A diagnostic scenario for South African bank CFOs and risk committees where an IFRS 9 ECL provision model is undermined by inconsistent loan exposure data across systems.
The problem is not always the IFRS 9 model. In many South African banks, the model logic may be documented, independently reviewed, and mathematically sound — while the loan exposure data feeding it is inconsistent across origination, core banking, collections, collateral, finance, and risk reporting systems.
That is a dangerous position for a CFO and risk committee. Expected credit loss (ECL) provisions affect earnings, capital planning, audit scrutiny, and market confidence. If the bank cannot explain why exposure numbers differ between finance, credit risk, and the IFRS 9 engine, the debate quickly shifts from modelling judgement to data credibility.
This article sets out an illustrative diagnostic scenario. It is not a client case study. It reflects a common pattern in banking environments where loan books have grown across products, legacy platforms, acquisitions, manual workarounds, and regulatory reporting demands. For related banking examples, see Zorinthia’s broader banking examples section.
Consider a generic South African bank with a mixed retail and small business lending book. It has unsecured personal loans, vehicle finance, home loans, overdrafts, revolving credit, and SME term facilities.
At quarter-end, the IFRS 9 ECL model produces a provision increase that is higher than expected. Credit risk points to pressure in certain segments: higher arrears, weaker affordability, and increased restructuring. Finance accepts that the macroeconomic outlook is not benign. Interest rates, consumer stress, business failures, and load-shedding-related revenue interruptions have all affected customers.
But the provision movement still does not reconcile cleanly.
The CFO’s team compares the exposure base used in the ECL model with the general ledger and management accounts. The totals differ. Risk analytics compares the same model input with credit portfolio reports. Those numbers also differ. Collections reports show more accounts in late-stage delinquency than the IFRS 9 staging file appears to capture.
The first instinct is to challenge the model. That may be necessary later. But the more immediate question is simpler: is the loan book exposure data consistent enough to support the provision?
This is the core issue behind IFRS 9 data quality banking South Africa discussions. The board does not only need an ECL result. It needs confidence that the result is built on a controlled, explainable data foundation.
IFRS 9 ECL calculations depend on several major components, including probability of default, loss given default, exposure at default, staging, forward-looking information, and effective interest rate treatment. In practice, many provision failures begin with exposure definitions.
Different systems may each hold a “balance”, but those balances are not always the same thing.
A core banking platform may store current capital outstanding. A collections system may include arrears interest and fees. Finance may report gross carrying amount after specific accounting adjustments. A risk data mart may include committed but undrawn exposure for certain products. A spreadsheet used by a product team may exclude written-off accounts or restructure flags because it was designed for operational monitoring, not financial reporting.
For a mortgage account, the difference may be small on one loan but material across a book. For an overdraft or revolving facility, the definition becomes more complex: drawn exposure, available limit, credit conversion assumptions, suspended limits, and facility expiry dates all matter. For SME lending, collateral values and guarantee coverage may sit outside the main loan system, making the loss estimate sensitive to data joins.
The diagnostic question is therefore not “which balance is correct?” in isolation. It is: “which exposure definition is appropriate for each ECL use, who approved it, where is it sourced, and how is it reconciled?”
Without that discipline, the same account can legitimately appear with different values in different reports, while nobody can prove which value entered the provision.
ECL staging is particularly sensitive to inconsistent loan data.
A Stage 1 account generally attracts a 12-month expected credit loss. A Stage 2 account reflects a significant increase in credit risk and requires lifetime ECL. Stage 3 reflects credit-impaired exposure. Moving a loan between stages can materially change the provision, even if the outstanding balance has not changed much.
Now consider common data issues:
These are not abstract technical defects. They affect whether an account is treated as performing, significantly deteriorated, or credit-impaired.
A risk committee may receive a slide showing Stage 2 growth in the SME portfolio. The CFO may receive a finance pack showing stable impairments. The audit team may find account-level exceptions where the staging rule was not triggered because the relevant flag was missing from the model input. Each view may be partially explainable, but the institution still lacks one controlled version of the staging truth.
This is where an ECL staging discussion becomes a governance discussion.
A sound diagnostic does not begin by replacing the IFRS 9 model. It begins by tracing the data path from the originating loan account to the final provision journal.
For each major product, the bank should map the route of the account-level data:
This mapping should be done at data-element level, not only at system level. “Exposure” is too broad. The bank needs to know the source and treatment of drawn balance, accrued interest, arrears amount, undrawn commitment, suspended limit, collateral value, default date, cure date, and product code.
For a South African bank dealing with legacy systems and operational pressure, this exercise can feel basic. It is not. It is often the first time finance, credit risk, IT, collections, and product teams agree on how the same loan travels through the organisation.
It also exposes dependency risks. If a load-shedding event disrupts overnight processing, does the ECL extract run on incomplete data? If a batch fails, is there a formal rerun control or does an analyst patch the file manually? If a month-end process depends on one specialist who understands an old product table, that is not a sustainable control environment.
Many banks reconcile totals. That is necessary, but not sufficient.
If the ECL model input total is R10 billion and finance reports R10.1 billion, the gap may be visible. But a small net difference can hide large offsetting errors. One product may be overstated, another understated. Stage 2 balances may be wrong even if the total book exposure appears close.
A better diagnostic uses a reconciliation ladder:
| Reconciliation level | Purpose |
|---|---|
| Account-level matching | Confirms whether the same loans exist in each source |
| Balance component comparison | Separates capital, interest, fees, arrears, and limits |
| Product and segment totals | Shows where differences concentrate |
| Stage and default status comparison | Tests whether risk classification aligns |
| Finance posting bridge | Connects model output to accounting entries |
This approach gives the CFO and risk committee a clearer view of whether the provision issue is isolated or systemic.
For example, the diagnostic may find that home loan balances reconcile well, but revolving credit exposures differ because available limits are treated inconsistently. It may find that SME restructures are correctly approved but poorly reflected in downstream data. It may show that the general ledger is reliable for financial reporting, while the model input is weak on behavioural risk indicators.
Those distinctions matter. They prevent a broad and expensive remediation programme when the real defect sits in a narrower part of the loan book.
IFRS 9 data work involves personal and financial information. In South Africa, POPIA obligations are directly relevant. A diagnostic team should not create uncontrolled copies of customer-level loan data across shared drives and spreadsheets simply because the provision timetable is tight.
Minimum controls should include defined access, purpose limitation, secure transfer, retention rules, and masking where full identifiers are not required. The bank also needs to consider how data is shared with auditors, external specialists, and model reviewers.
There is also a prudential dimension. SARB-facing reporting, capital adequacy analysis, stress testing, and impairment governance all depend on overlapping credit data. If the bank fixes IFRS 9 data in isolation, it may create another silo. The stronger approach is to connect impairment data remediation with wider credit risk data governance. Zorinthia discusses this broader discipline in credit risk data governance.
The point is practical: a bank should not solve a reporting problem by weakening privacy, control, or regulatory traceability.
Executives do not need to inspect every data field. They do need to ask sharper questions than “has the model been validated?”
The following questions usually reveal whether the institution has control over its IFRS 9 data foundation:
If the answer to several of these questions is unclear, the risk is not only an accounting adjustment. The bank may be making pricing, collections, capital, and portfolio decisions using inconsistent views of the same loan book.
In this scenario, the diagnostic does not conclude that the ECL model is useless. It finds something more specific.
The model may be calculating correctly against the file it receives. The weakness sits upstream: inconsistent exposure definitions, incomplete staging indicators, weak reconciliation, and undocumented manual adjustments.
A typical finding might read as follows:
The IFRS 9 ECL process is materially dependent on loan exposure data assembled from multiple systems with inconsistent balance definitions. Current reconciliations are performed mainly at aggregate level and do not provide sufficient account-level evidence for staging, exposure, and finance posting completeness across all material portfolios.
That kind of finding gives executives a decision path. It separates immediate provision assurance from longer-term data improvement.
Short-term actions may include targeted reconciliations for high-risk portfolios, formal approval of model input adjustments, and additional audit evidence for quarter-end reporting. Medium-term actions may include a controlled exposure data dictionary, automated account-level reconciliation, stronger staging flag integration, and clearer ownership between finance and credit risk.
The aim is not data perfection. It is enough control, consistency, and evidence for the provision to be trusted.
An IFRS 9 provision is a financial statement number, but it is also a test of the bank’s data discipline. When loan exposure data differs across systems, the CFO and risk committee should resist the temptation to treat the issue as a modelling debate only.
The next step is a focused diagnostic: select the material portfolios, trace the exposure and staging data from source to provision, reconcile at account level, and identify which breaks could change the ECL result.
The board-level question is simple: can management prove that the loan book used for IFRS 9 is complete, consistently defined, and reconcilable to the bank’s financial records? If not, the provision number may still be calculated — but it is not yet well controlled.