Best Practices for Credit and Counterparty Risk Management

Cisco Systems is the worldwide leader in IT that helps solve their customers’ most important business challenges by delivering intelligent networks and technology architectures built on integrated products, services, and software platforms.

Cisco Capital is a wholly-owned subsidiary of Cisco Systems, Inc. The company is focused on delivering premier solutions in technology financing, trade and channel financing, and Cisco Certified Pre-Owned Equipment. They manage a portfolio of $10 billion in financings and $48 billion in trade and channel receivables, with a presence in more than 100 countries.

I hope to provide a unique perspective. How Cisco performs credit and counterparty risk management may be different than other global corporations or financial institutions. We are a captive lessor for a high-tech manufacturer and therefore our objectives for effective risk management differ from those of a bank.

Cisco has three distinct lines of businesses. Our channel financing, which is our resale model, brings approximately $25 billion a year and provides extended financing terms to some of our partners and direct customers. Our technology financing business represents our lease and loan portfolio – the traditional part of our business – where the lion’s share of our people within Cisco Capital reside. This provides the enablement and packaging of financial solutions for Cisco’s customers. Our third business is the asset management function, representing pre-owned equipment sales. We are also the remarketing function for our organization. When clients return the equipment or if it comes off a lease, we add it to our inventory, remanufacture, and market it. Our term and lease portfolio is about $10 billion and we maintain about 32,000 active invoices.

We are active in more than 100 countries, which is challenging when it comes to our coverage, as we engage with countries that are not as active in captive financing as others. Our team is 600 people strong. For the size of our portfolio and business, we are frugal and efficient with our operations.

The credit organization is the enablement arm of Cisco, which means that our products and services have a gross margin of about 60%. Within our lending business, we are easily able to cover the cost of goods sold and manage to keep a very high margin. When comparing our operations to banks, however, we put our margin at risk and need to be repaid. Typical for captive financing, these aspects need to be considered when providing financing and growing the size of deals. The high incremental margins result in direct incremental sales for the whole company, but also needs to be balanced with our fiduciary responsibilities. We can capitalize on the fact that we are part of the bigger Cisco organization, which has a strong balance sheet of $90 billion in assets and $50 billion in cash, enabling us to act as a forward-leaning lender at times. Acting in the interest of our shareholders, though, we have to make the right decisions for the business within a complex market place.

We started off as a credit organization, but the inclusion of risks such as performance risk, sovereign risk, accounting policy, or financial regulation within countries to which we provide coverage, have enabled us to act as a credit and risk management function. This complex environment makes the analysis on a credit and fundamental-level very complicated.

This is a basic question, but for us it is a bit more complicated. With public companies, we follow an automated process and use tools, including those developed by Moody’s Analytics. As far as the aggregation of data goes, we regularly collect the financials as they are published for public companies.

With private companies, this becomes more difficult depending on the jurisdiction. For example, in India financial data is only published once a year, even within the largest corporations. So we do not receive regularly audited financials. When looking for smaller private companies, we try to obtain financial data as often as possible. We look at portfolio performance issues, such as delinquencies, which outline areas for further analysis via counterparties. In all cases, the most relevant data available is balanced with the actual risk. We follow the most practical approach, as we may receive different answers when dealing with a $20,000 deal versus a multimillion dollar deal.

Beyond basic financial statement analysis, we use a heavy dose of unbiased risk analytics. At the center, we use EDFs (Expected Default Frequencies) that are built into our process. We put stakes into the ground regarding the discretion we give to credit managers over their decisions based on financial statements and unbiased analytics. Our process for triangulating information, which is a balance between the financial review, our EDF results, and other analytics. We focus on obtaining a positive answer to the following questions: “Are we going to get repaid?” and “What are our repayments going to be like?” If debt is maturing in four years, a deal might need to be structured for three years’ time.

What are some of your key challenges within the risk assessment process? What types of users within the organization do you face and who use the tools that you employ in your analysis? The biggest challenge is clearly taking a standardized approach in 100-plus countries. We have a foundation underwriting process, but there are a lot of nuances, local and sovereign, and general credit practices that we need to consider. With primarily US lenders, there is a homogeneous market. But when going beyond 20 or 30 countries, lenders cannot ignore the local nuances. In order to ensure the best risk assessment process locally, we hire the most suitable local financial professionals who offer exceptional regional expertise.

We also focus on staying upmarket, specifically in emerging markets. Cisco has extended its outreach into these markets lately with Cisco Capital leading the corporate strategy. When choosing counterparties, we look at their position by comparing them to their peers and try to identify whether they are top service providers within their countries or players in lower tiers. While assessing the risks in any given country, we pursue a very holistic approach, which includes considering a peer set and all available information. This procedure is of great important to Cisco’s enablement process. It is not Cisco Capital’s remit to generate volume process or fee income, but rather realize sales for Cisco.

My team and I have spent a substantial amount of time trying to standardize processes across the globe to ensure consistency. But again, we have to evaluate the local flavor to make the best decision on behalf of the company. So what are my expectations of credit managers? To me, they are more than credit managers – they are business decision-makers. They are the chief fiduciary in a given transaction. Credit managers are involved in structuring deals and are often the gatekeepers for whether or not a deal goes forward. They must balance their responsibilities as credit professionals with enablement for Cisco, knowing when to take a forward-leaning approach and when to pull back.

My team members view themselves as not only providing underwriting services, but also as actually adding value. We give our credit managers the authority to make decisions and the insurance of a dual signature, the so-called “second pair of eyes.” At a basic level of credit management, however, we take a very pragmatic view and do not have that dual signature requirement. We want credit managers to own and be accountable for their portfolios. Often, the dual signature is just a peer checking off somebody else’s work, which we don't see as effective as someone who truly has taken ownership. Instead, we support the decision- making process and have a robust quality assessment process. This means that we assess ourselves much stricter than even our auditors would, which implies the implementation of a solid decision-making and communication model throughout. When things get more complicated, beyond the first level of authority, we get a second pair of eyes by involving senior managers in the process. This allows for a more robust quality review when compared to the dual signature approach. As long as our employees hold true to their fiduciary responsibility, we expect a high-quality underwriting process.

We have standardized a foundational set of underwriting templates and documents, and our scoring models are also standard across the globe. We will though, include local input, either the sovereign or market perspective, where a credit manager can overwrite the scoring template. The template itself cannot be manipulated, even for the financial analysis with the inputs in the template. We allow them the flexibility to overwrite credit decisions, which sometimes requires a second set of eyes depending on how big those decisions are.

The standard underwriting practice helps us to judge the general level of quality and decision-making process. When we conduct our quality review, we inquire about the quality of underwriting and decision-making. We have a scoring model for all credit managers that is reviewed twice a year, based on a sample of their work. We drive standardization while realizing that we do not operate in a homogenous market.

What are the tools and techniques that you use to perform portfolio reviews? With our portfolio review framework, we bring the information to our credit managers to drive efficient decision making. We aggregate many data points. For example, we use RiskFrontier™ which helps determine our expected loss or economic capital. We add that information, along with other data, into a proprietary database that we internally call “My Portfolio Manager.” All credit managers have access to that database, where they can see their credit portfolio with delinquencies.

One of our biggest challenges was aligning the data before we built the foundation with a clean scoring model of traffic lights. This allows us to judge different levels of risk, including near-term, long-term, or concentration risk. We triangulate that with the EDF measures and delinquencies and deliver a consolidated view to the credit managers.

We believe that managing the portfolio starts with the credit manager. We perform a portfolio review on many levels, on a day-to-day basis.

Our credit managers review their portfolios, observe the latest feeds and delinquencies, as well as relevant developments. They monitor the predictive analytics and measure to identify any trends. Our chief risk officers (we have one in EMEA, one in the Americas, and one in APJC) are responsible for their portfolios, too, which they review on a quarterly basis. I take a look at the global portfolio, which is also reviewed on a quarterly basis. If we combine what is happening within credit managers, portfolio reviews occur almost daily. From a macro standpoint, we focus on quarterly data, unless there are trigger events that compel us to look closer at a specific sector, client segment, or country based on some recent sovereign developments, such as in the Ukraine, Argentina, or Venezuela.

Most companies take a pragmatic approach to diversifying their exposures and answering the question about how much exposure they have in a single country or counterparty. We are a bit more flexible than that. Our mission is aligned with Cisco’s; we lend where they sell. That doesn't mean that we lend to anyone, but we stay upmarket and manage our portfolios effectively. The fact that Cisco is a premium price provider allows us not to overload on weak credit too often. It is important to assist our sales teams with the formulation of their messaging, which we ensure by displaying the risk appetite in a simplistic fashion through the traffic lights signal framework, which quickly resonates with non-risk professionals who do not require a detailed understanding of credit information on a daily basis. The process of risk management places some importance to risk-adjust pricing, which translates to limits management. If you up-price your products in the process of lending, it may not be advantageous anymore for some clients to finance; but instead, they would decide to purchase.

It cannot be stressed enough to stay upmarket when taking on risk in emerging markets. Another important factor is balance. We are a strong player in the US, Europe, and major Asian countries with well-performing portfolios, which subsequently allows us to take on risk in other areas.

Starting with the peer analysis at the counterparty level within the portfolio, we look at different peers within the industry. We are currently building tools to quickly identify what quartile someone is in when doing peer set reviews. We judge the portfolio on a correlated basis when it comes to risks such as near-term, short-term, or concentration risks. There is an active infrastructure that we have built that translates down to the traffic signal framework as well. That is the iterative process built into the decisioning and evaluating of counterparties. At the portfolio or the enterprise level, we actively look at our peer group of lenders such as IBM Global Finance or HP Financial Services.

There is a good amount of disclosure, just as there is with Cisco in year-end reports regarding our lending practice. We can normalize the information we gather and realistically compare portfolios based on this disclosed information. It is important to compare ourselves as a baseline of what a portfolio looks like, what are the reserves compared between companies, how is that risk adjusted, and what percentage of the manufacturer’s business is the captive finance company. We synthesize anything that is public information, simply as it is organizational health metrics, and do our best to compare ourselves against peers with information that is available.

Quarterly, at a portfolio level, we look at important sovereign events, but credit managers evaluate this daily. The key is delivering the information to credit managers so they have to be data gatherers. When I took on this role, one of the first things I did was sit down with one of our long-standing credit professionals and walked through his underwriting and true assessment processes. They had to use many separate systems, in eight to ten different places. Bringing it in one place and synthesizing it allowed us to be much quicker with decisioning. The ownership of portfolio management really started to resonate with individual contributors.

We typically monitor quarterly, as monthly reviews tends to be too quick, unless there is relevant news, such as on WSJ or CNBC. We implemented a process where we look at EDFs and their movement quarter-over-quarter. If we see a big jump then we take a deeper dive. If we see a strong deviation of EDFs from our assigned credit rating, we look for justification. We look at delinquencies; for example, if the customer is a single B and there is a delinquency, we focus on that account. If it is a single A customer, and there is a delinquency, we are not concerned. In most cases for those with stronger credit, we found that delinquencies less than 60 days old tend to be an administrative issue, such as a dispute on the taxes, so we rely on our collection team for that.

We focus on the outliers on the risk and analytics, including our EDFs, our portfolio data with delinquencies, and general market intelligence. We often get asked about the scenario of an executive from company XYZ announcing on CNBC that their earnings were lousy and we want to know our exposure and outlook. We really need to be flexible, on top of the accounts, and react really quickly at a credit manager level and at the organization level.

We synthesize and provide relevant and consistent reporting throughout the organization, aligned with a basic framework of red light, yellow light, and green light. It is easy for someone on the board that may not have the financial background to understand what we are talking about when we have a red light. We use that at appropriate levels and we feel that we have a leading practice when it comes to aggregating those analytics, especially reporting that up through the organization. One of the things that every risk professional worries about is that if you do take the risk and something goes wrong or goes against you, do you get in trouble or get fired? What we promote at Cisco is that the transparency is the key. We don't expect to win 100% of deals. So we have to be very transparent and timely with our reporting as things migrate, as risk comes on board. When we do take the risk, we take it on a very informed basis.

We are constantly evolving and trying to improve our processes. We seek to learn from our portfolio as we take on risk. We study what has worked and what has not in order to get better and better. It is a continuous journey. We continue to develop our risk analytics and deliver more value to our credit managers and to our sales staff. Often they represent the credit team out in the field when we are trying to make a deal work with a unique structure and sales is involved. We arm them so that they can not only articulate our messaging, but are also responsible for making decisions.

The other piece of our journey is that our team has expanded the mandate to take on enterprise risk management for Cisco Capital, meaning that we will be focused on managing, overseeing, taking inventory, and mitigating all risks within the company. Whether it's performance risk, sovereign risk, execution risk, or doing gap analysis, the foundation that we have built for our counterparty risk management translates into a much broader enterprise risk management role. We are forming the team now and will be functioning as a pilot for Cisco. This pilot involves separate initiatives from governance and control to stock and compliance. Our goal is to help bring some of those functions together under one roof, and use that framework of information to report on more risk than just counterparty risk. In my opinion, it is the future for risk organizations to be able to leverage some of these core competencies on a broader basis throughout a corporation.