Every credit override — every loan approved outside the parameters of the credit policy — creates a regulatory obligation. The ECB / EBA's supervisory expectations under the Internal Ratings-Based approach and the EBA consumer protection standards require that exceptions to credit policy be documented with the reason, the authority level of the approver, the compensating factors that justified the exception, and the outcome data that allows the supervisor to assess whether the exception population performed differently from the standard portfolio. The Credit Exception Agent AI creates this documentation automatically, at the moment of override, for every exception — so when the ECB / EBA inspection team asks for the exception register, it already exists, is complete, and contains every field the examination team needs.
What ECB / EBA examiners look for in a credit exception file
A credit exception, in the ECB / EBA supervisory context, is any loan where the sanctioning authority approved terms that deviate from the Board-approved credit policy. This includes credit score exceptions (loan approved below the policy minimum), DTI exceptions (loan approved where the borrower's fixed obligation-to-income ratio exceeds the policy ceiling), LTV exceptions (security value lower than the policy minimum), tenure exceptions, and product-combination exceptions (lending to a borrower who has existing delinquency at the institution in a different product).
ECB / EBA examination teams assess exceptions on four dimensions. First, documentation completeness: does the exception file record the specific policy parameter that was breached, the magnitude of the breach, the compensating factor(s) cited, and the authority level of the approver? Second, authority appropriateness: was the override approved at the level the Board has delegated for that type and magnitude of exception — or was it approved below that level? Third, concentration: is a disproportionate share of exceptions originating from a single geography, product line, officer, or referral partner — suggesting systematic policy avoidance rather than case-by-case judgement? Fourth, performance: how did the exception population perform versus the standard portfolio? An institution that has high exception rates and higher exception DPD relative to standard portfolio DPD has a credit governance problem that the examiner will escalate.
"An exception that is not documented does not exist as far as the regulator is concerned — until it defaults. Then it becomes evidence of a governance failure rather than a credit judgement."
The exception record: every field, populated at the moment of override
Credit Exception Record — EXC-2025-11-0847 · Auto-generated Nov 14, 2025 · 11:42 AM
Loan application: LA-2025-18841 · Override type: credit score + DTI combined · Status: Approved
Policy parameter breached (1)credit score minimum: Policy requires 680 minimum for SME term loan. Borrower credit bureau: 648. Breach magnitude: −32 points (4.7% below minimum).
Policy parameter breached (2)DTI ceiling: Policy maximum DTI for SME term loan is 65%. Borrower DTI at proposed instalment: 68.4%. Breach magnitude: +3.4pp (5.2% above ceiling).
Compensating factor (1)VAT outward supply growth: €42L (Q3 FY24) → €68L (Q3 FY25) — +61.9% YoY. Verified against GSTN data. Strong business growth trajectory suggests credit score lags actual creditworthiness improvement.
Compensating factor (2)Existing relationship: Borrower has a €12L working capital facility with this institution (LA-2024-4218) — 22 months, zero DPD. Internal track record compensates for bureau score weakness.
Compensating factor (3)Property security offered: Residential property at Seville valued €38.2L (6-month valuation) securing the €18.4L loan — LTV 48.2%. Security mitigates both credit bureau and DTI breach risk.
Approver authority checkVERIFIED: ZCM authority covers combined credit bureau + DTI exception with compensating security up to €20L. This approval is within delegated authority. No Board/CEO escalation required.
Exception outcome monitoringAuto-flagged for 90-day DPD review. If DPD 0 at 90 days: exception classified as performing. If DPD 30+ at 90 days: exception classified as adverse outcome and included in quarterly exception performance report to Board Risk Committee.
Comparison to policy benchmarkcredit bureau 648 with 61.9% VAT growth: historically, borrowers in this profile who also have an existing zero-DPD relationship have a 90-day DPD rate of 4.8% — vs 3.2% for standard SME portfolio. Risk uplift: +1.6pp. Within exception tolerance.
Regulatory classificationException type: Discretionary / Compensating factor. Not: systematic, structural, or authority breach. Board policy allows up to 8% of SME portfolio by value as compensating-factor exceptions. Current portfolio exception rate: 4.2%. This exception keeps portfolio within tolerance.
Full approval chain — timestamped and immutable
Nov 14 · 09:28 AMRM: Suresh AnandApplication submitted to credit with exception flag raised — credit bureau and DTI breach noted
Nov 14 · 10:04 AMCredit AIException record auto-generated · 9 documentation fields populated · Compensating factors identified from CBS, GSTN, and valuation data · Authority routing determined
Nov 14 · 10:48 AMACM: Priya RajanException reviewed · Recommended approval to ZCM based on VAT growth and existing relationship · Noted property security
Nov 14 · 11:38 AMZCM: Mohan BabuApproved: "VAT growth and zero DPD relationship are compelling. Property security is adequate. DTI breach is marginal. credit bureau 648 is acceptable given compensating factors." Override comment locked and timestamped.
Nov 14 · 11:42 AMCredit Exception AIRecord completed and locked · Appended to exception register · 90-day DPD monitoring flag set · Regulatory reporting flag set for Q4 Board Risk Committee report
The documentation fields that make the difference in an ECB / EBA inspection
Three fields in the exception record are the ones that ECB / EBA examiners most consistently flag when they are absent or inadequate. The first is the compensating factor — not the conclusion ("creditworthy despite low credit bureau") but the specific, verifiable evidence ("VAT revenue grew 61.9% YoY, verified against GSTN data"). The examiner does not take the credit team's word for the compensating factor — they look for the data source that supports it. The Credit Exception Agent AI pulls the compensating factor data from the institution's systems at the time of the override and embeds it in the record with source attribution: GSTN data as of Nov 14, CBS account data as of Nov 14, valuation report reference number.
The second is the authority check — confirmation that the approver's authority level covers this type and magnitude of exception. Many institutions have well-designed authority matrices that are inconsistently applied in practice — a Branch Manager approves a combined exception that requires ZCM authority because the ZCM is not available and the Branch Manager did not realise the exception required escalation. The Credit Exception Agent AI runs the authority check automatically before routing — preventing authority breaches at the point of approval rather than discovering them in an audit.
The third is the performance tracking flag — the linkage between the exception record and the subsequent DPD data that allows the institution to demonstrate to the examiner that it monitors how exceptions perform. An exception register that contains 847 approved exceptions from the last 12 months but no DPD outcome data for any of them is a register that tells the examiner the institution approves exceptions but does not know whether those exceptions were good decisions.
EXC-2025-11-0847Every exception has a unique, immutable record ID · Retrievable in under 3 seconds · Examination team can pull any record from any date
11:42 AMRecord locked and completed 4 minutes after ZCM approval · Auto-generated · No manual documentation step · No documentation gap
90-dayDPD monitoring flag set at approval — every exception is tracked to outcome · Performance data available at next examination
4.2%Current SME exception rate vs 8% Board-approved limit · Each new exception updates the portfolio exception concentration metric in real time
The examiner who finds 847 complete exception records with source-attributed compensating factors, timestamped approval chains, and 90-day DPD outcomes has found a credit governance programme that is working — not one that is hiding something
The ECB / EBA's supervisory concerns about credit exceptions are fundamentally concerns about whether the institution knows what its exceptions are, why they were approved, who approved them, and how they performed. An institution that can answer all four questions instantly — because the Credit Exception Agent AI has been building the exception register automatically since the last inspection — demonstrates a credit governance function that is continuously operating, not one that was assembled in the 6 weeks before the inspection visit. The Credit Exception AI's documentation function is not about compliance theatre. It is about building a credit governance infrastructure that is inspection-ready at all times because it is genuinely being operated at all times.
