Credit Risk & Banking career guide

• Money-center bank (JPM, BofA, Citi, Wells)

  Largest teams, deepest specialization — separate CCAR, CECL, model-risk, fraud-strategy, and collections functions. Teradata / Snowflake / Oracle-warehouse-heavy. Regulator visibility is constant; every analysis has an audit trail. Best comp ceiling in the space at director-and-above.

• Card-dominant issuer (Capital One, Discover, Synchrony, Amex)

  The card-risk shops. Heaviest use of champion–challenger, A/B, and reinforcement-learning on line-assignment and collections treatment. SQL + Python is the baseline; FICO / VantageScore segmentation is table stakes. Capital One specifically runs a case-interview loop that resembles MBB consulting.

• Regional / community bank

  Smaller teams of 3–12, broader responsibilities — one analyst may own CECL, concentration reporting, and Call Report tie-outs. Less gated entry, more SAS and Excel legacy. A good door if you come from a commercial-banking or auditing background.

• Fintech / neobank (Chime, SoFi, Affirm, Cash App)

  Modern stack — Snowflake, dbt, Looker, Python-first. Fraud and underwriting models iterate weekly; the regulatory burden is real but leaner than a bank holding company. Less structured interview loops, faster title progression, thinner comp at senior levels but higher equity variance.

• Model validation / MRM

  Second-line-of-defense role — you challenge the models the first-line credit and fraud teams build. SR 11-7 discipline, documentation-heavy, adversarial by design. Strong runway at money-center banks and an unusually high floor on comp because qualified MRM analysts are scarce.

1. 1

   Recruiter screen (30 min)

   Fit check. Be ready to explain why banking vs fintech, and credit-risk vs fraud vs MRM. Card issuers and money-centers will ask about regulator comfort; fintechs ask about shipping cadence.

2. 2

   Hiring manager (45–60 min)

   Behavioral + domain depth. Expect case-style: "30+ DPD ticked up 80 bps MoM — walk me through your investigation." They’re testing whether you decompose into vintage, roll-rate, mix shift, seasonality, and macro in the right order.

3. 3

   Technical SQL screen (60 min, live or take-home)

   Window-function-heavy. Common asks: build a vintage curve of 90+ DPD by MOB from a transaction ledger; compute a monthly roll-rate matrix; detect a velocity cluster of ≥5 auths in 10 minutes. Edge cases matter — what if an account has no activity for 60 days, does it roll forward or drop?

4. 4

   Domain round (varies by team)

   Credit teams: CECL mechanics, CCAR scenario design, loss-timing differences across products. Fraud teams: authorization streams, chargeback economics, Reg E timing. BSA teams: structuring patterns, CTR aggregation, SAR narrative construction. Know which room you’re in.

5. 5

   Model-risk or fraud-strategy panel

   For MRM: SR 11-7 walk-through of a model you’ve worked on — assumptions, limitations, monitoring plan. For fraud strategy: champion–challenger design, out-of-time validation, the cost tradeoff between false-positive friction and net fraud loss.

6. 6

   Behavioral + director / executive

   Communication, conflict tolerance, regulator comfort. At money-center banks, expect a question about defending a number to a regulator or internal audit. "Tell me about a time you were wrong about a model" is a standard MRM question.

“How would you build a vintage curve of 90+ DPD by months-on-book from a delinquency table?”

Define the cohort by origination month, compute months-on-book as the difference between observation date and origination date, pivot to one row per (vintage, MOB) with the share of accounts at 90+ DPD as of that MOB. The trap is letting accounts that close or charge off mid-curve silently drop — carry them forward as still-in-the-cohort-but-worst-state so the denominator stays fixed.

“A roll-rate matrix shows 30–60 DPD → charge-off at 18% this month vs 9% a year ago. What do you check?”

Three things in order: (1) is the denominator stable — did the 30–60 bucket shrink because of forbearance or a product-mix shift? (2) is the numerator real — did charge-off policy (e.g., days-past-due threshold or bankruptcy trigger) change? (3) is it a vintage effect — the current 30–60 cohort is younger/newer origination that was underwritten during a looser period. Averaging unweighted across products hides all three.

“KS vs AUC — when do you prefer each?”

AUC is the probability a random bad ranks above a random good — a global rank-order measure. KS is the max separation between the cumulative bad-rate and good-rate distributions — tells you where in the score range the model discriminates best. Credit shops report both; KS is more useful for cutoff design (set a line where separation peaks), AUC for model comparison when score ranges differ.

“PSI on the PD model came in at 0.18 this quarter. Concerned?”

PSI under 0.10 is stable, 0.10–0.25 is a warning band, above 0.25 is a significant population shift. 0.18 means investigate before taking action. Decompose by score decile to find whether the shift is at the high-risk tail (adverse selection, channel-mix change) or at the middle (onboarding-funnel change). Don’t retrain reflexively — understand the driver first; SR 11-7 docs should describe your threshold and escalation path.

“You notice four customers each made five sub-$10K cash deposits at different branches within a week. What’s the right response?”

Classic BSA structuring pattern — splitting deposits to avoid the $10K CTR threshold. The right action is escalation to the BSA / AML officer and a SAR within 30 days of detection, not a unilateral account action. Structuring is a federal crime under 31 U.S.C. §5324 regardless of whether the underlying funds are illicit. Document the pattern, the customers, and the aggregation logic; preserve the evidence trail.

“Explain CECL to someone who only knows the old incurred-loss model.”

Incurred-loss (ALLL) reserved only for losses that were probable and estimable at the balance-sheet date — backward-looking. CECL reserves for lifetime expected credit losses at origination — forward-looking, vintage-driven, and tied to a reasonable-and-supportable macro forecast. The accounting impact at adoption was a one-time reserve build; the ongoing impact is reserve volatility tied to the macro scenario. Vintage curves feed the lifetime loss; the macro overlay sits on top.

• FRM (Financial Risk Manager, GARP)

  Gold standard

  The credit-risk / market-risk gold standard. Two-part exam, 2–3 years total study, strong signal for hiring managers. Most senior credit-risk analysts at money-center banks have it.

• CAMS (Certified Anti-Money Laundering Specialist, ACAMS)

  Gold standard

  The BSA/AML gold standard. Mandatory signal for fraud/AML teams at banks and for consulting firms serving them.

• CFA (Chartered Financial Analyst)

  Nice to have

  Useful if the role touches IB-adjacent credit (structured products, fixed-income research). Not a differentiator for consumer-credit or card-risk roles.

• CRCM (Certified Regulatory Compliance Manager, ABA)

  Nice to have

  Signal for the compliance/regulatory track specifically. Useful at regional banks and for moving into second-line compliance leadership.

• CQF (Certificate in Quantitative Finance)

  Nice to have

  Math-heavy. Worth it for model-risk and quant-risk pivots; overkill for mainstream consumer-credit analytics.

• SAS Base / Advanced

  Skip

  Still relevant at regional banks on legacy stacks, but most modern shops moved to SQL + Python. Only worth it if the specific employer’s job post names it.

• Conflating charge-offs with write-offs. Charge-off is an accounting action (move from accrual to non-accrual); recoveries post separately and net against gross charge-offs in NCO. Failing to net recoveries inflates the loss rate.
• Ignoring the observation window on vintage cohorts. A 12-MOB curve from a vintage that’s only 9 months old is extrapolation, not measurement.
• Averaging roll rates unweighted. 30–60 → 60–90 rolls must be weighted by balance-at-risk or account-count, not simple-averaged across products.
• Treating CECL as "incurred loss + a macro overlay." CECL is lifetime expected loss at origination; the macro is one input, not a bolt-on.
• Missing Reg E timing. Provisional credit at day 10, final resolution at 45 or 90 depending on card-present status and account age — banks get sued for blowing these clocks.
• Forgetting POS reversals. Counting auths without netting reversals double-counts spend and breaks every downstream metric (approval rate, velocity, chargeback rate).
• Building a fraud model with no out-of-time window. In-sample AUC of 0.92 means nothing if you didn’t hold out a future period.
• Over-indexing on Python / ML at the expense of SQL fluency. Every credit-risk and MRM loop gates on SQL. Python is the year-2 lever, not the year-0 one.

The caseSQL Credit Risk & Banking path can’t teach you Teradata, Snowflake, or the specific schema your target bank runs — those vary per shop. What it does teach is the reasoning: reversal netting so your spend totals don’t double-count, vintage-curve and roll-rate construction with LAG over MOB and bucket, FICO-band segmentation, velocity and structuring detection, CECL lifetime-loss projection, PSI and KS on a model-score distribution, and a champion–challenger backtest with an honest out-of-time window — ending in a portfolio-risk scorecard capstone. Those are the transferable skills that translate to any bank’s warehouse. For a money-center, card-issuer, or MRM interview loop, the Hard and Expert missions are the closest approximation of the whiteboard asks.