CovenantFlow
← All insights
IndustryJune 24, 2026·6 min read

Why now: three forces have converged on covenant operations

For 30 years the spreadsheet survived because the alternatives were worse. Then rates exposed the gap, examiners started looking, and AI got audit-grade. Here is what changed.

CT

CovenantFlow Team

Catalyze Labs

Industry chart: Commercial DSCR decline, 24-month trend

Every commercial bank we have talked to runs covenant operations the same way: a spreadsheet that three people understand, a binder of PDFs, and a quarterly review that surfaces what already happened. That workflow survived for 30 years because nothing better was available at a price the bank would pay. Three things changed in the last 24 months, and the math no longer works.

Force one: rates exposed the gap

Median commercial DSCR has moved from 1.65x to 1.42x in 24 months. The bottom decile is at the covenant floor. The chart above is built from a blend of our pilot-portfolio data and the Fed H.8 release; it lines up with what every credit officer we have spoken to is also seeing inside their own books.

What the chart does not show, because nobody graphs lag, is the operational consequence. A bank that monitors quarterly catches the trajectory two to three reporting cycles after it turns. That was tolerable when the median sat comfortably inside the band. With the median itself drifting toward the floor and the bottom decile already through it, quarterly monitoring is now structurally late by definition. The information arrives after the decision window closes.

This is not a thesis about credit cycles. It is a thesis about reporting cadence. The trajectory was always observable; the operating model just was not built to surface it before breach. In a 1.65x-median world, the model worked. In a 1.42x-median world, it does not.

Force two: examiners are looking

Examiner posture on covenants has shifted noticeably in the last 18 months. MRA volume on covenant topics is up roughly 40% over the prior cycle, based on what we hear from advisors and former examiners working across our customer base. The substantive concern is not whether banks have covenants. It is whether the bank can produce the source clause, the calculation trail, and the borrower's contemporaneous documentation when asked.

A specific finding pattern has emerged: borrower-attested compliance certificates that the bank accepted at face value, without independent verification, are being flagged as inadequate. The compliance certificate is the borrower's number. The audit position is the bank's number. Until recently, examiners treated those as the same document. They no longer do.

The implication is operational, not strategic. Banks have to be able to produce, for any covenant on any loan, the contractual definition, the calculated value, the source documents, and the timestamp on each. That is achievable only with structured data. It is not achievable with a spreadsheet that pulls a borrower-reported number into a workbook on day 47.

Force three: AI is finally good enough

The historical block on automating covenant operations was not the absence of demand. It was that the available tooling failed the audit test. A summary from a 2022-era model was useful to an analyst and useless to an examiner. The first question in any model-risk review, then or now, is "how do you know what the model said is correct?" and the available answer was either "we don't" or "we re-read it manually," which defeated the point.

That changed in the last 24 months. The architecture that works is not the model itself; it is the structure around it. Three things in combination produce audit-grade output:

  • Citation-linked extraction. Every covenant field is tied to a source document, page, and verbatim quote. The reviewer sees the source text inline. "The model said so" is never the audit answer.
  • Strict structured schema. Carve-outs, step-ups, definition substitutions, and cure rights are first-class fields. The model populates each with a citation or marks it not-present explicitly. Silent omissions are impossible by construction.
  • Re-read passes. The first extraction produces a candidate. The second pass re-reads for the patterns the first pass most often misses. The third pass cross-checks computed values against the contractual definition. The cost per loan is small; the silent-error reduction is large.

Together, these align with the lineage of SR 11-7 model-risk frameworks. The architecture is the moat with regulated buyers, and it is the answer to the model-risk question that previously stopped automation at the door.

What changed and what it implies

Three years ago, a bank making the case internally for purpose-built covenant infrastructure had to argue for it on convenience or analyst time. Today, the argument is different in kind. Quarterly monitoring is structurally late against the credit trajectory the loan book is actually on. Examiner expectations have shifted in a way that quarterly spreadsheet operations cannot satisfy. And the model risk story that previously blocked automation has flipped: with citation, schema, and re-read passes, AI extraction is more defensible than the spreadsheet it replaces, not less.

For 30 years the spreadsheet survived because the alternative was worse. That stopped being true in 2024. The banks that are moving now are not chasing a trend. They are matching their operating model to the credit cycle their portfolios are already in.

See covenants, read by AI.

Walk through CovenantFlow on a real loan document. 30 minutes, one call.