significantly elevate risk. Concentrations can accumulate within and across products,
business lines, geographic areas, countries, and legal entities. Refer to the “Bank Supervision
Process” booklet of the Comptroller’s Handbook for an expanded discussion of banking risks
and their definitions.
The primary risks associated with credit card lending are credit, operational, liquidity,
strategic, reputation, interest rate, and compliance. These are discussed more fully in the
following paragraphs. Although all of these risks are associated with credit card lending, the
primary focus of this booklet is credit risk, with some emphasis on operational, strategic, and
reputation risk. For more information on compliance risk and consumer protection-related
laws and regulations, refer to the Consumer Compliance series of the Comptroller’s
Handbook and interagency consumer compliance examination procedures, as applicable.
Credit Risk
Credit risk is the risk to current or projected financial condition and resilience arising from an
obligor’s failure to meet the terms of any contract with the bank or otherwise perform as
agreed. Credit risk poses the most significant risk to banks involved in credit card lending.
Because credit card debt is generally unsecured, repayment depends primarily on a
borrower’s willingness and capacity to repay. The highly competitive environment for credit
For more information, refer to the “Truth in Lending Act (Interagency)” booklet of the Comptroller’s
12
Handbook.
13
Financial condition includes impacts from diminished capital and liquidity. Capital in this context includes
potential impacts from reduced earnings and market value of equity.
14
Resilience recognizes the bank’s ability to withstand periods of stress.

Version 2.0
card lending provides consumers with ample opportunity to hold several credit cards from
different issuers and to pay only minimum monthly payments on outstanding balances. In
such an environment, borrowers may become overextended and unable to repay, particularly
in times of an economic downturn or a personal life event, such as illness, divorce, childbirth,
or other events like natural disasters.
Regulation Z prohibits a card issuer from opening a credit card account for a consumer under
an open-end (not secured by a dwelling or real property) consumer credit plan, or increasing
any credit limit applicable to such account, unless the card issuer considers the consumer’s
ability to make the required minimum periodic payments under the terms of the account,
based on the consumer’s income or assets and current obligations. 15
Product pricing may vary widely and include both fixed- and variable-rate structures. Issuers
may offer low introductory rates to consumers to entice them to transfer balances to a new
credit card. Introductory rate offers may be as low as zero percent, although transfer fees may
apply. At the end of the introductory period, the variable rate is likely to increase.16
In addition to credit risk posed by individual borrowers, credit risk exists in the overall credit
card portfolio. Relaxed underwriting standards, aggressive solicitation programs, inadequate
account management, and a general deterioration of economic conditions can increase credit
risk. Changes in product mix and the degree to which the portfolio has concentrations,
geographic or otherwise, can also affect a portfolio’s risk profile.
Examiners assess credit risk by evaluating portfolio performance, profitability, and borrower
characteristics by business lines, products, and markets. They consider changes in
underwriting standards, account acquisition channels, credit scoring systems, and marketing
plans.
Operational Risk
Operational risk is the risk to current or projected financial condition and resilience arising
from inadequate or failed internal processes or systems, human errors or misconduct, or
adverse external events. An effective risk management system, inclusive of proper internal
controls, helps to control operational risk exposures.
A bank’s success in credit card lending depends in part on achieving economies of scale to
service large volumes of customers and transactions. Credit card operations are highly
automated and effective operational controls are needed given the risks and transaction
volumes. Failing to develop proper risk management processes inclusive of internal controls
and a sound audit can lead to significant exposure and operational failures. Aggressive
growth has the potential to stretch operational capacity and can cause problems in handling
customer accounts and processing payments. A bank’s technology infrastructure can also
15
Refer to 12 CFR 1026.51, “Ability to Pay.”
16
For information on Regulation Z requirements pertaining to introductory rates, refer to 12 CFR 1026.55(b)(1)
and the “Truth in Lending Act (Interagency)” booklet of the Comptroller’s Handbook.

Version 2.0
pose significant operational risk to an issuer. Technology that is outdated or difficult to use or
reprogram exposes banks to higher servicing costs and higher potential for errors when they
require manual intervention.
The risk of fraud is a continuing problem associated with credit card programs. The very
nature of the product—an easily obtainable unsecured line of credit that is disbursable at the
borrower’s discretion up to the stated credit limits—makes it an ideal mechanism for first-
party and victim fraud.17 Heightened exposure to fraudulent activities may also increase a
bank’s exposure to reputation and strategic risks.
Operational risk exists not only in account originations and servicing, but also in collections,
whether or not a bank uses third parties in collection practices (e.g., collection agencies,
attorneys). There are many detailed legal requirements around the preparation and filing of
collection documentation, and each issuer should have processes in place to comply with
those requirements. When a bank relies on third parties for collection activities, the bank
maintains responsibility for compliance with legal requirements and for executing activities
in a safe and sound manner.18
Effective internal controls, audits, third-party risk management, business continuity planning,
management information systems (MIS), and reporting are important aspects of managing
operational risk. The volume of accounts managed (both on the books and securitized), the
capabilities of systems and technologies in relation to current and prospective volume,
contingency preparedness, and exposures through the payment system are factors that can
affect a bank’s operational risk exposure.
Examiners assess operational risk by evaluating the adequacy of governance and risk
management of all activities included in the origination and management of credit card
lending, including the engagement of any third parties in the processes.
Liquidity Risk
Liquidity risk is the risk to current or projected financial condition and resilience arising from
an inability to meet obligations when they come due. Banks use a variety of funding
techniques to support credit card portfolios. Techniques employed by individual banks
introduce different types of liquidity risk. For example, a credit card bank that is self -funded
through securitizations (refer to the “Glossary” section of this booklet) has different liquidity
risk considerations than a credit card bank that is funded by its retail parent’s commercial
paper. Moreover, large banks with access to a full array of funding sources to support credit
card operations have different liquidity risk considerations than small banks with potentially
less diverse funding sources.
For more information regarding fraud risks, refer to OCC Bulletin 2019-37, “Operational Risk: Fraud Risk
17
Management Principles.”
18
For more information regarding risks associated with third-party relationships, refer to OCC Bulletins 2013-
29 and 2020-10.

Version 2.0
Liquidity risk is present in a bank’s obligation to fund unused credit card commitments. For
example, seasonal credit card demands mean that more consumers use their cards at certain
times, such as around holidays.
Credit card portfolios composed of higher-risk assets and having unusual portfolio volatility
may be difficult to securitize or sell. Failure to adequately underwrite or collect loans may
trigger early amortization of a securitization, which could cause liquidity problems, increase
costs, or limit access to funding markets in the future. 19
To assess liquidity risk, examiners consider
• reliability of funding mechanisms.

• dependence of the credit card operation on securitization of assets.
• volume of unfunded commitments.
• attrition of credit card accounts.
• stability of affinity and cobranded card relationships.
• ability to fund seasonal increases in demand.
Strategic Risk
Strategic risk is the risk to current or projected financial condition and resilience arising from
adverse business decisions, poor implementation of business decisions, or lack of
responsiveness to changes in the banking industry and operating environment. Strategic risk
in credit card lending can arise when business decisions adversely affect the quantity or
quality of products and services offered, program operating controls, management
supervision, or technology. Bank management’s knowledge of economic dynamics and
industry market conditions can help mitigate strategic risk. Banks may be exposed to
strategic risk if they inadequately plan for marketing of preapproved credit card solicitation
programs.
Failure to sufficiently test new markets and strategies before full rollout can present
significant strategic risk. Fully testing new markets, analyzing results, and refining
solicitation offers to limit the booking of new credit card accounts that do not perform as
anticipated can help mitigate risk. An issuer that wants to change the composition of its
portfolio may also reduce strategic risk by testing the new strategy in a pilot phase.
Examiners assess strategic risk by determining whether bank management has evaluated the
feasibility and profitability of each new credit card product and service before it is offered.
Examiners determine whether the bank’s pricing, growth, and acquisition strategies
realistically consider economic and market factors. In particular, examiners evaluate whether
a proper balance exists between the bank’s willingness to accept risk and its supporting
resources and controls.
19
For more information on early amortization of securitizations, refer to the “Asset Securitization” booklet of
the Comptroller’s Handbook (national banks) and OTS Examination Handbook, section 221, “Asset-Backed
Securitization” (FSAs).

Version 2.0
Reputation Risk
Reputation risk is the risk to current or projected financial condition and resilience arising
from negative public opinion. A bank’s credit card operation can create reputation risk in a
variety of ways. For example, poor servicing of existing accounts, such as failing to
appropriately resolve consumer issues or process payments in a timely manner, can result in
the loss of existing relationships. Issuing banks that employ third parties to perform
solicitation, servicing, collection, or other functions should effectively monitor and control
the products and services provided by the third parties. Reputation risk also may exist when a
bank offers affinity or cobranded credit cards because consumers may associate the quality of
the bank’s partner’s products and services with the bank.
Certain credit card practices can also increase reputation risk. To illustrate, common industry
practices, such as punitive and penalty pricing for defaults on accounts, are perceived as
unfriendly to the consumer. Several major issuers have received negative publicity for using
these practices.
To assess reputation risk, examiners consider
• volume and number of credit card accounts under management or administration .

• merger and acquisition plans and opportunities.
• potential or planned entrance into new credit card products, marketing strategies, or
technologies (including new delivery channels).
• the market’s or public’s perception of the bank’s financial stability.
• past performance in offering new credit card products and services and in conducting due
diligence.
• ability to prevent violations of laws and regulations and minimize impact from any
violations that do occur.
• volume of customer complaints and the ability to address them.
• management’s willingness and ability to adjust strategies based on regulatory changes,
market disruptions, or market or public perception.
• quality and integrity of MIS and the development of expanded or newly integrated
systems.
Interest Rate Risk

Interest rate risk is the risk to current or projected financial condition and resilience arising
from movements in interest rates. Interest rate risk results from differences between the
timing of rate changes and the timing of cash flows (repricing risk); from changing rate
relationships among different yield curves affecting bank activities (basis risk); from
changing rate relationships across the spectrum of maturities (yield curve risk); and from
interest-related options embedded in bank products (options risk).
Interest income and fee income derived from credit card portfolios are sensitive to changes in
interest rates. Complex, illiquid hedging strategies or products have their own risks that may

Version 2.0
exacerbate interest rate risk. The availability of a wide variety of rate structures for credit
card products provides flexibility in managing such risk.
When assessing interest rate risk, examiners should consider the CARD Act’s limits on rate
increases,20 as well as the variety of pricing programs and the impact of competition on rates.
Intense competition on pricing to meet market demands can compress margins. Examiners
should also consider the source(s) and cost of funding the credit card portfolio.
Compliance Risk
Compliance risk is the risk to current or projected financial condition and resilience arising
from violations of laws or regulations, or from nonconformance with prescribed practices,
internal bank policies and procedures, or ethical standards. An examiner’s evaluation of
compliance risk should consider the numerous laws that pertain to credit card lending.
Examples of laws and regulations applicable to credit card lending include
• the Bank Secrecy Act (BSA).21

• the Truth in Lending Act, implemented by 12 CFR 1026, “Truth in Lending (Regulation
Z).”
• the Fair Credit Reporting Act (FCRA), implemented by 12 CFR 1022, “Fair Credit
Reporting (Regulation V).”
• the Fair Debt Collection Practices Act (FDCPA), implemented by 12 CFR 1006, “Fair
Debt Collection Practices Act (Regulation F).”
• the Equal Credit Opportunity Act (ECOA), implemented by 12 CFR 1002, “Equal Credit
Opportunity Act (Regulation B).”
• the Servicemembers Civil Relief Act (50 USC 3901 et seq.).
• the Military Lending Act (10 USC 987).
• laws prohibiting unfair or deceptive acts or practices (UDAP) and unfair, deceptive, or
abusive acts or practices (UDAAP).22
The examiner should assess the consumer compliance risks associated with the bank’s credit
card lending activities.
Examiners should understand the potential exposure to risks of money laundering or terrorist
financing related to credit card lending. For example, secured credit cards in which cash is
used as a deposit may pose a higher risk of money laundering or terrorist financing as the
20
Refer to 12 CFR 1026.55, “Limitations on Increasing Annual Percentage Rates, Fees, and Charges.”
21
See, for example, 12 CFR 21.21, “Procedures for Monitoring Bank Secrecy Act (BSA) Compliance”
(national banks and FSAs), 12 CFR 21.11, “Suspicious Activity Report” (national banks), and 12 CFR 163.180,
“ Suspicious Activity Reports and Other Reports and Statements” (FSAs).
22
Section 5 of the Federal Trade Commission Act (15 USC 45) prohibits unfair or deceptive acts or practices.
Sections 1031 and 1036 of the Dodd–Frank Wall Street Reform and Consumer Protection Act (Dodd–Frank)
(12 USC 5531 and 5536) prohibit unfair, deceptive, or abusive acts or practices. For more information, refer to
the “Unfair or Deceptive Acts or Practices and Unfair, Deceptive, or Abusive Acts or Practices” booklet of the

Version 2.0
source of cash may be unknown or derived from illicit sources. Policies that allow payments
in excess of the assigned line can create large card balances that can be exploited for money
laundering or terrorist financing purposes. In addition, certain features relating to the credit
card, including prepaid access, the ability to accept funds transfers on to the card through
automated clearing house (ACH) or wire transfers or other means, may also present
heightened money laundering or terrorist financing risks.
Examiners should be familiar with subparts B and G of 12 CFR 1026, which incorporated the
CARD Act. These sections of the regulation provide explicit rules for issuing and operating a
credit card program. With many of the requirements under TILA pertaining to credit cards, a
creditor that fails to comply generally may be held liable to the consumer for actual damages
and legal costs. 23 In addition, a creditor may be held liable for twice the amount of the
finance charge involved, subject to certain limits. Effective controls and efficient processes
should be in place to manage litigation exposure in credit card lending.
For the primary compliance-related examination information on credit card lending, refer to
the
• Federal Financial Institutions Examination Council’s (FFIEC) Bank Secrecy Act/Anti-

Money Laundering Examination Manual.
• “Truth in Lending Act (Interagency)” booklet of the Comptroller’s Handbook.
• “Fair Credit Reporting” (national banks), 24 “Fair Lending,” and other Consumer
Compliance series booklets of the Comptroller’s Handbook.
Risk Management
Each bank should identify, measure, monitor, and control risk by implementing an effective
risk management system appropriate for the size and complexity of its operations. When
examiners assess the effectiveness of a bank’s risk management system, they consider the
bank’s policies, processes, personnel, and control systems. Refer to the “Corporate and Risk
Governance” booklet of the Comptroller’s Handbook for an expanded discussion of risk
management.
A sound risk management system identifies, measures, monitors, and controls risks. A bank’s
risk management system comprises policies, processes, personnel, and control systems.
Control systems include internal and external audits, credit risk review, quality control (QC),
and quality assurance (QA). The structure and function of risk management systems and their
components can vary depending on the size and complexity of the bank’s credit card
operations. Technology, level of sophistication, and staffing levels may also be different.
23
TILA exempts a creditor from civil liability for a violation if the creditor shows by a preponderance of the
evidence that the violation was not intentional and results from a bona fide error, notwithstanding the
maintenance of procedures designed to avoid such an error. Refer to 15 USC 1640(c), “Unintentional
Violations; Bona Fide Errors.” Further, failing to comply with the advertising provisions in 15 USC 1661–
1665b does not expose a creditor to civil liability for actual damages or legal costs.
24
For FSAs, refer to OTS Examination Handbook, section 1300, “Fair Credit Reporting Act.”

Version 2.0
Examiners should determine how each function is performed, whether it is performed

internally or by a third party, and assess its effectiveness.
Credit card lending is a highly automated, high-volume activity that distributes sophisticated
products to consumers. Risk management of a bank’s credit card operation includes a clearly
defined organizational structure that provides accountability, appropriate expertise, and
staffing levels, information systems, training programs, and general and specialty audit
processes.
A well-developed strategy for credit card activities typically identifies, in broad terms, the
level of risk the bank is willing to accept for various products in the bank’s portfolio.
Examiners should assess the adequacy of the bank’s total strategy and whether plans reflect
realistic goals and objectives based on reasonable data and assumptions. The b oard’s appetite
for risk often involves balancing the bank’s underwriting and the pricing structure to achieve
desired results. For example, management may ease credit standards, and price for the
associated risk through higher interest rates, ultimately projecting increased profits in spite of
the higher losses that may be associated with those accounts.
Banks should implement sound fundamental business principles that identify risk, establish
controls, ensure compliance with applicable laws and regulations, and provide for monitoring
systems for lending activities. Monitoring systems should also provide a mechanism to
identify, investigate, and report suspicious activities. Effective policies and internal controls
governing each operational area are important for managing risks associated with credit card
lending. Effective policies and internal controls enable the bank to adhere to its established
strategic objectives and to institutionalize effective risk management practices. Policies also
can help ensure that the bank benefits through efficiencies gained from standard operating
procedures.
The bank’s audit and credit risk review functions should conduct periodic reviews of the
bank’s credit card program. Credit card audit programs should be comprehensive, covering
the life of the account and the product overall, including marketing, origination, account
management and servicing, loss mitigation, fraud prevention, and collection. Adequate
procedures regularly test the credit underwriting function for compliance with policy
guidelines and applicable laws and regulations. Also important is reviewing all significant
policies for adequacy and staff adherence to policy. 25 Further, the bank’s audit function
should test controls designed to identify and report suspicious activity.26
An effective credit risk management function is crucial to the ongoing success and
profitability of the credit card program. The risk management function is responsible for
evaluating credit standards, monitoring the quality of the portfolio, and making changes to
the underwriting standards as necessary to maintain the appropriate level of risk in th e
portfolio. An effective risk management function promotes early and accurate identification
For more information, refer to the “Internal and External Audits” booklet of the Comptroller’s Handbook and
25
OCC Bulletin 2020-50, “Credit Risk: Interagency Guidance on Credit Risk Review Systems.”
26
Refer to 12 CFR 21.21 and the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual.

Version 2.0
of existing and potential problems, identifies the need for policy revisions, and provides bank
management with the information it needs to respond promptly to problems.
Effective risk management addresses the entire cycle of credit card lending, from strategic
development, testing, and product rollout to long-term performance of the portfolio. OCC
Bulletin 2017-43, “New, Modified, or Expanded Bank Products and Services: Risk
Management Principles,” provides OCC guidance to banks regarding the risk management of
new activities. Examiners should review this issuance when evaluating a bank’s process for
introducing new, modified, or expanded credit card products.
Performing product analyses that serve as the basis for underwriting, marketing, compliance,
and portfolio management decisions is a component of sound risk management, as is
ensuring that marketing initiatives appropriately reflect acceptable levels of risk. Risk
management systems should help manage and maintain all scoring systems, analyze portfolio
delinquencies and losses, and identify reasons for adverse changes or trends. Monitoring
portfolio performance, including the performance of specific products, marketing initiatives,
and vintages is an effective way to identify and control the risks in a credit card portfolio .
MIS support effective risk management. For example, MIS should be able to provide
sufficient information to evaluate and measure the impact of actions taken and identify
unusual or suspicious activity. Bank management should receive reports derived from MIS
data outlining portfolio dimensions, composition, and performance. Reports should include
portfolio risk levels, trends, concentrations, and earnings. 27 These reports should be prepared
for each product type, affinity group, or other portfolio segment that may be significant due
to strategic importance, performance related concerns or new products.
Information Technology
Credit card lending is highly dependent on technology. From the time of the loan application
through the remaining life of the loan, information technology (IT) plays a key role in
operations, risk management, and regulatory reporting. IT and the IT infrastructure allow
bankers to leverage resources and increase both operational and financial efficiency. An
effective IT culture is important because of the volume of, and reliance on, MIS and
reporting for management and regulatory requirements.
Assessment of IT systems within credit card lenders should include an assessment of the
capability of the IT systems to support the operational, risk management, and risk control
functions of a credit card operation. The assessment also should consider business continuity
management as well as overall resiliency of business processes. IT systems should be
compatible and able to process the high volume of data generated during the life of a credit
card.
27
Refer also to the “Loan Portfolio Management” booklet of the Comptroller’s Handbook (national banks) and
the OTS Examination Handbook, Section 201, “Overview: Lending Operations and Portfolio Risk
Management,” (FSAs) for further discussion of MIS.

Version 2.0
Scoring Models
Most banks use credit scorecards to some degree in their credit card operations. Credit
scorecards, the most common scoring model used in credit card lending, are designed to
differentiate between accounts that will exhibit “good” behavior and those that will not. 28
The scores generated indicate the relative level of risk in either ascending or descending
order, depending on the convention used by the model developer. Credit scoring is used to
control risk in acquisition and underwriting, account management, marketing, and collection
processes.
Scoring models are also used for pricing, line assignment, and loss projection. Model
accuracy is important when scoring models are used for pricing, line assignment, and loss
projection. Various other models are used throughout the life of a card exposure from
marketing and origination to setting reserves and collection strategies. The use of models also
can pose risk to the bank specifically, the risk that the bank will suffer losses because the
bank’s lending strategies are based on models that are incorrect or misused.29
In simple terms, scoring employs a quantitative method, system, or approach to predict future
behavior based on past performance. Predictive horizons range from six months to two years.
The assumption is that the behaviors of the scored population going forward will not change
markedly from those of the population used to develop the model. The ability of models to
differentiate risk deteriorates with time, however, as a result of shifts in consumer behavior,
economic conditions, and bank and industry product terms and marketing.
The majority of scoring models rely on quantitative modeling techniques (e.g., linear
regression, logistic regression, and decision trees). Some banks are applying artificial
intelligence (AI) and machine learning (ML)30 methods (e.g., gradient boosting or neural
network) to credit scoring. Banks occasionally use nonempirical “expert” models that are
based on expert judgement and designed using subjective and judgmental factors.
Models can be categorized as either generic or custom. Generic scorecards, which are off-
the-shelf scorecards also known as pooled data models, are built using information obtained
from multiple lenders, credit repositories, or credit bureaus to determine general credit risk.
Generic scorecards are typically used when the bank lacks a sufficient number of approved
and denied applications or depth of account history to provide the requisite development
sample to build a custom scorecard (i.e., the bank does not have enough data to generate
statistically valid conclusions). Some generic models are developed specifically for credit
cards.
28
The definition of a “bad” account varies but typically involves some level of delinquency, usually more than
60 or 90 days past due.
For more information, refer to OCC Bulletin 1997-24, “Credit Scoring Models: Examination Guidance”;
29
OCC Bulletin 2011-12, “Sound Practices for Model Risk Management: Supervisory Guidance on Model Risk
Management”; and appendix H of this booklet, “Credit Scoring and Development of Scoring Models.”
Machine learning is a subset of artificial intelligence. References to AI in this booklet include both AI and
30
ML methods.

Version 2.0
Custom or proprietary scorecards are bank- or product-specific models developed using the
bank’s own data, data from credit bureaus, and customer experience. These scorecards may
be developed in-house, if the bank has the modeling expertise on staff and technological
infrastructure, or scorecards may be developed by third parties. Custom scorecards frequently
have an improved performance compared to generic scorecards since the modeling
population is typically more tailored to the bank’s specific customers.
Scoring systems do not normally consist of a single model. Instead, it is common practice for
a modeler to segment the customer population into multiple similarly situated subpopulations
based on differences in available information and customer behavior patterns. The modeler
can then develop individual scorecards for each distinct subpopulation that use the variables
most predictive of risk for that particular group, thereby increasing accuracy and precision.
For example, a credit card application might consist of seven models: a “thin file” scorecard
for applicants with little or no previous credit history; three “derog” or “subprime” models
for those with prior delinquencies; and three “prime” scorecards for those with more
substantial credit histories who have been paying on time. The criteria used to determine
segmentation and subpopulations are key components of the model development process.
Banks’ use of risk models in the underwriting process varies. Banks may
• use scoring models exclusively to approve or reject loan applications.

• rely heavily on scoring, using automated underwriting systems to approve high scores
and reject low scores, but divert borderline scores to underwriters for further manual
review (also called “gray zone” strategies).
• use scores as one among many inputs in a judgmental underwriting process.
• use scores to route applications between senior and junior underwriters or for some other
queuing strategy.
• use scores in determining account pricing and initial line assignment.
Most large retail credit operations fall into the category described in the second bullet above,
while small banks with low volume tend to fall into the category described in the third bullet.
The types of scores generated by risk models include the following:
• Credit bureau risk scores: The most widely used of all the scores, bureau scores use
only information on file at the three major credit bureaus; loan-specific information and
general economic conditions are not included in these models. For the most part, bureau
scorecards (e.g., FICO, formerly known as Fair Isaac Corporation, and VantageScore)
have been developed by third parties, although a few large banks have collected enough
data over time to develop internal bureau scores. For example, FICO developed several
bureau scorecards with different bureaus and maintains different scorecard versions (e.g.,
Classic FICO, FICO8, FICO NextGen) to reflect borrower behavior changes over time.
The bureau scorecards are used to underwrite and manage mortgage, credit card, and auto
loan portfolios. Although the models that each bureau uses are somewhat different, they
all assign a three-digit number ranging from 300 to 850, which quantifies the relative
ranking of consumers according to general credit quality. The higher the customer score,
the lower the credit risk. Each bureau has a name for its own scoring system. When

Version 2.0
originally introduced, the names were “BEACON” at Equifax, “EMPIRICA” at

TransUnion, and “FICO” at Experian. As the models have evolved and newer versions
were developed, the names of the models may have changed. In March 2006, the three
bureaus launched a new scoring model called VantageScore to compete with FICO in
selling scorecards to banks, credit card issuers, and other users. VantageScore also rank
orders consumers using scores from 300 to 850.
Credit bureau scores consider five general groups of predictive variables:
• Previous performance, including the severity and frequency of poor performance and
how recently the poor performance occurred.31
• Current level and use of nonmortgage debt.
• Amount of time that credit has been in use.
• Pursuit of new credit and inquiries.32
• Types of credit available.
• Application scores: As the name suggests, application scores incorporate information

from the loan application as well as various credit bureau data, possibly including the
bureau score. In some cases, the model may also consider information related to the
transaction being financed. The score may be used to determine pricing and initial line
assignment, as well to decide approval or denial.
Once the accounts are booked, the bank uses account management models to help manage
the portfolio. Banks can use scores for monitoring portfolio risk, implementing account
management initiatives, targeting cross-selling opportunities, and prioritizing collection
activities. These scores may include the following:
• Behavioral scores: These models generate scores based on customer performance on the
bank’s loans (e.g., payment and delinquency patterns), and may provide an estimate of
customer profitability. Whereas traditional behavior scorecards were confined to internal,
or “on us,” borrower performance, many models now include bureau scores or certain
bureau report characteristics in the scores. Some of these models are commonly used at
the time of booking to predict behavior, not just for account management. For example,
these models are used to detect potential fraud, to predict a credit bust-out, and to
determine underwriting level for net present value (NPV) or pseudo NPV, which are used
to predict profitability or reward activity. Transactional behavior models, such as those
used for fraud identification, can rescore credit card accounts after individual
transactions. Some collection departments use specialized behavior models based on the
performance of delinquent borrowers.
• Bankruptcy scores: These are designed to identify customers posing a higher risk of
bankruptcy based on the attributes of borrowers who have declared bankruptcy.
Bankruptcy scores usually are used in conjunction with conventional credit risk models.
31
This includes public record information such as bankruptcies.
32
Multiple inquiries in a short period of time are usually eliminated, or “de-duped,” so that the consumer is not
penalized for rate shopping. In addition, non-consumer-originated promotional inquiries are excluded.

Version 2.0
• Line management scores: These models are used to assess how the customer’s behavior
or how the expected returns or profitability in the form of incremental net credit margin
reacts to different line assignment changes. Those models can help to manage risk in
credit line management and also take customers’ growing needs into consideration .
Banks may also use other models in the account acquisition, underwriting, and account
management processes. These models include the following:
• Marketing: Target marketing initiatives to meet preferences or perceived needs.

• Response: Target prospects most likely to respond to an offer.
• Profit: Project the level of revenue and losses a customer will generate for the life of the
loan. These models can be NPV models or traditional profit and loss tools or models.
• Attrition: Identify accounts likely to prepay or voluntarily close.
• Fraud: Identify potentially fraudulent applications or credit card transactions.
Bankers sometimes combine multiple scorecards. This practice is also known as model
layering or combined scorecards, (e.g., dual scorecards), through which the bank benefits
from combining the risk selection capabilities of the various models used. Strategy cutoffs
are then developed based on the combined matrix cell odds rather than the individual score.
Combined scorecards let the bank adjust the cutoff on a cell-by-cell, stair-step basis, allowing
for clearly visible “swap sets.” This enables the bank to approve the best of the customers,
who may or may not have been approved based on a fixed cutoff score. Effective use of
matrixing encourages a bank to develop a “joint delinquency table” (which can be converted
to a “joint odds” table) from the combination of multiple scorecards.
The dual scorecard concept is illustrated in table 1, in which the application scores are on the
vertical axis and the bureau scores are on the horizontal axis, with the risk decreasing as
scores increase. The percentages in the body of the table represent the frequency with which
an account was ever delinquent within a defined time period.
Table 1: Joint Delinquency Matrix, Delinquency Rates
Average
delinquency
Less than 750 or rate by custom
600 600–649 650–699 700–749 higher score segment
Less than 180 20% 14% 14% 11% 8% 13.4%
180–199 13% 11% 10% 6% 7% 9.4%
200–219 11% 10% 7% 5% 5% 7.6%
220–239 10% 7% 5% 4% 5% 6.2%
240 or higher 8% 3% 3% 2% 1% 3.4%
Average 12.4% 9.0% 7.8% 5.6% 5.2%
delinquency rate
by bureau score
segment

Version 2.0
Assume, for simplicity, that the delinquency chart is based on the performance of 2,500
borrowers evenly distributed over the 25 cells (i.e., 100 borrowers in each cell). If the bank’s
tolerance for risk is associated with a delinquency rate of roughly 6 percent, a cutoff score of
200 using only the custom scorecard would achieve that objective (the delinquency rate
based on a custom score greater than 200 would be 5.7 percent) based on a portfolio of 1,500
borrowers. The bank could lower the average delinquency rate to 5.1 percent⎯an 11.6
percent reduction in the delinquency rate⎯without decreasing volume by overlaying the
bureau score and swapping out poor performers (i.e., bureau scores below 650) with custom
scores greater than 200 and swapping in better performers (i.e., bureau scores greater than
700) with custom scores less than 200.
Banks also layer credit scores with nonrisk scores or complex model-like credit strategies.
For example, revenue and response models may be used together for a pre-approved credit
card solicitation, or assumptions and basic projections on profit and loss at a segment-level
can inform underwriting cutoffs or line amounts. This practice presents difficulty in that the
purposes of the models used may conflict. Although management tries to control credit risk
by using the credit score, revenue and response scores generally increase for higher-risk
borrowers (reflecting higher potential for bank revenue generation in terms of pricing and
fees and a borrower’s greater propensity to respond to credit offers). This may result in
adverse selection (e.g., higher-risk borrowers are more likely to respond). The odds
associated with the risk score can be adversely affected as fewer “good risk” prospects
respond relative to the level of “bad risk” prospects. Sound planning typically reflects an
understanding of the risks associated with the use of these types of strategies. Such
combining of models and overlays into a banks’ overall strategy introduces aggregate model
risk as discussed in OCC Bulletin 2011-12.
Banks are developing and leveraging AI methods for a broad range of activities, including
credit modeling and tasks associated with managing credit card lending. Specific uses may
include fraud detection and prevention, marketing (e.g., targeted offer campaigns, and
response models), and credit risk management (e.g., underwriting, authorizations, credit line
management, and collection). Banks may use AI to automate repetitive or routine tasks
aimed at gaining operational efficiency or reducing human error. Banks also use ML
techniques including convolutional AI, neural networks, deep learning, and natural language
processing to assist with sophisticated decision making and pattern recognition. As the uses
of AI increase, so will the complexity and sophistication of models, requiring bank
management to increase its understanding of AI methods to oversee the implementation and
use.
Risk management of AI processes should be commensurate with the risk posed by AI use
and the core functions the AI processes support. Effective AI implementation generally
includes sufficient oversight and effective challenge over the potential risk associated with
the use and implementation of these tools or models. An effective risk governance
framework also typically addresses areas of model risk management unique to AI, such as
their opacity (e.g., black-box nature) and conceptual soundness of hyperparameter tuning and

Version 2.0
unstructured data. Proper data governance also remains important for identifying possible
biases in the data, particularly if the model uses nontraditional (or alternative) data sources.33
Model Documentation
Examiners should determine whether bank policies address requirements for maintaining
appropriate model documentation. Documentation typically includes the following:
• Model inventory: Summary listing of

- all models in use, under development, or recently retired.
- the models’ application(s).
- the dates developed, implemented, and last validated.
- information on the model’s purpose and design, actual or expected usage, and any
restrictions on use.
• Individual models: Documentation that is understandable and sufficiently detailed to
allow for precise replication should the need arise.
• Chronology log: Listing by date of all significant internal and external events relevant to
the credit function (e.g., score implementation, product changes, cutoff score changes,
major marketing initiatives, and economic or competitive shifts).
Models purchased from third parties ordinarily come with comprehensive manuals describing
development, as well as ongoing maintenance and validation requirements. Third-party
models are subject to the same validation processes by the bank as internal models, including
validating their performance on internal data, and evaluating conceptual soundness, such as
variable selection and sensitivity, as much as is feasible. Examiners should verify that the
bank has adequate documentation standards and has performed proper validation for third-
party models.
Model Management and Tracking
Banks using scoring systems should have the management expertise and processes in place to
evaluate the models, validate their appropriate use, monitor and assess their performance on
an ongoing basis, and conduct proper validation. This oversight also should extend to any
scoring-based strategies employed.34
Any time a credit decision is made that is contrary to that indicated by the customer score, it
is known as a scoring override. Requests that meet or exceed the score cutoff but that are
33
For more information about nontraditional data sources, refer to OCC Bulletin 2019-62, “Consumer
Compliance: Interagency Statement on the Use of Alternative Data in Credit Underwriting.” Examples of
alternative data uses in modeling by banks include using enhanced assessments of repayment capacity,
including cash flow data, to evaluate the creditworthiness of consumers who currently may not obtain credit in
the mainstream credit modeling system.
34
For guidance regarding scorecard management and model risk management, refer to OCC Bulletins 1997-24
and 2011-12.

Version 2.0
denied are known as high-side overrides.35 Requests that fail the cutoff but are approved are
known as low-side overrides. Not only are these policy exceptions, but excessive levels of
overrides may diminish the effectiveness of the scoring models and may be indicative of
illegal discrimination on a prohibited basis (causing a violation of Regulation B).36
Furthermore, approved loans that fail to meet the score cutoff often perform worse than loans
above the cutoff. It is a prudent practice to evaluate low-side overrides by comparing them
with the bad rate at the lowest score band above the cutoff; the highest-scoring overrides just
under the cutoff should theoretically outperform the marginal passes in the next-highest score
band.
Override analysis is an important aspect of model validation. Decisions to override a model

suggests important information may be excluded from the model. For example, an omission
may result in incorrectly approving applicants who should be denied (low-side override) or
incorrectly denying an application that should be approved (high-side override). Banks
typically track override performance by reason, channel, analyst approving credit, and score
band. They also monitor the volume, the reason codes, and the quality of the override
segment. It is important to know why some applicants with low scores are approved and
others with high scores are denied. Override volume and quality may support the need for
underwriting criteria or score cutoff changes. Table 2 shows an example of override tracking.
Table 2: Example of Override Tracking
Scorecard Overrides
Number of Percentage Number of Percentage Percentage Percentage
overrides of overrides overrides of overrides of bad loans of bad loans
Score range approved approved denied denied (volume) (dollars)
800 or higher 50 100% 0 0% 1% 1%
750–799 100 95% 5 5% 1% 2%
700–749 200 93% 15 7% 2% 4%
675–699 300 88% 40 12% 3% 6%
650–674 400 89% 50 11% 5% 9%
625–649 60 15% 350 85% 8% 15%
600–624 10 9% 100 91% 11% 20%
Less than 600 2 4% 50 96% 100% 100%
Low-side overrides can be tracked by number as well as by dollar balances. Generally, banks
establish low-side and high-side override limits. Overrides are generally monitored as part of
back-end analyses. Based on the performance of overrides, management can make
adjustments to the models to reduce the volume of low-side and high-side overrides in the
future.
35
A high-side override can occur when the bank considers variables or characteristics that were excluded from
the model.
36
Under Regulation B, the prohibited bases are race, color, religion, national origin, sex, marital status, age, the
fact that all or a part of the applicant’s income derives from any public assistance program, or the fact that the
applicant has in good faith exercised any right under the Consumer Credit Protection Act or any state law on
which an exemption has been granted by the CFPB. Refer to 12 CFR 1002.2(z), “Prohibited Basis.”

Version 2.0
Scorecard-tracking reports, also known as ongoing model monitoring reports, are crucial for
effective scorecard management and provide valuable information for risk management and
marketing. Bank management generally monitors model performance to determine how
much the bank’s customer population has changed, to analyze and adjust cutoffs, and to
determine when it is time to redevelop a model. Reporting frequency varies from monthly to
quarterly, depending on volume, materiality, and the level of risk involved.
Scorecard reporting comprises two broad categories, front-end reports and back-end
performance reports. Front-end reports measure score distribution changes in the customer
and essentially determine whether the customer population is changing. This is important
because if the population changes significantly, it triggers the need for additional model
analysis and, possibly, model adjustment (e.g., recalibration, alignment, or weighting) or
redevelopment based on bank-established performance thresholds.
Key front-end reports include the following:
• Application distribution reports: Track approvals and denials and high- and low-side
overrides by score band, provide feedback on application volumes and the success of
marketing programs, and serve as an early warning of shifts in the risk profile.
• Population stability reports: Identify changes in the population by comparing score
distributions of the developmental sample with current production.
• Characteristic analysis reports: Compare the base population with actual results for
individual attributes. Tracking the change and trend of the attribute distribution over time
is a prudent practice. Third parties often provide developmental sample population
factors in scorecard manuals. Banks may also form a portfolio-specific benchmark
population from the testing or first use of the model and track population stability over
time. Banks may find it most useful to focus on the heavily weighted variables in a score.
• Scoring accuracy reports: Present the volume of scoring errors sorted by those deemed
significant versus minor. Significant errors may represent miscalculated scores resulting
in decisions on overrides that are inconsistent with the cutoff; minor errors are mistakes
that if corrected would not alter the credit decision.
Back-end reports compare actual versus expected results, and essentially determine whether
scorecards still differentiate risk sufficiently and indicate levels of risk accurately, depending
on their use. Back-end reports serve the dual purpose of measuring model efficacy and
evaluating overall portfolio quality.
Key back-end reports include the following:
• Vintage tables and charts: Measure the performance and trends of accounts originated
each month or quarter. These generally are the most fundamental and indispensable
model and portfolio management tools.
• Backtesting reports or delinquency distributions reports (DDR): Compare scores
with subsequent performance and evaluate the accuracy and rank-ordering ability of the
scorecards over time. DDRs present coincident delinquencies and actual delinquencies at
a point in time. This analysis is also used to evaluate the score-to-odds calibration and

Version 2.0
whether adjustments need to be made. It is also prudent to evaluate the accuracy of the
scorecards for combined scorecards.
• Maximum delinquency distributions reports (MDDR): Identical to DDRs, except that
MDDRs show “ever delinquent” statistics, which include delinquent loans that were
cured, repaid, or charged off. Delinquencies are presented using the same “bad rate”
definition used in the model development.
• Benchmarking: Compares a model’s inputs and outputs to estimates from alternative
internal or external data or models. Post-implementation vintage tables or charts and
delinquency distributions are typically benchmarked against the performance
distributions generated from the development sample to determine whether the models
are performing as expected. The distributions and tables based on the development data
should reflect the bank’s best guess of expected outcomes. Moreover, trends in the
benchmarking analysis would be evaluated to differentiate between random, but
temporary, deviations in performance (which may warrant minor changes in strategies)
from permanent, systematic deviations (which may warrant recalibration or
redevelopment of the models). Comparing the performance of two models on the same
data sample is also referred to as benchmarking. For example, a custom score could be
benchmarked against a generic score to evaluate whether the trend in both scores’
performance is similar or different. To compare the performance of two models, a sample
other than either model’s development sample must be used.
• Chronology logs: Identify internal and external changes that are expected to affect model
performance and the credit function so that a model can be properly evaluated in the
future. For example, a chronology log records important external macroeconomic
indicators, such as recession or changes in the unemployment rate, and internal changes
such as changes in cutoffs, collection strategies, or override policies.
• Early-warning analysis: Uses benchmark performance over shorter time horizons than
those used in the development of the model. Although the performance window from
many scoring models is 24 to 36 months, waiting up to three years to generate a valid
back-end analysis may be an unsafe or unsound practice. For that reason, early-warning
performance benchmarks based on the performance of the model development sample
over shorter performance horizons (e.g., 3, 6, 9, 12, 15, and 18 months) are typically
constructed and used to project the performance of the current portfolio over the next 24
to 36 months. Banks may track a different delinquency than the one modeled (e.g.,
tracking also 60 days past due instead of just 90) to accommodate the shorter
performance horizon associated with early-warning analysis.
Scorecard tracking reports are most effective when they are comprehensive and consistent
with the purpose of the model and when they use a level of rigor reflecting the importance of
the model in the decision process. Statistically valid tests are often more effective than the
use of judgment-based evaluation of charts.
Back-end analysis in particular is most effective when conducted at an appropriate level of

granularity, considering both key areas of business and model risk. For example, a model
may show high performance on aggregate but be underperforming in key segments, such as
marginal customers where the model’s score is most material in approve/decline and credit
decisioning.

Version 2.0
Prudent tracking practices include pre-committing to concrete performance bounds at the

segment level and on aggregate to ground expectations on model performance. Breaches of
performance bounds are typically then followed by concrete action steps to address model
performance, such as root cause analysis and model recalibration/redevelopment.
Third parties and credit repositories periodically publish scorecard odds for generic models.
Although the data can be informative and useful when implementing a new model, the data
are often outdated and differ significantly from individual bank results. Such p ooled-data
odds are generally not an appropriate substitute for portfolio-specific performance metrics
and credit score-to-odds mapping that is the basis for subsequent monitoring. Model
revalidations are typically performed using a discrete sample of applications and regularly
computed model separation measurements (e.g., Kolmogorov-Smirnov [K-S] scores or chi-
squared test).
It is important for bank management to understand
• which models are deployed.

• how the models are used.
• what control systems are in place to manage and monitor model performance.
• findings and model limitations raised by model validation.
• the quality of model risk management evaluated by internal audit.
• how cutoffs and strategies are developed.
• how risk/reward tradeoffs are made.
• how bank management analyzes portfolio and vintage performance and uses that
information to alter or improve targeting, underwriting criteria, cutoffs, and other scoring
strategies.
In short, bank management typically determines whether the bank’s models and related risk
management processes ensure that risk remains within approved tolerances.
Marketing and Underwriting of New Accounts

The competition in the credit card industry, combined with the relative saturation of the
market, makes new account acquisition a key component of a successful credit card program.
Marketing for new accounts has evolved from a relatively simple process of offering credit
cards to existing bank customers through “take-one” applications in branches to active
marketing and solicitation via diverse media channels across a large, often nationwide,
market. More specifically, account acquisition is most often accomplished through three
distinct methods: prescreened solicitations (typically using direct mail); approval of
completed applications; and portfolio acquisitions from third parties. Each method should
include sound underwriting practices to achieve and maintain desired portfolio quality.
Marketing is expensive and carries risk. Even successful marketing programs can leave the
bank with a new population of customers with higher risk profiles than the bank initially
sought. A bank’s marketing program typically depends on its size, strategy, and growth
plans, appetite for risk, and distribution network. A bank’s risk management function

Version 2.0
typically reviews marketing initiatives to verify that the initiatives are consistent with the
bank’s risk appetite. The bank’s marketing activities should be guided by a detailed, realistic
marketing plan that is consistent with the overall goals and objectives of its strategic plan and
complies with applicable laws and regulations. 37 Involving key functional areas of the bank
(e.g., credit risk management, operations, systems, legal, and compliance) in all aspects of
the marketing process helps control risks associated with marketing activities. Other
important components of a successful marketing program include experienced and competent
management and staff, reliable projections and market analyses, and complete and accura te
reports that track performance by product and initiative (such as a specific promotional or
balance transfer program).
Prescreened Solicitations
In a prescreened solicitation program, a credit card issuer generally uses a list of potential
customers to whom it will make firm offers of credit. Compilation of the list of names is
typically a joint effort involving the bank’s marketing and risk management functions or
credit divisions. Marketing is usually responsible for identifying the targeted population,
creating the products the bank offers, and controlling marketing costs. The risk management
function’s main responsibilities generally include establishing the prescreening credit criteria,
establishing credit lines, confirming compliance with appropriate consumer and fair lending
laws and regulations, and monitoring the success of the program after the accounts are
booked. The area in the bank responsible for the finances of the credit card program may
play a key role in projecting the impact that credit and marketing decisions will have on the
profitability of new accounts obtained through prescreened solicitations.
Before proceeding with any prescreened solicitation program, it is important for the bank to
have in place the systems necessary to capture and monitor needed data once accounts are
booked. For example, systems may need to capture credit bureau scores, number of
respondents, and reasons an applicant’s credit score may decline after approval. It is also
important for bank management to monitor the actual results of a prescreened solicitation.
These types of offers take time to develop and often give the borrower a period of time to
respond to the solicitation. During that period, bank management typically compares
accounts booked to expected credit criteria to ensure that the solicitation is providing the
credit profile and level of risk expected. Large deviations from the expected results could
indicate the need to end, expand, or increase management of the solicitation.
Credit card issuers usually plan prescreened campaigns throughout the year to obtain new
accounts. They may either purchase a list of names from a third-party list provider or from
the credit bureaus, or they may identify a segment of the bank’s customers. The bank then
provides these lists of names, along with written instructions of its prescreened criteria , to the
credit bureaus to start the prescreening process. Banks generally specify two types of criteria:
exclusion and credit.
37
For example, marketing materials are subject to the advertising and solicitation requirements in Regulation Z.
Refer to 12 CFR 1026.16, “Advertising” and 1026.60, “Credit and Charge Card Applications and Solicitations.”
Marketing programs must comply with the ECOA and all other applicable fair lending laws; section 5 of the
Federal Trade Commission Act, and sections 1031 and 1036 of Dodd–Frank.

Version 2.0
Exclusion criteria are applied to eliminate prospects that the bank does not want to consider
in the mailing. These prospects are not scored. People with seriously derogatory credit
histories, recent bankruptcies, or credit files with limited trade lines are examples of excluded
prospects.
Credit criteria are then used to subdivide the remaining prospects into different groups.
Issuers commonly incorporate credit bureau scores into these levels of credit criteria to create
marketing initiatives targeting prospects whose score ranges suggest a higher probability of
good performance rates. The different criteria levels allow the bank to market to individuals
with the overall risk profile it desires and to offer variations in the product and pricing based
on risk. Prospects usually are segmented into categories such as A, B, C, D, etc., with the
A category comprising the lowest-risk consumers. Prospects that do not qualify for level A
are considered for level B, those that do not qualify for level B are considered for level C,
etc. The last level includes consumers who do not qualify for the higher levels but passed the
general exclusion criteria.
Banks also establish criteria for credit line assignments. Some banks assign the credit line up
front and disclose it to the consumer as part of the prescreened offer.
Another common approach is for banks to offer the consumer a credit limit up to a certain
amount. The bank does not assign the credit line until after the consumer responds to the
solicitation. The criteria that each bank uses vary but may be based on a combination of
disclosed income, credit bureau score, and criteria level.
Certain practices in connection with this type of “up to” marketing present high compliance
and reputation risks. As a result, banks should not engage in practices that could be
considered unfair, deceptive, or abusive, including the following:38
• Targeting consumers who have limited or poor credit histories with solicitations for a
credit card with a maximum, or “up to,” credit limit that is far greater than most of these
applicants are likely to receive.
• Providing most applicants with a “default credit line” (the lowest credit line available)
that is significantly lower than the maximum amount advertised, while failing to disclose
fully and prominently in the promotional materials the default credit line and the
possibility that the consumer will receive it.
• Advertising possible uses of the card when the initial available credit line may be so
limited that the advertised possible uses are essentially illusory.
Banks should also consider providing and disclosing a readily exercisable mechanism for
consumers to cancel the card at no cost when they learn the actual credit limit granted. 39
For more information, refer to the “Unfair or Deceptive Acts or Practices and Unfair, Deceptive, or Ab usive
38
Acts or Practices” booklet of the Comptroller’s Handbook.

39
Card issuers cannot impose a fee on consumers who close their accounts. Refer to
12 CFR 1026.52(b)(2)(i)(B)(3).

Version 2.0
Prescreened solicitation campaigns often include a promotional rate to attract customers and
to induce new and existing customers to transfer balances from other credit cards. A typical
promotional rate solicitation involves representations that an applicant or current cardholder
may, for a limited time, receive a reduced annual percentage rate (APR) on certain credit
card charges or transactions. The reduced APR generally is in effect for only a specified
period of time.40
Once the credit bureau prescreens the list of prospects against the bank’s criteria, the bank
has the opportunity to review the breakdown by criteria level. The information the bank
receives at this point does not have identifying information about the consumers, such as
names and addresses. This is done to avoid triggering provisions of the FCRA. Therefore, the
bank can still eliminate prospects if it wants to reduce the size of its overall mailing or the
number of consumers solicited within a certain criteria level.
The Consumer Compliance series of Comptroller’s Handbook booklets; the OTS

Examination Handbook, section 1300, “Fair Credit Reporting Act,” and other related
issuances describe FCRA and relevant provisions of the Fair and Accurate Credit
Transactions Act of 2003 (FACT Act). These resources also provide information on a bank’s
ability to deny credit to consumers targeted in a preapproved solicitation campaign. With few
exceptions, once the bank receives the list with prospect names and other identifying
information, a firm offer of credit to each consumer on the list should be made.41 As a result,
management should verify that the list is based on the criteria that it submitted to the credit
bureaus and list processors. For example, management should complete audits to ensure that
the credit bureaus applied the correct credit criteria (i.e., the criteria management originally
submitted, which may differ from its current criteria). Management should complete this
audit after the credit bureau prescreening, but before taking delivery of the names.
Many banks use a third-party list processor throughout the prescreening process. The list
processor performs various steps, such as eliminating duplicate names and existing
cardholders and verifying addresses. The bank may also use scoring models to help identify
consumers who would be more likely to respond and to provide more income to the bank by
revolving their balances. Identifying more likely responders has become a very important
aspect of prescreening campaigns, since industry reports show that response rates have
declined from around 5 percent to less than 1 percent in recent years.
After the bank receives the prospect names, it solicits the consumers by direct mail,
telemarketing, social media, or a combination of these and other solicitation efforts. The bank
or a third-party then processes the consumer responses. Some banks then obtain updated
credit bureau information on all responders. This may lead to a favorable or unfavorable
change in credit score, not necessarily because a consumer’s behavior has recently changed,
but because the bank now has a more complete profile of the borrower. Once the bank books
40
Such promotional offers are subject to limitations and disclosure requirements in Regulation Z. Refer to
12 CFR 1026.16 and 1026.60.
41
Refer to 15 USC 1681b(c)(1) for the requirements for furnishing reports in connection with credit or
insurance transactions that are not initiated by a consumer.

Version 2.0
the new accounts, its risk management function should analyze the results and characteristics
of the responders to determine whether the bank was successful in attracting the types of
consumers it intended to target.
Results of previous prescreened solicitations provide valuable information for future

programs. One method the risk management function may use to analyze results is to
complete a vintage analysis. Bank management may organize vintages by solicitation
campaign or by quarterly or annual periods. At a minimum, most vintage reports include
delinquency and credit loss information. A more comprehensive vintage report would include
bankruptcy, activation, utilization, and attrition information. Vintage reports are an effective
way to compare the performance of various segments of the portfolio, based on the
origination period and acquisition method. The reports also can be used to compare actual
with projected performance to enable the risk management function to determine the reason
for significant differences.
A bank’s risk management function typically helps establish credit criteria and performance
projections before the prescreened solicitation campaign is executed and also analyzes the
results of the campaign after execution. Sound oversight generally includes a review of the
results of prescreened solicitation campaigns within a relatively short time, such as three
months, to determine the quality and quantity of responders. Reviews of activation rates,
balances, and delinquencies would typically occur shortly after execution. Over the next six
months to a year, the risk management function may review the financial results of each
major prescreened solicitation campaign, comparing these results to initial forecasts.
An effective account acquisition program usually includes testing changes in credit standards
and marketing practices before full rollout of the campaign. Effective testing programs have
defined objectives and requirements for analysis, review, and decision making. A bank may
perform a wide variety of tests to evaluate variables, such as changes in criteria, cutoff
scores, pricing, and product type.
For example, assume a bank plans to solicit 1,000 names for a prescreened offering. One test
may allow 50 of those solicited to have two 60-day delinquencies on credit reports within the
previous 12 months, even though this population normally would be excluded from offers.
These 50 are the test group. The remaining 950 solicited consumers are the control group.
Bank management then monitors the test group’s performance in relation to the control group
until management can reach a reasonable conclusion about the effect of the change in
delinquency standards. The time period for tests may vary, depending on the credit standard
or borrower characteristic management is testing. It may take up to 18 months before a bank
can make a valid conclusion regarding changes to credit criteria.
Applications
Banks market credit card applications in various ways, including via the internet, direct mail,
telemarketing, magazine inserts, partner relationships, and countertop “take-one”
applications. Most banks use an automated application processing system to process
applications. Typically, information from applications filed electronically goes directly to an

Version 2.0
issuer’s application system, while an analyst may manually process an application mailed to
the bank. The bank automatically obtains a credit bureau report in connection with
processing an application. Appropriate controls typically include processes to confirm that
data from the applications are entered correctly.
In recent years, major issuers relied primarily on automated scoring systems to decision
credit card applications, with a small segment of applications referred to judgmental
underwriting. Judgmental underwriting involves undertaking a manual review using the
bank’s underwriting policy and established guidelines that define the quality of new
accounts. When credit scoring is used to grant credit, quality is controlled by setting the
cutoff score based on the desired loss rate. Because of the volume of applications and the
desire for rapid decision making, most large issuers use scoring. When judgmental
underwriting is included in making the credit decision, it should be tightly controlled to help
ensure that underwriters or analysts consistently follow policy and comply with applicable
consumer protection-related laws and regulations. The bank controls the quality of new
accounts by establishing well-understood controls and credit guidelines in its policy and
performing routine QC reviews.
A card issuer must consider a consumer’s ability to make the required minimum periodic
payments under the terms of an account.42 Specifically, issuers must determine an applicant’s
ability to pay based on an assessment of the applicant’s current or reasonably expected
income or assets and his or her current debt obligations. The card issuer may limit its
consideration of a consumer’s current or reasonably expected income or assets to the
consumer’s independently verifiable income or assets. To meet the ability-to-pay
requirement, issuers should have access to information regarding the applicant’s income or
assets and current obligations at the time of application. This information may be available in
several ways: The applicant may provide it at application; the issuer may have access to
recent information (e.g., within 12 months) through other established bank products, as well
as from third parties (such as data aggregators) or affiliates, subject to applicable
information-sharing rules; or the information may be estimated through an income estimator
model that is “empirically derived, demonstrably and statistically sound.” 43
The underwriting process varies among issuers. The proportion of scored versus
judgmentally decided applications is not always the same. Most issuers choose to assess
ability to pay as the last step in the approval process, but issuers do not have to wait until the
end of the process to do so. Whatever the bank’s underwriting structure, however, examiners
should determine whether the bank has established and implemented well-defined guidelines
for the credit approval process to mitigate compliance, operational, credit, and reputation
risk.
42
Refer to 12 CFR 1026.51.
43
Refer to 12 CFR 1026, supplement I, comment 51(a)(1)(i)-5.

Version 2.0
Portfolio Acquisitions
Investors acquire credit card portfolios for many reasons. They may want to expand an
already established credit card business quickly, realize improved economies of scale,
diversify product lines or niches and geographic markets, or increase profits. A seller, on the
other hand, may wish to reinvest in other investments, recapitalize its business, or increase
liquidity. Whatever the reason, there are markets for credit card portfolios, and the premiums
can be lucrative.
Banks should have procedures, systems, and controls in place to govern portfolio
acquisitions. Procedures provide consistent analysis throughout the acquisition process and
reduce the risk that a critical item or aspect of the transaction will be overlooked. Effective
procedures incorporate detailed instructions regarding such areas as prospective portfolio
reviews, due diligence, and final analysis.44
Further, the due diligence review should include an assessment of the selling institution’s
policies and processes for its customer identification program (CIP), Bank Secrecy Act/anti-
money laundering (BSA/AML) program, and Office of Foreign Assets Control (OFAC)
compliance to determine whether the selling institution’s activities are consistent with the
acquiring bank’s procedures. Also, credits that are inconsistent with the acquiring bank’s risk
management should be identified and removed from the portfolio acquisition. If the portfolio
contains subprime credit cards, examiners should refer to the guidance in OCC Bulletin
1999-10, “Subprime Lending Activities: Interagency Guidance” (national banks and FSAs),
and OCC Bulletin 1999-15, “Subprime Lending: Risks and Rewards” (national banks).
Although OCC Bulletin 1999-15 does not apply to FSAs, it describes prudent practices that
FSAs may consider when managing a portfolio containing subprime credit cards.
Examiners should test a sample of new accounts to determine the level of adherence to the
bank’s policies and the quality of accounts coming into the bank. Sampling techniques are
discussed in detail in appendix A, “Transaction Testing.” Refer to the “Purchased Credit
Card Relationships” section of this booklet for a discussion of intangible assets resulting
from credit card portfolio acquisitions.
Account Management
Account management is the loan administration piece of credit card lending and describes the
treatment of booked accounts. As with account acquisitions, account management includes
heavy involvement from risk management or risk policy, marketing, operations, compliance,
customer service, customer retention, and payment processing.
Examiners should refer to guidance issued in OCC Bulletin 2003-1, “Credit Card Lending:
Account Management and Loss Allowance Guidance,” which covers such areas as credit line
management, over-limit practices, minimum payment and negative amortization, workout
and forbearance practices, income recognition and loss allowance practices, and policy
For more information about loan purchase activities, refer to OCC Bulletin 2020-81, “Credit Risk: Risk
44
Management of Loan Purchase Activities.”

Version 2.0
exceptions. Although the “Introduction” section of this booklet discusses account

management in general terms, examiners should refer to OCC Bulletin 2003-1 during the
examination process. Examiners should also review the steps in the “Examination
Procedures” section of this booklet, as well as the steps in appendix A, “Transaction
Testing.”
The account management process begins with monitoring at the levels of portfolio, portfolio
segment (e.g., product, vintage, credit risk, marketing channel), and account. Bank
management relies on MIS and tools, such as behavioral and credit bureau scoring, to
identify positive and negative trends. Analyses of those trends and the reasons behind them
provide bank management with a basis for strategies to enhance performance and optimize
profitability. These strategies often involve credit decisions. The analysis should also cover
the types of activities in which customers engage and should include a determination whether
the activities are consistent with similarly situated customers. The eligibility requirements
and treatment characteristics are as important as the underwriting criteria for the product.
Account management strategies can be used on an individual account basis, or for entire
portfolios or selected segments of portfolios. The strategies can be manual or automated.
Regardless of the strategies employed, banks should develop and implement policies and
procedures that adequately monitor and control the assumed risk and that provide for
consistent treatment of similar customers. Account management processes for small or
noncomplex banks are typically not as formal and automated as they are in large or complex
banks. Examiners should assess whether account management processes are commensurate
with the size, complexity, and risk profile of the bank’s credit card lending.
Some banks use a one-size-fits-all approach to account management, in which there is one
option and the customer either meets the criteria or does not. Other banks deliver a range of
options based on each customer’s creditworthiness and needs. The latter approach requires
extensive use of technology and system support but can expand the account management
options that the bank uses and prove to be more profitable in the long run.
Just as with initial product design, bank management should test account management
initiatives before full implementation, as described in OCC Bulletins 2003-1 and 2017-43.
Banks often use a “champion/challenger” technique to test account management initiatives,
in which the existing practice is deemed the champion and one or more modifications applied
to smaller portions of the portfolio are tested and deemed the challengers. After observing
performance over a period, usually several months, the account treatment that was changed
in or applied to a well-performing challenger may be applied to a larger population or may
even replace the champion. Conversely, poorly performing strategies are either modified or
discontinued. Ongoing and thorough analyses are critical to reaping the benefits of multiple
strategy scenarios. For the strategies to be meaningful, it is important that the strategy
populations be isolated from other account management strategies. Otherwise, it may be
impossible to determine factors contributing to the outcome with any degree of reliability.
Some of the more common account management activities are described in the following
sections.

Version 2.0
Line Increases and Decreases
Generally, lines are increased for account holders who have demonstrated the financial
capacity to perform on a new, higher credit limit. Line increases must be supported with
information documenting a cardholder’s ability to pay. 45 Conversely, lines may be decreased
for account holders showing negative financial trends, based either on performance on the
bank’s credit card account or credit bureau information. Current account line decrease
programs generally do not reduce line amounts below outstanding balances. In addition,
Regulation Z requires the issuer to provide advance notice of the decrease before an over-the-
limit fee or a penalty rate can be imposed solely due to the consumer exceeding a newly
decreased credit limit.46
Applying line decreases to current accounts is a difficult issue. Credit line assignments have
been a major competition point for many years, and customers may view them as a status
symbol or indication of value to the bank. As banks strive to better control unfunded
commitment exposure, however, they may reduce credit card limits to better reflect an
account holder’s typical line usage and financial resources.
A bank may also suspend or freeze a line at the cardholder’s current balance. This account
management activity is typically applied when a borrower experiences financial difficulties
and is used in conjunction with a temporary or long-term workout program. These programs
are discussed in the “Collections” section of this booklet.
Over-Limit Authorizations
Banks generally maintain guidelines to determine whether accounts are authorized for
transactions that exceed customer credit lines and to determine how much excess is allowed.
For example, credit card accounts of the most creditworthy individuals may be approved to
allow those customers to exceed their credit limits by 20 percent to 30 percent.
Over-limit approvals are generally granted for only a bank’s most creditworthy account
holders.47 Assigned credit limits reflect the dollars a bank is willing to risk with a given
customer (based on his or her financial capacity and condition). Over-limit approvals are
underwriting exceptions, and it is prudent to identify, track, and report these approvals as
such because accounts with a balance over the stated limit pose more risk than accounts that
do not exceed stated limits. Further, prudent over-limit practices manage and focus on
reasonable control and timely repayment of amounts that exceed established credit limits.
Alternatively, the credit card account holder agreement may require that over-limits be cured
Refer to 12 CFR 1026.51, “Ability to Pay,” and the “Truth in Lending Act (Interagency)” booklet of the
45
Comptroller’s Handbook for more information on ability-to-pay requirements.

46
Refer to 12 CFR 1026.9(c)(2)(vi).
47
Maintaining policies regarding consistent treatment of similarly situated customers in these over-limit
authorization decisions (and other account decisions discussed in this booklet, e.g., approvals and line increases)
can help a bank to avoid violations of fair lending laws and regulations. Such policies may also help to avoid
UDAP and UDAAP.

Version 2.0
when billed; in this case, if the cardholder remits only the minimum payment required
(usually calculated as 1 percent of the principal, along with finance charges, and fees), then
the account is considered delinquent. Banks should provide consumers with clear and full
notice of the consequences of an over-limit.48 In addition, an issuer should not assess a fee or
charge for an over-limit transaction unless the consumer affirmatively consents (or opts in) to
the card issuer’s payment of over-limit transactions. Regulation Z contains additional
requirements for over-limit authorizations and fees. 49
If accounts routinely exceed credit limits, then management may be concerned either with the
initial line assignment or with the risk management process. In addition to chronic over-limit
accounts, over-limit approvals for accounts that previously exhibited high and generally
unused line assignments could signal credit problems. It is a prudent practice for
management teams to assess the bank’s over-limit policies and the impact of these policies
on an ongoing basis.
Repricing of Accounts and Other Changes to Credit Terms
Credit card issuers may increase a cardholder’s APR to address credit risks that arise when
the cardholder fails to make timely payments on the account; this is referred to as penalty
pricing. If the cardholder makes timely payments for six consecutive months at the high er
rate, however, Regulation Z requires that the APR be returned to the rate charged before the
increase.50
Account Closures
Banks typically have a policy governing when an account should be closed. Sound policies
and procedures typically include processes for identifying and reporting of suspicious
activities, including fraud or suspected identity theft, when appropriate. Although account
closure typically occurs as a result of collection and loss mitigation activity, bank
management typically also considers circumstances under which current accounts should be
closed to control risk, contingent liabilities, and cost. Examples of appropriate line closures
include accounts of deceased customers, accounts of bankrupt customers, accounts that have
been inactive for a specified time, and accounts that show significant financial deterioration
over a relatively short time. Policies and procedures typically include language that
recognizes that there are fee and interest restrictions for accounts, for example, in cases of
bankruptcy or a deceased customer. Policies and procedures must address timely settlement
with the executor or administrator of a deceased customer’s account.51
48
The notice in the original credit card agreement might not be sufficient to prevent a card issuer’s treatment of
over-limits from being considered an unfair, deceptive, or abusive practice in some cases.
49
Refer to 12 CFR 1026.56, “Requirements for Over-the-Limit Transactions” for these requirements.
Refer to 12 CFR 1026.55 and the “Truth in Lending Act (Interagency)” booklet of the Comptroller’s
50
Handbook for requirements and information about penalty pricing.

51
Refer to 12 CFR 1026.11(c), “Timely Settlement of Estate Debts” for information on this requirement.

Version 2.0
Cross-Selling Initiatives
Banks generally develop marketing strategies designed to target various components of their
retail credit portfolios with additional loan or service offers. If developed properly, such
activities often serve to reinforce the relationship with the consumer. To avoid practices that
may be unfair, deceptive, or abusive, however, it is important for management to determine
that the customers have not opted out of receiving solicitations; that those customers that are
solicited have the financial resources to support the additional product or service; and that
fee-based services actually add value. Cross-selling initiatives must comply with all
applicable fair lending laws and regulations. Otherwise, the bank could create customer ill
will and violate the law by soliciting customers with inappropriate offers or an unmanageable
payment burden.
Retention Strategies
The competitive environment is rife with substitute offers and refinancing opportunities.
Consequently, many large banks have found it beneficial to develop techniques for
identifying profitable customers who may be targeted by competing offers and to contact
those customers proactively to offer them more attractive or enhanced products that typically
include reduced interest rates, higher credit lines, convenience checks, or upgrades to
associated products or services. Banks that do not engage in proactive offer activities
generally develop reactive profitability and performance qualification guidelines for
alternative products or a refinancing should a customer call to close an account. As with
other account management activities, sound risk management generally includes tracking the
volume of retention calls (in and out), the “save” rate, and the ongoing performance of those
accounts. This information can be used to assess the profitability of retention initiatives and
to adjust policy.
Other Account Management Tools
Some banks offer “payment holidays,” or skip-a-pay programs, in which customers are given
the option to skip a payment for a billing cycle. This practice has evolved in response to
competition. Although these programs generally may be profitable to the bank because
interest continues to accrue during the billing cycle, they can be detrimental because they
lengthen the repayment term and impair risk analyses that rely on regular payment streams.
“Pay-aheads” occur when a customer makes a payment that exceeds the minimum amount
due and the bank keeps track of the excess payment and reduces future payments
accordingly. When the customer makes a substantial payment over the minimum payment
and the payment is applied to future payments, the borrower may have months or periods
when no minimum payment is required. Bank management uses the required minimum
monthly payment to measure the borrower’s ongoing willingness and ability to repay the
outstanding card balance. Having periods with reduced or no minimum payment can inhibit
management’s ability to measure the borrower’s ongoing willingness and ability to repay.
The use of pay-aheads may reduce the accuracy of delinquency reporting. Sound risk
management generally limits the use of pay-aheads to accounts with low risk characteristics.

Version 2.0
Banks that accept pay-aheads on credit card accounts must comply with 12 CFR 1026.53,
which sets forth the requirements for the allocation of the excess payment amounts.
Match-pay programs are yet another type of account management tool. In this program,
frequently used in collections, the bank offers to match all or a part of the payment being
made by the borrower. The bank’s portion of the payment is typically limited to an amount
that results in a principal reduction only and is not so large as to cover finance charges and
fees.
Finally, convenience checks present risks that a bank can minimize by offering the product
only to customers exhibiting low credit risk and low line utilization. Frequently, these checks
come with a low, promotional interest rate to induce customers to use them. Banks generally
implement controls to reduce risks associated with convenience checks. For example,
convenience checks with a short-term expiration date, usually 30 or 45 days, limit the risk of
a cardholder using the checks at some date in the distant future when he or she is
experiencing a financial hardship.
Banks may also offer incentives to borrowers for credit card use, including rewards for
travel, points for purchases and discounts, cash back, and other offers. These incentive
programs and their structures vary across issuers and credit card products. Examiners should
evaluate the risks and risk management of incentive programs.
Examiners should be mindful of incentive programs with cash back rewards and the potential
impact to repayment capacity. When borrowers are affected in times of economic distress,
such as natural disasters, banks may allow borrowers to apply cash back rewards or convert
miles or points to cash to make the minimum monthly payment. This practice could be
reasonable in the wake of a natural disaster but may not be a reasonable practice in the
normal course of business. If a bank allows the borrower to receive a cash payment with cash
back rewards, then it is reasonable to assume that the borrower could use the cash to make
the minimum payment. Repeated borrower use of cash rewards to make minimum payments
does not, however, demonstrate the borrower’s ongoing willingness and ability to repay and
could, in extreme situations, mask delinquency resulting from changes in a borrower’s
financial situation. This may not be a significant risk as cash back rewards tend to be low
relative to minimum payment requirements. These accounts could pose a different level of
credit risk than borrowers making payments as agreed without using cash rewards.
Banks that allow for the conversion of miles or points to cash may exhibit increased credit
risk as these conversions are not standardized and could vary by program for a miles card
compared to a points card even when issued by the same bank. Different conversion rates
could create confusion for borrowers and could lead to an increase in complaint volumes. If a
bank uses conversions, disclosure of information about the conversion rate and usage is
prudent to include in contracts or disclosures to borrowers.
Prudent risk management practices include covering these tools in bank policy, closely
monitoring their use, and periodically assessing to confirm that the tools are not used to mask
delinquencies. Further, account management reports typically depict the condition of the

Version 2.0
portfolio accurately and completely. Reports and analyses should identify and explain trends
and anomalies. From these reports, management may be able to discern the level of success
of strategies in place and the strategies’ impact on performance. Examiners should evaluate
how bank management uses account management reports to adjust policies and strategies, as
well as the timeliness of management responses to identified concerns.
Examiners should test various account management strategies through a sampling of

accounts. Information on sample types and sizes is included in appendix A, “Transaction
Testing.”
Securitized Assets
Asset securitization began with structured financing of mortgage loan pools in the 1970s. The
market continued to evolve with the securitization of auto loans and credit card receivables in
the mid-1980s. From that time until the recession that began in 2008, banks and other
financial services providers significantly increased the use of asset securitization to fund
receivable growth, manage balance sheets, and generate fee income. Securitization activity
has been limited since the 2008 recession, as banks have used low cost funds to provide
liquidity. The volume of securitization activity may increase over time if alternative liquidity
sources become less cost effective than securitization. 52
Collections
As with other loan portfolios, issuers experience credit and fraud (operational) losses in
credit card portfolios. Reasons for the losses include changes in underwriting standards, mass
marketing of cards in a saturated market, economic downturns that may influence a
consumer’s ability to repay due to unemployment or reduced income, consumer bankruptcy,
information breaches, and identity theft. Collection systems and controls historically have not
kept pace with new account generation, and examiners should focus on all collection
processes.
Credit Losses
An effective collection process is a key component of controlling and minimizing credit

losses. The problems associated with an inadequately managed collection function include
• reduced earnings caused by increased loan losses and reduced recoveries.

• inaccurate or late communications of performance concerns to senior management and
the board of directors.
• inaccurate reporting of past-due and charged-off loans, and possibly imprudent strategic
decisions for the loan portfolio.
52
Refer to the “Asset Securitization” booklet of the Comptroller’s Handbook (national banks) and OTS
Examination Handbook, section 221, “Asset-Backed Securitization,” (FSAs) for more information and
examination procedures about credit card securitizations.

Version 2.0
• improper use of re-aging (that is, changing the delinquency status of an account), fixed
payment and other workout programs, settlement agreements, or other collection-related
practices.
• insufficient allowance for loan and lease losses (ALLL) or allowance for credit losses
(ACL) caused by weak MIS, inaccurate past-due figures, and the improper use of re-
aging, fixed payment programs, etc.
• inadequate audit trail for collection and recovery activities.
• poorly trained employees, resulting in loss of productivity, collections, and recoveries.
• violations of law and regulations, potentially including fair lending issues.
The collection function is challenging to manage properly because of the size and complexity
of the typical credit card issuing business and the labor-intensive nature of collections.
Consequently, the use of specialized, state-of-the-art technology is increasingly appropriate
to optimize productivity and control overhead costs. Bank management responsible for
collections typically use the technology and current and historical information at its disposal
to formulate a strategy for optimizing the bank’s collection efforts. The collections strategy
typically directs collection efforts to accounts with the greatest risk of loss and the greatest
potential for collection.
Collection departments may be structured in several ways. The most common approaches are
“cradle-to-grave” and back-end/front-end segmentation. In the cradle-to-grave approach, a
collector works with an account from the earliest stage of delinquency through all of the
succeeding stages, or delinquency buckets. This approach is most often used in community
banks in which the collection staff is small. In the back-end/front-end segmentation
approach, some collectors specifically handle early-stage (front-end) delinquency accounts
while others handle later-stage (back-end) accounts. Large banks often use this approach.
Some banks have chosen to outsource the collection function to a third party, rather than staff
an internal department. Because the third party is collecting the bank’s accounts, however,
there is increased compliance and reputation risk with this type of activity. Banks that use
such third parties should engage in sound third-party risk management. Third-party risk
management should include confirming that the third party is adhering to all legal and
regulatory requirements and treating the bank’s customers appropriately. 53
Collection departments vary significantly in structure and approach. They have at least one
challenge in common, however: the need to closely supervise collection staff. Collection
supervisors typically have both collection experience and good management skills.
Collection department supervisors regularly review collectors’ performance in areas such as
number of contacts made, time per contact, and promises to pay versus dollars received.
Supervisors’ monitoring of customer complaints regarding collection and individual
collectors’ calls, as well as the documentation for those calls, helps ensure that collectors
53
For more information about third-party risk management, refer to OCC Bulletins 2013-29 and 2020-10.

Version 2.0
treat customers fairly and comply with internal policies and debt collection laws and
regulations.54
Examiners should understand how bank management determines the optimum level of
accounts per collector, a crucial factor in preventing and controlling charge-offs. A single
collector can be responsible for hundreds of accounts. A collector’s assigned workload can
vary widely depending on the type of account (bank card or retail) and the technology used.
In addition, front-end (early delinquency) collectors typically handle significantly more
accounts than back-end (severe delinquency) collectors.
Collection strategies determine the specific accounts on which collectors work, the timing of
collection activities, and the manner of the contact (e.g., phone calls, collection letters, or
legal letters). In many banks, collection strategies rely on behavioral scoring models that
predict the likelihood of collection. Some banks also use champion/challenger collection
strategies. Using such information, bank management can effectively direct collection efforts
with an emphasis on dollars at risk. Bank management typically maintains close control over
collection strategies because, in some cases, a seemingly minor change can significantly
affect the dollars collected. Examiners should assess the effectiveness of the bank’s
collection strategies, processes, and reports generated.
Collections strategies are advancing with technology as banks are using AI and ML to hone
the collections process. These strategies have expanded over time and are expected to create
efficiencies and more targeted strategies focusing collectors’ activities on borrowers who are
more likely to pay and looking for other collection methods for borrowers who do not
respond to traditional collection methods. Banks are also using text alerts and social media
contacts to prevent defaults and enhance their relationship with customers to make collection
efforts easier.
Examiners should have a general understanding of the technologies employed by collection

departments to evaluate a collection department’s effectiveness. Examiners also should
review the bank’s collection training program. Nearly all well-managed collection operations
have formal classroom and on-the-job training programs, which include instruction on new
processes, procedures, or regulatory requirements for new and existing employees.
Examiners should also assess whether collections practices comply with the requirements of
the FDCPA.
Management of an account increasingly includes practices such as re-aging, fixed payment,

settlement, and Consumer Credit Counseling (CCC) Service programs. The “Uniform Retail
Credit Classification and Account Management Policy”55 and “Credit Card Lending:
54
Refer to the “Compliance Management Systems” booklet of the Comptroller’s Handbook for more
information about complaint resolution processes.
55
Refer to OCC Bulletin 2000-20, “Uniform Retail Credit Classification and Account Management Policy:
Policy Implementation.”

Version 2.0
Account Management and Loss Allowance Guidance” 56 provide guidance on the use of these
collection tools. Although the following sections describe these tools, examiners should refer
to these issuances for more information.
Re-Aging
The credit card industry often uses a tool called re-aging, which involves changing the
delinquency status of an account. The term applies to both forward and backward changes,
and re-aging often occurs in both the customer service and collection areas. For example, a
payment on an account subsequently returned for not sufficient funds (NSF) could result in
re-aging the account into a more severe delinquency status, whereas a delinquent account
could be brought current if certain payment requirements are met. This discussion focuses on
instances of collection re-aging in which delinquent accounts are brought current rather than
on one-time customer service actions (e.g., correcting bank errors, cases involving a
borrower who does not have history of becoming delinquent).
The practice of bringing a delinquent account current originated to acknowledge and assist
customers who corrected previous, usually one-time, cash flow problems. To prevent the
accounts from showing as perpetually delinquent, the bank re-ages them to show them as
current. The practice evolved with some issuers inappropriately using re-aging to mask
longer-term or frequent delinquency of troubled borrowers.
Consistent with the “Uniform Retail Credit Classification and Account Management
Policy,”57 banks that re-age open-end accounts should establish a reasonable written policy
and adhere to it. For example, a policy may provide that the borrower make at least three
consecutive minimum monthly payments or the equivalent amount before the account can be
re-aged to current. Three consecutive payments, rather than a single lump-sum payment, may
be better evidence of the customer’s ongoing willingness and sustained ability to pay. In
addition, the policy may provide that an account should have been on the books for at least
nine months to be eligible for re-aging and that the number of re-agings on an account should
be limited to one in 12 months and two in five years. Examiners should
• carefully review the analysis that supports the bank’s decision to re-age accounts and the
bank’s re-aging parameters.
• understand the re-aging program in place and review available reports.
• assess the bank’s re-aging practices, including bank management’s supervision of the
activity.
• sample a number of re-aged accounts to determine whether the bank’s practices are
consistent with its policy.
Refer to OCC Bulletin 2003-1, “Credit Card Lending: Account Management and Loan Loss Allowance
56
Guidance.”
57
Refer to OCC Bulletin 2000-20.

Version 2.0
Examiners also should consider the bank’s policies and practices in light of the “Uniform
Retail Credit Classification and Account Management Policy.”58 Sampling techniques for re-
aged accounts are included in appendix A of this booklet.
Because of potential risks associated with re-aging, the practice should be governed by
appropriate policies and procedures. The bank’s re-aging policy typically addresses the
following:
• Approval and reporting requirements.

• Age of the account before it is eligible for re-aging.
• Status of the account while re-aging: closed, blocked, or open.
• Consideration of the borrower’s overall capacity to repay (factors such as incom e, length
of employment, and other debts) in the re-aging decision.
An improperly managed re-aging program can lead to pools of problem receivables. It also
can understate delinquency and charge-off figures, as well as impede accurate analysis of the
adequacy of the ALLL or ACL. Therefore, reports for the re-aging program should be
accurate. Effective oversight of re-aged accounts includes a review of regular reports
showing both the number and dollar amount of newly re-aged accounts (current month) and
those re-aged within the past 12 months. According to the “Uniform Retail Credit
Classification and Account Management Policy,”59 bank management should monitor
cumulative historical data that show the performance of loans that have been re-aged,
extended, deferred, renewed, or rewritten and/or placed in a workout program. Without this
information, management generally cannot determine the effectiveness of re-aging practices.
For example, if the bank ultimately charges off a large percentage of re-aged accounts within
a 12-month time frame, management should determine whether the outcome (dollars
collected before charge-off versus collection costs) justifies the practice.
Fixed Payment Programs
Another practice often used in the collection arena is the fixed payment program. Such
programs are targeted to borrowers with prolonged or severe credit problems in an attempt to
both work with the borrower and to encourage continued repayment. These programs can be
either temporary (up to 12 months, after which the account returns to its original terms) or
permanent (whereby the account is closed and the balance fully amortized over a term that
generally should not exceed 60 months).60 Guidance on the terms of temporary programs and
programs lasting longer than 12 months are addressed by OCC Bulletin 2003-1.
58
59
Ibid.
60
Examiners should be aware that 60 months for a fixed payment program has been common practice in the
past. Over time, banks have begun testing fixed payment programs of up to 72 months, which may provide
better performance or allow more borrowers to qualify for a workout program. Examiners should assess any
changes to the duration of fixed payment programs to determine whether borrower performance and loan
repayment have improved or declined.

Version 2.0
Although most banks offer one or more fixed payment or other workout programs, program
characteristics can vary. Programs typically consist of a fixed payment amount over a
specified period of time and often include a reduction in interest rate. Concessions such as
reductions in interest rates and delayed payment schedule adjustments may be troubled debt
restructurings (TDR) as defined in ASC 310-40, “Receivables – Troubled Debt
Restructurings by Creditors.” A TDR is a restructuring in which a bank, for economic or
legal reasons related to a borrower’s financial difficulties, grants a concession to the
borrower that it would not otherwise consider.
As would be done for loans and other extensions of credit, estimates of losses on credit card
receivables should reflect consideration of all significant factors that affect the collectability
of the portfolio as of the evaluation date. Examiners should refer to OCC Bulletin 2006-47,
“Allowance for Loan and Lease Losses: Guidance and Frequently Asked Questions on the
ALLL”; OCC Bulletin 2020-49, “Current Expected Credit Losses: Final Interagency Policy
Statement on Allowances for Credit Losses” (for banks that have adopted ASC Topic 326,
“Financial Instruments – Credit Losses”); and the call report instructions.
Loss rates associated with fixed payment programs are generally higher than those of the
total portfolio because of the borrowers’ financial problems. The bank should have policies
that specify the terms and conditions of fixed payment programs, such as qualifications for
entering the program and how long an account can stay in the program (as explained in the
guidance conveyed by OCC Bulletin 2003-1). Prudent oversight of fixed payment programs
involves effective controls and ongoing monitoring. Regular analysis allows management to
determine whether fixed payment programs ultimately benefit or harm the bank.
The examiner should assess the prudence of the fixed payment programs in place and the
dollars involved. The guidance conveyed by OCC Bulletin 2003-1 includes characteristics of
effective fixed pay programs. Examiners should consider these characteristics when
performing transaction testing and understand deviations from the characteristics.
Banks generally re-age accounts to current on receipt of payments equivalent to three

contractual payments at the newly agreed rate and amount. Examiners should review the
bank’s programs to determine whether consumers are just moved from one temporary
program to another and whether enrollment in a program results in an inappropriate
adjustment to the delinquency buckets. As with the review of re-aged accounts, sampling
techniques for fixed payment programs are also included in appendix A, “Transaction
Testing.” As part of transaction testing, examiners should determine whether account files
document whether a consumer’s difficulty is temporary or permanent. If the difficulty is
temporary, file documentation should support the temporary nature of the hardship and
whether a temporary fixed payment program was appropriate. For example, in a temporary
workout situation system, notes for the file might document that the borrower was out of
work with a medical problem and returned to work in two months without further loss of
income. In this case, a temporary payment program might be appropriate. If the borrower
sustained a longer-term issue that resulted in a diminished ability to repay, however, a
permanent workout may be appropriate.

Version 2.0
There are several common issues examiners encounter when reviewing workout programs.
Collectors may not adequately assess or document the severity of the borrower’s financial
difficulty. If borrowers are routinely placed in temporary hardship programs when their
financial problems are of a permanent nature, it could mask the true condition of the
portfolio. High default rates in workout programs may call into question the assessment of
the severity or long-term nature of a borrower’s financial difficulty. In this case, examiners
should question the effectiveness of collection practices around workout programs and, if
appropriate, criticize the practices. In addition, some bank policies allow borrowers to move
from one workout program to another, often when a borrower does not perform or “breaks”
the workout, without adequate analysis supporting this transition. In general, borrowers
should be placed in the workout program with payment terms appropriate to their hardship.
The total length of time a borrower is in a workout program, on a combined basis, generally
should not exceed 60 months. 61
Settlement Programs
Settlement programs are another type of workout program in which the bank agrees to accept
less than the full balance due from a borrower in full satisfaction of the debt. As with any
other workout program, collectors should determine the borrower’s ability to repay under the
settlement terms.
When there is a settlement agreement, the portion of the balance that will not be paid by the
borrower should generally be charged off when the agreement is reached. If a bank’s
technology does not allow for charge-off of a partial balance, the partial balance should be
fully reserved in the bank’s ALLL or ACL. On receipt of the final settlement payment or if
the borrower misses a payment under the agreement, the remaining balance should be
charged off in full within 30 days.
Consumer Credit Counseling
As part of collection efforts, many banks also work with CCC programs. CCC organizations
are typically engaged by the borrower to help them work through their financial difficulties.
A consumer’s acceptance into a CCC program is often based on a counselor’s determination

that the consumer’s financial situation is salvageable. If accepted, the consumer generally
agrees to cancel all credit cards and other open unsecured lines of credit, develop and adhere
to a budget (with counselor guidance), and make debt payments as agreed. The consumer
credit counselor then notifies creditors that the consumer has been accepted into the program
and negotiates reduced payment terms with each creditor. Terms vary by creditor, with some
requiring the full payment amount and others reducing interest and principal payments
significantly in an attempt to stop the account from going to loss. As with the fixed payment
programs, bank management should evaluate these accounts to determine whether they meet
the standards for a TDR. If so, the bank should employ proper accounting practices. Refer to
the “Fixed Payment Programs” section of this booklet for more information.
61
Refer to OCC Bulletin 2003-1. Exceptions should be clearly documented and should be supported by
compelling evidence that less conservative terms and conditions are warranted.

Version 2.0
After acceptance into a CCC program, consumers generally then make their payments
directly to the CCC organization, which pays the creditors. CCC programs generally run for
up to 60 months and are considered permanent workout programs under OCC Bulletin 2003 -
1. The National Foundation for Credit Counseling has been soliciting banks to test repayment
programs with terms longer than 60 months. This is an attempt to make repayment more
affordable and available to borrowers who turn to CCC programs for help with loan
repayment.
After receiving confirmation of a consumer’s acceptance into the CCC program and the
typical three consecutive payments (or the lump-sum equivalent) under the plan, a creditor
normally re-ages the consumer’s account to a current status, if the account is otherwise
delinquent. At this point, the creditor generally waives any late and over-limit fees and ceases
all collection efforts, as long as the account complies with the renegotiated terms. If an
account goes delinquent again for any significant period of time, it usually reverts to the
original contract terms, collection efforts commence, and it is dropped from the CCC
program.
Banks generally should have a policy regarding CCC accounts and appropriate systems to
properly account for related transactions with the CCC organization. Banks typically assign
an individual or specific group to supervise and monitor its CCC accounts. It is important for
CCC accounts to be identified to enable accurate reporting of CCC delinquencies and charge-
offs. CCC information should be incorporated into the appropriate loan risk grades and into
ALLL or ACL calculations. The bank should have a process to identify CCC accounts that
qualify as TDRs and determine the ALLL or ACL for these accounts in accordance with
ASC Topic 310-40 or ASC Topic 326, as applicable.
Collections Reports
The collection area typically generates many reports to help manage the risks associated with
this activity. Regular reports for each collection program are an important aid in proper
management and board oversight. Regular senior management review of key collection
reports promotes sound oversight and risk management. A bank’s ability to identify and
quantify all collection program specifics, such as the number of re-agings on an account,
contributes to accurate reporting. The “Uniform Retail Credit Classification and Account
Management Policy: Policy Implementation” 62 states that, to be effective, MIS should also
monitor and track the volume and performance of loans that have been re-aged, extended,
deferred, renewed, or rewritten and/or placed in a workout program. MIS provide a
mechanism to assess compliance with rules implementing sections 114 and 315 of the FACT
Act (15 USC 1681m(e) and 15 USC 1681c(h), respectively), 12 CFR 41, and any other
applicable laws and regulations. If a program is not working effectively, management should
take steps to discontinue or modify it. Examiners should evaluate the bank’s reports for
pertinent information and accuracy and may need to criticize any absence of appropriate
tracking and monitoring.
62

Version 2.0
A “rollover,” or “roll-rate” report, is particularly important. Through this report, bank

management can review the number and dollar volume of accounts that move from current to
30 days delinquent, 30 to 60 days delinquent, etc. This information aids management in
projecting accurately the charge-off rates as far as six months into the future and informs
decisions regarding collection staffing levels.
Delinquency and charge-off reports serve as valuable tools in evaluating collection

effectiveness. Monitoring reports are typically generated for the entire portfolio as well as on
a program-by-program basis. Many credit card operations report delinquencies using two
formats: end-of-month (EOM) and sum-of-cycle (SOC). EOM delinquencies are used for call
report purposes and reflect outstanding delinquencies at month-end as a percentage of
outstanding receivables. SOC reports compute delinquencies for each billing cycle, then
aggregate these cycles to determine delinquency for the total portfolio. Unlike EOM reports,
SOC reports ignore the “cleaning up” of delinquencies between the end of the cycle date and
the end of the month.
Bank management may find reports that analyze delinquencies and charge-offs on a “lagged”
basis useful, especially if a portfolio has experienced significant growth. Such analyses
calculate current delinquency and charge-off figures as a percentage of receivables
outstanding six or 12 months prior. A “block” or “status code” report provides valuable
information for reviewing the composition of the portfolio (e.g., the number and dollar
amounts of fixed-payment, bankruptcy, fraud, deceased, and canceled accounts). Other
reports should include actual versus budgeted performance, impact of changes in collection
strategies, and performance of behavioral or other scoring models.
Delinquency, Classification, and Charge-Off Policies
Past-due, charge-off, and profitability reports provide bank management with important
information for assessing the quality of the credit card portfolio. Effective reporting identifies
trends in the portfolio with sufficient time for bank management to react appropriately.
Guidance on account classification and charge-off practices is conveyed by OCC Bulletin

2000-20, which, in general, advises that credit card accounts be charged off when they
become 180 days delinquent. Accounts that are placed in long-term amortizing workout
programs should be charged off at 120 days. The bulletin also addresses accounts that are
affected by bankruptcy, fraud, and death, and examiners should review this issuance closely
when assessing a bank’s collection activities.
All accounts that are 90 to 180 days delinquent should be classified as substandard.
Examiners are not precluded from classifying additional portfolio segments as substandard ,
however, if a review of credit information and loss performance indicates that such
classification is warranted. For example, a subprime program in which the roll-to-loss rate
from 30 days delinquent is between 30 percent and 50 percent may indicate a need to classify
these assets substandard rather than waiting until they are 90 days delinquent, when the roll-
to-loss rate is 90 percent. Likewise, it may be appropriate to charge off these accounts sooner

Version 2.0
than 180 days if roll-rate information suggests that almost 100 percent of the accounts roll to
loss earlier in the cycle.
Nonaccrual Status
Banks should follow the FFIEC’s “Instructions for Preparation of Consolidated Reports of
Condition and Income” (call report instructions) when determining the accrual status for
consumer loans. As a general rule, banks shall not accrue interest, amortize deferred net loan
fees or costs, or accrete a discount on any asset if
• the asset is maintained on a cash basis because of deterioration in the financial condition
of the borrower,
• payment in full of principal or interest is not expected, or
• principal or interest has been in default for a period of 90 days or more unless the asset is
both well secured and in the process of collection.63
The call report instructions provide two exceptions to the general rule:64
(1) Consumer loans and loans secured by a one- to four-family residential property need not
be placed in nonaccrual status when principal or interest is due and unpaid for 90 days or
more. Nevertheless, consumer and one- to four-family residential property loans should
be subject to other alternative methods of evaluation to assure that the bank’s net income
is not materially overstated. To the extent that the bank has elected to carry a consumer or
one- to four-family residential property loan in nonaccrual status on its books, the loan
must be reported as nonaccrual in the bank’s call report.
(2) Purchased credit-impaired loans need not be placed in nonaccrual status when the criteria
for accrual of income under the interest method specified in ASC Subtopic 310 -30,
“Receivables – Loans and Debt Securities Acquired with Deteriorated Credit Quality,”
are met, regardless of whether the loans had been maintained in nonaccrual status by the
seller. For purchased credit-impaired loans with common risk characteristics that are
aggregated and accounted for as a pool, the determination of nonaccrual or accrual status
should be made at the pool level, not at the individual loan level.65
63
Per the call report instructions, “An asset is ‘well secured’ if it is secured (1) by collateral in the form of liens
on or pledges of real or personal property, including securities, that have a realizable value sufficient to
discharge the debt (including accrued interest) in full, or (2) by the guarantee of a financially responsible party.
An asset is ‘in the process of collection’ if collection of the asset is proceeding in due course either (1) through
legal action, including judgment enforcement procedures, or, (2) in appropriate circumstances, through
collection efforts not involving legal action, which are reasonably expected to result in repayment of the debt or
in its restoration to a current status in the near future.”
64
For more information, refer to the “Nonaccrual Status” entry in the “Glossary” section of the call report
instructions. This entry describes the general rule for the accrual of interest, as well as exceptions for retail
loans. The entry also describes criteria for returning a nonaccrual loan to accrual status.
65
For more information, refer to the “Purchased Credit-Impaired Loans and Debt Securities” entry in the
“Glossary” section of the call report instructions.

Version 2.0
As a general rule, a nonaccrual loan may be restored to accrual status when
• none of its principal and interest is due and unpaid, and the bank expects repayment of
the remaining contractual principal and interest, or
• it otherwise becomes well secured and is in the process of collection.
The OCC’s Bank Accounting Advisory Series and the “Rating Credit Risk” booklet of the
Comptroller’s Handbook provide more information for recognizing nonaccrual loans,
including the appropriate treatment of cash payments for loans on nonaccrual status.
Recoveries
Recoveries represent collection activities conducted after an account is charged off. The rate
of recovery depends on many factors, including
• previous collection efforts.

• depth and experience of staff.
• adequacy of systems and controls.
• use of technology.
Recovery activities are generally conducted internally and then outplaced to collection
agencies after several months. When out-placing accounts, the bank should maintain strict
controls and appropriate systems to evaluate each agency’s performance, consistent with
sound third-party risk management. Collection agencies receive a percentage of the dollars
collected, typically between 30 percent and 60 percent. The amount varies based on whether
the agency is the primary collector (the first to work the accounts) or the secondary or tertiary
collector. Fees are lowest for the primary agency and highest for the tertiary agency.
Periodically rotating out-placed accounts among agencies helps ensure that the accounts are
actively and appropriately worked.
Sound third-party risk management regarding collection agencies typically includes66
• performing due diligence to confirm that an agency is, among other things, properly
licensed, bonded, and insured.
• ongoing monitoring of the agencies to verify that the agencies operate prudently and
comply with laws and regulations.
• ongoing monitoring of customer complaints against both the bank and the collection
agencies.
Consumer Debt Sales
As providers of consumer credit, banks lend money to be repaid with interest. Banks
underwrite the loans and price them according to the risk associated with the type of lending
and the customers’ creditworthiness. A percentage of the loans that banks make goes unpaid.
66
For more information regarding third-party risk management, refer to OCC Bulletins 2013-29 and 2020-10.

Version 2.0
Under guidelines set out in the “Uniform Retail Credit Classification and Account
Management Policy,”67 banks should charge off open-end credit at 180 days past due. Even
though the bank has charged off the loan, the borrower generally continues to have an
obligation to repay the debt. At that point, the bank faces a business decision on how to
recover the loss or whether to pursue collection at all.
The majority of debt that banks charge off and sell to debt buyers is credit card debt, but
banks also sell to debt buyers other delinquent debts, such as auto, home equity, mortgage,
and student loans. Most debt-sale arrangements involve banks selling debt outright to debt
buyers. Banks may price debt based on a small percentage of the outstanding contractual
account balances. Typically, debt buyers obtain the right to collect the full amount of the
debts. Debt buyers may collect the debts or employ a network of agents to do so. Notably,
some banks and debt buyers agree to contractual “forward-flow” arrangements, in which the
banks continue to sell accounts to the debt buyers on an ongoing basis. This section focuses
specifically on debt sales. Many of the principles, however, also apply when a bank hires a
third party to collect debt on its behalf. Examiners should complete a careful review of these
sales to assess that they are consistent with generally accepted accounting principles
(GAAP).
OCC Bulletin 2014-37, “Consumer Debt Sales: Risk Management Guidance,” conveys
interagency guidance regarding bank debt sales activities. When a bank sells consumer debt,
the bank should have policies, procedures, and practices that help ensure that any third party
purchasing the bank’s consumer debt for its own collection treats customers fairly and
consistently, in accordance with the bank’s expectations and applicable laws and regulations.
Increased risk most often arises from poor planning and inferior performance or service on
the part of the debt buyer, and this may result in legal costs or loss of business for the bank.
Selling debt to a debt buyer can significantly increase a bank’s risk profile, particularly in the
areas of operational, reputation, compliance, and strategic risks.
• Operational risk: Inadequate systems and controls can place the bank at risk for selling
debt with inaccurate information regarding the characteristics of accounts.
• Reputation risk: When banks sell consumer debt to debt buyers that engage in practices
perceived to be unfair or detrimental to customers, banks can lose community support
and business.
• Compliance risk: This risk exists when banks do not appropriately assess current and
ongoing debt buyer collection practices for compliance with laws, fair treatment of
customers, or the bank’s policies and procedures.
• Strategic risk. Decisions to sell debt to debt buyers should be carefully analyzed by
examiners to assess consistency with the bank’s strategic goals and whether capable
management and staff are in place to perform due diligence and carry out debt sales.
67

Version 2.0
Federal laws applicable to debt sales include the following:
• FDCPA: This applies to debts incurred primarily for the consumer’s personal, family, or
household purposes. Under the FDCPA, “debt collector” is defined broadly to encompass
debt buyers working on behalf of original creditors, including banks.
• FCRA: The FCRA, which is implemented by Regulation V, regulates the collection,
dissemination, and use of consumer information, including consumer credit information.
• Gramm–Leach–Bliley Act (GLBA): Certain provisions of the GLBA and Regulation P,
which implements the GLBA, require banks to provide consumers with privacy notices at
the time consumer relationships are established and annually thereafter. In addition, this
law imposes limitations on banks’ sharing of nonpublic personal information with debt
buyers.
• ECOA: The ECOA and its implementing regulation, Regulation B, prohibit
discrimination in any aspect of a credit transaction on a “prohibited basis.” The
prohibition against discrimination in any aspect of a credit transaction on a prohibited
basis includes collection procedures.
• FTC Act: Section 5 of the Federal Trade Commission Act prohibits UDAP in or
affecting commerce. Public policy may also be considered in determining if acts or
practices are unfair.
• Dodd–Frank Act: Sections 1031 and 1036 of Dodd–Frank Act prohibit banks from
engaging in UDAAP.
Third parties collecting debt on behalf of the bank (debt placement relationships) should be
included in the bank’s third-party risk management processes.68
Fraud Risk Management

Fraud is a continuing problem with credit card programs. By its very nature, the product is an
easily obtainable, unsecured line of credit managed by the consumer, making it an ideal
mechanism for fraud. The bank card associations, issuers, and acquirers, the U.S. Postal
Service, and other entities have strengthened systems and controls to reduce fraudulent
activities. Despite significant advances in detection, however, fraud—specifically identity
theft—continues to be a major issue in the credit card industry.
OCC Bulletin 2019-37, “Operational Risk: Fraud Risk Management Principles,” provides
information regarding sound fraud risk management principles and supplements other OCC
and interagency issuances on this topic. Bank management should periodically assess the
likelihood and impact of potential fraud schemes and use the documented results of this
assessment to inform the design of the bank’s risk management system and evaluate fraud
activities. Policies should clearly define, establish, and communicate the board’s and senior
management’s commitment to fraud risk management. Processes should be designed to
anticipate fraud and deploy a combination of preventive controls and detective controls.
68
For more information regarding third-party risk management, refer to OCC Bulletins 2013-29 and 2020-10.

Version 2.0
Fraud-related training typically includes the identity theft red flags69 and suspicious activity
reporting requirements.
Fraud can be orchestrated in many ways. Lost or stolen cards and nonreceipt of issued cards
represent a large percentage of all fraud reported. In recent years, however, thousands of
consumers have been affected when their card account numbers were illegally obtained from
retailers’ sales records and then used for unauthorized purchases. Banks must implement a
comprehensive written information security program designed to ensure the security and
confidentiality of customer information.70 A bank should make the OCC aware as soon as
possible when it becomes aware of a security breach involving sensitive customer
information. Examiners should assess the adequacy of the bank’s assessment of the security
breach, the magnitude of the event, and the appropriateness of its response, including its
plans to notify customers.
Bank card associations track fraud according to type, and most issuers follow this or a similar
format in reporting fraud in internal reports. Reporting specific information on types of fraud
allows a bank to identify its points of greatest risk. If a bank does not distinguish fraud losses
by type, examiners should discuss the benefits of such reporting with bank management.
Banks should have processes for internal investigations, law enforcement referrals,
regulatory notifications, and reporting fraud. A bank is required to file a Suspicious Activity
Report (SAR) for known or suspected frauds meeting regulatory thresholds. 71
Management typically reviews the bank’s average fraud losses to determine whether the bank
identifies fraudulent activities in a timely manner. If a bank has inadequate systems and
controls to identify fraud, fraudulent activity is likely to continue for longer periods and
result in higher losses.
Banks have pursued the following activities to deter and reduce fraud:
• Sorting mail outside the facility where the mail was initiated.
• Instituting call-to-activate requirements for new cards and reissued cards.
• Implementing pattern recognition programs and systems.
• Developing neural networks (an extension of risk scoring techniques used in part to
identify fraudulent transactions) or expert systems.
• Extending the time after which cards are reissued from two years to three years to reduce
the number of cards in the delivery system.
• Designating a special customer service group to handle reports of lost or stolen cards.
69
12 CFR 41, subpart J, “Identity Theft Red Flags” addresses identity theft red flags and discrepancies under
sections 114 and 315 of the Fair and Accurate Credit Transactions Act, 15 USC 1681m and 1681c.
70
Refer to 15 USC 6801, “Protection of Nonpublic Personal Information,” 15 USC 6805(b), “Enforcement of
Section 6801,” and 12 CFR 30, appendix B, “Interagency Guidelines Establishing Information Security
Standards.”
71
Refer to 12 CFR 21.11 (national banks), and 12 CFR 163.180 (FSAs).

Version 2.0
• Increasing the level of payment review to include all checks over a certain dollar amount,
regardless of whether there is a payment coupon.
• Using EMV (Europay, Mastercard, and Visa) standard payment cards (referred to as
chip-and-PIN or chip-and-signature cards) to reduce fraud at the point of sale.
Most large credit card issuers maintain a dedicated fraud staff that supervises the many
actions that occur when a cardholder notifies the issuer or the issuer becomes aware that
fraud has occurred. These activities include
• preparing a lost or stolen card report from the cardholder and advising the cardholder to
destroy additional cards. The report may include the account number, name, fraud type,
address, number of transactions, dollar amount of fraud, charge-off month and date,
description of fraudulent activity, corrective action taken, if any, name of preparer, and
name of manager signing off on the report.
• blocking the account and placing it on an exception file with its own unique block codes,
depending on its processor.
• preparing a request to issue new cards to the cardholder. This may include reviewing
activity in the blocked account and transferring legitimate transactions to a replacement
account.
• setting up a file for investigation of fraud accounts. This may include requesting draft
copies of fraudulent items and challenging the cardholder’s claims that items are
fraudulent, if those claims are suspect.
• reviewing and initiating appropriate steps to charge back items to other parties
responsible for chargebacks. This may include preparing fraud notifications to applicable
card networks (e.g., Visa or Mastercard), investigating and documenting fraudulent cards,
and prosecuting culprits, if possible.
• investigating and resolving address or other types of discrepancies.
• filing SARs as required.
Issuers should have adequate systems and controls in place to recognize fraudulent activities
in a timely manner, to block accounts when appropriate, to prevent future authorizations, and
to file the proper reports. The timing of the block date is important, as the vast majority of
fraud losses occur on or before the block date, and losses incurred after the block date usually
have significantly lower transaction sizes.
According to the “Uniform Retail Credit Classification and Account Management Policy,”72
fraudulent loans should be classified as loss and charged off no later than 90 days after
discovery or when the account is 180 days delinquent, whichever is sooner. Losses resulting
from fraud committed by someone other than the cardholder should be charged to other
noninterest expense. Losses resulting from fraud committed by the cardholder should be
charged to the ALLL or ACL.
Synthetic fraud in credit card lending occurs when an individual uses valid customer
information, like a Social Security number, with fictitious or inaccurate information to create
72

Version 2.0
a fictitious person through the credit bureaus. Applying for multiple credit cards allows the
individual with the synthetic identity to develop a legitimate credit report. Eventually a bank,
finance company, or other financial institution may grant a small amount of credit. The
fraudulent actor then cultivates the synthetic identity by behaving like a good credit quality
customer, charging on the card and paying the bill regularly. Over time, the synthetic
identity’s credit score increases and the individual behind the scheme is able to apply for and
receive more credit and increased credit limits. Once established, the individual can create
other synthetic identities by adding authorized users and continue to use the information
developed with the original synthetic identity. At some point, the individual behind the
synthetic identity will use the full balances available on each card and stop paying. This is
referred to as a “bust out.”
The usual techniques used to identify fraudulent accounts and prevent fraud are generally not
effective in identifying and preventing synthetic fraud, creating a challenge for banks. These
schemes develop over a long period of time, so often it is not until the collection process has
started that banks realize that the fraud has occurred. Examiners should be aware of this type
of fraud and discuss the steps card issuers are taking to limit this activity.
Synthetic fraud blurs the lines between first-party and third-party fraud. Synthetic fraud
demonstrates characteristics of first-party fraud because the person committing the fraud is
the bank’s customer, but it also has characteristics of third-party fraud because the bank’s
customer is not a legitimate borrower. There is no uniform definition for synthetic fraud
applied within the banking industry. Unlike third-party fraud, in which a customer clearly
reports that a fraud has been committed on his or her account, first-party fraud often uses
fake or false information to obtain the account, leaving management without a party to
pursue for restitution when the fraud is identified. Synthetic frauds can take place over a long
period of time and initially appears as legitimate borrowers often paying as agreed until they
ultimately utilize the full availability of the credit line and default. It may take the bank a
number of months as the account goes through the normal collections processes to determine
the account owner was a synthetic identity. Consequently, it is significantly harder to
determine exactly when the fraud was discovered or even whether the incident truly
constitutes fraud. From a risk management standpoint, most banks use some type of proxy ,
such as early payment default, failure of right-party contacts,73 or other analytical means to
assist in identifying potential fraud or portfolio segments with elevated credit risk. Using
proxies or other means to identify fraud may result in some level of false positives, and an
accelerated charge-off could have negative credit bureau impacts on a portion of those
borrowers with accounts that were incorrectly identified as fraudulent.
Examiners should evaluate the reasonableness of a bank’s process for identifying and
classifying first-party versus third-party fraud and how the losses are recognized as either
credit losses or operational losses. Examiners should consider the potential consumer fairness
implications of accelerated charge-offs, which could expose banks to potential litigation and
reputation risk.
73
“Right-party contact” refers to the bank’s attempts to reach the correct borrower or right party when pursuing
repayment of a loan.

Version 2.0
Purchased Credit Card Relationships

Purchased credit card relationships (PCCR) are intangible assets created when a bank
purchases a credit card portfolio at a premium from a third party. Generally, when a
performing credit card portfolio is purchased, a large part of the premium (the purchase price
over the par value of the credit card receivables acquired) is related to the PCCR. The PCCR
represents the right to conduct ongoing credit card business dealings with the cardholders.
Such relationships arise when the reporting bank purchases existing credit card receivables
and has the right to provide credit card services to those customers. PCCRs may also be
acquired when the reporting bank purchases an entire depository institution. The PCCR
represents the value of the profit coming from the established card relationships acquired,
typically discounted at the acquiring institution’s cost of capital. This intangible is amortized
over its expected life. For more information on PCCRs, refer to appendix J of this booklet.
Not every credit card portfolio that is purchased results in a PCCR. The cost of acquiring a
credit card portfolio can vary widely, and a bank may even purchase a portfolio at a discount.
The purchase price can be determined by a variety of factors that, in the aggregate, reflect the
expected cash flows of the portfolio. Some of the main factors considered are the yield,
attrition rates, portfolio performance, funding rates, and processing costs.
Most credit card portfolio purchasers maintain automated models that bank management can
load with its best estimates of how the purchased portfolio will perform. The card portfolio
data are typically obtained directly from the sellers (or the seller’s investment bankers) and
are used to determine the initial bid on the portfolio. If the bank is selected to perform a due
diligence examination (because it offered one of the highest bids), it then modifies the model
with enhanced data obtained during the due diligence review. The model generally creates
cash flow data, income statements, balance sheets, equity flows, and other information that
permits the purchaser to determine an appropriate value for the portfolio, usually based on an
internal earnings hurdle rate (the minimum acceptable rate of return on a capital investment
project). Models typically include discounted cash flow models, discounted capital flow
models, and return-on-asset models.
For regulatory capital computations, banks must deduct all PCCRs from common equity tier
1 capital as required in accordance with 12 CFR 3.22(a)(2). The call report instructions state
that banks with PCCRs “shall review the carrying amount at least quarterly, adequately
document the review, and adjust the carrying amount as necessary.” If this review indicates
that the carrying amount may not be recoverable, the intangible asset should be tested for
recoverability, and any impairment loss should be recognized, as described in the instruction
for Schedule RC-M, item 2.
Allowance for Loan and Lease Losses or Allowance for Credit Losses
The methods used to establish and maintain the ALLL or ACL, as applicable, in credit card
portfolios varies among banks. Examiners should review the bank’s methodology to
determine whether it is reasonable, adequately documented, and reflects consideration of the

Version 2.0
“Interagency Policy Statement on the Allowance for Loan and Lease Losses” 74 or “Final
Interagency Policy Statement on Allowances for Credit Losses.”75 No method can determine
the appropriate reserve level with absolute precision; instead, management makes reasonable
and supportable estimates based on careful analysis of the portfolio.
ALLL Under the Incurred Loss Methodology
Examiners should determine whether the bank’s methodology for determining its ALLL
adequately estimates credit losses in the credit card portfolio. The ALLL is an estimate of the
current amount of loans that it is probable the bank will be unable to collect given facts and
circumstances as of the evaluation date. Estimated losses for pools of homogeneous loans,
such as credit card portfolios, are governed by ASC 450-20, “Loss Contingencies.” In
general, for credit card portfolios, the bank should have a supportable and well-documented
analysis that segments the portfolio and computes loss histories for each segment, applies
adjustments for internal and external qualitative factors, and results in an ALLL balance that
is appropriate (i.e., sufficient to absorb estimated credit losses).76
For estimated credit losses on accrued interest and fees that are reported as part of the
respective loan balances on the bank’s balance sheet, the associated ALLL should be
evaluated under ASC 450-20.
One method commonly used to estimate losses in credit card portfolios is the roll-rate
analysis. When using this method, bank management should segment the portfolio into
appropriate product types. Further segmentation is possible when defining characteristics are
present that apply to additional homogeneous pools within the credit card portfolio. Bank
management should then track the rates at which loans roll through the delinquency buckets
to determine estimated losses based on performance history. For example, management may
track how many loans roll from current to 30 days delinquent, then how many of the 30 -day
delinquent loans roll to 60 days delinquent, and so on. Management then may assess broader
economic factors to estimate how external influences may affect portfolio performance. This
is a simplistic example of estimating losses using the roll-rate process. Many large banks use
some form of roll-rate analysis, often with granular segmentation of the various portfolios.
Environmental factors are likely to affect domestic portfolios differently than international
portfolios.
Whatever the method, the ALLL analysis should be commensurate with the size and
complexity of the credit card portfolio and provide sufficient support to the portion of the
bank’s allowance that is allocated to credit cards. Generally, banks use at least an
“annualized” or 12-month average net charge-off rate when estimating the ALLL. For more
information on reviewing the adequacy of and the methodology for determining the
74
75
76
For more information, refer to OCC Bulletin 2006-47.

Version 2.0
appropriate level for the ALLL and examination procedures, refer to the “Allowance for
Loan and Lease Losses” booklet of the Comptroller’s Handbook.
ACL Under the Current Expected Credit Losses Methodology
For banks that have adopted ASC Topic 326, which introduces the current expected credit
losses (CECL) methodology, examiners should evaluate a bank’s methodology for estimating
expected credit losses. Under ASC Topic 326, the ACL is an amount that is deducted from,
or added to, the amortized cost basis of financial assets to present the net amount expected to
be collected over the contractual term of the assets. Credit card receivables that share similar
risk characteristics should be grouped into pools when estimating the ACL as required by
ASC Topic 326. The bank should have a supportable and well-documented analysis
supporting the portfolio segmentation and describing the methodology used to estimate
expected credit losses (including the use of qualitative factors) that results in an appropriate
ACL balance (i.e., sufficient to absorb estimated credit losses). The ACL estimation
methodology should be commensurate with the size and complexity of the credit card
portfolio and provide sufficient support for the portion of the bank’s ACL that is allocated to
credit cards.77
ASC Topic 326 requires that management estimate expected credit losses over the remaining
estimated life of the funded balance of the credit card receivables as of the reporting date.
Unfunded balances for credit lines that are unconditionally cancellable are excluded from
ACL because there is no obligation from the bank as of the reporting date to extend credit.
Credit cards are open-ended, revolving extensions of credit. Therefore, banks typically use a
payment forecasting methodology that allocates estimates of future cardholder payments to
cardholder credit balances as of the reporting date to forecast the future principal paydown
schedule of the reporting date credit card receivables. Alternatively, banks may use a
combination of existing balances related to future charges to forecast principal paydown of
reporting date credit card receivables. Common methodologies are referred to as first-in-first-
out (FIFO) approaches, minimum payment approaches, or CARD Act FIFO approaches. For
example, when a cardholder remits a payment, the payment received is first applied to the
balance associated with the highest rate interest charges and fees due. Any payment amount
remaining after the interest and fees allocation is then applied to the highest rate principal
balance due at the evaluation date or is allocated between principal due at the evaluation date
and principal related to charges expected in future periods. This allows the bank to determine
how much of the total charges will be repaid and subsequently, how much will not be
collected over the life of the card receivable. The methodology used to estimate the ACL
does not alter payment allocation requirements under the CARD Act.
77
Consistent with ASC Topic 326, a bank’s determination of the contractual term should reflect the financial
asset’s contractual life adjusted for prepayments, renewal and extension options that are not unconditionally
cancellable by the bank, and reasonably expected troubled debt restructurings. For more information, refer to
the “Contractual Term of a Financial Asset” section in the “Interagency Policy Statement on Allowanc es for
Credit Losses” conveyed by OCC Bulletin 2020-49.

Version 2.0
Accounting for Rebate or Reward Programs
With the fierce competition to provide credit cards, issuers have become increasingly
aggressive in account acquisition. The sheer number and various types of issuers—such as
nonbank card issuers, Competitive Equality Banking Act (CEBA) credit card banks, and
cobranding partners—have intensified marketing to the consumer. Most issuers, either
directly or through a partnership arrangement, now offer some type of rebate or reward
program to cardholders. Rebates and rewards may be in the form of cash, travel, points for
purchases and discounts, and other offers.
Most major card issuers now offer general purpose cards (including affinity and cobranded
cards) that contain rebate or reward features. When these incentives are offered, banks should
record a contingent liability along with a reduction to interchange revenue. The contingent
liability is accrued as the rebate or reward is earned and is adjusted for anticipated breakage
(i.e., benefits that will not be redeemed by the borrower). Examiners should determine the
rebate or reward reserve’s adequacy, as well as the reasonableness of the reserve method.
If the bank has contingent liability on any rebate or reward program, examiners should
evaluate the adequacy of the contingent liability in a manner similar to evaluating the
adequacy of the ALLL or ACL.78 Banks ordinarily have an accounting policy that governs
how the contingent liability is established. The policy typically addresses issues such as
• general ledger account under which the contingent liability will be located.
• account under which the expense (i.e., reduction in revenue) will be located.
• how monthly accruals will be determined.
• maintenance of subsidiary ledgers.
• how often formal analysis of the contingent liability will be prepared.
• management sign-off to attest to contingent liability adequacy.
• management sign-off to change the contingent liability methodology.
• handling of redemptions.
• handling of over- and under-funded liability levels.
• if third parties are used in the redemption process, interface of databases in connection
with points accounting, redemption transactions, etc.
In analyzing the adequacy of a rebate or reward reserve, examiners should review the reserve
method, determine how long the program has existed, and determine whether rebate reserve
levels change as the program ages. Examiners should also determine whether there have been
any significant modifications to the rebates, rewards, or the associated reserve methodology.
The type of product the issuer or retailer promotes has a material impact on the type of
reserve method that bank management uses. For example, the rebate or reward reserve
method for a program that allows for the accumulation of points toward a purchase may be
different from a program that annually rebates 5 percent of net purchase sales in cash. Also,
78
The accounting for credit card reward liabilities described in this section of the booklet applies when the
credit card arrangement is within the scope of ASC Topic 310, “Receivables.” Most credit card reward
programs are accounted for in this manner. If not in the scope of ASC Topic 310, ASC Topic 606, “Revenue
from Contracts with Customers” applies.

Version 2.0
many programs have rebate limitations during specific time periods. If no limitations are
apparent, examiners should discuss this with bank management and evaluate what, if any,
risk the absence of limitations poses to the issuer’s financial condition. Some rebate or
reward programs also offer points that expire at a certain point in time. Examiners should
evaluate whether bank management monitors point expiration and appropriately adjusts the
associated rebate or reward liability.
Third parties may be used to provide a variety of services for rebate or reward programs,
including accounting and redemption. Examiners should assess what outside parties are
involved in the rebate operation, how information is passed between systems, and how
payments are transacted.
In addition, examiners should be mindful of the operational and reputation risks associated
with rebates and reward programs. If a cardholder can choose from multiple rebates or
rewards on a single card, these risks may grow significantly. Banks typically have controls in
place to ensure that cardholders actually receive the rebates or rewards they signed up for,
that cardholders receive proper disclosures, and that rebates or rewards are correctly
calculated.
Reserving for Credit Card Partnership Programs
Many card issuers enter into cobranding partnership agreements with other merchants. The
cobranding partnership contract is important in determining the issuer’s costs, marketing
requirements, and liabilities. Partnership contract terms vary and may include special
incentives or bonus payments to the merchant as well as shared marketing costs, rebate or
rewards costs, and shared credit losses on credit card receivables.
Examiners should pay attention to shared expenses related to credit losses on partnersh ip
receivables as these costs flow into the total ALLL or ACL. If the bank is the principal in the
contractual arrangement, credit losses are accounted for on a gross basis. The full amount of
the credit loss is recorded through the ALLL or ACL, as applicable. If the bank is an agent in
the contractual arrangement, the total losses recorded in the ALLL or ACL are reported on a
net basis by reducing the credit losses by the amount reimbursed by the credit card partner.
Profit Analysis
Credit card operations offer banks substantial opportunities for profit because credit card
portfolios can generate returns on assets that far exceed those of other product lines. Profit
margins on credit card accounts can be overstated, however, and examiners should perform a
thorough analysis of a credit card operation’s financial statements to draw accurate
conclusions. Moreover, profitability can vary, as it is influenced by cyclical trends in the
consumer retail area and the economy in general.
Examiners should begin their analysis with a review of the credit card operation’s strategic
plan. Strategic goals can vary among issuers. For instance, credit card operations owned by
retailers may be concerned primarily with increasing incremental sales of the retailer. The

Version 2.0
card operations may lower credit standards to put more of the retailer’s cards in circulation .
Although this increases sales for the retailer, lower standards may reduce the profitability of
the credit card operation because it could lead to higher credit losses.
Effective credit card operations typically
• have a system to measure overall profitability, including direct and indirect costs.
• have detailed budgets that are compared against actual results, with significant variances
investigated.
• periodically estimate the impact of potential economic changes, competition, and
legislative issues on the portfolio.
• prepare pro forma financial statements on major new product rollouts or modifications of
significant terms on existing product lines to identify potential effects on income streams.
• analyze profits for the total portfolio and for each individual portfolio or program.
• manage profit levels at the individual account level, which may help the bank focus
retention efforts, such as by determining accounts on which to waive annual membership
fees.
Most major issuers have separate finance areas to supervise the accounting of income and
expenses. These areas should have in place appropriate reports that detail income and
expenses for executive management summary reports. Effective reporting is crucial to
ensuring that management has an accurate profitability picture. The finance area generally is
responsible for coordinating and preparing the budget and strategic goals, as well as
generating any reports to the parent company; payment card networks, such as American
Express, Visa, or Mastercard; and regulatory agencies.
Profitability among credit card operations varies widely based on a number of factors, such
as management competence, risk appetite, products offered, affinity or cobranding
relationships, and the method used to report various costs. Accounting and reporting systems
support effective management supervision. Refer to appendix I of this booklet, “Profit
Analysis,” for examples of ways to examine the profitability of credit card operations.
There are several common measures of the overall profitability of a credit card portfolio .
These include return on average assets (ROAA), return on equity (ROE), and income per
billed account. ROE measures help determine the market’s perception of the bank’s financial
performance. They can, however, vary significantly depending on securitization volumes and
capital leverage. Consequently, the use of ROE as the sole measure to gauge financial
performance for credit card operations should be scrutinized by examiners.
Examiners should know the sources of a credit card operation’s income and expenses to
analyze its profitability. Some of the basic components of income in a credit card operation
are finance charges, annual and service fees, and interchange fees. Some credit card
operations receive service fees and residual income from securitized portfolios. Interest rates
vary widely depending on products, borrowers’ risk profiles, competition, and state usury
laws. The annual and service fee component of income generally includes fees assessed to
the customer for use of the card. Annual fees vary and generally are tailored to the perceived

Version 2.0
value of the card and associated enhancements, such as travel insurance or check cashing
privileges. Service fees are generally fees imposed on transactions such as cash advances,
late payments, and over-limit transactions. An interchange fee is a fee to the issuer that is
extracted from the discount fee paid by a merchant who accepts a credit card transaction . For
most credit card operations, one basic component of expenses, the cost for account
acquisition, continues to rise, particularly for accounts associated with reward programs. The
value of the reward “bonus” required to lure a new creditworthy account holder continues to
rise significantly and, along with it, the cost of that bonus. Other expenses for most credit
card operations include credit processing, card issuance, authorizations, collections, loan-loss
provisions, cardholder servicing and promotion, cardholder billing, payment processing, and
fraud investigations. Other possible expenses include payments to affinity and cobranding
partners and reserves for rebate programs, when applicable.
Credit card operations tend to be one of the costlier areas of a bank. The small size of
individual accounts and the high transactional volume create higher co sts per account. There
are also costs associated with data processing, whether conducted in-house or contracted out
to a third party.
Cost of funds is a major expense item that can compose up to half of an issuer’s total expense
distribution. Cost of funds can vary depending on the funding sources used by the bank, as
well as the bank’s condition and reputation in the market. Many large credit card issuers use
securitization as a source of funding. Examiners should discuss trends in funding costs and
composition with the bank and investigate unusual variances.
In reviewing income and expense categories, it is helpful to compare the bank’s performance
against peer data. Examiners should inquire whether the bank has recent industry cost
studies. Notably, bank card associations periodically provide their members with cost studies
and other industry data.
Ancillary Products: Debt Cancellation Contracts and

Debt Suspension Agreements
Under a debt cancellation contract (DCC) or debt suspension agreement (DSA), a lender
agrees to cancel, or temporarily suspend, all or part of a consumer’s repayment obligation
upon the occurrence of a specified event. Historically, these occurrences have been limited to
events that negatively affect a consumer’s life, such as death of a spouse, disability, or
unemployment. Over the last several years, the industry has expanded the array of events that
could trigger activation under these agreements to include other life events, such as birth of a
child, purchase of a home, divorce, or enrollment in college. Not only has the coverage of
these agreements expanded, but more banks are offering them.
The OCC issued 12 CFR 37, “Debt Cancellation Contracts and Debt Suspension
Agreements” to establish rules governing these products and ensure that national banks offer
them in a safe and sound manner and in compliance with applicable consumer protection-
related laws and regulations. The regulation codified the OCC’s longstanding position that
DCCs and DSAs are permissible banking products for national banks and are not governed

Version 2.0
by the OCC’s consumer protection regulations regarding insurance sales or by state contract
law. The DCC activities of FSAs are not governed by 12 CFR 37, although, as a prudential
matter, FSAs should consider following the standards contained in the regulation. The
regulation includes standards for prohibited practices, refunds to borrowers for termination or
early closure of the account, methods of payment, disclosures, and safety and soundness
considerations.79
The following practices relevant to DCCs and DSAs sold in connection with credit card
accounts are prohibited under the regulation:
• Tying credit approval or terms to a customer’s purchase of a DCC or DSA with the bank.
• Engaging in misleading advertisements or practices.
• Retaining a right to modify a DCC or DSA unilaterally, unless the modification benefits
the customer or the customer is notified of the proposed change and has a reasonable
opportunity to cancel without penalty.
National banks that offer DCCs and DCAs in connection with credit card accounts are
subject to the following limitations under the regulation:
• A national bank may offer a DCC or DSA that does not provide for a refund only if the
bank also offers that customer a bona fide option to purchase a comparable contract that
provides for a refund.
• A national bank may offer the customer the option to pay the fee in a single payment,
provided the bank also offers the customer a bona fide option of paying the fee for that
contract in monthly or other periodic payments.
The regulation establishes a number of disclosure requirements as well. These requirements

are structured to accommodate the methods that national banks typically use to market DCCs
and DSAs, by permitting the use of oral or written short-form disclosures in certain
circumstances. Such circumstances include telephone solicitations and “take one”
applications, where full disclosure of the terms most relevant to a customer’s decision to
purchase is not practicable. National banks must follow short-form disclosures with written
long-form disclosures.
These disclosures must80
• inform the customer that the DCC or DSA is optional.

• explain that a DCC or DSA, if activated, does not cancel the debt, but only suspends
requirements to make payments.
FSAs are authorized to provide DCCs; however, 12 CFR 37 is not applicable to the DCC activities of FSAs.
79
Those activities are subject to certain limited safeguards described in two OTS Opinions of Counsel: “Debt
Cancellation Contracts” (December 18, 1995) and OTS Op Acting Chief Counsel (September 15, 1993).
80
Some of the information is required only for long-form disclosures, which must be made in writing before the
customer completes the purchase of the contract. Refer to 12 CFR 37, appendixes A and B, for more
information.

Version 2.0
• disclose the amount of fees charged.

• make customers aware of the option to make a single payment or periodic installments.
• disclose the bank’s refund policy if the fee is paid in a single payment and added to the
amount borrowed.
• tell customers whether they are barred from using their credit line if the DCC or DSA is
activated.
• disclose whether the customer has the right to cancel the DCC or DSA.
• explain eligibility requirements, conditions, and exclusions that might affect a customer’s
ability to purchase or obtain benefits under the contract.
Sample short- and long-form disclosures are included as appendixes to 12 CFR 37. The
sample forms are not mandatory, and national banks that make disclosures in a form
substantially similar to those provided are deemed to satisfy the disclosure requirements.
Regulation Z contains disclosure rules applicable to debt cancellation and debt suspension
coverage, at 12 CFR 1026.4(b)(10) and 12 CFR 1026.4(d)(3). Both national banks and FSAs
should carefully review Regulation Z requirements in this area.
12 CFR 37 requires that a national bank, in most cases, obtain a consumer’s written
acknowledgment of his or her receipt of the required disclosures, as well as an affirmative
election to purchase the DCC or DSA, before completing the sale. Like the disclosure
requirements, these provisions are tailored to accommodate the use of various sales methods,
such as by telephone, where immediate receipt of a written acknowledgment is not
practicable. The disclosures, acknowledgment, and affirmative election option must be
conspicuous, simple, direct, readily understandable, and designed to call attention to their
significance.
The Consumer Financial Protection Bureau (CFPB) also monitors DCC and DSA products to
ensure that they are not unfair, deceptive, or abusive. Examiners should be aware of any
changes to regulations that may be developed and implemented by the CFPB related to DCC
or DSA products. Regulation Z contains disclosure rules applicable to debt cancellation and
debt suspension coverage at 12 CFR 1026.4(b)(10) and 12 CFR 1026.4(d)(3).
Finally, under 12 CFR 37.8, “Safety and Soundness Requirements,” national banks offering
DCCs or DSAs must appropriately manage the risk associated with these products in a safe
and sound manner. National banks must also establish and maintain effective risk
management and control processes over their DCCs and DSAs. In addition, national banks
should assess the adequacy of their internal controls and risk mitigation activities in light of
the nature and scope of their DCC and DSA programs.
Accordingly, national banks generally have
• policies and procedures in place for each DCC and DSA program that promote
compliance with the regulation’s requirements.
• appropriate reports in place to monitor and administer the programs. Such reports
typically include information about

Version 2.0
– enrollment and volume trends (e.g., number and balances of accounts enrolled in the
program and cancellation rates, segmented by consumer versus bank closure).
– application and activation volumes and trends, such as
▪ average claim processing time by type.
▪ benefit application, approval, decline, and fallout rate.
▪ number and account balances of accounts in benefit status.
▪ average duration of benefit period by type and aging of active benefits (time to
benefit exhaustion).
▪ delinquency status of accounts in active benefit status, by type.
▪ performance of accounts subsequent to benefit denial, fallout, or benefit
exhaustion.
– profitability (e.g., fee income generated; average APR of enrolled and activated
accounts; costs by type, including retroactive adjustments).
If the national bank securitizes assets, its reports are typically broken down by receivable
ownership (e.g., bank, trust, trust series) and aggregated for the managed portfolio overall.
These reports should be used to evaluate program performance (current performance and
trends, operational issues, etc.) and pricing; to establish adequate interest and fee reserves; to
set the amount of the trust’s remittances (if any); and to analyze the ALLL or ACL.
Although they are not subject to 12 CFR 37.8, FSAs should, as a matter of safety and
soundness, have appropriate risk management processes if they offer DCCs or DSAs.
Examiners should review the national bank’s reports to determine whether bank management
performs appropriate account analyses. These analyses typically include a review of the
performance of the accounts by the type of benefit claimed, such as unemployment or
disability. Bank management should review whether accounts with benefits claimed
performed differently than the rest of the portfolio and incorporate the findings of this
analysis into the ALLL or ACL methodology. Examiners should confirm bank
management’s analysis by reviewing a sample of accounts that came off benefit status in the
previous six months and assessing the performance on those accounts.
Examiners should verify that the accounting for DCCs and DSAs is in accordance with
GAAP. With regard to DCCs and DSAs, the service that banks provide is the continuing
contractual obligation to either cancel or suspend the customer’s minimum payment
obligation in the event of activation. Banks provide this service each month the contract is in
effect, and customers typically pay a monthly fee for the service. Therefore, banks earn the
fee each month and may appropriately recognize the fee as revenue. If a bank charges a one-
time fee, the bank should defer that fee and recognize revenue over the term of the contract.
Banks that charge a one-time fee must have controls in place to refund any unearned fee
income in cases of prepayment of the loan, in accordance with 12 CFR 37.4. For card
accounts that are paid off early and the account closed by the customer, a refund may be
required. Federal and state requirements may apply regarding borrower notification,
including timing, when a refund is required. Banks that charge a monthly fee for the DCC or

Version 2.0
DSA do not have the same concern as revenue is earned in the same month as the customer
pays for the service.
In some instances, customers have the right to rescind their coverage within a specified
period following the charging of the fee to the customer’s account. Banks should not
recognize revenue for amounts that may be rescinded until after the rescission period has
ended.
A bank’s estimate of the amount of probable loss related to DCCs or DSAs is a contingent
loss. ASC 450-20 governs the accounting for contingent losses. Under ASC 450-20, banks
must recognize estimated losses from loss contingencies if the losses are probable and
reasonably estimable. Thus, according to the accounting standards for both DCCs and DSAs,
a bank should estimate the amount of contingent loss inherent in its contract population.
Depending on the particular terms of the DCCs or DSAs, the estimated amount of loss is
either the amount that the bank will have to remit or the contractual amount that the bank will
not receive from the customer.
Accounting for benefits claimed through DCCs is similar to accounting for loan losses and
charge-offs. Each period, the bank should estimate the amount of probable losses related to
benefits under the DCCs and recognize that amount of loss in the ALLL or ACL. Once
benefits are claimed and the related receivables are cancelled, the bank should recognize the
cancellation of the receivable as a charge-off to the ALLL or ACL.

Version 2.0
Examination Procedures
This booklet contains supplemental procedures for examining specialized activities or
specific products or services that warrant extra attention beyond the core assessment
contained in the “Community Bank Supervision,” “Federal Branches and Agencies
Supervision,” and “Large Bank Supervision” booklets of the Comptroller’s Handbook.
Examiners determine which supplemental procedures to use, if any, during examination
planning or after drawing preliminary conclusions during the core assessment. Examiners can
tailor the examination request items found in appendix B, “Suggested Request Items for
Credit Card Lending Activities,” to assist in their examinations.
Scope
These procedures are designed to help examiners tailor the examination to each bank and
determine the scope of the credit card lending examination. This determination should
consider work performed by internal and external auditors and other independent risk control
functions and by other examiners on related areas. Examiners need to perform only those
objectives and steps that are relevant to the scope of the examination as determined by the
following objective. Seldom will every objective or step of the supplemental procedures be
necessary.
Objective: To determine the scope of the examination of credit card lending and identify
examination objectives and activities necessary to meet the needs of the supervisory strategy
for the bank.
1. Review the following sources of information and note any previously identified problems
related to credit card lending that require follow-up:
• Supervisory strategy
• Examination scope memorandum
• OCC supervisory information systems
• Previous reports of examination, supervisory letters, and work papers
• Internal and external audit reports and work papers
• Bank management’s responses to previous examinations and audits
• Customer complaints and litigation. Examiners should review customer complaint
data from the OCC’s Customer Assistance Group, the bank, and the CFPB (when
applicable). When possible, examiners should review and leverage complaint analysis
already performed during the supervisory cycle to avoid duplication of effort.
2. Obtain and review the Uniform Bank Performance Reports (UBPR), applicable OCC
reports or analytical tools, and relevant credit card-related call report data. Such data may
include balances, unfunded commitments, losses, recoveries, early- and late-stage
delinquencies, and nonaccrual. Review data on the volume of capitalized fees in total
reported balances, as well as information on reserves for capitalized fees and finance
charges included in the ALLL or ACL or separate valuation allowance.

Version 2.0
3. Obtain and review policies, procedures, and reports that bank management uses to
supervise credit card lending, including internal risk assessments.
4. In discussions with bank management, determine whether there have been any significant
changes (for example, in policies, processes, personnel, control systems, third-party
relationships, products, volumes, acquisitions, sales, markets, and geographies) since the
prior credit card lending examination.
5. Based on an analysis of information obtained in the previous steps, as well as input from
the examiner-in-charge (EIC), relevant functional examiner-in-charge (FEIC), or loan
portfolio manager (LPM) determine the scope and objectives of the credit card lending
examination.
6. In preparing for the credit card examination, create a request letter as directed by the EIC
FEIC, or LPM (refer to appendix B, “Suggested Request Items for Credit Card Lending
Activities”).
7. Select from the following primary and supplemental examination procedures the
necessary steps to meet examination objectives and the supervisory strategy.

Version 2.0
Procedures
These procedures are grouped by functional and product-specific areas. They guide
examiners’ assessments of the quantity, aggregate level, and direction of credit, operational,
strategic, and reputation risk, and the quality of risk management. The primary examination
procedures are “Management,” “Risk Management,” “Information Technology,” “Marketing
and Product Development,” “Underwriting,” “Account Management,” and “Collections,” and
apply to all credit card lending activities. These functional areas also contain supplemental
procedures. In addition, based on the bank’s activities, supplemental procedures should be
used, including “Profit Analysis,” “ALLL or ACL,” “Purchased Credit Card Relationships,”
“Third-Party or Private-Label Partner Management,” “Debt Suspension and Cancellation
Programs,” “Accounting for Rebate Programs,” “Program Availability and Eligibility
Standards,” “Credit Terms and Methods of Payment,” “Credit Reporting,” and “Compliance
With Consumer Protection-Related Laws and Regulations.”
The scope of credit card lending supervisory activities depends on the examiner’s knowledge
of those activities, the amount of total and product exposure, and the amount of risk posed to
the bank’s earnings and capital. The primary procedures provide the steps used for
completing a comprehensive credit card lending examination in small or noncomplex
operations, and serve as the base credit card lending procedures for large or more complex
operations. While reviewing credit card activities, examiners should remain alert for lending
practices and product terms that could indicate noncompliance with consumer laws and
regulations, including potentially discriminatory, unfair, deceptive, abusive, or predatory
practices.
The scope of the review may be expanded as necessary when the bank offers new or
significantly changed products; when a particular concern exists; or in large, complex
operations. In these situations, examiners should select the appropriate supplemental
examination procedures in this booklet to augment the primary procedures. The supplemental
procedures are grouped by functional and product-specific areas. Examiners are also
encouraged to refer to other Comptroller’s Handbook booklets, including “Allowance for
Loan and Lease Losses,” “Concentrations of Credit,” “Internal and External Audits,”
“Internal Control,”81 “Loan Portfolio Management,”82 “Rating Credit Risk,” and “Retail
Lending.” In addition, examiners may refer to appropriate booklets in the Consumer
Compliance series of the Comptroller’s Handbook, as well as other resources, including the
FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual.
Fully document findings, conclusions, and recommendations in a memorandum for review

and approval by the EIC, FEIC, or LPM. Reach a conclusion with respect to the quality of
81
The “Internal Control” booklet applies to the OCC’s supervision of national banks. For FSAs, refer to OTS
Examination Handbook, section 340, “Internal Control.”
82
The “Loan Portfolio Management” booklet applies to the OCC’s supervision of national banks. For FSAs,
refer to OTS Examination Handbook, section 201, “Overview: Lending Operations and Portfolio Risk
Management.”

Version 2.0
risk management, the quantity of risk, and the aggregate level and direction of risk, and
include all necessary support. To accomplish these objectives, do the following:
• Provide special mention and classified asset totals to the EIC, FEIC, or LPM. In addition
to the delinquency-based classifications outlined in the “Uniform Retail Credit
Classification and Account Management Policy,”83 consider bankruptcies, workout
programs, and any other segments that meet the special mention and classified
definitions.
• Provide conclusions to the examiner responsible for assessing earnings and capital
adequacy.
• If the bank securitizes assets, provide conclusions and supporting information about
credit quality to the examiner assigned to review securitizations.
• Document matters requiring attention and violations of laws or regulations, consistent
with OCC policy. 84
• Prepare a recommended supervisory strategy.
• Document findings in OCC systems as appropriate.
Management
Conclusion: Based on the responses to procedures, the quality of risk management for the bank’s
management activities is (strong, satisfactory, insufficient, or weak).
Objective: To assess the effectiveness of the overall oversight (including management oversight,
expertise, and staffing) of credit card products currently offered and planned to be offered,
given the bank’s size and complexity.
Primary Examination Procedures
1. Based on the information provided and reviewed when setting the scope of the exam,
determine the adequacy and timeliness of bank management’s response to previous
supervisory activities and any findings or issues requiring follow-up.
2. As provided when setting the scope of the exam, review relevant reports issued by
internal and external audit, QA, QC, credit risk review, risk management, and compliance
management since the prior supervisory activity. Determine the adequacy and timeliness
of bank management’s responses to the issues identified and any findings or issues
requiring follow-up. Request work papers, if warranted.
3. Review the minutes of credit card lending-related committee meetings conducted since
the prior supervisory activity.
83
84
For more information, refer to the “Bank Supervision Process” booklet of the Comptroller’s Handbook.

Version 2.0
4. Determine the level of compliance with or divergence from strategic business plans
through risk assessments and impact analysis. (Note: Significant deviation from plans
may lead to a change in the quantity and quality of products, services, controls,
management supervision, and technology. Management should have a clear and
demonstrable understanding of the anticipated impact of the strategic changes on the
financial condition of the operation.)
5. Review staffing levels and expertise relative to origination volume, servicing size, or
complexity of operations. (Note: Insufficient staffing levels, experience, and operational
efficiency can lead to high error rates and may pose significant risk to the bank.)
6. Examine complaint data to identify potential indicators of risk management weaknesses

or other deficiencies. Examiners should review Customer Assistance Group reports, the
CFPB database, and bank reports to assess the volume, themes, and trends of customer
complaints. If warranted, consider whether additional actions are required, such as
expanding the examination scope or adjusting the supervisory strategy.
7. Determine whether the bank has accurately assessed the reasons for credit card
complaints and instituted appropriate steps to provide relief to existing customers and
prevent further events from occurring.
8. Review the key risk limits for each of the major functional areas, such as underwriting,
credit administration, and collections. (Note: Absence of meaningful risk limits usually
indicates that the bank does not understand the nature of the risk and is vulnerable to
unknowingly accepting excessive risk, such as credit, operational, or interest rate risk.)
9. Assess the depth and timing of management and board reporting. (Note: Insufficient and
lagging reporting efforts may suggest a high level of management and oversight risk.
Management is not able to effectively integrate appropriate risk management processes
without a clear knowledge of account management, profitability, and product
expectations.)
10. Review the functional organization dynamics and assess the separation of duties among
the primary operating functions (scoring and modeling, marketing, underwriting, and
account management). (Note: Insufficient functional independence may lead to conflicts
of interest and expose the bank to various risks, such as credit, operational, and liquidity
risk.)
11. Review the volume of credit card originations, portfolio size and turnover rate, and the
dollar amount of the servicing portfolio. (Note: Significant changes may cause concerns,
such as management’s desire to accelerate earnings or an absence of appropriate
management oversight.)

Version 2.0
Supplemental Examination Procedures
1. Discuss the bank’s planning process with management and determine whether the
process is formal or informal. The applicability of the following steps depends on the size
and complexity of the bank and the process the bank currently has in place.
2. Determine whether the credit card lending component of the strategic plan is realistic and
prudent given the current competitive, economic, and legal environments and the bank’s
capacity and level of expertise.
• Assess the bank’s strategy and any supporting documents.

• Determine whether the bank’s objectives are consistent with its strategic plan.
• Determine whether marketing plans and budgets are consistent with the bank’s
overall retail credit objectives and strategic plan.
• Review the competitive analysis (bank-prepared) and available industry information.
• Review the analysis of economic, legal, and other external factors.
• Review the assumptions used to develop the strategic plan and assess the
reasonableness of the assumptions.
• Review the organizational structure and management expertise in key positions and
determine whether they are adequate to execute the strategic plan (incorporating
conclusions regarding capacity).
• Determine whether the internal control questionnaire (ICQ) should be completed.
3. Assess the adequacy of the bank’s process for tracking performance against the strategic
plan.
• Determine the process to track actual performance against the plan.

• Assess the adequacy of the process, including
– timeliness, accuracy, and detail of reports.
– frequency of reports.
– report distribution, including whether results are provided to senior management
and the board.
• Assess the bank’s process for revising the plan and supporting operating or product
plans to reflect current information and trends.
4. Determine whether bank management adequately considers the economic cycle in the
planning process.
• If the bank does not incorporate such information, determine whether planning is
appropriate given the bank’s circumstances (e.g., size and complexity of operation,
market).
• Determine which department develops the scenarios (e.g., finance, marketing, or risk
management) and obtain copies of the best, worst, and most likely scenarios.
• Review the assumptions used, the reasonableness of the assumptions, and the
frequency of analyses.

Version 2.0
• Determine whether the bank uses stress testing. If the bank does not have such a
process, discuss with management how the portfolio would withstand an economic
downturn. For example, how would account performance be affected in a downturn,
and are standards effective to mitigate risk of loss?
• Determine how bank management uses this information in the planning process.
5. Determine whether the bank has sufficient management expertise and whether bank
management is held accountable for executing the portions of the strategic plan that focus
on the bank’s credit card operations.
• Using the organization chart, discuss the backgrounds and responsibilities of key
managers with senior management. Confirm understanding of those roles with the
key managers.
• Obtain the criteria for key management compensation programs and position
evaluations or performance elements. Determine whether they include appropriate
qualitative (risk) considerations in addition to quantitative (growth or marketing)
goals, and whether the goals are consistent with the bank’s plan. In addition, review
key managers’ performance-based compensation for the most recent evaluation
period to assess whether managers are held accountable for meeting agreed strategic
and portfolio objectives.
• Incorporate the results from the other examination objectives in reaching conclusions
regarding bank management.
6. Determine whether the bank’s credit card strategy establishes realistic risk tolerances.
• Determine whether the plan incorporates risk parameters for growth, credit quality,
concentrations, income, and capital.
• Determine how the limits were established (e.g., assumptions used).
• Assess the limits for reasonableness.
• Discuss with management the key risks and obstacles (strengths, weaknesses,
opportunities, and challenges) to achieving the plan.
7. Determine whether the bank’s operational capacity, infrastructure, and MIS are
sufficient to support and execute the bank’s credit card operations.
• Determine whether key operations and systems managers are adequately involved in
the planning process.
• Discuss capacity planning with bank management (e.g., facilities, systems, staffing,
and training).
• If available, obtain and review the most recent capacity studies for staffing (including
underwriting, collection, and control functions), facilities, systems, and technology .
Assess adequacy and identify the implications for plan execution. Assess bank
management’s response to study findings and the potential impact on current plans.
• Review the retail organizational structure and note any significant changes in senior
management or staffing levels, including turnover trends for significant functional
areas.

Version 2.0
• Review the compensation plans in place for the various functional areas (e.g., sales
and originations, collections), assess the reasonableness of those plans, and determine
whether adherence to compliance responsibilities is included.
• Incorporate the results from the other examiners assigned to the review; determine
whether those results reveal any capacity, infrastructure, or MIS issues or problems.
8. Determine whether bank management has a process for establishing specific performance
goals for items such as loan growth, policy overrides, credit performance, and
profitability for the retail credit card portfolio as a whole and segmented by product.
Determine whether management effectively tracks actual performance against these
goals.
9. Evaluate the expected performance of the credit card portfolio and the individual
products through analysis of management reports, portfolio segmentation, and
discussions with bank management. Specifically, review
• score distributions and trends for accounts over time, evaluating scores at application
(e.g., application score and bureau score), refreshed bureau scores, and behavior
scores.
• delinquencies and losses by credit score range for each major scoring model, and
whether there has been any deterioration of the good-to-bad odds.
• trend in advance rates and the effect on performance and loss severity.
• loan growth sources (e.g., branch; region; loan officer; product channels, such as
direct, indirect, telemarketing, direct mail, or internet; and purchased portfolios) and
differences in performance by source.
• levels and trends of policy and documentation exceptions, including risk layering, and
the performance of accounts with exceptions versus the performance of the portfolio
overall.
• volumes and trends of first and early payment defaults.
• volumes and trends of account and balance attrition.
• management’s loss forecasts.
10. Determine whether bank management has appropriately considered and supported loan-
loss allowance and capital needs in the plan.
Risk Management
Conclusion: Based on the responses to procedures, the quantity of risk is (low, moderate, or high),
and the quality of risk management is (strong, satisfactory, insufficient, or weak) for the
bank’s risk management and control activities.
Objective: To evaluate the adequacy of the bank’s processes for identifying, measuring,
monitoring, and controlling risk by reviewing the effectiveness of the bank’s risk
management system, including control systems.

Version 2.0
Note: If the bank uses affiliates or third parties for loan acquisition, servicing, control, or
other key functions, refer to the supplemental examination procedures in the “Third-Party or
Private-Label Partner Risk Management” section of this booklet. Refer to the “Corporate and
Risk Governance” booklet of the Comptroller’s Handbook for more information about
effective risk governance processes.
1. Assess the structure, 85 management, and staffing of each of the control functions,
including credit risk review, internal and external audit, QA, QC, and compliance review.
Note: Compliance is a significant risk for credit card lending. Although consumer
compliance examiners generally assess the quality of the compliance review function,
safety and soundness examiners should understand compliance-related roles,
responsibilities, and coverage, as well as how compliance controls fit into the overall
control plan for credit card lending.
2. Ascertain the roles, responsibilities, and reporting lines of the various control functions
through discussions with senior management.
• Review the organization chart for each function, and evaluate the quality and depth of
staffing (including number of positions) based on the assigned role and the size and
complexity of the operation.
– Review the experience levels of senior managers and staff.
– Determine whether employees are capable of evaluating line-of-business
activities.
– Review management and staff turnover levels.
• Discuss the structure and staffing plans, including known or anticipated gaps or
vacancies, with senior management.
• Review compensation plans to determine whether performance measurements are
appropriately targeted to risk identification and control objectives.
• Determine whether organizational reporting lines create the necessary level of
independence.
Note: If the management and staff of a control function lack the knowledge or
capability to adequately review all or parts of retail operations, bank management
may need to consult or hire appropriate outside expertise.
3. Discuss with senior managers how they confirm that significant risks are appropriately
monitored by at least one control function and how they assess the effectiveness of each
function.
4. Determine whether the risk management function appropriately monitors, analyzes, and
controls the bank’s credit card risks.
85
Depending on the bank, risk management functions may be managed from different areas in the bank (e.g.,
from the line of business or from the corporate offices).

Version 2.0
• Determine risk management’s recurring responsibilities and major projects, including

status of projects, and assess the adequacy of those activities in light of the bank’s
retail credit risk profile, the products offered, and the complexity of the operation.
• Determine whether credit risk decisions involve all key functional areas, including
risk management, marketing, finance, operations, compliance, legal, and information
technology, either formally or informally.
• Determine whether risk management is involved in tactical credit decisions, such as
credit program approvals, program renewals, new products, marketing campaigns,
and annual financial planning.
• Obtain descriptions of key management reports to determine the types and purposes
of reports produced, report distribution, and frequency of preparation.
• Obtain a sample of recent ad hoc or special studies or board reports produced by risk
management to determine the types of analyses performed, the reasonableness of the
scopes and methodologies used, and the accuracy of the conclusions drawn, including
the adequacy of the support provided.
• Determine what technologies and risk tools are deployed and risk management’s role
in the management of those tools, including data warehouse, portfolio management
software, credit scoring and adaptive control systems, and risk models.
• Determine whether market, competitive, legislative, and other external factors are
considered in the risk management process.
5. Review and assess the adequacy of the bank’s policies, procedures, and practices.
Specifically,
• determine whether credit card lending policies were approved by the board of
directors at inception and included in annual policy reviews thereafter.
• identify significant changes in underwriting criteria and terms, how credit scoring
models are used, account management activities (including credit line management
programs), and collection practices and policies. Specifically,
– determine the effect of those changes on the portfolio and its performance.
– determine whether underwriting policies provide appropriate guidance on
assessing whether the borrower’s capacity to repay the loan is based on a
consideration of the borrower’s income, financial resources, and debt service
obligations as required under Regulation Z.
• if the bank uses credit scoring models (e.g., bureau, pooled, or custom),
– determine how the bank confirms that the models in use are appropriate for the
target population and product offering.
– assess the reasonableness of the process used to establish cutoffs and determine
whether bank management changed the cutoffs between examinations and, if so,
the implications for portfolio quality and performance.
– determine whether the policy provides for model monitoring and validation.
– determine whether the model meets the requirements of Regulation B, which
implements the ECOA if the model includes applicant age as a predictive
variable.
– determine whether any other variables in the model implicate the
nondiscrimination requirements of Regulation B.

Version 2.0
• determine how bank management communicates policies and changes to policy to

staff, trains staff to implement changes, and assesses the adequacy of the process.
• evaluate the bank’s process for establishing policy exception criteria and limits, and
for monitoring and approving underwriting policy exceptions (e.g., underwriting
standards, score overrides, and collateral documentation).
• determine the control processes in place to track and monitor policy adherence and
compliance with laws and regulations (e.g., QA, QC, reports, credit risk review, and
audit), and assess the adequacy of those processes.
6. Determine whether bank management considers consumer complaints and complaint

resolution in the risk management process. If not previously completed, obtain copies of
complaints reported to the OCC’s Customer Assistance Group and bank consumer
complaint logs (discuss with the compliance examiner whether the CFPB complaint
database should also be consulted). Evaluate the information for significant issues and
trends. (Note: Complaints serve as a valuable early warning indicator for compliance,
credit, and operational issues, including potentially discriminatory, unfair, deceptive,
abusive, and predatory practices. Refer to the “Compliance Management Systems”
booklet of the Comptroller’s Handbook for more information about complaint resolution
processes.)
7. Determine whether changes to practices and products, including new credit card products
and practices, are fully tested, analyzed, and supported before implementation. (Note:
Refer to the supplemental examination procedures in the “Marketing and Product
Development” section of this booklet for testing guidelines.)
8. Test the effectiveness of the bank’s risk management process for existing and new
products, marketing and collection initiatives, and changes to risk tolerance (e.g.,
initiating or changing credit criteria or adopting new scoring systems and technologies).
Select at least one significant new product, account management practice (e.g., line
increase, pricing, payment holiday), or collection initiative (e.g., workout program,
rewrite) and track it through all phases of the management process. Refer to OCC
Bulletin 2017-43 for more information.
• Planning. Examiners should consider whether strategic plans properly address the
costs associated with new activities. This includes costs associated with initial
development and implementation, as well as control functions, including MIS,
training, and compliance programs. Examiners should understand the bank’s goals for
the new activity and how the bank developed its associated risk appetite. If tracking a
new credit card product, for example, determine how the bank developed new
underwriting standards (e.g., how it analyzed the applicability of the underwriting
criteria and marketing strategies then in use and the basis of any projections), and
how it derived new criteria or strategies (e.g., identify key drivers).
• Execution. Before introducing new activities, management should establish
appropriate policies and procedures that outline the standards, responsibilities,
processes, and internal controls for ensuring that risks are well understood and
mitigated within reasonable parameters. The board should oversee management’s

Version 2.0
implementation of the risk management system as well as the control systems.

Examiners should evaluate the adequacy of the process employed to verify that new
criteria and changes were implemented as intended. (Note: This component is
generally performed by some combination of the information technology, product
management, QC, QA, audit, and loan operations.)
• Measurement. Examiners should consider whether management has appropriate
performance and monitoring systems including MIS, to assess whether the activities
meet operational and strategic expectations and legal requirements and are within the
bank’s risk appetite. Examiners should ascertain how adherence to standards is
measured and how bank management measures the effectiveness of the bank’s
processes by using back-end monitoring and analysis. Determine the key
measurements that bank management uses to analyze the effectiveness of its
decisions (e.g., responder analyses, first or early payment default, vintage reporting
for delinquencies and losses, activation and booking, utilization, risk-adjusted margin,
profit and loss), and the adequacy of back-testing analyses (comparison with targets,
identification and analysis of anomalies).
• Adjustment. Determine how feedback results (lessons learned, opportunities
identified) are incorporated into the process as course corrections or adjustments.
Assess the process for making adjustments as problems or unexpected performance
results are identified and whether the process is both timely and appropriate.
9. Determine whether the bank has the data warehousing capabilities (i.e., the capacity to
store and retrieve pertinent data) to support necessary monitoring, analytical, and
forecasting activities.
10. Evaluate senior management reports (e.g., monthly and quarterly report packages).
Specifically,
• determine whether the reports accurately and completely describe the state of the
bank’s credit card lending.
• evaluate whether reports adequately measure credit risk (e.g., score distributions and
vintage reports), identify trends, describe significant variances, and present issues.
(Note: Reports should allow bank management to assess whether retail operations
remain consistent with strategic objectives and within established risk, return, and
credit performance tolerances.)
• determine whether reports clearly evidence analysis of performance results and trends
rather than merely depicting data.
• determine whether there is any litigation, either filed or anticipated, associated with
the bank’s credit card lending activities, and assess the allegations, the expected cost,
or other implications.
Note: Allegations in litigation, like complaints, may serve as an indicator of compliance,

credit, or operational issues.

Version 2.0
Credit Scoring Models
For more information, refer to OCC Bulletins 1997-24 and 2011-12.
1. Assess the scorecard management process and determine the department or personnel
responsible for scorecard and model development or procurement, implementation,
monitoring, and validation.
• Obtain a model inventory to determine the models in use. Determine whether the
inventory includes the following:
– Name of the model
– Model description
– Type (custom, generic, behavioral)
– Date developed
– Source (name of the third-party or in-house modeler)
– Purpose (e.g., application, response, attrition, pricing, profitability)
– Date last validated and next scheduled validation date
– Models under development, if any
– Management contact for each model
• Determine whether scorecards are used for purposes consistent with the development
process and populations. If not (e.g., scorecards are applied to a different product or
new geographic area), assess the ramifications and acceptability.
• Review the most recent independent validation reports for key risk scoring models
and discuss the conclusions with management.
• Discuss how bank management uses the models to target prospects, underwrite
applications, and manage the portfolio.
• Determine how bank management measures the ongoing performance and robustness
of models (e.g., good/bad separation, bad rate analysis, and maximum delinquency or
“ever bad” distribution reports).
• Review scorecard tracking reports to assess how the models are performing. Select
tracking reports for key models, determine whether model performance is stable or
deteriorating, and assess how bank management compensates for deteriorating
efficacy. Benchmark key performance measures against values derived from the
development sample.
• Determine how cutoffs are established, reviewed, and adjusted. Review the most
recent cutoff analysis for key risk models.
• Determine the bank’s score override policy, assess the adequacy of associated
tracking, and review override volume and performance. Determine whether bank
management segments low-side overrides by reason and whether it tracks
delinquencies or defaults by reason and override score bands, and assess the
performance and trends.
• Review chronology logs to determine changes in the credit criteria or risk profile and
to explain shifts in the portfolio, including in volume and performance.

Version 2.0
2. Select at least one key credit risk scoring model and fully assess the adequacy of the
model management process.
• Review the original model documentation or scorecard manual and assess bank
management’s adherence to the modeler’s recommended scorecard maintenance
routine.
• Compare the population characteristics and the developmental sample performance
odds with the bank’s current experience.
• Review model performance reports and assess the adequacy of bank management’s
response to the issues or trends identified. Reports reviewed may include applicant
distribution, population stability, characteristic analysis (if indicated by a population
shift), override tracking, and vintage delinquency and loss distribution reports.
• Review early-warning analyses for early indications of deteriorating model
performance, such as a rise in early delinquencies relative to what would be expected
from the time frame of delinquencies in the development data.
Credit Risk Review
For guidance regarding credit risk review, refer to OCC Bulletin 2020-50.
3. Assess the adequacy of the credit risk review process for credit card lending. Determine
whether credit risk review
• provides a risk assessment of the quality of risk management and quantity of risk.
• identifies relevant trends that affect the quality of the portfolio and highlights
segments of the portfolio that are potential problem areas.
• assesses the adequacy of and adherence to internal credit policies and loan
administration procedures.
• tests for policy exception tracking and controls.
• monitors compliance with applicable laws and regulations, including an assessment
of whether any lending practices are discriminatory, unfair, deceptive, abusive, or
predatory.
• assesses of the accuracy and adequacy of reporting.
• conducts reviews with appropriate frequency on the significance of the risks involved.
• staffing levels and experience are commensurate with the complexity and risk in the
retail lending area.
• is independent from the production process.
• possesses sufficient authority and influence to correct deficiencies.
4. Review recent credit risk review reports. Determine whether
• reports are issued in a timely manner following completion of reviews.

• reports provide meaningful conclusions and accurately identify concerns.
• significant issues require management’s written response.
• management initiates timely and appropriate corrective action.

Version 2.0
• the issues that are identified and the status of corrective actions are tracked and
reported to management and escalated to senior management, the board, or a board
committee if uncorrected or of high significance.
Note: Weaknesses identified by examiners, but not identified by the credit risk review,
may be evidence of deficiencies in credit risk review processes or staffing.
Quality Control
5. Assess the adequacy of the bank’s QC process for its credit card lending operation.
Determine whether
• the process assesses ongoing consistency with key credit and operational policies and
procedures and compliance with applicable laws and regulations for all primary areas,
including
– loan origination.
– account management programs.
– fraud.
– customer service.
– collections.
Note: QC processes should be established for all direct lending activities and any
third-party loan servicing and origination arrangements.
• QC tests the integrity and accuracy of data.
• the frequency of reviews is properly geared to the significance of the risk.
• the testing or sample sizes are appropriate.
• the QC function has sufficient authority and influence to correct deficiencies or curb
noncompliant practices.
6. Review a sample of QC ongoing testing worksheets and periodic summary reports (e.g.,
monthly summaries of testing conclusions). Determine whether
• the reporting process allows for timely feedback to bank management.

• worksheets and summary reports accurately identify concerns.
• significant issues require management’s written response.
• the issues that are identified and the status of corrective actions are tracked and
reported to senior management and escalated to executive management if uncorrected
or of high significance.
Note: Weaknesses identified by examiners, but not identified by the QC function, may be
evidence of deficiencies in QC processes or staffing.
7. If the QC function is not independent from the loan production process, determine
whether internal audit or credit risk review tests QC to validate that bank management
can rely on those findings.

Version 2.0
8. If reviews and testing by QC do not include significant risk areas, communicate findings
to the EIC to determine whether it is appropriate to complete transaction testing in areas
not covered by QC. (Note: Examiner transaction testing provides a check-the-checker
control and helps examiners determine the strength of the QC function.)
Internal Audit
9. Assess the adequacy of internal audit. Determine whether
• the scope includes appropriate testing for adherence to key credit and operational
policies and procedures, compliance with applicable laws and regulations, and
implementation of sound risk management.
• the frequency of reviews is properly geared to the significance of the risks.
• internal audit is independent.
• internal audit has sufficient authority and influence to correct deficiencies or curb
noncompliant practices.
Note: For more information, refer to the “Internal and External Audits” booklet of the
10. Review recent internal audit reports. Determine whether
• reports are issued in a timely manner following completion of the audit work.
• reports accurately identify concerns.
• significant issues require bank management’s written response.
• issues that are identified and the status of corrective actions are tracked and reported
to senior management.
Note: Weaknesses identified by examiners, but not identified by internal audit, may be
evidence of deficiencies in internal audit processes or staffing.
MIS
11. Determine whether there is an adequate process in place to reconcile major balance sheet
categories and general ledger entries on a daily basis.
12. Assess the adequacy of MIS and reports with respect to providing bank management with
the necessary information to measure, monitor, and control risks associated with credit
card lending. Determine whether
• the bank has adequate processes for data integrity and report accuracy and that
balances and trends included in bank management’s retail credit reports reconcile
with the bank’s general ledger and the call report.

Version 2.0
• various department reports are consistent; for example, the reports show the same
numbers for the same categories and time periods regardless of the unit generating the
report.
• descriptions of key management reports are maintained and updated.
• reports are produced to track volume and performance by product, channel, and
marketing initiative, and to support any test with implications for credit quality or
performance (e.g., pricing, open-end line assignment or adjustment, advance rates).
This reporting process should be fully developed and implemented before the bank
offers new products or initiates tests in order to accurately monitor new product
performance from inception.
• MIS and reports are available to clearly track volumes, performance, and trends for
all types of forbearance or workout programs and settlements, as well as activities
such as re-aging, extensions, deferrals, renewals, and rewrites.
• reports are clearly labeled and dated.
13. Evaluate the condition and risk profile of the credit card portfolio and individual products
by reviewing historical trends and current levels of key performance indicators. Such
indicators include, but are not limited to, loan balances, utilization, delinquencies, losses,
recoveries, and profitability. Focus primarily on dollar balance percentages, but also
consider percentages of numbers of accounts. Review performance indicators for
• portfolio segments, acquisition channels, and acquired portfolios.

• third-party originators, including brokers and dealers.
• internal performance indicator hurdles and metrics. Compare actual performance
indicators with internally established objectives.
• comparison with industry and peers, using available information sources (e.g.,
American Bankers Association, Argus, Consumer Bankers Association, Risk
Management Association, Visa’s Issuer Risk Key Indicators (IRKI), and rating
agency and securitization research). Compare industry indicators with bank
performance.
In addition to coincident analysis, 86 consider performing vintage analysis,87 especially if

underwriting criteria, loan terms, or economic conditions have changed, and lagged
86
Coincident analysis relies on end-of-period reported performance, (e.g., delinquencies or losses in relation to
total outstandings of the same date).
87
Vintage analysis groups loans by origination time period (e.g., quarter) for analysis purposes. Performance
trends are tracked for each vintage and compared to other vintages for performance relative to similar time on
book.

Version 2.0
analysis88 if the portfolio exhibits significant growth. If available and well maintained,
the bank’s chronology log89 may prove useful in determining the causes of variances.
Information Technology
credit card information technology activities is (strong, satisfactory, insufficient, or
weak).
Objective: Assess the adequacy of the credit card lending’s IT structure, operating environment,
and control practices.
Note: These procedures are intended to provide an overview of IT in the credit card function.
The procedures are not all-inclusive and should be adjusted accordingly. Refer to the FFIEC
Information Technology Examination Handbook as needed.
1. Determine whether the bank adopted new internet-based systems for credit card
origination, processing, pricing, or delivery, or enhanced existing usage of such systems.
2. Assess the level of remote access for independent agents and information walls to assure
third-party confidentiality.
3. Review the number and nature of outsourcing relationships. Third parties can be
problematic for a bank to manage given the technical challenges of connecting to each
third party and the potential for increased electronic threats.
4. Determine whether the bank uses a third party to process credit card applications and if
so, assess the adequacy of the bank’s safeguards for the security of the customers’
personal information.
5. Assess the level of access controls over customer information from internal as well as
external threats.
6. Review the bank’s incident response process to system problems. Rapid identification
and mediation are imperative to recovery and monitoring for future events.
88
Lagged analysis minimizes the effect of growth by using the current balance of the item of interest as the
numerator (e.g., loans past due 30 days or more), and the outstanding balance of the portfolio being measured
for some earlier date as the denominator. This earlier date is usually at least six months before the date of the
information used in the numerator.
89
The chronology log is a sequential record of internal and external events relevant to the credit function.

Version 2.0
7. Determine whether the bank has properly segregated IT duties. Failure to appropriately
segregate IT duties from the production process can expose the bank to fraud schemes
and, ultimately, affect its earnings and capital.
8. Determine the existence, testing, and updating of the business continuity processes.
Examine the assumptions, change control processes, data synchronization procedures,
crisis management methodologies, and incident response times for level of continuity.
1. Review internal and external IT audit comments and reports that address the technology
supporting the credit card business.
Note: IT-related audit comments and reports may be issued by a specialized IT audit
group or integrated with general internal or external audit comments and reports.
2. Review internal IT risk assessments of the technology systems that support credit card
activities.
3. Obtain and review technology management reports to assess performance trends of key
credit card lending systems.
4. Obtain and review a list of recent credit card IT projects, e.g., new systems,
enhancements, and upgrades.
5. Review meeting minutes from the board of directors or designated committee overseeing
credit card activities.
Note: The IT examiner should coordinate this review with the credit card lending EIC.
6. After review of examination procedures 1 through 5 and discussion with the credit card
lending EIC, determine the scope of the IT examination.
7. Determine whether key credit card systems are operated internally or by a third-party
vendor. If the credit card system is managed by a third party, review the service contract
and assess the effectiveness of the bank’s third-party relationship management program.
Refer to OCC Bulletins 2013-29, 2017-7, and 2020-10 and the “Outsourcing Technology
Services” booklet of the FFIEC Information Technology Examination Handbook.
8. Assess the effectiveness of the IT control environment managed by the bank’s IT

department, with emphasis on
• IT management.
• IT audit.
• systems development life cycle.
• data input, access, processing, and change controls.

Version 2.0
• data and system validation.

• network performance monitoring.
• information security.
• business continuation and disaster recovery planning and testing.
• user access controls.
• systems administrator practices.
• level and quality of IT technical staff.
9. Assess access control and change management policies and procedures for internally
developed and off-the-shelf software used by the credit card function.
10. Discuss any IT-related issues and concerns with the credit card EIC and bank
management.
Marketing and Product Development

marketing and credit card product development activities is (strong, satisfactory, insufficient,
or weak).
Objective: To determine whether the bank’s credit card marketing activities are consistent with the
bank’s business plans, strategic plans, and risk tolerance objectives, and whether appropriate
controls and systems are in place before the bank rolls out new credit card products or new-
product marketing initiatives. Risk management guidance pertaining to new, expanded, or
modified bank products is set forth in OCC Bulletin 2017-43.
1. Assess the structure and expertise of the marketing function, focusing on bank
management, key personnel, and staffing adequacy.
2. Review the bank’s credit card marketing plan and assess it for reasonableness given the
bank’s strategic plan and objectives, level of expertise, capacity (operational and
financial resources), market area, and competition.
• Determine whether the bank has based its plan on internally or externally prepared
market, economic, or profitability studies. If so, obtain and review copies of those
studies.
• Review the process for developing and implementing marketing plans, with particular
attention to whether the appropriate functional areas (e.g., risk management, finance,
operations, information technology, legal, and compliance) are involved throughout
the process.
• Assess the appropriateness of the data and assumptions used to develop marketing
plans, in part through the review of reports that track actual performance against
marketing plans.

Version 2.0
• Discuss with bank management the controls in place to monitor marketing plans and
activities.
Note: Before the implementation of any marketing initiative, including the rollout of
a new product or change to an existing product, bank management should review all
marketing materials, consumer disclosures, product features, and terms to identify
and address potential discriminatory, unfair, deceptive, abusive, or predatory lending
practices.90
• Discuss with bank management any significant changes made to or planned for the
bank’s account acquisition, account management, and cross-selling strategies,
including changes in channels and the use of third parties.
3. Assess new credit card product development. Specifically,
• discuss with bank management the new-product development process.

• determine whether there are written guidelines for what constitutes a new product.
• review new-product proposals and plans approved since the last examination.
• determine whether the appropriate functional areas (e.g., risk management, finance,
operations, information technology, legal, and compliance) are involved throughout
the development process to ensure that associated risks are identified and controlled .
In addition, determine whether these functional areas remain involved during the
implementation phase.
• evaluate systems planning to determine whether MIS and reporting needs are
adequately researched and developed before new products are rolled out. Specifically,
determine whether the systems and reports are adequate to supervise and administer
new products.
• evaluate the adequacy of the review and approval processes for new products.
• determine whether bank management, including appropriate legal and compliance
personnel, reviews marketing materials during the product development and
implementation phases to avoid deceptive or misleading advertising, terms, and
disclosures.
• determine whether the planning process adequately identifies and addresses the risks,
operational needs, and systems support associated with different solicitation methods
and channels, including direct applications, preapproved offers, indirect (broker or
dealer), loan-by-phone, and the internet.
1. Evaluate the adequacy of the bank’s test process for new credit card products, associated
marketing campaigns, and other significant initiatives. Review the process to determine
whether testing
For more information, refer to the “Fair Lending” and “Unfair or Deceptive Acts or Practices and Unfair,
90
Deceptive, or Abusive Acts or Practices” booklets of the Comptroller’s Handbook.

Version 2.0
• is a required step for any new products or significant marketing and account
management initiatives.
• is properly approved. Senior management should approve the testing plan, and it
should determine that the proposed test is consistent with the bank’s strategic plan
and meets strategic objectives.
• requires clear descriptions of test objectives and methods (e.g., assumptions, test size,
selection criteria, and duration), as well as key performance measurements and
targets.
• includes a strong test and control discipline. The test should include a clean holdout
group and test groups that are not subject to any significant account management or
cross-selling initiatives for the duration of the test. (Note: Strict test group design
enables bank management to draw more accurate performance conclusions.)
• is accorded an adequate period of time, sufficient to determine probable performance
and to work through any operational or other issues. When the new credit card (or
associated marketing) or other initiative involves a significant departure from existing
bank products or practices, the test duration should probably be longer. (Note: Tests
generally should run for at least six months, or up to nine or 12 months per industry
practice. The time frame may vary depending on the product or practice being tested.)
• is supported by appropriate MIS and reporting before implementation.
• includes a thorough and well-supported postmortem analysis in which results are
presented to and approved by senior management and the board before full rollout.
2. For affinity and cobranding programs, perform the following steps:
• Determine whether any of the programs

– diverge from the bank’s underwriting standards.
– offer preferential pricing.
– offer features not available to other bank customers.
• If a program diverges from the bank’s underwriting standards, offers preferential
pricing, or offers features not available to other bank customers,
– evaluate the appropriateness of program differences; and
– determine the overall impact on the portfolio quality and discuss your findings
with bank management. Use transaction testing, as appropriate, to determine this
impact.
• Review the terms of contracts with affinity groups or business partners to determine
whether bank management has agreed to any inordinate or large concessions or
assumed any contingent liability.
• If bank management granted any inordinate or large concessions or assumed any
contingent liability, investigate the reasons, particularly if the bank has only one or a
few partners.
• Determine whether the issuer reviews the financial condition of its partners, and
whether any partner’s financial condition may be questionable.
3. Determine whether bank management assesses how underwriting standards for the new
products may affect credit risk and the bank’s risk profile.

Version 2.0
4. Evaluate cross-selling strategies, including the criteria used to select accounts.
5. If the bank maintains a data warehouse, determine how it is used for marketing purposes
and if it is capable of aggregating customer loan relationships.
6. Determine the adequacy and effectiveness of the bank’s controls with respect to
information sharing, for both affiliates and unrelated third parties.
7. Prepare profiles for each of the products offered. Address
• product description, including any unique characteristics and a general overview of

terms (including pricing), target market (credit quality and geographic), and
distribution channels.
• changes in the product characteristics since the last examination.
• volume and trends summary, discussing growth to date and planned growth.
8. Select at least one new product introduced since the prior supervisory activity to assess
the bank’s planning process. Specifically, review
• planning documents and the final approved proposal.

• tests and analysis conducted, including performance compared with expectations.
• tracking reports.
• available risk management, QA, QC, and audit reviews.
• any subsequent product modifications and the basis or documented support for those
changes.
• management review and approval documentation.
• information presented to executive management, management committee, board
committee, or the board of directors (depending on the risk profile of the bank).
9. Develop conclusions about whether marketing activities are consistent with the bank’s
business plans, strategic plans, and risk tolerance objectives, and whether the activities
comply with applicable laws and regulations. Determine whether appropriate controls
and systems are in place before new products or marketing initiatives are rolled out.
Underwriting
credit card underwriting activities is (strong, satisfactory, insufficient, or weak).
Objective: To assess the quality of the bank’s new credit card loans and any changes from past
underwriting; determine the adequacy of and adherence to credit card lending policies and
procedures; determine compliance with applicable laws and regulations; and gain a thorough
understanding of the processes employed in account origination.

Version 2.0
1. Ascertain and evaluate the types of credit card products the bank offers, and evaluate the
reasonableness of the following:
• Loan products offered and planned to be offered

• Underwriting standards and terms, including the bank’s evaluation of consumers’
ability to pay as required by Regulation Z (12 CFR 1026.51)
• Degree of innovation (e.g., new terms, products, and markets)
• Markets served and economic conditions
• Competitive environment
• Volume and proportion of loan portfolio (managed and on book), by product
• Level of participation in high-risk or subprime lending
• Types of marketing and account acquisition channels
• Historical and planned growth
• Securitization activities
Note: When evaluating lending activities, examiners should remain alert for practices and
product terms that could indicate potentially discriminatory, unfair, deceptive, abusive, or
predatory practices.
2. Review new-account metrics to determine the composition and quality of accounts being
booked and the adequacy of reports to track new-loan volume. Compare the quality of
recent bookings with the quality of accounts booked in the past. Metrics evaluated by
product should include
• application volume and approval and booking rates.

• distribution of credit scores, if used, by category of application: those submitted,
approved, and booked.
• price tiers and fees.
• average line amount.
• initial utilization or draw rate.
• geographic distribution.
• override volume.
• credit policy exceptions.
3. Obtain an overview of the origination process and the steps involved. When describing
the process in the work papers, document the following:
• Aspects of the underwriting process that are automated versus manual.

• Use of credit scoring models (e.g., types of models, history of model use, monitoring,
and validation).
• Differences in the underwriting processes arising from the application channel (e.g.,
direct mail, telemarketing, “take-one” applications in branches, internet) and from

Version 2.0
card types (e.g., affinity, cobranded, private-label, corporate or commercial, and

secured).
• Differences for unsolicited versus prescreened applications.
4. Determine how bank management evaluates underwriter performance by monitoring

new-loan and subsequent-performance reports for or focused on the underwriter; by
transaction testing completed for each underwriter by the manager and the QA, QC, and
credit risk review departments; or by another method.
5. If the bank uses credit scoring in the underwriting process, assess the mix of automated
and judgmentally approved loans. Also, refer to the “Credit Scoring” steps in the
supplemental examination procedures in the “Risk Management” section of this booklet.
Document findings and draw conclusions from the review of the bank’s credit card
lending policies. Examiner conclusions on the quality of credit card lending underwriting
standards should be used to complete the appropriate Credit Underwriting Assessment.
1. For banks that lend in multiple geographic areas or states, confirm that bank management
performs periodic bureau preference analyses to determine optimal credit bureaus for
different states or localities.
2. Obtain a copy of or access to the bank’s credit card lending policies and procedures.
Assess the adequacy and soundness of the policies and procedures, focusing on the main
criteria used in the decision-making process and, if applicable, the verification processes
used to confirm application and transaction information. Evaluate
• permissible types of accounts.

• lending authority and limits, and the exception approval process.
• limits on concentrations of credit (e.g., product, geographic, broker, dealer, and score
band).
• credit underwriting criteria, including measurements of the borrower’s capacity to
repay the loan (e.g., debt-to-income ratio or net disposable income calculations) and
treatment of derogatory credit bureau items.
• credit scorecard cutoffs and tolerances for overrides.
• borrower credit grade definitions (e.g., A, B, and C).
• pricing considerations.
• exception and override processes, criteria, and tracking.
3. Determine whether the bank’s or third parties’ policies and procedures provide adequate
guidance to avoid discriminatory, unfair, deceptive, abusive, and predatory lending
practices, and whether these policies and procedures are consistent with sound risk
management principles.
If weaknesses or concerns are identified, consult the bank’s EIC or compliance examiner.

Version 2.0
Note: For more information, refer to the “Fair Lending” and “Unfair or Deceptive Acts
or Practices and Unfair, Deceptive, or Abusive Acts or Practices” booklets of the
4. Assess the adequacy of the process for changing the underwriting standards applicable to
the bank’s credit card portfolio. Review all changes in standards since the last
examination and determine the effect on the quality of the loan portfolio.
• Review analyses and documentation supporting recent changes to underwriting

criteria and score cutoffs.
• Discuss reasons for changes (if not readily apparent) with bank management and
determine whether there has been a shift in the credit risk appetite.
• Determine whether all affected functional areas provide input to underwriting
changes.
• Verify that bank management maintains a chronology of significant changes to
underwriting standards.
If applicable, document findings of any significant changes to the bank’s credit card
lending policies. Draw conclusions on the quality of credit card lending underwriting
standards resulting from changes to complete the appropriate Credit Underwriting
Assessment in Examiner View.
5. Evaluate limits on, and tracking and reporting of, credit policy exceptions and scorecard
overrides. Determine whether
• volumes are consistent with policy limits, and whether those limits are reasonable.
• management tracks the volume and trends of policy exceptions (by type) and of
overrides (separately and by reason code).
• management tracks the performance (i.e., delinquencies and losses) of these accounts
over time, by type, and compares the performance with that of the overall portfolio.
• as warranted, management responds appropriately to the levels of overrides and
exceptions, adjusting underwriting policies and exception limits or providing
additional underwriter training accordingly.
• overrides resulted in potential discrimination on a prohibited basis. Refer such
concerns to the EIC and examiner responsible for consumer compliance.
• management appropriately identifies the effects of the levels of exceptions and
overrides and the performance of affected accounts on the quantity and direction of
credit risk.
6. Select and analyze appropriate credit card product samples to determine credit quality, to
verify adherence to bank underwriting policies, to assess the adequacy of analysis and
decision documentation, to assess compliance with laws and regulations, to determine
whether reports accurately capture exception information, and to determine whether
practices exist that are inconsistent with bank policy or that are not adequately depicted in
existing management reports. For more information about selecting samples, refer to the

Version 2.0
“Sampling Methodologies” booklet of the Comptroller’s Handbook. For each significant

product type, perform the following steps:
• Sample recently approved accounts to assess adherence to underwriting policy and

applicable laws and regulations. If the bank uses credit scoring, select two samples:
one sample from accounts not automatically approved (e.g., judgmental decision
involved even if credit scoring is used as a tool) and one sample from accounts
automatically approved. Include in the sample accounts originated from each
significant marketing channel and, if warranted, consider expanding the sample to test
specific channels more thoroughly.
• Sample recently approved accounts that represent exceptions to underwriting policy
to determine whether credit decisions are consistent, whether the analysis and other
support for them are adequate, and whether the exceptions are approved on a
prohibited basis.
• Use the bank’s credit files, account origination systems, and reports to create a
worksheet to summarize information for the sample. The worksheet should be
tailored to fit the product and the bank’s underwriting criteria but should generally
include the following information:
– Account data: Name, account number, origination date, account balance, credit
line amount, current status, employment information, time at residence.
– Underwriting terms: Credit score (bureau, pooled, or custom), debt-to-income
ratio, interest rate.
– Underwriting policy exceptions and score overrides: Indicate whether bank or
examiner identified.
If prepared properly, the worksheet facilitates examiner analysis and provides a sound
foundation for reaching conclusions about the adequacy of the bank’s policy and its
adherence to that policy.
Document findings to support quality of credit card lending underwriting practices and
direction of underwriting practices for selected loans in the Credit Underwriting
Assessment.
7. Based on the results of the testing and the severity of the concerns identified, determine
whether the samples should be expanded. Refer to appendix A, “Transaction Testing,”
for additional sample suggestions.
8. Document conclusions of quality of credit card underwriting practices and direction of

underwriting practices in the appropriate Credit Underwriting Assessment in Examiner
View.
9. Develop conclusions with respect to the quality of the bank’s new loans, any changes
from past underwriting, the adequacy of and adherence to credit card lending policies and
procedures, compliance with applicable laws and regulations, the processes employed in
account origination, MIS for monitoring new-loan volume, and implications for the risk
profile of the loan portfolio. Clearly document all findings.

Version 2.0
Account Management
credit card account management activities is (strong, satisfactory, insufficient, or weak).
Objective: To assess the effectiveness of activities and strategies used to enhance performance and
increase profitability of existing, nondelinquent accounts or portfolios, and determine the
implications for the quality of the portfolio and the quantity and direction of risk .
1. Determine whether bank systems are capable of aggregating the entire loan relationship
by customer (multiple loan accounts by product and in total) for the purpose of customer-
level account management. If so, determine the extent to which the bank uses that
capability.
2. Determine whether the bank uses credit scoring for nondelinquent account management.
If so, identify the type of scoring used (e.g., refreshed bureau, behavior, and bankruptcy
scores), the frequency of obtaining updated scores, and how the scores are used in the
account management process.
3. If the bank does not use scoring, determine how bank management reviews the bank’s
account base for changes in credit quality (e.g., bureau warning screens) or to identify
marketing opportunities. Determine whether the process is reasonable, including any
actions taken based on the reviews.
4. Review and assess the adequacy of written policies and procedures, including disclosure
requirements, governing account management activities. Account management activities
may include
• line increase and decrease programs.

• line suspension, lines that convert to amortization, and closure programs.
• graduation programs. 91
• balance transfer and convenience check offers.
• customer service re-ages, extensions, and deferrals.
• retention programs. (Note: Retention programs are critical to relationship
management and attrition. Be alert to whether the programs are proactive or reactive
and how bank management measures performance.)
5. Determine the adequacy of bank management’s administration of account management

programs. Specifically,
91
In open-end credit, graduation programs reward sustained successful performance of high-risk borrowers by
moving them from a subprime type of account (typically higher-priced, with a lower credit limit, and often
secured) to a more mainstream product.

Version 2.0
• review the adequacy of the program or strategy approval process and assess whether
applicable functional areas are appropriately represented (e.g., risk management,
marketing, customer service, compliance, information technology, and finance).
• assess whether the analyses performed to support new and existing strategies are
adequate and appropriately consider all possible effects of the proposed actions (e.g.,
the effects on credit performance, attrition and adverse retention, earnings, and
compliance and reputation risks). In addition, determine whether analyses properly
consider the impact of overlapping or repeat account management strategies.
• determine whether the bank performs adequate testing before full implementation of
strategies that have the potential for significant impact on credit performance and
earnings. Testing is particularly important for line management initiatives (e.g.,
balance transfer offers) and, per industry practice, is conducted for a minimum of six
months, but preferably for 12 months.
• assess whether the bank has developed and implemented appropriate MIS reports
before initiating testing and implementing strategies and whether bank management
regularly monitors and analyzes actual versus expected results.
• assess the adequacy and timeliness of bank management’s response to poorly
performing strategies, as well as the actions taken when strategies perform
significantly better than expected.
• Assess the reasonableness of the bank’s account management strategies, evaluating
the scope and frequency of each strategy employed, the inclusion and exclusion
criteria, the various strategy components and outcomes, and adherence to the
approved strategies and written policies and procedures.
1. Review the policies that govern imposing and waiving late, over-limit, extension, annual,
and other fees. Determine whether the policies are reasonable and whether the effect on
portfolio performance is adequately monitored, analyzed, and addressed.
2. If the issuer previously increased interest rates on accounts based on the credit risk of the
consumer, market risk, or other factors, determine that the issuer has developed and
implemented policies and processes to periodically evaluate whether the increased rate
remains appropriate. Accounts should be reviewed at least every six months to determine
whether the circumstances causing the earlier rate increase remain or whether a rate
reduction is required. If appropriate, select a sample of affected accounts and perform
transaction testing to determine the level of consistency with policy.
3. Based on the significance of the bank’s use of account management activities, determine
whether account sampling is warranted. If so, refer to the sampling procedures in
procedure 14 of this section and in appendix A, “Transaction Testing,” of this booklet.
4. Develop conclusions with respect to the effectiveness of activities and strategies use d to
enhance performance and profitability of existing, nondelinquent accounts or portfolios,
and any implications for the quality of the portfolio and the quantity and direction of risk .
Clearly document all findings.

Version 2.0
5. Evaluate the adequacy of the bank’s transaction authorization process. Assess transaction
limits (i.e., dollar amount, frequency, and cash versus purchase allocations) and criteria
used to “block” accounts (prohibit additional transactions). In addition,
• ascertain the types of transactions (e.g., small-dollar transactions, recurring

transactions, and delayed postings, such as charges for rental cars) that are likely to
circumvent the bank’s authorization process and determine how the bank manages
that risk.
• determine how the bank handles payments returned for NSF and the adequacy of the
bank’s policies for large payment holds.
6. Determine whether the bank allows borrowers to exceed their credit limits. If so,
• determine the amount and reasonableness of the over-limit authorization buffers, if

any.
• assess the bank’s over-limit strategies, focusing on how the eligibility criteria are
developed, whether the strategies are appropriately tested, the adequacy of the initial
and ongoing analyses supporting the strategies, and the management approval process
for the program.
• assess the adequacy of over-limit MIS reporting and whether it provides accurate data
reflecting over-limit volume, trends, and the subsequent performance of over-limit
accounts.
• review the requirements of the account terms and conditions for curing over-limits
and determine whether the bank enforces these requirements. Assess the adequacy of
the bank’s process.
• assess the bank’s performance in light of the over-limit provisions of OCC Bulletin
2003-1. Refer to appendix D, “Account Management and Loss Allowance Guidance
Checklist,” of this booklet.
• determine that the bank charges an over-limit fee only when a consumer has
proactively opted in for authorized over-limit transactions. 92
7. Review internal reports on over-limit activity. If the volume is significant or if negative

trends are evident, discuss with bank management.
8. Assess the system in place to monitor for and identify fraudulent or unusual activity.
Also, assess the adequacy of processes to investigate and report fraudulent activity in a
timely manner.
9. Conduct transaction testing to verify the initial conclusions on the prudence of the bank’s
account management strategies. Determine whether the accounts reviewed are
performing consistent with program assumptions and expectations and whether the action
resulted in a change in credit risk. In addition, determine whether accounts conform to
initial criteria, whether reports accurately capture tracking information, and whether bank
92
Refer to 12 CFR 1026.56.

Version 2.0
management has adequately identified and controlled the impact of repeat and competing
strategies.
Note: When selecting the initiative to sample, consider the size of the population
affected, the amount of the change, or the initiative with the greatest performance
variance from program projections. Place emphasis on the older initiatives with
characteristics similar to current initiatives to gain the longest subsequent performance
period.
• Sample accounts from at least one of the significant automated line-increase and line-
decrease initiatives since the prior supervisory activity.
• Sample accounts that exceed approved credit limits by a certain threshold (e.g.,
accounts 10 percent or more over limit) as of the last statement or billing date.
Determine why the accounts are over limit (e.g., authorization, NSF, or other issues);
whether the bank charges over-limit fees only on the accounts of consumers who
have opted in to over-limit fees (this does not apply to commercial credit card
accounts); when the bank imposes or suspends over-limit fees; how the minimum
payment is calculated; and whether practices are consistent with the disclosures in the
cardholder agreement. In addition, determine whether negative amortization exists
and, if so, the extent thereof.
• Sample accounts that received manual line increases or decreases, or other significant
changes, and assess whether the policies were consistently applied and whether the
analyses and decisions were well documented.
• Select one other account management program offered by the bank and sample
accounts that participated in that program. Determine that accounts met all eligibility
criteria when accounts were initially selected for the program, at the time of the
promotional mailing, and at the time the cardholder accepted the offer to participate.
Collections
collection activities is (strong, satisfactory, insufficient, or weak).
Objective: To evaluate the effectiveness of the credit card collection function, including the
collection strategies and programs employed; to better assess the quality of the portfolio, the
quality of risk management with respect to the collection function, and the quantity and
direction of credit risk.
1. Assess the structure, management, and staffing of the collection department.
• review the organization chart for the department and evaluate the quality and depth of
the staff based on the size and complexity of the operation.
• discuss with senior management staffing plans for each major collection activity (e.g.,
early-stage, late-stage, fraud monitoring, and third-party management of both

Version 2.0
collection and credit counseling agencies), including how plans fit with department
and bank objectives (e.g., growth and credit performance projections).
• review the experience levels of senior managers and supervisors.
• assess the adequacy of the bank’s training program for collectors through discussions
with bank management.
• assess the appropriateness and administration of the bank’s incentive pay program for
collectors. Pay particular attention to possible negative ramifications of the plan, such
as the potential to encourage protracted repayment plans, aggressive curing of
accounts, or individual rather than team efforts. Determine whether the plan limits the
total incentive pay that a collector can receive.
• determine whether the board or senior management reviewed and approved the
incentive pay program before implementation.
2. Assess the adequacy of the bank’s written collection policies and procedures. Determine
whether they cover all significant collection activities and are consistent with the
principles conveyed by OCC Bulletins 2000-20 and 2003-1. Refer to the checklists in
appendixes C and D of this booklet.
• Review the bank’s credit card policies to determine whether it allows the rebooking
of accounts that are charged off for any reason other than bank error. If so, discuss
this information with the EIC.
• Determine whether the bank is considered a debt collector as defined by the
FDCPA.93 If so, forward this information to the EIC or the compliance examiners to
determine whether review of the FDCPA should be conducted in a future compliance
supervisory activity.
• Identify where bank management has implemented automated decisions (e.g., charge-
off, re-aging, and extensions) to be consistent with the guidance conveyed by OCC
Bulletins 2000-20 and 2003-1.
3. Evaluate the adequacy of the bank’s classification, nonaccrual, and charge-off practices
and whether the practices comply with the bank’s written policies and procedures and are
consistent with regulatory guidance. Specifically,
• discuss practices with both bank management and line personnel. Identify any ways
in which practices are inconsistent with policies and procedures. Communicate any
inconsistencies to all examiners assisting with the collection review and conducting
testing
• identify instances in which management has implemented automated processes
instead of manual processes to be consistent with policies. Review the system settings
to verify that the parameters of the automated processes correspond to those described
in the bank’s credit card policies and allow compliance with regulatory requirements
and consistency with guidance. If they do not, discuss the differences with
management and assess the appropriateness of the differences.
93
For more information, refer to the FDCPA or the “Other Consumer Protection Laws and Regulations”
booklet of the Comptroller’s Handbook.

Version 2.0
• request management’s summary of classified accounts. Determine whether the

classification practices are consistent with the principles in the “Uniform Retail
Credit Classification and Account Management Policy.”94 Generally, loans should be
classified substandard at 90 days past due.
• request management’s summary of nonaccrual loans. If the bank does not place credit
card loans on nonaccrual, determine whether the bank employs appropriate methods
to ensure that income is not overstated (e.g., appropriate reserves are established for
uncollectible fees and finance charges as part of the ALLL or ACL, or the estimated
uncollectible income is charged directly against interest and fee income).
• determine how accounts scheduled for charge-off are loaded into a charge-off queue
or other system for loss. Specifically, determine whether losses are automatically or
manually processed; what circumstances, if any, delay a charge-off; and when the
bank recognizes losses (e.g., daily, weekly, or monthly).
• request a report detailing accounts more than 180 days past due that have not been
charged off. Review the report with bank management, and determine why those
balances remain on the bank’s books and whether there are system or policy issues
that need to be corrected.
1. Evaluate the adequacy of the bank’s policies and practices for payment posting and
assessing late fees.
• Review the payment posting procedures and practices and determine whether
payments are promptly posted.
• Determine the conditions under which late fees are imposed 95 and, if applicable, at
what point the fees are suspended.
• Determine the bank’s policy for collecting late fees (e.g., as part of the next regularly
scheduled payment) and how unpaid late fees are accounted for, tracked, and
collected.
• Determine whether the bank’s process for evaluating the ramifications of changes in
late-fee policies, including dollar amounts and grace periods, is adequate before broad
implementation of the changes.
• Assess whether the available reports provide the information necessary to evaluate
the effect of late fees. Specifically, assess whether the information is sufficient to
allow management to determine whether the fees have the desired effect on
performance (i.e., improving on-time payments), whether late fees result in negative
amortization, and the extent to which late fees assessed are actually collected.
94
95
It is generally considered an unfair practice for a bank to assess a late fee when the only delinquency is
attributable to the late fee assessed on an earlier installment, and the payment is otherwise a full payment for the
applicable period and is paid on its due date or within a n applicable grace period. Refer to OCC Bulletin
2014-42, “Credit Practices Rules: Interagency Guidance Regarding Unfair or Deceptive Credit Practices.”

Version 2.0
• Determine whether the bank has established adequate loss allowance for accrued but
uncollectible interest and fees, including late fees, in either the allowance or a
separate reserve.
2. Assess the appropriateness of bank management’s collection strategies.
• Through discussions with bank management, determine how it develops collection

strategies, who is responsible, and how the success of the strategies is measured.
• Determine what triggers strategy changes and who has authority to direct revisions.
• Establish whether the bank uses scoring or any other predictive techniques to assist in
the collection of accounts. If so, determine
– the scores or techniques used, how they are used, and whether they are internally
or externally developed.
– when the scores or techniques were last validated, by whom, and the results of the
validation.
3. If applicable, assess the adequacy of the bank’s use of champion/challenger strategies.
• Identify the person or group responsible for strategy development.

• Determine that the development process begins with a clear identification of strategy
objectives and relies on reasonable assumptions and complete and accurate MIS.
• Determine that the bank’s controls provide for proper testing (e.g., test size, time
frame, and account population and characteristics) of challenger strategies before
making decisions to expand challenger penetration or to replace the existing
champion strategy.
• Assess the monitoring process and determine whether the bank accumulates and
analyzes appropriate data to measure strategy success.
• Determine that the bank maintains adequate documentation of the various strategies.
4. Determine whether the bank uses cure programs such as re-aging, match pay, temporary
forbearance, fixed payment plans, permanent internal or external workout programs (e.g.,
CCC), or settlement programs. If so,
• assess the adequacy of the policies and procedures used to administer the programs,
as well as consistency with the principles conveyed by OCC Bulletins 2000-20 and
2003-1 regarding limits, analysis, documentation, amortization periods, and
allowance considerations.
• review and evaluate any test and analysis summaries completed before the
implementation of new cure programs.
• determine whether the bank’s programs appropriately address proper income
recognition, and TDR designation, if appropriate, for restructured loans.
• evaluate the MIS and reporting used to monitor and analyze the performance of each
program. Compare performance with forecasts and bank objectives and tolerances. In
addition to reports listed in procedure 10, determine whether bank management
generates and reviews reports detailing

Version 2.0
– volume (balance and unit) trends for cure program accounts, by product, program,
vintage, and in total.
– loss performance, by product, program, vintage, and in total.
– performance of the accounts 30, 90, 180, 270, 360, etc., days subsequent to the
cure.
– performance of accounts cured more than once, broken down by the number of
times cured and tracked over time.
– policy exceptions and the performance of those exceptions.
• Compare the performance of accounts in cure programs with the performance of
those in the general population.
• Assess the current and potential impact of such programs on the bank’s reported
performance (asset quality) and profitability, including allowance and capital
implications.
Note: If bank management accepts external debt management plans, such as CCC, bank
management should be able to monitor the performance of accounts by individual credit
counseling agency.
5. Review and determine the effectiveness of the bank’s “skip tracing” 96 practices and
procedures to track delinquent customers.
• Ascertain what portion of the portfolio lacks current and correct telephone numbers
and mailing addresses.
• Evaluate the adequacy of the bank’s process for obtaining missing contact
information.
• Determine whether the bank has a process to exclude accounts without pertinent
contact information from promotional initiatives and favorable account management
treatment.
• If applicable, determine whether the bank appropriately monitors outside agencies
used to skip-trace accounts.
• Determine whether skip accounts are flagged for accelerated charge-off if attempts to
locate borrowers are unsuccessful.
6. Assess whether the bank’s automated systems for collecting delinquent accounts are
adequate and discuss these systems with bank management.
• Determine which technologies and processes the bank uses to collect accounts (e.g.,
automated dialers, collection letters, statement messaging, videos and other media),
how each is used, and the key reports generated to monitor performance. Determine
whether the key reports provide sufficient data to allow bank management to make
appropriate decisions.
• If autodialing is used, determine how the system routes “no contact” accounts. These
are accounts that collectors remove from the dialer because of a promise to pay or a
96
In the field of debt collection, the term “skip” traditionally referred to a person who disappeared t o avoid
paying debt. Today, “skip tracing” is thought of more broadly in the collection context as a process of locating
consumers whose contact information is outdated or invalid, regardless of why the information is not accurate.

Version 2.0
payment arrangement (e.g., accounts subject to bankruptcy proceedings or those

being handled by counsel in situations in which the borrower has protections against
direct creditor contact).
• Determine whether the systems generate a sufficient audit trail.
• Determine whether managers, supervisors, and QC staff have the ability to listen to
collector phone calls online.
• Evaluate the adequacy of the bank’s contingency plans, and determine whether the
plans are tested regularly.
7. Assess the quality, accuracy, and completeness of reports and other analyses used to
manage the collection process. Specifically,
• evaluate the quality of collection reports regularly provided to executive management

and determine whether the reports provide adequate information, including
comparisons with collection objectives and tolerances, for timely decision making.
• determine the appropriateness and accuracy of key collection reports. Review
specifically
– vintage and coincident delinquency and loss reports.
– roll-rate reports and migration-to-loss reports.
– cure program reports, in total, by program, and by collector, including reports that
track the volume (number and dollar) of accounts entering cure programs,
accounts awaiting re-aging or extension, and the actual performance of accounts
in the various programs.
– collector and strategy reports or special-handling-queue reports.
– productivity reports, including information such as call penetration, right party
contact, promises made and kept, dollars collected, and staffing summaries.
Note: If not removed, NSF checks can affect several of the metrics in the reports
described in this procedure. Examiners should determine whether bank management
has a method to identify, or correct, the effects of NSF checks on the metrics used in
reporting.
• determine whether departments other than collections, such as customer service, can
initiate collection activities, such as cure programs. If so, determine wheth er
appropriate monitoring MIS are in place to monitor volumes and credit performance
of accounts in collection activities initiated outside the collection department.
8. Determine what system(s) the bank uses to recover charged-off accounts and whether
they interface with the bank’s collection management system(s). If not, determine how
the recovery unit gathers and uses information about prior collection activities.
9. Determine whether the bank uses outside collection agencies (including attorneys and
attorney networks) to collect delinquent accounts or to recover losses. If so,
• assess the bank’s due diligence process for selecting third-party collection agencies.97
97
Refer to OCC Bulletins 2013-29, 2017-7, and 2020-10.

Version 2.0
• determine whether the bank’s legal counsel and compliance officer have reviewed the
contracts with, and practices of, third-party collection agencies.
• evaluate any forward-flow contracts to third-party collection agencies, including
performance tolerances and termination requirements (important for remediation or
severing the contract in case of poor performance). (Note: Forward-flow contracts
provide third-party collection agencies with a set number of accounts at a determined
frequency and assist the bank in forecasting placements.)
• determine the frequency and method, including reasons supporting the method, of
rotating accounts between third-party collection and recovery agencies and in-house
collections, i.e., assess the distinctions in effectiveness and cost between primary,
secondary, and tertiary collectors.
• review productivity and cost reports for each third-party collection agency. Discuss
with bank management how the bank monitors the success of third-party collection
agencies and whether the bank uses the results of this monitoring to assign delinquent
accounts to third-party collection agencies.
• evaluate the systems and controls used to supervise out-placed accounts, including
active reconciliations of amounts collected and fees disbursed to each third-party
collection agency.
• review reports used to monitor the performance of third-party collection agencies.
• evaluate the adequacy and frequency of the bank’s audits (on-site and off-site, if
applicable) of third-party collection agencies.
Note: For more information on reviewing third-party relationships, refer to the

supplemental examination procedures in the “Third-Party or Private-Label Partner
Management” section of this booklet.
10. Assess the bank’s recovery performance using historical results and industry averages, by
product, as guidelines.
• Determine whether the bank periodically sells charged-off accounts. If so, determine
the reasonableness of forecasts, the bank’s cost-benefit analysis, and the adequacy of
the bank’s risk management practices. Refer to OCC Bulletin 2014-37.
• Evaluate the bank’s recoveries in light of prior-period losses.
• Evaluate the accuracy of the recovery figures. If the bank charges accrued but
uncollected interest and fees against income rather than the allowance, verify that
recoveries are reported accordingly (i.e., include principal only). Refer to appendix D,
“Account Management and Loss Allowance Guidance Checklist,” of this booklet.
• Assess the costs associated with the dollars recovered and explore trends.
11. Assess the appropriateness of the bank’s fraud policies and procedures.
• Review the bank’s definition of fraud losses and assess whether it is reasonable and
appropriately distinguishes fraud from credit losses.
• Assess consistency with the principles conveyed by OCC Bulletin 2000-20 regarding
charge-offs (for example, 90 days from discovery).
• Confirm that fraud losses are recognized as operating expenses rather than charges to
the ALLL or ACL.

Version 2.0
• Assess whether the bank’s policies differentiate between account charges alleged to
be fraudulent and undisputed charges. For example, for open-end credit, some banks
may re-age the entire amount owed to current pending the outcome of a fraud
investigation; that treatment, however, should not extend to undisputed amounts.
• If an investigation negates a fraud allegation, verify that the bank returns the account
to the previous delinquency status and immediately reinstates collection efforts.
Note: When an account is reported as fraudulent, the reason should be given (for
example, because account activity is alleged to be fraudulent, because it is confirmed to
be fraudulent, or because the application is fraudulent). An account that has had an NSF
check or that did not make the first payment should not automatically be identified as
fraudulent.
12. Review the adequacy of reports pertaining to fraud.
• Determine whether the information is sufficient to monitor fraud and the

effectiveness of fraud controls, including the appropriate filing of SARs.
• Assess the number and dollars of fraud investigations.
• Assess the levels and trends of fraud losses compared with industry averages, and
discuss any atypical findings with bank management. (Note: Fraud losses often are
depicted as fraud losses divided by sales.)
• Assess the trends of customer complaints related to credit card fraud.
13. Assess the adequacy of internal and external audit, QA, QC, credit risk review, and risk
management in the collection area, including scope, frequency, timing, report content,
and independence.
• Review relevant audit, QA, QC, credit risk review, and risk management reports.
• Determine the adequacy and timeliness of bank management’s responses to the issues
identified and any findings or issues requiring follow-up. If warranted based on the
significance of the issue or concerns about the adequacy of the response or action
taken, test corrective action.
14. Conduct transaction testing to verify initial conclusions with respect to the bank’s
collection programs and activities. In addition to determining consistency with approved
policies and procedures, determine whether the programs and activities result in an
enduring positive change in credit risk or provide only temporary relief. Verify that
reports accurately capture the activities and the subsequent performance of the accounts.
(For more information, refer to appendix A, “Transaction Testing,” and the “Sampling
Methodologies” booklet of the Comptroller’s Handbook.)
• Sample accounts that were at least 60 days delinquent in the month preceding the
examination and are now current to determine whether the customer cured the
delinquency or whether the account was cured artificially (e.g., re-aging or
extension). If the latter, determine whether the action was consistent with existing

Version 2.0
bank policy and with the principles in the “Uniform Retail Credit Classification and
Account Management Policy.”98
• Sample accounts from each of the primary collection areas (e.g., early-stage, late-
stage, skip, bankruptcy, estate, or deceased borrower accounts) to determine
adherence to policy. The sample helps an examiner understand the collection process
and strategies employed. (Note: This sample is often best completed or supplemented
by sitting with collectors as they work accounts. Monitoring taped or live collection
calls is also an effective tool that examiners can use to determine whether practices
comply with policies and procedures.)
• Sample loans from each of the following areas to assess compliance with bank
policies for the programs and the reasonableness of decisions: recent re-agings;
temporary forbearance; internal and external workouts, such as CCC; and settlements.
Decisions also should be compared with the bank’s normal underwriting guidelines
with respect to amortization period, debt or repayment limitations, and pricing.
• Sample charged-off accounts and review all activities that occurred before charge-off
to determine whether the bank employs practices that result in loss deferral.
• Sample identified fraud accounts and review all activities to determine propriety of
practices, adherence to policy, and timeliness of charge-off practices.
15. Develop conclusions with respect to the effectiveness of the collection function,
including the collection strategies and programs employed, and the implications for the
quality of the portfolio and the quantity and direction of credit risk.
16. Determine the delinquency level at which the bank temporarily suspends lines of credit
and the level at which it permanently closes an account. Also,
• determine whether scoring models or other methods contribute to decisions to

permanently close lines of credit.
• evaluate the circumstances under which a closed account can be reactivated, and
verify that the collection department refers such accounts to the credit department for
an underwriting decision.
17. Ascertain whether the bank’s collection strategies include the use of penalty pricing. If
so,
• as required by the CARD Act (refer to 12 CFR 1026.55(b)(4)), verify that penalty
pricing is not triggered until the account becomes 60 days delinquent and that the
account is returned to its lower, non-penalty-pricing level on receipt of six
consecutive timely payments.
• assess bank management’s objectives in structuring its penalty pricing strategy and
the quality of the supporting analysis. Be particularly alert to whether the analysis
adequately considers the possible ramifications of the strategy, including reputation
risk, negative retention, increased credit losses, and decreased interest income in the
long term.
98

Version 2.0
• determine whether the strategy was properly tested using reasonable sample sizes and
time frames, and that the initial performance assumptions were adequately validated
before full rollout.
• determine bank management’s performance targets for the penalty pricing strategy,
and review actual performance against those metrics.
• evaluate the adequacy of the MIS and reporting used to monitor the performance of
accounts during, and subsequent to, penalty pricing.
• assess the timeliness and appropriateness of bank management’s response to negative
strategy results.
Profit Analysis
These supplemental examination procedures should be used when assessing the profitability
of the bank’s credit card lending activity.
Conclusion: Based on the responses to procedures, the quantity of risk is (low, moderate, or high)
profitability of the bank’s credit card lending activities.
Objective: To assess the quantity, quality, and sustainability of credit card lending earnings.
Note: For banks that securitize assets, examiners should also review income statements for
managed assets.
1. Obtain and review copies of the income statement for the credit card portfolio and for
each significant product. Verify that the reports are “fully loaded,” i.e., that they include
all pertinent income and expense items, including overhead and funding costs.
2. Ascertain the contribution of the credit card portfolio to corporate earnings and the
expected contribution in the future.
• Review executive management monthly or quarterly performance reports and

portfolio-quality report packages.
• Review historical trends, including changes in the product contributions.
• Review financial projections and budget and plan variances.
• Review significant income and expense components and measures, including
noninterest income (fees and other add-ons), marketing expense, charge-offs, net
interest margin, and risk-adjusted yield.
• Evaluate the methodologies, assumptions, and documentary support for the bank’s
planning and forecasting processes. Determine whether material changes are expected
in any of the key income and expense components and measures.
• Determine factors limiting bank management’s return on assets, return on managed
assets, and return on equity and the actual returns as of the examination date.

Version 2.0
Note: Asset-based measures are typically more meaningful for comparison because
banks allocate capital differently.
3. Verify that the bank appropriately recognizes uncollectible accrued interest and fees
through the ALLL or ACL, through a separate interest and fee reserve or through cash
income recognition.
4. Review the bank’s stress test and discuss potential earnings volatility through an
economic cycle with bank management in order to assess sustainability. If the bank does
not perform stress testing, discuss whether and how management prices loans to
withstand economic downturns.
5. Determine whether the bank’s cost accounting system is capable of generating profit data
by product, segment (including grade), channel, and account.
6. Assess the profitability of each product.
• For each product, review profitability by credit score band, credit grade, sub-portfolio
(e.g., unsecured or secured credit card), and vintage, as appropriate.
• Compare actual results with projections and discuss variances with bank
management.
7. Evaluate profitability by channel.
• Through discussions with bank management responsible for third-party oversight,

determine profitability generated through the various channels (e.g., third -party
originators).
• Compare the profitability of the loans generated by the various channels.
8. Determine the adequacy of the pricing method.
• Review the pricing strategy, pricing method, and pricing model, if applicable.
• Review the major assumptions used in the pricing method and assess reasonableness.
Be alert to differences in assumptions by product and channel.
• Determine whether pricing is driven by risk, capital, or some other allocation method
or hurdle, and to what extent, if any, it is driven by the competition.
• Determine whether the pricing method incorporates a realistic break-even analysis,
and whether the analysis reflects the true costs of premature account closures
(attrition) and reductions (prepayment).
• Review the pricing matrix, by product.
9. Verify that all charges and fees were established by the bank on a competitive basis and
not on the basis of any agreement, arrangement, undertaking, understanding, or
discussion with other banks or their officers. Determine that charges and fees were
established by a decision-making process through which the bank considered the
following factors:

Version 2.0
• The cost incurred by the bank in offering and providing the service.
• The deterrence of misuse by customers of banking services.
• The enhancement of the competitive position of the bank in accordance with the
bank’s business plan and marketing strategy.
• The maintenance of the safety and soundness of the bank.
10. Assess the adequacy of planning, reporting, and analysis with respect to attrition and
prepayment. Specifically, ascertain whether bank management identifies the volume and
trends of accounts with high interest rates relative to accounts with market or low
introductory rates to determine exposure and impact on earnings.
ALLL or ACL
These supplemental examination procedures should be used when assessing the portion of
the ALLL or ACL applicable to the bank’s credit card lending activity.
ALLL or ACL of the bank’s credit card lending activities.
Objective: To assess the bank’s ALLL or ACL methodology for its credit card lending activities.
1. Determine whether the amount of the ALLL or ACL is appropriate and whether the
method of calculating the allowance is sound. Assess whether bank management
routinely analyzes the portfolio to identify instances when the performance of a product
or some other business segment (e.g., workout programs) varies significantly from the
performance of the portfolio overall and that such differences are adequately incorporated
into the allowance analysis. Refer to the “Allowance for Loan and Lease Losses” booklet
of the Comptroller’s Handbook, and specifically consider
• whether estimates and assumptions are documented and supported in a manner

consistent with the guidance conveyed by OCC Bulletins 2006-47 or 2020-49, as
appropriate.
• credit quality, including any changes to underwriting, account management, or
collections that could affect future performance and credit losses.
• historical credit performance and trends (e.g., delinquency roll rates and flow-to-loss)
overall, by product, and by vintage within products.
• level, trends, and performance of subprime and other higher-risk populations (e.g.,
over-limit accounts).
• level, trends, and performance of cure or workout programs, including re-agings,
extensions, deferrals, renewals, modifications, and rewrites.

Version 2.0
• levels and trends of bankruptcies and the performance of accounts in bankruptcy that
remain on the bank’s books (including accounts that have been reaffirmed and those
that have not).
• charge-off practices and consistency with the principles in the “Uniform Retail Credit
Classification and Account Management Policy.”99
• whether bank management provides for accrued interest and fees deemed
uncollectible in the allowance or in a separate reserve.
• the effects of securitization activities, if applicable.
• economic conditions and trends.
• consistency with the guidance conveyed by OCC Bulletin 2003-1. Refer to appendix
D, “Account Management and Loss Allowance Guidance Checklist,” in this booklet.
2. If the ALLL or ACL methodology is model-based, assess the adequacy of the bank’s
model risk management over relevant ALLL or ACL related models. For more
information, refer to OCC Bulletin 2011-12.
Purchased Credit Card Relationships

These supplemental examination procedures should be used when a bank has significant
exposure to PCCR activity.
bank’s PCCR activity.
Objective: To assess the bank’s purchased credit card relationships activity and to determine the
implications for income as well as credit quality, program performance, and level of
compliance.
1. Determine whether the bank uses a pool-by-pool approach or an aggregate approach to

determine impairment.
2. For portfolios with PCCRs, obtain and review the acquisition model(s) used in each
purchase. Determine the type of model(s), such as discounted cash flow, capital flow, or
return on assets, that bank management uses to acquire and value portfolios.
3. Determine how bank management uses the acquisition model(s).
4. Determine whether acquisition model(s) are well documented and periodically audited. If
not, discuss with bank management and make recommendations.
99

Version 2.0
5. For each model, determine whether the model was loaded with the final purchase contract
terms.
• If not, discuss with bank management why accurate final purchase contract terms
should be included in the acquisition model(s) from which the true inherent discount
rate can be determined.
• Determine whether the premium booked in the final acquisition model matches the
premium used in the bank’s PCCR valuation and amortization model. Determine
whether there is support for each component of the premium, if applicable.
6. If the model(s) are something other than a discounted cash flow model, evaluate the way
bank management computed the inherent discount rate at the time of portfolio
acquisition.
• If no inherent discount rate was computed or a rate was used that is inconsistent with
the inherent variability in the cash flows, assess the impact this may have on
impairment testing.
• Discuss with bank management why the correct inherent rate should be maintained to
conduct valuations correctly.
7. For each model, obtain and review the most recent PCCR valuation model used for the
required quarterly impairment review.100 If the models are not discounted cash flow
models, as required by the call report instructions, discuss with bank management the
possible need to recalculate valuations.
8. Determine whether the discount factor used in each model equals or exceeds the inherent
discount factor used at the portfolio’s acquisition.
• If not, discuss the requirements detailed in the call report instructions.

• Discuss with bank management the possible need to recompute the impairment tests
using the appropriate discount factors.
9. For each model, review the main drivers to assess reasonableness. Compare the drivers
against the actual statistics for the prior period or prior year to determine reasonableness.
If the drivers used in the quarterly valuation model(s) do not fairly represent recent
trends, discuss with bank management to determine whether adjustments are needed.
10. Review the amortization schedules for each model and perform the following procedures:
• Determine whether the estimated useful life of the PCCR corresponds to the
estimated life of the credit card relationships acquired. If the amortization exceeds 10
years, determine whether any adjustments are necessary.
• Determine whether PCCRs are amortized using an accelerated amortization method .
100
Refer to the call report instructions for schedule RC-M, item 2.c for information about PCCR valuation
requirements.

Version 2.0
– If so, determine what the method is, and how it corresponds to the value of the
acquired asset (e.g., 110 percent, 125 percent, 150 percent, 200 percent).
– If a straight-line amortization method is used, determine whether any adjustments
are necessary based on performance of the card portfolio.
11. For regulatory capital purposes, determine whether all PCCRs have been deducted from
common equity tier 1 capital as required by 12 CFR 3.22(a)(2).
Third-Party or Private-Label Partner Management

exposure to third-party or private-label partner activity.
and the quality of risk management (strong, satisfactory, insufficient, or weak) for the bank’s
third-party management activities is.
Objective: To evaluate the effectiveness of bank management’s oversight and risk management of
third parties related to credit card lending.
Note 1: Many of these third-party risk management-related procedures can be applied to the
review of the relationship between the bank and its private-label partners. Examiners should
select appropriate procedures to evaluate these relationships.
Note 2: These procedures apply to any arrangements with third parties to provide credit card-
related services to customers on the bank’s behalf . Banks may fully outsource loan
originations (using telemarketers, for example), collection activities (using collection
agencies or attorneys), or the offering of products in the bank’s name.
Note 3: For more information, refer to OCC Bulletin 2013-29; OCC Bulletin 2020-10; OCC
Bulletin 2002-16, “Bank Use of Foreign-Based Third-Party Service Providers: Risk
Management Guidance”; and OCC Bulletin 2017-7.
1. Determine to what extent the bank uses third parties for credit card lending. If the bank
uses third parties for a material amount of lending in this portfolio segment,
• has the bank determined if the loans meet its underwriting standards?
• does the bank adequately monitor performance of loans underwritten or originated
by third parties?
• are there controls in place to maintain the volume of lending within the
parameters of the bank’s business plans?
2. Does the bank have a full inventory of its third-party relationships related to credit card
lending, including

Version 2.0
• services provided by or to affiliates and subsidiaries?

• services provided by or to other banks?
• arrangements with financial market utilities? 101
• debt collectors?
• critical service providers and the bank’s designated relationship manager for
each?
• critical application software providers?
• attorneys or consultants?
• entities with whom the bank engages in referral arrangements?
3. Determine whether there are concentrations due to the bank’s reliance on a single third
party for multiple activities, particularly when several of the activities are critical to one
or more lines of business and if this reliance poses increased risk to the bank.
4. Determine whether any third-party relationships involve the use of subcontractors. If so,
• assess the bank’s methodology for determining whether third parties use
subcontractors.
• determine whether the bank maintains a database or inventory that can distinguish
third parties that use subcontractors.
5. Determine whether the bank is a member of or receives services from a financial market
utility (e.g., VISA, Mastercard, or other payment servicers). If so, what is the bank’s due
diligence and ongoing monitoring process for these third parties? Consider
• how the bank monitors risk related to each of these third parties.
• whether the bank complies with the third parties’ operating agreements.
6. Determine whether the bank has contracted with marketplace lenders 102 to originate or
purchase loans. Do the marketplace lenders use underwriting methods that are new,
nontraditional, or different from the bank’s underwriting standards? Is the bank subject to
any recourse or participation arrangements as part of originating marketplace loans?
What remedies are available to the bank if a third party does not meet the terms of the
contract?
101
The term “financial market utility” is defined in Title VIII of Dodd–Frank as “any person that manages or
operates a multilateral system for the purpose of transferring, clearing, or settling payments, securities, or other
financial transactions among financial institutions or between financial institutions and the person.” Examples
of financial market utilities include the Clearing House Interbank Payments System, Electronic Payments
Network, Visa, and Mastercard.
102
There is no single or universally accepted definition for “marketplace lender.” Generally, marketplace
lenders are companies engaged in internet-based lending businesses (other than payday lending). Marketplace
lenders may offer a wide variety of financial products, including credit cards, small business loans, consumer
loans, student loans, and real estate loans. Marketplace lenders may fund their loans through various means,
including equity capital, commercial lines of credit, sale of whole loans to institutional investors,
securitizations, and pass-through note programs.

Version 2.0
7. Determine whether the bank has enough staff with adequate experience and expertise to
properly oversee third-party relationships and the bank’s third-party risk management
process.
8. Determine whether any concerns are identified in a report of internal audit or by an

independent third party that regularly reviews the bank’s products, services, transactions,
or systems associated with third-party relationships for compliance with
• applicable laws and regulations, including U.S. economic sanction laws administered
by the OFAC, the BSA/AML regulations, and consumer protection-related laws and
regulations.
• the bank’s policies and procedures.
9. Determine whether and how often the bank reviews third parties’ policies, procedures,
and independent audit reports for compliance with all applicable laws and regulations,
including consumer protection-related laws and regulations, OFAC regulations, and
BSA/AML requirements, if applicable to the services provided.
10. Determine whether the bank has any loan to a third party in connection with the bank’s
credit card lending activities and whether any conflicts of interest exist.
11. Determine whether the bank has conducted adequate due diligence to verify whether third
parties or their subcontractors have publicly known outstanding issues with regulatory
entities or law enforcement agencies.
12. Determine whether the bank reviews third parties’ programs or processes that identify
and track necessary implementation steps designed to confirm that third parties can
comply with new consumer protection, OFAC, and BSA/AML requirements by a stated
effective date.
13. Determine whether bank management has adequate controls, including policies and
procedures and monitoring controls, to avoid becoming involved with a third party
engaged in discriminatory, unfair, deceptive, abusive, or predatory lending practices. If
weaknesses or concerns are identified, consult the bank’s EIC or compliance examiner.
Note: For more information, refer to the “Fair Lending” and “Unfair or Deceptive Acts
or Practices and Unfair, Deceptive, or Abusive Acts or Practices” booklets of the
14. Assess the adequacy of the bank’s process for periodically receiving and analyzing
customer complaints (or regular reports) related to third parties and their subcontractors
(or the products or services that third parties support) for incidents of poor service,
frequent or prolonged service disruptions, significant or repetitive security lapses,
inappropriate sales recommendations, or violations of consumer protection laws and
regulations.

Version 2.0
15. Determine whether the bank periodically reviews online activity, publicity, public
reports, or social media for adverse events involving third parties and their
subcontractors. If so, assess to what extent bank management incorporates this
information into its ongoing monitoring.
16. Determine whether the bank has enough staff with adequate experience and expertise to
properly oversee third-party relationships and the bank’s third-party risk management
process.
17. Assess the adequacy of contract management, focusing on the process for en suring that
clauses necessary to effectively manage the third party are included.
• Determine whether the bank has a current contract on file for all third-party
relationships related to credit card lending and whether the bank monitors key dates
(e.g., maturity, renewal, and adjustment periods).
• Review a sample of contracts with critical third parties related to credit card lending
to assess how the contracts address
– the scope of the arrangement, including the frequency, content, and format of
services provided by each party.
– outsourcing notifications or approvals if the third party proposes to subcontract a
service to another party.
– all costs and compensation, including any incentives.
– performance measures or benchmarks, including when measures can be adjusted,
and the consequences of failing to meet those measures.
– reporting and MIS requirements.
– data ownership and access.
– fraud prevention processes.
– appropriate privacy and confidentiality restrictions.
– requirements for third parties’ and subcontractors’ compliance with all applicable
laws and regulations, including safety and soundness regulations and laws
prohibiting lending discrimination and unfair or deceptive practices.
– activities that cannot be subcontracted, or whether the bank prohibits the third
party from subcontracting to certain locations or specific subcontractors.
– third-party control functions such as QC and audit, including the submission of
audit results to the bank.
– expectations and responsibilities for business continuity management.
– responsibility for consumer complaint resolution and associated reporting to the
bank.
– any requirements for the third party to submit financial statements to the bank.
– appropriate dispute resolution, liability, recourse, penalty, indemnification, and
termination clauses. Specify what actions or procedures third parties are obligated
to take upon termination of the contract.
– confidentiality and integrity of data and compliance with laws and regulations
regarding the protection of confidential consumer information.
– specifically, how third parties or their subcontractors should disclose, in a timely
manner, information security breaches that result in unauthorized intrusions or

Version 2.0
access that may materially affect the bank or its customers. Require third parties
to provide the bank with current business resumption and disaster recovery plans
that include operating procedures and address integrity of service.
– requirements for third parties to provide the bank with current business continuity
and disaster recovery plans that include operating procedures and address
integrity of service.
– authority for the bank to perform on-site reviews of third parties. (Note: Third-
party performance of services is also subject to OCC examination oversight, if
warranted, in accordance with 12 USC 1867(c) (national banks and FSAs) and
12 USC 1464(d)(7)(D) (FSAs).)
• Determine whether the bank’s monitoring of third-party relationships’ adherence to
bank contracts (especially to financial terms and performance standards) is adequate
in frequency and scope.
• Determine whether issues identified through the monitoring process are appropriately
resolved in a timely manner.
18. Assess the adequacy of the monitoring process for critical third-party relationships
related to credit card lending.
• Using the sample of critical third-party relationships reviewed in procedure 5, assess

whether the bank’s oversight incorporates, at a minimum,
– reports evidencing the third party’s performance relative to service-level
agreements and other contract provisions.
– customer complaints and resolutions for the services and products outsourced.
– third parties’ financial statements and audit reports.
– compliance with applicable laws and regulations.
• Evaluate whether the process results in an accurate determination of whether
contractual terms and conditions are being met and whether any revisions to service-
level agreements or other terms are needed.
• Verify whether bank management documents and follows up on performance,
operational, or compliance problems and whether the documentation and follow-ups
are timely and effective.
• Determine whether the third-party relationship manager or other bank staff
periodically meets with its third parties to discuss performance and operational issues.
• Determine whether third-party relationship management administers call monitoring,
mystery shopper, customer callback, or customer satisfaction programs, if
appropriate.
• Assess the adequacy of the bank’s process for determining when on -site reviews are
warranted, the scope of those reviews, and reporting of results.
• Determine whether bank management evaluates the third party’s ongoing ability to
perform the contracted functions in a satisfactory manner based on performance and
financial condition.

Version 2.0
19. For third-party account originators,
• assess the adequacy of the process used to qualify third-party account originators.
• assess the adequacy of the reports and tracking mechanisms in place to monitor
performance (e.g., volume of applications submitted, approved, and booked, quality,
exceptions, and performance) and relationship profitability, including performance
and profitability compared with projections.
• assess the adequacy of the process used to monitor compliance with the bank’s
lending policies and applicable laws and regulations, as well as its consistency with
sound risk management.
• verify that bank management maintains a watch list for problematic originators and
that actions taken (including termination of the relationship, if warranted) are
appropriate and timely.
20. Determine whether any insiders have relationships with the third parties used by the bank
and whether any potential conflicts of interest exist (e.g., an insider has ownership
interests, officer or board positions, or loans to or from the third party).
21. Determine whether the bank is involved in any significant third-party relationships with
deficiencies in management expertise or controls that may result in the failure to
adequately identify and manage the associated risk. If so, consult the EIC and the
supervisory office and determine whether it is appropriate to require that the activity be
suspended pending satisfactory corrective action.
Debt Suspension and Cancellation Programs

exposure to debt suspension and cancellation activity.
bank’s debt suspension and cancellation activities.
Objective: To assess the bank’s debt suspension and cancellation programs and determine the
implications for income, as well as for credit quality, program performance, and level of
compliance.
Note: These procedures should be completed if debt suspension and cancellation products
have significantly penetrated the credit card portfolio or have shown substantial growth or
plans for growth. The procedures also reference 12 CFR 37, which is applicable only to
national banks. Although 12 CFR 37 does not apply to FSAs, FSAs that offer DSAs and
DCCs should have controls and risk management processes in place.

Version 2.0
1. Determine whether the bank offers any type of debt suspension and cancellation
products.
2. Determine program features and assess the adequacy of those features, the accuracy of
the description in marketing, and the disclosures of terms and conditions provided to
bank customers.
3. In national banks, determine whether marketing and promotional materials comply with
12 CFR 37.6(e).
4. Assess the adequacy of the policies, procedures, and practices in place for each product
or program. Test consistency with bank policy by reviewing a sample of at least 30
approved and 30 denied claims.
5. Assess compliance with 12 CFR 37 in national banks. Determine that the national bank
• does not extend credit or alter the terms or conditions of credit conditioned upon the
customer entering into a DCC or DSA (12 CFR 37.3(a)).
• does not engage in any practice or use any advertisement that could mislead or
otherwise cause a reasonable person to reach an erroneous belief with respect to
information that must be disclosed under the rule (12 CFR 37.3(b)).
• does not offer DCCs or DSAs that give the bank the right to unilaterally modify the
contract or agreement unless (1) the modification is favorable to the consumer
without additional charge or (2) the customer is notified of the proposed change and
given a reasonable opportunity to cancel the contract without penalty before the
change becomes effective (12 CFR 37.3(c)(1)).
• does not provide customers a no-refund DCC or DSA unless it also offers a
comparable product that provides for a refund of any unearned fees paid for the
contract if the contract is terminated (12 CFR 37.4(a)).
• obtains a customer’s written acknowledgement to purchase a contract and written
acknowledgement that the customer received the long-form disclosures
(12 CFR 37.7(a)).
In addition,
• if the national bank sells a contract over the telephone, confirm that the bank
– maintains sufficient documentation to show that the customer received the short-
form disclosures and affirmatively elected to purchase a contract or agreement
(12 CFR 37.7(b)(1)).
– mails the affirmative written election and written acknowledgement together with
the long-form disclosures to the customer within three business days after the
telephone solicitation and maintains sufficient documentation to show it made
reasonable efforts to obtain the documents from the customer
(12 CFR 37.7(b)(2)).

Version 2.0
– permits the customer to cancel the purchase of the contract or agreement without
penalty within 30 days after the bank has mailed the long-form disclosures to the
customer (12 CFR 37.7(b)(3)).
• if the bank or its third party sells a contract over the telephone, review the
telemarketing scripts or listen to calls to assess compliance with 12 CFR 37 .
• if a contract is solicited through written materials, such as inserts or “take-one”
applications, and the national bank provides only the short-form disclosures, confirm
that the bank
– mails the acknowledgement of receipt of disclosures, together with the long-form
disclosures, to the customer within three business days, beginning on the first
business day after the customer contacts the bank or otherwise responds to the
solicitation (12 CFR 37.7(c)).
– does not obligate the customer to pay for the contract until after the bank receives
the customer’s written acknowledgment of receipt of disclosures, unless the bank
▪ maintains sufficient documentation to show that it provided the
acknowledgement of receipt of disclosures to the customer
(12 CFR 37.7(c)(1)).
▪ maintains sufficient documentation to show it made reasonable efforts to
obtain from the customer a written acknowledgement of receipt of the long-
form disclosures (12 CFR 37.7(c)(2)).
▪ permits the customer to cancel the purchase of the contract or agreement
without penalty within 30 days after the bank has mailed the long-form
disclosures to the customer (12 CFR 37.7(c)(3)).
6. Select a sample of accounts in which the borrower terminated DCCs and DSAs to
determine that the national bank103
• refunded to the customer any unearned fees paid unless the contract provided
otherwise (12 CFR 37.4(a)).
• calculated the amount of refund using a method at least as favorable to the customer
as the actuarial method (12 CFR 37.4(b)).
7. Through discussions with lending officers and a review of the national bank’s training
program, determine whether personnel provide and are trained to provide
• short-form disclosures orally at the time the bank first solicits the purchase of a
contract (12 CFR 37.6(c)(1)).
• long-form disclosures in writing before the customer completes the purchase of the
contract (12 CFR 37.6(c)(2)).
• long-form disclosures in writing to the customer if the initial solicitation is in person
(12 CFR 37.6(c)(2)).
For more information about selecting a sample, refer to the “Sampling Methodologies” booklet of the
103

Version 2.0
• short-form disclosures orally to the customer and to mail long-form disclosures, with
a copy of the contract, if appropriate, to the customer within three business days after
a telephone solicitation (12 CFR 37.6(c)(3)).
• long-form disclosures that are mailed to the customer within three business days,
beginning on the first business day after a customer responds to a mail insert or “take-
one” application (12 CFR 37.6(c)(4)).
• disclosures, if provided through electronic media, that are consistent with the
Electronic Signatures in Global and National Commerce Act of 2000 (15 USC 7001
et seq.) requirements (12 CFR 37.6(c)(5)).
8. Determine whether the national bank complies with the disclosure requirements of 12
CFR 37 by completing appendix E, “Debt Suspension Agreement and Debt Cancellation
Contract Forms and Disclosure Worksheet,” of this booklet.
9. Assess the quality of the MIS used to monitor and administer DSAs and DCCs. At a
minimum, the bank’s monthly reports should be sufficient to accurately ascertain
• enrollment volume and trends, including

– number and account balances of accounts enrolled in the program.
– cancellation rate, segmented by customer versus bank closure.
• application and activation volume and trends, including
– average claim processing time, by type.
– benefit application, approval, decline, and fallout104 rates.
– number and account balances of accounts in benefit status.
– average duration of benefit period by type and aging of active benefits (time to
benefit exhaustion).
– delinquency status of accounts in active benefit status, by type.
– performance of accounts subsequent to benefit denial, fallout, and benefit
exhaustion.
• profitability, including
– fee income generated.
– average APR of enrolled and activated accounts.
– costs, including retroactive adjustments, of active benefits, by type.
Note: If the bank securitizes assets, the information in this procedure should be
broken down by receivable ownership (bank, trust, trust series, etc.), and aggregated
for the managed portfolio overall. The information should be used to evaluate
program performance (current and trends, operational issues, etc.) and pricing, to
establish adequate debt waiver interest and fee reserves, to set the amount of a trust’s
remittance (if any), and to analyze the ALLL or ACL.
104
Fallout refers to failure to satisfactorily complete the claim.

Version 2.0
10. Evaluate the quality and frequency of the analyses performed.
• Determine whether bank management analyzes the performance of accounts and

whether the analysis includes the performance of accounts, by type of benefit claimed
(e.g., unemployment, medical) for the following types of accounts:
– Accounts with denied claims.
– Accounts with claims that are not completed after initial notification to the bank.
– Accounts for which benefits have expired.
• Determine whether the accounts described in this procedure perform differently from
the rest of the portfolio. If so, assess whether the performance difference is
appropriately incorporated into the allowance analysis.
• Confirm the bank’s analysis by reviewing a sample of accounts that came off benefits
six months ago. Determine the current payment status of those accounts.
11. Determine whether the bank administers DSA and DCC programs in-house or if they are
outsourced to an affiliate or third party. If they are outsourced, review the governing
contract, costs, and the controls in place to monitor performance and compliance with all
applicable laws and regulations.
12. Evaluate the accounting and profitability of each program by
• assessing the bank’s accounting for income and expenses.

• ensuring that the bank maintains an adequate reserve for claims, if applicable.
• assessing the significance of debt waiver income to the bank’s total income, and
evaluating income sustainability in view of program volume, claims experience, and
cancellation rates, at a minimum.
• if the program is offered for accounts that are securitized, determining the bank’s
responsibility for income sharing and claims payments and reviewing the supporting
accounting entries. Confirm that trust reimbursements are accurate and timely.
13. Complete appendix F, “Debt Suspension and Cancellation Product Information

Worksheet,” of this booklet, and retain a copy in the examination work papers.
Accounting for Rebate Programs

exposure to rebate activity.
bank’s rebate activities.
Objective: To assess the bank’s accounting for rebate programs and determine the implications for
income, as well as for program performance.

Version 2.0
1. Determine whether the issuer has recorded any contingent liability on any rebate program
that it offers and how that contingent liability is calculated. If the issuer has no contingent
liability, obtain an analysis as to why there is no liability for the issuer. Document your
findings in the work papers.
2. If the issuer is reserving for a future liability, review the general ledger account activity
and supporting analysis and assess the appropriateness of the contingent liability based on
redemption activity.
3. Determine, based on the reviews of the financial condition of the issuer’s partners,
whether any partner’s financial condition may be questionable.
4. Review each product that has a rebate and for each program determine
• the outstanding rebate liability.

• the redemption volume in recent months.
• the process by which the customer redeems the rebates.
• whether third parties are used.
5. Determine whether the contract limits the issuer’s contingent liability for certain items,
such as rising airline ticket costs.
6. If the issuer pre-purchases rewards (e.g., airline points), assess whether the accounting for
these purchases is consistent with GAAP.
7. In conjunction with the examiner performing the profitability analysis, determine the
profitability for each product that offers a rebate and compare the results with the
profitability of products that do not offer rebates.
Program Availability and Eligibility Standards

Conclusion: Based on the responses to procedures, the quantity of risks is (low, moderate, or high)
bank’s activities to determine program availability and eligibility standards.
Objective: To evaluate the policies and procedures that bank management has established setting
forth program availability and eligibility criteria that a consumer must meet to obtain a credit
card.
1. Determine whether bank management has established policies and procedures that set
forth the availability and eligibility standards that a consumer must meet to obtain a credit
card.

Version 2.0
• Review the policies and procedures that have been established to ascertain whether
eligibility standards (e.g., relationship history, deposit history, incidence of default or
bankruptcy) are set forth.
2. Determine whether the bank gathers sufficient information to determine that a consumer
meets the bank’s eligibility standards, and whether the bank satisfies the requirement in
12 CFR 1026.51 to evaluate a consumer’s ability to pay, before approving the consumer
for a credit card. This information can be provided by the consumer on an application or
collected from internal or external information sources.
3. Determine whether the bank’s policies and procedures clearly identify each credit card
product.
• Review the bank’s marketing materials to evaluate whether all available credit card
products are adequately described.
• Obtain a list of all available products to evaluate and compare with the bank’s
policies and procedures. Product features to evaluate include
− whether product features are clearly identified by the bank.
− whether the bank has clearly identified the eligibility and credit criteria that the
consumer must meet to be approved for the loan.
Credit Terms and Methods of Payment

bank’s credit terms and repayment activities.
Objective: To determine whether the bank has made approval of credit cards conditional on the
consumer agreeing to repay the credit line by means of preauthorized electronic fund
transfers.
1. Has the bank conditioned the credit card on the consumer’s repayment by preauthorized
electronic fund transfers? Refer to 12 CFR 1005.10(e), which generally prohibits making
an extension of credit to a consumer conditional on the consumer’s repayment by
preauthorized electronic fund transfers.
2. Does the product offer a reduced APR or other cost-related incentive to induce the
consumer to accept an automatic repayment feature? If so, are other reasonable loan
repayment options offered by the bank for the credit card?
3. Determine whether the bank requires consumers participating in automatic repayment by

preauthorized electronic fund transfers to maintain a specified minimum balance in the
consumer’s account.

Version 2.0
Credit Reporting
bank’s credit reporting activities.
Objective: To assess whether the bank reports payment information to credit bureaus and/or
consumer reporting agencies (CRA). If the bank reports payment or other consumer
information to credit bureaus or CRAs, assess the bank’s program for reporting consumer
performance regarding credit card accounts.
Note: Creditors are not legally required to report to CRAs or to consumer credit bureaus. If a
creditor does report consumer information to a CRA or credit bureau, however, then the
creditor must comply with the timing and accuracy requirements of the FCRA, imp lemented
by 12 CFR 1022. Reporting this information may improve the credit score of a consumer
making timely payments.
1. Determine whether the bank maintains policies and procedures for reporting consumer
information to credit bureaus.
2. Determine whether the bank reports consumer payment information to credit bureaus
and/or CRAs.
Refer to OCC Bulletin 2008-28, “Fair Credit Reporting Act (FCRA): Additions to FCRA
Examination Procedures,” and the attached “Interagency FCRA Examination Procedures”
(including module 4, “Duties of Users of Consumer Reports and Furnishers of Consumer
Report Information,” and appendix A, “Examination Procedures”).
Also refer to 12 CFR 1022, which describes the requirements for obtaining and using
consumer information to determine eligibility for products and furnishing information to
credit bureaus. Examiners may also refer to the “Fair Credit Reporting” booklet of the
Comptroller’s Handbook (national banks) and OTS Examination Handbook, section 1300,
“Fair Credit Reporting Act” (FSAs).
Compliance With Consumer Protection-Related Laws and Regulations

bank’s compliance activities.
Note: Examiners should use the relevant Consumer Compliance series booklet of the
Comptroller’s Handbook for more information and examination procedures.

Version 2.0
Conclusions
Conclusion: The aggregate level of risk is

(low, moderate, or high).
The direction of risk is
(increasing, stable, or decreasing).
Objective: To determine, document, and communicate overall findings and conclusions regarding
the examination of credit card lending.
1. Determine preliminary examination findings and conclusions and discuss with the EIC,
including
• quantity of associated risks (as noted in the “Introduction” section of this booklet).
Interest rate, liquidity, and compliance assessments should be coordinated with
examiners assigned to review those risks.
• quality of risk management.
• aggregate level and direction of associated risks.
• overall risk in credit card lending.
• Credit Underwriting Assessment findings and conclusions, if applicable.
• matters requiring attention, violations, and other concerns.
Summary of Risks Associated With Credit Card Lending

Quantity of Quality of risk Aggregate level of Direction of
risk management risk risk
Risk (Weak,
category (Low, (Low, (Increasing,
insufficient,
moderate, moderate, stable,
satisfactory,
high) high) decreasing)
strong)
Credit
Operational
Liquidity
Strategic
Reputation
Interest Rate
Compliance
2. If substantive safety and soundness concerns remain unresolved that may have a material
adverse effect on the bank, further expand the scope of the examination by completing
verification procedures.

Version 2.0
3. Discuss examination findings with bank management, including violations,

recommendations, and conclusions about risks and risk management practices. If
necessary, obtain commitments for corrective action.
4. Compose conclusion comments, highlighting any issues that should be included in the
report of examination. If necessary, compose matters requiring attention and violation
write-ups.
5. Complete the applicable Credit Underwriting Assessment in Examiner View for credit
card lending, if included in the examination scope.
6. Update the OCC’s information system and any applicable report of examination
schedules or tables.
7. Document a recommended supervisory strategy (e.g., what the OCC should do in the
future to effectively supervise credit card lending in the bank, including time periods,
staffing, and workdays required).
8. Update, organize, and reference work papers in accordance with OCC policy.
9. Appropriately dispose of or secure any paper or electronic media that contain sensitive
bank or customer information.

Version 2.0
Internal Control Questionnaire

An internal control questionnaire (ICQ) helps an examiner assess a bank’s internal controls
for an area. ICQs typically address standard controls that provide day-to-day protection of
bank assets and financial records. The examiner decides the extent to which it is necessary to
complete or update ICQs during examination planning or after reviewing the findings and
conclusions of the core assessment.
Policies
1. Has the board committee or the board of directors (depending on the risk profile of the
bank), consistent with its duties and responsibilities, adopted written policies that
establish
a. procedures for reviewing credit card applications?

b. standards for determining credit lines?
c. minimum standards for documentation?
d. standards for collection procedures?
e. third-party relationship management?
2. Are policies reviewed at least annually to determine whether they are compatible with
changing market conditions and the bank’s strategic plan?
Underwriting and Scoring Models

3. Does audit or internal credit risk review test compliance with underwriting standards?
4. Are underwriting standards periodically reviewed and revised?
5. If credit scoring models are used,
a. are credit limits determined by cutoff scores?

b. are models periodically (e.g., quarterly or annually) revalidated for accuracy and
stability?
c. are there written internal procedures governing overrides?
6. Are data from the application tested for input accuracy to the account processing system?
If so, what is the sample size and frequency of the test?
7. Are line of credit increases reviewed periodically by an independent person to determine

compliance with bank policy and procedures?
8. Does an independent control function periodically review credit lines for appropriateness
of amount?

Version 2.0
9. Are procedures in effect to review credit lines when the bank becomes aware of a change
in financial status or creditworthiness of a cardholder?
10. Is an exception report produced and reviewed by bank management that tracks changes in
customer account status due to credit card re-agings, temporary and permanent hardship
programs, settlement agreements, or other factors?
11. Does the bank prepare reports that document the daily balance of issued cards to the
reported total of new and reissued cards?
12. Does the bank have procedures covering the establishment of employee accounts?
13. Are employee accounts periodically reviewed?
14. Has the bank established a policy on cash advances to employees?
15. Is the information on fraud claims reviewed to determine whether
a. a bank employee could have been involved?

b. a breakdown in the bank’s control over issued cards is indicated?
c. the card information could have been extracted before the card left the bank?
16. Are signatures on sales drafts compared with signatures on notifications when the owners
of cards disclaim knowledge of sales or claim that cards were lost?
17. Is an officer required to sign off at the conclusion of a fraud investigation?
18. Does the credit card operation prepare a budget by
a. function (e.g., collections, application processing)?

b. program (e.g., secured card, private-label)?
c. overall operation?
19. Are actual results compared to budget at least monthly?
20. Are significant trends and deviations adequately explained in the financial review
process?
Risk Management
21. Does bank management develop and maintain written underwriting and account
management policies?
22. Does bank management monitor adherence to those policies?
23. Does bank management ascertain the quality of the portfolio and assign risk ratings?

Version 2.0
24. Does bank management periodically review policies and procedures to confirm that they
remain appropriate and consistent with the bank’s risk management objectives and to
assess the impact on portfolio quality?
25. Does bank management validate the integrity of scoring systems and other models in
use?
26. Does bank management have appropriate policies and processes in place to manage and
monitor third parties?
27. Do asset securitizations receive appropriate approval?
28. Are collection programs for securitized loans appropriate?
29. Does bank management have a plan for maintaining adequate funding for maturing
securitizations?
Conclusion
30. Does the foregoing information confirm that there is an appropriate basis for evaluating
the bank’s internal controls over its credit card operations, and further, that there are no
significant additional internal auditing procedures, accounting controls, administrative
controls, or other circumstances that impair any controls or mitigate any weaknesses
identified? (Explain negative answers briefly, and indicate conclusions as to the answer’s
effect on specific examination or verification procedures.)
31. Based on the answers to the foregoing questions, internal control for credit card lending
is considered (strong, satisfactory, insufficient, or weak).

Version 2.0
Verification Procedures
Verification procedures are used to verify the existence of assets and liabilities, or to test the
reliability of financial records. Examiners generally do not perform verification procedures as
part of a typical examination. Rather, verification procedures are performed when safety and
soundness concerns are identified that are not mitigated by the bank’s risk management
systems and internal controls.
1. Test the additions of the trial balances and the reconciliation of the trial balances to the
general ledger. Include loan commitments and other contingent liabilities.
2. After selecting loans from the trial balance by using an appropriate sampling technique
(refer to the “Sampling Methodologies” booklet of the Comptroller’s Handbook for
information on sampling techniques),
• prepare and mail confirmation forms to borrowers. (Loans serviced by other

institutions, either whole loans or participations, are usually confirmed only with the
servicing institution. Loans serviced for other institutions, either whole loans or
participations, should be confirmed with the buying institution and the borrower.
Confirmation forms should include borrower’s name, loan number, credit line,
interest rate, and current loan balance).
• after a reasonable time, mail second requests.
• follow up on any unanswered requests for verification or exceptions and resolve
differences.
• examine credit agreements for completeness and compare credit agreement date,
original line amount, and terms with trial balance.
• check whether required officer approvals are documented on the loan system.
• check whether the credit agreement is signed, appears to be genuine, and is
negotiable.
3. Review accounts with accrued interest by
• reviewing and testing procedures for accounting for accrued interest and for hand ling
adjustments.
• scanning accrued interest for any unusual entries and following up on any unusual
items by tracing them to initial and supporting records.
4. Using a list of nonaccruing loans, check loan accrual records to determine that interest
income is not being recorded.
5. Obtain or prepare a schedule showing the monthly interest income amounts and the loan
balance at the end of each month since the last examination, and
• calculate yield.
• investigate any significant fluctuations or trends.

Version 2.0
Appendixes
Appendix A: Transaction Testing
Overview
Examiners should perform testing procedures to verify a bank’s adherence to its own policies
and procedures, compliance with laws and regulations, and adherence to sound risk
management principles. Examiners also use testing to assess the bank’s risk selection, the
adequacy and accuracy of its reports, and the adequacy and accuracy of its loan accounting
and servicing. Testing procedures usually should be performed to some degree in all credit
card examinations.
These procedures recommend judgmental sample sizes. The sample size and targeted
portfolio segment may be modified to fit the circumstances. The sample selected should be
sufficient in size to reach a supportable conclusion. Increase the sample size if questions arise
and more evidence is needed to support the conclusion.
Examiners may want to consider using a statistical sampling process for reaching conclusions
on an entire portfolio. Performing statistically valid transaction testing on portfolios of
homogeneous retail accounts is extremely effective. The benefits of statistical sampling allow
examiners to quantify the results of transaction testing and state with confidence that the
results are reliable.
For more information regarding statistical and judgmental sampling, consult the “Sampling
Methodologies” booklet of the Comptroller’s Handbook.
Examiners conducting testing should be alert for potential discriminatory, unfair, deceptive,
abusive, or predatory lending practices (e.g., providing misleading disclosures). If
weaknesses are found or other concerns arise, consult the bank’s EIC or compliance
examiner.
Note: For more information, refer to the “Fair Lending” and “Unfair or Deceptive Acts or
Practices and Unfair, Deceptive, or Abusive Acts or Practices” booklets of the Comptroller’s
Handbook.
Suggested Transaction Testing Samples
Note: Sample sizes are suggestions only. The sample selected should be sufficient in size to
reach a supportable conclusion. Expand the sample size if issues are found or if more
evidence is needed to support a conclusion. The suggested samples in this section are for
judgmental samples. Statistical samples may also be used. Please refer to the “Sampling
Methodologies” booklet of the Comptroller’s Handbook for more information regarding
judgmental and statistical sampling.

Version 2.0
Underwriting
Objective: Determine the quality of new accounts and risk selection. Determine adherence to
lending policy, underwriting standards, and pricing standards.
Sample size – 30 Accounts booked in last 90 days.

• Include coverage of all significant product types.
• Include all or target certain acquisition channels.
• Include different price points.
Sample size – 10 Accounts approved and booked in last 90 days.

from each • Include all significant th ird-party loan originators.
significant third-
party origination
channel
Sample size – 30 Accounts declined in last 90 days.

• Include all or target certain acquisition channels.
• Focus on applications not automatically denied if credit scoring is used.
Lending Policy Exceptions

Objective: Evaluate the quality and appropriateness of exceptions to lending policy.

• Include all exception codes.
• Include accounts with exceptions from all significant third -party loan originators.
• If exception coding is deficient, filter new accounts for exceptions to criteria for
debt-to-income, credit history, etc., and select sample from results.
Overrides
Objective: Evaluate the quality and appropriateness of low-score overrides.

• Select accounts that scored below cutoff and were approved.
• Include all score-override reason codes.
• Include accounts in all score bands below the cutoff.

Version 2.0
Line Increases
Objective: Evaluate the change in credit risk and appropriateness of line increases.
Sample size – 30 Accounts with automatic line increases in last 180 days.
• Select accounts from different products.
• Select accounts from a full range of risk scores , but select proportionately more
accounts with lower scores.
• Include accounts with line utilization greater than 75 percent.
• Test for consistency with credit criteria.
• Evaluate the size of the line increase relative to creditworthiness.
• Consider how much credit risk is added to the portfolio.
Sample size – 30 Accounts with manual line increases in last 90 days.

• Select accounts from different products.
• Include accounts with line utilization greater than 75 percent.
• Include accounts in over-limit status.
• Test for consistency with credit criteria.
• Evaluate the size of the line increase relative to creditworthiness.
• Consider how much credit risk is added to the portfolio.
Over-Limits
Objective: Evaluate the quality of accounts in over-limit status.
Sample size – 30 Accounts with balances that equal or exceed the assigned credit limit by a certain
threshold (such as 20 percent or more) as of last statement cycle date.
• Verify why accounts are over credit limits and if there are any authorization issues,
NSF, or other issues involved.
• Verify when over-credit-limit (OCL) fees are imposed and when OCL fees are
suspended.
• Verify how the minimum payment is calculated.
• Evaluate sample for accounts with negative amortization.
• Determine length of time accounts have been in OCL status.

Version 2.0
Collection Activities
Objective: Evaluate appropriateness of collection activities and consistency with the principles in
the “Uniform Retail Credit Classification and Account Management Policy.”105
Note: Refer also to the checklist in appendix C of this booklet.
Re-Aging
Sample size – 30 Accounts that received automated collection (non-customer-service) re-aging in past
three months.
• Check consistency with the “Uniform Retail Credit Classification and Account
Management Policy” and bank policies.
Sample size – 30 Accounts that received manual collection (non-customer-service) re-aging in the past
three months.
Sample size – 30 Accounts that received customer service re-aging for more than one delinquency cycle
(i.e., accounts greater than 30 days past due when re-aged) in the past three months.
Workout and Forbearance Programs
Sample size – 30 Accounts in 1) external workout programs (such as CCC) and 2) internal permanent
per program workout programs.
• Include any program with payment amount, interest, or fee modification.
• Select 50 percent of the sample from accounts that entered the program in the last
quarter.
• Evaluate the reasonableness of forbearance programs, e.g., qualifying criteria,
interest rate, payment amount, and repayment period.
• Verify that the account balance will amortize in a reasonable amount of time,
generally 60 months, and that exceptions are limited, reported , and tracked
• Verify compliance with internal policies and procedures.
• Determine the length of time in temporary hardship program, if any.
• Be alert to the movement of accounts from one program to another.
Sample size – 30 Accounts in temporary hardship programs as of the examination date.

per program • Evaluate the reasonableness of forbearance programs, e.g., qualifying criteria,
interest rate, payment amount, and repayment period.
• Determine that borrower hardship is documented and supportable as temporary .
• Be alert to the movement of accounts from one program to another.
105

Version 2.0
Deceased Borrower Accounts
Sample Size – 30 Accounts coded as deceased 90–120 days before examination date
• Verify compliance with internal policies and procedures .
• Verify charge-off within 60 days of notification or 180 days delinquent, whichever
is shorter.
• Policies and procedures should include provisions for timely settlement with
executor or administrator of deceased’s account and recognize there are fee and
interest restrictions.106
Bankruptcy
Sample size – 30 Accounts coded as bankrupt as of examination date.

per loan type • Include borrowers in chapter 7 and chapter 13.
• Assess for consistency with the “Uniform Retail Credit Classification and Account
Management Policy” and bank policies such that charge-off generally occurs within
60 days of notification of bankruptcy filing or 180 days delinquent, whichever is
shorter.
Settlement
Sample size – 30 Accounts with settlement agreements in the past three months.
• Evaluate reasonableness of the repayment period.
• Determine appropriateness of loan allowance and charge-offs.
Was Past Due, Now Current
Sample size – 30 Accounts that were 90 days or more past due as of three billing cycles ago, but current
as of next billing cycle.
• Include accounts with NSF check payments, if possible.
• Check compliance with FFIEC and bank policies.
• Determine how the account returned to current status and the appropriateness of
the method of return.
• Assess the accuracy of the loan accounting system and delinquency reporting.
• Consider the impact of any irregularities on roll rates and loan -loss method.
Exceptions to Charge-Off Policy

Sample size – 30 Accounts more than 180 days past due as of examination date.
• Include accounts from each product type.
• Verify consistency with the “Uniform Retail Credit Classification and Account
• Evaluate whether exceptions to bank policy are appropriate.
106
Refer to 12 CFR 1026.11(c).

Version 2.0
Charge-Off Postmortem
Sample size – 30 Recently charged -off accounts.

• Include accounts from each product type.
• Verify consistency with the “Uniform Retail Credit Classification and Account
• Review borrower, payment, and collectio n histories to determine whether actions
taken pre-charge-off were reasonable or if the practices deferred loss recognition.
• Evaluate whether exceptions to bank policy are appropriate.
Fraud
Objective: Assess adherence to policy, determine propriety of practices, and determine timeliness
of charge-off policies.
Sample size – 30 Accounts identified as fraud, in part or total.

• Determine whether accounts identified as fraud are being investigated.
• Verify compliance with bank’s policy and procedures, including what is considered
fraud.
• Determine whether fraud losses are properly identified as fraud losses rather than
credit losses.
• Determine whether charge-off time frames are reasonable.
• Assess adequacy of processes to investigate and report suspicious activity in a
timely manner.
DSA and DCC Programs

Objective: Verify how product is managed.
Sample size – 30 Accounts with DCCs.

• Include accounts in both pending and activated status.
• Assess adequacy of account management processes, e.g., activation, accounting,
re-aging, MIS.
• Verify compliance with bank’s policy and procedures.
• Verify compliance with 12 CFR 37 in national banks.
Sample size – 30 Accounts with debt suspension agreements.

• Include accounts in both pending and activated status.
• Assess adequacy of account management processes, e.g., activation, accounting,
re-aging, MIS.
• Verify compliance with bank’s policy and procedures.
• Verify compliance with 12 CFR 37 (national banks).

Version 2.0
Minimum Payment
Objective: Verify how the minimum payment is computed.
Sample size – 30 Accounts for each product type.

• Include accounts in over-limit status, those in temporary hardship and workout
programs, and those with the credit protection feature.
• Verify that product control file settings are consistent with bank’s policy and are
appropriate.

Version 2.0
Appendix B: Suggested Request Items for Credit Card

Lending Activities
Please provide the following information for credit card lending operations as of the close of
business (DATE), unless otherwise indicated. Information in an electronic format is
preferred. If submitting hard copies, please prominently mark any information or
documentation that is to be returned to the bank.
Our intent is to request information that can be easily obtained. If you find that the
information is not readily available or requires significant effort on your part to prepare,
please contact us before compiling the data.
Please note that this list is not all-inclusive, and that we may request additional items during
the course of our examination.
General
1. Summary of each credit card product offered, and a brief description of characteristics
and terms. Include descriptions of debt suspension and debt cancellation programs
offered, if any. Also, include marketing or acquisition channels used (e.g., direct, internet,
mail, and third-party originators), as applicable.
2. Descriptions of any new, modified, or expanded products or marketing initiatives since

the last examination and any upcoming plans, including information on any prescreening
programs.
3. Descriptions of any credit card portfolios acquired since the last examination, including
due diligence reports.
Management and Supervision
Note: During the supervisory activity, examiners may request, review, and discuss individual
managers’ performance appraisals.
4. An organization chart(s) for the bank’s, division’s, and department’s current structure.
Include all key managers, the number of people in each department, and approved but
unfilled positions.
5. A list of primary contacts, including contact numbers.
6. Job descriptions and brief resume or work experience summary for all key managers.
7. A list of board and relevant senior management committees that provide oversight,
including a list of members and meeting schedules.

Version 2.0
8. Minutes of board and relevant senior management committees for the most recent full
year and year to date. Include any relevant reports provided to the committees.
9. Most recent strategic plan with details of any assumptions used to prepare the plan.
Include marketing plans and forecasts.
10. Summaries of all incentive programs in effect.
11. A list of all key reports used by bank management to monitor the business, including
frequency, distribution, and the person or unit responsible for report preparation.
12. Access to SARs related to credit card activities filed with the Financial Crimes
Enforcement Network (FinCEN) during the review period and the supporting
documentation.
13. Any analysis or documentation of any credit card activity for which a SAR was
considered but not filed, and for which the bank is actively considering filing a SAR.
14. A description of the system and parameters used for identification of and monitoring for
fraudulent or suspicious transactions.
15. If not already provided, copies of other reports that can pinpoint unusual transactions
warranting further review.
16. A listing with descriptions of each credit card-related third party.
17. A summary of which third parties the board or management has determined are critical in
relation to the bank’s credit card activities.
Financial Performance
18. Financial and profitability performance indicators for the most recent year-end and year
to date. Copies of balance sheets and income statements from the most recent year-end
and for the year to date, including budget data for comparison purposes.
19. Most recent credit card budget, with details of any assumptions used to prepare. Include
any year-to-date budget variances and plan revisions as of the examination date.
20. Profitability reports for each major credit card product as of the examination date and the
most recent year-end.
21. A summary of any profitability models used and current rate and fee schedule for each
product.

Version 2.0
Control Systems (Risk Management, Credit Risk Review, Quality

Assurance, Quality Control, Audit)
22. Relevant reports issued by internal and external audit, QA, QC, compliance management,
and credit risk review since the last examination. Include bank management’s responses.
23. Policies and procedures for major functional areas, including underwriting, account
management, collections, loan-loss reserves, QA, and QC.
24. A chronology log of significant policy changes and other events relevant to the credit
card portfolio’s performance.
25. Risk management reports and analyses used to monitor performance of the credit card
portfolio and individual products.
26. Loan volume reports by number and dollar amount for the entire credit card portfolio and
individual product.
27. Summary of monthly delinquency and net loss reports for the most recent year-end and
year to date for the credit card portfolio and individual products. Also provide any
vintage analysis, dynamic delinquency, and loss analysis completed to monitor the
portfolio. Include other credit performance analyses you feel are pertinent.
28. An overview of the scorecards used, if any, and summary of any changes planned.
29. Most recent model validation reports for each scorecard used.
30. Model development documentation for each scorecard or model within the scope of the
examination.
31. Risk score distributions and migration trends.
32. Most recent loss forecasts.
33. If third-party originators are used, MIS used to monitor quality of applicants and credit
performance of loans sourced from each third party used.
34. Description of controls (e.g., financial and audit requirements) and performance reports
used to monitor the quality of service of third parties, as well as due diligence criteria
used to select third parties for credit card lending activities.
Underwriting
35. Risk management reports used to monitor and analyze applicant quality and trends.
Include application-tracking trend reports for the most recent year-end and year to date.
Depending on the portfolio, information may include applications submitted, approved,

Version 2.0
booked, and denied, and underwriting criteria, such as credit score and debt-to-income
distributions or measures.
36. Reports used to track productivity and compliance with policy.
37. Reports used to monitor underwriting policy exceptions and overrides. Please include any
analyses of subsequent performance by type of exception.
Collections
38. An overview of how the bank achieves consistency with the principles in the “Uniform
Retail Credit Classification and Account Management Policy.”107
39. Volume and trends for re-aging activities, if any, including subsequent performance
monitoring.
40. Volume and trends of accounts in workout programs (e.g., CCC) or other forbearance
programs, including subsequent performance monitoring.
41. Problem loan list with credit risk classifications and criteria for assigning these risk
classifications.
42. Loan-loss postmortem reviews from the most recent year-end and for year to date.
43. MIS reports used to manage and measure the effectiveness of the collection area (e.g.,
roll rates, dollars collected, and promises to pay).
44. MIS reports detailing the number and dollars of first payment defaults. If available,
include monthly reports for the past 12 months.
Allowance for Loan and Lease Losses or Allowance for Credit Losses
45. Most recent ALLL or ACL analysis for the credit card portfolio. Include a complete
description of the method and assumptions used.
Other Areas of Interest
46. Charged-off consumer debt sold to third parties. Refer to OCC Bulletin 2014-37.
47. Reports management uses to monitor complaints (e.g., trend analyses, metrics, and
resolution reports).
48. Description of litigation, either filed (by bank or customer) or anticipated, associated with
the bank’s credit card activities. Include expected costs or other implications.
107

Version 2.0
49. If debt suspension or debt cancellation products are offered, reports used to monitor
product performance. Include information for product penetration, claims rates (approved
and denied), reserve method and balances, and profitability.
Transaction Testing
Examiners will conduct transaction testing to verify compliance with the bank’s policies and
procedures; assess risk selection; determine accuracy of reports; verify compliance with the
applicable policies, laws, and regulations; or determine the accuracy of loan accounting and
servicing.
50. Please provide electronic files for each major product that will allow an examiner to
select a sample to conduct the testing. The files should be provided in a format
compatible with the National Credit Tool or in an Excel worksheet that includes relevant
loan information, including
• account number,
• customer name,
• booking date,
• loan amount,
• payment information,
• current payment due,
• last payment date,
• loan term,
• interest rate,
• delinquency status,
• risk score, and
• repayment capacity measure.
Areas to be tested include the following:
• Accounts approved in the last 60 days (since DATE). If credit scoring is used,
provide two files, one for accounts not automatically approved and one for accounts
automatically approved.
• Accounts approved in the last 60 days (since DATE) that would have been denied
except for an override or exception to policy.
• Accounts that were 60 days or more past due as of (DATE), but current as of
(DATE).
• Accounts charged off in (MONTH).

Version 2.0
Appendix C: Uniform Retail Credit Classification and

Account Management Policy Checklist (RCCP Checklist)
Applicability: The retail credit classification and account management policy (policy)
applies to the following:
• Open- and closed-end credit extended to individuals for household, family, and other
personal expenditures, including consumer loans and credit cards.
• Loans to individuals secured by their personal residence, including first mortgage, home
equity, and home improvement loans.
Note regarding policy guidelines:
• The policy does not preclude examiners from classifying individual loans or entire
portfolios regardless of delinquency status, or from criticizing account management
practices that are deficient or improperly managed. If underwriting standards, risk
management, or account management standards are weak and present unreasonable credit
risk, deviation from the minimum classification guidelines outlined in the policy may be
prudent.
• Credit losses generally should be recognized when the bank becomes aware of the loss,
but the charge-off generally should not exceed the time frames stated in the policy.
Deviations from these time frames could affect ALLL or ACL estimation, required
regulatory reporting, and result in unrecognized credit risk within the portfolio and the
bank. If a bank’s practices deviate from these time frames, examiners should consider
reasonableness of bank management’s support for the bank’s practices, the adequacy of
risk management, and whether the deviations are commensurate with safe and sound
banking practices.
Retail Credit Classification and Account Management Policy Checklist

Yes/no Doc. ref. Comments
Substandard classification
1. Does the bank consider open accounts 90
cumulative days past due to be substandard?
2. In cases in which the bank can clearly
demonstrate that repayment of an account by
a borrower in bankruptcy is likely to occur, is
the account appropriately classified as
substandard until the borrower re-establishes
the ability and willingness to repay for a
period of at least six months?
Loss classification
1. Are secured accounts written down to the
value of the collateral, less cost to sell, if
repossession of collateral is assured and in
process?

Version 2.0

Bankruptcy
1. Are accounts in bankruptcy charged off within
60 days of receipt of notification of filing from
the bankruptcy court or within the 120/180-
day-past-due time frame (whichever is
shorter)?
2. When an account’s balance is not charged
off, does the bank classify it as substandard
until the borrower re-establishes the ability
and willingness to repay for a period of at
least six months?
Fraudulent accounts
1. Are fraudulent accounts classified as loss and
charged off within 90 days of discovery or
within the 120/180-day-past-due time frame
(whichever is shorter)?
Deceased borrower accounts
1. Are accounts of deceased persons classified
as loss and charged off when the loss is
determined or within the 120/180-day-past-
due time frame (whichever is shorter)?
Other considerations for classification
1. Under what conditions does the bank not
classify an account as substandard or loss in
accordance with the policy?
Note: The policy indicates that assets do not

need to be classified if the bank can
document that the loan is well secured and in
the process of collection, such that collection
will occur regardless of delinquency status.
Partial payments
1. Does the bank require that a payment be
equivalent to 90 percent or greater of the
contractual payment before counting the
payment as a full payment?
2. As an alternative, does the bank aggregate
payments and give credit for any partial
payments received?
3. Are controls in place to prevent both methods
one and two from being used simultaneously
on the same credit?
Re-aging, extensions, deferrals, renewals, and rewrites
1. Are the above types of activities permitted
only when the action is based on a renewed
willingness and ability to repay the loan?
2. Does documentation show that the bank
communicated with the borrower, the
borrower agreed to pay the loan in full, and
the borrower has the ability to repay the loan?

Version 2.0

3. Do MIS separately identify the number of
accounts and dollar amounts that have been
re-aged, extended, deferred, renewed, or
rewritten, including the number of times such
actions have been taken?
4. How does the bank monitor and track the
volume and performance of loans that have
been re-aged, extended, deferred, renewed,
rewritten, or placed in a workout program?
Note: The criteria in questions #1 and #2 do

not apply to customer-service-originated
extensions or program extensions (such as
holiday skip-a-pay). Examples of how the
bank would determine and document a
borrower’s willingness and ability to repay
could include such items as credit bureau
score and data being obtained and reviewed,
stated income being verified, and obtaining a
“hardship” letter from the borrower.
Open-end credit (re-aging)
1. Is a reasonable written policy in place and
adhered to?
2. To be considered for re-aging, does the
account exhibit the following:
• Has the borrower demonstrated a
renewed willingness and ability to repay
the loan?
• Has the account existed for at least nine
months?
• Has the borrower made at least three
consecutive minimum monthly payments
or the equivalent cumulative amount?
• Does the bank prohibit the advancement
of funds to make the minimum payment
requirements?
• Does the bank limit the number of
re-agings to no more than once within
any 12-month period?
• Does the bank limit the frequency of
re-agings to no more than twice within
any five-year period?
• For over-limit accounts that the bank re-
ages, does the bank prohibit new credit
from being extended until the balance
falls below the pre-delinquency credit
limit?
3. Consider the following questions regarding
the bank’s workout loan programs:

Version 2.0

• Does the bank require the receipt of at
least three consecutive minimum
monthly payments or the equivalent
cumulative amount, as agreed under the
workout or debt management program,
before re-aging an account that enters a
workout program (internal or third-party)?
• Are re-agings for workout programs
limited to once in a five-year period?
• At a minimum, do MIS track the principal
reductions and charge-off history of
loans in workout programs by type of
program?

Version 2.0
Appendix D: Account Management and Loss Allowance

Guidance Checklist
Applicability: This checklist should be completed for all banks supervised by the OCC that
offer credit card programs. The checklist should be used in conjunction with the related
examination procedures.
Note: Negative responses may indicate the need for further review to determine whether the
bank engages in sound risk management.
Account Management and Loss Allowance Guidance Checklist

Account Management
Credit line management
Note: Support for credit line management should include documentation and analysis of decision factors such
as repayment history, risk scores, behavior scores, or other relevant criteria.
1. Does bank management test, analyze, and
document line-assignment and lin e-increase
criteria before broad implementation?
2. Does the bank offer customers multiple
credit lines, such as bank card plus store-
specific private-label cards and affinity
relationship cards? If so, do the bank’s MIS
aggregate related exposures and does
management analyze performance before
offering additional credit lines?
Over-limit practices
1. Are policies and controls in place regarding
over-limit authorizations?
2. Does bank management take appropriate
actions to facilitate the timely repayment of
the over-limit amounts (e.g., reduce or
eliminate fees, raise the minimum payment,
initiate workout programs)?
3. Do MIS enable management to identify,
measure, monitor, and control the unique
risks associated with over-limit accounts?
MIS should include the following:
• Over-limit volume, segmented by
severity.
• Credit performance.
• Duration of over-limit.
Minimum payment and negative amortization
1. Do minimum payment requirements ensure
that the principal balance will be amortized
over a reasonable period of time, consistent
with the risk profile of the borrower?

Version 2.0

2. Do minimum payment requirements cover
finance charges and recurring fees
assessed during the billing cycle?
Note: Liberal repayment programs can

result in negative amortization (where
outstanding balances continue to build).
Prolonged negative amortization,
inappropriate fees, and other practices can
inordinately compound or protract consumer
debt, mask portfolio performance and
quality, and raise safety and soundness
concerns. These practices should be
criticized.
Workout and Forbearance Practices

Note: An open-end credit card account is a workout when its credit is no longer available and its balance
owed is placed on a fixed (dollar or percentage) repayment schedule in accordance with modified,
concessionary terms and conditions. Temporary hardship programs are not considered workout programs
unless the program exceeds 12 months, including renewals.
Repayment period
1. Do all workout programs provide for
repayment terms that have borrowers repay
their existing debt within 60 months?
2. What exceptions are allowed to the 60-
month time frame? Are such exceptions
clearly documented and supported by
compelling evidence that less conservative
terms and conditions are warranted?
Settlements
1. For credit card accounts subject to
settlement arrangements, are controls in
place for setting the amount (dollar or
percentage) to be forgiven and the
requirement for the borrower to pay the
remaining balance in either a lump -sum
payment or in a period not to exceed three
months?
2. Is the amount of debt forgiven in a
settlement arrangement classified as loss
and charged off immediately? If this is not
done, does the bank treat such amounts
forgiven in settlement arrangements as
specific allowances?
Note: The creation of a specific allowance is

reported as a charge-off in Schedule RI-B of
the call report.
3. Upon receipt of the final settlement payment,
are any deficiency balances charged off
within 30 days?

Version 2.0

Income Recognition and Loss Allowance Practices
Accrued interest and fees
1. When determining appropriate loss
allowances, does the bank evaluate the
collectability of accrued interest and fees on
credit card accounts?
2. If the bank does not place credit card
accounts on nonaccrual, does it alternatively
provide loss allowances for uncollectable
fees and finance charges?
3. For banks that securitize credit card
receivables, does management ensure that
the owned portion of accrued interest and
fees, including related estimated losses, are
accounted for separately from the retained
interest in accrued interest and fees from
securitized accounts?
Loan-loss allowances
1. Does bank management consider the loss
inherent in both delinquent and
nondelinquent loans?
Allowances for over-limit accounts
1. Does the bank’s allowance method address
the additional risk associated with chronic
over-limit accounts?
Note: To be able to identify these

incremental losses, it is necessary for the
bank to be able to track the payment
requirements and performance on over-limit
accounts.
Allowances for workout programs

1. Are accounts in workout programs
segregated for performance measurement,
impairment analysis, and monitoring
purposes? (Multiple workout programs
having different performance characteristics
should be tracked separately.)
2. Is the allowance allocation on workout
programs at least equal to the estimated
loss in each program based on historical
experience as adjusted for current
conditions and trends?
Note: Adjustments should take into account

changes in economic conditions, volume
and mix, terms and conditions of each
program, and collections.

Version 2.0

Recovery practices
Does the bank ensure that the total amount
credited to the ALLL or ACL as recoveries
on a loan is limited to the amount previously
charged off against the ALLL or ACL on that
loan?
Policy exceptions
1. Does the bank allow any exceptions to the
FFIEC “Uniform Retail Credit Classification
and Account Management Policy”?
a. If so, what types of exceptions are
allowed?
2. For exceptions granted, do the bank’s
policies and procedures identify the types of
exceptions allowed and the circumstances
for permitting them?
3. Is the performance of accounts granted
exceptions to this policy tracked and
monitored?

Version 2.0
Appendix E: Debt Suspension Agreement and Debt

Cancellation Contract Forms and Disclosure Worksheet
This worksheet shows the required content of the disclosures that must be included in each
DSA or DCC contract according to 12 CFR 37.6(a). This regulation applies to national banks
only. FSAs are authorized to provide DCCs; however, 12 CFR 37 does not apply to the DCC
activities of FSAs.
Note: NA means not applicable.
Debt Suspension Agreement and Debt Cancellation Contract Forms and Disclosure Worksheet
Compliance:
yes/no/NA Comments
Appendix A to 12 CFR 37: short-form disclosures
Product is optional
Your purchase of [PRODUCT NAME] is optional.

Whether or not you purchase [PRODUCT NAME] will
not affect your application for credit or the terms of
any existing credit agreement you have with the bank.
Lump-sum payment of fee
Note: Applicable if a bank offers the option to pay the
fee in a single payment.
You may choose to pay the fee in a single lump sum

or in [monthly/quarterly] payments. Adding the lump
sum of the fee to the amount you borrow will increase
the cost of [PRODUCT NAME].
Lump-sum payment of fee with no refund
fee in a single payment for a no -refund debt
cancellation contract.
You may choose [PRODUCT NAME] with or without a

refund provision. Prices of refund and no-refund
products are likely to differ.
Refund of fee paid in lump sum
Note: Applicable when the customer pays the fee in a
single payment and the fee is added to the amount
borrowed.
Choose one of the following:

(1) You may cancel [PRODUCT NAME] at any time
and receive a refund ; or
(2) You may cancel [PRODUCT NAME] within _____
days and receive a full refund ; or
(3) If you cancel [PRODUCT NAME] you will not
receive a refund.

Version 2.0
Compliance:
yes/no/NA Comments
Additional disclosures
We will give you additional information before you are

required to pay for [PRODUCT NAME].
If applicable: This information will include a copy of the
contract containing the terms of [PRODUCT NAME].
Eligibility requirements, conditions, and
exclusions
There are eligibility requirements, conditions, and

exclusions that could prevent you from receiving
benefits under [PRODUCT NAME].
Either 1) You should carefully read our additional
information for a full explanation of the terms of
[PRODUCT NAME]; or
2) You should carefully read the contract for a full
explanation of the terms of [PRODUCT NAME].
Appendix B to 12 CFR 37: long-form disclosures
Product is optional
Your purchase of [PRODUCT NAME] is optional.

Whether or not you purchase [PRODUCT NAME] will
not affect your application for credit or the terms of
any existing credit agreement you have with the bank.
Explanation of debt suspension agreement
Note: Applicable if the contract has a debt suspension
feature.
If [PRODUCT NAME] is activated, your duty to pay the

loan principal and interest to the bank is only
suspended. You must fully repay the loan after the
period of suspension has expired.
If applicable: This includes interest accumulated
during the period of suspension.
Amount of fee
For open-end credit, either (1) The monthly fee for

[PRODUCT NAME] is based on your account balance
each month multiplied by the unit-cost, which is
______; or
(2) The formula used to compute the fee is _______.
Lump-sum payment of fee
fee in a single payment.
You may choose to pay the fee in a single lump sum

or in [monthly/quarterly] payments. Adding the lump
sum of the fee to the amount you borrow will increase
the cost of [PRODUCT NAME].

Version 2.0
Compliance:
yes/no/NA Comments
Lump-sum payment of fee with no refund
fee in a single payment for a no -refund DCC.
You have the option to purchase [PRODUCT NAME]

that includes a refund of the unearned portion of the
fee if you terminate the contract or prepay the loan in
full before the scheduled termination date. Prices of
refund and no-refund products may differ.
Refund of fee paid in lump sum
Note: Applicable when the customer pays the fee in a
single payment and the fee is added to the amount
borrowed.
Choose one of the following: 1) You may cancel

[PRODUCT NAME] at any time and receive a refund ;
or
2) You may cancel [PRODUCT NAME] within ____
days and receive a full refund ; or
3) If you cancel [PRODUCT NAME] you will not
receive a refund.
Use of card or credit line restricted
Note: Applicable if the contract restricts use of card or
credit line when customer activates protection.
If [PRODUCT NAME] is activated, you will be unable

to incur additional charges on the credit card or use
the credit line.
Termination of product
Either 1) You have no right to cancel [PRODUCT

NAME]; or
2) You have the right to cancel [PRODUCT NAME] in
the following circumstances: __________.
and
Either 1) The bank has no right to cancel [PRODUCT
NAME]; or
2) The bank has the right to cancel [PRODUCT
NAME] in the following circumstances: ___________.

Version 2.0
Compliance:
yes/no/NA Comments
Eligibility requirements, conditions, and
exclusions
There are eligibility requirements, conditions, and

exclusions that could prevent you from receiving
benefits under [PRODUCT NAME].
Either 1) The following is a summary of the eligibility
requirements, conditions, and exclusions. [The bank
provides a summary of any eligibility requirements,
conditions, and exclusions.]; or
2) You may find a complete explanation of the
eligibility requirements, conditions, and exclusions in
paragraphs ______ of the [PRODUCT NAME]
agreement.
12 CFR 37.6(d): Form of disclosures

Disclosures must be readily understandable
Disclosure must be conspicuous, simple, direct,
readily understandable, and designed to call attention
to the nature and significance of the information
provided.
Disclosures must be meaningful
Disclosures must be presented in a manner that
engages the customer’s attention. Examples of
methods that could call attention to the nature and
significance of the information provided include
• a plain-language heading;
• a typeface and type size that are easy to read;
• wide margins and ample line spacing;
• boldface or italics for key words; and
• distinctive type style, and graphic devices, such
as shading or sidebars, when the disclosures are
combined with other information.

Version 2.0
Appendix F: Debt Suspension and Debt Cancellation

Product Information Worksheet
Please answer the following questions for debt suspension and debt cancellation programs
overall, and complete the attached worksheet for each debt suspension or debt cancellation
product offered. Indicate whether responses are based on discussions with bank management
or on an examination that included process review and verification.
For all debt suspension and debt cancellation products:
1. Does the account need to be current to activate benefits? If not, are there delinquency
limits with respect to benefit activation?
2. If accounts are delinquent when benefits are approved, does the bank re-age the account
to current, freeze it at the payment or delinquency status at the time the benefit event
occurred, or freeze it at the delinquency status at the time of claim approval?
3. At what delinquency status does the bank terminate coverage (e.g., at 90 days past due)?
4. Does the bank stop premium assessments on accounts that are over-limit? If not, under
what conditions does the bank “force” premium assessments on over-limit revolving
accounts (i.e., book the premium even though it would be denied through the
authorization process)?
5. Does the bank satisfactorily track and analyze the subsequent performance of the
following populations for at least 12 months:
• Accounts denied claims?

• Accounts that failed to complete claims?
• Accounts following benefit expiration?
6. If the default experience of the bank’s credit card accounts is significantly worse than that
of the population as a whole, is this information incorporated into the allowance analysis?
7. How does the bank compute the interest and fees associated with accounts in claims
status? Specifically, since interest and fees for credit card accounts are generally
suspended, how does the bank determine the associated interest and fees that would have
been due on a month-to-month basis?
8. What is the bank’s process for reserving for benefit claims? Is it sufficient to cover 1) the
total of existing approved claims, 2) claims in process and reasonably expected to be
approved, and 3) an estimate of claims not yet submitted by accounts in which an event
has occurred?
9. If participating accounts are securitized and the bank is responsible for making payments
to the trust, are the trust reimbursements accurate and made monthly?

Version 2.0
10. Are the bank’s reports sufficient to generate the information needed to establish and
maintain an adequate reserve?
11. Are the bank’s MIS sufficient to monitor and manage the various debt suspension or
cancellation products?
12. Is the bank’s pricing based on a valid cost analysis (considering all associated costs)?
13. Does the bank periodically evaluate cost/benefit from the consumer’s perspective? Is that
analysis reasonable and reflected in the pricing?
14. Is flat-rate pricing, if any, appropriate for low-dollar loan amounts? Please explain.
15. How many written consumer complaints has the bank received regarding these products
in the year to date and in the previous full year?
16. Is the bank planning to offer additional debt suspension or cancellation products or make
significant changes to products (e.g., coverage, pricing) or marketing (e.g., channel,
emphasis)? If so, please describe.
17. Determine whether the bank has liabilities recorded for these products, how they are
determined, and whether the amounts appear reasonable.

Version 2.0
Debt Suspension and Debt Cancellation Product Information Worksheet

Product name:
Offered since:
Retail credit product(s) covered:
Provider (bank, affiliate, third-party):
Administrator (bank, affiliate, third-party):
Responsible bank officer:
Note: Attach a copy of the product terms and conditions.
Leave of
Benefits Unemployment Disability absence Death
Coverage: Specify maximum number of months, “not
available” if not included, or yes/no for death
Cost (e.g., statement balance x 0.0069)
Individual
Joint
Benefit
Interest and fees
Principal
Limits, if any (e.g., limited to number of months
premiums were paid prior to event)
Offered to self-employed customers?
Penetration
Number of accounts paying premiums
Percent of portfolio
Claims ratea (number of claims submitted divided by
number of accounts paying premiums), year-to-date
and prior year
Approval rate (number of claims approved divided by
number of claims initiated), year-to-date and prior year
Denial rate (number of claims denied divided by
Fallout rate (number of incomplete claims divided by
Bank income generated from premiums:
Year-to-date amount (percent)
of total business line revenue
of total business line pretax net income
Prior year (percent)
of total business line revenue
of total business line pre-tax net income
Cancellation policy, including refund policy
Cancellation rate (number of cancellations divided by
number of accounts paying premiums pre-
cancellation), year-to-date and prior year
a
Approval, denial, and fallout rates should balance to claims rate.

Version 2.0
Appendix G: Loss Forecasting Tools

Reliable forecasts of expected credit card charge-offs are critical for risk management,
profitability, reserving, and capitalization. This supplement describes the three most common
forecasting methods: roll-rate, historical, and vintage analyses. Some banks use combinations
of all three methods for different credit card portfolios or forecasting purposes.
Roll Rate
Roll and flow models are the most accurate short-term forecasting method. The name is
derived from the practice of measuring the percentage of delinquent credit card accounts that
migrate, or “roll,” from early- to late-stage delinquency buckets, or “flow” to charge-off. The
most common method is the delinquency roll-rate model, in which dollars outstanding are
stratified by delinquency status: current, 30-59 days past due, 60-89 days past due, and so on
through charge-off. The rates at which these accounts roll through delinquency levels are
then used to project losses for the current portfolio. Figure 1 describes how roll-rate analysis
is used to track the migration of balances over a four-month period (120-day charge-off
period).
Step 1: Calculate roll rates
In the example shown in table 3, the computation begins with the $725 million in accounts
that were current in June 2020. From June 2020 to July 2020, $27 million in accounts
migrated from current to 30 days delinquent, which equates to a roll rate of 3.73 percent
($27 ÷ $725). From July 2020 to August 2020, $10.6 million rolled to the next delinquency
bucket, representing a 39.26 percent roll rate ($10.6 ÷ $27). Continuing along the diagonal
(shaded boxes), loss rates increase in the latter stages of delinquency. To smooth out some
fluctuations in the data, bank management often averages roll rates by quarter before making
current portfolio forecasts and compares quarterly roll-rate results between quarters to
analyze and adjust for seasonal effects.
Figure 1: Roll-Rate Schematic
A B C D E
Current
30 days 60 days 90 days 120 days Charge-off
• A - % of current • B - % of 30-day • C - % of 60-day • D - % of 90-day • E - % of 120-day

balances that delinquencies delinquencies delinquencies delinquencies
"roll" to 30 days that "roll" to 60 that “roll” to 90 that “roll” to 120 that “roll” to
past due at days past due days past due at days past due at charge-off at
month end at month end month end month end month end
Note: This example is a simplified depiction of dollar flow to illustrate the basic concept of roll rates. In reality, some balances
cure (return to current), remain in the same delinquency bucket, or improve to a less severe delinquency status by the end of a
period. For ease of calculation, roll-rate analysis assumes that all dollars at the end of a period flow from the prior-period
bucket.

Version 2.0
Step 2: Calculate loss factors by bucket.
To calculate the loss factor from the “current” bucket, multiply all average roll rates from the
most recent quarterly average. In this example, the fourth-quarter average roll rates produce
this factor: 3.42% x 42.58% x 67.12% x 72.12%, resulting in a 0.70 percent loss rate for
accounts in the current bucket. To determine the loss rate for the 30-day accounts, multiply
the most recent quarterly averages for the 60-, 90-, and 120-day buckets, resulting in a loss
factor of 20.61 percent. Applying the same method results in a loss factor of 48.41 percent
for the 60-day bucket and 72.12 percent for the 90-day bucket.
Table 3: Loss-Factor Calculation (Dollar Amounts in Millions)
Current 30 Roll 60 Roll 90 Roll 120

Month balance days rate days rate days rate days Roll rate
June $724.7 $26.1 $9.9 $6.7 $3.6
July $762.0 $27.0 3.73% $10.9 41.77% $7.1 71.27% $4.7 70.36%
August $788.6 $25.5 3.34% $10.6 39.26% $7.0 64.29% $4.7 67.56%
September $827.7 $29.4 3.73% $12.1 47.82% $7.9 74.88% $5.5 78.74%
3Q average 3.60% 42.95% 70.15% 72.22%
October $844.6 $31.1 3.76% $12.8 43.53% $8.5 70.53% $5.9 75.58%
November $896.3 $26.7 3.16% $12.4 40.03% $8.2 64.52% $5.9 69.49%
December $987.3 $30.0 3.35% $11.8 44.18% $8.2 66.31% $5.8 71.29%
4Q average 3.42% 42.58% 67.12% 72.12%

Loss factors 0.70% 20.61% 48.41% 72.12%

Version 2.0
Step 3: Apply loss factors to the current portfolio.
Step 3 is to forecast losses for the existing portfolio by applying the loss factors for each
bucket (developed in step 2) to the current portfolio. In this example, the portfolio’s expected
loss rate over the next four months is 2.93 percent.
Table 4: Loss-Factor Application (Dollar Amounts in Millions)
December 31 Outstandings Loss factor Loss forecast

Current $ 987.4 0.70% $ 6.9
30 days $ 30.2 20.61% $ 6.2
60 days $ 11.8 48.41% $ 5.7
90 days $ 8.2 72.12% $ 5.9
120 days $ 5.9 100.00% $ 5.9
Total $ 1,043.5 2.93% $ 30.6
The major advantage of roll-rate analysis is its relative simplicity and considerable accuracy
up to nine months. This method often segments portfolios by product, customer type, and
other relevant groupings to increase precision and accuracy. Roll-rate reports are used
extensively by collection managers to anticipate workload and staffing needs and to assess
and adjust collection strategies.
The main limitation of roll-rate analysis is that the predictive power of delinquency roll rates
declines after nine months. The focus on delinquency causes forecasts to lag behind
underlying changes in portfolio quality, especially in the relatively large current bucket.
Changes in portfolio quality occur because of factors such as underwriting and cutoff score
adjustments, product mix changes, and shifts in economic conditions. Roll-rate analysis may
underestimate loss exposure when these factors weaken portfolio quality. Finally, roll-rate
analysis assumes that accounts migrate through an orderly succession of delinquency stages
before charge-off. In fact, customers often migrate to charge-off status after sporadic
payments or rush to that status by declaring bankruptcy.
Historical
Historical averaging is a rudimentary method for forecasting loss rates. Bank management
tracks historical charge-offs, adjusts for recent loss trends, and adds some qualitative
recognition of current economic conditions or changes in portfolio mix. This method is
highly subjective and is used primarily by less sophisticated banks or for stable,
conservatively underwritten products.
The historical method is sometimes used for allowance purposes and for monitoring general
product or portfolio trends. The advantages of this method are its simplicity and modest data
needs. Results can be reasonably accurate as long as underwriting standards remain relatively
constant and economic and competitive conditions do not change markedly. The major
limitation of the method is that forecasts will lag behind underlying changes in portfolio
quality if competitive or economic conditions change. The method also introduces potential

Version 2.0
bias by allowing forecasters to rely on long-run averages when conditions deteriorate and
short-run trends at the earliest signs of recovery, resulting in lower loss estimates. In
addition, the method does not provide meaningful information on the effects of changes in
product or customer mix, and it is difficult to apply any but the most basic stress tests.
Vintage
Vintage-based forecasting tracks delinquency and loss curves by time period, grouping
accounts as different vintages according to time on book or by the marketing campaign
during which they were initiated. The curves are predictive for future vintages as long as
adjustments are made for changes in underwriting criteria, cutoffs, and economic conditions.
The advantage of vintage-based forecasting is that it is usually more accurate than roll-rate
forecasting for charge-offs beyond a one-year horizon. Bank management should adjust the
loss expectations when new vintages are observed to deviate markedly from past curves, or if
economic and market conditions change. The disadvantages of vintage-based forecasting are
that it is more subjective and less accurate than the roll-rate method for short-term
forecasting and that it relies on the assumption that new vintages will perform similarly to
older vintages.
Probability of Default, Loss Given Default, and Exposure at Default
This expected loss framework breaks down the loss-forecasting calculation into three
components: probability of default (PD), loss given default (LGD), and exposure at default
(EAD). PD measures the likelihood an account will default over a specified forecasting
horizon. LGD is the amount of expected loss, net of any recoveries, expressed as a
percentage of outstanding balance, conditional on an account having defaulted. EAD is the
balance outstanding at the date of default. Expected loss is calculated by multiplying the
three components (i.e., PD, LGD, and EAD) together.
The advantage of the expected loss framework is that it is very flexible, allowing for different
risk drivers, including macroeconomic conditions, to be considered for each component of
the loss calculation. This approach has been more widely adopted, especially by larger
institutions. The disadvantage of this approach is that it has high data requirements, namely
granular, account-level data. Expected loss could be also modeled in terms of granular or
segment level charge offs that could also be suitable depending on the valid ity of the
assumptions.

Version 2.0
Appendix H: Credit Scoring and Development

of Scoring Models
There are several statistical methods used to construct credit scoring models (e.g., multiple
linear regression, logit and probit, discriminant analysis, general linear models). Each method
has advantages; in practice, however, all of these methods generally produce a similar
prediction of the relative credit quality of account holders by capturing the underlying
correlation between risk characteristics and delinquency behavior. These models use those
factors correlating most strongly with good or bad performance. A sound practice for scoring
models used for underwriting includes data from rejected applications to correct for
estimation bias that arises if only approved accounts are used. If rejected applicants are
systematically excluded from a model’s development, sample correlation between the
applicants’ characteristics and delinquency will reflect only the behavior of the relatively
good segment of the population. When the model is applied to the general population, it will
overestimate the relative quality of the accounts with characteristics similar to those that
were rejected, increasing the likelihood that lower-quality applicants will be approved.
Scoring models are only as good as the data used to develop the models. These models
predict the behavior of new applicants based on the performance of previous applicants. If
the distribution of characteristics in the through-the-door population shifts (due, for example,
to a change in marketing strategy that successfully attracts applicants outside the bank’s
current market), the model’s ability to discriminate between “good’ and “bad” accounts may
deteriorate. Other elements affecting a model’s ability to rank-order risk arise from using
different sources to select sample applicants, using data from new market areas, and
changing credit policy. Economic or regulatory changes also can affect the reliability of a
model. For those reasons, regular validation that the current population of applicants is
similar to the population that was used to develop the model is prudent.
Models are rescored before system implementation to validate their ability to rank-order risk
as designed. The validation process ensures that the credit profiles of current applicants or
those selected for prescreening are similar to those used in the sample. The process also
measures the divergence in performance between two populations (e.g., through-the-door
applications compared with the development sample used to build the model) and sets credit
scoring norms to account for slight shifts in the population credit score. The Chi-Squared
goodness-of-fit measure test, the Kolmogorov-Smirnov measure of divergence test, and the
Population Stability Index are the most common statistical validation tests used by banks to
assess the accuracy, reliability and discriminatory power, and stability of a model,
respectively. Validation tests are common and used to ensure that model results are accurate
and effective in maintaining sound risk management practices.
Scoring models generally become less predictive over time because they are typically
developed without explicitly capturing the time-sensitive impact of changing economic and
market conditions. Applicant characteristics, such as income, job stability, and age, change,
as do overall demographics. These changes result in significant shifts in the profile of the
through-the-door applicants. Once a fundamental change in the profile occurs, the model may
be less able to identify potentially good and bad applicants. As these changes continue, the

Version 2.0
model may lose its ability to rank-order risk. Thus, credit scoring models should be
redeveloped as necessary.108
After a scoring model is implemented, its developer provides bank management with a
manual that details system maintenance requirements and recommended methods for
supervising the model. To effectively manage a scoring model, it is prudent for bank
management to closely adhere to the manual’s specifications, particularly those
specifications that provide guidance for periodically assessing the performance of the model.
This often includes comparing actual results with model objectives.
For systems developed by third parties, examiners should review the third party’s guidelines
in conjunction with bank management’s system for periodically assessing the model and the
frequency of such assessments. One quick way to evaluate the general performance of a
model is to determine whether a direct correlation exists between credit scores and
delinquency rates (that is, delinquency rates increase as risk increases). Another way is to
review the management reports described in this appendix.
Types of Scoring Models

Application Scoring
Models that rely on data from credit applications augmented by credit bureau data are the
most commonly used types of models in credit scoring. Key items of application information
(and credit bureau information, when available) are assigned point values. Typical
application data include continued employment over a period of time, length of credit
history, and rent or mortgage payments over a period of time. The characteristics that are
assigned point values to predict the ability to repay a credit card loan are income, occupation,
and outstanding credit balances. Banking references, credit references, reported
delinquencies, recent credit bureau inquiries, and recently opened accounts are assigned point
values that reflect a consumer’s use of credit. The total of these point values (final score)
reflects the relative likelihood that the consumer will repay as contracted.
Credit Bureau Risk Scoring
An application is sent to one of the credit bureaus for scoring based on the contents of the
application and the payment history in the applicant’s credit bureau report. The model
statistically ranks current elements of a credit report to predict the customer’s future payment
behavior.
Banks purchase credit bureau scores for use in applicant screening, account acquisition, and
account management strategies:
Refer to section V of the “Supervisory Guidance on Model Risk Management” conveyed by OCC Bulletin
108
2011-12 for more information on model redevelopment.

Version 2.0
• Applicant screening: For approving or declining the credit card, establishing initial
credit limits, and setting up a tiered pricing of credit cards accounts.
• Account acquisition: Used in solicitation programs, cross-selling opportunities of other
products, and for acquiring portfolios from other institutions.
• Account management: For determining increases and decreases of credit limits and
establishing authorizations, reissue, and collection parameters.
Credit bureau scores are designed to predict relative credit quality of a borrower based on a
common set of credit bureau characteristics. A good account is one with no delinquencies or
an isolated delinquency. A bad account exhibits seriously delinquent behavior or worse (i.e.,
bankruptcy, charge-off, or repossession).
More than 100 predictive variables are evaluated during the development or redevelopment
cycle. Such variables include previous credit performance, current level of indebtedness,
amount of time credit has been in use, pursuit of new credit, and types of credit available .
Bank management should revalidate bureau scorecards as warranted. An integral part of the
re-validation process involves assessing the variables and comparing the model’s actual
performance to its expected performance.
Scorecard vendors have risk scorecards in place at the major credit bureaus. The vendor uses
the same process at each bureau to update and validate the scorecards. Generally, vendors
evaluate the individual’s performance at the time of revalidation and 24 months before
revalidation. The earlier of these reports is used to generate the predictive information, and
the later one is used to determine the performance of that account in the two years since the
observation of the predictive information.
Credit Bureau Bankruptcy Scoring
Bankruptcy scorecards are used primarily to predict the likelihood that a customer will
declare bankruptcy or become a collection problem. Credit bureaus derive bankruptcy
scorecards from information in a consumer’s credit file containing credit histories from all
reporting sources. Several bankruptcy scorecards are usually available at each credit bureau.
Credit Bureau Revenue Scoring
Revenue scores are designed to rank-order prospects by the amount of net revenue likely to
be generated on a new bank card account in the first 12 months. Revenue scores are available
through the credit bureaus. The scoring models are built using master file information on the
amount of revenue generated on a bank card account in the previous 12-month performance
period. The models consider factors such as high-balance-to-limit ratios, significant
revolving balances, and multiple bank cards in use.
Behavioral or Performance Scoring
Behavioral scoring is a technique used to segment a portfolio of existing accounts based on

the past behavior of the borrowers. Banks use behavioral scores for collection strategies,

Version 2.0
authorization requirements, credit line assignments, and renewal decisions. This scorecard
predicts which accounts will become delinquent within the next six to 12 months. Behavioral
scoring relies principally on credit line usage patterns (revolving credit) and payment
patterns. Behavioral scoring models consider elements such as payment history, the number
of times the payment has been greater than the minimum required, delinquency history, and
use of the cash advance option. Credit bureau input may also be used.
Emerging neural net technology has enhanced the effectiveness of behavioral modeling.
Neural nets are computer programs that can sort through huge amounts of data and spot
patterns in a way that mimics human logic. This knowledge is then factored into subsequent
decisions.
Collection Scoring
Scoring models that focus on collection activities include the following:
• Collection scoring: These models show the likelihood that collection efforts will
succeed. They help a bank allocate collection resources efficiently.
• Payment projection scoring: These models identify the likelihood that a bank will
receive a payment on a delinquent account within six months. The collection department
can use this information to determine on which accounts it needs to focus.
• Recovery scoring: These models identify the likelihood of recoveries after charge-off.
The collection department can use these models to minimize charge-off losses.
Adaptive Control
Banks can use behavioral scoring to examine alternative credit strategies. These strategies
employ a technique called “adaptive control.” Adaptive control models include software that
allows bank management to develop and analyze various strategies that take into account the
customer population and the economic environment. Adaptive control models are credit
portfolio management models designed to reduce credit losses and increase promotional
opportunities. New strategies (called challenger strategies) can be tested on a portion of the
accounts while retaining the existing strategy (called the champion strategy). When a
challenger strategy proves more effective than the existing champion, the bank replaces the
champion strategy with the challenger. Continual testing of alternative strategies can help the
bank achieve better profits and control losses in five areas:
• Credit line management: Current and delinquent accounts are reviewed for credit line
and cash line increases and decreases at billing, based on several timing options.
• Delinquent collections: All accounts are checked for delinquency at billing time.
Delinquent accounts are evaluated and actions are assigned to be taken throughout the
next month. For example, computer-generated notices can be sent to account holders at
varying intervals for 30 days; if the account remains delinquent, collectors can make
phone calls every five days. Delinquent accounts are then reexamined for a change in
account status. If there is no change, assigned actions proceed. If an account is no longer

Version 2.0
delinquent, actions are stopped. Accounts also can be reevaluated and assigned different
actions (called dynamic reclassification).
• Over-limit collections: Accounts are examined for over-limit action at billing and
posting. At billing, the bank may send a notice to an over-limit account holder.
Additional action may be taken based on the over-limit strategy.
• Authorizations: Accounts are examined at billing and assigned an authorization strategy
to be used by the authorization system throughout the month. The authorization system
requests a decision on accounts in early delinquency or over-limit status.
• Reissue: Accounts are reviewed for reissuance at a certain time. This can be done several
times a year and the bank may take an action such as mailing a letter regarding the status
of a credit card or sending a new credit card.
Strategies for Selecting and Changing Cutoff Score

Three strategies may be used separately or together to select the cutoff score. The first
strategy targets an approval or acquisition rate. The cutoff is set to result in a specified
number of new accounts. Used separately, this may be the least desirable approach because it
does not capture any projected performance of the accounts. The second strategy targets a
credit loss rate. A cutoff score is selected that sets an acceptable level of losses. The third
strategy targets the product’s profitability. A cutoff score can optimize expected profitability
in terms of total profit center earnings, return on risk assets, or return on total assets.
The following are some of the most common reasons for changing a credit cutoff score:
• To approve previously declined accounts that are now believed to be potentially

profitable.
• To decline previously approved accounts that are now observed to be unprofitable.
• To reduce losses or improve collections.
• To respond to increased or reduced competition in the marketplace.
• To comply with external requests (e.g., regulators or consumer groups) to ease or restrict
credit availability.
• To compensate for aging or eroding scoring models.
Management Reports
Population stability report: This report measures changes in applicant score distribution
over time. The report compares the current application population with the population on
which the scoring model was developed. This comparison is made using a formula called the
population stability index. The index measures the separation of the two distributions of
scores. (The scoring manual provided by the model developer has instructions on how to
interpret the variances.) For example, in a commonly used scorecard, a value under 0.100
indicates that the current population is similar to the original and no action is necessary. A
value between 0.100 and 0.250 suggests that bank management should research the cause of
the variance. A value over 0.250 suggests that substantial change has occurred in the
population or the underwriting policies.

Version 2.0
Characteristic analysis report: This report measures changes in applicants’ scores on

individual characteristics over time. It is needed when the applicant population stability has
changed and the bank wants to determine which characteristics are being affected. The report
compares individual characteristics of the current applicants with those of the original
population used in developing the scoring model. For example, checking and savings account
references may be a better predictor of future behavior when the applicant has more history
with the bank. This report can be used to identify the primary reasons for any shift in the
applicant population from the development sample. Bank management should generate a
report for each characteristic and review them individually and as a total. Reviewing trends
in individual characteristics (e.g., home ownership) can help management determine the
reason behind the shift in the applicant population.
Final score report: This report measures the approval rate and adherence to the scorecard . It
shows the number of applicants at each score level and the number of applications accepted
and rejected. The report also can be used to analyze the effect of factors outside the
scorecard.
Delinquency distributions report: This report monitors portfolio quality by score ranges.
Two types of reports may be used. One measures how well a scorecard is working, and the
other measures current portfolio quality and changes in portfolio quality. The report
compares accounts of different ages at equal stages in their account lives and reveals changes
in the portfolio’s behavior. Bank management should identify the causes for those changes.
A vintage analysis table, which identifies accounts by year of origin, is used to compare a
series of delinquency distributions reports and can be used to identify portfolio trends.
Portfolio chronology log: This log is an ongoing record of significant internal or external
changes or events that could affect the performance of the accounts. The log helps to explain
causes of behavior in various tracking reports. Some examples of events that should be
recorded are new marketing programs, application form changes, new override policies, new
collection strategies, changes in the debt-to-income ratio, or changes in income requirements.
Lender’s override report: This type of report identifies the volume of high-side and low-
side overrides by month and year to date, provides a comparison over time and against the
bank’s benchmark, and may include reasons for the overrides. Override analyses typically
also track the performance of low-side overrides.
Income Estimators
The use of income estimator (IE) models, as with any type of model, invariably presents
model risk, which is the potential for adverse consequences from decisions based on
incorrect or misused model outputs and reports. Model risk can lead to financial loss, poor
business and strategic decision making, or damage to a bank’s reputation. Banks that use IE
models should have effective model risk management programs For more information, refer
to OCC Bulletin 2011-12.

Version 2.0
Banks continue to seek guidance from the OCC about acceptable uses for IE models when
considering whether consumers are eligible for line increases on credit card accounts. The
CARD Act requires card issuers to assess a consumer’s ability to make the required
minimum periodic payments under the terms of an account based on the consumer’s income
or assets and current obligations. The Commentary to the provisions of Regulation Z
implementing the CARD Act further states: “A card issuer may consider … information
obtained through any empirically derived, demonstrably and statistically sound model that
reasonably estimates a consumer’s income or assets.” 109
The ability of existing IE models to accurately estimate the income of a specific borrower
may be limited and as a result may pose safety and soundness concerns. In some cases, to
compensate for the inherent inaccuracy of the models, banks have asked if they can apply
conservatism or use a confidence score threshold, e.g., if the IE model estimates a
consumer’s income to be $150,000 then the bank is 90 percent confident the borrower makes
more than $75,000. In this example, the bank would underwrite and grant a credit line
increase commensurate with a lower borrower income. Conservatism may impede proper
model development and application, lead model users to discount model outputs, and
potentially introduce unintended bias to underwriting decisions. Confidence scores may have
limited effectiveness for safety and soundness purposes.
Even with skilled modeling and robust validation, IE model risk cannot be eliminated, so
other tools, including monitoring of model performance, adjusting or revising the models
over time, and establishing limits on model use should be used to manage model risk. Active
management of model risk can minimize potential safety and soundness concerns.
109
Refer to 12 CFR 1026, supp. I., comment 51(a)(1)(i)-5(iv).

Version 2.0
Appendix I: Profit Analysis

Table 5 is an example of a typical card issuer’s income and expense statement. It may be
used to monitor the earnings performance of the credit card operation.
Table 5: Total Portfolio Income and Expense Components (Managed Assets Basis)
First- Percentage Second- Percentage Third- Percentage

period of average period of average period of average
Category income receivables income receivables income receivables
Interest income
Fees
Annual membership fees
Late fees
Over-limit fees
Cash advance fees
Other fees
Total fees
Cost of funds
Net interest margin
Loan losses
Credit
Bankruptcy
Deceased
Recoveries
Net losses (excl. fraud)
Net provision
Total loan losses
Noninterest income
Interchange
Other income
Less rebates
Net noninterest income
Noninterest expense
Account acquisition and credit
processing
Over-limit and collections
Servicing and promotion
Card holder billing
Fraud investigation
Processing interchange
Processing payments
Card issuing
Authorizations
Card administration
Outside services
Processing
Fraud
Misc. expenses
Total noninterest expense
Pre-tax income before
allocations expenses
Corporate allocation
Net pre-tax income

Version 2.0
Table 6 is an example of a tracking shell used to monitor the performance of individual card
programs.
Table 6: Performance of Individual Portfolios (Managed Assets Basis)
Pre-tax net Percent of Average Pre-tax net Percent of Average

income, average receivables, income, average receivables,
first period receivables first period second period receivables second period
Classic
Gold
Affinity 1
Affinity 2
Affinity 3
Affinity 4
Affinity 5
Cobrand 1
Cobrand 2
Cobrand 3
Secured card
Business card
Other
Total
Note: If these typical income statements are used together, the total pre-tax net income for periods 1 and 2 should agree with
the pre-tax net income reported in the gross portfolio income and expense components shell.
Impact of Introductory Teaser Rate on Income
Finance charge income (pricing) is a key determinant of the profitability of a credit card
operation. In recent years, competition for account-holder growth has resulted in numerous
marketing schemes involving introductory or teaser APR, which ultimately affect finance
charge revenues. Lowering APRs can have a significant effect on profitability. For example,
reducing the APR by 10 percent can result in a material decrease in the net margin, if all
other factors remain constant.
The example in table 7 demonstrates the significant impact that pricing strategies can have on
an issuer’s financial statement. In the example, a 10 percent reduction in the APR, or price,
results in a 47 percent compression of the net margin (from 4.3 percent to 2.3 percent). Even
if the price reduction results in a 25 percent decrease in credit losses (from 3 percent to 2.25
percent), the net margin would still be 28 percent less than the original pricing strategy (from
4.3 percent to 3.05 percent). As a result, unless a bank adjusts the price for higher-risk
customers, decreasing the price for low-risk customers or to obtain new customers
dramatically affects net profit margins.

Version 2.0
Table 7: Sample Income Statement
Under Under new 10% and 25% Price

original rate rate Reduction (cost of funds) Reduction reduction
Finance charge 19.8% 17.8% –10% 17.8% –10%
Cost of funds (7.0%) (7.0%) NA (7.0%) NA
Net interest 12.8% 10.8% –16% 10.8% –16%
margin
Fee income 1.0% 1.0% NA 1.0% NA
Charge-offs (3.0%) (3.0%) NA (2.25%) –25%
Noninterest (6.5%) (6.5%) NA (6.5%) NA
expense
Net margin 4.3% 2.3% –47% 3.05% –28%
Note: NA means not applicable.
Types of Users
The ratio of convenience users, or transactors (customers who accrue no finance charges
because they pay in full each billing cycle), to revolvers (those who make less than full
payments) plays a significant role in finance charge revenue. The greater the percentage of
convenience users in the portfolio, the lower the yield. In addition, the bank must fund the
convenience users’ receivables while, in many instances, only benefiting from interchange
revenue. Depending on the product, purchase sales volume per account may never produce
enough interchange revenue to break even on a convenience user account.

Version 2.0
Appendix J: Glossary
Acquirer, acquiring member, or merchant bank: Bank, financial institution, or other
payment card network member that maintains the merchant relationship and receives all
credit card transactions. Sometimes referred to as the acquiring bank.
Adaptive control system: Credit portfolio management system designed to reduce credit
losses and increase promotional opportunities. Adaptive control systems include software
allowing bank management to develop and analyze various strategies that take into account
customer behavior and economic environment. Refer to champion/challenger strategy.
Add-on: Additional service or credit product sold in connection with a credit account.
Examples include travel clubs, disability insurance, credit life insurance, debt suspension
agreements, debt cancellation contracts, and fraud alert programs.
Adverse selection: Disproportionately high response or acceptance rate to a marketing offer

by high-risk customers in the targeted population. This situation generally occurs because the
product or promotional design is flawed.
Affinity program: Credit card program issued by a bank in conjunction with such
organizations as professional or trade groups, college alumni associations, or retiree
associations. The issuing bank generally compensates the sponsoring organization on an
ongoing basis in return for access to its membership.
Agent bank: Bank that, by agreement, participates in another bank’s card program, usually
by turning over its applicants for bank cards to the bank administering the card program and
by acting as a depository for merchants.
Allowance for credit losses (ACL): Valuation account that is deducted from, or added to,
the amortized cost basis of financial assets to present the net amount expected to be collected
over the contractual term of the assets.
Allowance for loan and lease losses (ALLL): Valuation reserve that is an estimate of
uncollectible amounts (inherent losses) and that is used to reduce the book value of loans and
leases to the amount expected to be collected. The allowance is established and maintained
by charges against the bank’s operating income, e.g., the provision expense.
Application scoring: Using a statistical model to objectively score credit applications and
predict performance.
Attrition: All retail loan products undergo attrition, or the closing of accounts by either the
customer or the bank, but the term is most commonly applied to credit card accounts.
Balance transfer: Transfer of an outstanding credit card balance from an account at one
financial institution to an account at another institution. The receiving institution usually

Version 2.0
processes the transfer, but the consumer may make the transaction by using convenience
checks written on the receiving institution.
Bank card association: Visa and Mastercard are examples of bank card associations. Only
banks can be members, and only members can process transactions through an association’s
network. Non-members, however, may be able to process payments by renting membership
rights from bank members. The associations specifically define membership rights,
privileges, and obligations.
Bank cards: General purpose credit cards.
CEBA credit card bank: A special-purpose credit card bank excepted from the Bank
Holding Company Act definition of “bank” by an exception established under the
Competitive Equality Banking Act of 1987, which is codified at 12 USC 1841(c)(2)(F). Such
banks may engage only in consumer credit card lending and may accept deposits only to
secure those accounts or in amounts greater than $100,000. These banks typically have a
nonbank holding company parent and often are affiliated with retailers. Although CEBA
credit card banks often issue private-label cards, they may also issue general purpose credit
cards.
Champion/challenger strategy: Banks often use a “champion/challenger” technique to test

account management initiatives, in which the existing practice is deemed the champion, and
one or more modifications applied to smaller portions of the portfolio are the challengers.
After observing performance over a period, usually several months, a well-performing
challenger may be applied to a larger population or may even replace the champion.
Champion/challenger strategies are used extensively in the collection area for all types of
retail loans and for ongoing account management functions for open-end credit.
Charge-back: Dispute procedure initiated by the card issuer after receiving an initial
presentment from the acquirer. The issuer may determine that, for a given reason, the
transaction was presented in violation of the rules or procedures and is eligible to be returned
to the acquirer for possible remedy.
Chronology log: Chronological record of internal and external events relevant to the credit
function.
Cobranded card program: Bank card program in which banks issue credit cards in
conjunction with another company, usually bearing the logo of the other company. The
program is generally associated with some type of partner rebate or other value-added
incentive to the customer.
Coincident analysis: Analysis based on end-of-period delinquencies and losses in relation to

total as of the same date. Distinguished from vintage, lagged, and other time series measures.
Consumer credit counseling (CCC): Nonprofit agencies that counsel overextended

consumers and are funded by creditor “fair share” contributions (a negotiated percentage of

Version 2.0
the consumer’s payment to the bank). CCC entities work with the consumers and their
creditors to develop budget and debt repayment plans. Banks generally offer concessions to
customers in CCC programs.
Consumer reporting agency: Any entity that, for monetary fees, dues, or on a cooperative
nonprofit basis regularly engages in whole or in part in the practice of assembling or
evaluating consumer credit information or other information on consumers for the purpose of
furnishing consumer reports to third parties, and that uses any means or facility of interstate
commerce for the purpose of preparing or furnishing consumer reports.
Convenience user: Credit card holder who pays the outstanding balance in full by each
payment due date. Also referred to as a transactor.
Corporate card program: Credit card program offered to companies, small businesses, and
government entities to facilitate company travel (travel and entertainment cards) or
procurement. Ultimate liability varies by contract, but companies often provide some type of
guarantee in the event of cardholder abuse or nonpayment.
Credit bureau: Clearinghouse for information on the credit rating of individuals or

businesses. The three largest credit bureaus in the United States are Equifax, Experian, and
TransUnion.
Credit report: Report from a consumer reporting agency providing a customer’s credit
history. Credit reports are convenient and inexpensive, with larger users paying lower rates.
A merged credit report obtains files from the three major credit bureaus.
Credit scoring: Statistical method for predicting creditworthiness of applicants and existing
customers.
Cross-selling: Using one product or service as a base for selling additional products and
services.
Debt burden ratio: Common measure of a consumer’s ability to repay a debt. Also called
debt-to-income or debt service ratio, it measures monthly debt obligations against monthly
income.
Debt cancellation contract: Loan term or contractual arrangement modifying loan terms
under which a bank agrees to cancel all or part of a customer’s obligation to repay an
extension of credit from that bank upon the occurrence of a specified event.
Debt service: Measure of a consumer’s income in relation to committed debt payments.
Debt suspension agreement: Loan term or contractual arrangement modifying loan terms
under which a bank agrees to suspend all or part of a customer’s obligation to repay an
extension of credit from that bank upon the occurrence of a specified event. The term “debt
suspension agreement” does not include loan payment deferral arrangements in which the

Version 2.0
triggering event is the borrower’s unilateral election to defer repayment or the bank’s
unilateral decision to allow a deferral of repayment.
Fee pyramiding: Occurs when fees result from imposition of other fees, for example, when
posting a late payment fee on a credit card account causes the account to exceed its credit
limit and to incur an over-limit fee. Regulation Z prohibits a bank from imposing more than
one penalty fee based on a single event or transaction.
Five Cs of credit: Evaluation criteria typically used in a judgmental credit decision:

character, capacity, capital, collateral, and conditions.
Fixed payment program: Also described as a “cure” or workout program. Includes CCC
and in-bank programs designed to help customers work through some type of temporary or
permanent financial impairment. Cure programs typically involve a reduced payment for a
specified period of time and may also include interest rate concessions.
High-side override: Denied loan that meets or exceeds established credit score cutoff. To
compute a bank’s high-side override rate, divide the number of declines scoring at or above
the cutoff score by the total number of applicants scoring at or above the cutoff.
Inherent losses: Amount of loss that meets the conditions of ASC 450-20 for accrual of a
loss contingency (i.e., a provision to the allowance). The term is synonymous with
“estimated credit losses,” which is used in the “Interagency Policy Statement on the
Allowance for Loan and Lease Losses.”110
Interchange fee: Portion of discount fee (percentage of each transaction) paid by merchants
on bank card transactions. Interchange fees are established by the bank card associations,
based in part on the type of merchant and method of transmission from the merchant (i.e.,
online or off-line). The fee takes into account authorization costs, fraud and credit losses, and
the average bank cost of funds.
Issuer: Institution (or agent) that issues a credit card to the cardholder. Sometimes referred to
as issuing bank.
Lagged analysis: Analysis that minimizes effects of growth. Lagged analysis uses the
current balance of the item of interest as the numerator (e.g., loans past due 30 days or more)
and the outstanding balance of the portfolio being measured for some earlier time period
(generally six months or one year ago) as the denominator.
Low-side override: Approved loan that fails to meet the scoring criteria. To compute the
low-side override rate, the number of approvals scoring below the cutoff score is divided by
the total number of applicants scoring below the cutoff.
Loss mitigation: Loan collection techniques used to reduce or eliminate the possible loss.
110
For more information, refer to OCC Bulletin 2006-47.

Version 2.0
Managed assets: Total balance sheet assets plus all off-book securitized assets.
Merchant authorization: Issuance of a bank’s approval of a credit card transaction in a

specific amount. If a merchant complies with bank card association rules in obtaining an
authorization, usually by telephone or authorization terminal, payment to the merchant is
guaranteed.
Negative amortization: Increase in the capitalized loan balance that occurs when the loan
payment is insufficient to cover the interest and fees due and payable for the payment period.
Open-to-buy: Difference between the outstanding balance and the credit limit on credit card
accounts. The total amount of committed and as yet unfunded credit available to borrowers is
a contingent liability.
Pay-ahead: Keeping track of excess payment amounts and reducing the next consecutive
payment(s) accordingly. As a result, the consumer is not required by the bank to make
payments until the amount of the overage has been extinguished. For example, if a
consumer’s minimum payment on the credit card account is $25 each month and the
consumer remits $100, the next payment would not be due until the fourth subsequent month.
Pay-aheads can pose increased risk because they do not require a minimum payment every
month. When banks require customers to make monthly payments, the banks are able to
monitor portfolio quality through more accurate delinquency reporting. Banks should limit
the use of pay-aheads to accounts with low risk characteristics. Banks that accept pay-aheads
on credit card accounts must comply with 12 CFR 1026.53, which sets forth the requirements
for the allocation of the excess payment amounts.
Payment holiday (or skip-a-pay): Program that gives a financial institution’s customers the
option of skipping payments for a given month. Interest continues to accrue for the skipped
time period. These programs are generally not considered prudent in credit card lending, and,
if seen in practice, should be discontinued.
Penalty pricing: Increased finance charge imposed when a borrower fails to pay as agreed,
based on performance criteria in the cardholder agreement. Penalty pricing is subject to the
CARD Act and Regulation Z requirements and limitations.
Periodic rate: Finance charge expressed as a percentage that is applied to the outstanding
balance of an open-end loan for a specified period of time, usually monthly.
Point of sale: Where a customer engages in a retail transaction.
Prescreen: To score or otherwise qualify a list of names or defined credit bureau population
using credit bureau information. Under the FCRA, the issuer generally is required to make a
firm offer of credit to the consumers it solicits for a credit card, or else, under the FCRA, it
would not have a permissible purpose for obtaining the prescreened list (with limited
exceptions).

Version 2.0
Price point: Price tier into which banks segment retail portfolios. Price points show both
rates and balances outstanding in each tier. Especially important when teaser rates are
offered, price points enable banks to model past, present, and future revenue and the impact
of shifts that result from pricing strategies. Some banks identify three tiers, such as low-rate
teasers, medium-rate standard products, and high-yield loans; credit card issuers might
analyze up to 50 price points.
Private-label credit card: Issued for use at a single retailer.
Procurement card program: Charge card program to facilitate corporate procurement.

Balances on such cards are due in full each month or cycle.
Promise to pay: Used in collection departments to describe customers who have been
contacted regarding their delinquent accounts and have committed to remitting payments.
Once payment is received, it is reported under “promises kept.”
Re-age: Returning a delinquent, open-end account to current status without collecting the
total amount of principal, interest, and fees that are contractually due.
Reissue: Issuance of new bank cards to replace those that have expired or will expire for
qualified cardholder accounts.
Revolvers: Credit card customers who pay less than the full outstanding balance on their
accounts each month (so that the account “revolves”).
Rewrite: Underwrite an existing loan by significantly changing its terms, including payment
amounts, interest rates, amortization schedules, or final maturity.
Roll rate: Measure of the movement of accounts and balances from one payment status to
another (e.g., percentage of accounts or dollars that were current last month rolling to 30 days
past due this month).
Rollover: Carrying forward a portion of an outstanding balance on a credit card holder’s

account from month to month.
Secured credit card: Bank card secured at least in part by a deposit account held at the
issuing bank or at a designated correspondent bank. The credit limit often is based on the
amount of cash collateral provided.
Securitization: Process of creating an investment security backed by credit card receivables.
Settlement: Process by which acquirers and issuers exchange financial data and value
resulting from sales transactions, cash advances, merchandise credits, etc.
Spread account: Most common form of securitization credit enhancement. A spread account
carries reserves to absorb credit losses and generally equals two to three times the expected

Version 2.0
losses in the package of receivables or loans. The spread account is initially “seeded”
(funded) by the selling bank. These advances usually are expensed to achieve treatment as
sales under regulatory accounting procedures. Excess servicing income is deposited into this
account each month until it is fully funded and the seed money is repaid to the selling bank .
The securitization trustee controls the account.
Stress testing: Analysis that estimates the effect of economic changes or other changes on
key performance measures (e.g., losses, delinquencies, and profitability). Key variables used
in stress testing could include interest rates, score distributions, asset values, growth rates,
and unemployment rates.
Sum-of-cycle reporting: Aggregates amounts based on payment or billing cycle dates rather
than the point-in-time reporting used in end-of-month (EOM) reporting. The benefit of this
type of reporting is the ability to compare performance of accounts with different cycle dates
on equal terms, e.g., total current versus delinquent accounts as of close of business on
payment due date.
Teaser or introductory rate: Temporary interest rate offered by open-end credit lenders to
consumers as an incentive to open accounts with the lenders. The teaser period generally
lasts anywhere between six months and one year, and interest rates offered have been as low
as zero percent. Customers’ accounts revert to standard rate pricing after the introductory
period. Card issuers must comply with the requirements of 12 CFR 1026.55(b)(1) when
offering a temporary rate.
Third-party relationship: A third-party relationship is any business arrangement between a

bank and another entity, by contract or otherwise. Third-party relationships include activities
that involve outsourced products and services, use of independent consultants, networking
arrangements, merchant payment processing services, services provided by affiliates and
subsidiaries, joint ventures, and other business arrangements where the bank ha s an ongoing
relationship or may have responsibility for the associated records.
Travel and entertainment card program: Charge cards with balances due in full each
month (or cycle), issued to facilitate corporate travel and entertainment.
Vintage analysis: Grouping loans by origination time period (e.g., quarter) for analysis
purposes. Performance trends are tracked for each vintage and compared with other vintages
for similar time on book.

Version 2.0
Appendix K: Abbreviations
ACH automated clearing house
ACL allowance for credit losses
AI artificial intelligence
ALLL allowance for loan and lease losses
AML anti-money laundering
APR annual percentage rate
ASC Accounting Standards Codification
BIN bank identification number
BSA Bank Secrecy Act
CARD Act Credit Card Accountability Responsibility and Disclosure Act
CCC Consumer Credit Counseling
CEBA Competitive Equality Banking Act
CECL current expected credit losses
CFPB Consumer Financial Protection Bureau
CFR Code of Federal Regulations
CIP customer identification program
CRA credit reporting agency
DCC debt cancellation contract
DDR delinquency distributions report
DSA debt suspension agreement
EAD exposure at default
ECOA Equal Credit Opportunity Act
EIC examiner-in-charge
EITF Emerging Issues Task Force
EMV Europay, Mastercard, and Visa
EOM end-of-month
FACT Act Fair and Accurate Credit Transactions Act
FCRA Fair Credit Reporting Act
FDCPA Fair Debt Collection Practices Act
FEIC functional examiner-in-charge
FFIEC Federal Financial Institutions Examination Council
FICO Fair Isaac Corporation
FIFO first in first out
FinCEN Financial Crimes Enforcement Network
FSA federal savings association
GAAP generally accepted accounting principles
GLBA Gramm-Leach-Bliley Act
HOLA Home Owners’ Loan Act
ICA Interbank Card Association
ICQ internal control questionnaire
IE income estimator
IRKI Issuer Risk Key Indicators
IT information technology
LGD loss given default

Version 2.0
LPM loan portfolio manager

MDDR maximum delinquency distributions report
MIS management information systems
ML machine learning
NA not applicable
NPV net present value
NSF not sufficient funds
OCC Office of the Comptroller of the Currency
OCL over-credit-limit
OTS Office of Thrift Supervision
PCCR purchased credit card relationship
PD probability of default
QA quality assurance
QC quality control
ROAA return on average assets
ROE return on equity
SAR Suspicious Activity Report
SOC sum-of-cycle
T&E travel and entertainment
TDR troubled debt restructuring
TILA Truth in Lending Act
UBPR Uniform Bank Performance Report
UDAP unfair or deceptive acts or practices
UDAAP unfair, deceptive, or abusive acts or practices
USC United States Code

Version 2.0
References
Listed references apply to national banks and FSAs unless otherwise noted.
Laws
10 USC 987, “Terms of Consumer Credit Extended to Members and Dependents:
Limitations” (Military Lending Act)
12 USC 1461 et seq., “Home Owners’ Loan Act” (FSAs)
12 USC 1464(d)(7)(D), “Service Performed by Contract or Otherwise” (FSAs)
12 USC 1867(c), “Services Performed by Contract or Otherwise”
12 USC 5531, “Prohibiting Unfair, Deceptive, or Abusive Acts or Practices” (section 1031 of
the “Dodd–Frank Wall Street Reform and Consumer Protection Act”)
12 USC 5536, “Prohibited Acts” (section 1036 of the “Dodd–Frank Wall Street Reform and
Consumer Protection Act”)
15 USC 45, “Unfair Methods of Competition Unlawful; Prevention by Commission” (section
5 of the “Federal Trade Commission Act”)
15 USC 1601 et seq., “Truth in Lending Act”
15 USC 1681c, “Requirements Relating to Information Contained in Consumer Reports”
15 USC 1681m, “Requirements on Users of Consumer Reports”
15 USC 6801, “Protection of Nonpublic Personal Information”
15 USC 6805(b), “Enforcement of Section 6801”
15 USC 7001 et seq., “Electronic Signatures in Global and National Commerce Act of 2000”
50 USC 3901 et seq., “Servicemembers Civil Relief Act”
Pub. L. 111-24, “Credit Card Accountability Responsibility and Disclosure Act of 2009”
Regulations
12 CFR 21.11, “Suspicious Activity Reports” (national banks)
12 CFR 21.21, “Procedures for Monitoring Bank Secrecy Act (BSA) Compliance”
12 CFR 30, Appendix B, “Interagency Guidelines Establishing Information Security
Standards”
12 CFR 37, “Debt Cancellation Contracts and Debt Suspension Agreements” (national
banks)
12 CFR 41, subpart J, “Identity Theft Red Flags”
12 CFR 101, “Covered Savings Associations” (FSAs)
12 CFR 160, “Lending and Investment” (FSAs)
12 CFR 163.180, “Suspicious Activity Reports and Other Reports and Statements” (FSAs)
12 CFR 1002, “Equal Credit Opportunity Act (Regulation B)”
12 CFR 1022, “Fair Credit Reporting (Regulation V)”
12 CFR 1026, “Truth in Lending (Regulation Z)”

Version 2.0
Comptroller’s Handbook
Examination Process
“Bank Supervision Process”
“Community Bank Supervision”
“Federal Branches and Agencies Supervision”
“Large Bank Supervision”
“Sampling Methodologies”
Safety and Soundness, Asset Quality

“Allowance for Loan and Lease Losses”
“Concentrations of Credit”
“Loan Portfolio Management” (national banks)
“Rating Credit Risk”
“Retail Lending”
Safety and Soundness, Liquidity

“Asset Securitization” (national banks)
Safety and Soundness, Management

“Corporate and Risk Governance”
“Internal and External Audits”
“Internal Control” (national banks)
Safety and Soundness, Other Activities

“Merchant Processing”
Consumer Compliance
“Compliance Management Systems”
“Fair Credit Reporting” (national banks)
“Fair Lending”
“Other Consumer Protection Laws and Regulations” (FDCPA)
“Servicemembers Civil Relief Act”
“Truth in Lending Act (Interagency)”
“Unfair or Deceptive Acts or Practices and Unfair, Deceptive, or Abusive Acts or
Practices”
OTS Examination Handbook

Section 201, “Overview: Lending Operations and Portfolio Risk Management”
Section 221, “Asset-Backed Securitization”
Section 340, “Internal Control”
Section 1300, “Fair Credit Reporting Act”

Version 2.0
OCC Issuances
Bank Accounting Advisory Series
OCC Bulletin 1997-24, “Credit Scoring Models: Examination Guidance”
OCC Bulletin 1999-10, “Subprime Lending: Interagency Guidance”
OCC Bulletin 1999-15, “Subprime Lending: Risks and Rewards” (national banks)
OCC Bulletin 2000-20, “Uniform Retail Credit Classification and Account Management
Policy: Policy Implementation”
OCC Bulletin 2002-16, “Bank Use of Foreign-Based Third-Party Service Providers: Risk
Management Guidance”
OCC Bulletin 2003-1, “Credit Card Lending: Account Management and Loss Allowance
Guidance”
OCC Bulletin 2006-47, “Allowance for Loan and Lease Losses (ALLL): Guidance and
Frequently Asked Questions (FAQs) on the ALLL”
OCC Bulletin 2008-28, “Fair Credit Reporting Act (FCRA): Additions to FCRA
Examination Procedures”
OCC Bulletin 2011-12, “Sound Practices for Model Risk Management: Supervisory
Guidance on Model Risk Management”
OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance”
OCC Bulletin 2014-37, “Consumer Debt Sales: Risk Management Guidance”
OCC Bulletin 2014-42, “Credit Practices Rules: Interagency Guidance Regarding Unfair or
Deceptive Credit Practices”
OCC Bulletin 2017-7, “Third Party Relationships: Supplemental Examination Procedures”
OCC Bulletin 2017-43, “New, Modified, or Expanded Bank Products and Services: Risk
Management Principles”
OCC Bulletin 2019-31, “Covered Savings Associations Implementation: Covered Savings
Associations”
OCC Bulletin 2019-37, “Operational Risk: Fraud Risk Management Principles”
OCC Bulletin 2019-62, “Consumer Compliance: Interagency Statement on the Use of
Alternative Data in Credit Underwriting”
OCC Bulletin 2020-10, “Third-Party Relationships: Frequently Asked Questions to
Supplement OCC Bulletin 2013-29”
OCC Bulletin 2020-49, “Current Expected Credit Losses: Final Interagency Policy Statement
on Allowances for Credit Losses”
OCC Bulletin 2020-50, “Credit Risk: Interagency Guidance on Credit Risk Review Systems”
OCC Bulletin 2020-81, “Credit Risk: Risk Management of Loan Purchase Activities”
OCC Bulletin 2020-84, “Truth in Lending Act: Revised Interagency Examination
Procedures”
Other
Consumer Financial Protection Bureau
CFPB Bulletin 2014-2, “Marketing of Credit Card Promotional APR Offers”

Version 2.0
Financial Accounting Standards Board
ASC Subtopic 310-40, “Troubled Debt Restructurings by Creditors”

ASC Topic 326, “Financial Instruments – Credit Losses”
ASC Subtopic 450-20, “Loss Contingencies”
ASC Topic 606, “Revenue from Contracts with Customers”
ASC Topic 810, “Consolidations”
ASC Topic 860, “Transfers and Servicing”
FFIEC
FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual
FFIEC Information Technology Examination Handbook
“Instructions for Preparation of Consolidated Reports of Condition and Income” (call
report instructions)

Pub CH Credit Card PDF

Uploaded by

Copyright:

Available Formats

Pub CH Credit Card PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pub CH Credit Card PDF

Uploaded by

Copyright:

Available Formats

Comptroller’s Handbook

Safety and Soundness

Credit Card Lending

Comptroller’s Handbook i Credit Card Lending

Fraud Risk Management ................................................................................. 50

Comptroller’s Handbook ii Credit Card Lending

Supplemental Examination Procedures..................................................... 119

Comptroller’s Handbook iii Credit Card Lending

Comptroller’s Handbook 1 Credit Card Lending

Comptroller’s Handbook 2 Credit Card Lending

Credit Card Products

• General purpose cards (including charge cards)

Comptroller’s Handbook 3 Credit Card Lending

General Purpose Cards

Comptroller’s Handbook 4 Credit Card Lending

Comptroller’s Handbook 5 Credit Card Lending

Proprietary or Private-Label Cards

Comptroller’s Handbook 6 Credit Card Lending

Corporate or Commercial Cards

Comptroller’s Handbook 7 Credit Card Lending

Risks Associated With Credit Card Lending

Comptroller’s Handbook 8 Credit Card Lending

Comptroller’s Handbook 9 Credit Card Lending

Comptroller’s Handbook 10 Credit Card Lending

To assess liquidity risk, examiners consider

• reliability of funding mechanisms.

Comptroller’s Handbook 11 Credit Card Lending

To assess reputation risk, examiners consider

• volume and number of credit card accounts under management or administration .

Interest Rate Risk

Comptroller’s Handbook 12 Credit Card Lending

• the Bank Secrecy Act (BSA).21

Comptroller’s Handbook 13 Credit Card Lending

• Federal Financial Institutions Examination Council’s (FFIEC) Bank Secrecy Act/Anti-

Comptroller’s Handbook 14 Credit Card Lending

Examiners should determine how each function is performed, whether it is performed

Comptroller’s Handbook 15 Credit Card Lending

Comptroller’s Handbook 16 Credit Card Lending

Comptroller’s Handbook 17 Credit Card Lending

• use scoring models exclusively to approve or reject loan applications.

Comptroller’s Handbook 18 Credit Card Lending

originally introduced, the names were “BEACON” at Equifax, “EMPIRICA” at

Credit bureau scores consider five general groups of predictive variables:

• Application scores: As the name suggests, application scores incorporate information

Comptroller’s Handbook 19 Credit Card Lending

• Marketing: Target marketing initiatives to meet preferences or perceived needs.

Table 1: Joint Delinquency Matrix, Delinquency Rates

Comptroller’s Handbook 20 Credit Card Lending

Comptroller’s Handbook 21 Credit Card Lending

• Model inventory: Summary listing of

Model Management and Tracking

Comptroller’s Handbook 22 Credit Card Lending

Override analysis is an important aspect of model validation. Decisions to override a model

Table 2: Example of Override Tracking

Comptroller’s Handbook 23 Credit Card Lending

Key front-end reports include the following:

Key back-end reports include the following:

Comptroller’s Handbook 24 Credit Card Lending

Back-end analysis in particular is most effective when conducted at an appropriate level of