Title[ Part 2: The First Pillar - Minimum Capital Requirements
Section[ 4. Risk rating system operations
(i) Coverage of ratings
422. For corporate, sovereign, and bank exposures, each borrower and all recognised guarantors must be assigned a rating and each exposure must be associated with a facility rating as part of the loan approval process. Similarly, for retail, each exposure must be assigned to a pool as part of the loan approval process.
423. Each separate legal entity to which the bank is exposed must be separately rated. A bank must have policies acceptable to its supervisor regarding the treatment of individual entities in a connected group including circumstances under which the same rating may or may not be assigned to some or all related entities.
(ii) Integrity of rating process
Standards for corporate, sovereign, and bank exposures
424. Rating assignments and periodic rating reviews must be completed or approved by a party that does not directly stand to benefit from the extension of credit. Independence of the rating assignment process can be achieved through a range of practices that will be carefully reviewed by supervisors. These operational processes must be documented in the bank’s procedures and incorporated into bank policies. Credit policies and underwriting procedures must reinforce and foster the independence of the rating process.
425. Borrowers and facilities must have their ratings refreshed at least on an annual basis. Certain credits, especially higher risk borrowers or problem exposures, must be subject to more frequent review. In addition, banks must initiate a new rating if material information on the borrower or facility comes to light.
426. The bank must have an effective process to obtain and update relevant and material information on the borrower’s financial condition, and on facility characteristics that affect LGDs and EADs (such as the condition of collateral). Upon receipt, the bank needs to have a procedure to update the borrower’s rating in a timely fashion.
Standards for retail exposures
427. A bank must review the loss characteristics and delinquency status of each identified risk pool on at least an annual basis. It must also review the status of individual borrowers within each pool as a means of ensuring that exposures continue to be assigned to the correct pool. This requirement may be satisfied by review of a representative sample of exposures in the pool.
428. For rating assignments based on expert judgement, banks must clearly articulate the situations in which bank officers may override the outputs of the rating process, including how and to what extent such overrides can be used and by whom. For model-based ratings, the bank must have guidelines and processes for monitoring cases where human judgement has overridden the model’s rating, variables were excluded or inputs were altered. These guidelines must include identifying personnel that are responsible for approving these overrides. Banks must identify overrides and separately track their performance.
(iv) Data maintenance
429. A bank must collect and store data on key borrower and facility characteristics to provide effective support to its internal credit risk measurement and management process, to enable the bank to meet the other requirements in this document, and to serve as a basis for supervisory reporting. These data should be sufficiently detailed to allow retrospective re- allocation of obligors and facilities to grades, for example if increasing sophistication of the internal rating system suggests that finer segregation of portfolios can be achieved.
Furthermore, banks must collect and retain data on aspects of their internal ratings as required under Pillar 3 of this Framework.
For corporate, sovereign, and bank exposures
430. Banks must maintain rating histories on borrowers and recognised guarantors, including the rating since the borrower/guarantor was assigned an internal grade, the dates the ratings were assigned, the methodology and key data used to derive the rating and the person/model responsible. The identity of borrowers and facilities that default, and the timing and circumstances of such defaults, must be retained. Banks must also retain data on the PDs and realised default rates associated with rating grades and ratings migration in order to track the predictive power of the borrower rating system.
431. Banks using the advanced IRB approach must also collect and store a complete history of data on the LGD and EAD estimates associated with each facility and the key data used to derive the estimate and the person/model responsible. Banks must also collect data on the estimated and realised LGDs and EADs associated with each defaulted facility. Banks that reflect the credit risk mitigating effects of guarantees/credit derivatives through LGD must retain data on the LGD of the facility before and after evaluation of the effects of the guarantee/credit derivative. Information about the components of loss or recovery for each defaulted exposure must be retained, such as amounts recovered, source of recovery (e.g. collateral, liquidation proceeds and guarantees), time period required for recovery, and administrative costs.
432. Banks under the foundation approach which utilise supervisory estimates are encouraged to retain the relevant data (i.e. data on loss and recovery experience for corporate exposures under the foundation approach, data on realised losses for banks using the supervisory slotting criteria for SL).
For retail exposures
433. Banks must retain data used in the process of allocating exposures to pools, including data on borrower and transaction risk characteristics used either directly or through use of a model, as well as data on delinquency. Banks must also retain data on the estimated PDs, LGDs and EADs, associated with pools of exposures. For defaulted exposures, banks must retain the data on the pools to which the exposure was assigned over the year prior to default and the realised outcomes on LGD and EAD.
(v) Stress tests used in assessment of capital adequacy
434. An IRB bank must have in place sound stress testing processes for use in the assessment of capital adequacy. Stress testing must involve identifying possible events or future changes in economic conditions that could have unfavourable effects on a bank’s credit exposures and assessment of the bank’s ability to withstand such changes. Examples of scenarios that could be used are (i) economic or industry downturns; (ii) market-risk events; and (iii) liquidity conditions.
435. In addition to the more general tests described above, the bank must perform a credit risk stress test to assess the effect of certain specific conditions on its IRB regulatory capital requirements. The test to be employed would be one chosen by the bank, subject to supervisory review. The test to be employed must be meaningful and reasonably conservative. Individual banks may develop different approaches to undertaking this stress test requirement, depending on their circumstances. For this purpose, the objective is not to require banks to consider worst-case scenarios. The bank’s stress test in this context should, however, consider at least the effect of mild recession scenarios. In this case, one example might be to use two consecutive quarters of zero growth to assess the effect on the bank’s PDs, LGDs and EADs, taking account — on a conservative basis — of the bank’s international diversification.
435 (i) Banks using the double default framework must consider as part of their stress testing framework the impact of a deterioration in the credit quality of protection providers, in particular the impact of protection providers falling outside the eligibility criteria due to rating changes. Banks should also consider the impact of the default of one but not both of the obligor and protection provider, and the consequent increase in risk and capital requirements at the time of that default.
436. Whatever method is used, the bank must include a consideration of the following sources of information. First, a bank’s own data should allow estimation of the ratings migration of at least some of its exposures. Second, banks should consider information about the impact of smaller deterioration in the credit environment on a bank’s ratings, giving some information on the likely effect of bigger, stress circumstances. Third, banks should evaluate evidence of ratings migration in external ratings. This would include the bank broadly matching its buckets to rating categories.
437. National supervisors may wish to issue guidance to their banks on how the tests to be used for this purpose should be designed, bearing in mind conditions in their jurisdiction. The results of the stress test may indicate no difference in the capital calculated under the IRB rules described in this section of this Framework if the bank already uses such an approach for its internal rating purposes. Where a bank operates in several markets, it does not need to test for such conditions in all of those markets, but a bank should stress portfolios containing the vast majority of its total exposures.