|
|
|
|
|
|
Basel ii Accord
Sections 761 to 777 |
|
III. Specific issues
to be addressed under the supervisory review
process
761. The Committee
has identified a number of important issues that
banks and
supervisors should
particularly focus on when carrying out the
supervisory review process.
These issues
include some key risks which are not directly
addressed under Pillar 1
and
important
assessments that supervisors should make to
ensure the proper functioning
of
certain aspects of
Pillar 1.
A. Interest rate risk
in the banking book
762. The Committee
remains convinced that interest rate risk in the
banking book is a
potentially
significant risk which merits support from
capital. However, comments
received
from the industry
and additional work conducted by the Committee
have made it clear that
there is
considerable heterogeneity across
internationally active banks in terms of the
nature
of the underlying
risk and the processes for monitoring and
managing it.
In light of this,
the Committee has concluded that it is at this
time most appropriate to treat interest rate
risk in the banking book under Pillar 2 of the
Framework. Nevertheless, supervisors who
consider that there is sufficient homogeneity
within their banking populations regarding the
nature and methods for monitoring and measuring
this risk could establish a mandatory minimum
capital requirement.
763. The revised
guidance on interest rate risk recognises banks’
internal systems as the
principal tool for
the measurement of interest rate risk in the
banking book and the
supervisory
response. To facilitate supervisors’ monitoring
of interest rate risk
exposures
across
institutions, banks would have to provide the
results of their internal
measurement
systems, expressed
in terms of economic value relative to capital,
using a standardised
interest rate
shock.
764. If
supervisors determine that banks are not holding
capital commensurate with
the
level of interest
rate risk, they must require the bank to reduce
its risk, to hold a
specific
additional amount
of capital or some combination of the two.
Supervisors should
be particularly attentive to the sufficiency of
capital of ‘outlier banks’ where economic value
declines by more than 20% of the sum of Tier 1
and Tier 2 capital as a result of a standardised
interest rate shock (200 basis points) or its
equivalent, as described in the supporting
document Principles for the Management and
Supervision of Interest Rate
Risk.
B.
Credit risk
1.
Stress tests under the IRB
approaches
765. A bank should
ensure that it has sufficient capital to meet
the Pillar 1 requirements
and the results
(where a deficiency has been indicated) of the
credit risk stress test
performed as part
of the Pillar 1 IRB minimum requirements
(paragraphs 434 to 437).
Supervisors may
wish to review how the stress test has been
carried out. The results of
the
stress test will
thus contribute directly to the expectation that
a bank will operate above
the
Pillar 1 minimum
regulatory capital ratios. Supervisors will
consider whether a bank has
sufficient capital
for these purposes. To the extent that there is
a shortfall, the supervisor
will
react
appropriately. This will usually involve
requiring the bank to reduce its risks and/or
to
hold additional
capital/provisions, so that existing capital
resources could cover the Pillar
1
requirements plus
the result of a recalculated stress
test.
2.
Definition of
default
766. A bank must
use the reference definition of default for its
internal estimations of PD
and/or LGD and
EAD. However, as detailed in paragraph 454,
national supervisors will issue guidance on how
the reference definition of default is to be
interpreted in their
jurisdictions.
Supervisors will
assess individual banks’ application of the
reference definition of default
and
its impact on
capital requirements. In particular, supervisors
will focus on the impact of
deviations from
the reference definition according to paragraph
456 (use of external data
or
historic internal
data not fully consistent with the reference
definition of default).
3. Residual
risk
767. The Framework
allows banks to offset credit or counterparty
risk with collateral,
guarantees or
credit derivatives, leading to reduced capital
charges. While banks use
credit
risk mitigation
(CRM) techniques to reduce their credit risk,
these techniques give rise
to
risks that may
render the overall risk reduction less
effective.
Accordingly these
risks (e.g. legal risk, documentation risk, or
liquidity risk) to which banks are exposed are
of supervisory concern. Where such risks arise,
and irrespective of fulfilling the minimum
requirements set out in Pillar 1, a bank could
find itself with greater credit risk exposure to
the underlying counterparty than it had
expected. Examples of these risks
include:
•
Inability to
seize, or realise in a timely manner, collateral
pledged (on default of the
counterparty);
•
Refusal or delay
by a guarantor to pay;
and
•
Ineffectiveness of
untested
documentation.
768. Therefore,
supervisors will require banks to have in place
appropriate written CRM
policies and
procedures in order to control these residual
risks. A bank may be required
to
submit these
policies and procedures to supervisors and must
regularly review their
appropriateness,
effectiveness and
operation.
769. In its CRM
policies and procedures, a bank must consider
whether, when calculating
capital
requirements, it is appropriate to give the full
recognition of the value of the credit risk
mitigant as permitted in Pillar 1 and must
demonstrate that its CRM management policies and
procedures are appropriate to the level of
capital benefit that it is
recognising.
Where supervisors
are not satisfied as to the robustness,
suitability or application of these policies and
procedures they may direct the bank to take
immediate remedial action or
hold
additional capital
against residual risk until such time as the
deficiencies in the CRM
procedures are
rectified to the satisfaction of the supervisor.
For example, supervisors
may
direct a bank
to:
•
Make
adjustments to the assumptions on holding
periods, supervisory haircuts,
or
volatility (in the
own haircuts approach);
•
Give
less than full recognition of credit risk
mitigants (on the whole credit portfolio
or
by specific
product line); and/or
•
Hold
a specific additional amount of
capital.
4.
Credit concentration
risk
770. A risk
concentration is any single exposure or group of
exposures with the
potential
to produce losses
large enough (relative to a bank’s capital,
total assets, or overall risk
level)
to threaten a
bank’s health or ability to maintain its core
operations. Risk concentrations
are
arguably the
single most important cause of major problems in
banks.
771. Risk
concentrations can arise in a bank’s assets,
liabilities, or off-balance
sheet
items, through the
execution or processing of transactions (either
product or service), or
through a
combination of exposures across these broad
categories. Because lending is
the
primary activity
of most banks, credit risk concentrations are
often the most material
risk
concentrations
within a bank.
772. Credit risk
concentrations, by their nature, are based on
common or correlated risk
factors, which, in
times of stress, have an adverse effect on the
creditworthiness of each of
the individual
counterparties making up the concentration.
Concentration risk arises in
both
direct exposures
to obligors and may also occur through exposures
to protection providers.
Such
concentrations are not addressed in the Pillar 1
capital charge for credit
risk.
773. Banks should
have in place effective internal policies,
systems and controls to
identify, measure,
monitor, and control their credit risk
concentrations. Banks should explicitly consider
the extent of their credit risk concentrations
in their assessment of capital adequacy under
Pillar 2. These policies should cover the
different forms of credit risk concentrations to
which a bank may be exposed. Such concentrations
include:
•
Significant
exposures to an individual counterparty or group
of related
counterparties. In
many jurisdictions, supervisors define a limit
for exposures of this
nature, commonly
referred to as a large exposure limit. Banks
might also establish
an aggregate limit
for the management and control of all of its
large exposures as a
group;
•
Credit exposures
to counterparties in the same economic sector or
geographic
region;
•
Credit exposures
to counterparties whose financial performance is
dependent on the
same activity or
commodity; and
•
Indirect credit
exposures arising from a bank’s CRM activities
(e.g. exposure to a
single collateral
type or to credit protection provided by a
single counterparty).
774. A bank’s
framework for managing credit risk
concentrations should be
clearly
documented and
should include a definition of the credit risk
concentrations relevant to
the
bank and how these
concentrations and their corresponding limits
are calculated. Limits
should be defined
in relation to a bank’s capital, total assets
or, where adequate measures
exist, its overall
risk level.
775. A bank’s
management should conduct periodic stress tests
of its major credit risk
concentrations and
review the results of those tests to identify
and respond to potential
changes in market
conditions that could adversely impact the
bank’s performance.
776. A bank should
ensure that, in respect of credit risk
concentrations, it complies
with
the Committee
document Principles for the
Management of Credit Risk (September
2000)
and the more
detailed guidance in the Appendix to that
paper.
777. In the course
of their activities, supervisors should assess
the extent of a bank’s
credit risk
concentrations, how they are managed, and the
extent to which the bank
considers them in
its internal assessment of capital adequacy
under Pillar 2. Such
assessments should
include reviews of the results of a bank’s
stress tests. Supervisors
should take
appropriate actions where the risks arising from
a bank’s credit risk
concentrations are
not adequately addressed by the
bank.
5.
Counterparty credit
risk
777 (i). As
counterparty credit risk (CCR) represents a form
of credit risk, this would
include
meeting this
Framework’s standards regarding their approaches
to stress testing,
“residual
risks” associated
with credit risk mitigation techniques, and
credit concentrations, as
specified in the
paragraphs above.
777 (ii). The bank
must have counterparty credit risk management
policies, processes and
systems that are
conceptually sound and implemented with
integrity relative to the
sophistication and
complexity of a firm’s holdings of exposures
that give rise to CCR. A
sound counterparty
credit risk management framework shall include
the identification,
measurement,
management, approval and internal reporting of
CCR.
777 (iii). The
bank’s risk management policies must take
account of the market,
liquidity,
legal and
operational risks that can be associated with
CCR and, to the extent
practicable,
interrelationships
among those risks. The bank must not undertake
business with a
counterparty
without assessing its creditworthiness and must
take due account of both
settlement and
pre-settlement credit risk. These risks must be
managed as comprehensively as practicable at the
counterparty level (aggregating counterparty
exposures with other credit exposures) and at
the firm-wide level.
777 (iv). The
board of directors and senior management must be
actively involved in the
CCR control
process and must regard this as an essential
aspect of the business to
which
significant
resources need to be devoted. Where the bank is
using an internal model for
CCR, senior
management must be aware of the limitations and
assumptions of the model
used and the
impact these can have on the reliability of the
output. They should also
consider the
uncertainties of the market environment (e.g.
timing of realisation of
collateral)
and operational
issues (e.g. pricing feed irregularities) and be
aware of how these are
reflected in the
model.
777 (v). In this
regard, the daily reports prepared on a firm’s
exposures to CCR must be
reviewed by a
level of management with sufficient seniority
and authority to enforce
both
reductions of
positions taken by individual credit managers or
traders and reductions in
the
firm’s overall CCR
exposure.
777 (vi). The
bank’s CCR management system must be used in
conjunction with internal
credit and trading
limits. In this regard, credit and trading
limits must be related to the firm’s risk
measurement model in a manner that is consistent
over time and that is well understood by credit
managers, traders and senior
management.
777 (vii). The
measurement of CCR must include monitoring daily
and intra-day usage of
credit lines. The
bank must measure current exposure gross and net
of collateral held where
such measures are
appropriate and meaningful (e.g. OTC
derivatives, margin lending,
etc.).
Measuring and
monitoring peak exposure or potential future
exposure (PFE) at a confidence level chosen by
the bank at both the portfolio and counterparty
levels is one element of a robust limit
monitoring system. Banks must take account of
large or concentrated positions, including
concentrations by groups of related
counterparties, by industry, by market, customer
investment strategies, etc.
777 (viii). The
bank must have a routine and rigorous program of
stress testing in place as
a
supplement to the
CCR analysis based on the day-to-day output of
the firm’s risk
measurement model.
The results of this stress testing must be
reviewed periodically by
senior management
and must be reflected in the CCR policies and
limits set by management and the board of
directors. Where stress tests reveal particular
vulnerability to a given set of circumstances,
management should explicitly consider
appropriate risk management strategies (e.g. by
hedging against that outcome, or reducing the
size of the firm’s
exposures).
777 (ix). The bank
must have a routine in place for ensuring
compliance with a
documented
set of internal
policies, controls and procedures concerning the
operation of the CCR
management system.
The firm’s CCR management system must be well
documented, for
example, through a
risk management manual that describes the basic
principles of the risk
management system
and that provides an explanation of the
empirical techniques used
to
measure
CCR.
777 (x). The bank
must conduct an independent review of the CCR
management system
regularly through
its own internal auditing process. This review
must include both the
activities of the
business credit and trading units and of the
independent CCR control unit.
A
review of the
overall CCR management process must take place
at regular intervals
(ideally
not less than once
a year) and must specifically address, at a
minimum:
•
the
adequacy of the documentation of the CCR
management system and
process;
•
the
organisation of the CCR control
unit;
•
the
integration of CCR measures into daily risk
management;
•
the
approval process for risk pricing models and
valuation systems used by
front
and back-office
personnel;
•
the
validation of any significant change in the CCR
measurement process;
•
the
scope of counterparty credit risks captured by
the risk measurement
model;
•
the
integrity of the management information
system;
•
the
accuracy and completeness of CCR
data;
•
the
verification of the consistency, timeliness and
reliability of data sources used
to
run internal
models, including the independence of such data
sources;
•
the
accuracy and appropriateness of volatility and
correlation
assumptions;
•
the
accuracy of valuation and risk transformation
calculations;
•
the
verification of the model’s accuracy through
frequent
backtesting.
777 (xi). A bank
that receives approval to use an internal model
to estimate its exposure
amount or EAD for
CCR exposures must monitor the appropriate risks
and have processes
to adjust its
estimation of EPE when those risks become
significant. This includes
the
following:
•
Banks
must identify and manage their exposures to
specific wrong-way
risk.
•
For
exposures with a rising risk profile after one
year, banks must compare on
a
regular basis the
estimate of EPE over one year with the EPE over
the life of the
exposure.
•
For
exposures with a short-term maturity (below one
year), banks must compare
on
a regular basis
the replacement cost (current exposure) and the
realised exposure
profile, and/or
store data that allow such a
comparisons.
777 (xii). When
assessing an internal model used to estimate
EPE, and especially for
banks
that receive
approval to estimate the value of the alpha
factor, supervisors must review
the
characteristics of
the firm’s portfolio of exposures that give rise
to CCR. In particular,
supervisors must
consider the following characteristics,
namely:
•
the
diversification of the portfolio (number of risk
factors the portfolio is exposed
to);
•
the
correlation of default across counterparties;
and
•
the
number and granularity of counterparty
exposures.
777 (xiii).
Supervisors will take appropriate action where
the firm’s estimates of exposure
or
EAD under the
Internal Model Method or alpha do not adequately
reflect its exposure to
CCR. Such action
might include directing the bank to revise its
estimates; directing the
bank
to apply a higher
estimate of exposure or EAD under the IMM or
alpha; or disallowing a bank from recognising
internal estimates of EAD for regulatory capital
purposes.
777 (xiv). For
banks that make use of the standardised method,
supervisors should review
the bank’s
evaluation of the risks contained in the
transactions that give rise to CCR and
the
bank’s assessment
of whether the standardised method captures
those risks appropriately
and
satisfactorily. If the standardised method does
not capture the risk inherent in the bank’s
relevant transactions (as could be the case with
structured, more complex OTC derivatives),
supervisors may require the bank to apply the
CEM or the SM on a transaction-bytransaction
basis (i.e. no netting will be
recognised).
|
| | | |
|
Sarbanes Oxley
Training
Courses
designed to provide with the knowledge and skills needed to understand and
support Sarbanes-Oxley compliance.
www.sarbanes-oxley-training.com
Basel ii
Training
Courses
designed to provide with the knowledge and skills needed to understand and
support Basel ii compliance.
www.basel-ii-training.com
Sarbanes Oxley
Act
Sarbanes
Oxley Compliance: Books, Software, Certification, Training and
Resources.
www.sarbanes-oxley-act.biz
Basel ii Accord
Basel ii
Compliance: Books, Software, Certification, Training and
Resources
http://www.basel-ii-accord.com/
Compliance Training
Sarbanes
Oxley, Basel ii, Data Protection Directive, Information Security
Training
www.compliance-training.net
|
|