Back To Top

CECL: Backtesting is critical 

June 26, 2025
Print

All banks are now subject to the Current Expected Credit Loss (CECL) model, requiring them to recognize an immediate allowance for expected credit losses over an asset’s life. First introduced by the Financial Accounting Standards Board in 2016, CECL represents a shift from the old incurred-loss model to a forward-looking approach, under which banks recognize an immediate allowance for all expected credit losses over an asset’s life. 

The CECL rules allow banks significant flexibility in selecting an appropriate, practical model for estimating credit losses. Federal regulators don’t expect smaller institutions to implement complex modeling techniques. However, after a bank implements a model, it must be validated regularly to ensure accuracy. One validation method many banks use is “backtesting.” This involves comparing a bank’s predicted credit losses against its actual loss experience over time. Armed with the results, a bank can revisit its CECL model and make necessary adjustments. 

Finastra breach highlights importance of third-party risk management 

In late 2024, Finastra, a financial technology firm that serves more than 8,000 financial institutions worldwide, including 45 of the world’s top 50 banks, experienced a major data breach. The hacker stole around 400 gigabytes of client data and internal documents and then offered them for sale online. 

The breach serves as a timely reminder of the importance of managing the risks associated with vendors and other third parties with access to sensitive client data and confidential information. Federal regulators expect banks to develop a formal third-party risk-management plan. Among other things, banks should conduct thorough due diligence on prospective providers (including their security practices), negotiate contracts that clearly spell out security requirements and expectations, continuously monitor third-party relationships, develop and test incident response plans that include third parties, and conduct periodic independent reviews of their third-party risk-management process. 

OCC clarifies banks’ authority to engage in cryptocurrency activities 

In a recent Interpretive Letter, the Office of the Comptroller of the Currency (OCC) reaffirmed that banks can engage in the following cryptocurrency activities: 

  • Providing crypto-asset custody services, 
  • Maintaining stablecoin reserves, and 
  • Verifying blockchain-based payments. 

The letter also rescinds the requirement that OCC-supervised institutions receive supervisory nonobjection and demonstrate adequate controls before engaging in these activities. 

Community banks embracing digital transformation, AI 

According to a recent survey by BNY Mellon, more than 90% of community banks “are prepared to initiate digital transformations,” but less than 20% “see themselves as experts in data analytics.” In addition, around 40% of community banks say they’re incorporating artificial intelligence (AI) and machine learning into their strategic visions, with an eye toward “helping address everything from customer service to risk assessment.” 

Other Reads:

The Power of Pause: YHB’s Wellness Week 2025
Foundations First: Crafting Effective IT Governance and Policies
CECL: Backtesting is critical 
QuickBooks users: It’s time for a mid-year review
Put qualified charitable distributions to work for your not-for-profit View More Headlines
🧘‍♀️ Wellness Week 🧘‍♂️

At YHB, we believe in the Power of Pause. 

In celebration of Wellness Week, our offices will be closed from June 30 to July 4, 2025.

We encourage everyone to take this time to rest, recharge, and prioritize well-being.