Credit Risk Management CCP Notes






This paper is intended to equip the candidate with the knowledge, skills and attitudes to effectively manage credit risk in an organisation.



A candidate who passes this paper should be able to:

  • Identify credit risks posed by different customers’ borrowing proposals
  • Assess, analyse and measure risks in borrowing proposals in line with an entity’s risk profile, using appropriate models and methodologies
  • Mitigate credit risks posed by borrowing proposals, based on their driving factors, and minimise their impact on profitability
  • Undertake credit risk monitoring and evaluation and report results, probabilities and impact of risk
  • Understand the working of credit risk insurance
  • Evaluate the impact of credit risk management on stakeholders



  1. Overview of Risk Management.

1.1 Definition of risk

1.2 Risks inherent in business organizations

1.3 Risk management process

1.4 Monitoring and evaluating risks


  1. Fundamentals of credit risk

2.1 Meaning of credit risk

2.2 Need for credit risk analysis/ why manage credit risk/Credit risk management objectives

2.3 Causes of credit risk/Types of transactions that create credit risk

2.4 Who is exposed to credit risk?

2.5 Credit risk and return

2.6 Historical progress of credit risk analysis

2.7 Elements of credit risk analysis

2.8 Challenges of credit risk analysis


  1. Assessing Credit Worthiness

3.1 The Credit appraisal process

3.2 Sources of information for credit appraisal

3.3 Overview of quantitative and qualitative credit assessment

3.4 Individual and corporate credit risk assessment

3.5 Models used in credit assessment (Five C’s of credit, CAMPARI, CCCPARTS)

3.6 Checklist for credit risk origination; Financial and non-financial firms

  1. Credit governance overview

4.1 Credit guidelines/policies

4.2 Setting Credit limits

4.3 Skill s and oversight

4.4 Strategic position of credit risk management

4.5  Management context of credit risk management

4.6 Credit risk management structure

4.7 Credit risk culture and credit risk appetite

4.8 Credit management process


  1. Measurement of credit risk

5.1 The exposure

5.2 Default Probability

5.3 The recovery rate

5.4 Obligation tenure/period

5.5 Direct versus contingent exposure

5.6 The expected loss


  1. Firm (or Obligor) credit risk

6.1 Business risks or operating risks

6.2 Financial risks

6.3 Risk matrix

6.4 Different risk levels (Low, medium and high)


  1. External Risks

7.1 Credit risk in the business cycle

7.2 Economic conditions

7.3 Fiscal and monetary policies, balance of payments & exchange rates

7.4 Political risk

7.5 Demographic factors

7.6 Regulatory framework

7.7 International developments

7.8 Others (technology and environment issues)

7.9 Monitoring external risks


  1. Overview of Industry risks

8.1 Understanding obligor’s industry or market

8.2 Types of industry risks, business cycles and industry life cycle

8.3 Industry and factors of production

8.4 Industry profitability (Existing firms’ competition, threat of new entrants, threat of substitute products and bargaining powers)

8.5 Competitor/peer group analysis


  1. Entity level risks

9.1 Understanding the activity

9.2 Risk context and management

9.3 Internal risk identification steps

9.4 SWOT Analysis

9.5 Business strategy analysis

9.6 Management analysis

9.7 Other internal risks


  1. Integrated view of firm-level risks

10.1 Relevance if integrated view

10.2 Identifying significant credit risks

10.3 Risk Mitigations (Qualitative and quantitative)

10.4 Principles of selecting risk mitigations

10.5 Planning and Monitoring of credit risk



Complete copy of CCP Credit Risk Management Notes is available in SOFT copy (Reading using our MASOMO MSINGI PUBLISHERS APP) 

Phone: 0728 776 317





Definition of risk

In credit management, risk refers to the probability that a borrower will default on a loan or other financial obligation. Credit risk is one of the main types of risks that financial institutions and businesses face when extending credit to customers or clients.

There are various factors that can contribute to credit risk, such as the borrower’s financial stability, credit history, and ability to make payments on time. In order to manage credit risk, businesses may use tools such as credit scoring, financial analysis, and collateral requirements to assess the risk associated with a particular borrower.

Managing credit risk is an important part of financial risk management, as defaults on loans can have significant financial consequences for lenders and can impact a business’s profitability and financial stability.


Risk management strategy definition

A risk management strategy is a key part of the risk management lifecycle. After identifying risks and assessing the likelihood of them happening, as well as the impact they could have, you will need to decide how to treat them. The approach you decide to take is your risk management strategy. This is also sometimes referred to as risk treatment.

There are four main risk management strategies, or risk treatment options:

  • Risk acceptance
  • Risk transference
  • Risk avoidance
  • Risk reduction


Choosing the right one will mean the difference between managing each potential risk effectively or facing serious consequences that could damage your business. Let’s take a closer look at what these four approaches involve and some examples of when you could use them.


Types of risk management strategy

Risk acceptance

Risk acceptance definition: A risk is accepted with no action taken to mitigate it.

This approach will not reduce the impact of a risk or even prevent it from happening, but that’s not necessarily a bad thing. Sometimes the cost of mitigating risks can exceed the cost of the risk itself, in which case it makes more sense to simply accept the risk. After all, why spend Ksh 200,000 to prevent a Ksh 20,000 risk?

However, this approach does come with a gamble. You will need to be sure that, if the risk does occur in the future, then you will be able to deal with it when the time comes. Because of this, it is best to accept risks only when the risk has a low chance of occurring or will have minimal impact if it does occur.


Risk transference

Risk transference definition: A risk is transferred via a contract to an external party who will assume the risk on an organisation’s behalf.

Choosing to transfer a risk does not entirely eradicate it. The risk still exists, only the responsibility for it shifts from your organisation to another.

An example of this would be travel insurance. You don’t accept the risk of a lost suitcase or an accident abroad and the costs that this would bring – you pay a travel insurance company to bear the financial consequences for you.

The same goes for the workplace. You may outsource work – and the risks that come with it – to a contractor. In finance, you may adopt a hedging strategy to protect your assets or investments.


Risk avoidance

Risk avoidance definition: A risk is eliminated by not taking any action that would mean the risk could occur.

If you choose this approach, you are aiming to completely eliminate the possibility of the risk occurring. One example of risk avoidance would be with investment. If, after analysing the risks associated with that investment, you deem it too risky, then you simply do not make the investment.

Treating risks by avoiding them should be reserved for risks that would have a major impact on your organisation if they were to occur. However, if you avoid every risk you come up against, you may miss out on positive opportunities. You never know, that investment you decided not to make could have paid off. That is why it’s important to thoroughly analyse risks and make the most informed judgement you can.


Risk reduction

Risk reduction definition: A risk becomes less severe through actions taken to prevent or minimise its impact.

Risk reduction is a common strategy when it comes to risk treatment. It is sometimes known as lowering risk. By choosing this approach, you will need to work out the measures or actions you can take that will make risks more manageable.

One example of risk reduction would be within manufacturing and the risk of products being produced to incorrect specifications. Using a quality management system can lower the chance of this happening, so this would be a method of risk reduction. In the finance industry, you may face risks associated with new regulations. Implementing a digital solution to help you manage regulatory requirements can mitigate the risks of non-compliance and would therefore also be an example of risk reduction.


Risk infrastructure

Risk infrastructure refers to the systems, processes, and technologies that organizations use to identify, assess, and manage risks. This can include things like risk management software, crisis management plans, and internal audit systems. The goal of a robust risk infrastructure is to help organizations anticipate and mitigate potential risks that could negatively impact their operations, reputation, or financial stability.


Risks inherent in business organizations

Financial Risks

Companies must generate sufficient cash flow to make interest payments on loans and to meet other debt-related obligations on time. Financial risk refers to the flow of money in the business and the possibility of a sudden financial loss. A company may be at financial risk if it doesn’t have enough cash to properly manage its debt payments and becomes delinquent on its loans.

Businesses with relatively higher levels of debt financing are considered at higher financial risk, since lenders often see them as having a greater chance of not meeting payment obligations and becoming insolvent. Types of financial risk include:

  • Credit risk: When a company extends credit to customers, there is the possibility that those customers may stop making payments, which reduces revenue and earnings. A company also faces credit risk when a lender extends business credit to make purchases. If the company doesn’t have enough money to pay back those loans, it will default.
  • Currency risk: Currency risk, also known as exchange-rate risk, can arise from the change in price of one currency in relation to another. For example, if a U.S. company agrees to sell its products to a German company for a certain amount of euros, but the value of the euro rises suddenly at the time of delivery and payment, the U.S. business loses money because it takes more dollars to buy euros.
  • Liquidity risk: A company faces liquidity risk when it cannot convert its assets into cash. This type of business risk often occurs when a company suddenly needs a substantial amount of cash to meet its short-term debt obligations. A manufacturing company may not be able to sell outdated machines to generate cash, for example, if no buyers come forward.

Ideas for managing financial risks:

  1. Aim to operate on a lean budget with a low overhead and minimal debts, saving as much money as possible to maintain a steady cash flow.
  2. When seeking loans, look for those with the lowest interest rates possible.
  3. Pay attention to fluctuations in foreign currency rates.
  4. Make regular debt payments on time.

If a company relies on just one or a handful clients for most of its revenue, its financial risk could be significant if one or a few stop using its services. Businesses may want to diversify their customer base so the loss of one client wouldn’t devastate their bottom line.


Compliance and Legal Risks

A company faces compliance or legal risks if it violates government laws or regulatory standards. A business may face compliance risk, for example, if it fails to follow environmental regulations, such as meeting certain pollution and hazardous waste standards.

In certain industries, such as financial services, laws were enacted to protect consumers, so both small and large banks must comply with a variety of lending and financial disclosure regulations. Companies can also expose themselves to legal risks by breaking contracts with suppliers and other partners, which could subject them to lawsuits.

Employers are also legally responsible for providing safe and healthy working conditions for their employees, and different industries may need to follow a variety of safety requirements. Plus, companies need to comply with equal opportunity laws that make it illegal for them to discriminate against a job applicant or employee.

Companies that violate laws and regulatory standards are subject to a variety of punishments, including fines against the company, prison time for executives, and reputation damage with customers and other stakeholders.

Ideas for managing compliance and legal risks:

  • Consider hiring legal professionals and human resources personnel who are aware of relevant laws and can defend the company against lawsuits or other disputes that may arise between the company and its employees, customers, suppliers, and other partners.
  • Invest in technology solutions that help ensure automatic compliance with certain regulations. For example, timekeeping software that ensures employees are paid correctly and are working the hours they are assigned.

Cybersecurity Risks

As more businesses use online and mobile channels for sales and e-commerce payments, as well as for collecting and storing customer data, they are exposed to greater opportunities for hacking, creating security risks for companies and their stakeholders. Both employees and customers expect companies to protect their personal and financial information, but despite ongoing efforts to keep this information safe, companies have experienced data breaches, identity theft, and payment fraud incidents.

When these incidents do happen, consumer confidence and trust in companies can take a dive. Not only do security breaches threaten a company’s reputation, but the company is sometimes financially liable for damages.

Ideas for managing security risks:

  • Invest in fraud detection tools and software security solutions.
  • Educate employees about how they can do their part to keep the company’s data safe. Basic guidance includes not clicking suspicious links in emails or sharing sensitive data without encrypting it first.

Operational Risks

A business is considered to have operational risk when its day-to-day activities threaten to decrease profits. Operational risks can result from employee errors, such as undercharging customers. Additionally, a natural disaster like a tornado, hurricane, or flood might damage a company’s buildings or other physical assets, disrupting its daily operations.

Of course, one of the starkest examples of negative impacts to companies’ production and supply chain operations is the Coronavirus pandemic. In an April 2022 Small Business Pulse Survey conducted by the U.S. Census Bureau, roughly 65 percent respondents reported that the pandemic had either a moderate negative effect or a large negative effect on their business.

Ideas for managing operational risks:

  • Make time for necessary employee training to minimize internal mistakes.
  • Develop contingency plans to shield against external events that may impact operations. For example, a restaurant impacted by a natural disaster might be able to partner with another local restaurant, bar, or coffee shop to use their kitchen and sell to-go items.

Reputational Risks

Reputational risk can include a lawsuit against a company, a product safety recall, negative publicity, and negative reviews online from customers. Companies that suffer reputation damage can even see an immediate loss of revenue, as customers take their business elsewhere. Companies may experience additional impacts, including losing employees, suppliers, and other partners.

Ideas for managing reputational risks:

  • Pay attention to what customers and employees say about the company both online and offline.
  • Commit not only to providing a quality product or service, but also to ensuring that workers are trained to deliver excellent customer service and to resolve customer complaints, offer refunds, and issue apologies when necessary.


Risk management process

Risk management encompasses the identification, analysis, and response to risk factors that form part of the life of a business. Effective risk management means attempting to control, as much as possible, future outcomes by acting proactively rather than reactively. Therefore, effective risk management offers the potential to reduce both the possibility of a risk occurring and its potential impact.

Five Essential Steps of A Risk Management Process

  1. Identify the Risk
  2. Analyze the Risk
  3. Evaluate or Rank the Risk
  4. Treat the Risk
  5. Monitor and Review the Risk

Step 1: Identify the Risk

The initial step in the risk management process is to identify the risks that the business is exposed to in its operating environment.

There are many different types of risks:

  • Legal risks
  • Environmental risks
  • Market risks
  • Regulatory risks etc.

It is important to identify as many of these risk factors as possible. In a manual environment, these risks are noted down manually. If the organization has a risk management solution employed all this information is inserted directly into the system.

The advantage of this approach is that these risks are now visible to every stakeholder in the organization with access to the system. Instead of this vital information being locked away in a report which has to be requested via email, anyone who wants to see which risks have been identified can access the information in the risk management system


Complete copy of CCP Credit Risk Management Notes is available in SOFT copy (Reading using our MASOMO MSINGI PUBLISHERS APP) 

Phone: 0728 776 317


(Visited 174 times, 1 visits today)
Share this:

Written by