The Evolution of Credit Risk Modelling: Past, Present and Future

Modelling
Written By Mark Thompson

Part 1 of the Modern Model Management Series

In anticipation of the upcoming 19th Credit Scoring and Credit Control conference organised by the Credit Research Centre of the University of Edinburgh Business School, I wanted to look at how credit risk modelling has evolved over the years and what the future might hold. This is the first in a series of 4 articles which will be published in the lead up to the Edinburgh conference known as the world’s premier event in the field, and at the forefront of credit scoring and related disciplines for the past 30 years.

The changes and advances of credit risk modelling over the past few decades tells a fascinating story of technological advancement, changing regulations, and evolving business needs. Credit risk models have transformed from simple statistical tools to, in some cases, complex AI-driven systems. But with greater power comes greater responsibility - particularly in an industry where decisions directly impact people's lives.

Where We Started: The Foundation Era (Pre – 2000s)

Remember the days when credit decisions relied heavily on expert judgment and basic scorecards? Back in the pre-2000s, credit risk modelling was relatively straightforward:

Traditional Scorecards: Developed primarily using logistic regression techniques

Limited Computing Power: Models needed to be computationally efficient

Focused Applications: Application models for accept/reject decisions and behavioural models for limit adjustments and early collections decisions

The early days of credit risk modelling were characterised by simple, focused models that served specific operational purposes. These early models served their purpose well, bringing statistical rigour to decisions that had previously relied heavily on individual judgment. But they were limited by the data and technology available at the time. When developing my first credit risk models in the late 1990s I remember we only sampled 1500 Goods and 1500 Bads so that we were not waiting hours between iterations of model builds.

The data used was quite different too. Lenders primarily used internal customer data and credit bureau information. The idea of alternative data sources or real-time decisioning was still years away. Yet these foundation models represented a significant step forward in bringing consistency, objectivity and control to credit decisions.

The Regulatory Revolution Changes Everything (2000s – 2010s)

Then came Basel II in 2004, followed by Basel III after the 2008 financial crisis, and later IFRS 9. These regulations meant that credit risk models weren't just operational tools but critical components of regulatory compliance and financial reporting.

This shift fundamentally changed what was required from credit risk models:

Capital Requirement Models: PD, LGD, and EAD models specifically designed for regulatory capital calculations

Expected Credit Loss Models: Forward-looking approaches incorporating macroeconomic scenarios

More Sophisticated Validation: Heightened scrutiny and more formal model governance frameworks

The stakes were now much higher. Poor models didn't just mean suboptimal business decisions; they could lead to capital shortfalls, compliance issues, and financial reporting errors. This era saw financial institutions investing heavily in specialised modelling teams and governance frameworks to meet these new demands.

The Machine Learning Revolution: More Power, More Questions (2010s – 2020s)

Advances in computing power and data availability began transforming credit risk modelling in the 2010s. Machine learning algorithms started entering the mainstream:

  • Random Forests aggregating predictions from hundreds of decision trees

  • Gradient Boosting Machines sequentially improving on previous predictions

  • Neural Networks having been explored in the 1990s became more mainstream, finding complex patterns invisible to traditional methods

This wasn't just about better predictive power. ML approaches offered the potential for faster development cycles, automatic interaction detection, and the ability to extract insights from new data sources. Fintech disruptors built their credit assessment approaches primarily on these newer technologies, often claiming to serve previously underbanked populations better than traditional methods.

But advanced algorithms do not necessarily make for better credit decisions. The increased complexity raised important questions about explainability, fairness, and governance. How do you explain to a customer why they were declined? How do you ensure your models aren't discriminating against certain groups? How do you validate and monitor something you can't fully interpret?

Today's Requirements: The Transparency and Trust Imperative

The growing emphasis on model risk management reflects the maturation of credit risk modelling as a discipline. Modelling teams and model risk managers are challenged with the following:

Comprehensive Governance Frameworks: Formal approaches to inventory, validate, and monitor models

Explainable AI (XAI): Methods to interpret and understand complex model decisions

Fairness and Bias Detection: Tools to identify and mitigate unintended discrimination

Regulatory Focus on Advanced Analytics: New guidance specifically addressing AI/ML use

The trade-off between model complexity and explainability is not an either/or decision. It's about finding the right balance for each specific application.

Financial institutions now find themselves balancing the potential performance improvements of complex models against increased scrutiny and the need for transparency. This has driven investment in techniques to make "black box" models more interpretable and accountable.

Where Are We Heading?

So what does the road ahead look like for credit risk modelling? Several trends are emerging that will likely shape the future:

1. Purpose-Built Modelling Processes

Different modelling approaches will be deployed for different purposes:

  • Production-Ready Models: Highly automated build, validate, deploy and monitor processes for defined operational purposes

  • Exploratory Models: More flexible approaches for emerging risks, new model outputs or objectives and new market segments

  • Appropriate Guardrails and Controls: The right level of human oversight based on the model's purpose and impact

The key is recognizing that no single approach fits all purposes. The future isn't about ML versus traditional methods - it's about having the right tools for each specific job or purpose.

2. Enhanced Human-AI Collaboration

Rather than fully automated systems, we're heading towards more effective collaboration between human experts and AI systems:

  • Augmented Intelligence: AI systems that enhance rather than replace human judgment

  • Human Oversight: Particularly for new model objectives or high-stakes decisions

  • Continuous Learning Systems: Models that can adapt to changing conditions while maintaining stability

As the technology advances it supports and enhances human capabilities in making better decisions rather than replacing them entirely.

3. Comprehensive Model Governance

The focus on model risk management will continue to intensify, but with better tools to make it more efficient and rigorous:

  • Automated Documentation: Systems that generate comprehensive model documentation

  • Continuous Monitoring: Real-time assessment of model performance and ‘drifts’

  • Integrated Fairness Metrics: Fairness considerations built into model development and/or data used

  • Regulatory Technology (RegTech): Specialised tools to streamline compliance and reporting

The days of developing a model and leaving it to run indefinitely are long gone. Modern credit risk models require ongoing maintenance, monitoring, and governance.

4. Expanded Data Horizons

The definition of relevant credit data will continue to evolve:

Open Banking Insights: Transaction-level data providing more nuanced risk assessment

Alternative Data Integration: Non-traditional data sources complementing traditional credit information, such as social media and mobile phone usage

Privacy-Preserving Analytics: Techniques that derive insights while protecting sensitive information, using synthetic data for example.

The most successful institutions will be those that can effectively combine traditional and alternative data sources while navigating increasingly complex privacy regulations.

Conclusion

The evolution of credit risk modelling reflects broader technological and societal changes. From simple scorecards to complex AI systems, the journey has been marked by increasing sophistication, regulatory oversight, and ethical considerations.

Success in the future will depend not just on adopting the most advanced techniques but on implementing them in ways that are explainable, fair, and aligned with both business objectives and regulatory requirements. It's about selecting the right modelling approach for each specific purpose and ensuring it's properly maintained and operated.

Financial institutions that can balance innovation with governance, performance with transparency, and automation with human oversight, will be best positioned to manage credit risk effectively in the years ahead.

If you'd like to learn more about how we're approaching these challenges, please get in touch.

Mark Thompson
Previous

Beyond the Algorithms – successful credit risk modelling
Next

Experiences of using Python for credit risk modelling