IRRBB
Interest Rate and Rate Of Return Risk in the Banking Book Regulation
C 165/2018 Effective from 29/8/2018Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, Banks exposed to interest rate and rate of return risk in the banking book (IRRBB) must have appropriate policies, processes, procedures, systems and controls to identify, measure, monitor, report on, control and mitigate such risks.
In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approaches to the management of (IRRBB) are in line with leading international practices.
This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where this Regulation or its accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements, which are additional to the list provided in the relevant article.
Objective
The objective of these Regulations is to establish minimum requirements for (IRRBB) management for Banks, with a view to:
i. Ensuring the soundness of Banks; and
ii. Enhancing financial stability.
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to the management of (IRRBB).
Scope of Application
This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with significant Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation and Standards are adhered to on a solo and Group-wide basis.
This Regulation and Standards must be read in conjunction with the Risk Management Regulation and Standards, which establish the requirements for a Bank’s overarching approach to risk management.
Article 1: Definitions
- Affiliate: An entity that, directly or indirectly, controls is controlled by or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity or of the power to direct or cause the direction of the management of another entity.
- Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a Bank.
- Board: The Bank’s Board of Directors.
- Banking Book: Positions in financial instruments that are expected to be held to maturity.
- Central Bank: The Central Bank of the United Arab Emirates.
- Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of
- Central Bank regulations: any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
- Group: a group of entities which includes an entity (the ‘first entity’) and:
- a) any Parent of the first entity;
- b) any Subsidiary of the first entity or of any Parent of the first entity; and
- c) any Affiliate.
- a) any Parent of the first entity;
- Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
- Parent: an entity (the ‘first entity’) which:
- a) holds a majority of the voting rights in another entity (the ‘second entity’);
- b) is a shareholder of the second entity and has the right to appoint or remove a majority of the board or managers of the second entity; or
- c) is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity.
Or;
d) if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
- a) holds a majority of the voting rights in another entity (the ‘second entity’);
- Risk appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
- Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risk limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
- Risk limits: Specific quantitative measures that must not be exceeded based on, for example, forward looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations or other measures as appropriate.
- Risk profile: Point in time assessment of the Bank’s gross (before the application of any mitigants) or net (after taking into account mitigants) risk exposures aggregated within and across each relevant risk category based on current or forward-looking assumptions.
- Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including but not limited to the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
- Subsidiary: an entity (the ‘first entity’) is a subsidiary of another entity (the ‘second entity’) if the second entity:
- a) holds a majority of the voting rights in the first entity;
- b) is a shareholder of the first entity and has the right to appoint or remove a majority of the board or managers of the first entity; or
- c) is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity.
Or;
d) if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.
- a) holds a majority of the voting rights in the first entity;
- Trading Book: Positions in financial instruments and commodities held either with trading intent or in order to hedge other elements of the trading book.
- Affiliate: An entity that, directly or indirectly, controls is controlled by or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity or of the power to direct or cause the direction of the management of another entity.
Article 2: Risk Governance Framework
- A Bank must have an appropriate IRRBB strategy and risk governance framework that provides a bank-wide and if applicable Group-wide view of IRRBB. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of IRRBB on a timely basis.
- A Bank’s IRRBB strategy, policies and processes must be consistent with the risk appetite statement, risk profile and systemic importance of the Bank, taking into account market and macroeconomic conditions.
- A Bank’s IRRBB strategy, policies, and processes must be reviewed at least annually and appropriately adjusted, where necessary, in line with the Bank’s changing risk profile and market developments.
- A Bank’s strategy, policies and processes for IRRBB must be approved and reviewed at least annually by the Board.
- The Senior Management must ensure that the strategy, policies and processes are developed and implemented effectively.
- A Bank’s policies and processes must establish an appropriate and properly controlled IRRBB environment, including, at a minimum, the following items:
- Comprehensive and appropriate interest rate risk measurement systems;
- Regular review and independent (internal or external) validation of any models used by the functions tasked with managing IRRBB, including review of key model assumptions;
- Appropriate limits that are approved by the Board and Senior Management and that reflect the Bank’s risk appetite, risk profile and capital strength, and are understood by and regularly communicated to, relevant staff;
- Effective processes for exception tracking and reporting which ensure prompt action at the appropriate level of the Senior Management or Board, where necessary; and
- Effective information systems for accurate identification, aggregation, monitoring and timely reporting of IRRBB exposure to the Board and Senior Management.
- Comprehensive and appropriate interest rate risk measurement systems;
- A Bank must have an appropriate IRRBB strategy and risk governance framework that provides a bank-wide and if applicable Group-wide view of IRRBB. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of IRRBB on a timely basis.
Article 3: Risk Management Function
- A Bank’s risk management function must include policies, procedures and systems for monitoring and reporting to ensure that IRRBB exposures are aligned with the Bank’s strategy and business plan and consistent with the Board approved risk appetite statement and individual risk limits, as well as the systemic importance of the Bank, taking into account market and macroeconomic conditions.
- A Bank’s risk management function must include policies, procedures and systems for monitoring and reporting to ensure that IRRBB exposures are aligned with the Bank’s strategy and business plan and consistent with the Board approved risk appetite statement and individual risk limits, as well as the systemic importance of the Bank, taking into account market and macroeconomic conditions.
Article 4: Risk Measurement and Use Of Models
- A Bank must have comprehensive and appropriate interest rate risk measurement systems, which generate a quantification of the threat to earnings and economic value from IRRBB.
- A Bank must ensure that there is a regular review and independent (internal or external) validation of any models used by the functions tasked with managing interest rate risk (including review of key model assumptions).
- A Bank must have comprehensive and appropriate interest rate risk measurement systems, which generate a quantification of the threat to earnings and economic value from IRRBB.
Article 5: Stress Testing
- A Bank must include appropriate scenarios in its stress testing programs to measure its vulnerability to loss under adverse interest rate movements, including but not limited to the impact on the banking book of a standardized interest rate shock as prescribed by the Central Bank.
- A Bank must ensure that its internal capital measurement systems adequately capture IRRBB.
- A Bank must include appropriate scenarios in its stress testing programs to measure its vulnerability to loss under adverse interest rate movements, including but not limited to the impact on the banking book of a standardized interest rate shock as prescribed by the Central Bank.
Article 6: Information Systems and Internal Reporting
- A Bank must have information systems that enable it to identify, accurately aggregate, monitor and report IRRBB to the Board and Senior Management on a timely basis, in formats suitable for their use.
- A Bank must have information systems that enable it to identify, accurately aggregate, monitor and report IRRBB to the Board and Senior Management on a timely basis, in formats suitable for their use.
Article 7: Reporting Requirements
- Banks must report to the Central Bank on their IRRBB exposure in the format and frequency prescribed in the Standards.
- A Bank must provide upon request any specific information with respect to IRRBB that the Central Bank may require.
- A Bank must promptly notify the Central Bank when it becomes aware of a significant deviation from the Board-approved IRRBB risk limits, policies or procedures or becomes aware that a material interest rate risk has not been adequately addressed.
- Banks must report to the Central Bank on their IRRBB exposure in the format and frequency prescribed in the Standards.
Article 8: Islamic Banking
- A Bank offering Islamic financial services must apply the provisions of this Regulation, subject to such adjustments as are necessary, in relation to its RoRR (rate of return risk).
- A Bank offering Islamic financial services must establish a comprehensive risk management and reporting process to assess the potential impacts of market factors affecting rates of return on assets in comparison to rates paid on its liabilities.
- A Bank offering Islamic financial services must have in place an appropriate framework for managing displaced commercial risk, where applicable.
- A Bank offering Islamic financial services must apply the provisions of this Regulation, subject to such adjustments as are necessary, in relation to its RoRR (rate of return risk).
Article 9: Enforcement
- Violation of any provision of this Regulation and the accompanying Standards shall be subject to supervisory action as deemed appropriate by the Central Bank.
Article 10: Interpretation of Regulations
- The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.
Article 11: Cancellation of Previous Notices
- These Regulation and the accompanying Standards replace all previous Central Bank Regulations and Notices with respect to IRRBB.
Article 12: Publication and Application
- This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.
Interest Rate and Rate of Return Risk in the Banking Book Standards
C 165/2019 STAIntroduction
- 1.These Standards form part of the Interest Rate and Rate of Return Risk in the Banking Book (IRRBB) Regulation. All Banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.
- 2.Banks offering Islamic financial services must apply the same principles to address rate of return risk.
- 3.IRRBB is a normal part of banking and can be an important source of profitability and shareholder value to a bank. However, excessive IRRBB can pose a significant threat to a Bank’s earnings and capital base. Changes in interest rates affect a Bank’s earnings by changing its net interest income and the level of other interest-sensitive income and operating expenses. Changes in interest rates also affect the underlying value of a Bank’s assets, liabilities and off-balance sheet items, as the present value of future cash flows change. Accordingly, an effective risk management process that maintains IRRBB within prudent levels is essential to the safety and soundness of a Bank.
- 4.A Bank’s Board is in ultimate control of the bank and accordingly ultimately responsible for the bank’s approach to IRRBB. There is no one-size-fits-all or single best solution. Accordingly, each bank could meet the minimum requirements of the Regulation and Standards in different ways and thus may adopt an organizational framework appropriate to the risk profile, nature, size and complexity of its business and structure. The onus is on the Bank’s Board to demonstrate that it has implemented an approach that adequately addresses IRRBB. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards.1
- 5.The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.
1 The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited in the Standards.
Article 1: Definitions
- 1.Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
- 2.Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.
- 3.Basis risk: The risk of loss arising from imperfect correlation in changes of the rates earned and paid on different instruments with otherwise similar re-pricing characteristics.
- 4.Board: The Bank’s Board of Directors.
- 5.Central Bank: The Central Bank of the United Arab Emirates.
- 6.Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
- 7.Central Bank regulation: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
- 8.Displaced commercial risk: Market pressure to pay a return that exceeds the rate earned on assets financed by the investment account holders of a Bank offering Islamic financial services in order to attract or retain funds provided by investment account holders.
- 9.Group: a group of entities that includes an entity (the ‘first entity’) and:
- a.any Parent of the first entity;
- b.any Subsidiary of the first entity or of any Parent of the first entity; and
- c.any Affiliate.
- 10.Interest rate risk (IRR): The risk of loss arising from changes in interest rates. Interest rate risk has a number of manifestations, including basis risk, optionality, re-pricing risk and yield curve risk and can present itself in a Bank’s banking book and in its trading book.
- 11.Interest rate risk in the banking book (IRRBB): The risk of loss in the banking book caused by changes in interest rates.
- 12.Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
- 13.Option risk: The risk of loss arising from the exercise by a counterparty of an option to re-price, redeem or change maturity of bank assets, liabilities or off balance sheet items.
- 14.Parent: an entity (the ‘first entity’) which:
- a.holds a majority of the voting rights in another entity (the ‘second entity’);
- b.is a shareholder of the second entity and has the right to appoint or remove a majority of the Board or managers of the second entity; or
- c.is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity;
Or; - d.If the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
- 15.Rate of return risk: The risk that unexpected changes in market rates of return adversely affect the earnings of a Bank offering Islamic financial services.
- 16.Re-pricing risk: The risk of loss arising from timing differences in the maturity (for fixed-rate) and re-pricing (for floating-rate) of Bank assets, liabilities and off-balance sheet positions.
- 17.Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and approach to risk management; articulate and monitor adherence to the risk appetite and risks limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
- 18.Risk limits: Specific quantitative measures, which may not be exceeded, based on, for example, forward looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations or other measures as appropriate.
- 19.Risk Management function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on a Bank and if applicable Group-wide basis.
- 20.Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including but not limited to the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
- 21.Subsidiary: an entity (the ‘first entity’) is a subsidiary of another entity (the ‘second entity’) if the second entity:
- a.holds a majority of the voting rights in the first entity;
- b.is a shareholder of the first entity and has the right to appoint or remove a majority of the Board or managers of the first entity; or
- c.is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity;
Or; - d.If the first entity is a subsidiary of another entity that is itself a subsidiary of the second entity.
- 22.Yield curve risk: The risk of loss arising from unanticipated shifts of the yield curve adversely effecting a Bank’s earnings or economic value.
Article 2: Risk Governance Framework
- 1.A Bank must establish, implement and maintain an interest rate and rate of return risk governance framework, which enables it to identify, assess, monitor, mitigate and control interest rate risk. The interest rate and rate of return risk governance framework consists of policies, processes, procedures, systems and controls.
- 2.The interest rate and rate of return risk governance framework must be documented and approved by the Board of the Bank and must provide for a sound and well-defined framework to address the Bank’s interest rate and rate of return risk.
- 3.A Bank’s Board is responsible for establishing, maintaining and overseeing a robust interest rate and rate of return risk governance framework which must take into account the risk profile, nature, size and complexity of the Bank’s business and structure.
- 4.A Bank’s interest rate and rate of return risk governance framework must address the following with respect to IRRBB:
- a.Effective oversight by the Board;
- b.Adequate risk management policies and procedures;
- c.Larger and more complex Banks must address IRRBB as part of the asset and liability management process, which must include an Assets and Liability Management Committee (ALCO) or other designated committee;
- d.Capturing all material sources and accurately measuring IRRBB;
- e.Effective processes for analyzing and assessing IRRBB;
- f.Regular monitoring of the IRRBB profile;
- g.Monitoring and enforcement of IRRBB limits;
- h.Stress-testing of IRRBB and use of results in decision-making;
- i.Oversight by the risk management function;
- j.Independent assurance by the internal audit function; and
- k.Regular reporting to Senior Management and the Board.
- 5.The Board-approved risk appetite statement must specify authorized activities, investments and instruments and specify any activities, investments and instruments, which are not consistent with the Bank’s risk appetite.
- 6.A Bank must clearly define the individuals, functions and/or committees responsible for managing interest rate risk and must ensure that there is adequate separation of duties in the risk management process to avoid conflicts of interest.
- 7.A Bank must have risk measurement, monitoring and control functions with clearly defined duties that are sufficiently independent from position-taking functions and the finance function and which report interest rate risk exposures directly to Senior Management and the Board.
Article 3: Risk Management Function
- 1.Larger or more complex banks must have an ALCO or other designated committee, which addresses IRRBB. The control functions carried out by the ALCO or other designated committee, such as administering the risk limits are part of the overall risk management and internal control system.
- 2.The personnel charged with measuring, monitoring and controlling interest rate risk must have a well-founded understanding of all types of interest rate risk faced throughout the Bank.
- 3.The goal of a Bank’s interest rate risk management must be to maintain a Bank’s interest rate risk exposure within self-imposed parameters over a range of possible changes in interest rates. The limits must be appropriate to the size, complexity and capital adequacy of the Bank, as well as its ability to measure and manage its risk.
Article 4: Interest Rate Risk Measurement and Use of Models
- 1.A Bank must have an interest rate risk measurement systems that assesses the effects of rate changes on both earnings and economic value. These systems must provide meaningful measures of a Bank’s current levels of interest rate risk exposure and must be capable of identifying any excessive exposures that might arise.
- 2.As a general rule, a Bank’s measurement systems must incorporate interest rate risk exposures arising from the full scope of a Bank’s activities, including both trading and non-trading sources, to enable management to have an integrated view of interest rate risk across products and business lines. This does not preclude different measurement systems and risk management approaches being used for different activities.
- 3.A Bank’s interest rate risk measurement system must address all material sources of interest rate risk, including re-pricing, yield curve, basis and options risk exposures. While all of a Bank’s holdings must receive appropriate treatment, concentrations and instruments which might significantly affect a Bank’s aggregate position, must receive rigorous treatment. Instruments with significant embedded or explicit option characteristics must receive special attention.
- 4.At a minimum on a monthly basis, a Bank must prepare a maturity/re-pricing schedule with indicators of the interest rate risk sensitivity of both earnings and economic value, based on both a contractual and behavioral basis. Systemically important Banks must employ more sophisticated interest rate risk measurement systems, including simulation techniques.
- 5.In designing interest rate risk measurement systems, a Bank must ensure that the degree of detail about the nature of their interest-sensitive positions is commensurate with the complexity and risk inherent in these positions.
- 6.A Bank must also consider its dependency on various funding sources since a sudden withdrawal of these funds can have an adverse effect on earnings and economic value through basis risk, re-pricing risk and yield curve risk.
Article 5: Stress Testing
- 1.A Bank must, at a minimum, include in its stress test scenarios the impact of a 200 basis point upward and downward parallel change in interest rates in addition to other scenarios which the Bank determines are appropriate considering the risk profile, nature, size and complexity of its business and structure. A Bank, which is exposed to an economic value decline exceeding 20 percent of total capital from this standardized 200 basis point interest rate shock (or some other level determined by the Central Bank) will be required by the Central Bank to reduce its risk and/or hold additional capital.
- 2.Other stress scenarios which a Bank may use include, but are not limited to, more severe changes in the general level of interest rates, changes in the relationships among key market rates (basis risk), changes in the slope and shape of the yield curve (yield curve risk), changes in the liquidity of key financial markets or changes in the volatility of market rates. In addition, stress scenarios must include conditions under which key business assumptions and parameters break down. A Bank’s Internal Capital Assessment Process must address IRRBB exposures as part of Pillar 2.
Article 6: Information Systems and Internal Reporting
- 1.A Bank’s systems must support supervisory reporting requirements for IRRBB as provided in these Standards as well as provision of IRRBB reports to all relevant parties within the Bank on a timely basis and in a format commensurate with their needs.
- 2.The processes for aggregating the necessary data and producing supervisory and internal IRRBB management reports must be fully documented. These must include standards, cut-off times and schedules for report production. The aggregation and reporting process must be subject to high standards of validation through periodic review by the internal audit function using staff with specific systems, data and reporting expertise, particularly where the process requires substantial manual intervention.
- 3.Interest rate risk reports to Senior Management and the Board must provide aggregate information as well as sufficient supporting detail to enable Senior Management and the Board to assess the sensitivity of the Bank to changes in market conditions and other important risk factors.
Article 7: Reporting Requirements
- 1.A Bank must submit to the Central Bank the Report on Interest Rate in the Banking Book’ on a quarterly basis.
- 2.A bank offering Islamic financial services must submit to the Central Bank the Report on Rate of Return Risk on a quarterly basis.
Article 8: Islamic Banking
- 1.A Bank providing Islamic financial services must be aware of the factors that give rise to rate of return risk (RoRR), primarily increasing long-term fixed profit rates. (RoRR) is generally associated with overall balance sheet exposures of Banks offering Islamic financial services where mismatches arise between assets and balances from fund providers.
- 2.Cash flow forecasting is central to the measurement and management of RoRR. Banks offering Islamic financial services must consider behavioural maturity in addition to contractual maturity and re-pricing dates for instruments and contracts, and other relevant parameters. Depending on the size and complexity of the Bank, measurement techniques may include simple gap analysis, more advanced simulations or dynamic approaches to assess future cash flow variability and the impact on economic value and income.
- 3.A Bank offering Islamic financial services must assess, monitor and manage its dependency on current account holders funds, as a sudden withdrawal of these funds can have an adverse impact on the overall potential rate of return for the holders of the Bank.
- 4.A consequence of RoRR may be displaced commercial risk. As part of an appropriate framework for the management of displaced commercial risk, a Bank offering Islamic financial services must have in place a policy and framework for managing the expectations of its shareholders and investment account holders and monitoring the market rates of returns of competitors.