PIB A4.1 PIB A4.1 Credit Risk Systems and Controls
PIB A4.1 Guidance1. Depending on an
Authorised Firm'snature, scale, frequency, and complexity of Credit Riskgranted or incurred, the Credit Riskpolicy of an Authorised Firmshould address the following elements:a. how, with particular reference to its activities, the Authorised Firmdefines and measures Credit Risk;b. the Authorised Firm'sbusiness aims in incurring Credit Riskincluding:i. identifying the types and sources of Credit Riskto which the Authorised Firmwishes to be exposed (and the limits on that Exposure) and those to which the Authorised Firmwishes not to be exposed;ii. specifying the level of diversification required by the Authorised Firmand the Authorised Firm'stolerance for risk concentrations and the limits on those Exposuresand concentrations; andiii. stating the risk-return that the Authorised Firmis seeking to achieve on Credit Risk Exposures;c. types of facilities to be offered, along with ceilings, pricing, profitability, maximum maturities and maximum debt-servicing ratios for each type of lending;d. a ceiling for the total loan portfolio, in terms, for example, of the loan-to-deposit ratio, undrawn commitment ratio, a maximum dollar amount or a percentage of capital base;e. portfolio limits for maximum aggregate Exposuresby country, industry, category of borrower/ Counterparty(e.g. banks, non-bank financial institutions, corporates and retail), product (e.g. property lending), Groupsof related parties and single borrowers;f. limits, terms and conditions, approval and review procedures and records kept for Connectedlending — all Authorised Firmsshould have a formal policy statement, endorsed by the Governing Body, on such lending covering these matters;g. types of acceptable Collateral, loan-to-value ratios and the criteria for accepting guarantees; andh. how Credit Riskis assessed both when credit is granted or incurred and subsequently, including how the adequacy of any security and other risk mitigation techniques are assessed;i. the detailed limit structure for Credit Risk, which should:i. address all key risk factors, including intra- Group Exposures;ii. be commensurate with the volume and complexity of activity; andiii. be consistent with the Authorised Firm'sbusiness aims, historical performance, and the level of capital the Authorised Firmis willing to risk;j. procedures for:i. approving new products and activities which give rise to Credit Risk;ii. regular risk position and performance reporting;iii. limit exception reporting and approval; andiv. identifying and dealing with problem Exposures;k. the allocation of responsibilities for implementing the Credit Riskpolicy and for monitoring adherence to, and the effectiveness of, the policy; andl. the required information systems, staff and other resources.2. The Credit Riskpolicy should emphasize the principles of prudence and should be enforced consistently. The policy and its implementation should ensure that credit facilities are only granted to credit-worthy customers and that risk concentrations are avoided.3. The Credit Riskstrategy and policy need to be clearly disseminated to, and understood by all relevant staff.4. The Credit Riskpolicy of an Authorised Firmshould clearly specify the delegation of its credit approval authorities. Credit authority thus delegated should be appropriate for the products or portfolios assigned to the credit committee or individual credit officers and should be commensurate with their credit experience and expertise. An officer's credit authority may, however, be increased on the basis of his or her track record. An Authorised Firmshould ensure that credit authority is required for acquiring any types of credit Exposures, including the use of Credit Derivativesfor hedging or income generation.5. Credit authority delegated to the credit committee and each credit officer should be subject to regular review to ensure that it remains appropriate to current market conditions and the level of their performance.6. An Authorised Firm'sremuneration policies should be consistent with its Credit Riskstrategy. The policies should not encourage officers to generate short-term profits by taking an unacceptably high level of risk. Counterparty Riskassessment7. The Authorised Firmshould make a suitable assessment of the risk profile of its Counterparties. The factors to be considered will vary according to both the type of credit and Counterpartysuch as whether the Counterpartyis a company or a sovereign Counterpartyand may include:a. the purpose of the credit and the source of repayment;b. an assessment of the skill, integrity and quality of management and overall reputation of the Counterparty;c. the legal capacity of the Counterpartyto assume the liability to the Authorised Firm;d. an assessment of the nature and amount of risk attached to the Counterpartyin the context of the industrial sector or geographical region or country in which it operates and the potential impact on the Counterpartyof political, economic and market changes; this assessment may include consideration of the extent and nature of the Counterparty'sother financial obligations;e. the Counterparty'srepayment history as well as an assessment of the Counterparty'scurrent and future capacity to repay obligations based on financial statements, financial trends, cash flow projections and the potential impact of adverse economic scenarios;f. an analysis of the risk-return trade-off, with regard to the proposed price of the credit facility;g. the proposed terms and conditions attached to the granting of credit, including on-going provision of information by the Counterparty, covenants attached to the facility, the adequacy and enforceability of Collateraland guarantees; andh. the Authorised Firm'sexisting Exposureto the individual Counterparty, sector, country or product and the availability of credit given Exposurelimits.8. An Authorised Firmshould document any variation from the usual credit policy.9. An Authorised Firminvolved in loan syndications or consortia should not rely on other parties' assessments of the Credit Risksinvolved but should conduct a full assessment against its own Credit Riskpolicy.10. An Authorised Firmgranting credit to obligors in other countries should be cognisant of the additional risks — country risk and transfer risk — involved in such credits. An Authorised Firmshould therefore consider the environment — economic and political — in the relevant countries, the potential effect of changes thereto on the obligors' ability to service the credit and the contagion effects in regions where economies are closely related.11. The exception reporting should be adequately supported by a management reporting system whereby relevant reports on the credit portfolio are generated to various levels of management on a timely basis.12. Connected Counterpartiesshould be identified and the procedures for the management of the combined Credit Riskconsidered. It may be appropriate for Authorised Firmsto monitor and report the aggregate Exposureagainst combined limits in addition to monitoring the constituent Exposuresto the individual Counterparties.13. An Authorised Firmshould consider whether it needs to assess the credit-worthiness of suppliers of goods and services to whom it makes material prepayments or advances.
Derivative Counterparties14. An Authorised Firmshould include in its Credit Riskpolicy an adequate description of:a. how it determines with which derivative Counterpartiesto do business;b. how it assesses and continues to monitor the credit-worthiness of those Counterparties;c. how it identifies its actual and contingent Exposureto the Counterparty; andd. whether and how it uses credit loss mitigation techniques, e.g. margining, taking security or Collateralor purchasing credit insurance.15. In assessing its contingent Exposureto a Counterparty, the Authorised Firmshould identify the amount which would be due from the Counterpartyif the value, index or other factor upon which that amount depends were to change.16. An Authorised Firmshould clearly specify the delegation of its credit approval authorities. Credit authority thus delegated should be appropriate for the products or portfolios assigned to the credit committee or individual credit officers and should be commensurate with their credit experience and expertise. An officer's credit authority may, however, be increased on the basis of his her track record. An Authorised Firmshould ensure that credit authority is required for acquiring any types of credit Exposures, including the use of Credit Derivativesfor hedging or income generation.17. Credit authority delegated to the credit committee and each credit officer should be subject to regular review to ensure that it remains appropriate to current market conditions and the level of their performance.
Credit approval procedures18. An
Authorised Firmshould adhere closely to the "Know Your Customer" principle and should not lend purely on name and relationship without a comprehensive assessment of the credit quality of the borrower.19. Credit decisions should be supported by adequate evaluation of the borrower's repayment ability based on reliable information. Sufficient and up-to-date information should continue to be available to enable effective monitoring of the account.20. All credits should be granted on an arm's length basis. Credits to related borrowers should be monitored carefully and steps taken to control or reduce the risks of Connectedlending.21. An Authorised Firmshould not rely excessively on Collateralor guarantees as Credit Riskmitigants. Such Credit Riskmitigants may provide secondary protection to the lender if the borrower defaults, the primary consideration for credit approval should be the borrower's debt-servicing capacity.22. An Authorised Firmshould be sensitive to rapid expansion of specific types of lending. Such trends may often be accompanied by deterioration of credit standards and thus merit increased focus on more marginal borrowers.23. An Authorised Firmshould ensure through periodic independent audits that the credit approval function is being properly managed and that credit Exposurescomply with prudential standards and internal limits. The results of such audits should be reported directly to the Governing Body, the credit committee or senior management as appropriate.
Risk control24. An
Authorised Firmshould consider setting credit limits for maximum Exposuresto single and Connected Counterparties, as well as limits for aggregate Exposuresto economic sectors, geographic areas, and on total Credit Riskarising from specific types of products. By limiting Exposuresin these categories, an Authorised Firmcan manage credit Exposuremore carefully and avoid excessive concentrations of risk.25. The Credit Riskpolicy of an Authorised Firmshould include a policy to control and monitor Large Exposuresand other risk concentrations. An Authorised Firmshould carefully manage and avoid excessive risk concentrations of various kinds. These include Exposureto:a. individual borrowers (in particular Exposureexceeding 10% of the firm's capital base);b. Groupsof borrowers with similar characteristics, economic and geographical sectors; andc. types of lending with similar characteristics (e.g. those based on assets with similar price behaviour).26. Notwithstanding the Concentration Risklimit specified as part of the prudential Ruleson Large Exposures, Authorised Firmsshould exercise particular care in relation to facilities exceeding 10% of capital base.27. Authorised Firmsshould recognise and control the Credit Riskarising from their new products and services. Well in advance of entering into business transactions involving new types of products and activities, they should ensure that they understand the risks fully and have established appropriate Credit Riskpolicies, procedures and controls, which should be approved by the Governing Bodyor its appropriate delegated committee. A formal risk assessment of new products and activities should also be performed and documented.28. An Authorised Firmin Category1, 2, 3A or 5 is also subject to concentration limits and notification requirements as spelt out in PIB chapter 4.
Risk measurement29. An
Authorised Firmshould measure its Credit Riskusing a robust and consistent methodology, which should be described in its Credit Riskpolicy. The Authorised Firmshould consider whether the measurement methodology should be back-tested and the frequency of any such back-testing.30. An Authorised Firmshould also be able to measure its total Exposureacross the entire credit portfolio or within particular categories such as Exposuresto particular industries, economic sectors or geographical areas.31. Where an Authorised Firmis a member of a Group, the Groupshould be able to monitor credit Exposureson a consolidated basis.32. An Authorised Firmshould have the capability to measure its credit Exposureto individual Counterpartieson at least a daily basis.33. Authorised Firmsshould analyse their credit portfolios to identify material inter-dependencies which can exaggerate risk concentrations. The importance can be illustrated by the contagion effects that a substantial decline in property or stock prices may have on the default rate of those commercial and industrial loans which rely heavily on such types of Collateral.34. Authorised Firmsshould establish a system of regular independent credit and compliance audits. These audits should be performed by independent parties, e.g. internal audit and compliance, which report to the Governing Bodyor the audit committee.35. Credit audits should be conducted to assess individual credits on a sampling basis and the overall quality of the credit portfolio. Such audits are useful for evaluating the performance of account officers and the effectiveness of the credit process. They can also enable Authorised Firmsto take early measures to protect their loans.
Risk monitoring36. An
Authorised Firmshould implement an effective system for monitoring its Credit Risk, which should be described in its Credit Riskpolicy. The system may monitor the use of facilities, adherence to servicing requirements and covenants, and monitor the value of Collateraland identify problem accounts.37. An Authorised Firmshould consider the implementation of a system of management reporting which provides relevant, accurate, comprehensive, timely and reliable Credit Riskreports to relevant functions within the Authorised Firm.38. Adequacy and sophistication of Credit Riskmeasurement tools required depends on the complexity and degree of the inherent risks of the products involved. An Authorised Firmshould have information systems and analytical techniques that provide sufficient information on the risk profile and structure of the credit portfolio. These should be flexible to help Authorised Firmto identify risk concentrations. To achieve this, an Authorised Firmsystem should be capable of analysing its credit portfolio by the following characteristics:a. size of Exposure;b. Exposureto Groupsof related borrowers;c. products;d. sectors, e.g. geographic, industrial;e. borrowers' demographic profile for consumer credits, e.g. age or income group, if appropriate;f. account performance;g. internal credit ratings;h. outstandings versus commitments; andi. types and coverage of Collateral.39. An Authorised Firmshould have procedures for taking appropriate action according to the information within the management reports, such as a review of Counterpartylimits.40. Particular attention should be given to the monitoring of credit that does not conform to usual Credit Riskpolicy, or which exceeds predetermined credit limits and criteria, but is sanctioned because of particular circumstances. Unauthorised exceptions to policies, procedures and limits should be reported in a timely manner to the appropriate level of management.41. Individual credit facilities and overall limits and sub-limits should be periodically reviewed in order to check their performance and appropriateness for both the current circumstances of the Counterpartyand in the Authorised Firm'scurrent internal and external economic environment. The frequency of review will usually be more intense for higher-risk Counterpartiesor larger Exposuresor in fluctuating economic conditions.42. An Authorised Firmshould have in place a system for monitoring the overall quality of its Credit Risk Exposuresunder normal and stressful conditions. There should also be a reporting system which s management to aggregate Exposuresapproaching various pre-set portfolio limits.43. An Authorised Firmshould be mindful of business and economic cycles and regularly stress-test their portfolios against adverse market scenarios. Adequate contingency planning should be developed in conjunction with stress-testing to address the possibility of crises developing in a very rapid fashion.44. Appropriate stress testing of credit Exposurescan be an essential part of the credit management process. Examination of the potential effects of economic or industry downturns, market events, changes in interest rates, changes in foreign exchange rates and changes in liquidity conditions can provide valuable information about an Authorised Firm's Credit Risk. This information can be utilised to inform the Authorised Firm'son-going credit strategy.45. As new techniques for Credit Riskmanagement, monitoring and reporting are developed, the Authorised Firmshould ensure they are tested and evaluated before undue reliance is placed upon them.46. Where the account officer for a credit (or customer relationship manager, branch manager or similar) moves on, the incoming officer should carry out a take-over review. The review should cover inter alia the credit-worthiness of the borrowers, the adequacy of the documentation, compliance with covenants, performance of each loan and the existence and value of any Collateral.
Exposures47. An Authorised Firmshould have processes for the timely identification and management of problem Exposures. These processes should be described in the Credit Riskpolicy.48. An Authorised Firminvolved in providing credit should establish a dedicated unit to handle the recovery and work-out of problem loans and should establish policies for the referral of loans to this unit.49. An Authorised Firmshould ensure that its loan portfolio is properly classified and has an effective early-warning system for problem loans.50. An Authorised Firmshould develop and implement internal risk rating systems for managing Credit Risk. The rating system should be consistent with the nature, size and complexity of the Authorised Firm'sactivities. In using internal risk ratings, an Authorised Firmshould seek to achieve a high granularity in the rating system and adopt multiple grades for loans that are not yet irregular and to develop the ability to track the migration of individual loans through the various internal credit ratings.51. Depending on the size and nature of the Authorised Firm, it may be appropriate for problem Exposuresto be managed by a specialised function, independent of the functions that originate the business or maintain the on-going business relationship with the Counterparty.52. Exposuresidentified as problems or potential problems should be closely monitored by management, and an Authorised Firmshould set out, for example, whether a loan grading system or a watch or problem list is used and, in the latter case, the criteria for adding an asset to or taking an asset off that list.53. It is recommended that Authorised Firmsestablish a dedicated unit to handle the recovery and work-out of problem loans and put in place policies for the referral of loans to this unit.54. An Authorised Firmshould have adequate procedures for recovering Exposuresin arrears or those which had provisions made against them. These should allocate responsibility both internally and externally for its arrears management and recovery and define the involvement of the Authorised Firm'ssolicitors.55. Requirements relating to provisioning against loss on problem Exposuresare covered in PIB chapter 4.
Risk mitigation56. Various methods can be used to mitigate
Credit Risk, such as taking security or Collateral, obtaining a guarantee from a third party, purchasing insurance or Credit Derivatives. Authorised Firmsshould view these as complementary to, rather than a replacement for, thorough credit analysis and procedures.57. In controlling Credit Risk, an Authorised Firmmay utilise certain mitigation techniques. Normally, they include:a. accepting Collateral, standby letters of credit and guarantees;b. entering into Nettingarrangements,c. setting strict loan covenants; andd. using Credit Derivativesand other hedging instruments.58. In determining which types of credit mitigation techniques should be used, firms should also consider:a. their own knowledge and experience in using such techniques;b. cost-effectiveness;c. type and financial strength of the Counterpartiesor Issuers;d. correlation with the underlying credits;e. availability, liquidity and realisability of the credit mitigation instruments;f. the extent to which legally recognised documentation, e.g. ISDA Master Agreement, can be adopted; andg. the degree of supervisory recognition of the mitigation technique.59. While mitigation through Collateraland guarantees is usually dealt with at the time of granting of credits, Credit Derivativesand Nettingare often employed after the credit is in place, or used to manage the overall portfolio risk. When the mitigation arrangements are in place they should then be controlled. Authorised Firmsshould have written policies, procedures and controls for the use of credit mitigation techniques. They should also ensure adequate systems are in place to manage these activities.60. Authorised Firmsshould revalue their Collateraland mitigation instruments on a regular basis. The method and frequency of revaluation depends on the nature of the hedge and the products involved.61. If an Authorised Firmtakes security or Collateral, on credit facilities, appropriate policies and procedures should be documented covering:a. the types of security or Collateralconsidered;b. procedures governing the valuation and revaluation of security or Collateralincluding the basis of valuation;c. policies governing the taking of security or Collateral, including obtaining appropriate legal title; andd. policies governing possession of security or Collateral.62. The value of security and Collateralshould be monitored at an appropriate frequency. For example, commercial property might be revalued annually, whereas Securitiesprovided as Collateralshould be marked to market usually on a daily basis. Residential property may not need to be revalued annually, but information should be sought as to general market conditions.63. When taking Collateralin support of an Exposure, an Authorised Firmshould ensure that legal procedures have been followed, to ensure the Collateralcan be enforced if required.64. An Authorised Firmshould consider the legal and financial ability of a guarantor to fulfil the guarantee if called upon to do so.65. An Authorised Firmshould analyse carefully the protection afforded by risk mitigants such as Nettingagreements or Credit Derivatives, to ensure that any residual Credit Riskis identified, measured, monitored and controlled.66. An Authorised Firmproviding mortgages at high loan-to-value ratios should consider the need for alternative forms of protection against the risks of such lending, including mortgage indemnity insurance, to protect against the risk of a fall in the value of the property.
Record keeping67. The
Authorised Firmshould maintain appropriate records of:a. credit Exposures, including aggregations of credit Exposures, by:i. Groupsof Connected Counterparties; andii. types of Counterpartyas defined, for example, by the nature or geographical location of the Counterparty;b. credit decisions, including details of the facts or circumstances upon which a decision was made; andc. information relevant to assessing current credit quality.68. Credit records should be retained for at least six years, subject to any requirement in the Rulesrequiring such records to be kept for a longer period.69. It is important that sound and legally enforceable documentation is in place for each credit agreement as this may be called upon in the event of a default or dispute. An Authorised Firmshould therefore consider whether it is appropriate for an independent legal opinion to be sought on documentation used by the Authorised Firm. Documentation should be in place before the Authorised Firmenters into a contractual obligation or releases funds.
Country and transfer risk
Exposure70. PIB chapter 4 does not provide limits on the size of an Authorised Firm's Exposureto a particular country or region. However, an Authorised Firmwhich has Large Exposuresin a country or region should include in its Credit Riskpolicy:a. the geographical areas in which the Authorised Firmdoes or intends to do business;b. its definition of Credit Risk Exposureand transfer risks (such as exchange restrictions) associated with doing business in each country or region;c. how to measure its total Exposurein each country or region and across several countries or regions;d. the types of business the Authorised Firmintends to undertake in each country or region;e. limits on Exposuresto an individual country or region which the Authorised Firmdeals with, and sub-limits for different types of business if appropriate;f. the procedure for setting and reviewing country or regional limits; andg. the process by which the Authorised Firm'sactual country or regional Exposureswill be monitored against limits and the procedure to be followed if the limits are breached.71. When setting country or regional limits, an Authorised Firmshould consider:a. the economic and political circumstances prevailing in the country or region;b. the transfer risks associated with any particular country or region;c. the type and maturity of business undertaken by the Authorised Firmin a particular country or region;d. the Authorised Firm'sexisting concentration of country or regional risk;e. the source of funding for the country or regional Exposure; andf. sovereign or other guarantees offered.
Provisioning72. Depending upon the nature of the
Authorised Firmand its business, the Authorised Firm'sprovisioning policy should set out:a. who has responsibility for reviewing the provisioning policy and approving any changes;b. how frequently the policy should be reviewed;c. when the review will take place, including the circumstances in which a review might be more frequent;d. who has primary responsibility for ensuring the provisioning policy remains appropriate, including any division of responsibilities;e. the areas of its business to which the provisioning policy relates — it should include both on balance sheet and off balance sheet Exposuresand assets;f. where it takes different approaches to different lines of its business and the key features of those differences;g. who has responsibility for monitoring its asset portfolio on a regular basis in order to identify problem or potential problem assets and the factors it takes into account in identifying them;h. whether a loan grading system or a watch or problem list is used and, in the latter case, the criteria for adding an asset to or taking an asset off that list;i. the extent to which the value of any Collateral, guarantees or insurance which the Authorised Firmholds affects the need for or size of provision;j. on what basis the Authorised Firmmakes its provisions, including the extent to which the level of provisioning is left to managerial judgement or to a committee or involves specified formulae and the methodologies or debt management systems and other formulae used to determine provisioning levels for different business lines and the factors applied within these methodologies;k. who is responsible for ensuring that the Authorised Firm'sprovisioning policy is being implemented properly, and the measures the Authorised Firmhas in place if its provisioning polices are not adhered to;l. who is responsible for the regular reviews of the Authorised Firm'sspecific and general provisions and who decides whether provision levels are satisfactory. The reviews should take account of changes in the status of the Exposuresand potential losses and changes in the conditions associated with them;m. the reports used to enable management to ensure that the Authorised Firm'sprovisioning levels remain satisfactory, the frequency and purpose of those reports and their circulation;n. the procedures for recovering Exposuresin arrears or Exposureswhich have had provisions made against them, including who has responsibility both internally and externally for its arrears management and recovery and the involvement of the Authorised Firm'ssolicitors;o. the procedures and methodologies for writing off and writing back provisions, including treatment of interest and who has the relevant responsibility for determining these;p. the frequency of any review of its write off experience against provisions raised; such a review can help identify whether an Authorised Firm'spolicies result in over or under provisioning across the business cycle, and contribute to a general review of an Authorised Firm'sprovisioning policy and the design of any loan grading systems, Credit Riskmodels, and risk pricing; andq. the Authorised Firm'sprocedures and methodologies for calculating and raising provisions for contingent and other liabilities, how frequently they should be reviewed and who has the relevant responsibilities. Other liabilities include the crystallisation of contingent liabilities such as acceptances, endorsements, guarantees, performance bonds, indemnities, irrevocable letters of credit and the confirmation of documentary credits.73. Provisions may be general (against the whole of a given portfolio) or specific (against particular Exposuresidentified as bad or doubtful), or both. The DFSAexpects contingent liabilities and anticipated losses to be recognised in accordance with the applicable accounting standards.74. Appropriate systems and controls for provisions vary with the nature, scale and complexity of the credit granted. An Authorised Firmfor which the extension of credit is a substantial part of its business is expected to have greater regard to developing, implementing and documenting a provisioning policy than an Authorised Firmfor which Credit Riskis incidental to the operation of its business.75. The DFSArecognises that the frequency with which an Authorised Firmreviews its provisioning policy once it has been established will vary from firm to firm. However, the DFSAexpects an Authorised Firmto review its policy to ensure it remains appropriate for the business it undertakes and the economic environment in which it operates. The provisioning policy should be reviewed at least annually by the Governing Body.Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]