|
|
|
|
|
|
Basel ii Accord
Sections 422 to 443 |
|
4. Risk rating system
operations
(i)
Coverage of ratings
422.
For corporate, sovereign, and bank exposures,
each borrower and all
recognised
guarantors
must be assigned a rating and each exposure must
be associated with a facility
rating
as part of the loan approval process. Similarly,
for retail, each exposure must
be
assigned
to a pool as part of the loan approval
process.
423.
Each separate legal entity to which the bank is
exposed must be separately rated.
A
bank
must have policies acceptable to its supervisor
regarding the treatment of
individual
entities
in a connected group including circumstances
under which the same rating may
or
may
not be assigned to some or all related
entities.
(ii)
Integrity of rating
process
Standards
for corporate, sovereign, and bank
exposures
424.
Rating assignments and periodic rating reviews
must be completed or approved
by
a
party that does not directly stand to benefit
from the extension of credit. Independence
of
the
rating assignment process can be achieved
through a range of practices that will
be
carefully
reviewed by supervisors. These operational
processes must be documented in
the
bank’s
procedures and incorporated into bank policies.
Credit policies and
underwriting
procedures
must reinforce and foster the independence of
the rating process.
425.
Borrowers and facilities must have their ratings
refreshed at least on an annual
basis.
Certain credits, especially higher risk
borrowers or problem exposures, must
be
subject
to more frequent review. In addition, banks must
initiate a new rating if
material
information
on the borrower or facility comes to
light.
426.
The bank must have an effective process to
obtain and update relevant and
material
information
on the borrower’s financial condition, and on
facility characteristics that
affect
LGDs
and EADs (such as the condition of collateral).
Upon receipt, the bank needs to have a procedure
to update the borrower’s rating in a timely
fashion.
Standards
for retail exposures
427.
A bank must review the loss characteristics and
delinquency status of each
identified
risk pool on at least an annual basis. It must
also review the status of
individual
borrowers
within each pool as a means of ensuring that
exposures continue to be
assigned
to
the correct pool. This requirement may be
satisfied by review of a representative
sample
of
exposures in the pool.
(iii)
Overrides
428.
For rating assignments based on expert
judgement, banks must clearly
articulate
the
situations in which bank officers may override
the outputs of the rating process, including how
and to what extent such overrides can be used
and by whom. For model-based ratings, the bank
must have guidelines and processes for
monitoring cases where human judgement has
overridden the model’s rating, variables were
excluded or inputs were altered. These
guidelines must include identifying personnel
that are responsible for approving these
overrides. Banks must identify overrides and
separately track their
performance.
(iv)
Data maintenance
429.
A bank must collect and store data on key
borrower and facility characteristics
to
provide
effective support to its internal credit risk
measurement and management process, to enable
the bank to meet the other requirements in this
document, and to serve as a basis for
supervisory reporting.
These
data should be sufficiently detailed to allow
retrospective reallocation
of
obligors and facilities to grades, for example
if increasing sophistication of
the
internal
rating system suggests that finer segregation of
portfolios can be achieved.
Furthermore,
banks must collect and retain data on aspects of
their internal ratings as
required
under Pillar 3 of this
Framework.
For
corporate, sovereign, and bank
exposures
430.
Banks must maintain rating histories on
borrowers and recognised
guarantors,
including
the rating since the borrower/guarantor was
assigned an internal grade, the
dates
the
ratings were assigned, the methodology and key
data used to derive the rating and
the
person/model
responsible. The identity of borrowers and
facilities that default, and the timing and
circumstances of such defaults, must be
retained. Banks must also retain data on the PDs
and realised default rates associated with
rating grades and ratings migration in order to
track the predictive power of the borrower
rating system.
431.
Banks using the advanced IRB approach must also
collect and store a complete
history
of data on the LGD and EAD estimates associated
with each facility and the key
data
used
to derive the estimate and the person/model
responsible. Banks must also collect
data
on
the estimated and realised LGDs and EADs
associated with each defaulted
facility.
Banks
that reflect the credit risk mitigating effects
of guarantees/credit derivatives through LGD
must retain data on the LGD of the facility
before and after evaluation of the effects of
the guarantee/credit derivative. Information
about the components of loss or recovery for
each defaulted exposure must be retained, such
as amounts recovered, source of recovery (e.g.
collateral, liquidation proceeds and
guarantees), time period required for recovery,
and
administrative
costs.
432.
Banks under the foundation approach which
utilise supervisory estimates
are
encouraged
to retain the relevant data (i.e. data on loss
and recovery experience for
corporate
exposures under the foundation approach, data on
realised losses for banks using
the
supervisory slotting criteria for
SL).
For
retail exposures
433.
Banks must retain data used in the process of
allocating exposures to pools,
including
data on borrower and transaction risk
characteristics used either directly or through
use of a model, as well as data on delinquency.
Banks must also retain data on
the
estimated
PDs, LGDs and EADs, associated with pools of
exposures. For defaulted
exposures,
banks must retain the data on the pools to which
the exposure was assigned
over
the year prior to default and the realised
outcomes on LGD and EAD.
(v)
Stress tests used in assessment of capital
adequacy
434.
An IRB bank must have in place sound stress
testing processes for use in
the
assessment
of capital adequacy. Stress testing must involve
identifying possible events or
future
changes in economic conditions that could have
unfavourable effects on a
bank’s
credit
exposures and assessment of the bank’s ability
to withstand such changes.
Examples
of
scenarios that could be used are
(i)
economic or industry downturns;
(ii)
market-risk
events;
and
(iii)
liquidity conditions.
435.
In addition to the more general tests described
above, the bank must perform a
credit
risk stress test to assess the effect of certain
specific conditions on its IRB
regulatory
capital
requirements. The test to be employed would be
one chosen by the bank, subject
to
supervisory
review. The test to be employed must be
meaningful and reasonably
conservative.
Individual
banks may develop different approaches to
undertaking this stress
test
requirement, depending on their circumstances.
For this purpose, the objective is not
to
require
banks to consider worst-case scenarios. The
bank’s stress test in this context
should,
however,
consider at least the effect of mild recession
scenarios. In this case, one
example
might
be to use two consecutive quarters of zero
growth to assess the effect on the
bank’s
PDs,
LGDs and EADs, taking account — on a
conservative basis — of the
bank’s
international
diversification.
435
(i) Banks using the double default framework
must consider as part of their
stress
testing
framework the impact of a deterioration in the
credit quality of protection providers, in
particular the impact of protection providers
falling outside the eligibility criteria due to
rating changes.
Banks
should also consider the impact of the default
of one but not both of the obligor and
protection provider, and the consequent increase
in risk and capital requirements at the time of
that default.
436.
Whatever method is used, the bank must include a
consideration of the following
sources
of information. First, a bank’s own data should
allow estimation of the ratings
migration
of at least some of its exposures. Second, banks
should consider information
about
the
impact of smaller deterioration in the credit
environment on a bank’s ratings, giving some
information on the likely effect of bigger,
stress circumstances. Third, banks should
evaluate evidence of ratings migration in
external ratings. This would include the bank
broadly matching its buckets to rating
categories.
437.
National supervisors may wish to issue guidance
to their banks on how the tests
to
be
used for this purpose should be designed,
bearing in mind conditions in their
jurisdiction.
The
results of the stress test may indicate no
difference in the capital calculated under
the
IRB
rules described in this section of this
Framework if the bank already uses such
an
approach
for its internal rating purposes. Where a bank
operates in several markets, it
does
not
need to test for such conditions in all of those
markets, but a bank should
stress
portfolios
containing the vast majority of its total
exposures.
5.
Corporate governance and
oversight
(i)
Corporate governance
438.
All material aspects of the rating and
estimation processes must be approved by
the
bank’s board of
directors or a designated committee thereof and
senior management.
(87)
These
parties must possess a general understanding of
the bank’s risk rating system
and
detailed
comprehension of its associated management
reports. Senior management must
provide
notice to the board of directors or a designated
committee thereof of material
changes
or exceptions from established policies that
will materially impact the operations
of
the
bank’s rating system.
(87) This standard refers to a
management structure composed of a board of
directors and senior management. The Committee
is aware that there are significant differences
in legislative and regulatory frameworks across
countries as regards the functions of the board
of directors and senior management. In some
countries, the board has the main, if not
exclusive, function of supervising the executive
body (senior management, general management) so
as to ensure that the latter fulfils its tasks.
For this reason, in some cases, it is known as a
supervisory board.
This means that the board has no
executive functions. In other countries, by
contrast, the
board has a broader competence in
that it lays down the general framework for the
management of the bank. Owing to these
differences, the notions of the board of
directors and senior management are used in this
paper not to identify legal constructs but
rather to label two decision-making functions
within a bank.
439.
Senior management also must have a good
understanding of the rating
system’s
design
and operation, and must approve material
differences between established
procedure
and
actual practice. Management must also ensure, on
an ongoing basis, that the
rating
system
is operating properly. Management and staff in
the credit control function must
meet
regularly
to discuss the performance of the rating
process, areas needing improvement,
and
the
status of efforts to improve previously
identified deficiencies.
440.
Internal ratings must be an essential part of
the reporting to these parties.
Reporting
must
include risk profile by grade, migration across
grades, estimation of the
relevant
parameters
per grade, and comparison of realised default
rates (and LGDs and EADs for
banks
on advanced approaches) against expectations.
Reporting frequencies may vary
with
the
significance and type of information and the
level of the recipient.
(ii)
Credit risk control
441.
Banks must have independent credit risk control
units that are responsible for
the
design
or selection, implementation and performance of
their internal rating systems.
The
unit(s)
must be functionally independent from the
personnel and management
functions
responsible
for originating exposures. Areas of
responsibility must include:
•
Testing and
monitoring internal
grades;
•
Production and
analysis of summary reports from the bank’s
rating system, to
include
historical default data sorted by rating at the
time of default and one year
prior
to default, grade migration analyses, and
monitoring of trends in key
rating
criteria;
•
Implementing
procedures to verify that rating definitions are
consistently applied
across
departments and geographic
areas;
•
Reviewing and
documenting any changes to the rating process,
including the
reasons
for the changes; and
•
Reviewing the rating
criteria to evaluate if they remain predictive
of risk. Changes to
the
rating process, criteria or individual rating
parameters must be documented
and
retained
for supervisors to review.
442.
A credit risk control unit must actively
participate in the development,
selection,
implementation
and validation of rating models. It must assume
oversight and supervision
responsibilities
for any models used in the rating process, and
ultimate responsibility for the
ongoing
review and alterations to rating
models.
(iii)
Internal and external
audit
443.
Internal audit or an equally independent
function must review at least annually
the
bank’s
rating system and its operations, including the
operations of the credit function
and
the
estimation of PDs, LGDs and EADs. Areas of
review include adherence to all
applicable
minimum
requirements. Internal audit must document its
findings. Some national supervisors may also
require an external audit of the bank’s rating
assignment process and estimation of loss
characteristics.
|
| | | |
|
Sarbanes Oxley
Training
Courses
designed to provide with the knowledge and skills needed to understand and
support Sarbanes-Oxley compliance.
www.sarbanes-oxley-training.com
Basel ii
Training
Courses
designed to provide with the knowledge and skills needed to understand and
support Basel ii compliance.
www.basel-ii-training.com
Sarbanes Oxley
Act
Sarbanes
Oxley Compliance: Books, Software, Certification, Training and
Resources.
www.sarbanes-oxley-act.biz
Basel ii Accord
Basel ii
Compliance: Books, Software, Certification, Training and
Resources
http://www.basel-ii-accord.com/
Compliance Training
Sarbanes
Oxley, Basel ii, Data Protection Directive, Information Security
Training
www.compliance-training.net
|
|