IFRS 9 Audit Trail: What Regulators Expect and How to Build One

Why audit trail matters more than the ECL number

Under IFRS 9, banks must not only calculate Expected Credit Loss correctly — they must demonstrate that the process is governed, controlled and reproducible. EBA Guidelines on ECL estimation (EBA/GL/2017/06) explicitly require institutions to document the methodology, assumptions and judgements used. Without documentation, even a correct ECL number can be challenged.

What an IFRS 9 audit trail must contain

For each loan in your portfolio, the audit trail must record: the input data used at the time of classification (DPD, borrower rating, collateral value, sector outlook), the SICR indicators that were checked and which ones triggered, the specific IFRS 9 paragraph that supports each classification decision, the stage assigned and the ECL calculated, the calculation formula applied (PD, LGD, EAD values), whether the classification was rule-based or involved human judgement, and a timestamp showing when the classification was made.

The immutability requirement

A critical but often overlooked requirement: audit records must be immutable. Once a classification is logged, it cannot be altered. If you need to reclassify a loan, the original record must be preserved alongside the new classification. This allows regulators to see the full history of how each loan was treated across reporting periods. Excel-based audit trails fundamentally cannot meet this requirement — cells can be overwritten, rows deleted, formulas changed without trace.

IFRS 9 paragraph references in the audit trail

Best practice is to log the specific IFRS 9 paragraph that triggered each classification decision. For example: DPD > 30 days triggers SICR per §B5.5.28. DPD >= 90 days triggers default presumption per §B5.5.37. Borrower rating downgrade of 2+ notches triggers SICR per §B5.5.17(c). LTV > 90% triggers SICR per §B5.5.17(g). This level of documentation demonstrates that your classification process is policy-aligned and regulator-facing.

What regulators look for during an IFRS 9 review

During an IFRS 9 model review or regulatory inspection, examiners typically look for: consistency between reporting periods (same methodology applied), evidence that forward-looking information was considered, documentation of management overlays and their justification, traceability from inputs to outputs, and evidence of governance — who reviewed the results, when and what changes were approved. A well-structured audit trail addresses all of these.

Common audit trail failures

The most common failures in IFRS 9 audits: no documentation of which SICR indicators were checked (not just triggered), no record of data used at time of classification (retrospective changes possible), no IFRS 9 paragraph references, audit trail stored in editable format (Excel, Word), and classification methodology not reproducible (results differ if re-run).

How LoanStage builds the audit trail

LoanStage automatically generates an immutable audit record for every loan classification. Each record contains: loan_id, portfolio_id, all input data used, every SICR indicator checked and those triggered (with IFRS 9 paragraph references), stage assigned, ECL calculated with formula, classification method (deterministic or AI-assisted), and UTC timestamp. Records are stored in append-only format and exportable as CSV for regulatory submissions.

LoanStage generates an immutable IFRS 9 audit trail for every loan classification. Download a sample ECL report to see what the output looks like.