Back to Article

Chapter 5 Credit Risk and Concentration Risk

Part I Credit Risk

Introduction

Guidance

1. This chapter sets out the regulatory requirements in respect of managing the Credit Risk exposures of a Bank. Credit Risk refers to risk of incurring losses due to failure on the part of a borrower or a counterparty to fulfil their obligations in respect of a financial transaction. This chapter aims to ensure that a Bank holds sufficient regulatory capital of acceptable quality so that it can absorb unexpected losses arising out of its Credit Risk exposures, should the need arise and that it continues to operate in a sustainable manner.

2. This chapter requires a Bank to:

(a) implement a comprehensive Credit Risk management framework to manage, measure and monitor Credit Risk commensurate with the nature, scale and complexity of its operations;

(b) calculate the Credit Risk Capital Requirement for its on-balance sheet and off- balance sheet credit exposures after adjusting for applicable levels of credit risk mitigation, according to the norms, methodologies, standards and guidance provided in the CAG issued by the AFSA;

(c) implement a sound framework for managing concentration risk and large exposures, including limits for concentration of such exposures to individual and group borrowers.

3. This Chapter also deals with the following elements of determination of regulatory capital requirements to support a Bank’s credit risk exposures:

● the risk-weighted assets approach;

● CRM techniques;

● Provisioning requirements for impaired assets of the Bank.

4. To guard against abuses and to address conflicts of interest, this Chapter requires transactions with related parties to be at arm’s length.

5. The detailed requirements specifying the calculation methodologies, parameters, metrics and formulae in respect of the primary credit risk management and credit risk capital requirements outlined in this chapter are provided in the Capital Adequacy Guideline (CAG) issued by the AFSA. The CAG also provides detailed guidance on calculation methodologies, formulae, parameters and norms involved in calculation of Credit Risk capital requirements which is an element used to calculate the capital adequacy ratios for a Bank, as set out in Chapter 4 of BBR. It is suggested that this Chapter of the BBR, be read in conjunction with Chapter 5 of the CAG issued by the AFSA to facilitate understanding of the regulatory requirements and compliance with them.

5.1 Credit Risk Management – Systems and Controls

(1) A Bank must implement and maintain comprehensive Credit Risk management systems which:

(a) are appropriate to the Bank’s type, scope, complexity and scale of

operations;

(b) enable the Bank to effectively identify, assess, monitor and control Credit

Risk and to ensure that adequate Capital is available to support the credit risk exposures assumed; and

(c) ensure effective implementation of the Credit Risk strategy and policy.

(2) A Bank must:

(a) identify, assess, monitor, mitigate and, control its Credit Risk; and

(b) implement and maintain a prudent Credit Risk management policy which enables it to identify, assess, monitor, control and mitigate its Credit Risk.

(3) The Credit Risk management policy must:

(a) be documented and approved by its governing body;

(b) include the Bank’s risk appetite for Credit Risk;

(c) be appropriate to the nature, scale and complexity of its activities and for its risk profile;

(d) must establish procedures, systems, processes, controls and approaches to identify, measure, evaluate, manage and control or mitigate its credit risk and to ensure the integrity of its credit risk management;

(e) must set out the organizational structure, and must define the responsibilities and roles, for managing credit risk;

(f) ensure that its risk management framework including but not limited to tools, methodologies and, systems enable it to implement its Credit Risk management policy; and

(g) be reviewed and updated at a reasonable frequency, but at least on an annual basis.

(4) A Bank’s credit risk management policy must establish:

(a) a well-documented and effectively-implemented process for assuming credit risk that does not rely unduly on external credit ratings;

(b) well-defined criteria for approving credit (including prudent underwriting standards), and renewing, refinancing and restructuring existing credit;

(c) a process for identifying the approving authority for credit, given its size and complexity;

(d) effective credit risk administration, including:

(i) regular analysis of counterparties’ ability and willingness to repay;

and

(ii) monitoring of documents, legal covenants, contractual requirements, and collateral and other CRM techniques;

(e) effective systems for the accurate and timely identification, measurement, evaluation, management and control or mitigation of credit risk, and

reporting to the Bank’s governing body and senior management;

(f) prudent and appropriate credit limits that are consistent with the Bank’s risk tolerance, risk profile and capital;

(g) provide for process and criteria for identification and recognition of problem assets as well as systems for measurement and reporting of problem assets;

(h) the criteria and responsibility for credit risk reporting, and the scope, manner and frequency of reporting, to the governing body or a committee of the governing body;

(i) establish, and must provide for the regular review of, the Bank’s credit risk

tolerance and credit exposure limits to control credit exposures of the Bank;

(j) procedures for tracking and reporting exceptions to credit limits and deviations from credit risk management policies; and

(k) effective controls for the quality, reliability and relevance of data and validation procedures.

Note Guidance in respect of the contents of a Bank’s Credit Risk management policy which is required to satisfy the regulatory requirement in the Rule 5.1 is provided in Chapter 5 of the CAG issued by the AFSA.

(5) A Bank’s credit risk management policy must ensure that credit decisions are free of conflicts of interest and are made on an arm’s-length basis. In particular, the credit approval and credit review functions must be independent of the credit initiation function.

(6) A Bank’s credit risk management policy must provide for monitoring the total indebtedness of each counterparty and any risk factors that might result in default (including any significant unhedged foreign exchange risk).

(7) A Bank must give the AFSA full access to information about its credit portfolio. The Bank must also give the AFSA access to staff involved in assuming, managing and reporting on credit risk.

(8) The Credit Risk management policy must enable the Bank to carry out stress-tests on its credit portfolio at intervals appropriate for the nature, scale and complexity of the Bank’s business and using various scenarios based on appropriate assumptions. The policy must take into account the Bank’s credit risk profile (including on-balance-sheet and off-balance-sheet exposures) and tolerance in the context of the markets and macroeconomic conditions in which the Bank operates. The Bank’s credit risk stress testing must include procedures to make any changes to its credit risk management framework based on the results from the stress testing.

Note Guidance in respect of a Bank’s policies for Credit Risk assessment which is required to satisfy the regulatory requirement in the Rule 5.1 is provided in paragraphs 10 & 11 of Chapter 5 of the CAG issued by the AFSA.

5.2 Role of governing body—Credit Risk

(1) A Bank’s governing body must ensure that its Credit Risk management policy enables it to obtain a comprehensive Bank-wide view of its Credit Risk exposures and covers the full credit lifecycle including credit underwriting, credit evaluation, and the credit risk management of the Bank’s trading activities.

(2) A Bank must ensure that its Governing Body is responsible for monitoring the nature and level of Credit Risk assumed by it and for monitoring the Credit Risk management process.

(3) The governing body of the Bank must also ensure that:

(a) an appropriate senior management structure with clearly defined responsibilities and roles for Credit Risk management and for compliance with the Bank’s Risk strategy, is established and maintained;

(b) the credit risk management framework is consistent with the Bank’s risk

profile and its systemic importance.

(c) the Bank’s senior management and other relevant staff have the necessary experience to manage Credit risk and to effectively implement the Credit risk management policy;

(d) appropriate Credit limits covering Credit Risk management in both day-to-day and stressed conditions are set;

(e) stress-tests, funding strategies, contingency funding plans and holdings of high-quality liquid assets are effective and appropriate for the Bank;

(f) the Bank’s senior management:

(i) develops a Credit risk management policy in accordance with the

Bank’s Credit risk tolerance;

(ii) monitors the Bank’s Credit risk profile and reports to the governing

body regularly;

(iii) determines, and sets out in the Bank’s credit risk management policy, the structure, responsibilities and controls for managing credit risk and for overseeing the credit risk of all legal entities, branches and subsidiaries in the jurisdictions in which the Bank is active; and

(iv) monitors trends and market developments that could present significant, unprecedented or complex challenges for managing credit risk so that appropriate and timely changes to the credit risk management policy can be made.

(4) The governing body must regularly review reports on the Bank’s Credit Risk profile and portfolio returns and, where necessary, information on new or emerging problem assets. The governing body of the Bank must also review the Credit Risk tolerance and strategy at least on an annual basis.

(5) The governing body must approve:

(a) the Bank’s Credit Risk management policy; and

(b) its Credit risk tolerance and risk strategy.

5.3 Classification of Credit exposures

(1) Unless a Bank has established something more detailed, the Bank must classify credits into 1 of the 5 categories in table 5A. Nothing in the table prevents a Bank from classifying a credit under a higher risk category than the table requires.

(2) Unless there is good reason not to do so, the same category must be given to all credit exposures to the same counterparty