Entire Section | CBUAE Rulebook

Banking

Capital Adequacy

Regulations Re Capital Adequacy
C 52/2017 Effective from 23/2/2017

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, banks are required to manage their capital in a prudent manner. It is important that banks’ risk exposures are backed by a strong capital base of high quality in order to contribute to the stability of the financial system of the UAE.
In introducing these Capital Adequacy Regulations, the Central Bank intends to ensure that banks’ capital adequacy is in line with revised rules outlined by the Basel Committee on Banking Supervision in ‘Basel III: A global regulatory framework for more resilient banks and banking systems’, commonly referred to as ‘Basel III’. These Regulations are supported by accompanying Standards, which elaborate on the supervisory expectations of the Central Bank with respect to capital adequacy requirements.
These Regulations and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where these Regulations, or their accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements, which are additional to the listing provided in the relevant article.

Objective
The objective of these Regulations is to establish minimum capital adequacy requirements for banks with a view to:
1. i. Ensuring the soundness of banks; and
2. ii. Enhancing financial stability.

Scope of Application
These Regulations and the accompanying Standards apply to all banks. Banks must ensure that these Regulations and Standards are adhered to on the following two levels:
1. The solo level capital adequacy ratio requirements, which measure the capital adequacy of an individual bank based on its standalone capital strength; and
2. The group level capital adequacy ratio requirements, which measure the capital adequacy of a bank based on its capital strength and risk profile after regulatory consolidation of assets and liabilities of its subsidiaries.

Article (1): Definitions
1. Bank: A financial institution which is authorized by the Central Bank to accept deposits as a bank.
2. Central Bank: The Central Bank of the United Arab Emirates.
3. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
4. Terminology used in these Regulations: As defined in the Basel III capital framework, for example ‘Basel III: A global regulatory framework for more resilient banks and banking systems’ published by the Basel Committee for Banking Supervision in December 2010 and revised in June 2011.

Article (2): Quantitative Requirements
1. Total regulatory capital comprises the sum of the following items:
  1. Tier 1 capital, composed of
    1. Common Equity Tier 1 (CET1) and
    2. Additional Tier 1 (AT1);
  2. Tier 2 capital.
2. All regulatory capital components referred to in Article 2.1 are net of regulatory adjustments. A bank must comply with the following minimum requirements, at all times:
  1. CET1 must be at least 7.0% of risk weighted assets (RWA);
  2. Tier 1 Capital must be at least 8.5% of RWA;
  3. Total Capital, calculated as the sum of Tier 1 Capital and Tier 2 Capital, must be at least 10.5% of RWA.
3. Based on the outcome of the Supervisory Review and Evaluation Process conducted by the Central Bank, a bank may be subject to an additional capital add-on, also referred to as individual supervisory capital guidance requirement (SCG). Banks concerned must comply with the individual SCG requirement, set by the Central Bank

Article (3): Capital Components
1. CET1 capital comprises the sum of the following items:
  1. Common shares issued by a bank which are eligible for inclusion in CET1;
  2. Share premium resulting from the issue of instruments included in CET1;
  3. Retained earnings;
  4. Legal reserves;
  5. Statutory reserves;
  6. Accumulated other comprehensive income and other disclosed reserves;
  7. Common shares issued by consolidated subsidiaries of a bank and held by third parties, also referred to as minority interest, which are eligible for inclusion in CET1;
  8. Regulatory adjustments applied in the calculation of CET1.
2. AT1 capital comprises the sum of the following items:
  1. Instruments issued by a bank which are eligible for inclusion in AT1 and are not included in CET1;
  2. Stock surplus, or share premium, resulting from the issue of instruments included in AT1;
  3. Instruments issued by consolidated subsidiaries of the bank and held by third parties which are eligible for inclusion in AT1 and are not included in CET1;
  4. Regulatory adjustments applied in the calculation of AT1.
3. Tier 2 capital comprises the sum of the following items:
  1. Banks using the standardized approach for credit risk: general provisions/general loan loss reserves up to a maximum of 1.25 % of credit RWA;
  2. Perpetual equity instruments, not included in Tier 1 capital;
  3. Share premium resulting from the issue of instruments included in Tier 2 capital;
  4. Instruments which are eligible for inclusion of Tier 2;
  5. Perpetual instruments issued by consolidated subsidiaries, not included in Tier 1 capital;
  6. Regulatory adjustments applied in the calculation of Tier 2.
4. Profit-sharing investment accounts must not be classified as part of an Islamic bank’s regulatory capital as referred to in Article 2 of these Regulations.
5. Investment risk reserves and a portion of the profit equalization reserve (PER), if any, belong to the equity of investment account holders, and thus must not be used in the calculation of an Islamic bank’s regulatory capital. As the purpose of a PER is to smooth the profit payouts and not to cover losses, any portion of a PER that is part of the Islamic bank’s reserves must not be treated as regulatory capital as referred to in Article 2 of these Regulations.

Article (4): Regulatory Adjustments
1. The following regulatory adjustments must be applied to CET1 capital:
  1. Goodwill and other intangibles;
  2. Deferred tax assets;
  3. Cash Flow hedge reserve;
  4. Gain on sale related to securitization transactions;
  5. Cumulative gains and losses due to changes in own credit risk on fair valued financial liabilities;
  6. Defined benefit pension fund assets and liabilities;
  7. Investments in own shares, or treasury stock;
  8. Reciprocal cross holdings in the capital of banking, financial and insurance entities;
  9. Investments in the capital of banking, financial and insurance entities, that are outside the scope of regulatory consolidation and where the bank does not own more than 10% of the issued common share capital of the entity;
  10. Significant investments in capital of banking, financial and insurance entities that are outside the scope of regulatory consolidation;
  11. Threshold deductions.
2. For the following items, which under Basel II were deducted 50% from Tier 1 and 50% from Tier 2, or had the option of being deducted or risk weighted, banks must apply a risk weight, which is calculated as the reciprocal of the minimum requirement of the Total Capital.
  1. Certain securitization exposures;
  2. Non-payment/delivery on non-Delivery-versus-Payment and non-Payment-versus-Payment transactions;
  3. Significant investments in commercial entities.

Article (5): Capital Conservation Buffer

In addition to the minimum CET1 capital of 7.0% of RWA, banks must maintain a capital conservation buffer (CCB) of 2.5% of RWAs in the form of CET1 capital
Outside of periods of stress, banks are encouraged to hold buffers of capital above the capital adequacy requirements
A bank that does not comply with the buffer requirement:
1. Must restrict its dividends pay out to its shareholders in accordance with table 1;
2. Must have a definite plan to replenish the buffer as part of its internal capital adequacy assessment process;
3. Must bring the buffer to the required level within a time limit agreed with the Central Bank; and
4. Will be monitored closely by the Central Bank.

Table 1 Individual Bank Minimum Capital Conservation Standards
CET 1 Ratio	Minimum Capital Conservation Ratios (expressed as a percentage of earnings)
7.0% - 7.625%	100%
> 7.625% - 8.25%	80%
> 8.25% - 8.875%	60%
> 8.875% - 9.5%	40%
> 9.5%	0%

Article (6): Countercyclical Buffer
To achieve the broader macro-prudential goal of protecting the banking sector from periods of excess aggregate credit growth and in addition to the CCB requirements, banks may be required to implement the countercyclical buffer (CCyB). Banks must meet the CCyB requirements by using CET1 capital. The level of the CCyB requirements will vary between 0% - 2.5% of RWA and be communicated by the Central Bank with an adequate notice period.

Article (7): Domestic Systemically Important Banks
Banks classified as domestically systemically important banks will be required to hold additional capital buffers applied to CET1. Banks concerned will be notified by the Central Bank.

Article (8): Disclosure Requirements
1. To help improve transparency of regulatory capital and market discipline, banks will be required, at a minimum, to disclose the following items:
  1. Full reconciliation of all regulatory capital elements back to the balance sheet in the audited financial statements;
  2. Separate disclosure of all regulatory adjustments and the items not deducted from Common Equity Tier 1 according to paragraphs 87 and 88 of Basel III;
  3. Description of all limits and minima, identifying the positive and negative elements of capital to which the limits and minima apply;
  4. Description of the main features of capital instruments issued;
  5. Banks, which disclose ratios involving components of regulatory capital, for example ‘Equity Tier 1’, ‘Core Tier 1’ or ‘Tangible Common Equity’ ratios, must accompany such disclosures with a comprehensive explanation of how these ratios are calculated;
  6. Full terms and conditions of all instruments included in the regulatory capital. Issuances that fall under a grandfathering rule are exempted.

Article (9): Transitional Arrangements

For the purpose of the value calculation of the following items:
1. Regulatory adjustments referred to in Article 4.1 of these Regulations; and
2. Capital issued from a subsidiary, also referred to as minority interest;
banks must apply the following percentages:
1. a) 80% for the time period from 1^st January 2017 to 31^st December 2017;
2. b) 100% for the time period starting from 1^stJanuary 2018.
Capital instruments that no longer qualify as non-common equity Tier 1 capital or Tier 2 capital will be phased out over a time horizon of 10 years, starting from 1^st January 2017. The detailed phasing out rules of such capital instruments will be set out in the Standards.
Capital instruments included in CET1 that do not meet the requirements of these Regulations will be excluded from CET1 starting from 31^st December 2017.
Table 2: Minimum Transitional Arrangements:

Table 2: Minimum Transitional Arrangements
Capital Element	Basel II 2016	Basel III 2017	Basel III 2018	Basel III 2019
Minimum Common Equity Tier 1 Ratio	-	7.0%	7.0%	7.0%
Minimum Tier 1 Capital Ratio	8.0%	8.5%	8.5%	8.5%
Minimum Capital Adequacy Ratio	12.0%	10.5%	10.5%	10.5%
Capital Conservation Buffer	-	1.25%	1.875%	2.5%
Domestic Systemically Important Banks Buffer; in percentage of individual capital surcharge	-	50%	75%	100%
Countercyclical buffer	-	-0% 1.25%	-0% 1.875%	2.5%-0%

Article (10): Reporting
1. Banks must report to the Central Bank on their capital position in the format and frequency prescribed in the Standards.
2. A bank must provide upon request any specific information with respect to its capital positions.

Article (11): Interpretation
The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of these Regulations.

Article (12): Publication and Application
These Regulations shall be published in the Official Gazette and become effective from 1 February 2017.

Standards for Capital Adequacy of Banks in the UAE
C 52/2017 STA Effective from 1/12/2022

I. Introduction and Scope

I. Introduction
1.The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, banks are required to manage their capital in a prudent and sustainable manner. It is important that banks’ risk exposures are backed by a strong capital base of high quality in order to contribute to the stability of the financial system of the UAE.
2.In introducing these Standards, the Central Bank intends to ensure that banks’ capital adequacy is in line with the minimum standards as published by the Basel Committee on Banking Supervision, i.e. the Basel II: International Convergence of Capital Measurement and Capital Standards, June 2006, which was implemented in the UAE in 2009 (Capital Adequacy Standards, Standardised Approach), and the ‘Basel III: A global regulatory framework for more resilient banks and banking systems’, commonly referred to as ‘Basel III’.
3.These Standards support the regulations and elaborate on the supervisory expectations of the Central Bank with respect to capital adequacy requirements. These standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
4.Where these standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements, which are additional to the listing provided in the relevant article.
5.The Standards follow the calibration developed by the Basel Committee, which includes a maximum risk weight of 1250%, calibrated on a total capital adequacy requirement of 8%. The UAE instituted a higher minimum capital requirement of 10.5% (excluding capital buffers), applicable to all licensed banks. Consequently, the maximum capital charge for a single exposure will be the lesser of the value of the exposure after applying valid credit risk mitigation, netting and haircuts, and the capital resulting from applying a risk weight of 952% (reciprocal of 10.5%) to this exposure.

II. Scope of Application
6.These Standards apply to all banks. Banks must ensure that these Standards are adhered to on a consolidated basis. The group level capital adequacy ratio requirements must measure the capital adequacy of a bank based on its capital strength and risk profile after regulatory consolidation of assets and liabilities of its subsidiaries as specified herein.
7.Note that the solo-level capital adequacy ratio requirements, which measure the capital adequacy of an individual bank based on its stand-alone capital strength, will be issued at a later stage
8.These Standards should be read in conjunction with the associated guidance issued by the Central Bank (Guidance for Capital Adequacy of Banks in the UAE – September 2020).

III. Domestic Systemically Important Banks (D-SIBs)
9.Banks designated by the Central Bank as domestic systemically important banks are required to hold additional risk-based capital ratio buffers, applied to Common Equity Tier 1 (CET1). Banks are notified individually by the Central Bank with regard to the additional requirements.
10.All banks must maintain a leverage ratio of at least 3.0%. Designated domestic systemically important banks must maintain a leverage ratio of at least 3.5%.

IV. Reporting
11.Banks must report to the Central Bank on their capital position in the format and frequency determined by the Central Bank.
12.A bank must provide the Central Bank with any specific information with respect to its capital positions upon request.

V. Independent Review
13.An Independent review of the Central Bank’s Capital framework implementation by internal audit is required every year. However, if the Central Bank is not satisfied with the internal audit, Central Bank may require an external review.
14.For D-SIBs, in addition, an independent external review is required every 3 years.

VI. Interpretation
15.The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of these Standards.

VII. Application
16.The following Standards are already in effect as follows:
- •The Tier Capital Supply Standard
- •Tier Capital Instruments Standard
- •Pillar 2 Standard
17.The remaining Standards will be effective from Q2 2021 onwards.
18.Banks must continue to submit the existing Basel Capital reports (live reporting (production) for BRF 95, CAR Returns workbook and Pillar 3).

Pillar 1

II. Tier Capital Supply

1. Scope of Application
1.This Standard formulates capital adequacy requirements that need to be applied to all banks in UAE on a consolidated basis. The consolidated entity includes all worldwide banking subsidiaries, however it excludes insurance companies and non-financial commercial entities that are subsidiaries of the entity licensed in the UAE.
2.Banks are required to deduct, from CET1, the full amount of any capital shortfall of subsidiaries that are regulated and are subject to capital requirements on a worldwide basis. Additionally, any shortfall in the capital requirement of unconsolidated subsidiary (e.g. insurance, commercial entity) must be fully deducted from the CET1 capital (at stand-alone as well as consolidated level)
3.The amount of the capital requirement and capital shortfall for this deduction is to be based on the regulations issued by the subsidiary’s regulator (i.e. based on the host regulator’s capital adequacy requirements).
4.The Standards follow the international calibration as developed by the Basel Committee, imposing risk weights up to 1250% for assets. The UAE adopted a higher minimum capital requirement of 10.5% minimum CAR (without the capital conservation buffer). Taking into consideration the higher minimum capital requirements of 10.5% in the UAE, the risk weight shall be capped at 952% (reciprocal of 10.5%).

1.1 Investments in the Capital of Banking Subsidiaries
5.Majority-owned or controlled banking entities, securities entities (where subject to broadly similar regulation or where securities activities are deemed banking activities) and other financial entities should generally be fully consolidated. Notwithstanding the banks decision on exercising control over an entity and the subsequent consolidation of that entity, the Central Bank reserves the right to determine whether the bank exercises control over an entity and hence may require banks to consolidate/deconsolidate entities.
6.In instances where it is not feasible to consolidate certain majority-owned banking, securities or other regulated financial entities¹, banks may, subject to prior Central Bank approval, opt for non-consolidation of such entities for regulatory capital purposes.
7.For group level reporting, if any majority-owned financial subsidiaries are not consolidated for capital purposes, all assets, liabilities and third-party capital investments in the subsidiaries will be removed from the bank’s balance sheet. All equity and other investments in regulatory capital instruments in those entities attributable to the bank / banking group will be deducted.
8.Banks are required to deduct from CET1 the full amount of any capital shortfalls of subsidiaries excluded from regulatory consolidation, that are regulated entities and are subject to capital requirements. The amount of the capital requirement and capital shortfall for this deduction is to be based on the regulations issued by the subsidiary’s regulator (i.e. based on the host regulator’s local capital adequacy requirements).
¹ Examples of the types of activities that financial entities might be involved in include financial leasing, issuing credit cards, portfolio management, investment advisory, custodial and safekeeping services and other similar activities that are ancillary to the business of banking.

1.2 Investments in the Capital of Banking, Securities, Financial and Insurance Entities
Banking, securities, financial and insurance entities – (ownership in entity does not exceed 10%)
9.A bank’s equity interests in banking, securities, insurance and other financial entities are defined as investments in the capital of banking, securities, insurance and other financial entities if the bank owns up to 10% of the investee’s common share capital.
For detailed treatment of investments in such entities, refer to Section 3.9 - Regulatory Adjustments.
Banking, securities, financial and insurance entities – Significant investments (ownership in entity exceeds 10%)
10.Significant investments in banking, securities and other financial entities are defined as investments in the capital of banking, securities and other financial entities (that are outside the scope of regulatory consolidation) wherein the bank owns more than 10% of the investee’s common share capital. Such investments will be subject to the treatment outlined in Section 3.10 - Regulatory Adjustments.

1.3 Investments in Commercial Entities
11.Significant investments in commercial entities are subject to the treatment outlined in section 5. Subsidiaries that are commercial entities are not to be consolidated for regulatory capital purposes. In cases where a subsidiary that is a commercial entity has been consolidated for accounting purposes, the entity is to be deconsolidated for regulatory purposes (i.e. all assets, liabilities and equity will be removed from the bank’s balance sheet) and the book value of the investment will be subject to the treatment.
For detailed treatment of investments in such entities, refer to Section 5.

2. Eligible Capital

2.1 Component of Capital
12.Total regulatory capital will consist of the sum of the following items:
1. i.Tier 1 capital, composed of
  1. a.Common Equity Tier 1 (“CET1”)
  2. b.Additional Tier 1 (“AT1”)
2. ii.Tier 2 capital.
These regulatory capital components are net of regulatory adjustments.
13.Article (2.2) of Capital Adequacy Regulation requires banks to apply the following minimum requirement, at all times:
1. i.CET1 capital must be at least 7.0% of risk-weighted assets (RWA).
2. ii.Tier 1 capital must be at least 8.5% of RWA.
3. iii.Total capital, calculated as sum of Tier 1 capital and Tier 2 capital, must be at least 10.5% of RWA.

2.2 Capital Buffers:
14.Article (5.1) of Capital Adequacy Regulation requires banks to maintain a capital conservation buffer (CCB) of 2.5% of total risk weighted assets, in the form of CET1 capital.
15.Article (6) of Capital Adequacy Regulation requires banks to implement a countercyclical buffer (CCyB). Banks must meet the CCyB requirements by using CET1 capital exclusively. Banks will be subject to a countercyclical buffer that varies between zero and 2.5% of total risk weighted assets. The buffer that will apply to each bank will reflect the geographic composition of its portfolio of credit exposures. The CCyB buffer extends the capital conservation buffer (CCB).
16.Domestic Systemically Important Banks (D-SIBs) are required to comply with article (7) of the Capital Adequacy Regulation. The additional requirements for identified D-SIBs will be communicated individually by the Central Bank to each relevant bank. Banks must meet the D-SIB buffer requirements by using CET1 capital. The D-SIB buffer extends the capital conservation buffer (CCB).
17.Based on the outcome of the Supervisory Review and Evaluation Process (SREP) conducted by the Central Bank, a bank may be subject to an additional capital add-on, also referred to as individual Supervisory Capital Guidance requirement (SCG). Banks notified must apply the individual SCG requirement, as set by the Central Bank. The Individual SCG increases the minimum capital requirement.
18.The aggregation of all the capital buffers (CCB, CCyB and D-SIB) form an effective capital conservation buffer. Any breach of the capital conservation buffers will lead to the following additional supervisory requirements and constraints on distributions:
1. i.The relevant bank must immediately inform the Central Bank of the breach.
2. ii.The relevant bank shall submit an approved plan to restore its regulatory capital to meet the buffer level requirement.
3. iii.The relevant bank will be subjected to more intense supervision.
4. iv.Capital conservation restrictions will immediately become effective in the form of restriction of dividends as prescribed by the Central Bank.

2.3 Common Equity Tier 1
19.As per Article 3.1 of the Capital Adequacy Regulation, CET1 capital consists of the sum of the following elements:
1. i.Common shares issued by a bank which are eligible for inclusion in CET1 (or the equivalent for non-joint stock companies);
2. ii.Share premium resulting from the issue of instruments included in CET1;
3. iii.Retained earnings;
4. iv.Legal reserves;
5. v.Statutory reserves;
6. vi.Accumulated other comprehensive income and other disclosed reserves;
7. vii.Common shares issued by consolidated subsidiaries of a bank and held by third parties, also referred to as minority interest, which are eligible for inclusion in CET1;
8. viii.Regulatory adjustments applied in the calculation of CET1.
20.Retained earnings and other comprehensive income include audited/reviewed interim profit or loss. Expected dividend payments are excluded from CET1.
Common shares issued by the bank
21.For an instrument to be included in CET1 capital, it must meet all of the following criteria stated below. In cases where banks issue non-voting common shares, they must be identical to voting common shares of the issuing bank in all respects except the absence of voting rights for inclusion in CET1.
1. i.Represents the most subordinated claim in liquidation of the bank.
2. ii.The investor is entitled to a claim on the residual assets that is proportional to its share of issued capital, after all senior claims have been paid in liquidation (i.e. has an unlimited and variable claim, not a fixed or capped claim).
3. iii.The principal is perpetual and never repaid outside of liquidation (setting aside discretionary repurchases or other means of effectively reducing capital in a discretionary manner that is allowable under relevant law and subject to the prior approval of the Central Bank).
4. iv.The bank does nothing to create an expectation at issuance that the instrument will be bought back, redeemed or cancelled, nor do the statutory or contractual terms provide any feature that might give rise to such an expectation.
5. v.Distributions are paid out of distributable items, including retained earnings. The level of distributions is not in any way tied or linked to the amount paid in at issuance and is not subject to a contractual cap (except to the extent that a bank is unable to pay distributions that exceed the level of distributable items).
6. vi.There are no circumstances under which the distributions are obligatory. Non-payment is, therefore, not an event of default.
7. vii.Distributions are paid only after all legal and contractual obligations have been met and payments on more senior capital instruments have been made. This means that there are no preferential distributions, including in respect of other elements classified as the highest quality issued capital.
8. viii.The issued capital takes the first and proportionately greatest share of any losses as they occur. Within the highest quality capital, each instrument absorbs losses on a going concern basis proportionately and pari passu with all the others.
9. ix.The paid-in amount is recognized as equity capital (i.e. not recognized as a liability) for determining balance sheet insolvency.
10. x.The paid-in amount is classified as equity under the relevant accounting standards.
11. xi.It is directly issued and paid-in and the bank cannot directly or indirectly have funded the purchase of the instrument.
12. xii.The paid-in amount is neither secured nor covered by a guarantee of the issuer or related entity or subject to any other arrangement that legally or economically enhances the seniority of the claim.
13. xiii.It is either only issued with the approval of the owners of the issuing bank, given directly by the owners or, if permitted by applicable law, given by the Board of Directors or by other persons duly authorized by the owners.
14. xiv.It is clearly and separately disclosed on the bank’s balance sheet.

2.4 Additional Tier 1 Capital
22.Articles 3.2 of the Capital Adequacy Regulation, AT1 capital consists of the sum of the following elements:
1. i.Instruments issued by a bank which are eligible for inclusion in AT1 and are not included in CET1 (e.g. perpetual equity instruments, not included in CET1);
2. ii.Stock surplus, or share premium, resulting from the issue of instruments included in AT1;
3. iii.Instruments issued by consolidated subsidiaries of the bank and held by third parties which are eligible for inclusion in AT1 and are not included in CET1;
4. iv.Regulatory adjustments applied in the calculation of AT1.
23.The treatment of instruments issued out of consolidated subsidiaries of the bank and the regulatory deductions applied in the calculation of AT1 capital are addressed in the Tier Capital Instruments Standard.
Instruments issued by the bank that meet the Additional Tier 1 criteria
24.The following is the minimum set of criteria for an instrument issued by the bank to meet or exceed in order for it to be included in Additional Tier 1 capital:
1. i.Issued and paid-in
2. ii.Subordinated to depositors, general creditors and subordinated debt of the bank
3. iii.Is neither secured nor covered by a guarantee of the issuer or related entity or other arrangement that legally or economically enhances the seniority of the claim vis-à-vis bank creditors
4. iv.Is perpetual, i.e. there is no maturity date and there are no step-ups or other incentives to redeem
5. v.May be callable at the initiative of the issuer only after a minimum of five years:
  1. a.To exercise a call option a bank must receive prior Central Bank approval; and
  2. b.A bank must not do anything which creates an expectation that the call will be exercised; and
  3. c.Banks must not exercise a call unless:
    1. 1)They replace the called instrument with capital of the same or better quality and the replacement of this capital is done at conditions which are sustainable for the income capacity of the bank; or
    2. 2)The bank demonstrates that its capital position is well above the minimum capital requirements after the call option is exercised.
6. vi.Any repayment of principal (e.g. through repurchase or redemption) must be with prior Central Bank’s approval and banks should not assume or create market expectations that Central Bank’s approval will be given.
7. vii.Dividend/coupon discretion:
  1. a.the Central Bank and the bank must have full discretion at all times to cancel distributions/payments
  2. b.cancellation of discretionary payments must not be an event of default
  3. c.banks must have full access to cancelled payments to meet obligations as they fall due
  4. d.Cancellation of distributions/payments must not impose restrictions on the bank except in relation to distributions to common stockholders.
8. viii.Dividends/coupons must be paid out of distributable items
9. ix.The instrument cannot have a credit-sensitive dividend feature, that is a dividend/coupon that is reset periodically based in whole or in part on the banking organization’s credit standing.
10. x.The instrument cannot contribute to liabilities exceeding assets in the required balance sheet test to determine insolvency.
11. xi.Instruments classified as liabilities for accounting purposes must have principal loss absorption through a write-down mechanism which allocates losses to the instrument at a pre-specified trigger point. The loss absorption trigger must be set at a level of 7.625% of CET1. The write-down will have the following effects:
  1. 1.Reduce the claim of the instrument in liquidation;
  2. 2.Reduce the amount re-paid when a call is exercised; and
  3. 3.Partially or fully reduce coupon/dividend payments on the instrument.
12. xii.Neither the bank nor a related party over which the bank exercises control or significant influence can have purchased the instrument or otherwise come into possession of the instrument, such as through receipt of collateral or a reverse repurchase agreement, nor can the bank directly or indirectly have funded the purchase of the instrument.
13. xiii.The instrument cannot have any features that hinder recapitalization, such as provisions that require the issuer to compensate investors if a new instrument is issued at a lower price during a specified time frame.
14. xiv.[Applicable for Islamic banks only] If the instrument is not issued out of an operating entity or the holding company in the consolidated group (e.g. a special purpose vehicle – “SPV”), proceeds must be immediately available without limitation to an operating entity or the holding company in the consolidated group in a form which meets or exceeds all of the other criteria for inclusion in AT1 capital (Refer to the Capital Instruments Standards).
15. xv.In addition to the criteria outlined above, the instrument must meet criteria for minimum requirements to ensure loss absorbency at the point of non-viability. Please refer to the Capital Instruments Standards.
Share premium resulting from the issue of instruments included in Additional Tier 1 capital;
25.Share premium that is not eligible for inclusion in CET1, will only be permitted to be included in AT1 capital if the shares giving rise to the stock surplus are permitted to be included in AT1 capital.

2.5 Tier 2 Capital
26.Articles 3.3 of the Capital Adequacy Regulation, Tier 2 capital consists of the sum of the following elements:
1. i.Banks using the standardized approach for credit risk: general provisions or general loan loss reserves, up to maximum of 1.25% of credit RWA;
2. ii.Instruments issued by the bank that meet the criteria for inclusion in Tier 2 capital, and are not included in Tier 1 capital;
3. iii.Share premium resulting from the issue of instruments included in Tier 2 capital;
4. iv.Instruments which are eligible for inclusion of Tier 2 (refer to paragraph 27)
5. v.Instruments issued by consolidated subsidiaries of the bank and held by third parties that meet the criteria for inclusion in Tier 2 capital, and are not included in Tier 1 capital;
6. vi.Regulatory adjustments applied in the calculation of Tier 2.
27.The treatment of instruments issued out of consolidated subsidiaries of the bank and the regulatory deductions applied in the calculation of Tier 2 capital are addressed in the Tier Capital Instrument Standard.
Instruments issued by the bank that meet the Tier 2 criteria
28.The objective of Tier 2 capital is to provide loss absorption on a gone-concern basis. Based on this objective, the minimum set of criteria for an instrument to meet or exceed in order for it to be included in Tier 2 capital are set out below.
Criteria for inclusion in Tier 2 Capital
1. i.Issued and paid-in.
2. ii.Subordinated to depositors and general creditors of the bank.
3. iii.Is neither secured nor covered by a guarantee of the issuer or related entity or other arrangement that legally or economically enhances the seniority of the claim vis-à-vis depositors and general bank creditors
4. iv.Maturity:
  1. a.minimum original maturity of at least five years
  2. b.recognition in regulatory capital in the remaining five years before maturity will be amortized on an annualized straight line basis (i.e. 20% incremental reduction in recognition every successive year in the last five years)
  3. c.there are no step-ups or other incentives to redeem
5. v.May be callable at the initiative of the issuer only after a minimum of five years:
  1. a.To exercise a call option a bank must receive prior Central Bank’s approval;
  2. b.A bank must not do anything that creates an expectation that the call will be exercised; and
  3. c.Banks must not exercise a call unless:
    1. 1.They replace the called instrument with capital of the same or better quality and the replacement of this capital is done at conditions which are sustainable for the income capacity of the bank; or
    2. 2.The bank demonstrates that its capital position is well above the minimum capital requirements after the call option is exercised.
6. vi.The investor must have no rights to accelerate the repayment of future scheduled payments (coupon or principal), except in bankruptcy and liquidation.
7. vii.The instrument cannot have a credit-sensitive dividend feature, that is a dividend/coupon that is reset periodically based in whole or in part on the banking organization’s credit standing.
8. viii.Neither the bank nor a related party over which the bank exercises control or significant influence can have purchased the instrument or otherwise come into possession of the instrument, such as through receipt of collateral or a reverse repurchase agreement, nor can the bank directly or indirectly have funded the purchase of the instrument.
9. ix.[Applicable for Islamic banks only] If the instrument is not issued out of an operating entity or the holding company in the consolidated group (e.g. a special purpose vehicle – “SPV”), proceeds must be immediately available without limitation to an operating entity or the holding company in the consolidated group in a form which meets or exceeds all of the other criteria for inclusion in Tier 2 Capital (Refer to the Capital Instruments Standards).
29.In addition to the criteria outlined above, the instrument must meet the minimum requirements to ensure loss absorbency at the point of non-viability. Please refer to the Capital Instruments Standards.
Share premium resulting from the issue of instruments included in Tier 2 capital
30.Share premium that is not eligible for inclusion in Tier 1, will only be permitted to be included in Tier 2 capital if the shares giving rise to the stock surplus are permitted to be included in Tier 2 capital.

General provisions/General loan-loss reserves:
31.Provisions or loan-loss reserves held against future, presently unidentified losses are freely available to meet losses which subsequently materialize and therefore qualify for inclusion within Tier 2. Provisions ascribed to identified deterioration of particular assets or known liabilities, whether individual or grouped, should be excluded. Furthermore, general provisions or general reserves for loan losses will be limited to a maximum of 1.25% of credit risk weighted risk assets calculated under the standardised approach.

Capital component of Capital Adequacy Regulation
32.If a bank has complied with the minimum CET1 and Tier 1 capital ratios, the excess AT1 capital can be counted to meet the total capital ratio, also referred to as Capital Adequacy Ratio (CAR).

33.Profit-sharing investment accounts must not be classified as part of an Islamic bank’s regulatory capital as referred to in Article 2 of Capital Adequacy Regulation.
34.Investment risk reserves and a portion of the Profit Equalization Reserve (PER), if any, belong to the equity of investment account holders, and thus must not be used in the calculation of an Islamic bank’s regulatory capital. As the purpose of a PER is to smooth the profit pay-outs and not to cover losses, any portion of a PER that is part of the Islamic bank’s reserves must not be treated as regulatory capital as referred to in Article 2 of Capital Adequacy Regulations.

2.6 Additional Criteria for AT1 and Tier 2 Instruments: Minimum Requirements to Ensure Loss Absorbency at the Point of Non-Vability.
35. In order for an instrument issued by a bank to be included in AT1 or Tier 2 capital, it must also meet or exceed the minimum requirements defined in Capital Instruments Standards. These requirements are in addition to the criteria for AT1 and Tier 2 instruments stated above.

2.7 Minority Interest (i.e. Non-Controlling Interest) and Other Capital Issued Out of Consolidated Subsidiaries
Common shares issued by consolidated subsidiaries (that is within the scope of regulatory consolidation)
36.Minority interest arising from the issue of common shares by a fully consolidated subsidiary of the bank may receive recognition in CET1 only if:
1. i.The instrument giving rise to the minority interest would, if issued by the bank, meet all of the criteria for classification as common shares for regulatory capital purposes; and
2. ii.The subsidiary that issued the instrument is itself a bank. (It is noted that minority interest in a subsidiary that is a bank is strictly excluded from the parent bank’s common equity if the parent bank or affiliate has entered into any arrangements to fund directly or indirectly minority investment in the subsidiary whether through an SPV or through another vehicle or arrangement. The treatment outlined here, thus, is strictly available where all minority investments in the bank subsidiary solely represent genuine third party common equity contributions to the subsidiary.)
37.The amount of capital meeting the above criteria that will be recognized in consolidated CET1 is calculated as follows
Total minority interest meeting the two criteria above minus the amount of the surplus CET1 of the subsidiary attributable to the minority shareholders.
1. i.Surplus CET1 of the subsidiary is calculated as the CET1 (after the application of regulatory deductions) of the subsidiary minus the lower of:
  1. a.the minimum CET1 requirement of the subsidiary plus the capital conservation buffer (i.e. 9.5% of risk weighted assets) and
  2. b.the portion of the parent’s consolidated minimum CET1 requirement plus the capital conservation buffer (i.e. 9.5% of consolidated risk weighted assets) that relates to the subsidiary.
2. ii.The amount of the surplus CET1 that is attributable to the minority shareholders is calculated by multiplying the surplus CET1 by the percentage of CET1 that is held by minority shareholders.
Tier 1 qualifying capital issued by consolidated subsidiaries (that is within the scope of regulatory consolidation)
38.Tier 1 capital instruments issued by a fully consolidated subsidiary of the bank to third party investors (including amounts under paragraph 37) may receive recognition in Tier 1 capital only if the instruments would, if issued by the bank meet all of the criteria for classification as Tier 1 capital.

39.The amount of this capital that will be recognized in Tier 1 will be calculated as follows:
Total Tier 1 of the subsidiary issued to third parties minus the amount of the surplus Tier 1 of the subsidiary attributable to the third party investors.
1. i.Surplus Tier 1 of the subsidiary is calculated as the Tier 1 of the subsidiary (after the application of regulatory deductions) minus the lower of:
  1. a.the minimum Tier 1 requirement of the subsidiary plus the capital conservation buffer (i.e. 11% of risk weighted assets) and
  2. b.the portion of the parent’s consolidated minimum Tier 1 requirement plus the capital conservation buffer (i.e. 11% of consolidated risk weighted assets) that relates to the subsidiary.
2. ii.The amount of the surplus Tier 1 that is attributable to the third party investors is calculated by multiplying the surplus Tier 1 by the percentage of Tier 1 that is held by third party investors.
The amount of this Tier 1 capital that will be recognized in Additional Tier 1 will exclude amounts recognized in CET1 under paragraph 37.
Tier 1 and Tier 2 qualifying capital issued by consolidated subsidiaries (that is within the scope of regulatory consolidation)
40.Total capital instruments (i.e. Tier 1 and Tier 2 capital instruments) issued by a fully consolidated subsidiary of the bank to third party investors (including amounts under paragraph 37 and 39) may receive recognition in Total Capital only if the instruments would, if issued by the bank, meet all of the criteria for classification as Tier 1 or Tier 2 capital

41.The amount of this capital that will be recognized in consolidated Total Capital will be calculated as follows:
Total capital instruments of the subsidiary issued to third parties minus the amount of the surplus Total Capital of the subsidiary attributable to the third party investors.
1. i.Surplus Total Capital of the subsidiary is calculated as the Total Capital of the subsidiary (after the application of regulatory deductions) minus the lower of:
  1. a.the minimum Total Capital requirement of the subsidiary plus the capital conservation buffer (i.e. 13% of risk weighted assets) and
  2. b.the portion of the parent’s consolidated minimum Total Capital requirement plus the capital conservation buffer (i.e.13% of consolidated risk weighted assets) that relates to the subsidiary.
2. ii.The amount of the surplus Total Capital that is attributable to the third party investors is calculated by multiplying the surplus Total Capital by the percentage of Total Capital that is held by third party investors.
The amount of this Total Capital that will be recognized in Tier 2 will exclude amounts recognized in CET1 under paragraph 37 and amounts recognized in AT1 under paragraph 39 above.
42.An illustrative example for calculation of minority interest and other capital issued out of consolidated subsidiaries that is held by the third parties is furnished as Appendix 4 in Guidance for Capital Adequacy of Banks in the UAE.
Other Instructions relating to the calculation of the amount of minority interest
43.All calculations must be undertaken in respect of the subsidiary on a sub-consolidated basis (i.e. the subsidiary must consolidate all of its subsidiaries that are also included in the wider consolidated group). However, the bank may elect to give no recognition (in consolidated capital of the group) to the capital issued by the subsidiary to third parties.
44.Where capital has been issued to third parties out of an SPV, none of this capital can be included in CET1. However, such capital can be included in consolidated AT1 or Tier 2 capital and treated as if the bank itself had issued the capital directly to the third-parties only if:
1. i.it meets all the relevant entry criteria; and
2. ii.the only asset of the SPV is its investment in the capital of the bank in a form that meets or exceeds all the relevant entry criteria (as required by criterion xiv for Additional Tier 1 and criterion ix for Tier 2 capital)
In cases where the capital has been issued to third parties through an SPV via a fully consolidated subsidiary of the bank, such capital may, subject to the requirements of this paragraph, be treated as if the subsidiary itself had issued it directly to the third parties and may be included in the bank’s consolidated AT1 or Tier 2 in accordance with the treatment outlined in paragraphs 39 and 41.

3. Regulatory Adjustments
45.This Standard sets out the regulatory adjustments to be applied to regulatory capital. In all cases, these adjustments are applied in the calculation of CET1.

3.1 Goodwill and Other Intangibles
46.Goodwill and all other intangibles must be deducted in the calculation of CET1 (this deduction includes mortgage servicing rights), including any goodwill included in the valuation of significant investments in the capital of banking, financial and insurance entities that are outside the scope of regulatory consolidation. The full amount is to be deducted net of any associated deferred tax liability, which would be extinguished if the intangible assets become impaired or derecognized under the relevant accounting standards.
47.Banks are required to use the IFRS definition of intangible assets to determine which assets are classified as intangible and required to be deducted.

3.2 Deferred Tax Assets
48.Deferred tax assets (DTAs) that rely on future profitability of the bank to be realized are to be deducted in the calculation of CET1. Deferred tax assets may be netted with associated deferred tax liabilities (DTLs) only if the DTAs and DTLs relate to taxes levied by the same taxation authority and the relevant taxation authority permits offsetting.
49.The treatment for DTA are classified as:
1. i.Where these DTAs relate to temporary differences (e.g. allowance for credit losses) the amount to be deducted is set out in the “threshold deductions”.
2. ii.All other DTAs, e.g. those relating to operating losses, such as the carry forward of unused tax losses, or unused tax credits, are to be deducted in full net of DTL as described above.
50.The DTLs permitted to be netted against DTAs must exclude amounts that have been netted against the deduction of goodwill, intangibles and defined benefit pension assets, and must be allocated on a pro rata basis between DTAs subject to the threshold deduction treatment and DTAs that are to be deducted in full.
51.An over-instalment of tax or, in some jurisdictions, current year tax losses carried back to prior years may give rise to a claim or receivable from the government or local tax authority. Such amounts are typically classified as current tax assets for accounting purposes. The recovery of such a claim or receivable would not rely on the future profitability of the bank and would be assigned the relevant sovereign risk weighting.

3.3 Cash Flow Hedge Reserve
52.The amount of the cash flow hedge reserve that relates to the hedging of items that are not fair valued on the balance sheet (including projected cash flows) should be derecognized in the calculation of CET1. This means that positive amounts should be deducted and negative amounts should be added back.
53.This treatment specifically identifies the element of the cash flow hedge reserve that is to be derecognized for prudential purposes. It removes the element that gives rise to artificial volatility in common equity, as in this case the reserve only reflects one half of the picture (the fair value of the derivative, but not the changes in fair value of the hedged future cash flow).

3.4 Gain on Sale Related to Securitization Transactions
54.Derecognize in the calculation of CET1 any increase in equity capital resulting from a securitization transaction, such as that associated with expected Future Margin Income (FMI) resulting in a gain-on-sale.

3.5 Cumulative Gains and Losses Due to Changes in Own Credit Risk on Fair Valued Financial Liabilities
55.Derecognize in the calculation of CET1, all unrealized gains and losses that have resulted from changes in the fair value of liabilities that are due to changes in the bank’s own credit risk.

3.6 Defined Benefit Pension Fund Assets and Liabilities
56.Defined benefit pension fund liabilities, as included on the balance sheet, must be fully recognized in the calculation of CET1 (i.e. CET1 cannot be increased through derecognizing these liabilities).
57.For each defined benefit pension fund that is an asset on the balance sheet, the asset should be deducted in the calculation of CET1 net of any associated deferred tax liability, which would be extinguished if the asset should become impaired or derecognized under the relevant accounting standards.
58.Assets in the fund to which the bank has unrestricted and unfettered access can, with Central Bank’s approval, offset the deduction. Such offsetting assets should be given the risk weight they would receive if they were owned directly by the bank.
59.This treatment addresses the concern that assets arising from pension funds may not be capable of being withdrawn and used for the protection of depositors and other creditors of a bank. The concern is that their only value stems from a reduction in future payments into the fund. The treatment allows banks to reduce the deduction of the asset if they can address these concerns and show that the assets can be easily and promptly withdrawn from the fund.

3.7 Investments in Own Shares (Treasury Stock)
60.All of a bank’s investments in its own common shares, whether held directly or indirectly, will be deducted in the calculation of CET1 (unless already derecognized under the relevant accounting standards).
61.In addition, any own stock, which the bank could be contractually obliged to purchase, should be deducted in the calculation of CET1. The treatment described will apply irrespective of the location of the exposure in the banking book or the trading book. In addition:
1. i.Gross long positions may be deducted net of short positions in the same underlying exposure only if the short positions involve no counterparty risk.
2. ii.Banks should look through holdings of index securities to deduct exposures to own shares. However, gross long positions in own shares resulting from holdings of index securities may be netted against short position in own shares resulting from short positions in the same underlying index. In such cases, the short positions may involve counterparty risk (which will be subject to the relevant counterparty credit risk charge).
62.Following the same approach outlined above, banks must deduct investments in their own AT1 in the calculation of their AT1 capital and must deduct investments in their own Tier 2 in the calculation of their Tier 2 capital.

3.8 Reciprocal Cross Holdings in the Capital of Banking, Financial and Insurance Entities
63.Reciprocal cross holdings of capital that are designed to artificially inflate the capital position of banks will be deducted in full from CET1.

3.9 Investments in the Capital of Banking, Securities, Financial and Insurance Entities Where the Bank Owns up to 10% of the Issued Common Share Capital of the Entity
64.The regulatory adjustment described in this Standard applies to investments in the capital of banking, financial and insurance entities that are outside the scope of regulatory consolidation and where the bank does not own more than 10% of the issued common share capital of the entity. In addition,
1. i.Investments include direct, indirect and synthetic holdings of capital instruments. For example, banks should look through holdings of index securities to determine their underlying holdings of capital.
  
  If banks find it operationally burdensome to look through and monitor their exact exposure to the capital of other financial institutions as a result of their holdings of index securities, Central Bank may permit banks, subject to prior supervisory approval, to use a conservative estimate. The methodology for the estimate should demonstrate that in no case will the actual exposure be higher than the estimated exposure. If a look-through or an acceptable estimate are not possible, the full amount of the investment should be accounted for.
2. ii.Holdings in both the banking book and trading book are to be included. Capital includes common stock and all other types of cash and synthetic capital instruments (e.g. subordinated debt). It is the net long position that is to be included (i.e. the gross long position net of short positions in the same underlying exposure where the maturity of the short position either matches the maturity of the long position or has a residual maturity of at least one year).
3. iii.Underwriting positions held for five working days or less can be excluded. Underwriting positions held for longer than five working days must be included.
4. iv.If the capital instrument of the entity in which the bank has invested does not meet the criteria for CET1, AT1, or Tier 2 capital of the bank, the capital is to be considered common shares for the purposes of this regulatory adjustment.
5. v.Banks may, with prior Central Bank’s approval, exclude temporarily certain investments where these have been made in the context of resolving or providing financial assistance to reorganize a distressed institution.
65.If the total of all holdings listed above in aggregate exceed 10% of the bank’s common equity (after applying all other regulatory deductions in full, apart from the deductions outlined in this Standard (paragraph 63 to 71)) then the amount above 10% is required to be deducted from CET1.
66.Amounts below the threshold that are not deducted are to be risk weighted as follows:
1. i.Amounts below the threshold that are in the banking book are to be risk weighted as per the credit risk (i.e. investments that are not listed and not marked to market will be risk weighted at 150% and investments that are listed will be risk weighted at 100%).
2. ii.Amounts below the threshold that are in the trading book are to be risk weighted as per the market risk rules.

3.10 Significant Investments in the Capital of Banking, Securities, Financial and Insurance Entities That are Outside the Scope of Regulatory Consolidation
67.The regulatory adjustment described in this Standard applies to investments in the capital of banking, financial and insurance entities that are outside the scope of regulatory consolidation where the bank owns more than 10% of the issued common share capital of the issuing entity or where the entity is an affiliate of the bank. An affiliate of a bank is defined as a company that controls, or is controlled by, or is under common control with, the bank. Control of a company is defined as (1) ownership, control, or holding with power to vote 20% or more of a class of voting securities of the company; or (2) consolidation of the company for financial reporting purposes. In addition,
1. i.Investments include direct, indirect and synthetic holdings of capital instruments. For example, banks should look through holdings of index securities to determine their underlying holdings of capital.
2. ii. Holdings in both the banking book and trading book are to be included. Capital includes common stock and all other types of cash and synthetic capital instruments (e.g. subordinated debt). It is the net long position that is to be included (i.e. the gross long position net of short positions in the same underlying exposure where the maturity of the short position either matches the maturity of the long position or has a residual maturity of at least one year)
3. iii.Underwriting positions held for five working days or less can be excluded. Underwriting positions held for longer than five working days must be included.
4. iv.If the capital instrument of the entity in which the bank has invested does not meet the criteria for CET1, AT1, or Tier 2 capital of the bank, the capital is to be considered common shares for the purposes of this regulatory adjustment. If the investment is issued out of a regulated financial entity and not included in regulatory capital in the relevant sector of the financial entity, it is not required to be deducted.
5. v.Banks may, with prior Central Bank’s approval, exclude temporarily certain investments where these have been made in the context of resolving or providing financial assistance to reorganize a distressed institution.
68.All investments included above that are not common shares must be fully deducted from CET1.
69.Investments included above that are common shares will be subject to the “Threshold deductions” treatment described in the section 4 below.

4. Threshold Deductions
70.Instead of a full deduction, the following items may each receive limited recognition when calculating CET1, with recognition capped at 10% of the bank’s common equity (after applying all other regulatory deductions in full, apart from the deductions outlined in this Standard (paragraph 69 to 71)):
1. i.Significant investments in the common shares of unconsolidated financial institutions (banking, securities and other financial entities) and insurance entities as referred to in Section 3.10 (paragraph 66). Any amount exceeding this 10% threshold is deducted from CET1 capital;
2. ii.DTAs that rely on future profitability and arise from temporary differences. Any amount exceeding this 10% threshold is deducted from CET1 capital
The amount below the 10% threshold of the above two items are aggregated and must not exceed 15% of the Common Equity Tier 1 capital (after application of all other regulatory adjustments and the amount of significant investments in the common shares of unconsolidated financial institutions and deferred tax assets in full). The calculation for threshold deduction is explained with an example in Appendix 5 in Guidance for Capital Adequacy of Banks in the UAE.
71.The amount of the two items (outlined in paragraph 69) that are not deducted in the calculation of CET1 will be risk weighted at 250%.
Former deductions from capital
72.The following items, which under former Central Bank’s Regulations were deducted 50% from Tier 1 and 50% from Tier 2 (or had the option of being deducted or risk weighted), will receive a 1250% risk weight:
1. i.Certain securitization exposures;
2. ii.Non-payment/delivery on non-DvP and non-PvP transactions; and
3. iii.Significant investments in commercial entities

5. Significant Investments in Commercial Entities
73.Significant investments in commercial entities are defined as investments in commercial entities that are, on an individual basis, greater than or equal to 10% of the bank’s CET1 capital (after the application of all regulatory deductions). The amount in excess of the threshold of 10% (for each individual investment) will be risk weighted at 1250%.
74.If the aggregate of the amount of such significant investments that is not in excess of the threshold (i.e. amount of such investments not risk weighted at 1250%) is greater than 25% of the bank’s CET1 capital (after the application of all regulatory deductions), the amount in excess of 25% must also be risk weighted at 1250%. The amount in excess will be allocated to individual investments in a proportionate basis (refer to Appendix 3 in Guidance for Capital Adequacy of Banks in the UAE for an illustrative example).
75.Amounts below the thresholds that are not risk weighted at 1250% are to be risk weighted as follows:
1. i.Amounts below the thresholds that are in the banking book are to be risk weighted as per the credit risk rules (i.e. investments that are not listed will be risk weighted at 150% and investments that are listed will be risk weighted at 100%).
2. ii.Amounts below the thresholds that are in the trading book are to be risk weighted as per the market risk rules.

6. Transitional Arrangements
76.Minority investment in banking, financial and insurance entities that are not deducted as per section 3.9 will be risk weighted at 100% if the entity is listed and 150% if the entity is unlisted. Application of risk weight for unlisted entities will have transitional arrangement as follows:
Year End of 2017 1^st Jan 2018 1^st Jan 2019 1^st Jan 2020 onwards
Risk weights 100% 115% 130% 150%

77.Equity investment in commercial entities that are below the thresholds as per section 5 will be risk weighted at 100% if the entity is listed and 150% if the entity is unlisted. Application of risk weight for unlisted companies will have transitional arrangement as follows:
Year End of 2017 1^st Jan 2018 1^st Jan 2019 1^st Jan 2020 onwards
Risk weights 100% 115% 130% 150%

III. Tier Capital Instruments

1. Introduction
1.This Standard must be read in conjunction with the Capital Regulations Circular No 52/2017, in which Tier Capital the Tier Capital Supply Standard defines criteria required for capital to be classified as Additional Tier 1 (AT1) and Tier 2 (T2). Non-exhaustive examples of features are optional calls, coupon payments, and distributable items.
2.The purpose of this Standard is to:
- •Clarify the requirements for classification of AT1 and T2 instruments in the UAE
- •Provide a robust Tier Capital instrument framework to the industry,
- •Support a standardisation of AT1 and T2 instruments in the market
- •Implement a clear application and approval process.

2. Capital Approval
3.Banks wishing to issue any type of capital, including AT1 and T2, must request approval of the Central Bank of the UAE prior to issuance of the instrument. The bank may only issue the intended capital component after having submitted documentation described in the Application Process in the Appendix to this Standard and after the Board of the Central Bank of the UAE has approved the issuance of the instrument.
4.The Central Bank requires banks to issue AT1 and T2 instruments that are simple and robust in absorbing loss. The capital instrument Standard intends to:
- •Ensure the soundness of individual institutions
- •Reduce the variety of capital instruments in the market
- •Regulate the quality of instruments issued in the UAE
- •Monitor the amount of capital being issued in the market; and
- •Enhance the financial stability of the banking sector.

3. Scope of Application
5.This Standard explains the requirements for Tier Capital instruments, the application process, and approval procedures followed by the Central Bank. It applies to all local banks operating in the UAE since only local banks are permitted to issue Additional Tier 1 or Tier 2 instruments. Foreign branches, however, are permitted to issue Tier 2 subordinated term loans from their Head Offices restricted to a maximum of 3% of their risk-weighted assets. Banks are responsible for ensuring that their capital instruments comply with all applicable requirements. This Standard will be updated from time to time to reflect relevant regulatory development.

4. Definitions and Interpretations
In general, terms in this Standard have the meanings defined in other Regulations and Standards issued by the Central Bank. In addition, for this Standard, the following terms have the meanings defined in this section.
1. a.Capital Regulations, Standards and Guidance, means regulatory capital requirements for the maintenance of capital applicable to the issuer, including transitional rules. It includes the Capital Regulation, the Capital Standards, and Capital Guidance.
2. b.Central Bank means the Central Bank of the United Arab Emirates.
3. c.Distributable Items means the amount of the issuer's consolidated retained earnings and reserves after the transfer of any amounts to non-distributable reserves, all as set out in the most recent audited or auditor reviewed consolidated financial statements of the issuer or any equivalent or successor term from time to time as prescribed by the Capital Regulations, including the applicable criteria for Tier 1 capital instruments that do not constitute Common Equity Tier 1 Capital;
4. d.Grandfathering is part of the transition process. In order to qualify for the grandfathering arrangements, an instrument must have a particular cut-off date. Any instrument entered into before 1st January 2018, which does not meet the qualifying criteria for the particular tier of capital, in this Standard will be grandfathered.
5. e.Non-Viable: The bank shall be Non-Viable if it is at least (a) insolvent, bankrupt, unable to pay a material part of its obligations as they fall due or unable to carry on its business, or (b) any other event or circumstance occurs that the Central Bank deems necessary to declare the bank to be Non-Viable.
6. f.Point of Non-Viability (PONV): A Point of Non-Viability means that the Regulator has determined that the bank has or will become non-viable without: (a) a write-down of the principal amount of the instrument, or (b) a public injection of capital (or equivalent support).
7. g.Tier Capital Instruments: Capital instruments other than Core Equity Tier 1 (CET1) capital, that qualify for recognition as Additional Tier 1 (AT1) or Tier 2 (T2) regulatory capital instruments according to the requirements of this Standard.

5. General Requirements for Tier Capital Instruments
6.Tier Capital Instruments must fulfil the criteria described in these capital standards, including additional requirements described hereunder.
Point of Non Viability (PONV)
1. i.The terms and conditions of Additional Tier 1 and Tier 2 instruments must have a provision that requires the principal amount of such instruments to be written-down upon the occurrence of a trigger event.
2. ii.Banks will be informed in writing upon the occurrence of the bank’s financial position reaching a PONV in the view of the Central Bank.
3. iii.When a PONV occurs on or after the issue date of the instrument, the instrument will be cancelled and all and any rights of any holder of the instrument for payment of any amounts under or in respect of the instrument (including, without limitation, any amounts that may be due and payable) shall be cancelled and not restored under any circumstances.
4. iv.The write-down at the PONV will occur in full and be permanent in nature. A partial write-down may be considered only in exceptional cases as decided by the Central Bank.
5. v.There must not be any impression to the holders that a write-down notice will be sent before the issuer can write-down the principal amount of the instrument.
6. vi.If a bank issues Tier Capital out of a subsidiary and with the intention that such capital is eligible in the consolidated group’s capital, the terms and conditions must specify an additional trigger event. The trigger is the earlier of: (1) a decision that a write-down is required, without which the subsidiary would become non-viable, is necessary, as determined by the regulator of the subsidiary in the home jurisdiction, and (2) Central Bank has determined a Point of Non-Viability for the consolidated bank.
Subordination
7.To ensure subordination of Tier Capital instruments, Tier Capital instruments must be fully written-down upon liquidation or bankruptcy.

Solvency Conditions
8.Capital issuances must define Solvency Conditions in the terms and conditions of the instrument. Solvency Conditions must contain at least the following:
1. i.The issuer must be solvent at all times.
2. ii.Ability of the issuer to make payments on the obligations and any payments required to be made, on the relevant date, with respect to all senior obligations and pari passu obligations.
3. iii.The total share capital of the issuer must be greater than zero at all times from the first day of the relevant coupon period to the time of payment of obligations.
Capital Event
9.If the instrument ceases to count as Tier Capital (for example due to a change in the Capital Regulation), the Central Bank will inform the bank in writing of such event accordingly.

10.A capital event may occur at any time, due to its unforeseen nature, on or after the issue date. Any attempt to redeem must be subject to the Central Bank’s prior written consent.
Redemption
11.To ensure that Tier Capital instruments comply with the capital requirements as defined in this Standard, any redemption of the instrument requires prior written consent of Central Bank, satisfaction of the solvency conditions and satisfaction of the requirements set out in the Capital Regulations, Standards, and Guidance.

12.The issuer may redeem all, but not some part, of the instrument. Only in certain exceptional cases would the Central Bank consider approving partial redemption.
13.The terms and conditions of the instrument must not include terms that in any way indicate that the repurchase or redemption of the instrument may occur at any time.
Redemption Notices
14.All notices are revocable before the relevant redemption date.

Special Purpose Vehicle (SPV)
15.Only Islamic banks may use a SPV for capital issuances. The requirements for these issuances are as follows:
1. i.The Mudaraba contract between the issuer and the SPV:
  1. a.Must be subordinated.
  2. b.No such contract will be given on the cancelled coupons so that flexibility of payments is given at any time.
2. ii.The contract must be specific enough and its scope is restricted to a change affecting the issuer, such as a restructure or a merger. The Central Bank will reassess the eligibility of the instrument.
3. iii.Each capital instrument requires a separate SPV that should not engage in any other business or activity.
Currencies
16.Only instruments denominated in UAE Dirhams (AED) or US Dollars (USD) will be accepted for banks incorporated in the UAE. This also applies to instruments issued through a SPV by Islamic banks.

17.For issuances by subsidiaries, the respective local currency will be acceptable only in exceptional circumstances with the written approval of the Central Bank.
Specific Requirements for Additional Tier 1
Coupon Cancellation
18.In the event of a coupon cancellation (as stated in the terms and conditions of the instrument), the issuer (as bank or SPV) will not pay the coupon and the following events should be covered as a minimum (Non-Payment Event):
1. i.The coupon payable, when aggregated with any distributions or amounts payable by the issuer as bank or SPV, on any pari passu obligations having:
  1. a.the same dates in respect of payment of such distributions or amounts as, or;
  2. b.otherwise due and payable on the dates for payment of the coupon, exceeds the Distributable Items (on the relevant date for payment of such coupon);
2. ii.The issuer is, on that coupon date:
  1. a.in breach of the Capital Regulations and Standards including any payment restrictions due to breach of capital buffers imposed on the issuer by the Central Bank, as appropriate;
  2. b.or payment of the relevant coupon would cause it to be in breach thereof;
3. iii.The Central Bank requires that the coupon due on the coupon date will not be paid (for any reason the Central Bank may deem necessary);
4. iv.The Solvency Conditions are not satisfied or would no longer be satisfied if the relevant coupon was paid; or
5. v.The issuer, in its sole discretion, has elected that coupon shall not be paid to holders of the capital securities on any coupon date, for example but not limited to, due to a net loss for that period. Other than in respect of any amounts due on any date on which the capital securities are to be redeemed in full, unless the redemption notice is revoked.
Therefore, cancellation of the distributions can be discretionary (v) or mandatory (i)-(iv). Any distributions on the instrument so cancelled, must be cancelled definitively and must not accumulate or be payable at any time thereafter.

Non-Payment Event Notice
19.All notices are revocable before a non-payment event is exercised.

20.Any failure to provide a notice of a non-payment event will not invalidate the right to cancel the payment of the coupon.
Enforcement Event
21.The right to institute winding-up proceedings is limited to circumstances where payment has become due. Solvency Conditions have to be met in order for the principal, coupon, or any other amount to be due on the relevant payment date. Payments on the instrument can be cancelled after which it will not be due on the relevant payment date. Upon the occurrence of an enforcement event, any holder of the instrument may give written notice to the issuer of the instrument. An enforcement event is related to a non-payment when due and to insolvency.

Maximum Distributable Amount (MDA):
22.Distributions are restricted if the bank does not have sufficient capital to fulfill the effective capital conservation buffer. Banks are hence prohibited from making a distribution if their CET1 is below the Combined Buffer Requirement (CBR). The distributions have to be lower than the maximum distributable amount which is calculated as follows:
MDA is calculated as the sum of:
1. i.Interim profits not included in CET1 capital and
2. ii.Year-end profits not included in CET1 capital minus
3. iii.Amounts that would be payable by tax if i) and ii) were to be retained, multiplied by a factor set at:
  1. a.Zero if the CET1 ratio not used to meet the own funds requirement is within the first quartile (i.e. the lowest) of the CBR;
  2. b.0.2 if the CET1 is in the second quartile;
  3. c.0.4 if the CET1 is in the third quartile; and
  4. d.0.6 if the CET1 is in the fourth quartile
MDA should be reduced by:
1. i.A distribution in connection with CET1 capital;
2. ii.Variable remuneration pay or discretionary pension benefits, or variable remuneration pay if the obligation to pay was created at a time when the institution failed to meet the CBR; and
3. iii.Payments on additional tier 1 instruments.
Specific Requirements for Tier 2 instruments
23.Banks have to follow the Tier 2 criteria in the Tier Capital Supply Standard as well as the following additional requirements of this Standard:
Amortisation of Tier 2 Instruments
24.Recognition of the instrument as Tier 2 Capital in its final 5 years to maturity is amortised on a straight-line basis by 20% per annum.
25.If the instrument is repayable in separate tranches, each tranche shall be amortised individually, as if it were a separate loan.
Transition Period
Grandfathering Rules for Additional Tier 1 and Tier 2
26.The below two grandfathering rules apply only to instruments that were issued before the effective date of the Capital Regulation (being 1 February 2017).
1. i.Instruments that are fully Basel III complaint will be grandfathered at 100% eligibility for 10 years starting from Jan 1, 2018 until 31 Dec 2027.
2. ii.Instruments that are not Basel III compliant do no longer qualify as non-common equity Tier 1 capital or Tier 2 capital and will be phased out beginning 1st January 2018.
27.Fixing the base at the nominal amount of such instruments outstanding on 1 January 2018, their recognition is/was capped at 90% from 1 January 2018, with the cap reducing by 10 percentage points in each subsequent year.
28.This cap is applied to Additional Tier 1 and Tier 2 Instruments on an individual instrument base and refers to the amount of that instrument outstanding that no longer meets the relevant entry criteria.
29.If an instrument is repaid in separate tranches, the cap is applied to the reduced amount in all circumstances.

Appendix A: Application Process:
The application process for banks issuing Additional Tier 1 or Tier 2 is a two-stage process:
1.Initial information to be provided to the Central Bank:
The bank shall inform the Central Bank prior to making an official application for approval of any and every issuance. The bank must provide to the Central Bank the following information:
1. 1.Reason(s) for the issuance of the instrument.
2. 2.Main features of the planned instrument: Section 1, 2 and 3 of the Capital Notification form (signature not required).
3. 3.Capital planning for 5 years including balance sheet growth and business performance:
  1. i.assuming approval of the proposed instrument
  2. ii.without the proposed instrument
4. 4.Stress Testing with a stress scenario of the top 2 credit customers are defaulting with the proposed instrument
5. 5.The Central Bank – Financial Stability Stress Department Test results
The intention of such instrument request will be reviewed by the Central Bank and a Non-objection may be granted, so that the bank can proceed with the second stage of the approval process.
2.Actual application to the Central Bank:
To start the approval process, the bank must submit all of the following documents:
1. i.Legal Opinion of an independent appropriately qualified and experienced lawyer that the terms and conditions are compliant with the requirements detailed in the Capital Regulations, Standards and Guidance.
2. ii.Legal opinion of an independent appropriately qualified and experienced lawyer that the obligations contained in terms and conditions will constitute legal, valid, binding and enforceable obligations.
3. iii.Legal opinion of an independent appropriately qualified and experienced lawyer that the Self-Assessment of the issuing bank meets the Conditions and the Capital Regulations.
4. iv.Written confirmation from the bank’s external auditor on the accounting treatment of the Instrument.
5. v.Fully completed Application form (CN1-form), signed by the CEO, CFO, Head of Internal Audit, Head of Compliance and Head of Risk.
6. vi.Detailed terms and conditions of the Instrument that will be part of the prospectus/contract
  1. a.Note that the CN-1 form must contain details of any new, unusual or different features of the instrument
  2. b.Comparison of the intended terms and conditions with a version that is already publicly available and approved by the Central Bank. (Black-lined version)
7. vii.Key SPV-related incorporation documents and underlying mudaraba agreement, if applicable:
8. viii.Market Conformity Analysis (if the instrument will be privately placed).
9. ix.Any other documents requested by the Central Bank, if deemed necessary.

Appendix B: Central Bank of UAE – Processes and Requirements Form for Financial Institutions Operating in UAE

Summary checklist notification to the Central Bank in relation to a regulatory_capital instrument. In addition, kindly supply the following specific information: the CN1-form and the draft terms and conditions of the instrument. Please note that a submission is incomplete unless all requested information has been supplied.

Documentation	Enter
Stage 1: Initial Information to the Central Bank
Name of the bank
Reasons for the issuance of the instrument
Bank to inform the Central Bank from the beginning of the instrument and main features of the capital increase
Main features of the planned capital Instrument (section 1, 2 and 3 of the Capital Notification Form 1- CN1 Form which is uploaded on the online Central Bank’s portal under Basel tab)
Capital Planning for 5 years under: i.Business as usual conditions ii.Without the Instrument
Stress testing results, including results for one scenario in which top 2 credit customers default
Central Bank- Financial Stability Department stress test results
Stage 2: Application Content	Check
The bank must submit the following documents to start the approval process:
a.A legal opinion of an independent appropriately qualified and experienced lawyer that the terms and conditions are in compliance with the requirements detailed in the Capital Regulations, Standards and Guidance.
b.Legal opinion of an independent appropriately qualified and experienced lawyer that the obligations contained in terms and conditions will constitute legal, valid, binding and enforceable obligations.
c.Legal opinion of an independent appropriately qualified and experienced lawyer that the Self-Assessment of the issuing bank meets the Conditions and the Capital Regulations.
d.Written confirmation from the bank’s external auditor on the accounting treatment of the Instrument
e.Fully completed CN1-form signed by the CEO, CFO, Head of Internal Audit, Head of Compliance and Head of Risk
f.Detailed terms and conditions that will be part of the prospectus (Note that a comparison of the terms and conditions need to be black-lined if any changes occur)
g.Key SPV-related incorporation documents and underlying mudaraba agreement, if applicable.
h.Market Conformity Analysis (if the instrument will be privately placed)
i.Any other documents requested by the Central Bank, if deemed necessary.

Appendix C: Process of the Eligibility of Capital Instruments
Banks will adhere to the following process when an application for the eligibility of a current capital instrument is submitted to the Central Bank:
1. i)The bank has to determine if the current capital instrument has the following features:
  1. a)A conditional Point of Non-Viability (PONV) that;
  2. b)Needs to be activated by the Central Bank.
2. ii)Once (i) has been met as:
  1. a)Yes: A letter from the Central Bank, the bank should request a letter from the Central Bank, which activates the PONV.
  2. b)No: The bank may directly go to (iii) without approaching the Central Bank for a letter to activate the PONV.
3. iii)The bank will need to follow the Stage 2 process in Appendix B then approach its appointed external lawyers who will certify if the capital instrument conforms to the requirements of the Central Bank for grandfathering purposes. This certification will have to accompany the eligibility application to the Central Bank.
4. iv)The Central Bank will determine if the application fulfills the necessary requirements as approved by the Board of the Central Bank.
5. v)The final application will be submitted to the Central Bank. The Central Bank will decide as to which grandfathering clause to apply to the capital instrument.
It should be noted that a separate eligibility application for each current capital instrument is required by the Central Bank.

IV. Credit Risk

I. Introduction and Scope
1.All banks operating in the UAE must use the Standardised Approach to calculate their capital requirements for credit risk with effect from 31st March 2021.
2.The requirements of the standardised approach for risk weighting of banking book exposures set out in the below sections with regards to exposures related to securitization are risk weighted based on the Standards on Capital for Securitisation Exposures.
3.Exposures related to banks’ equity investments in funds are risk weighted based on the requirements of the below Standard on Equity Investments in Funds. The credit equivalent amount of over-the-counter (OTC) derivatives that expose a bank to counterparty credit risk is calculated under the requirements set forth in the below Standard on Counterparty Credit Risk Capital. Risk-weighted asset amounts for Credit Valuation Adjustment (CVA) risk are calculated based on the provisions set out below in the Standard, Credit Valuation Adjustment
4.In determining the risk weights in the standardised approach, banks must use assessments by external credit assessment institutions recognised as eligible for capital purposes by the Central Bank in accordance with the criteria defined in the Guidance on Recognition of External Credit Assessment Institutions (ECAI). Exposures must be risk-weighted net of specific provisions.
5.The Standards follow the calibration developed by the Basel Committee, which includes a maximum risk weight of 1250%, calibrated on a total capital adequacy requirement of 8%. The UAE instituted a higher minimum capital requirement of 10.5% (excluding capital buffers), applicable to all licensed banks. Consequently, the maximum capital charge for a single exposure will be the lesser of the value of the exposure after applying valid credit risk mitigation, netting and haircuts, and the capital resulting from applying a risk weight of 952% (reciprocal of 10.5%) to this exposure

II. Definitions
In general, terms in this Standard have the meanings defined in other Regulations and Standards issued by the Central Bank. In addition, the following terms have the meanings defined in this Standard.
1. a.Credit conversion factors (CCF): factors used to convert off-balance-sheet items into credit exposure equivalents. Counterparty risk weightings for OTC derivative transactions will not be subject to any specific ceiling.
2. b.Credit risk mitigation (CRM): technique used by a credit institution to reduce the credit risk associated with an exposure it holds.
3. c.Non-Commercial PSEs: Administrative bodies accountable to UAE Federal Government and Emirates Governments or to Local Authorities and other non-commercial undertakings owned by the UAE Federal Government and Emirates Governments or Local Authorities.
4. d.Delivery versus payment (DvP): a securities delivery arrangement in which there is simultaneous exchanges of securities for cash.
5. e.LTV Ratio: The LTV ratio is the amount of the loan divided by the value of the property. The value of the property must be maintained at the value measured at origination unless the Central Bank requires banks to revise the property value downward. The value must be adjusted if an extraordinary, idiosyncratic event occurs resulting in a permanent reduction of the property value. Modifications made to the property that unequivocally increase its value could also be considered in the LTV.
6. f.Multilateral Development Bank (MDB): an international financial institution chartered by two or more countries for the purpose of encouraging economic development.
7. g.Over-the-counter (OTC) derivatives: contracts that are traded (and privately negotiated) directly between two parties, without going through an exchange or other intermediary.
8. h.Payment versus payment (PvP): a mechanism in a foreign exchange settlement system to ensure that a final transfer of one currency occurs only if a final transfer of the other currency or currencies also takes place.
9. i.Specific provisions: the specific provision requirements as set out in the Regulation for Classification of Loans and their Provisions (Circular 28/2010) and the Clarification and Guidelines Manual for Circular No 28/2010.
10. j.Undertakings for collective investments in transferable securities (UCITS): a regulatory framework of the European Commission that creates a harmonized regime throughout Europe for the management and sale of mutual funds. UCITS funds can be registered in Europe and sold to investors worldwide using unified regulatory and investor protection requirements.

III. Individual Exposures

A. Sovereigns and Central Banks
6.Exposure to the Federal Government and Emirates Government receives 0% risk weight, if such exposures are denominated and funded in AED or USD for a transition period of 7 years from the date of implementation of this Standard. After the transition period, 0% risk weights are only applied to exposures that are denominated and funded in AED.
7.A 0% risk weight may also be applied to exposures to other GCC sovereigns and their central banks only if these exposures are denominated and funded in the domestic currency of that sovereign and the Supervisory authority of that sovereign has adopted such preferential treatment for exposures to its own sovereign and central bank.
8.Exposure to the Federal Government and Emirates Government in currencies other than AED or USD and claims on other sovereigns and central banks that do not meet the criteria set out in paragraph 6, are risk weighted as follows:
Credit Assessment AAA to AA- A+ to A- BBB+ to BBB- BB+ to B- Below B- Unrated
Risk Weight 0% 20% 50% 100% 150% 100%

9.Exposure to the Bank for International Settlements, the International Monetary Fund, the European Central Bank, the European Union, the European Stability Mechanism (ESM) and the European Financial Stability Facility (EFSF) receive a 0% risk weight.

B. Public Sector Entities (PSEs)
10.PSEs include the following categories:
1. (i)Non-Commercial PSEs; and
2. (ii)Other PSEs including commercial PSEs (Government Related Entity (GRE) i.e. commercial PSEs that are fully owned or more than 50% in ownership by the UAE government).
11.Non-Commercial PSEs that are acknowledged by the Central Bank may be treated in the same as Claims on Bank. However, the preferential treatment for short-term claims under Claims on Bank must not be applied to non-commercial PSE. The Central Bank issues a GRE list to banks on a regular basis that the Central Bank considers Non-Commercial PSEs that qualify for this treatment. The Central Bank may allow certain domestic Non-Commercial PSEs to be treated same manner as claims on UAE sovereign if these entities have specific revenue raising powers and have specific institutional arrangements the effect of which is to reduce their risks of default.
12.Exposure to all other PSEs that are not included on the Central Bank’s list must be treated like exposures to corporates as per section III.F below.

C. Multilateral Development Banks (MDBs)
13.With the exception of the MDBs that meet the criteria specified at paragraph 14 below, the risk weights applied to exposures to MDBs must be based on external credit assessments as set out in the table below.
Credit assessment of MDBs AAA to AA- A+ to A- BBB+ to BBB- BB+ to B- Below B- Unrated
Risk weight 20% 50% 50% 100% 150% 50%

14.A 0% risk weight will be applied to exposures to highly rated MDBs that meet the Basel Committee on Banking Supervision (BCBS) eligibility criteria for MDBs risk weighted at 0%.
1. (i)The BCBS will continue to evaluate eligibility on a case-by-case basis so it is not possible to provide a definitive list of the MDBs that satisfy the BCBS's eligibility criteria. The up-to-date list of MDBs that meet the BCBS's eligibility criteria can be found on the BCBS's website www.bis.org.
2. (ii)As a national discretion, exposures to the Arab Monetary Fund (AMF) receive 0% risk weight.

D. Banks
15.Claims on banks must be risk weighted based on the external credit assessment of the bank itself as set out in the table below. For the purposes of calculating capital requirements, a bank exposure is defined as a claim on any financial institution that is licensed to take deposits from the public and is subject to appropriate prudential standards and level of supervision.
16.Claims on unrated banks shall be risk-weighted at 50%. No claim on an unrated bank may receive a risk weight lower than that applied to claims on its sovereign of incorporation.
17.A preferential risk weight that is one category more favourable shall be applied to claims with an original maturity of three months or less, subject to a floor of 20%. This treatment shall be available to both rated and unrated banks, but not to banks risk weighted at 150%. Short-term claims in the table below are defined as having an original maturity of three months or less. However, claims with (contractual) original maturity under three months which are rolled over (i.e., where the effective maturity is longer than three months) shall not qualify as short-term claims and shall not enjoy the preferential risk weighting treatment.
Credit assessment of Banks AAA to AA- A+ to A- BBB+ to BBB- BB+ to B- Below B- Unrated
Risk Weight 20% 50% 50% 100% 150% 50%
Risk Weight Short Term claims 20% 20% 20% 50% 150% 20%

E. Securities Firms
18.Claims on securities firms shall be treated as claims on banks provided the securities firms are authorized by a competent authority and subject to supervisory and regulatory arrangements that are the same or equivalent to those under this standards, including, in particular, risk-based capital requirements. Otherwise, such claims must follow the rules for claims on corporates as per section III F below.

F. Corporates
19.The table provided below in the next paragraph illustrates the risk weighting of rated corporate claims, including claims on insurance companies.
20.The standard risk weight for unrated claims on corporates shall be 100%. No claim on an unrated corporate may be given a risk weight that is lower than that assigned to its sovereign of incorporation. For unrated exposures to Small- and Medium-sized Entities (SME) that do not meet the criteria in paragraph 21, an 85% risk weight will be applied. The Central Bank may, at its sole discretion, require a higher risk weighting for some unrated corporates as advised to banks directly where appropriate.
Credit assessment AAA to AA- A+ to A- BBB+ to BB- Below BB- Unrated
Risk Weight 20% 50% 100% 150% 100%

G. Regulatory Retail Portfolios
21.A 75% risk weighting may apply for exposures classified as “Retail” except as provided below for past due loans as per section III J below. For an exposure to be classified as “Retail” the Central Bank will need to be satisfied that the four criteria listed below are met:
1. (i)Orientation criterion – Exposure to a natural person or persons, or Small- and Medium-sized Entities (SME);
2. (ii)Product criterion – Eligible products included are credit cards, revolving credit, personal lending and small business credit facilities. Residential mortgage products are excluded as these are treated separately as “Claims Secured by Residential Property” as per section H below;
3. (iii)Granularity criterion – No exposure to any one counterparty can exceed 0.20% of the total regulatory retail portfolio being evaluated (exposure is gross before any credit risk mitigation; and one counterparty includes connected persons);
4. (iv)Value criterion –
  1. (i)Maximum aggregated exposure to one counterparty must not exceed the value of AED 4,000,000 for exposures to SME,
  2. (ii)For all other exposures, the maximum aggregated exposure to one counterparty must not exceed the value of AED 2,000,000.
22.The Central Bank reserves the right to increase the 75% risk weight if this risk weight value is deemed to be too low based on the default experience for these types of exposures in the UAE. Exposures to SMEs that do not meet all of the above criteria set out in paragraph 21 are treated as under the corporate asset class and must follow the rules for claims on corporates as per Section III F above.

H. Claims Secured by Residential Property
23.A 35% risk weighting shall apply to exposures fully secured by eligible immovable residential property that is occupied by the owner or that is rented, and where the purpose of the facility is to fund the purchase of the property. This risk weight value shall be applied only where there exists a substantial margin of additional security over the amount of the loan.
24.Residential property shall be considered eligible immovable property if the following criteria are met:
1. (i)A mortgage is enforceable in all jurisdictions which are relevant at the time of the conclusion of the credit agreement and shall be appropriately filed within a reasonable time;
2. (ii)All legal requirements for establishing the mortgage have been fulfilled;
3. (iii)The protection agreement and the legal process underpinning it enable the bank to realise the value of the property within a reasonable timeframe;
4. (iv)Location of the property must be in the UAE; and
5. (v)Banks shall have in place procedures to monitor that the property taken as credit protection is adequately insured against the risk of damage.
25.Banks shall be responsible to monitor on an ongoing basis that the criteria listed in paragraph 24 above are met. In case of failure to conduct such internal monitoring or if the results of such internal monitoring indicate that the criteria are not met, the residential property cannot be considered eligible immovable property for the application of the 35% risk weight.
26.Banks shall clearly document the types of residential immovable property they accept and their lending policies in this regard.
27.Exposures secured by eligible residential real estate, as specified by the eligibility criteria set out in paragraph 24 above, and for which the 35% risk weight applies must not exceed any of the two items below:
1. (i)85% of the market value of the property (i.e., the LTV ratio must be less than or equal to 85%); and
2. (ii)AED 10 million;
28.If the two criteria listed above in paragraph 27 cannot be definitively established or met, then the 35% risk weight cannot be applied. If the exposure meets the criteria for regulatory retail claims as set out at paragraph 21 then a 75% risk weight applies, otherwise a 100% risk weighting must be used.
29.The Central Bank may increase the 35% risk weight if this risk weight is deemed to be too low based on the default experience for these types of exposures in the UAE.

I. Claims Secured by Commercial Real Estate
30.A 100% risk weighting shall apply to exposures secured by commercial real estate. For the purposes of this paragraph, a commercial real estate exposure is an exposure secured by immovable property that is not residential real estate as per section III H above.

J. Past Due Loans
31.The unsecured portion of any loan (other than a residential mortgage loan as per section H above) that is past due for more than 90 days, net of specific provisions (including partial write-offs), must be risk-weighted as follows:
1. (i)150% risk weight when specific provisions are less than 20% of the outstanding amount of the loan;
2. (ii)100% risk weight when specific provisions are 20% and above of the outstanding amount of the loan.
32.In the case of residential mortgage loans as per section H above, when such loans are past due for more than 90 days they shall be risk weighted at 100%, net of any specific provisions.
33.For the purpose of defining the secured portion of the past due loan, eligible collateral and guarantees shall be the same as for Credit Risk Mitigation set out below at section IV.
34.Past due retail loans are to be excluded from the overall regulatory retail portfolio when assessing the granularity criterion specified in Paragraph 21, for risk-weighting purposes.

K. Higher Risk Categories
35.The following claims shall be risk weighted at 150% or higher:
1. (i)Claims on sovereigns, PSEs, banks, and securities firms rated below B-;
2. (ii)Claims on corporates rated below BB-;
3. (iii)Past due loans as set out in section J above; and
4. (iv)Real estate acquired in settlement of debt and not liquidated within the statutory period (Article 93 of Federal Law).
36.The Central Bank may apply a 150% or higher risk weight reflecting the higher risks associated with the assets.
37.The risk weights applicable to securitisation and re-securitisation exposures are set out in the Standards on Capital for Securitisation Exposures.

L. Other Assets
38.Gold bullion held in own vaults or on an allocated basis to the extent backed by bullion liabilities shall be treated as cash and therefore risk-weighted at 0%.
39.Cash items in the process of collection are risk-weighted at 20%.
40.Investments in commercial entities shall be treated as per the Capital Supply standard.
41.Exposure to investments in the capital of banking, securities, financial and insurance entities, must be treated as per the Capital Supply standard.
42.The treatment of securitisation exposures is presented separately in line with Securitisation Standard below in these standards.
43.The standard risk weight for exposure to all other assets not specifically mentioned shall be 100%.

M. Off-Balance Sheet Items
44.Off-balance sheet items must be converted into credit exposure equivalents through the use of CCF.
Credit Conversion Factor of 100%
45.The following items must be converted into credit exposure equivalents through the use of CCF of 100%:
1. (i)All direct credit substitutes, including general guarantees of indebtedness (such as standby letters of credit serving as financial guarantees for loans and securities) and acceptances (such as endorsements with the character of acceptances);
2. (ii)Sale and repurchase agreements and asset sales with recourse, where the credit risk remains with the bank;
3. (iii)Forward asset purchases, forward deposits and commitments for the unpaid portion of partly-paid shares and securities which represent commitments with certain draw-downs, and which shall be risk-weighted according to the type of asset and not according to the type of counterparty with whom the transaction has been entered into;
4. (iv)The lending of banks’ securities or the posting of securities as collateral by banks, including instances where these arise out of repo-style transactions (i.e., repurchase/reverse repurchase and securities lending/securities borrowing transactions). Section IV on credit risk mitigation sets out the requirements for the calculation of risk-weighted assets where the credit converted exposure is secured by eligible collateral;
5. (v)Off-balance sheet items that are credit substitutes not explicitly included in any other category (including credit derivatives such as credit default swaps).
Credit Conversion Factor of 50%
46.The following items must be converted into credit exposure equivalents through the use of CCF of 50%:
1. (i)Transaction-related contingent items (e.g., performance bonds, bid bonds warranties, and standby letters of credit related to particular transactions);
2. (ii)Underwriting commitments under note issuance and revolving underwriting facilities regardless of maturity of the underlying facility;
3. (iii)Other commitments that are not unconditionally cancellable with an original maturity exceeding one year.
Credit Conversion Factor of 20%
47.The following items must be converted into credit exposure equivalents through the use of CCF of 20%:
1. (i)Other commitments not unconditionally cancellable with an original maturity of one year or less; and
2. (ii)Short-term self-liquidating trade letters of credit arising from the movement of goods (e.g., documentary credits collateralised by the underlying shipment), for both issuing and confirming banks.
Credit Conversion Factor of 0%
48.Any commitments that are unconditionally cancellable at any time by the bank without prior notice, or that effectively provide for automatic cancellation due to deterioration in a borrower’s creditworthiness must be converted into credit exposure equivalents using CCF of 0%.
Other Principles
49.Where there is an undertaking to provide a commitment on an off-balance sheet item (i.e., commitment for a commitment), banks shall apply the lower of the two applicable CCFs.
50.The credit equivalent amount of OTC derivatives that expose a bank to counterparty credit risk shall be calculated under the rules set forth below in the Counterparty Credit Risk Standard below.
Failed Trades and Non-DvP Transactions
51.Banks shall closely monitor securities, commodities, and foreign exchange transactions that have failed or not been timely settled.
Principles for Failed Trades and Non-DvP Transactions
52.DvP also refers to PvP transactions for the purpose of this Standard. Transactions settled through a DvP system, providing simultaneous exchanges of securities for cash, expose firms to a risk of loss on the difference between the transaction valued at the agreed settlement price and the transaction valued at current market price (i.e., positive current exposure). Transactions where cash is paid without receipt of the corresponding receivable (securities, foreign currencies, gold, or commodities) or, conversely, deliverables were delivered without receipt of the corresponding cash payment (i.e., non-DvP, or free-delivery transactions) expose firms to a risk of loss on the full amount of cash paid or deliverables delivered. Specific capital charges address these two kinds of exposures.
53.The following capital treatment is applicable to all transactions on securities, foreign exchange instruments, and commodities that give rise to a risk of delayed settlement or delivery. This includes transactions through recognised clearing houses that are subject to daily mark-to-market and payment of daily variation margins and that involve a mismatched trade. Repurchase and reverse-repurchase agreements as well as securities lending and borrowing that have failed to settle are excluded from this capital treatment. (All repurchase and reverse-repurchase agreements as well as securities lending and borrowing, including those that have failed to settle, shall be treated in accordance with the sections on CRM below).
54.In cases of a system wide failure of a settlement or clearing system, the Central Bank may use its discretion to waive capital charges until the situation is rectified.
55.Failure of a counterparty to settle a trade in itself shall not be deemed a default for purposes of credit risk.
Capital Requirements for Failed Trades and Non-DvP Transactions
56.The capital requirement for failed trades and Non-DvP transactions shall be calculated as follows:
1. (i)For DvP transactions, if the payments have not yet taken place five business days after the settlement date, firms must calculate a capital charge by multiplying the positive current exposure of the transaction by the appropriate factor, according to the table below.
  
  Number of working days after the agreed settlement date Corresponding risk multiplier
  From 5 to 15 8%
  From 16 to 30 50%
  From 31 to 45 75%
  46 or more 100%
3. (ii)For Non-DvP transactions (i.e., free deliveries), after the first contractual payment/delivery leg, the bank that has made the payment shall treat its exposure as a loan if the second leg has not been received by the end of the business day. This means that a bank shall use the risk weights set forth in the exposure classes set out in this Standard. However, when exposures are not material, banks may choose to apply a uniform 100% risk-weight to these exposures, in order to avoid the burden of a full credit assessment.
4. (iii)If five business days after the second contractual payment/delivery date the second leg has not yet effectively taken place, the bank that has made the first payment leg shall deduct from capital the full amount of the value transferred plus replacement cost, if any. This treatment shall apply until the second payment/delivery leg is effectively made.

IV. Credit Risk Mitigation

A. Introduction and General Requirements
Introduction
57.Banks may use a number of techniques to mitigate the credit risks to which they are exposed. For example, exposures may be collateralised by first priority claims, in whole or in part with cash or securities, a loan exposure may be guaranteed by a third party, or a bank may buy a credit derivative to offset various forms of credit risk. Additionally, banks may agree to net loans owed to them against deposits from the same counterparty.
58.In this Standard, “counterparty” is used to denote a party to whom a bank has an on or off-balance sheet credit exposure. That exposure may, for example, take the form of a loan of cash or securities (where the counterparty would traditionally be called the borrower), of securities posted as collateral, of a commitment or of exposure under an OTC derivatives contract
General Requirements for legal certainty
59.The Central Bank recognizes certain credit risk mitigation techniques for regulatory capital purposes, provided that all documentation used in collateralised transactions and for documenting on-balance sheet netting, guarantees and credit derivatives are binding on all parties and legally enforceable in all relevant jurisdictions, and that banks have conducted sufficient legal review to verify this and have a well-founded legal basis to reach this conclusion, and undertake such further review as necessary to ensure continuing enforceability.
60.Where a bank has a single exposure covered either by more than one type of credit risk mitigation, or by differing maturities of protection provided by the same credit protection provider, the bank shall:
1. (i)Subdivide the exposure into parts covered by each type or maturity of credit risk mitigation tool; and
2. (ii)Calculate the risk-weighted assets for each part obtained in point (i) above separately in accordance with the risk weights applicable to each exposure category as described in the relevant section.
61.The comprehensive approach for the treatment of collateral (described further below from paragraph 85) shall also be applied to calculate the counterparty risk charges for OTC derivatives and repo-style transactions booked in the trading book.
62.No transaction in which CRM techniques are used shall receive a higher capital requirement than an otherwise identical transaction where such techniques are not used.
63.The effects of CRM shall not be double counted. Therefore, no additional supervisory recognition of CRM for regulatory capital purposes shall be granted on claims for which an issue-specific rating is used that already reflects that CRM. Principal-only ratings shall also not be allowed within the framework of CRM to claims for which an external credit assessment can be conducted.
64.Considering that, while the use of CRM techniques reduces or transfers credit risk, it simultaneously may increase other risks (residual risks), and that residual risks include legal, operational, liquidity and market risks, banks shall employ robust procedures and processes to control these risks, including strategy, consideration of the underlying credit, valuation, policies and procedures, systems, control of roll-off risks, and management of concentration risk arising from the bank’s use of CRM techniques and its interaction with the bank’s overall credit risk profile. Where these risks are not adequately controlled, the Central Bank may impose additional capital charges or take other supervisory actions under Pillar 2.
65.The banks shall also observe the Central Bank’s Pillar 3 requirements to obtain capital relief in respect of any CRM techniques.

B. Collateralised Transactions
66.A collateralised transaction is one in which:
1. (i)Banks have a credit exposure or potential credit exposure; and
2. (ii)Credit exposure or potential credit exposure is hedged in whole or in part by collateral posted by a counterparty or by a third party on behalf of the counterparty.
67.Where banks take eligible financial collateral (e.g., cash or securities, more specifically as per section IV C (a)), they are allowed to reduce their credit exposure to a counterparty when calculating their capital requirements to take account of the risk mitigating effect of the collateral.
Overall framework
68.Banks may opt for either the simple approach (described further in Section IV C(c)), which substitutes the risk weighting of the collateral for the risk weighting of the counterparty for the collateralised portion of the exposure (generally subject to a 20% floor), or for the Comprehensive Approach (described further in Section IV C(b)), which allows fuller offset of collateral against exposures, by effectively reducing the exposure amount by the value ascribed to the collateral.
69.Partial collateralisation is recognised in both approaches.
70.Mismatches in the maturity of the underlying exposure and the collateral shall only be allowed under the comprehensive approach.
71.Banks shall operate under either the simple approach or comprehensive approach, but not both approaches, in the banking book, but only under the comprehensive approach in the trading book.
72.Banks that intend to apply the comprehensive approach require prior approval from the Central Bank.
Minimum Conditions
73.The minimum conditions set out below must be met before capital relief will be granted in respect of any form of collateral under either the simple approach or comprehensive approach.
74.In addition to the general requirements for legal certainty set out above at paragraph 59 to 65, the legal mechanism by which collateral is pledged or transferred shall ensure that the bank has the right to liquidate or take legal possession of it, in a timely manner, in the event of the default, insolvency or bankruptcy (or one or more otherwise-defined credit events set out in the transaction documentation) of the counterparty (and, where applicable, of the custodian holding the collateral). Furthermore, banks shall take all steps necessary to fulfil those requirements under the law applicable to the bank’s interest in the collateral for obtaining and maintaining an enforceable security interest, e.g., by registering it with a registrar, or for exercising a right to net or set off in relation to title transfer collateral.
75.In order for collateral to provide protection, the credit quality of the counterparty and the value of the collateral must not have a material positive correlation (for example, securities issued by the counterparty - or by any related group entity - would provide little protection and so would be ineligible).
76.Banks shall have clear and robust procedures for the timely liquidation of collateral to ensure that any legal conditions required for declaring the default of the counterparty and liquidating the collateral are observed, and that collateral can be liquidated promptly.
77.Where the collateral is held by a custodian, banks shall take reasonable steps to ensure that the custodian segregates the collateral from its own assets.
78.A capital requirement shall be applied to a bank on either side of the collateralised transaction (for example, both repos and reverse repos shall be subject to capital requirements). Likewise, both sides of a securities lending and borrowing transaction shall be subject to explicit capital charges, as shall the posting of securities in connection with a derivative exposure or other borrowing.
79.Where a bank, acting as an agent, arranges a repo-style transaction (i.e., repurchase/reverse repurchase and securities lending/borrowing transactions) between a customer and a third party and provides a guarantee to the customer that the third party will perform on its obligations, then the risk to the bank shall be the same as if the bank had entered into the transaction as a principal. In such circumstances, a bank shall be required to calculate capital requirements as if it were itself the principal.
The simple approach
80.In the simple approach the risk weighting of the collateral instrument collateralising or partially collateralising the exposure shall be substituted for the risk weighting of the counterparty. Details of this framework are provided further below at section IV C (c).
The comprehensive approach
81.In the comprehensive approach, when taking collateral, banks shall calculate their adjusted exposure amount to a counterparty for capital adequacy purposes in order to take account of the effects of that collateral. Using haircuts, banks shall adjust both the amount of the exposure to the counterparty and the value of any collateral received in support of that counterparty to take account of possible future fluctuations in the value of either, occasioned by market movements (exposure amounts may vary, for example where securities are being lent.) This will produce volatility-adjusted amounts for both exposure and collateral. Unless either side of the transaction is cash, the volatility-adjusted amount for the exposure shall be higher than the exposure and for the collateral, it shall be lower.
82.Where the exposure and collateral are held in different currencies an additional downwards adjustment shall be made to the volatility adjusted collateral amount to take account of possible future fluctuations in exchange rates.
83.Where the volatility-adjusted exposure amount is greater than the volatility-adjusted collateral amount (including any further adjustment for foreign exchange risk), banks shall calculate their risk-weighted assets as the difference between the two multiplied by the risk weight of the counterparty. The framework for performing these calculations is set out further below in paragraph 97 to 100.
84.Banks shall use the standard supervisory haircuts and the parameters therein as set by the Central Bank. The use of own-estimate haircuts that rely on banks own internal estimates of market price volatility is prohibited.
85.The size of the individual haircuts shall depend on the type of instrument, type of transaction and the frequency of marking-to-market and re-margining (for example, repo style transactions subject to daily marking-to-market and to daily re-margining will receive a haircut based on a 5-business day holding period and secured lending transactions with daily mark-to-market and no re-margining clauses will receive a haircut based on a 20-business day holding period. These haircut numbers will be scaled up using the square root of time formula depending on the frequency of re-margining or marking-to-market).
86.For certain types of repo-style transactions (broadly speaking government bond repos) banks are permitted in certain cases not to apply the standard supervisory haircuts in calculating the exposure amount after risk mitigation. Paragraph 108 lists cases where such treatment is allowed.
87.The effect of master netting agreements covering repo-style transactions can be recognised for the calculation of capital requirements subject to the conditions specified in Paragraph 110.
On-balance sheet netting
88.Where banks have legally enforceable netting arrangements for loans and deposits they may calculate capital requirements on the basis of net credit exposures subject to the conditions in paragraphs 120.
Guarantees and credit derivatives
89.Where guarantees or credit derivatives are direct, explicit, irrevocable and unconditional, and the Central Bank is satisfied that banks fulfil certain minimum operational conditions relating to risk management processes, banks are allowed to take account of such credit protection in calculating capital requirements.
90.A range of guarantors and protection providers are recognized by the Central Bank. A substitution approach shall be applied. Thus only guarantees issued by or protection provided by entities with a lower risk weight than the counterparty will lead to reduced capital charges since the protected portion of the counterparty exposure is assigned the risk weight of the guarantor or protection provider, whereas the uncovered portion retains the risk weight of the underlying counterparty. Detailed operational requirements for the recognition of guarantees and credit derivatives are given below in paragraphs 122 to 128.
Maturity mismatch
91.Where the residual maturity of the CRM is less than that of the underlying credit exposure a maturity mismatch occurs.
92.Where there is a maturity mismatch and the CRM has an original maturity of less than one year, the CRM shall not be recognised for capital purposes. In other cases where there is a maturity mismatch, partial recognition shall be given to the CRM for regulatory capital purposes as detailed below in paragraphs 137 to 140.
93.Under the simple approach, such partial recognition is not allowed for collateral maturity mismatches.
Miscellaneous
94.The treatments for pools of credit risk mitigants and first- and second-to-default credit derivatives are given in paragraphs 141 to 145.

C. Collateral

a) Eligible financial collateral

95.The following collateral instruments are eligible for recognition in the simple approach:

(i)Cash (as well as certificates of deposit or comparable instruments issued by the lending bank) on deposit with the bank which is incurring the counterparty exposure.

Note 1: Cash funded credit linked notes issued by the bank against exposures in the banking book which fulfil the criteria for credit derivatives will be treated as cash collateralised transactions.

Note 2: When cash on deposit, certificates of deposit or comparable instruments issued by the lending bank are held as collateral at a third-party bank in a noncustodial arrangement, if they are openly pledged/assigned to the lending bank and if the pledge/assignment is unconditional and irrevocable, the exposure amount covered by the collateral (after any necessary haircuts for currency risk) will receive the risk weight of the third-party bank);
(ii)Gold;
(iii)Debt securities rated by a recognised external credit assessment institution where these are either:
- ○Rated at least BB- when issued by sovereigns or PSEs that are treated as sovereigns by the Central Bank; or
- ○At least BBB- when issued by other entities (including banks and securities firms); or
- ○At least A-3/P-3 for short-term debt instruments.
(iv)Debt securities not rated by a recognised external credit assessment institution where these are:
- ○Issued by a bank; and
- ○Listed on a recognised exchange; and
- ○Classified as senior debt; and
- ○All rated issues of the same seniority by the issuing bank must be rated at least BBB- or A-3/P-3 by a recognised external credit assessment institution; and
- ○The bank holding the securities as collateral has no information to suggest that the issue justifies a rating below BBB- or A-3/P-3 (as applicable); and
- ○The Central Bank is sufficiently confident about the market liquidity of the security.
(v)Equities (including convertible bonds) that are included in a main index (a widely accepted index that ensures adequate liquidity, depth of market, and size of bid-ask spread).
(vi)UCITS and mutual funds where:
- ○A price for the units is publicly quoted daily; and
- ○The UCITS/mutual fund is limited to investing in the instruments listed in this paragraph. However, the use or potential use by a UCITS/mutual fund of derivative instruments solely to hedge investments listed in this paragraph and the next paragraph shall not prevent units in that UCITS/mutual fund from being eligible financial collateral.

96.The following collateral instruments are eligible for recognition in the comprehensive approach:

(i)All of the collateral instruments that are eligible for recognition in the Simple Approach, as outlined in the above at paragraph 95;
(ii)Equities (including convertible bonds) which are not included in a main index but which are listed on a recognised exchange;
(iii)UCITS/mutual funds which include such equities.

b) The Comprehensive Approach

Calculation of Adjusted exposure

97.For a collateralised transaction, the exposure amount after risk mitigation is calculated as follows:

$E^{*} = max {0, [E x (1 + H e) - C \times (1 - H c - H f x)]}$

where:

E*	=	The exposure value after risk mitigation;
E	=	Current value of the exposure;
He	=	Haircut appropriate to the exposure;
C	=	The current value of the collateral received;
Hc	=	Haircut appropriate to the collateral; and
Hfx	=	Haircut appropriate for currency mismatch between the collateral and exposure.

98.The exposure amount after risk mitigation shall be multiplied by the risk weight of the counterparty to obtain the risk-weighted asset amount for the collateralised transaction.

99.The treatment for transactions where there is a mismatch between the maturity of the counterparty exposure and the collateral is given in paragraphs 137 to 140.

100.Where the collateral is a basket of assets, the haircut on the basket will be

$H = Σ_{ı} a_{i} H_{i}$

where:

a_i	=	The weight of the asset (as measured by units of currency) in the basket;
H_i	=	The haircut applicable to that asset.

Standard supervisory haircuts

101.The following table sets the standard supervisory haircuts (assuming daily mark-to-market, daily re-margining and a 10-business day holding period), expressed as percentages:

Issue rating for debt securities	Residual Maturity	Sovereigns ^(a)	Other issuers
AAA to AA-/A-1	≤ 1 year	0.5	1
	>1 year, ≤ 5 years	2	4
	> 5 years	4	8
A+ to BBB-/A-2/A-3/P-3 and unrated bank securities	≤ 1 year	1	2
	>1 year, ≤ 5 years	3	6
	> 5 years	6	12
BB+ to BB-	All	15
Gold		15
Equities (including convertible bonds) listed on a recognized exchange, including main index equities		25
UCITS/Mutual funds		Highest haircut applicable to any security in which the fund can invest
Cash in the same currency ^(b)		0

(a) includes multilateral development banks receiving a 0% risk weight.

(b) represents eligible cash collateral specified as 'Cash' as per item (i), in Paragraph 95.

102.The standard supervisory haircut for currency risk where exposure and collateral are denominated in different currencies is 8% (also based on a 10-business day holding period and daily mark-to-market).

103.For transactions in which the bank lends non-eligible instruments (e.g., noninvestment grade corporate debt securities), the haircut to be applied on the exposure must be the same as the one for equity traded on a recognised exchange.

Adjustment for different holding periods and non-daily mark-to-market or re-margining

104.For some transactions, depending on the nature and frequency of the revaluation and re-margining provisions, different holding periods are appropriate. The framework for collateral haircuts distinguishes between repo-style transactions (i.e., repo/reverse repos and securities lending/borrowing), “other capital-market-driven transactions” (i.e., OTC derivatives transactions and margin lending) and secured lending. In capital-market-driven transactions and repo-style transactions, the documentation contains re-margining clauses; in secured lending transactions, it generally does not.

105.The minimum holding period for various products or transactions is summarised in the table below:

Transaction type	Minimum holding period	Condition
Repo-style transaction	Five business days	Daily re-margining
Other capital market transactions	Ten business days	Daily re-margining
Secured lending	Twenty business days	Daily re-margining

106.When the frequency of re-margining or revaluation is longer than the minimum, the minimum haircut numbers shall be scaled up depending on the actual number of business days between re-margining or revaluation using the square root of time formula below:

where:

H	=	Haircut;
H_M	=	Haircut under the minimum holding period;
T_M	=	Minimum holding period for the type of transaction; and
N_R	=	Actual number of business days between re-margining for capital market transactions or revaluation for secured transactions.

107.When a bank calculates the volatility on a T_N day holding period which is different from the specified minimum holding period T_M, the H_M will be calculated using the square root of time formula:

where:

T_N	=	Holding period used by the bank for deriving H_N; and
H_N	=	Haircut based on the holding period T_N

For example, the 10-business day haircuts provided in the table under Paragraph 101 shall be the basis and this haircut shall be scaled up or down depending on the type of transaction and the frequency of re-margining or revaluation using the formula below:

where:

H	=	Haircut;
H₁₀	=	10-business day standard supervisory haircut for instrument;
N_R	=	Actual number of business days between re-margining for capital market transactions or revaluation for secured transactions; and
T_M	=	Minimum holding period for the type of transaction.

Conditions for zero Haircut on repo-style transactions with a core market participant

108.For repo-style transactions where the following conditions are satisfied, and the counterparty is a Core Market Participant (see definition in the next paragraph), banks may choose not to apply the haircuts specified in the Comprehensive Approach and may instead apply a haircut of zero. However, counterparties specified in 109 (iii), (iv), (v) and (vi) require prior approval from the Central Bank.

(i)Both the exposure and the collateral are cash or a sovereign security or PSE security qualifying for a 0% risk weight in the standardised approach;
(ii)Both the exposure and the collateral are denominated in the same currency;
(iii)Either the transaction is overnight or both the exposure and the collateral are marked-to-market daily and are subject to daily re-margining;
(iv)Following a counterparty’s failure to re-margin, the time that is required between the last mark-to-market before the failure to re-margin and the liquidation of the collateral is considered to be no more than four (4) business days. It is noted this does not require the bank to always liquidate the collateral but rather to have the capability to do so within the given time frame;
(v)The transaction is settled across a settlement system proven for that type of transaction;
(vi)The documentation covering the agreement is standard market documentation for repo-style transactions in the securities concerned;
(vii)The transaction is governed by documentation specifying that if the counterparty fails to satisfy an obligation to deliver cash or securities or to deliver margin or otherwise defaults, then the transaction is immediately terminable; and
(viii)Upon any default event, regardless of whether the counterparty is insolvent or bankrupt, the bank has the unfettered, legally enforceable right to immediately seize and liquidate the collateral for its benefit.

109.Core Market Participants are the following entities:

(i)Sovereigns, central banks and Non-commercial PSEs;
(ii)Banks and securities firms;
(iii)Other financial companies (including insurance companies) eligible for a 20% risk weight in the standardised approach;
(iv)Regulated mutual funds that are subject to capital or leverage requirements;
(v)Regulated pension funds; and
(vi)Recognised clearing organisations.

Treatment of repo-style transactions covered under master netting agreements

110.The effects of bilateral netting agreements covering repo-style transactions will be recognised on a counterparty-by-counterparty basis if the agreements are legally enforceable in each relevant jurisdiction upon the occurrence of an event of default and regardless of whether the counterparty is insolvent or bankrupt. In addition, netting agreements must:

(i)Provide the non-defaulting party the right to terminate and close-out in a timely manner all transactions under the agreement upon an event of default, including in the event of insolvency or bankruptcy of the counterparty; and
(ii)Provide for the netting of gains and losses on transactions (including the value of any collateral) terminated and closed out under it so that a single net amount is owed by one party to the other; and
(iii)Allow for the prompt liquidation or setoff of collateral upon the event of default; and
(iv)Be, together with the rights arising from the provisions required in (i) to (iii) above, legally enforceable in each relevant jurisdiction upon the occurrence of an event of default and regardless of the counterparty's insolvency or bankruptcy.

111.Netting across positions in the banking and trading book will only be recognized when the netted transactions fulfil both of the following two conditions:

(i)All transactions are marked to market daily. It is noted that the holding period for the haircuts will depend as in other repo-style transactions on the frequency of margining; and
(ii)The collateral instruments used in the transactions are recognised as eligible financial collateral in the banking book.

112.The formula in paragraphs 97 will be adapted to calculate the capital requirements for transactions with netting agreements.

113.For banks using the standard supervisory haircuts, the framework below will apply to take into account the impact of master netting agreements.

$E^{*} = max {0, [(Σ (E) - Σ (C)) + Σ (E_{s} \times H_{s}) + Σ (E_{f x} \times H_{f x})]}$

where:

E*	=	The exposure value after risk mitigation;
E	=	Current value of the exposure;
C	=	The value of the collateral received;
E_s	=	Absolute value of the net position in a given security;
H_s	=	Haircut appropriate to E_s;
E_fx	=	Absolute value of the net position in a currency different from the settlement currency; and
H_fx	=	Haircut appropriate for currency mismatch.

114.The intention here is to obtain a net exposure amount after netting of the exposures and collateral and have an add-on amount reflecting possible price changes for the securities involved in the transactions and for foreign exchange risk if any. The net long or short position of each security included in the netting agreement will be multiplied by the appropriate haircut. All other rules regarding the calculation of haircuts stated in paragraphs under the comprehensive approach equivalently apply for banks using bilateral netting agreements for repo-style transactions.

c) The Simple Approach

Minimum conditions

115.For collateral to be recognised in the simple approach the collateral must be pledged for at least the life of the exposure and it must be marked to market and revalued with a minimum frequency of six months. Those portions of claims collateralised by the market value of recognised collateral receive the risk weight applicable to the collateral instrument. The risk weight on the collateralised portion will be subject to a floor of 20% except under the conditions specified in paragraphs 116 to 118. The remainder of the claim must be assigned to the risk weight appropriate to the counterparty. A capital requirement will be applied to banks on either side of the collateralised transaction: for example, both repos and reverse repos will be subject to capital requirements.

Exceptions to the risk weight floor

116.Transactions that fulfil the criteria outlined in paragraph 108 and are with a core market participant, as defined in paragraph 109; receive a risk weight of 0%. If the counterparty to the transactions is not a core market participant, the transaction must receive a risk weight of 10%.

117.OTC derivative transactions subject to daily mark-to-market, collateralised by cash and where there is no currency mismatch must receive a 0% risk weight. Such transactions collateralised by sovereign can receive a 10% risk weight.

118.The 20% floor for the risk weight on a collateralised transaction will not be applied and a 0% risk weight can be applied where the exposure and the collateral are denominated in the same currency, and either:

(i)The collateral is cash on deposit as defined in item (i), namely Cash, in paragraph 95; or
(ii)The collateral is in the form of sovereign and its market value has been discounted by 20%.

d) Collateralised OTC derivatives transactions

119.Under the SA-CCR Standard, the calculation of risk weighted assets for counterparty credit risk depends on replacement cost and an add-on for potential future exposure, and takes into account collateral in the manner specified in that Standard. The haircut for currency risk (H_fx) must be applied when there is a mismatch between the collateral currency and the settlement currency. Even in the case where there are more than two currencies involved in the exposure, collateral and settlement currency, a single haircut assuming a 10- business day holding period scaled up as necessary depending on the frequency of mark- to-market will be applied.

D. On-Balance Sheet Netting
120.A bank may use the net exposure of loans and deposits as the basis for its capital adequacy calculation in accordance with the formula in Paragraph 97, where the bank:
1. (i)Has a well-founded legal basis for concluding that the netting or offsetting agreement is enforceable in each relevant jurisdiction regardless of whether the counterparty is insolvent or bankrupt;
2. (ii)Is able at any time to determine those assets and liabilities with the same counterparty that are subject to the netting agreement;
3. (iii)Monitors and controls its roll-off risks; and
4. (iv)Monitors and controls the relevant exposures on a net basis.
121.Assets (loans) are treated as exposure and liabilities (deposits) as collateral. The haircuts will be zero except when a currency mismatch exists. A 10-business day holding period will apply when daily mark-to-market is conducted and all the requirements stipulated under paragraphs 101, 107, and 137 to 140 will apply.

E. Guarantees and Credit Derivatives
a) Operational requirements
Operational requirements common to guarantees and credit derivatives
122.A guarantee (counter-guarantee) or credit derivative must represent a direct claim on the protection provider and must be explicitly referenced to specific exposures or a pool of exposures, so that the extent of the cover is clearly defined and incontrovertible. Other than non-payment by a protection purchaser of money due in respect of the credit protection contract it must be irrevocable; there must be no clause in the contract that would allow the protection provider unilaterally to cancel the credit cover or that would increase the effective cost of cover as a result of deteriorating credit quality in the hedged exposure (Note that the irrevocability condition does not require that the credit protection and the exposure be maturity matched; rather that the maturity agreed ex ante may not be reduced ex post by the protection provider. Paragraph 138 sets forth the treatment of call options in determining remaining maturity for credit protection). It must also be unconditional; there must be no clause in the protection contract outside the direct control of the bank that could prevent the protection provider from being obliged to pay out in a timely manner in the event that the original counterparty fails to make the payment(s) due.
Additional operational requirements for guarantees
123.In addition to the legal certainty requirements described in paragraph 59, in order for a guarantee to be recognised, the following conditions must be satisfied:
1. (i)On the qualifying default/non-payment of the counterparty, the bank may pursue the guarantor for any monies outstanding under the documentation governing the transaction within a reasonable time period. The guarantor may make one lump sum payment of all monies under such documentation to the bank, or the guarantor may assume the future payment obligations of the counterparty covered by the guarantee. The bank must have the right to receive any such payments from the guarantor without first having to take legal actions in order to pursue the counterparty for payment;
2. (ii)The guarantee is an explicitly documented obligation assumed by the guarantor; and
3. (iii)Except as noted in the following sentence, the guarantee covers all types of payments the underlying obligor is expected to make under the documentation governing the transaction, for example notional amount, margin payments etc. Where a guarantee covers payment of principal only, interests and other uncovered payments must be treated as an unsecured amount in accordance with paragraph 136.
Additional operational requirements for credit derivatives
124.In order for a credit derivative contract to be recognised, the following conditions must be satisfied:
1. (i)The credit events specified by the contracting parties must at a minimum cover:
  - ○Failure to pay the amounts due under terms of the underlying obligation that are in effect at the time of such failure (with a grace period that is closely in line with the grace period in the underlying obligation);
  - ○Bankruptcy, insolvency or inability of the obligor to pay its debts, or its failure or admission in writing of its inability generally to pay its debts as they become due, and analogous events; and
  - ○Restructuring of the underlying obligation involving forgiveness or postponement of principal, interest or fees that results in a credit loss event (i.e., charge-off, specific provision or other similar debit to the profit and loss account). When restructuring is not specified as a credit event, refer to the next paragraph;
2. (ii)If the credit derivative covers obligations that do not include the underlying obligation, item (vii) below governs whether the asset mismatch is permissible;
3. (iii)The credit derivative shall not terminate prior to expiration of any grace period required for a default on the underlying obligation to occur as a result of a failure to pay, subject to the provisions of paragraph 137;
4. (iv)Credit derivatives allowing for cash settlement are recognised for capital purposes insofar as a robust valuation process is in place in order to estimate loss reliably. There must be a clearly specified period for obtaining post-credit event valuations of the underlying obligation. If the reference obligation specified in the credit derivative for purposes of cash settlement is different than the underlying obligation, item (vii) below governs whether the asset mismatch is permissible;
5. (v)If the protection purchaser’s right/ability to transfer the underlying obligation to the protection provider is required for settlement, the terms of the underlying obligation must provide that any required consent to such transfer may not be unreasonably withheld;
6. (vi)The identity of the parties responsible for determining whether a credit event has occurred must be clearly defined. This determination must not be the sole responsibility of the protection seller. The protection buyer must have the right/ability to inform the protection provider of the occurrence of a credit event;
7. (vii)A mismatch between the underlying obligation and the reference obligation under the credit derivative (i.e. the obligation used for purposes of determining cash settlement value or the deliverable obligation) is permissible if (i) the reference obligation ranks pari passu with or is junior to the underlying obligation, and (ii) the underlying obligation and reference obligation share the same obligor (i.e., the same legal entity) and legally enforceable cross-default or cross-acceleration clauses are in place; and
8. (viii)A mismatch between the underlying obligation and the obligation used for purposes of determining whether a credit event has occurred is permissible if (i) the latter obligation ranks pari passu with or is junior to the underlying obligation, and (ii) the underlying obligation and reference obligation share the same obligor (i.e., the same legal entity) and legally enforceable cross-default or cross-acceleration clauses are in place.
125.When the restructuring of the underlying obligation is not covered by the credit derivative, but the other requirements in the previous paragraph are met, partial recognition of the credit derivative will be allowed. If the amount of the credit derivative is less than or equal to the amount of the underlying obligation, 60% of the amount of the hedge can be recognized as covered. If the amount of the credit derivative is larger than that of the underlying obligation, then the amount of eligible hedge is capped at 60% of the amount of the underlying obligation.
126.Only credit default swaps and total return swaps that provide credit protection equivalent to guarantees will be eligible for recognition. The exception stated in paragraph 127 below applies.
127.Where a bank buys credit protection through a total return swap and records the net payments received on the swap as net income, but does not record offsetting deterioration in the value of the asset that is protected (either through reductions in fair value or by an addition to reserves), the credit protection will not be recognised. The treatment of first-to-default and second-to-default products is covered separately in paragraphs 142 to 145.
128.Other types of credit derivatives will not be eligible for recognition at this time. Note that cash funded credit linked notes issued by the bank against exposures in the banking book which fulfil the criteria for credit derivatives will be treated as cash collateralised transactions.
b) Range of eligible guarantors (counter-guarantors)/protection providers
129.Credit protection given by the following entities will be recognised:
1. (i)Sovereign entities (including the Bank for International Settlements, the International Monetary Fund, the European Central Bank and the European Community, as well as those MDBs eligible for 0% risk weight listed in paragraph 14), PSEs, banks (including other MDBs) and Securities Firms with a lower risk weight than the counterparty;
2. (ii)Other entities rated A- or better by an eligible credit assessment institution. This would include credit protection provided by parent, subsidiary and affiliate companies when they have a lower risk weight than the obligor.
c) Risk weights
130.The protected portion is assigned the risk weight of the protection provider. The uncovered portion of the exposure is assigned the risk weight of the underlying counterparty.
131.Materiality thresholds on payments below which no payment is made in the event of loss are equivalent to retained first loss positions and must be deducted in full from the capital of the bank purchasing the credit protection.
Proportional cover
132.Where the amount guaranteed, or against which credit protection is held, is less than the amount of the exposure, and the secured and unsecured portions are of equal seniority, i.e., the bank and the guarantor share losses on a pro-rata basis capital relief will be afforded on a proportional basis: i.e., the protected portion of the exposure will receive the treatment applicable to eligible guarantees/credit derivatives, with the remainder treated as unsecured.
Tranched cover
133.Where the bank transfers a portion of the risk of an exposure in one or more tranches to a protection seller or sellers and retains some level of risk of the loan and the risk transferred and the risk retained are of different seniority, banks may obtain credit protection for either the senior tranches (e.g., second loss portion) or the junior tranche (e.g., first loss portion). In this case, the rules as set out in the Securitisation chapter below will apply.
d) Currency mismatches
134.Where the credit protection is denominated in a currency different from that in which the exposure is denominated — i.e., there is a currency mismatch — the amount of the exposure deemed to be protected will be reduced by the application of a haircut H_FX, i.e.
$G_{A} = G \times (1 - H_{F X})$
where:

G = Nominal amount of the credit protection;
H_FX = Haircut appropriate for currency mismatch between the credit protection and underlying obligation.

135.The appropriate haircut based on a 10-business day holding period (assuming daily marking-to-market) will be applied. Banks using the supervisory haircuts shall apply 8%. The haircut value of 8% must be scaled up using the square root of time formula, depending on the frequency of revaluation of the credit protection as described in paragraphs 106.
e) Sovereign guarantees and counter-guarantees
136.Portions of claims guaranteed by the UAE sovereign, where the guarantee is denominated in AED and the exposure is funded in AED are risk weighted at 0%. A claim may be covered by a guarantee that is indirectly counter-guaranteed by a sovereign. Such a claim may be treated as covered by a sovereign guarantee provided that:
1. (i)The sovereign counter-guarantee covers all credit risk elements of the claim;
2. (ii)Both the original guarantee and the counter-guarantee meet all operational requirements for guarantees, except that the counter-guarantee need not be direct and explicit to the original claim; and
3. (iii)The Central Bank is satisfied that the cover is robust and that no historical evidence suggests that the coverage of the counter-guarantee is less than effectively equivalent to that of a direct sovereign guarantee.

F. Maturity Mismatches

137.For the purposes of calculating risk-weighted assets, a maturity mismatch occurs when the residual maturity of a hedge is less than that of the underlying exposure.

a) Definition of maturity

138.The maturity of the underlying exposure and the maturity of the hedge must both be defined conservatively. The effective maturity of the underlying must be gauged as the longest possible remaining time before the counterparty is scheduled to fulfil its obligation, taking into account any applicable grace period. For the hedge, embedded options which may reduce the term of the hedge must be taken into account so that the shortest possible effective maturity is used. Where a call is at the discretion of the protection seller, the maturity will always be at the first call date. If the call is at the discretion of the protection buying bank but the terms of the arrangement at origination of the hedge contain a positive incentive for the bank to call the transaction before contractual maturity, the remaining time to the first call date will be deemed to be the effective maturity (For example, where there is a step-up in cost in conjunction with a call feature or where the effective cost of cover increases over time even if credit quality remains the same or increases, the effective maturity will be the remaining time to the first call).

b) Risk weights for maturity mismatches

139.As outlined in paragraph 95, hedges with maturity mismatches are only recognized when their original maturities are greater than or equal to one year. As a result, the maturity of hedges for exposures with original maturities of less than one year must be matched to be recognised. In all cases, hedges with maturity mismatches will no longer be recognised when they have a residual maturity of three months or less.

140.When there is a maturity mismatch with recognised credit risk mitigants (collateral, on-balance sheet netting, guarantees and credit derivatives) the following adjustment will be applied.

$P a = P \times (t - 0.25) / (T - 0.25)$

where:

Pa	=	Value of the credit protection adjusted for maturity mismatch;
P	=	Credit protection (e.g., collateral amount, guarantee amount) adjusted for any haircuts;
t	=	min (T, residual maturity of the credit protection arrangement) expressed in years; and
T	=	min (5, residual maturity of the exposure) expressed in years.

G. Other Items Related to the Treatment of CRM Techniques
a) Treatment of pools of CRM techniques
141.In the case where a bank has multiple CRM techniques covering a single exposure (e.g. a bank has both collateral and guarantee partially covering an exposure), the bank will be required to subdivide the exposure into portions covered by each type of CRM technique (e.g. portion covered by collateral, portion covered by guarantee) and the risk-weighted assets of each portion must be calculated separately. When credit protection provided by a single protection provider has differing maturities, they must be subdivided into separate protection as well.
b) First-to-default credit derivatives
142.There are cases where a bank obtains credit protection for a basket of reference names and where the first default among the reference names triggers the credit protection and the credit event also terminates the contract. In this case, the bank may recognize regulatory capital relief for the asset within the basket with the lowest risk-weighted amount, but only if the notional amount is less than or equal to the notional amount of the credit derivative.
143.With regard to the bank providing credit protection through such an instrument, if the product has an external credit assessment from an eligible credit assessment institution, the risk weight applied to securitisation tranches will be specified in the Securitisation Standard. If the product is not rated by an eligible external credit assessment institution, the risk weights of the assets included in the basket will be aggregated up to a maximum of 1250% and multiplied by the nominal amount of the protection provided by the credit derivative to obtain the risk-weighted asset amount.
c) Second-to-default credit derivatives
144.In the case where the second default among the assets within the basket triggers the credit protection, the bank obtaining credit protection through such a product will only be able to recognise any capital relief if first-default-protection has also been obtained or when one of the assets within the basket has already defaulted.
145.For banks providing credit protection through such a product, the capital treatment is the same as in paragraph 143, with one exception. The exception is that, in aggregating the risk weights, the asset with the lowest risk weighted amount can be excluded from the calculation.

V. Review Requirements
146.Bank calculations under this Standard and associated bank processes must be subject to appropriate levels of independent review and challenge. Reviews must cover material aspects of the calculations under this Standard, including but not limited to the measurement of on-balance-sheet and off-balance-sheet exposures, the use of credit conversion factors, the application of CRM, and the accuracy for all components of the credit risk capital calculation reported to the Central Bank as part of regulatory reporting.

VI. Shari’ah Implementation
Banks providing Islamic financial services must comply with the requirements and provisions of this Standard for their Shari’ah compliant transactions that are alternative to transactions referred to in this Standard, provided it is acceptable by Islamic Shari’ah. This is applicable until relevant Standards and/or guidelines are issued specifically for the transactions of banks offering Islamic financial services.

V. Counterparty Credit Risk

I. Introduction and Scope
1.This Standard articulates specific requirements for the calculation of risk-weighted assets (RWA) to recognize exposure amounts for Counterparty Credit Risk (CCR) for banks in the UAE. It replaces any and all previous approaches to assessment of counterparty credit risk for purposes of regulatory capital calculations. The Standard is based closely on requirements of the framework for capital adequacy developed by the Basel Committee on Banking Supervision, specifically the Standardized Approach for CCR as articulated in The standardized approach for measuring counterparty credit risk exposures, March 2014 (rev. April 2014), and subsequent clarifications thereto by the Basel Committee.
2.This Standard applies to all derivatives transactions, whether exchange-traded or over-the-counter, and also applies to long-settlement transactions (the “in-scope” transactions). In this Standard, references to “derivatives” should be understood to apply to all in-scope transactions.
3.This Standard formulates capital adequacy requirements that needs to be applied to all banks in UAE on a consolidated basis.
4.The Standards follow the calibration developed by the Basel Committee, which includes a maximum risk weight of 1250%, calibrated on a total capital adequacy requirement of 8%. The UAE instituted a higher minimum capital requirement of 10.5% (excluding capital buffers), applicable to all licensed banks. Consequently, the maximum capital charge for a single exposure will be the lesser of the value of the exposure after applying valid credit risk mitigation, netting and haircuts, and the capital resulting from applying a risk weight of 952% (reciprocal of 10.5%) to this exposure.

II. Definitions
In general, terms in this Standard have the meanings defined in other Regulations and Standards issued by the Central Bank. In addition, for this Standard, the following terms have the meanings defined in this section.
- •A basis transaction is a non-foreign-exchange (that is, denominated in a single currency) transaction in which the cash flows due to one counterparty depend on a risk factor that differs from the risk factor (from the same asset class) that determines payments due to the other counterparty.
- •A central counterparty (CCP) is an entity that interposes itself between counterparties to contracts traded within one or more financial markets, becoming the legal counterparty such that it is the buyer to every seller and the seller to every buyer.
- •A centrally cleared derivative transaction is a derivatives transaction that is cleared though a central counterparty.
- •A clearing member is an entity that conducts transactions through a central counterparty as a member of that central counterparty.
- •A commodity type is a set of commodities that have broadly similar risk drivers, such that the prices or volatilities of commodities of the same commodity type may reasonably be expected to move with similar direction and timing and to bear predictable relationships to one another.
- •Counterparty credit risk is the risk of loss due to a failure by a counterparty to an in-scope transaction to deliver to the bank according to contractual terms at settlement.
- •A hedging set is a set of transactions within a single netting set exposed to similar risk factors, and for which partial or full offsetting may be recognized in the calculation of the potential future exposure add-on.
- •The independent collateral amount (ICA) is collateral posted by a counterparty that the bank may seize upon default of the counterparty. ICA may be defined by the Independent Amount parameter in standard industry documentation. ICA may change in response to factors such as the value of the collateral or a change in the number of transactions in the netting set, but (unlike variation margin) not in response to the value of the transactions it secures.
- •A long settlement transaction is one in which a counterparty undertakes to deliver a security, commodity, or foreign exchange amount against cash, other financial instruments, or commodities at a contractually specified settlement or delivery date that exceeds the market standards for settlement or delivery of the particular instrument, or if that settlement date is more than five business days from the date the transaction is initiated.
- •The margin period of risk for a derivatives contract is the length of time from the last exchange of collateral covering a netting set until transactions with a defaulting counterparty can be closed out and the resulting risk re-hedged.
- •Margined transactions are those in which variation margin is exchanged between counterparties; other transactions are un-margined.
- •Net Current Value (NCV) for a netting set is the total current market value of all transactions (which may be negative) minus the net value of any collateral held by a bank, after application of any collateral haircuts.
- •The net independent collateral amount (NICA) is the difference between the ICA posted by a counterparty and any ICA posted by the bank for that counterparty, excluding any collateral that the bank has posted to a segregated, bankruptcy remote account.
- •Netting by novation refers to a netting arrangement in which any obligation between two counterparties to deliver a given currency on a given value date is automatically combined with all other obligations for the same currency and value date, legally substituting one single amount for the previous gross obligations.
- •A netting set is a group of contracts with a single counterparty subject to a legally enforceable agreement for net settlement, and satisfying all of the conditions for netting sets specified in this Standard.
- •Potential Future Exposure (PFE) is an estimate of the potential increase in exposure to counterparty credit risk against which regulatory capital must be held.
- •A Qualifying Central Counterparty (QCCP) is a CCP that meets certain qualification requirements articulated in this Standard.
- •The remaining maturity of a derivative transaction is the time remaining until the latest date at which the contract may still be active. If a derivative contract has another derivative contract as its underlying (for example, a swaption) and may be physically exercised into the underlying contract (that is, a bank would assume a position in the underlying contract in the event of exercise), then the remaining maturity of the contract is the time until the final settlement date of the underlying derivative contract. For a derivative contract that is structured such that any outstanding exposure is settled on specified dates and the terms are reset so that the fair value of the contract is zero, the remaining maturity equals the time until the next reset date.
- •Variation margin (VM) means margin in the form of cash or financial assets exchanged on a periodic basis between counterparties to recognize changes in contract value due to changes in market factors.
- •A volatility transaction is one in which the settlement amount of the contract depends on the level of volatility of a risk factor.
- •A bank’s position in a particular trade or transaction is long or long in the primary risk factor if the market value of the transaction increases when the value of the primary risk factor increases; alternatively, the position is short or short in the primary risk factor if the market value of the transaction decreases when the value of the primary risk factor increases.

III. Requirements for Counterparty Credit Risk (CCR)

Netting Sets
5.Banks must calculate RWA for CCR at the level of nettings sets for derivatives. Accordingly, a bank must group all exposures for each counterparty into one or more netting sets. In every such case where netting is applied, a bank must satisfy the Central Bank that it has:
- •A contract with the counterparty or other agreement that creates a single legal obligation, covering all included transactions, such that the bank would have either a claim to receive or obligation to pay only the net sum of the positive and negative mark-to-market values of included individual transactions in the event a counterparty fails to perform due to default, bankruptcy, liquidation, or similar circumstances.
- •Written and reasoned legal reviews that in the event of a legal challenge, the relevant courts and administrative authorities would find the bank’s exposure to be such a net amount under:
  - •The law of the jurisdiction in which the counterparty is chartered and, if the foreign branch of a counterparty is involved, then also under the law of the jurisdiction in which the branch is located;
  - •The law that governs the individual transactions; and
  - •The law that governs any contract or agreement necessary to affect the netting.
- •Procedures in place to ensure that the legal characteristics of netting arrangements are kept under review in light of the possible changes in relevant law.
6.The Central Bank, after consultation when necessary with other relevant supervisors, must be satisfied that the netting is enforceable under the laws of each of the relevant jurisdictions.

Exposure at Default and Risk-Weighted Assets
7.A bank must calculate RWA for CCR by (i) calculating the Exposure At Default (EAD) for each netting set associated with a counterparty, (ii) summing EAD across netting sets for that counterparty, (iii) calculating risk-weighted EAD by multiplying the total EAD for a counterparty by the risk-weight corresponding to the exposure class to which that counterparty belongs under general risk-based capital requirements, (iv) summing the resulting risk-weighted EAD across all counterparties within a given exposure class and (v) summing across exposure classes.
8.Banks must calculate EAD separately for each netting set, as the sum of the Replacement Cost (RC) of the netting set plus the calculated Potential Future Exposure (PFE) for the netting set, with the sum of the two multiplied by a factor of 1.4:
$E A D = (R C + P F E) \times 1.4$

9.Margined and un-margined netting sets require different calculation methods for RC and PFE. The EAD for a margined netting set is capped at the EAD of the same netting set calculated on an un-margined basis. That is, for a netting set covered by a margin agreement, the bank may calculate EAD as if the netting set is un-margined, and may use that value as the EAD if it is lower than the EAD calculation considering margin.
10.The time-period for the haircut applicable to non-cash collateral for the RC calculation should be one year for un-margined trades, and the relevant margin period of risk for margined trades.

Replacement Cost
11.Banks must calculate replacement cost at the netting set level. Calculations for margined and un-margined transactions differ.
12.Banks first must calculate the total current market value of the derivative contracts in the netting set. Banks may net transactions within a netting set that are subject to any legally valid form of bilateral netting, including netting by novation. Banks must then subtract from that total current market value the net value of collateral (after application of collateral haircuts) held by the bank for the netting set. The result is the Net Current Value (NCV) of the transactions in the netting set.
13.For un-margined transactions, RC for a netting set is equal to the NCV, provided the NCV is greater than zero. If that value is not greater than zero, RC equals zero.
14.For margined transactions, RC depends on the greatest exposure that would not trigger a call for variation margin, taking into account the mechanics of collateral exchanges in the margining agreements. That critical exposure level is equal to the threshold level of variation that would require a transfer of collateral, plus the minimum transfer amount of the collateral. The bank should subtract from that exposure amount the NICA, if any, to calculate the RC for margined transactions. However, the resulting RC may be no less than the RC if the netting set were un-margined. That is, for a margined netting set the RC is equal to the larger of the amount calculated according to this paragraph, or the RC for the same netting set if un-margined.
15.Bilateral transactions with a one-way margining agreement in favor of the bank’s counterparty (that is, where the bank posts margin but the counterparty does not) must be treated as un-margined transactions.
16.If multiple margin agreements apply to a single netting set, the bank must divide the netting set into sub-netting sets that align with each respective margin agreement, and calculate RC for each sub-netting set separately.

Potential Future Exposure
17.Calculation of PFE relies on computation of various “add-on” amounts, which are intermediate measures of exposure that are combined in various ways to compute PFE. The bank must calculate PFE for each netting set as a simple summation of the add-ons computed for each of the various asset classes within that netting set, multiplied by a multiplier that allows for recognition of excess collateral or negative mark-to-market value for the transactions. Requirements for calculation of the multiplier and the add-ons for each asset class are described below in this Standard.
18.The bank must allocate all derivatives transactions to one or more of the following asset classes based on the primary risk driver of the transaction:
- •Interest Rate Derivatives
- •Foreign Exchange Derivatives
- •Credit Derivatives
- •Equity Derivatives
- •Commodity Derivatives
19.As described in more detail below in this Standard, trades within each of these asset classes are further divided into hedging sets, and an aggregation method is applied to aggregate trade-level inputs at the hedging set level and finally at the asset class level. For derivative transactions within the credit, equity, and commodity asset classes, this aggregation involves a supervisory correlation parameter to capture important aspects of basis risk and diversification.

20.For trades that may have more than one risk driver (e.g. multi-asset or hybrid derivatives), banks must apply an analysis based on risk-driver sensitivities and volatility of the underlying reference price or rate to determine the existence of a dominant risk driver, and make the asset class allocation accordingly. When a derivative is materially exposed to risk drivers spanning more than one asset class, a bank must assign the position to each relevant asset class rather than to a single asset class, with appropriate delta adjustment. The Central Bank may direct banks to assign complex derivatives to multiple asset classes, regardless of analysis that the bank may or may not have conducted.
21.As is the case with Replacement Cost, if multiple margin agreements apply to a single netting set, the bank must divide the netting set into sub-netting sets that align with each respective margin agreement, and calculate the PFE for each sub-netting set separately.

Adjusted Notional Amount
22.Banks must calculate adjusted notional amounts from trade-level notional amounts for each transaction as described in this Standard.
23.For foreign exchange derivatives, the adjusted notional is defined as the notional of the foreign currency leg of the contract, converted to the domestic currency. If both legs of a foreign exchange derivative are denominated in currencies other than the domestic currency, the notional amount of each leg should be converted to the domestic currency, and the adjusted notional amount is equal to the value of the leg with the larger domestic currency value.
24.For equity and commodity derivatives, the adjusted notional is equal to the product of the current price of one unit of the stock or commodity and the number of units referenced by the trade. For equity and commodity volatility transactions, adjusted notional is equal to the product of the underlying volatility and the notional value of the transaction.
25.For interest rate derivatives and credit derivatives, the trade-level adjusted notional in units of domestic currency must be multiplied by a supervisory duration (SD) measure as follows:
1. a)First, the bank must determine the start date of the time period referenced by the interest rate or credit contract, and time that remains until that start date, measured in years; this is “S.” If the derivative references the value of another interest rate or credit instrument (as with a swaption or bond option), the time period is that of the underlying instrument. If the time-period referenced by the derivative has already started, the bank must set S to zero.
2. b)Next, the bank must determine the end date of the time period referenced by the interest rate or credit contract, and the time remaining until that end date, measured in years; this is “E.” If the derivative references the value of another interest rate or credit instrument (as with a swaption or bond option), the time period is that of the underlying instrument.
3. c)The bank then must compute SD for the transaction using the following formula, with the identified values of S and E based on the terms of the contract (where “exp” denotes the exponential function):
4. d)Finally, the bank calculates the adjusted notional amount for the transaction by multiplying the trade notional amount by the supervisory duration SD.
26.Banks also must apply the following rules when determining trade notional amounts, for transaction covered by the cases noted below:
1. a)For transactions with payoffs that are state contingent such as digital options or target redemption forwards, a bank must calculate the trade notional amount for each state, and use the largest resulting calculation.
2. b)If the notional is based on a formula that depends on market values, the bank must enter the current market values to determine the trade notional amount to be used in computing adjusted notional amount.
3. c)For variable notional swaps such as amortizing and accreting swaps, banks must use the average notional over the remaining life of the swap as the trade notional amount.
4. d)For leveraged swaps in which rates are multiplied by a factor, the bank must multiply the stated notional by the same factor to determine the trade notional amount.
5. e)For a derivative contract with multiple exchanges of principle, the bank must multiply the notional by the number of exchanges of principle in the derivative contract to determine the trade notional amount.

Supervisory Delta Adjustment and Effective Notional Amount

27.Banks must determine a supervisory delta adjustment for each transaction for use in calculations of effective notional amounts. Banks must apply supervisory delta adjustments at the trade level that reflect the direction of the transaction - that is, whether the position is long or short in the primary risk driver - and on whether the transaction is an option, CDO tranche, or neither. Supervisory delta adjustments are provided in Table 1.

Table 1: Supervisory Delta Adjustments

Type of Derivative Transaction	Supervisory Delta Adjustment
Purchased Call Option	F
Purchased Put Option	F-1
Sold Call Option	-F
Sold Put Option	1-F
Purchased CDO Tranche (Long Protection)	G
Sold CDO Tranche (Short Protection)	-G
Any Other Derivative Type, Long in the Primary Risk Factor	+1
Any Other Derivative Type, Short in the Primary Risk Factor	-1

Definitions for Table 1

For options:

In this expression, P is the current forward value of the underlying price or rate, K is the exercise or strike price of the option, T is the time to the latest contractual exercise date of the option, a is the appropriate supervisory volatility from Table 2, and 0 is the standard normal cumulative density function. A supervisory volatility of 50% should be used on swaptions for all currencies.

For CDO tranches:

In this expression, A is the attachment point of the CDO tranche and D is the detachment point of the CDO tranche.

Maturity Factor
28.Banks must determine a maturity factor (MF) for each transaction for use in calculations of effective notional amounts, with the specific calculation method for MF depending on whether the derivative transaction is margined or un-margined.
29.For un-margined transactions, the maturity factor must be set equal to 1.0, unless the remaining maturity of the derivative transaction is less than one year. If the remaining maturity is less than one year, the maturity factor for an un-margined transaction is computed as the square root of the remaining maturity expressed in years, on a business-day-count basis, as follows:

30.If an un-margined transaction has a remaining maturity of 10 business days or less, the bank must set the maturity factor equal to the square root of (10/250).
31.For margined transactions, the maturity factor MF must be based on the margin period of risk (MPOR) appropriate for the margining agreement containing the transaction, measured in days, and computed as follows:

32.The bank must determine MPOR based on the terms of the margined transaction, subject to the following minimums:
1. a)At least ten business days for non-centrally-cleared derivative transactions subject to daily margin agreements.
2. b)At least five business days for centrally cleared derivative transactions subject to daily margin agreements that clearing members have with their clients.
3. c)At least twenty business days for netting sets consisting of 5000 or more transactions that are not centrally cleared.
33.The bank must double the MPOR for netting sets that have experienced more than two margin call disputes over the previous two calendar quarters if those disputes were not resolved within a period corresponding to the MPOR that would otherwise be applicable.
Allocation of Transactions to Hedging Sets
34.Banks must allocate every transaction within each netting set to a hedging set according to the following rules for each asset class:
1. a)Interest Rate Derivatives: A hedging set must be created for each set of interest rate derivatives that reference interest rates of the same currency. Interest rate derivative hedging sets are further subdivided into maturity categories, as described below. In interest rate hedging sets, full offset is recognized between long and short positions within one maturity category, and partial offset across maturity categories. Note that the number of interest rate hedging sets may differ between different netting sets, depending on the number of distinct currencies.
2. b)Foreign Exchange Derivatives: A hedging set consists of derivatives that reference the same currency pair. Full offset is recognized between long and short positions in any currency pair. Note that the number of foreign exchange hedging sets may vary between different netting sets.
3. c)Credit Derivatives: All credit derivatives should be allocated to a single hedging set. Full offset is recognized between long and short positions referencing the same entity (name or index) within the hedging set.
4. d)Equity Derivatives: All equity derivatives should be allocated to a single hedging set. Full offset is recognized between long and short positions referencing the same entity (name or index) within the hedging set.
5. e)Commodity Derivatives: In the commodity asset class, separate hedging sets are used for energy, metals, agriculture, and other commodities. Full offset of long and short positions is recognized between derivatives referencing the same commodity type, while PFE add-on calculations provide partial offset between different commodity types within the same commodity hedging set.
35.Basis transactions and volatility transactions must form separate hedging sets within their respective asset classes.
1. a)All basis transactions in a netting set that belong to the same asset class and reference the same pair of risk factors form a single hedging set, and follow the hedging set aggregation rules for the relevant asset class. The bank must treat each pair of risk factors as a separate hedging set.
2. b)The bank must place all volatility transactions in a netting set into a distinct hedging set within the corresponding asset class, according to the rules of that asset class. For example, all equity volatility transactions within a netting set form a single volatility hedging set within that netting set.
Add-on for Interest Rate Derivatives
36.For interest rate derivatives, banks must assign each contract to one of three maturity categories based on the remaining life of the contract:
- •Maturity Category 1: Less than one year
- •Maturity Category 2: From one year to five years
- •Maturity Category 3: Greater than five years
37.The bank must then calculate the effective notional amount for each interest rate derivative hedging set (that is, for the set of interest rate derivatives in any single currency) by summing across transactions within a maturity category the product of the adjusted notional amount of the transaction, the maturity factor for the transaction, and the supervisory delta adjustment. That is, for each individual interest rate derivative within a maturity category in a single hedging set, the bank must calculate:
$Adjusted Notional Amount \times Supervisory Delta Adjustment \times MF$

and then sum that product across all interest rate derivatives in one maturity category in that hedging set to get the effective notional amount.
38.For each interest rate hedging set, the result will be three effective notional amounts, one for each maturity category: D1 for Category 1, D2 for Category 2, and D3 for Category 3. The bank may then combine these effective notional amounts from each maturity category using the following formula:

39.As an alternative, the bank may choose to combine the effective notional values as the simple sum of the absolute values for each of the three maturity categories within a hedging set, which has the effect of ignoring potential offsets. That is, as an alternative to the calculation above, the bank may calculate:
$| D 1 | + | D 2 | + | D 3 |$

40.Regardless of the approach used to combine the effective notional amounts, the bank must multiply the result of the calculation by the supervisory factor for the interest rate asset class from Table 2, and sum across all interest rate hedging sets to calculate the aggregate add-on for the interest rate asset class.
Add-on for Foreign Exchange Derivatives
41.For foreign exchange derivatives, banks must calculate the effective notional amount for each hedging set (that is, for the set of foreign exchange derivatives referencing a single currency pair) by summing across transactions within a hedging set the product of the adjusted notional amount of the transaction, the maturity factor for the transaction, and the supervisory delta adjustment. That is, for each individual foreign exchange derivative in a single hedging set (that is, referencing a single currency pair), the bank must calculate:
$Adjusted Notional Amount \times Supervisory Delta Adjustment \times MF$

and then sum that product across all foreign exchange derivatives in that hedging set to get the effective notional amount for the hedging set.
42.The bank must multiply the absolute value of the resulting effective notional amount for each hedging set (each currency pair) by the supervisory factor for the foreign exchange asset class from Table 2, and sum across all foreign exchange hedging sets to calculate the aggregate add-on for the foreign exchange asset class.
Add-on for Credit Derivatives
43.For credit derivatives, banks must calculate the effective notional amount for each entity (that is, for each set of credit derivatives referencing a single name or credit index) by summing, across all credit derivative transactions that reference that entity, the product of the adjusted notional amount of the transaction, the maturity factor for the transaction, and the supervisory delta adjustment. That is, for each individual credit derivative referencing any single entity, the bank must calculate:
$Adjusted Notional Amount \times Supervisory Delta Adjustment \times MF$

for each transaction and then sum that product across all credit derivatives that reference that entity to get the effective notional amount for the entity.
44.The bank must calculate the entity-level add-on by multiplying the result of this calculation by the appropriate supervisory factor from Table 2, depending on the rating of the entity (for single-name derivatives) or depending on whether the index is investment grade or speculative grade (for index derivatives).
45.For credit derivatives that reference unrated single-name entities, the bank should use the Supervisory Factor corresponding to BBB rated entities. However, where the entity has an elevated risk of default, banks should use the Supervisory Factor corresponding to BB rated entities. For credit index entities, the classification into investment grade or speculative grade should be determined based on the credit quality of the majority of the individual components of the index.
46.The bank must use the entity-level add-ons to calculate the add-on for the credit derivative hedging set. This is done through a calculation based on the use of supervisory correlation factors from Table 2. Specifically, the bank must calculate the add-on for the credit derivative hedging set by calculating:

where A_i is the entity-level add-on for one entity (each “i” is a different entity, either single-name or index), and
ρ_i is the supervisory correlation (either 0.5 or 0.8) for that entity.
47.Note that credit derivatives that are basis or volatility transactions must be treated in separate hedging sets within the credit derivatives asset class, with adjustments to supervisory factors as required under this Standard. In that case, the add-on for the credit derivatives asset class is the sum of the hedging set add-on calculated above, plus add-ons for any basis or volatility hedging sets.
Add-on for Equity Derivatives
48.For equity derivatives, banks must calculate the effective notional amount for each entity (that is, for each set of equity derivatives referencing a single name or equity index) by summing, across all equity derivatives transactions that reference that entity, the product of the adjusted notional amount of the transaction, the maturity factor for the transaction, and the supervisory delta adjustment. That is, for each individual equity derivative referencing any single entity, the bank must calculate:
$Adjusted Notional Amount \times Supervisory Delta Adjustment \times MF$

for each transaction and then sum that product across all equity derivatives that reference that entity to get the effective notional amount for the entity.
49.The bank must calculate the entity-level add-on by multiplying the result of this calculation by the appropriate supervisory factor from Table 2.
50.The bank must use the entity-level add-ons to calculate the add-on for the equity derivative hedging set. This is done through a calculation based on the use of supervisory correlation factors from Table 2 for single-name equities and equity indexes. Specifically, the bank must calculate the add-on for the equity derivative hedging set by calculating:
where,
A_i is the entity-level add-on for one entity (each “i” is a different entity, either single-name or index), and
ρ_i is the supervisory correlation for that entity from Table 2.
51.Note that equity derivatives that are basis or volatility transactions must be treated in separate hedging sets within the equity derivatives asset class, with adjustments to supervisory factors as required under this Standard. In that case, the add-on for the equity derivatives asset class is the sum of the hedging set add-on calculated above, plus add-ons for any basis or volatility hedging sets.
Add-on for Commodity Derivatives
52.For the commodity asset class, a bank must assign each commodity derivative to one of the four hedging sets: energy, metals, agriculture, or other. The bank should also define one or more commodity types within each hedging set, and assign each derivative transaction to one of those commodity types. Long and short trades within a single commodity type can be fully offset.
53.The bank must establish appropriate governance processes for the creation and maintenance of the list of defined commodity types that are used for CCR calculations. These types should have clear definitions stated in written policies, and independent internal review or validation processes should ensure that the commodity types are applied properly. Internal review and validation processes also should determine that commodities grouped as a single type are in fact reasonably similar. Only commodity types established through adequately controlled internal processes may be used.
54.Banks must calculate the effective notional amount for each commodity type (that is, for each set of commodity derivatives that reference commodities of the same type) by summing, across all transactions that reference that commodity type, the product of the adjusted notional amount of the transaction, the maturity factor for the transaction, and the supervisory delta adjustment. That is, for each individual commodity derivative referencing any single commodity type, the bank must calculate:
$Adjusted Notional Amount \times Supervisory Delta Adjustment \times MF$

for each transaction and then sum that product across all commodity derivatives that reference that commodity type to get the effective notional amount for the commodity type.
55.The bank must calculate the add-on for each commodity type by multiplying the result of this calculation by the appropriate supervisory factor from Table 2.
56.The bank must use the add-ons for each commodity type to calculate the add-on for each hedging set (energy, metals, agriculture, and other). This is done through a calculation using the supervisory correlation factor for commodity derivatives. Specifically, the bank must calculate the add-on for each of the four commodity derivative hedging sets by calculating:

where ρ is the supervisory correlation factor for commodity derivatives,
and A_i is the add-on for one commodity type within the hedging set (each “i” is a different commodity type within a given hedging set).
57.Note that commodity derivatives that are basis or volatility transactions must be treated in separate hedging sets within the commodity derivatives asset class, with adjustments to supervisory factors as required under this Standard.
58.The add-on for the commodity derivatives asset class is the sum of the four hedging set add-ons as calculated above (some of which may be zero if the bank has no derivatives within one of the four hedging sets), plus corresponding add-ons for any basis or volatility hedging sets.
59.Commodity hedging sets have been defined in this Standard without regard to other potentially important characteristics of commodities, such as location and quality. For example, the energy hedging set contains commodity types such as crude oil, electricity, natural gas, and coal. The Central Bank may require a bank to use more refined definitions of commodity types if the Central Bank determines that the bank is significantly exposed to the basis risk of different products within any bank-defined commodity type.

Supervisory Factors, Correlations, and Volatilities

60.Table 2 provides the values of Supervisory Factors, correlations, and supervisory option volatilities for use with each asset class and subclass.

61.For any basis transaction hedging set, the Supervisory Factor applicable to its relevant asset class or sub-class must be multiplied by 0.5.

62.For any volatility transaction hedging set, the Supervisory Factor applicable to its relevant asset class or sub-class must be multiplied by 5.0.

Table 2: Supervisory Factors, Correlations, and Volatilities

Asset Class	Hedging Sets	Subclass	Supervisory Factor	Correlation	Supervisory Option Volatility
Interest Rate	One hedging set for each currency		0.50%	N/A	50%
Foreign Exchange	One hedging set for each currency pair		4.00%	N/A	15%
Credit, Single Name	One hedging set for all credit derivatives	AAA AA A BBB BB B CCC	0.38% 0.38% 0.42% 0.54% 1.06% 1.60% 6.00%	50%	100%
Credit, Index	One hedging set for all credit derivatives	Investment Grade Speculative Grade	0.38% 1.06%	80%	80%
Equity, Single Name	One hedging set for all equity derivatives	Single Name	32.00%	50%	120%
Equity, Index	One hedging set for all equity derivatives	Index	20.00%	80%	75%
Commodity	Energy	Electricity Other Energy	40.00% 18.00% 18.00% 18.00% 18.00%	40%	150% 70% 70% 70% 70%
	Metals	Metals
	Agriculture	Agriculture
	All other	All other

PFE Multiplier
63.For each netting set, the bank must compute a PFE multiplier and multiply the sum of the asset class add-ons for the netting set by that multiplier. The bank must calculate the PFE multiplier using the NCV and the aggregate add-on for the netting set (AddOn_agg) according to the following formula (where “exp” denotes the exponential function):

64.Consistent with international regulatory standards, the Floor for this calculation is established at the level of 0.05 (5%) under this Standard.
65.If the PFE multiplier for a netting set is greater than 1.0 when calculated according to the formula above (which generally occurs when NCV>0), the bank should set the PFE multiplier equal to 1.0 when calculating PFE. Note that NCV is the same as the calculation of RC for un-margined transactions, but without the limitation of a lower bound of zero (that is, NCV can be negative).

Margin Agreements Covering Multiple Netting Sets
66.If a single margin agreement applies to several netting sets, so that collateral is exchanged based on mark-to-market values that are netted across all transactions covered under the margin agreement irrespective of netting sets, calculations of both RC and PFE are affected as described in this Standard. Special treatment is necessary because it is problematic to allocate the common collateral to individual netting sets.
67.A bank must compute a single combined RC for all netting sets covered by the margin agreement. Combined RC is the sum of two elements, each of which must be no less than zero. The first element is equal to the un-margined current exposure the bank has to the counterparty, aggregated across all netting sets covered by the margin agreement, less the cash equivalent value of any collateral available to the bank at the time (including both VM and _NICA) if the bank is a net holder of collateral. The second term is added only when the bank is a net provider of collateral, and is equal to the current net value of the posted collateral, reduced by the un-margined current exposure of the counterparty to the bank aggregated across all netting sets covered by the margin agreement.
68.The bank must calculate PFE for transactions subject to a single margin agreement covering multiple netting sets as if those transactions were un-margined, with the resulting calculations of PFE for each netting set then aggregated through summation. Both the multiplier and the PFE add-on should be calculated as if the transactions were un-margined.

IV. Requirements for Bank Exposures to Central Counterparties
69.The Financial Stability Board has determined that central clearing of over-the-counter derivatives reduces global systemic risk. Accordingly, the Central Bank assigns lower risk weights to bank exposures to central counterparties (CCPs) that meet certain standards for qualification, as described below for Qualifying Central Counterparties (QCCPs).
70.Banks must treat exposures to non-qualifying CCPs as they would treat exposures to any other non-qualifying counterparty. If a CCP being treated as a QCCP ceases to qualify as a QCCP, exposures to that former QCCP may continue to be treated as though they were QCCP exposures for a period of three months, unless the Central Bank requires otherwise. After the three-month period, the bank’s exposures to such a CCP must be treated as bilateral counterparty credit exposures.

Qualifying Central Counterparties
71.For a counterparty entity to be considered a QCCP for purposes of this Standard, the entity must meet the following conditions:
- •Be licensed to operate as a CCP and permitted to operate as such by the appropriate regulator or overseer with respect to the products that are centrally cleared.
- •Provide UAE banks with the information required to calculate RWA for any default fund exposures to the CCP according to the requirements stated in this Standard.
- •Be based and prudentially supervised in a jurisdiction where the relevant regulator or overseer has established and publicly indicated that domestic rules and regulations consistent with the CPMI-IOSCO Principles for Financial Market Infrastructures apply to the CCP on an ongoing basis. For CCPs in jurisdictions that do not have a CCP regulator applying the Principles to the CCP, the Central Bank may make a determination regarding whether the CCP meets the requirements for treatment as a QCCP.
72.A bank must have robust internal procedures to identify specific CCPs that qualify for treatment as QCCPs under this Standard. The internal identification process should reflect the conditions stated above in this Standard, and produce evidence the bank then provides to the Central Bank to demonstrate that a specific CCP meets the conditions for qualification. A bank may not treat any CCP as a QCCP for capital purposes unless and until the Central Bank reviews the bank’s determination and indicates no objection.

Exposures to QCCPs
73.A bank must calculate RWA for exposures to QCCPs to reflect credit risk due to trade exposures (either as a clearing member of the QCCP or as a client of a clearing member), posted collateral, and default fund contributions. If a bank’s combined RWA for trade exposures to a QCCP and default fund contribution for that QCCP is higher than would apply for those same exposures if the QCCP were a non-qualifying CCP, the bank may treat the exposures as if the QCCP was non-qualifying.
Trade exposures to the QCCP
74.A risk weight of 2% applies to a bank’s trade exposure to the QCCP where the bank as a clearing member of the QCCP trades for its own account. The risk weight of 2% also applies to trade exposures to the QCCP arising from clearing services the bank provides to clients where the bank is obligated to reimburse those clients for losses in the event that the QCCP defaults.
75.In general, a bank must calculate exposure amounts for trade exposures to QCCPs as for other derivatives exposure under this Standard. Banks must use a minimum MPOR of 10 days for the calculation of trade exposures to QCCPs on over-the-counter derivatives. Where QCCPs retain variation margin against certain trades and the member collateral is not protected against the insolvency of the QCCP, the minimum horizon applied to the bank’s QCCP trade exposures must be the lesser of one year and the remaining maturity of the transaction, with a floor of 10 business days.
Treatment of posted collateral
76.Any assets or collateral posted to the QCCP by the bank must receive the banking book or trading book treatment it would receive under the capital adequacy framework, regardless of the fact that such assets have been posted as collateral. Where the entity holding such assets or collateral is the QCCP, a risk-weight of 2% applies to collateral included in the definition of trade exposures. The relevant risk-weight of the QCCP will apply to assets or collateral posted for other purposes.
77.A risk weight of zero applies to all collateral (including cash, securities, other pledged assets, and excess initial or variation margin) posted by the clearing member that is held by a custodian and is bankruptcy remote from the QCCP. Collateral posted by a client that is held by a custodian and is bankruptcy remote from the QCCP, the bank, and other clients of the bank is not subject to a CCR capital requirement.
78.Where a bank posts assets or collateral (either as a clearing member or on behalf of a client) with a QCCP or a clearing member, and the assets or collateral is not held in a bankruptcy remote manner, the bank must recognize credit risk based upon the creditworthiness of the entity holding such assets or collateral. Posted collateral not held in a bankruptcy remote manner must be accounted for in the NICA term for CCR calculations.
Default fund exposures
79.A bank’s default fund contributions as a clearing member of a QCCP must be included in the bank’s calculation of risk-weighted assets. Certain inputs required for the RWA calculation must be provided to the bank by the QCCP, its supervisor, or some other body with access to the required data, as described below. Provision of the necessary inputs is a condition for CCP qualification.
80.Risk-weighted assets for the bank’s default fund contributions should be calculated as:

where
- •RW is a risk weight of 20% unless the Central Bank determines that banks must apply a higher risk weight, for example to reflect a QCCP membership composed of relatively high-risk members;
- •DF_M is the bank’s total pre-funded contributions to the QCCP’s default fund;
- •DF is the total value of the QCCP’s default fund, including its own funds and the prefunded contributions from members; and
- •EAD is the sum of the QCCP’s exposure to all clearing members accounts, including clearing members’ own transactions, client transactions guaranteed by clearing members, and the value of all collateral held by the QCCP against those transactions (including clearing members’ prefunded default fund contributions) prior to exchange of margin in the final margin call on the date of the calculation. This exposure should include the exposure arising from client sub-accounts to the clearing member’s proprietary business where clearing members provide client-clearing services and the client transactions and collateral are held in separate (individual or omnibus) subaccounts.
81.However, if the RWA from the calculation above is less than 2% of the amount of the bank’s pre-funded contributions to the default fund, then the bank must set RWA equal to 2% of its pre-funded contributions to the default fund, which is 2%×DFM.
82.Exposure to each clearing member for the QCCP’s EAD calculation is the bilateral CCR trade exposure the QCCP has to the clearing member as calculated under this Standard, using MPOR of 10 days. All collateral held by a QCCP to which that QCCP has a legal claim in the event of the default of the member or client, including default fund contributions of that member, is used to offset the QCCP’s exposure to that member or client for the PFE multiplier. If the default fund contributions of the member are not split with regard to client and sub-accounts, they must be allocated to sub-accounts according to the initial margin of that sub-account as a fraction of the total initial margin posted by or for the account of the clearing member.
83.If clearing member default fund contributions are segregated by product types and only accessible for specific product types, the RWA calculation must be performed for each specific product giving rise to counterparty credit risk. Any contributions by the bank to prepaid default funds covering settlement-risk-only products should be risk-weighted at 0%. If the QCCP’s own prefunded resources cover multiple product types, the QCCP must allocate those funds to each of the calculations, in proportion to the respective product-specific EAD.
84.However, where a default fund is shared between products or types of business with settlement risk only (such as equities and bonds) and products or types of business which give rise to counterparty credit risk, all of the default fund contributions receive the risk weight determined above, without apportioning to different classes or types of business or products.
85.Banks must apply a risk weight of 1250% to default fund contributions to a non-qualifying CCP. For the purposes of this paragraph, the default fund contributions of such banks will include both the funded contributions and any unfunded contributions for which the bank could be liable upon demand by the CCP.
86.As a requirement for QCCP qualification, the CCP, its supervisor, or another body with access to the required data must calculate and provide values for EAD, D_FM, and DF in such a way to permit the supervisor of the CCP to oversee those calculations, and must share sufficient information about the calculation results to permit banks to calculate capital requirements for their exposures to the default fund, as well as to permit the Central Bank to review and confirm such calculations. The information must be provided at least quarterly, although the Central Bank may require more frequent calculations in the event of material changes, such as material changes to the number or size of cleared transactions, material changes to the financial resources of the QCCP, or initiation by the QCCP of clearing of a new product.
Clearing member exposures to clients
87.A bank as a clearing member of a QCCP must treat its exposure to clients as bilateral trades, irrespective of whether the bank as clearing member guarantees the trade or acts as an intermediary between the client and the QCCP.
88.If a bank as a clearing member of a QCCP collects collateral from a client and passes this collateral on to the QCCP, the bank may recognize this collateral for both the exposure to the QCCP and the exposure to the client.
89.If a bank as a clearing member conducts an exchange-traded derivatives transaction on a bilateral basis with a client, it is treated as a bilateral counterparty credit risk exposure rather than a QCCP exposure. In this case, the bank can compute the exposure to the client using a margin period of risk, subject to a minimum MPOR of at least five days.
90.These requirements also apply to transactions between lower-level clients and higher-level clients in a multi-level client structure. (A multi-level client structure is one in which banks can centrally clear as an indirect client of a clearing member; that is, when clearing services are provided to the bank by an institution that is not a direct clearing member, but is itself a client of a clearing member or another clearing client.)
Bank exposures as a client of clearing members
91.Where a bank is a client of a clearing member, and enters into a transaction with a clearing member who completes an offsetting transaction with the QCCP, of if a clearing member guarantees QCCP performance to the bank as a client, the bank’s exposures to the clearing member may be treated as trade exposures to the QCCP with a risk weight of 2% if the conditions below are met. (This also applies to exposures of lower-level clients to higher- level clients in a multi-level client structure, provided that for all intermediate client levels the two conditions below are met.)
- •Condition 1: Relevant laws, regulation, rules, contractual, or administrative arrangements make it highly likely that, in the event that the clearing member defaults or becomes insolvent, the offsetting transactions with the defaulted or insolvent clearing member would continue to be indirectly transacted through or by the QCCP, and that client positions and collateral with the QCCP would be transferred or closed out at market value.
- •Condition 2: Offsetting transactions are identified by the QCCP as client transactions, and collateral to support them is held by the QCCP and/or the clearing member under arrangements that prevent any losses to the client due to the default or insolvency of either the clearing member or other clients of the clearing member, or of a joint default or insolvency of the clearing member and any of its other clients.
92.Where a bank is a client of the clearing member and the two conditions above are not met, the bank must treat its exposures to the clearing member as an ordinary bilateral exposure under this Standard, not a QCCP exposure. If the two conditions above are met with the exception of the requirement regarding joint default or insolvency of the clearing member and any of its other clients, a 4% risk weight must be applied instead of 2%.
93.A bank must have conducted sufficient legal review (and undertake such further review as necessary to ensure continuing enforceability) and have a well-founded basis to conclude that, in the event of legal challenge, the relevant courts and administrative authorities would find that such arrangements mentioned above would be legal, valid, binding and enforceable under the relevant laws of the relevant jurisdictions. Upon the insolvency of the clearing member, there should be no legal impediment (other than the need to obtain an appropriate court order) to the transfer of the bank’s collateral to one or more surviving clearing members or to the bank or the bank’s nominee.
94.The treatment described here also applies to exposures resulting from posting of collateral by the bank as a client of a clearing member that is held by the QCCP on the bank’s behalf but not on a bankruptcy remote basis.
95.If a bank conducts an exchange-traded derivatives transaction on a bilateral basis with a clearing member as a client of that clearing member, the transaction is treated as a bilateral counterparty credit risk exposure, not a QCCP exposure. The same applies to transactions between lower-level clients and higher-level clients in a multi-level client structure.

Requirements for Bank Risk Management Related to QCCPs
96.The fact that a CCP qualifies as a QCCP does not relieve a bank of the responsibility to ensure that it maintains adequate capital to cover the risk of its exposures. Where the bank is acting as a clearing member, the bank should assess whether the level of capital held against exposures to a QCCP adequately addresses the inherent risks of those transactions through appropriate scenario analysis and stress testing.
97.A bank must monitor and report to its senior management and Board, or an appropriate committee of the Board, on a regular basis all of its exposures to QCCPs, including exposures arising from trading through a QCCP and exposures arising from QCCP membership obligations such as default fund contributions.

V. Review Requirements
98.Bank calculations for Counterparty Credit Risk under this Standard and associated bank processes must be subject to appropriate levels of independent review and challenge. Reviews must cover material aspects of the calculations under this Standard, including but not limited to the determination of netting sets, the assignment of individual transactions to asset classes and hedging sets, the application of supervisory parameters, the definition of commodity types, the treatment of complex derivatives transactions, and the identification of QCCPs.

VI. Shari’ah Implementation
99.Banks offering Islamic financial services that use Shari’ah Compliant alternatives to derivatives approved by their internal Shari’ah control committees should calculate the risk weighted asset (RWA) to recognize the exposure amounts for counterparty credit risk (CCR) as a result of obligations arising from terms and conditions of contracts and documents of those Shari’ah compliant alternatives in accordance with provisions set out in this standard/guidance and in the manner acceptable by Shari’ah. This is applicable until relevant standards and/or guidance in respect of these transactions are issued specifically for banks offering Islamic financial services.

VI. Credit Valuation Adjustment (CVA)

I. Introduction
1.This Standard articulates specific requirements for the calculation of the risk- weighted assets (RWA) for Credit Valuation Adjustment (CVA) risk for banks in the UAE. It is based closely on requirements of the framework for capital adequacy developed by the Basel Committee on Banking Supervision, specifically the Standardized Approach for CVA as articulated in Basel III: A global regulatory framework for more resilient banks and banking systems, December 2010 (rev June 2011), and subsequent clarifications thereto by the Basel Committee.
2.This Standard covers all derivative transactions except those transacted directly with a central counterparty. In addition, it covers all securities financing transactions (SFTs) that are subject to fair-value accounting, unless the Central Bank concludes that the bank's CVA loss exposures arising from fair-valued SFTs are not material. The CVA capital calculation encompasses a bank's CVA portfolio, which includes the bank's entire portfolio of covered transactions as well as eligible CVA hedges.
3.This Standard formulates capital adequacy requirements that needs to be applied to all banks in UAE on a consolidated basis.

II. Definitions
In general, terms in this Standard have the meanings defined in other Regulations and Standards issued by the Central Bank. In addition, for this Standard, the following terms have the meanings defined in this section.
1. (a)Credit Default Swap (CDS): A financial swap agreement in which the seller of the CDS agrees to compensate the buyer in the event of a default or other credit event by the reference obligor in exchange for a series of payments during the life of the CDS.
2. (b)Contingent CDS: A CDS in which one or more aspects of the payout are contingent on both the occurrence of a credit event and some other event specified in the contract, such as the level of or change in a particular market variable.
3. (c)Credit Valuation Adjustment (CVA): Reflects the adjustment of default risk-free prices of derivatives due to a potential default of the counterparty. Regulatory CVA may differ from CVA used for accounting purposes. Unless explicitly specified otherwise, the term CVA in this document means regulatory CVA.
4. (d)CVA portfolio: Includes all CVA hedges that meet the eligibility requirements stated in these Standards, as well as all covered transactions.
5. (e)CVA Risk: Defined as the risk of losses arising from changing CVA values in response to changes in counterparty credit spreads and market risk factors that drive prices of derivative transactions.
6. (f)Derivatives Transactions: Transactions concerning financial contracts that are traded in the Market, their values are dependent on the value of the financial assets underlying such contracts - such as commodities, indexes, currencies or any other financial products considered as such by the Central Bank.
7. (g)Qualified Financial Contract: Any financial agreement, contract or transaction, including any terms and conditions incorporated by reference in any such financial agreement, contract or transaction, pursuant to which payment or delivery obligations are due to be performed at a certain time or within a certain period of time and whether or not subject to any condition or contingency excluding securities and commodities or any other agreement, contract or transaction as notified by the Central Bank at any time.
8. (h)Securities Financing Transactions (SFTs): Transactions such as repurchase agreements, reverse repurchase agreements, security lending and borrowing, and margin lending transactions, where the value of the transactions depends on market valuations and the transactions are often subject to margin agreements.

III. Requirements
Banks are required to calculate RWA for CVA as a multiple of capital for CVA risk calculated as specified in these Standards. The calculation relies on regulatory measures of counterparty credit risk exposure, and recognizes the impact of differences in maturity, as well as adjustments to reflect certain common hedging activities that banks use to manage CVA risk. The relevant requirements are described in this Standard.

A. Counterparty Exposure for CVA Calculations
4.A bank must use a measure of exposure at default (EAD) for each counterparty to calculate CVA capital for the CVA portfolio. For derivatives exposures, the bank must use the EAD for each counterparty as calculated under the Central Bank's Counterparty Credit Risk Standard (the CCR Standard), including any effects of collateral or offsets per that Standards.
5.For SFTs, the bank must use the measure of counterparty exposure as calculated for the leverage ratio exposure measure. For that measure, the EAD for SFTs is calculated as current exposure without an add-on for potential future exposure, with current exposure calculated as follows:
1. (a)Where a qualifying master netting agreement (MNA) is in place, the current exposure (E*) is the greater of zero and the total fair value of securities and cash lent to a counterparty for all transactions included in the qualifying MNA (>Ei), less the total fair value of cash and securities received from the counterparty for those transactions (>Ci). This is illustrated in the following formula:
  E* = max {0, [∑E_i − ∑C_i]}
  where E* = current exposure,
  ∑E_i = total fair value of securities and cash lent to counterparty “i” and
  ∑C_i = total fair value of securities and cash received from “i”.
2. (b)Where no qualifying MNA is in place, the current exposure for transactions with a counterparty must be calculated on a transaction-by-transaction basis – that is, each transaction is treated as its own netting set, as shown in the following formula:
  E* = max {0, [E − C]}
  where E* = current exposure,
  E = total fair value of securities and cash lent in the transaction, and
  C = total fair value of securities and cash received in the transaction.

B. CVA Hedges
6.To qualify as an eligible CVA hedge for purposes of the CVA capital calculation, hedge transactions must meet the eligibility requirements stated here:
1. (a)The hedge instrument must be an index CDS, or a single-name CDS, single-name contingent CDS, or equivalent hedging instrument that directly references the counterparty being hedged; and
2. (b)The transaction must be a component of the bank's CVA risk management program, entered into with the intent to mitigate the counterparty credit spread component of CVA risk and managed by the bank in a manner consistent with that intent.
7.Eligible hedges that are included in the CVA calculation as CVA hedges are excluded from a bank's market risk capital calculations. A bank must treat transactions that are not eligible as CVA hedges as they would any other similar instrument for regulatory capital purposes.

C. CVA Capital Calculation
8.The bank must calculate the discounted counterparty exposure for each counterparty by multiplying the total EAD for the counterparty as calculated under these Standards by a supervisory discount factor (DF) for each netting set that reflects notional weighted-average maturity of the counterparty exposures:

where
${EAD}_{i}^{Total}$ is the sum of the EADs for all of the exposures to counterparty “i” within the netting set,
M_i is the weighted average maturity for the netting set for counterparty “i”, using notional values for the weighting.
If the bank has more than one netting set with a counterparty, the bank should perform this calculation for each netting set with that counterparty separately, and sum across the netting sets.
9.For any eligible single-name hedges for the counterparty, the bank computes the discounted value of the hedges, again using a supervisory discount factor that depends on the maturity of the hedge:
where
H_i is the notional value of a purchased eligible single-name hedge referencing counterparty ‘i’ and used to hedge the CVA risk,
M_h is the maturity of that hedge instrument.
If the bank has more than one instrument hedging single-name CVA risk for the counterparty, the bank should sum the discounted values of the individual hedges within each netting set.
10.For each counterparty, the bank should calculate single-name exposure (SNE) as the discounted counterparty exposure minus the discounted value of eligible single-name CVA hedges. With a single netting set and single hedge instrument, this calculation is:

11.With multiple netting sets for the counterparty (for EAD) or multiple-single name hedge instruments (for H), the corresponding terms in the SNE calculation would be the summations for the given counterparty as required above.
12.If the bank uses single-name hedging only, the bank must use SNE for its counterparties to calculate CVA capital using the following formula:

where Wi is the risk weight applicable to counterparty "i" from Table 1.
13.Each counterparty must be assigned to one of the seven rating categories in Table 1, based on the external credit rating of the counterparty. When a counterparty does not have an external rating, the bank should follow the approach used in the CCR Standard for credit derivatives that reference unrated entities. A bank should map alternative rating scales to the ratings in Table 1 based on an analysis of historical loss experience for each rating grade.
Table 1: Risk Weights for CVA Capital Calculation
Rating Risk Weight
AAA 0.7%
AA 0.7%
A 0.8%
BBB 1.0%
BB 2.0%
B 3.0%
CCC 10.0%

14.If the bank also uses index hedges for CVA risk management, the CVA capital calculation is modified to include an additional reduction in systematic risk according to the following formula:

where
H_ind is the notional of an eligible index hedge instrument used to hedge CVA risk,
M_ind is the maturity of that index hedge, and
other variables are as defined above in this Standard.
The summation is taken across all index hedges. To determine the applicable risk weight for any index hedge, the bank should determine the risk weight from Table 1 that would apply to each component of the index, and use the weighted-average of these risk weights as Wind, with weights based on the notional composition of the index.
15.An alternative version of the full calculation (including index hedges) that gives the same result, but without the intermediate step of calculating SNE, is the following:

16.For any counterparty that is also a constituent of an index referenced by a CDS used for hedging CVA risk, the bank may, with supervisory approval, subtract the notional amount attributable to that single name within the index CDS (as based on its reference entity weight) from the index CDS notional amount (Hind), and treat that amount within the CVA capital calculation as a single-name hedge (Hi) of the individual counterparty with maturity equal to the maturity of the index.

D. Risk-Weighted Assets
17.A bank must determine the RWA for CVA by multiplying K as calculated above by the factor 12.5:
$CVA RWA = K \times 12.5$

E. Simple Alternative Approach
18.Any bank with aggregate notional amount of covered transactions less than or equal to AED 400 billion may choose to set the bank's CVA RWA equal to its RWA for counterparty credit risk as computed under the CCR Standard. If the bank chooses this approach, it must be applied to all of the bank's covered transactions. In addition, a bank adopting this simple approach may not recognize the risk-reducing effects of CVA hedges. A bank meeting the requirements for using the Simple Alternative may choose to use either the Simple Alternative or the general CVA requirements, and may change that choice at any time with the approval of the Central Bank.

IV. Review Requirements
19.Bank calculations for CVA risk under these Standard and associated bank processes must be subject to appropriate levels of independent review and challenge. Reviews must cover material aspects of the calculations under these Standards, including but not limited to determination of eligible hedges, determination of maturities and amounts, mapping of counterparties to risk weights based on credit rating, and the CVA capital calculation.

V. Shari’ah Implementation
20.Banks offering Islamic financial services that use Shari’ah Compliant alternatives to derivatives and Securities financing transactions (SFTs) approved by their internal Shari’ah control committees should calculate the risk weighted asset (RWA) for Credit Valuation Adjustment (CVA) of these Shari’ah compliant alternatives in accordance with provisions set out in this standard/guidance and in the manner acceptable by Shari’ah. This is applicable until relevant standards and/or guidance in respect of these transactions are issued specifically for banks offering Islamic financial services

VII. Equity Investments in Funds

I. Introduction
1.This Standard articulates specific capital requirements for equity investments in funds held in the banking book by UAE Banks. It is based closely on requirements of the framework for capital adequacy developed by the Basel Committee on Banking Supervision (BCBS), specifically as articulated in Capital requirements for banks’ equity investments in funds, (BCBS 266, published December 2013).
2.This Standard formulates capital adequacy requirements that needs to be applied to all banks in UAE on a consolidated basis.
The requirements apply to all equity investments by banks in all types of funds that are held in the banking book (in-scope equity positions), including off-balance sheet exposures such as unfunded commitments to subscribe to a fund’s future capital calls. The requirements do not apply to exposures, including underlying exposures held by the fund, that would be deducted from capital under the Central Bank’s Guidance re Capital Supply.
3.This Standard requires banks to calculate risk-weighted assets (RWA) for any fund in which the bank has an in-scope equity position, with RWA calculated as if the bank held the fund’s exposures directly rather than indirectly through investment in the fund. Banks are required to use a hierarchy of three successive approaches with varying degrees of risk sensitivity and conservatism, as described below in these Standards. This Standard also incorporates a leverage adjustment to RWA to reflect a fund’s leverage appropriately. These requirements are discussed below in these Standards.
4.The Standards follow the calibration developed by the Basel Committee, which includes a maximum risk weight of 1250%, calibrated on a total capital adequacy requirement of 8%. The UAE instituted a higher minimum capital requirement of 10.5% (excluding capital buffers), applicable to all licensed banks. Consequently, the maximum capital charge for a single exposure will be the lesser of the value of the exposure after applying valid credit risk mitigation, netting and haircuts, and the capital resulting from applying a risk weight of 952% (reciprocal of 10.5%) to this exposure.

II. Definitions
In general, terms used in this Standard have the meanings defined in other Regulations and Standards issued by the Central Bank. In particular, for this Standard, the following terms have the meanings defined in this section.
1. a.Credit Valuation Adjustment (CVA) reflects the adjustment of default risk-free prices of derivatives due to a potential default of the counterparty. Regulatory CVA may differ from CVA used for accounting purposes. Unless explicitly specified otherwise, the term CVA in this document means regulatory CVA.
2. b.CVA Risk is defined as the risk of losses arising from changing CVA values in response to changes in counterparty credit spreads and market risk factors that drive prices of derivative transactions.
3. c.Fund is a financial vehicle, whether established inside or outside the UAE, engaged in the activity of receiving investors' money for the purpose of investment against the issue of fund units of equal value and rights. This includes, but is not limited to, mutual funds, private equity funds and hedge funds, open-end funds, closed-end funds, debt funds and hedge funds.
4. d.Mandate means instruction to manage a pool of capital, or a particular pile of funds, using a specific strategy and within certain risk parameters.
5. e.Potential Future Exposure (PFE) is an estimate of the potential increase in exposure to counterparty credit risk against which a bank must hold regulatory capital.

III. Requirements

A. Approaches
5.Banks must treat in-scope equity positions in a manner consistent with one or more of the following three approaches: the “look-through approach”, the “mandate-based approach” and the “fall-back approach”.
1.Look-through approach (LTA)
6.The look-through approach (LTA) requires a bank to risk weight the underlying exposures of a fund as if the bank held the exposures directly. LTA must be used by a bank when:
1. (iii)there is sufficient and frequent information provided to the bank regarding the underlying exposures of the fund to determine the applicable risk weights and exposure amounts; and
2. (iv)such information is subject to verification by an independent third party.
7.To satisfy condition (i) above, the frequency of financial reporting of the fund must be the same as, or more frequent than, the financial reporting obligation of the bank, and the granularity of the financial information must be sufficient to calculate the corresponding risk weights and exposure amounts without requiring an external audit. To satisfy condition (ii) above, there must be verification of the underlying exposures by an independent third party, such as a depository or custodian bank or, where applicable, a fund management company.
8.Under the LTA, a bank must risk weight all underlying exposures of a fund as if the bank held those exposures directly. This includes, for example, any underlying exposure arising from the fund’s derivatives activities and the counterparty credit risk (CCR) exposure associated with those derivatives. However, instead of determining the applicable credit valuation adjustment (CVA) capital associated with the fund’s derivatives exposures, a bank should instead increase the CCR exposure by 50 percent (that is, multiply the CCR exposure by a factor of 1.5) before applying the risk weight associated with the counterparty. Banks are not required to apply the 1.5 factor to transactions for which the CVA capital charge would not otherwise be applicable, such as those conducted directly with central counterparties.
9.Banks may rely on third-party calculations to determine the risk weights associated with equity investments in funds (that is, the underlying risk weights of the exposures of the fund) if they cannot obtain adequate data or information themselves to perform the calculations. In such cases, however, the bank must increase the resulting risk weight by 20 percent (that is, multiplied by a factor of 1.2) relative to the risk weight that would be applicable if the bank held the exposure directly.
10.Banks should use the risk weights from the LTA to compute RWA for the fund. After calculating the RWA for a fund according to the LTA, banks must calculate the average risk weight for that fund (Avg RW_fund) by dividing the total RWA of the fund by the total (unweighted) assets of the fund.
2.Mandate-based approach (MBA)
11.Banks should use the second approach, the mandate-based approach (MBA), only when the conditions for applying the LTA are not met. Banks should use the information contained in a fund’s mandate or in the relevant regulations governing such investment funds to perform a conservative calculation of the applicable risk weights for the assets of the fund.
12.Under the MBA, on-balance-sheet exposures (that is, the fund’s assets) are risk weighted assuming that the underlying portfolios are invested to the maximum extent allowed under the fund’s mandate in assets that would attract the highest risk weights, and then progressively in other assets that attract lower risk weights. If more than one risk weight could be applied to a given exposure, the bank should use the highest applicable risk weight.
13.The notional amount of derivative exposures and off-balance-sheet items should be risk-weighted according to the requirements of the risk-based capital standards.
14.Banks should calculate the CCR exposure associated with a fund’s derivative positions in accordance with the Central Bank’s Standard for Counterparty Credit Risk Capital. If replacement cost cannot be determined, the bank should use the notional amount of the derivative as the replacement cost. If the Potential Future Exposure (PFE) cannot be determined, the bank should use an amount equal to 15 percent of the notional value as the PFE.
15.As with the LTA, banks should account for CVA Risk on derivatives by increasing the CCR exposure by 50 percent (that is, multiply the CCR exposure by a factor of 1.5) before applying the risk weight associated with the counterparty. Banks are not required to apply the 1.5 factor for transactions to which the CVA capital charge would not otherwise be applicable, such as those conducted directly with central counterparties.
16.As with the LTA, after calculating the RWA for a fund according to the MBA, banks must calculate the average risk weight for that fund (Avg RW_fund) by dividing the RWA of the fund by the total (unweighted) assets of the fund.
3.Fall-back approach (FBA)
17.When the conditions for applying either the LTA or the MBA are not met, banks are required to apply the FBA, under which Avg RW_fund for a bank’s investment in the fund is set equal to 1250 percent.

B. Partial use of the Approaches
18.A bank may use a combination of the three approaches when determining the capital requirements for an equity investment in an individual fund, with one approach applied to a portion of the fund’s exposures and one or more other approaches applied to the fund’s other exposures. The requirements for each approach as articulated under this Standard must be met for any portions of the fund to which the LTA or MBA are applied. RWA calculations from each applied approach should be added together with the sum then divided by the total fund assets to compute Avg RW_fund.

C. Treatment of Funds That Invest in Other Funds
19.When a bank has an investment in one fund (e.g., Fund A) that itself has an investment in another fund (e.g., Fund B), the risk weight applied to the investment holding of the first fund (that is, Fund A’s investment in Fund B) should be determined by using the same three approaches set out above (LTA, MBA, and FBA). If fund investments are further layered (for example, if Fund B has investments in a Fund C), the risk weights applied to the additional layers of investment (that is, Fund B’s investment in Fund C) can be determined using the LTA, but only if the LTA was also used for determining the risk weight for the investment in the fund at the previous layer (Fund A’s investment in Fund B). Otherwise, the bank must apply the FBA to the additional investment layers.

D. Exclusions to the LTA, MBA and FBA
20.Equity holdings in entities whose debt obligations qualify for a zero risk weight can be excluded from the LTA, MBA and FBA approaches (including government sponsored entities where a zero risk weight can be applied), at the discretion of the UAE Central Bank. If the UAE Central Bank makes such exclusion, this will be available to all banks.
21.The UAE Central Bank may, in its absolute discretion, change the risk weighting of debt obligations from time to time as it finds necessary.

E. Leverage Adjustment
22.When determining the risk weight for a bank’s equity investment in a fund, a bank must apply a leverage adjustment to the average risk weight of the fund as calculated above.
23.Leverage for a fund is calculated as the ratio of total fund assets (not risk weighted) to total fund equity. Under the LTA, this ratio should be calculated from the information obtained on the fund’s asset holdings and financing. Under the MBA, banks should assume the maximum financial leverage permitted in the fund’s mandate, or the maximum permitted under the regulations governing the fund.

F. RWA for Equity Investments in Funds
24.Banks must calculate the risk weight to be applied to their equity investments in any fund as the product of the fund’s average risk weight and the fund’s leverage:
Risk Weight = Avg RW_fund × Leverage
where Avg RW_fund = the average risk-weight for the fund’s assets as calculated under this Standard, and
Leverage = the fund’s leverage as measured by the fund’s ratio of assets to equity as calculated under this Standard.
25.The risk weight for a bank’s equity investment in any fund is subject to a cap of 1250 percent. If the calculation described in the paragraph above produces a result in excess of 1250 percent, the bank should use the maximum risk weight of 1250 percent instead.
26.Banks should compute the RWA for their investments in funds by multiplying the amount of the equity investment in a given fund by the risk weight calculated as described in this Standard, based on Avg RW_fund and the leverage of the fund determined according to this Standard.

IV. Review Requirements
27.Bank calculations of risk-weighted assets for equity investments in funds under this Standard must be subject to appropriate levels of independent review by third parties and challenge. Reviews must cover associated bank processes including the identification of in-scope equity positions, determination of the appropriate approach under the hierarchy of approaches, and the processes for collection of information about the funds’ exposures or mandates, as well as material aspects of the calculations under this Standard, including but not limited to the risk weights applied to the underlying exposures (including on-balance-sheet, off-balance-sheet and derivative exposures as well as PFE), the average risk weights for funds and the calculation of fund leverage.

V. Shari’ah Implementation
28.Banks offering Islamic financial services that use Shari’ah-Compliant Equity Investment in Funds held in the banking book which is approved by their internal Shari’ah control committees should calculate the relevant risk weighted asset (RWA) in line with this standard and guidelines, to accordingly maintain the appropriate amount of capital, in accordance with the provisions set out in this standard and guidance in a manner acceptable by Shari’ah. This is applicable until relevant standards and/or guidelines in respect of these transactions are issued specifically for banks offering Islamic financial services.

VIII. Securitisation

I. Introduction
1.This Standard provides requirements for risk-based capital for securitisation-related exposures in the banking book for banks in the UAE. It is based closely on requirements of the securitisation framework for capital adequacy developed by the Basel Committee on Banking Supervision (BCBS), specifically as articulated in Revisions to the securitisation framework, (BCBS 374, published December 2014, revised July 2016).
2.The Central Bank securitisation framework aims to ensure that banks in the UAE adopt practices to manage the risks associated with securitisation, and to ensure that banks hold sufficient regulatory capital against the associated credit risk.
3.Regulatory capital is required for banks’ securitisation exposures, including those arising from the provision of credit risk mitigants to a securitisation transaction, investments in asset-backed securities, retention of subordinate tranches, and extension of liquidity facilities or credit enhancements, as set forth below.
4.This Standard formulates capital adequacy requirements that needs to be applied to all banks in UAE on a consolidated basis. Banks must apply the Central Bank securitisation framework for determining regulatory capital requirements on banking book exposures arising from traditional and synthetic securitisations or similar structures. Banks should consult with Central Bank when there is uncertainty about whether a given transaction should be considered a securitisation.
5.The Standards follow the calibration developed by the Basel Committee, which includes a maximum risk weight of 1250%, calibrated on a total capital adequacy requirement of 8%. The UAE instituted a higher minimum capital requirement of 10.5% (excluding capital buffers), applicable to all licensed banks. Consequently, the maximum capital charge for a single exposure will be the lesser of the value of the exposure after applying valid credit risk mitigation, netting and haircuts, and the capital resulting from applying a risk weight of 952% (reciprocal of 10.5%) to this exposure.

II. Definitions
In general, terms in this Standard have the meanings defined in other Regulations and Standards issued by the Central Bank. In addition, for this Standard, the following terms have the meanings defined in this section.
1. a)asset-backed commercial paper (ABCP) program is a structure that issues commercial paper to third-party investors and is backed by assets or other exposures held in a bankruptcy-remote, special purpose entity;
2. b)Clean-up call is an option that permits securitisation exposures to be called before all of the underlying exposures or have been repaid. In the case of a traditional securitisation, this generally is accomplished by repurchasing the remaining securitisation exposures once the pool balance or outstanding securities have fallen below some specified level. In the case of a synthetic transaction, a clean-up call may take the form of a clause that extinguishes the credit protection;
3. c)credit enhancement is a contractual arrangement in which a bank or other entity retains or assumes a securitisation exposure and, in substance, provides some degree of added protection to other parties to the transaction;
4. d)credit-enhancing interest-only strip is an on-balance sheet asset that (i) represents a valuation of cash flows related to excess spread, and (ii) is subordinated;
5. e)early amortization provision is a mechanism that, once triggered, accelerates the reduction of the investor’s interest in the underlying exposures of a securitisation of revolving credit facilities and allows investors to be receive pay-outs prior to the originally stated maturity of the securities issued;
6. f)excess spread (or future margin income) is total gross finance charge collections and other income received by the trust or special purpose entity (SPE) minus certificate interest, servicing fees, charge-offs, and other senior trust or SPE expenses;
7. g)implicit support is support provided by a bank to a securitisation in excess of its explicit contractual obligations;
8. h)originating bank is a bank that meets either of the following conditions with regard to a particular securitisation:
  1. a.the bank originates directly or indirectly underlying exposures included in the securitisation; or
  2. b.the bank serves as a sponsor of an asset-backed commercial paper conduit or similar program that acquires exposures from third-party entities; in the context of such programs, a bank would generally be considered a sponsor and, in turn, an originator if it, in fact or in substance, manages or advises the program, places securities into the market, or provides liquidity and/or credit enhancements;
9. i)pool is the underlying exposure or group of exposures that are the underlying instruments being securitized; these may include but are not restricted to the following: loans, commitments, asset-backed and mortgage-backed securities, corporate bonds, equity securities, and private equity investments;
10. j)resecuritisation exposure is a securitisation exposure in which the risk associated with an underlying pool of exposures is tranched and at least one of the underlying exposures is a securitisation exposure. In addition, an exposure to one or more resecuritisation exposures is a resecuritisation exposure. An exposure resulting from re-tranching of a securitisation exposure is not a resecuritisation exposure if the bank is able to demonstrate that the cash flows to and from the bank could be replicated in all circumstances and conditions by an exposure to the securitisation of a pool of assets that contains no securitisation exposures;
11. k)securitisation is the creation of a contractual structure under which the cash flow from an underlying pool of exposures is used to service at least two different stratified risk positions or tranches reflecting different degrees of credit risk;
12. l)securitisation exposure is a bank exposure to a securitisation, which may include but are not restricted to the following: asset-backed securities, mortgage-backed securities, repurchased securitisation exposures, credit enhancements, liquidity facilities, interest rate or currency swaps, credit derivatives, tranched cover, and reserve accounts, such as cash collateral accounts, recorded as an asset by the originating bank;
13. m)securitisation of revolving credit facilities is a securitisation in which one or more underlying exposures represent, directly or indirectly, current or future draws on a revolving credit facility, including but not limited to credit card exposures, home equity lines of credit, commercial lines of credit, and other lines of credit;
14. n)senior securitisation exposure is a securitisation exposure (such as a tranche) that is effectively backed or secured by a first claim on the entire amount of the assets in the underlying securitized pool. Different maturities of several senior tranches that share pro rata loss allocation shall have no effect on the seniority of these tranches, since they benefit from the same level of credit enhancement;
15. o)Special purpose entity (SPE) is corporation, trust, or other entity organized for a specific purpose, the activities of which are limited to those appropriate to accomplish the purpose of the SPE, and the structure of which is intended to isolate the SPE from the credit risk of an originator or seller of exposures in a securitisation. Exposures commonly are sold to an SPE in exchange for cash or other assets funded by debt that is issued by the SPE;
16. p)simple, transparent, and comparable (STC) securitisations are less-complex securitisations that meet the requirements for simplicity, transparency, and comparability specified in the Appendix below in this Standard;
17. q)synthetic securitisation is a structure with at least two different stratified risk positions or tranches that reflect different degrees of credit risk where credit risk of an underlying pool of exposures is transferred, in whole or in part, through the use of funded instruments (e.g., credit-linked notes) or unfunded credit derivatives or guarantees (e.g., credit default swaps) that serve to hedge the credit risk of the portfolio, such that the risk to investors depends on the performance of the underlying pool;
18. r)traditional securitisation is a securitisation that is neither a synthetic securitisation nor a resecuritisation; and
19. s)Tranche is a set of securities issued as part of a securitisation with a common priority claim on a common underlying pool of assets or exposures.
The Central Bank may modify these definitions pursuant to a circular or otherwise.

III. Operational Requirements for The Recognition Of Risk Transference

A. Operational Requirements for Traditional Securitisations
6.An originating bank may exclude underlying exposures from the calculation of risk-weighted assets only if all of the following conditions for risk transference have been met.
1. a.Significant credit risk associated with the underlying exposures has been transferred to third parties.
2. b.Banks should obtain legal opinion that confirms true sale, that the transferor does not maintain effective or indirect control over the transferred exposures; that is, that the exposures are legally isolated from the transferor in such a way (e.g., through the sale of assets or through sub-participation) that the exposures are put beyond the reach of the transferor and its creditors, even in bankruptcy or receivership.
3. c.The transferor is not able to repurchase from the transferee the previously transferred exposures in order to realize their benefits and is not obligated to retain the risk of the transferred exposures.
4. d.The securities issued are not obligations of the transferor. Thus, investors who purchase the securities only have a claim on the underlying exposures.
5. e.The transferee is an SPE and the holders of the beneficial interests in that entity have the right to pledge or exchange them without restriction.
6. f.Clean-up calls satisfy the conditions set out in Section D below.
7. g.The securitisation does not contain clauses that (i) require the originating bank to alter the underlying exposures such that the pool’s credit quality is improved unless this is achieved by selling exposures to independent and unaffiliated third parties at market prices; (ii) allow for increases in a retained first-loss position or credit enhancement provided by the originating bank after the transaction’s inception; or (iii) increase the yield payable to parties other than the originating bank, such as investors and third-party providers of credit enhancements, in response to a deterioration in the credit quality of the underlying pool.
8. h.There are no termination options or triggers except eligible clean-up calls meeting the requirements of Section D below, termination for specific changes in tax and regulation, or early amortization provisions that result in the securitisation transaction failing the operational requirements set out in Section D below.
9. i.Such other conditions as the Central Bank shall provide after notification to banks pursuant to a circular or otherwise.
Banks meeting these above conditions must still hold regulatory capital against any exposure they retain under the securitisation.
7.The transferor’s retention of servicing rights to the exposures does not in itself constitute indirect control of the exposures.

B. Operational Requirements for Synthetic Securitisations
8.For synthetic securitisations, the use of credit risk mitigation (CRM) techniques (i.e., collateral, guarantees and credit derivatives) for hedging the underlying exposure may be recognized for risk-based capital purposes only if the conditions outlined below are satisfied:
1. a.Credit risk mitigants comply with the requirements set out for CRM in the Central Bank’s Standard for Credit Risk.
2. b.Eligible collateral is limited to that specified as eligible under in the Central Bank’s Standards for Credit Risk (eligible collateral pledged by SPEs may be recognized).
3. c.Eligible guarantors are as defined in the Central Bank’s Standard for Credit Risk (SPEs are not considered to be eligible guarantors).
4. d.Significant credit risk associated with the underlying exposures is transferred by the bank to third parties.
5. e.Instruments used to transfer credit risk do not contain terms or conditions that limit the amount of credit risk transferred.
6. f.The bank obtains a legal opinion that confirms the enforceability of the contract.
7. g.Such other conditions as the Central Bank shall provide after notification to banks pursuant to a circular or otherwise.
9.Clean-up calls for synthetic securitisations also must satisfy the conditions set out in Section D below. If a synthetic securitisation incorporates a call (other than a clean-up call) that effectively terminates the transaction and the purchased credit protection on a specific date, the bank should treat this as required under the Central Bank’s Standard for Credit Risk for CRM maturity mismatch. This requirement does not apply to synthetic securitisations that are assigned a risk weight of 1250%.

C. Operational Requirements for Securitisations Containing Early Amortisation Provisions
10.A transaction is deemed to fail the operational requirements for traditional or synthetic securitisations stated above in this Standard if the bank originates or sponsors a securitisation transaction that includes one or more revolving credit facilities, and the securitisation transaction incorporates an early amortization or similar provision that, if triggered, would:
1. i.Subordinate the bank’s senior or pari passu interest in the underlying revolving credit facilities to the interest of other investors;
2. ii.Subordinate the bank’s subordinated interest to an even greater degree relative to the interests of other parties;
3. iii.In other ways increases the bank’s exposure to losses associated with the underlying revolving credit facilities; or
4. iv.Not satisfy any conditions as set by the Central Bank after notification to banks pursuant to a circular or otherwise.
11.If a transaction contains one of the following examples of an early amortization provision but otherwise meets the operational requirements for traditional or synthetic securitisations stated above in this Standard, the originating bank may exclude the underlying exposures associated with such a transaction from the calculation of risk-weighted assets, but must still hold regulatory capital against any securitisation exposures they retain in connection with the transaction:
1. a.Replenishment structures where the underlying exposures do not revolve and early amortization terminates the ability of the bank to add new exposures;
2. b.Transactions with revolving credit facilities containing early amortization features that mimic term structures (i.e., where the risk on the underlying revolving credit facilities does not return to the originating bank) and where the early amortization provision does not effectively result in subordination of the originator’s interest;
3. c.Structures where a bank securitizes one or more revolving credit facilities and where investors remain fully exposed to future drawdowns by borrowers even after an early amortization event has occurred; or
4. d.The early amortization provision is triggered solely by events not related to the performance of the underlying assets or the selling bank, such as material changes in tax laws or regulations.

D. Operational Requirements and Treatment of Clean-Up Calls
12.For securitisation transactions that include a clean-up call, no capital shall be required due to the presence of a clean-up call if the following conditions are met:
1. a.The exercise of the clean-up call is not mandatory, in form or in substance, but rather is at the discretion of the originating bank;
2. b.The clean-up call is not structured to avoid allocating losses to credit enhancements or positions held by investors or otherwise structured to provide credit enhancement; and
3. c.The clean-up call is exercisable only when 10% or less of the original underlying portfolio or securities issued remains, or, for synthetic securitisations, when 10% or less of the original reference portfolio value remains.
4. d.Such other conditions as the Central Bank shall provide after notification to banks pursuant to a circular or otherwise.
13.Securitisation transactions that include a clean-up call that does not meet all of the criteria stated in the immediately preceding paragraph result in a capital requirement for the originating bank. For a traditional securitisation, the bank must treat the underlying exposures as if they were not securitized. Additionally, banks must not recognize in regulatory capital any gain on sale. For synthetic securitisations, the bank purchasing protection must hold capital against the entire amount of the securitized exposures as if they did not benefit from any credit protection.
14.If a clean-up call, when exercised, is found to serve as a credit enhancement, the exercise of the clean-up call must be considered a form of implicit support provided by the bank, and must be treated as such in accordance with the requirements related to implicit support stated below in this Standard.

E. Operational Requirement for UAE Originating Banks
15.The following types of securitisations, if the originating bank is UAE based, will only be permitted in specific instances and require the Central Bank’s approval:
1. a.securitisation of revolving credit facilities
2. b.synthetic securitisation
3. c.resecuritisation exposure

IV. Due Diligence Requirements
16.A bank must meet all the requirements listed below to use any of the approaches specified in the Standard. If a bank does not perform the level of due diligence as described in this section, it must then assign a 1250% risk weight to any securitisation (or resecuritisation) exposure.
17.On an ongoing basis, the bank must have a comprehensive understanding of the risk characteristics of its individual securitisation exposures, whether on- or off-balance sheet, as well as the risk characteristics of the pools underlying its securitisation exposures. The extent of a bank’s due diligence should be appropriate to the nature and complexity of the bank’s securitisation related exposures. The bank should have in place effective internal policies, processes, and systems to ensure that the necessary due diligence activities are performed and should be able to demonstrate to the Central Bank that the due diligence analysis conducted is appropriate and effective.
18.Banks must be able to obtain performance information on the underlying pools on an ongoing basis in a timely manner. Such information may include, as appropriate: exposure type; percentage of loans 30, 60 and 90 days past due; default rates; prepayment rates; loans in foreclosure; property type; occupancy; average credit score or other measures of creditworthiness; average loan-to-value ratio; and industry and geographical diversification. For resecuritisations, banks should have information not only on the underlying securitisation tranches, such as the issuer name and credit quality, but also on the characteristics and performance of the pools underlying those securitisation tranches.
19.A bank must have a thorough understanding of all structural features of a securitisation transaction that would materially affect the performance of the bank’s exposures to the transaction, such as the contractual waterfall and waterfall-related triggers, credit enhancements, liquidity enhancements, market value triggers, and deal-specific definitions of default.

V. Treatment Of Securitisation Exposures

A. Calculation of Exposure Amounts and Risk-Weighted Assets
20.For regulatory capital purposes, the exposure amount of a securitisation exposure shall be calculated as the sum of the on-balance sheet amount of the exposure, or carrying value – taking into account purchase discounts and write-downs or specific provisions the bank took on this securitisation exposure – and any off-balance sheet exposure amount as applicable, in accordance with the requirements in the following paragraphs.
21.For credit risk mitigants sold or purchased by the bank, the exposure amount should be determined using the treatment of credit risk mitigation set out below in the section on treatment of credit risk mitigation in this Standard. For all off-balance-sheet facilities that are not credit risk mitigants, the bank should apply a credit conversion factor (CCF) of 100%.
22.For securitisation-related derivatives other than credit risk derivatives (such as interest rate or currency swaps sold or purchased as part of the securitisation), the Central Bank’s Standard on Counterparty Credit Risk should be used to calculate the exposure amount.
23.Banks shall compute the risk-weighted asset amount for a securitisation exposure by multiplying the exposure amount as defined in this section by the appropriate risk weight determined under one of the approaches discussed below in this Standard. Risk weight caps may apply, as described in the this Standard on risk-weight caps for securitisation.
24.Banks may adjust risk weights for overlapping exposures. An exposure A overlaps another exposure B if in all circumstances the bank can avoid any loss on exposure B by fulfilling its obligations with respect to exposure A. A bank may also recognize overlap between relevant capital charges for exposures in the trading book and securitisation exposures in the banking book, provided that the bank is able to calculate and compare the capital charges for the relevant exposures.
25.Banks must deduct from Common Equity Tier 1 any increase in equity capital resulting from a securitisation transaction, such as a gain on a sale associated with expected future margin income.

B. Approaches for Risk-Weighted Assets

26.Securitisation exposures are risk-weighted under one of two available approaches for securitisation, the Securitisation External Ratings-Based Approach (SEC-ERBA) or the Standardized Approach (SEC-SA). A bank must use SEC-ERBA if the exposure has an external credit assessment that meets the operational requirements for an external credit assessment, or an inferred rating that meets the operational requirements for inferred ratings. If a bank cannot use the SEC-ERBA, the bank must use the SEC-SA. Banks that are unable to apply either approach a securitisation exposure must assign such an exposure a risk weight of 1250%.

1.Calculation of Attachment and Detachment Points

27.Both the SEC-ERBA and the SEC-SA rely on the identification of attachment and detachment points for each securitisation tranche, which are decimal values between zero and one that capture the pool-loss conditions under which a securitisation exposure would experience losses due to the credit performance of the underlying pool of exposures.

28.The attachment point (A) represents the threshold (as a fraction of the pool’s total exposure) at which losses within the underlying pool would first be allocated to the securitisation exposure. The attachment point is calculated as:

(i) the outstanding balance of all underlying assets in the securitisation

minus

(ii) the outstanding balance of all tranches that rank senior or pari passu to the tranche that contains the securitisation exposure of the bank (including the exposure itself)

divided by

(ii) the outstanding balance of all underlying assets in the securitisation.

29.The detachment point (D) represents the threshold at which losses within the underlying pool result in a total loss of principal for the tranche in which a securitisation exposure resides. The detachment point is calculated as:

(i) the outstanding balance of all underlying assets in the securitisation

minus

(ii) the outstanding balance of all tranches that rank senior to the tranche that contains the securitisation exposure of the bank

divided by

(ii) the outstanding balance of all underlying assets in the securitisation.

30.Both A and D must be no less than zero.

31.For the calculation of A and D: (i) overcollateralization and funded reserve accounts must be recognized as tranches; and (ii) the assets forming these reserve accounts must be recognized as underlying assets. A bank can recognize only the loss-absorbing part of the funded reserve accounts that provide credit enhancement for this purpose. Unfunded reserve accounts, such as those to be funded from future receipts from the underlying exposures (e.g. unrealized excess spread) and assets that do not provide credit enhancement like pure liquidity support, currency or interest-rate swaps, or cash collateral accounts related to these instruments must not be included in the above calculation of A and D. Banks should take into consideration the economic substance of the transaction and apply these definitions conservatively.

2.External Ratings-Based Approach (SEC-ERBA)

32.For securitisation exposures that are externally rated, or for which a rating can be inferred as described below, risk-weighted assets under the SEC-ERBA will be determined by multiplying securitisation exposure amounts by the appropriate risk weights determined from Tables 1 and 2, provided that the following operational criteria for the use of external ratings are met:

a.The external credit assessments must take into account and reflect the entire amount of credit risk exposure the bank has with regard to all payments owed to it.
b.The external credit assessments must be from an eligible external credit assessment institution (ECAI) which is also approved by the Central Bank.
c.The rating must be published in an accessible form, such as on a public website or in a periodically distributed paper publication. Loss and cash flow analysis as well as sensitivity of ratings to changes in the underlying rating assumptions should be publicly available.
d.Eligible ECAIs must have a demonstrated expertise in assessing securitisations, which may be evidenced by strong market acceptance.

33.A bank may infer a rating for an unrated position from an externally rated “reference exposure” for purposes of the SEC-ERBA provided that the following operational requirements are satisfied:

a.The reference securitisation exposure must rank pari passu or be subordinate in all respects to the unrated securitisation exposure. Credit enhancements, if any, must be taken into account when assessing the relative subordination of the unrated exposure and the reference securitisation exposure.
b.The maturity of the reference securitisation exposure must be equal to or longer than that of the unrated exposure.
c.The inferred rating must be updated on an ongoing basis to reflect any subordination of the unrated position or changes in the external rating of the reference securitisation exposure.
d.The external rating of the reference securitisation exposure must satisfy the general requirements for recognition of external ratings as defined in this Standard.

34.Where CRM is provided to specific underlying exposures or to the entire pool by an eligible guarantor and the CRM is reflected in the external credit assessment of a securitisation exposure, banks should use the risk weight associated with that external credit assessment. In order to avoid any double-counting, no additional capital recognition is permitted. If the CRM provider is not recognized as an eligible guarantor, banks should treat the covered securitisation exposures as unrated.

35.In the situation where a credit risk mitigant solely protects a specific securitisation exposure within a given structure (e.g., an asset-backed security tranche) and this protection is reflected in the external credit assessment, the bank must treat the exposure as if it is unrated and then apply the CRM treatment specified in the Central Bank’s Standard for Credit Risk.

36.A bank is not permitted to use any external credit assessment for risk-weighting purposes where the assessment is based at least partly on unfunded support provided by the bank (such as a letter of credit provided by the bank that enhance the credit quality of the securitisation). If a bank buys ABCP where it provides an unfunded securitisation exposure extended to the ABCP program (e.g., liquidity facility or credit enhancement), and that exposure plays a role in determining the credit assessment on the ABCP, the bank must treat the ABCP as if it were not rated. The bank must continue to hold capital against the other securitisation exposures it provides (e.g., against the liquidity facility and/or credit enhancement).

37.For exposures with short-term ratings, or when an inferred rating based on a short-term rating is available, the risk weights in Table 1 apply unless otherwise notified by the Central Bank.

Table 1: SEC-ERBA risk weights for short-term ratings²

External credit assessment	A-1/P-1	A-2/P-2	A-3/P-3	All other ratings
Risk weight	15%	50%	100%	1250%

38.For exposures with long-term ratings, or with an inferred rating based on a long-term rating, risk weights are determined according to Table 2, after adjustment for tranche maturity as specified below and, for non-senior tranches, tranche thickness as specified below (unless otherwise notified by the Central Bank).

Table 2: SEC-ERBA risk weights for long-term ratings

(Subject to adjustment for tranche maturity and tranche thickness)

Rating	Senior		Non-senior (thin) tranche
	Tranche maturity (M_T)		Tranche maturity (M_T)
	1 year	5 years	1 year	5 years
AAA	15%	20%	15%	70%
AA+	15%	30%	15%	90%
AA	25%	40%	30%	120%
AA–	30%	45%	40%	140%
A+	40%	50%	60%	160%
A	50%	65%	80%	180%
A–	60%	70%	120%	210%
BBB+	75%	90%	170%	260%
BBB	90%	105%	220%	310%
BBB–	120%	140%	330%	420%
BB+	140%	160%	470%	580%
BB	160%	180%	620%	760%
BB–	200%	225%	750%	860%
B+	250%	280%	900%	950%
B	310%	340%	1050%	1050%
B–	380%	420%	1130%	1130%
CCC+/CCC/CCC–	460%	505%	1250%	1250%
Below CCC–	1250%	1250%	1250%	1250%

39.To account for tranche maturity, banks shall use tranche maturity (M_T) calculated as described below to derive the risk weight through linear interpolation between the risk weights for one year and five years from the table.

40.To account for tranche thickness, for non-senior tranches banks must multiply the risk weight derived from the table by a factor of 1-(D-A). However, the resulting risk weight must be no less than half the risk weight derived directly from the table based on maturity.

41.The risk weight is subject to a floor of 15%. In addition, the resulting risk weight should never be lower than the risk weight corresponding to a senior tranche of the same securitisation with the same rating and maturity.

Tranche maturity (M_T)

42.Tranche maturity is a tranche’s remaining effective maturity in years, calculated in one of the following two ways, subject to a floor of one year and a cap of five years:

(a)Weighted-average maturity, calculated as the weighted-average maturity of the contractual cash flows of the tranche:

where:

CF_t denotes the cash flows (principal, interest payments and fees) contractually payable by the borrower in period t; or

(b)Legal maturity, based on final legal maturity of the tranche as follows:

where M_L is the final legal maturity of the tranche in years.

43.Banks have discretion to choose either method to calculate tranche maturity. However, under the weighted-average maturity method, contractual payments must be unconditional and must not be dependent on the actual performance of the securitized assets. If such unconditional contractual payment dates are not available, the bank must use the legal maturity calculation.

44.When determining the maturity of a securitisation exposure, banks should take into account the maximum period of time they are exposed to potential losses from the securitized assets. In cases where a bank provides a commitment, the bank should calculate the maturity of the securitisation exposure resulting from this commitment as the sum of the contractual maturity of the commitment and the longest maturity of the assets to which the bank would be exposed after a draw has occurred. If those assets are revolving, banks should use the longest contractually possible remaining maturity of assets that might be added during the revolving period, rather than the longest maturity of the assets currently in the pool. An exception applies for credit protection instruments that are only exposed to losses that occur up to the maturity of that instrument. In such cases, a bank is allowed to apply the contractual maturity of the credit protection and is not required to look through to the protected position.

3.Standardized Approach (SEC-SA)

45.Under the SEC-SA, a bank calculates risk weights using a supervisory formula and the following bank-supplied inputs:

W : the ratio of delinquent underlying exposures to total underlying exposures in the securitisation pool;

K_SA : the capital charge that would apply to the underlying exposures had they not been securitized;

A : the tranche attachment point as defined above; and

D : the tranche detachment point as defined above.

46.K_SA is the weighted-average capital charge of the entire portfolio of underlying exposures, calculated as 8% multiplied by the average risk weight of the underlying pool exposures. The average risk weight is the total risk-weighted asset amount divided by the sum of the underlying exposure amounts. This calculation should take into account the effects of any credit risk mitigation applied to the underlying exposures (either individually or to the entire pool). K_SA is expressed as a decimal between zero and one; that is, a weighted-average risk weight of 100% means that K_SA would equal 0.08.

47.For structures involving an SPE, banks should treat all of the SPE’s exposures related to the securitisation as exposures in the pool, including assets in which the sPE may-have invested such as reserve accounts or cash collateral accounts, and claims against counterparties resulting from interest swaps or currency swaps. A bank can exclude exposures from the calculation if the bank can demonstrate to the Central Bank that the risk does not affect its particular securitisation exposure or that the risk is immaterial, for example because it has been mitigated.

48.In the case of funded synthetic securitisations, any proceeds of the issuances of credit-linked notes or other funded obligations of the sPE that serve as collateral for the repayment of the securitisation exposure in question, and which the bank cannot demonstrate to the Central Bank are immaterial, must be included in the calculation of K_SA if the default risk of the collateral is subject to the tranched loss allocation.

49.In cases where a bank has set aside a specific provision or has a non-refundable purchase price discount on an exposure in the pool, K_SA must be calculated using the gross amount of the exposure without the specific provision and/or non-refundable purchase price discount.

50.The variable W equals the ratio of the sum of the nominal amount of delinquent underlying exposures to the nominal amount of underlying exposures. Delinquent underlying exposures are defined as underlying exposures that are 90 days or more past due, subject to bankruptcy or insolvency proceedings, in the process of foreclosure, held as real estate owned, or in default, where default is defined within the securitisation deal documents.

51.The inputs K_SA and W are used as inputs to calculate K_A, as follows:

52.If a bank does not know the delinquency status of the entire pool, the bank should adjust the calculation of K_A as follows, using the relevant nominal amounts of exposures in the pool (denoted EAD below):

However, if the portion of the pool for which the bank does not know the delinquency status exceeds 5 percent of the total pool, the securitisation exposure must be risk weighted at 1250%.

53.The capital requirement per unit of the securitisation exposure under the SEC-SA is:

where:

$U = D - K_{A}$

$L = max [(A - K_{A}), 0]$

54.The supervisory parameter ρ is set equal to 1 for a securitisation exposure that is not a resecuritisation exposure. (See below for the case of resecuritisation exposures.)

55.The risk weight assigned to a securitisation exposure when applying the SEC-SA is calculated as follows:

•When D for a securitisation exposure is less than or equal to K_A, the exposure must be assigned a risk weight of 1250%.
•When A for a securitisation exposure is greater than or equal to K_A, the risk weight of the exposure, expressed as a percentage, is 12.5×K.

When A is less than K_A and D is greater than K_A, the applicable risk weight is a weighted average of 1250% and 12.5×K according to the following formula:

56.The risk weight for market-risk hedges such as currency or interest rate swaps shall be inferred from a securitisation exposure that is pari passu to the swaps or, if such an exposure does not exist, from the next subordinated tranche.

57.The SEC-SA risk weights are subject to a floor risk weight of 15%. Moreover, when a bank applies the SEC-SA to an unrated junior exposure in a transaction where the more senior tranches (exposures) are rated and no rating can be inferred for the junior exposure, the resulting risk weight under SEC-SA for the junior unrated exposure shall not be lower than the risk weight for the next more senior rated exposure.

² The rating designations used in this an all other tables are for illustrative purposes only, and do not indicate any preference for, or endorsement of, any particular external assessment system.

C. Risk Weight Caps for Securitisation Exposures
58.Banks may apply a “look-through” approach to senior securitisation exposures, whereby the risk weight for the senior securitisation exposure is at most equal to the exposure-weighted average risk weight applicable to the underlying pool exposures. To apply a maximum risk weight from this look-through approach, the bank must be able to know the composition of the underlying exposures at all times. For an originating or sponsor bank, capital requirements on securitisation exposures are capped at what the capital requirement would have been on the underlying exposures if they had not been securitized.
59.The maximum required capital ratio for the aggregate of a bank’s securitisation exposures to a given securitisation shall be computed as K_SA multiplied by P, where P is the largest proportion of interest the bank holds.
- •For a bank that has one or more securitisation exposures that reside in a single tranche of a given pool, P equals the proportion (expressed as a percentage) of securitisation exposure that the bank holds in that given tranche (calculated as the bank’s total exposure in the tranche) divided by the total nominal amount of the tranche.
- •For a bank that has securitisation exposures that reside in different tranches of a given securitisation, P equals the maximum proportion of interest across tranches, where the proportion of interest for each of the different tranches should be calculated as described above.
60.Where this risk-weight cap results in a lower risk weight than the floor risk weight of 15%, the bank should use the risk weight resulting from the cap.
61.In applying the capital charge cap, banks must deduct the entire amount of any gain on sale, and the amount of credit-enhancing interest-only strips arising from the securitisation transaction.
62.The caps described here do not apply to resecuritisation exposures.

VI. Treatment of Resecuritisation
For risk weighting of resecuritisation exposures, banks must apply only the SEC-SA as specified above (not the SEC-ERBA), with the following adjustments:
- •The capital requirement (K_SA) of the underlying securitisation exposures is calculated using the securitisation framework;
- •Delinquencies (W) are set to zero for any exposure to a securitisation tranche in the underlying pool; and
- •The supervisory parameter ρ is set equal to 1.5, rather than 1 as for securitisation exposures.
63.The resulting risk weight for resecuritisation exposures is subject to a minimum risk weight of 100%.
64.If the underlying portfolio of a resecuritisation consists partly of a pool of exposures to securitisation tranches and partly of other assets, banks should separate the exposures to securitisation tranches from exposures to assets that are not securitisations. Banks should calculate the K_A parameter separately for each individual subset. Separate W parameters should be applied to each subset, set to zero where the exposures are to securitisation tranches, or calculated according to this Standard for the subsets where the exposures are to assets that are not securitisation tranches. The K_A for the resecuritisation exposure is then the exposure-weighted average of the calculated K_A values for the separate subsets.

VII. Implicit Support
65.The originator shall not provide any implicit support to investors in a securitisation transaction.
66.When a bank provides implicit support to a securitisation, it must hold capital against all of the underlying exposures associated with the securitisation transaction as if they had not been securitized. Additionally, the bank is not permitted to recognize in regulatory capital any gain on sale. Furthermore, the bank is required to disclose publicly (a) that it has provided non-contractual support and (b) the capital impact of doing so.
67.Where a securitisation transaction contains a clean-up call and the clean up call can be exercised by the originator in circumstances where exercise of the clean up call effectively provides credit enhancement, the clean up call shall be treated as implicit support and the concerned securitisation transaction will attract the above prescriptions.

VIII. Treatment of Credit Risk Mitigation for Securitisation Exposures
68.A bank may recognize the following forms of purchased credit protection in accordance with the CRM framework when calculating capital requirements:
- •collateral eligible for CRM under the Central Bank’s Standard for Credit Risk, including collateral pledged by SPEs;
- •credit protection provided by eligible guarantors, but not including SPEs; and
- •Guarantees or credit derivatives that fulfil the requirements for CRM under the Central Bank’s Standard for Credit Risk.
69.When a bank provides full (or pro rata) credit protection to a securitisation exposure, the bank must calculate its capital requirements as if it directly holds the portion of the securitisation exposure on which it has provided credit protection, using the requirements of this Standard.
Tranched protection
70.With tranched credit protection, the original securitisation tranche is decomposed into protected and unprotected sub-tranches. A provider of tranched credit protection must calculate required capital as if directly exposed to the particular sub-tranche of the securitisation exposure on which it is providing protection, according to the capital requirements for securitisations under this Standard.
71.A buyer of tranched credit protection may recognize tranched protection on the guaranteed or protected portion according to the applicable CRM framework, provided that the conditions for recognition of credit risk mitigation are met.
72.For a bank using the SEC-SA for the original securitisation exposure, the parameters A and D should be calculated separately for each unprotected sub-tranche as if they were directly issued as separate tranches at the inception of the transaction.
73.For a bank using the SEC-ERBA for the original securitisation exposure, the relevant risk weights for the different sub-tranches are as follows:
- •For the sub-tranche of highest priority, the bank should use the risk weight of the original securitisation exposure.
- •For a sub-tranche of lower priority, if the bank can infer a rating from one of the subordinated tranches of the original transaction, the risk weight of the sub-tranche can be determined by applying the inferred rating for the SEC-ERBA, with the tranche thickness computed for the sub-tranche of lower priority only.
- •For a sub-tranche of lower priority where the bank cannot infer a rating, the risk weight for the sub-tranche of lower priority is the larger of (a) the SEC-SA risk weight with the parameters A and D calculated separately for each of the sub-tranches as if they were directly issued as separate tranches at the inception of the transaction, or (b) the SEC-ERBA risk weight of the original securitisation exposure prior to recognition of protection.
74.Under all approaches, a lower-priority sub-tranche must be treated as a non-senior securitisation exposure even if the original securitisation exposure prior to protection qualified as senior.
Maturity mismatches
75.A maturity mismatch exists when the residual maturity of a hedge is less than that of the underlying exposure.
76.In the case of a maturity mismatch on protection provided for a securitisation exposure, the banks should follow the approach to maturity mismatches specified in the Central Bank’s Standard for Credit Risk. When the exposures being hedged have different maturities, the longest maturity must be used.
77.Banks that synthetically securitize exposures held on their balance sheet by purchasing tranched credit protection must apply the maturity mismatch treatment specified in the Central Bank’s Standard for Credit Risk. When the exposures being hedged have different maturities, banks must use the longest maturity. However, for securitisation exposures that are assigned a risk weight of 1250%, maturity mismatches are not taken into account.

IX. Capital Treatment for STC Securitisation

A. Scope and Identification of STC Securitisations
78.For regulatory capital purposes, only the following types of exposures can be STC-compliant:
- •Exposures to non-ABCP, traditional securitisations that meet the criteria in Appendix 1 below.
- •Exposures to ABCP conduits and/or transactions financed by ABCP conduits, where the conduit and/or the transactions financed meet the criteria in Appendix 2 below.
79Synthetic securitisations, securitisation of revolving credit facilities and resecuritisations are not considered as STC-compliant.
80.STC treatment will not be applied if banks having investment in international securitisation

B. Compliance With the STC Criteria and the Additional Criteria for Capital Purpose and Oversight
81.The originator or sponsor must disclose to investors all necessary information at the transaction level to allow investors to determine whether the securitisation is STC-compliant. Based on the information provided by the originator or sponsor, the investor must make an assessment of the STC compliance status of the securitisation for regulatory capital purposes.
82.For retained positions where the originator has achieved significant risk transfer in accordance with the operational requirements of this Standard, the determination shall be made by the originator retaining the position.
83.STC criteria must be met at all times. Checking compliance with some of the criteria might only be necessary at origination (or at the time of initiating the exposure, in case of guarantees or liquidity facilities). Investors and holders of the securitisation positions are expected to take into account developments that may invalidate previous compliance assessments, for example deficiencies in the frequency and content of the investor reports, in the alignment of interest, or changes in the transaction documentation at variance with relevant STC criteria. For dynamic pools, the criteria should be checked every time assets are added to the pool.

C. Alternative Capital Treatment for STC-Compliant Securitisations

84.Securitisation transactions that are assessed as STC-compliant for capital purposes shall be subject to securitisation capital requirements as modified by this Standard. The resulting risk weights are subject to a floor risk weight of 10% for senior tranches, and 15% for non-senior tranches.

1.External Ratings-Based Approach for STC Securitisation Exposures

85.When the SEC-ERBA is used, for exposures with short-term ratings or an inferred rating based on a short-term rating, the risk weights in Table 3 apply.

Table 3: SEC-ERBA risk weights for STCs with short-term ratings

External credit assessment	A-1/P-1	A-2/P-2	A-3/P-3	All other ratings
Risk weight	10%	30%	60%	1250%

86.For STC exposures with long-term ratings, risk weights under SEC-ERBA are determined according to Table 4, with adjustments for tranche maturity and (for non-senior tranches) tranche thickness as discussed above in this Standard for non-STC exposures.

Table 4: SEC-ERBA risk weights for STCs with long-term ratings
(Subject to adjustment for tranche maturity and tranche thickness)

Rating	Senior		Non-senior (thin) tranche
	Tranche maturity (M_T)		Tranche maturity (M_T)
	1 year	5 year	1 year	5 year
AAA	10%	10%	15%	40%
AA+	10%	15%	15%	55%
AA	15%	20%	15%	70%
AA–	15%	25%	25%	80%
A+	20%	30%	35%	95%
A	30%	40%	60%	135%
A–	35%	40%	95%	170%
BBB+	45%	55%	150%	225%
BBB	55%	65%	180%	255%
BBB–	70%	85%	270%	345%
BB+	120%	135%	405%	500%
BB	135%	155%	535%	655%
BB–	170%	195%	645%	740%
B+	225%	250%	810%	855%
B	280%	305%	945%	945%
B–	340%	380%	1015%	1015%
CCC+/CCC/CC	415%	455%	1250%	1250%
Below CCC–	1250%	1250%	1250%	1250%

2.Standardized Approach for STC Securitisation Exposures

87.If a bank uses the SEC-SA for an STC securitisation exposure, the bank should set the supervisory parameter p equal to 0.5. The SEC-SA framework is otherwise unchanged for STC exposures.

X. Review Requirements
88.Bank calculations and associated bank processes related to capital requirements for securitisations under this Standard must be subject to appropriate levels of independent review and challenge. Reviews must cover material aspects of the calculations and processes under this Standard, including but not limited to the internal assessment and control process for the various operational requirements, calculation of exposure amounts for both on-balance-sheet and any off-balance-sheet securitisation-related exposures, calculation of tranche maturity and tranche thickness and the related risk-weight adjustments for the SEC-ERBA, and the calculation of all necessary parameters for the SEC-SA.

XI. Shari’ah Implementation
89.Banks offering Islamic financial services that use Shari’ah Compliant Securitisation Exposures held in the banking book which are approved by their internal Shari’ah control committees should manage the risks associated with securitisation and calculate the risk weighted asset (RWA) in line with this standard and guidance, to accordingly maintain the appropriate amount of capital, in accordance with the provisions set out in this standard and guidance in a manner acceptable by Shari’ah. This is applicable until relevant standards and/or guidance in respect of these transactions are issued specifically for banks offering Islamic financial service.

XII. Appendix

Appendix 1: Criteria for STC Exposures
This Appendix 1 provides criteria, as well as certain guidance and clarifications, for Simple, Transparent, and Comparable (STC) securitisation exposures, together with certain additional requirements that must be satisfied in order for a securitisation to receive alternative regulatory capital treatment. These criteria do not cover short-term securitisations such as ABCP conduits or similar programs; criteria for such short-term securitisations are covered in Appendix 2 below.

A. Asset risk
1.Nature of Assets

In simple, transparent and comparable securitisations, the assets underlying the securitisation should be credit claims or receivables that are homogeneous. In assessing homogeneity, consideration should be given to asset type, jurisdiction, legal system and currency.
As more exotic asset classes require more complex and deeper analysis, credit claims or receivables should have contractually identified periodic payment streams relating to rental,³ principal, interest, or principal and interest payments. Any referenced interest payments or discount rates should be based on commonly encountered market interest rates, but should not reference complex or complicated formulas or exotic derivatives as specified below.
Homogeneity
For capital purposes, the homogeneity of assets in the pool should be assessed taking into account the following principles:
- •The nature of assets should be such that investors would not need to analyse and assess materially different legal and/or credit risk factors and risk profiles when carrying out risk analysis and due diligence checks.
- •Homogeneity should be assessed on the basis of common risk drivers, including similar risk factors and risk profiles.
- •Credit claims or receivables included in the securitisation should have standard obligations, in terms of rights to payments and/or income from assets and that result in a periodic and well-defined stream of payments to investors. Credit card facilities should be deemed to result in a periodic and well-defined stream of payments to investors for the purposes of this criterion.
- •Repayment of noteholders should mainly rely on the principal and interest proceeds from the securitized assets. Partial reliance on refinancing or re-sale of the asset securing the exposure may occur provided that re-financing is sufficiently distributed within the pool and the residual values on which the transaction relies are sufficiently low and that the reliance on refinancing is thus not substantial.
Commonly encountered market interest rates
The term “commonly encountered market interest rates” should be understood to encompass rates reflective of a lender’s cost of funds, to the extent that sufficient data are provided to investors to allow them to assess their relation to other market rates. Examples of these would include:
- •Interbank rates and rates set by monetary policy authorities, such as LIBOR, EURIBOR, EIBOR and the Fed funds rate; and
- •Sectoral rates reflective of a lender’s cost of funds, such as internal interest rates that directly reflect the market costs of a bank’s funding or that of a subset of institutions.
Exotic derivatives
Determination of whether particular derivatives are “exotic” is inevitably somewhat subjective, but banks should apply a reasonable and conservative process to identifying exotic instruments. The Global Association of Risk Professionals (GARP) defines an exotic instrument as a financial asset or instrument with features making it more complex than simpler, plain vanilla, products. Interest rate caps and/or floors would not automatically be considered exotic derivatives.
2.Asset performance history

In order to provide investors with sufficient information on an asset class to conduct appropriate due diligence and access to a sufficiently rich data set to enable a more accurate calculation of expected loss in different stress scenarios, verifiable loss performance data, such as delinquency and default data, should be available for credit claims and receivables with substantially similar risk characteristics to those being securitized, for a time period long enough to permit meaningful evaluation by investors. Sources of and access to data, and the basis for claiming similarity to credit claims or receivables being securitized, should be clearly disclosed to all market participants.
In addition to the history of the asset class within a jurisdiction, investors should consider whether the originator, sponsor, servicer and other parties with fiduciary responsibilities to the securitisation have an established performance history for substantially similar credit claims or receivables to those being securitized and for an appropriately long period.
The originator or sponsor of the securitisation, as well as the original lender, who underwrites the assets, must have sufficient experience in originating exposures similar to those securitized.
When determining whether the performance history of the originator and the original lender for substantially similar claims or receivables to those being securitized has been established for an “appropriately long period of time,” investors should consider a performance history no shorter than a period of seven years for non-retail exposures. For retail exposures, the minimum performance history is five years.
3.Payment status

Non-performing credit claims and receivables are likely to require more complex and heightened analysis. In order to ensure that only performing credit claims and receivables are assigned to a securitisation, credit claims or receivables being transferred to the securitisation may not, at the time of inclusion in the pool, include obligations that are in default or delinquent or obligations for which the transferor (e.g. the originator or sponsor) or parties to the securitisation (e.g. the servicer or a party with a fiduciary responsibility) are aware of evidence indicating a material increase in expected losses or of enforcement actions.
To prevent credit claims or receivables arising from credit-impaired borrowers from being transferred to the securitisation, the originator or sponsor should verify that the credit claims or receivables meet the following conditions:
1. a.The obligor has not been the subject of an insolvency or debt restructuring process due to financial difficulties within three years prior to the date of origination;⁴
2. b.The obligor is not recorded on a public credit registry of persons with an adverse credit history;
3. c.The obligor does not have a credit assessment by an ECAI or a credit score indicating a significant risk of default; and
4. d.The credit claim or receivable is not subject to a dispute between the obligor and the original lender.
The assessment of these conditions should be carried out by the originator or sponsor no earlier than 45 days prior to the closing date. Additionally, at the time of this assessment, there should be to the best knowledge of the originator or sponsor no evidence indicating likely deterioration in the performance status of the credit claim or receivable.
Additionally, at the time of their inclusion in the pool, at least one payment should have been made on the underlying exposures, except in the case of revolving asset trust structures such as those for credit card receivables, trade receivables, and other exposures payable in a single instalment at maturity.
4.Consistency of underwriting

Investor analysis generally is simpler and more straightforward where the securitisation is of credit claims or receivables that satisfy robust origination standards. To ensure that the quality of the securitized credit claims and receivables is not affected by changes in underwriting standards, the originator should demonstrate to investors that any credit claims or receivables being transferred to the securitisation have been originated in the ordinary course of the originator’s business, without material deterioration in underwriting standards. Where underwriting standards change, the originator should disclose the timing and purpose of such changes. Underwriting standards should not be less stringent than those applied to credit claims and receivables retained on the balance sheet.
In all circumstances, all credit claims or receivables must be originated in accordance with sound and prudent underwriting criteria based on an assessment that the obligor has the “ability and volition to make timely payments” on its obligations, or in the case of granular pools of obligors, originated in the ordinary course of the originator’s business with expected cash flows modelled to meet stated obligations of the securitisation under prudently stressed loan loss scenarios.
The originator or sponsor of the securitisation is expected, where underlying credit claims or receivables have been acquired from third parties, to review the underwriting standards of these third parties (i.e. to check their existence and assess their quality) and to ascertain that they have assessed the “ability and volition to make timely payments on obligations” for the obligors.
5.Asset selection and transfer

The performance of the securitisation should not rely upon the ongoing selection of assets through active management on a discretionary basis of the securitisation’s underlying portfolio. Credit claims or receivables transferred to a securitisation should satisfy clearly defined eligibility criteria (such as criteria related to size of the obligation, age of the borrower, loan-to-value ratios, debt-to-income ratios, or debt service coverage ratios). Credit claims or receivables transferred to a securitisation after the closing date may not be actively selected, actively managed or otherwise cherry-picked on a discretionary basis. Investors should be able to assess the credit risk of the asset pool prior to their investment decisions. Provided they are not actively selected or otherwise cherry-picked on a discretionary basis, the addition of credit claims or receivables during the revolving periods or their substitution or repurchasing due to the breach of representations and warranties do not represent active portfolio management.
In order to meet the principle of true sale, the securitisation should effect true sale such that the underlying credit claims or receivables:
1. a.are enforceable against the obligor and their enforceability is included in the representations and warranties of the securitisation;
2. b.Are beyond the reach of the seller, its creditors or liquidators and are not subject to material re-characterization or claw-back risks;
3. c.are not effected through credit default swaps, derivatives or guarantees, but by a transfer⁵ of the credit claims or the receivables to the securitisation; and
4. d.demonstrate effective recourse to the ultimate obligation for the underlying credit claims or receivables and are not a securitisation of other securitisations.
An independent third-party legal opinion must support the claim that the true sale and the transfer of assets under the applicable laws comply with points (a) through (d) above.
In applicable jurisdictions, securitisations employing transfers of credit claims or receivables by other means should demonstrate the existence of material obstacles preventing true sale at issuance (such as the immediate realization of transfer tax or the requirement to notify all obligors of the transfer) and should clearly demonstrate the method of recourse to ultimate obligors.⁶ In such jurisdictions, any conditions where the transfer of the credit claims or receivable is delayed or contingent upon specific events and any factors affecting timely perfection of claims by the securitisation should be clearly disclosed.
The originator should provide representations and warranties that the credit claims or receivables being transferred to the securitisation are not subject to any condition or encumbrance that can be foreseen to adversely affect enforceability in respect of collections due.
6.Initial and ongoing data

To assist investors in conducting appropriate due diligence prior to investing in a new offering, sufficient loan-level data in accordance with applicable laws or, in the case of granular pools, summary stratification data on the relevant risk characteristics of the underlying pool should be available to potential investors before pricing of a securitisation.
To assist investors in conducting appropriate and ongoing monitoring of performance and so that investors wishing to purchase a securitisation in the secondary market have sufficient information to conduct appropriate due diligence, timely loan-level data in accordance with applicable laws or granular pool stratification data on the risk characteristics of the underlying pool and standardized investor reports should be readily available to current and potential investors at least quarterly throughout the life of the securitisation. Cut-off dates for the loan-level or granular pool stratification data should be aligned with those used for investor reporting.
To provide a level of assurance that the reporting of the underlying credit claims or receivables is accurate and that the underlying credit claims or receivables meet the eligibility requirements, the initial portfolio should be reviewed⁷ for conformity with the eligibility requirements by an appropriate legally accountable and independent third party, such as an independent accounting practice or the calculation agent or management company for the securitisation. The review should confirm that the credit claims or receivables transferred to the securitisation meet the portfolio eligibility requirements. The review could, for example, be undertaken on a representative sample of the initial portfolio, with the application of a minimum confidence level. The verification report need not be provided but its results, including any material exceptions, should be disclosed in the initial offering documentation.
³ Payments on operating and financing leases are typically considered to be rental payments rather than payments of principal and interest.
⁴ This condition would not apply to borrowers that previously had credit incidents but were subsequently removed from credit registries as a result of the borrower cleaning their records. This is the case in jurisdictions in which borrowers have the “right to be forgotten.”
⁵ The requirement should not affect jurisdictions whose legal frameworks provide for a true sale with the same effects as described above, but by means other than a transfer of the credit claims or receivables.
⁶ E.g., equitable assignment, perfected contingent transfer.
⁷ The review should confirm that the credit claims or receivables transferred to the securitisation meet the portfolio eligibility requirements. The review could, for example, be undertaken on a representative sample of the initial portfolio, with the application of a minimum confidence level. The verification report need not be provided but its results, including any material exceptions, should be disclosed in the initial offering documentation

B. Structural Risk
1.Redemption cash flows

Liabilities subject to the refinancing risk of the underlying credit claims or receivables are likely to require more complex and heightened analysis. To help ensure that the underlying credit claims or receivables do not need to be refinanced over a short period of time, there should not be a reliance on the sale or refinancing of the underlying credit claims or receivables in order to repay the liabilities, unless the underlying pool of credit claims or receivables is sufficiently granular and has sufficiently distributed repayment profiles. Rights to receive income from the assets specified to support redemption payments should be considered as eligible credit claims or receivables in this regard.⁸
2.Currency and interest rate asset and liability mismatches

To reduce the payment risk arising from the different interest rate and currency profiles of assets and liabilities and to improve investors’ ability to model cash flows, interest rate and foreign currency risks should be appropriately mitigated at all times, and if any hedging transaction is executed the transaction should be documented according to industry- standard master agreements. Only derivatives used for genuine hedging of asset and liability mismatches of interest rate and / or currency should be allowed.
The term “appropriately mitigated” should be understood as not necessarily requiring a completely perfect hedge. The appropriateness of the mitigation of interest rate and foreign currency through the life of the transaction must be demonstrated by making available to potential investors, in a timely and regular manner, quantitative information including the fraction of notional amounts that are hedged, as well as sensitivity analysis that illustrates the effectiveness of the hedge under extreme but plausible scenarios.
If hedges are not performed through derivatives, then those risk-mitigating measures are only permitted if they are specifically created and used for the purpose of hedging an individual and specific risk, and not multiple risks at the same time (such as credit and interest rate risks). Non-derivative risk mitigation measures must be fully funded and available at all times.
3.Payment priorities and observability

To prevent investors being subjected to unexpected repayment profiles during the life of a securitisation, the priorities of payments for all liabilities in all circumstances should be clearly defined at the time of securitisation and appropriate legal comfort regarding their enforceability should be provided.
Junior liabilities should not have payment preference over senior liabilities that are due and payable. The securitisation should not be structured as a “reverse” cash flow waterfall such that junior liabilities are paid where due and payable senior liabilities have not been paid.
To help provide investors with full transparency into any changes, all triggers affecting the cash flow waterfall, payment profile, or priority of payments of the securitisation should be clearly and fully disclosed both in offering documents and in investor reports, with information in the investor report that clearly identifies the breach status, the ability for the breach to be reversed and the consequences of the breach. Investor reports should contain information that allows investors to monitor the evolution of indicators that are subject to triggers. Any triggers breached between payment dates should be disclosed to investors on a timely basis in accordance with the terms and conditions of all underlying transaction documents.
Securitisations featuring a revolving period should include provisions for appropriate early amortization events and/or triggers of termination of the revolving period, including, notably: (i) deterioration in the credit quality of the underlying exposures; (ii) a failure to acquire sufficient new underlying exposures of similar credit quality; and (iii) the occurrence of an insolvency-related event with regard to the originator or the servicer.
Following the occurrence of a performance-related trigger, an event of default or an acceleration event, the securitisation positions should be repaid in accordance with a sequential amortization priority of payments, in order of tranche seniority, and there should not be provisions requiring immediate liquidation of the underlying assets at market value.
To assist investors in their ability to appropriately model the cash flow waterfall of the securitisation, the originator or sponsor should make available to investors, both before pricing of the securitisation and on an ongoing basis, a liability cash flow model or information on the cash flow provisions allowing appropriate modelling of the securitisation cash flow waterfall.
To ensure that debt forgiveness, forbearance, payment holidays and other asset performance remedies can be clearly identified, policies and procedures, definitions, remedies and actions relating to delinquency, default or restructuring of underlying debtors should be provided in clear and consistent terms so that investors can clearly identify debt forgiveness, forbearance, payment holidays, restructuring and other asset performance remedies on an ongoing basis.
4.Voting and enforcement rights

To help ensure clarity for securitisation note holders of their rights and ability to control and enforce on the underlying credit claims or receivables, upon insolvency of the originator or sponsor, all voting and enforcement rights related to the credit claims or receivables should be transferred to the securitisation. Investors’ rights in the securitisation should be clearly defined in all circumstances, including the rights of senior versus junior note holders.
5.Documentation disclosure and legal review

To help investors to fully understand the terms, conditions, legal and commercial information prior to investing in a new offering and to ensure that this information is set out in a clear and effective manner for all programs and offerings, sufficient initial offering⁹ and draft underlying¹⁰ documentation should be made available to investors (and readily available to potential investors on a continuous basis) within a reasonably sufficient period of time prior to pricing, or when legally permissible, such that the investor is provided with full disclosure of the legal and commercial information and comprehensive risk factors needed to make informed investment decisions. Any type of securitisation can fulfil these requirements once it meets its prescribed standards of disclosure and legal review. Final offering documents should be available from the closing date and all final underlying transaction documents shortly thereafter. These should be composed such that readers can readily find, understand, and use relevant information.
To ensure that all the securitisation’s underlying documentation has been subject to appropriate review prior to publication, the terms and documentation of the securitisation should be subject to appropriate third-party legal review, such as experienced legal counsel already instructed by one of the transaction parties (for example, by the arranger or the trustee). Investors should be notified in a timely fashion of any changes in such documents that have an impact on the structural risks in the securitisation.
6.Alignment of interest

In order to align the interests of those responsible for the underwriting of the credit claims or receivables with those of investors, the originator or sponsor of the credit claims or receivables should retain a material net economic exposure and demonstrate a financial incentive in the performance of these assets following their securitisation.
⁸ For example, associated savings plans designed to repay principal at maturity.
⁹ E.g., draft offering circular, draft offering memorandum, draft offering document or draft prospectus, such as a “red herring”.
¹⁰ For example, asset sale agreement, assignment, novation or transfer agreement; servicing, backup servicing, administration and cash management agreements; trust/management deed, security deed, agency agreement, account bank agreement, guaranteed investment contract, incorporated terms or master trust framework or master definitions agreement as applicable; any relevant inter-creditor agreements, swap or derivative documentation, subordinated loan agreements, start-up loan agreements and liquidity facility agreements; and any other relevant underlying documentation, including legal opinions.

C. Fiduciary and Servicer Risk
1.Fiduciary and contractual responsibilities

To help ensure that servicers have extensive workout expertise, thorough legal and collateral knowledge and a proven track record in loss mitigation, such parties should be able to demonstrate expertise in the servicing of the underlying credit claims or receivables, servicing should be supported by a management team with extensive industry experience. The servicer should at all times act in accordance with reasonable and prudent standards. Policies, procedures and risk management controls should be well documented and adhere to good market practices and relevant regulatory regimes. There should be strong systems and reporting capabilities in place. In assessing whether “strong systems and reporting capabilities” are in place for non-banking entities, well-documented policies, procedures and risk management controls, as well as strong systems and reporting capabilities, may be substantiated by an independent third-party review.
The party or parties with fiduciary responsibility should act on a timely basis in the best interests of the securitisation note holders, and both the initial offering and all underlying documentation should contain provisions facilitating the timely resolution of conflicts between different classes of note holders by the trustees, to the extent permitted by applicable law. The party or parties with fiduciary responsibility to the securitisation and to investors should be able to demonstrate sufficient skills and resources to comply with their duties of care in the administration of the securitisation vehicle.
To increase the likelihood that those identified as having a fiduciary responsibility towards investors as well as the servicer execute their duties in full on a timely basis, remuneration should be such that these parties are incentivized and able to meet their responsibilities in full and on a timely basis.
2.Transparency to investors

To help provide full transparency to investors, to assist investors in the conduct of their due diligence, and to prevent investors from being subject to unexpected disruptions in cash flow collections and servicing, the contractual obligations, duties, and responsibilities of all key parties to the securitisation, both those with a fiduciary responsibility and ancillary service providers, should be defined clearly both in the initial offering and all underlying documentation. Provisions should be documented for the replacement of servicers, bank account providers, derivatives counterparties and liquidity providers in the event of failure, non-performance, insolvency, or other deterioration of creditworthiness of any such counterparty to the securitisation.
To enhance transparency and visibility of all receipts, payments, and ledger entries at all times, the performance reports to investors should report the securitisation’s income and disbursements, such as scheduled principal, redemption principal, scheduled interest, prepaid principal, past due interest and fees and charges, delinquent, defaulted and restructured amounts under debt forgiveness and payment holidays, and should include accurate accounting for amounts attributable to principal and interest deficiency ledgers. The term “income and disbursements” should also be understood as including deferment, forbearance, and repurchases.

D. Additional Criteria for Capital Purposes
1.Credit risk of underlying exposures

At the cut-off date for addition of exposures to the pool, the underlying exposures must meet the conditions to be assigned a risk weight equal to or smaller than:
- •40% on a value-weighted average exposure basis for a portfolio where the exposures are loans secured by residential mortgages or fully guaranteed residential loans;
- •50% on an individual exposure basis where the exposure is a loan secured by a commercial mortgage;
- •75% on an individual exposure basis where the exposure is a retail exposure; or
- •100% on an individual exposure basis for any other exposure.
These risk weights should be after taking into account any eligible credit risk mitigation. The thresholds as set are based on the current Standardized Approach to credit risk, and may be revisited if the Standardized Approach for credit risk is subsequently revised.
2.Granularity of the pool

At the portfolio cut-off date, the aggregate value of all exposures to a single obligor shall not exceed 1% of the aggregated outstanding exposure value of all exposures in the portfolio.

Appendix 2: Criteria for Short-Term STC Exposures
This Appendix provides criteria, including certain guidance and clarifications, for short-term Simple, Transparent, and Comparable (STC) securitisation exposures, together with certain additional requirements that must be satisfied in order for a securitisation to receive alternative regulatory capital treatment.
For an ABCP conduit to be considered STC, the criteria in this Appendix need to be met at both the conduit level and the transaction level.
- •For exposures at the conduit level (e.g. exposure arising from investing in the commercial paper issued by an ABCP program or sponsoring arrangements at the conduit/program level), compliance with the short-term STC capital criteria is achieved only if the criteria are satisfied at both the conduit level and the transaction level.
- •In the case of exposures at the transaction level, compliance with the short-term STC capital criteria is considered to be achieved if the transaction-level criteria are satisfied for the transactions to which support is provided.
In each section, any requirements specific to either the conduit level or the transaction level are noted separately, together with more general requirements that apply to both levels.

A. Definitions
1. (a)Asset-backed commercial paper (ABCP) conduit is a special purpose vehicle that can issue commercial paper against claims on underlying assets.
2. (b)ABCP program is a program of commercial paper issued by an ABCP conduit.
3. (c)Assets or asset pool means the credit claims and/or receivables underlying a transaction in which the ABCP conduit holds a beneficial interest.
4. (d)The investor is the holder of commercial paper issued under an ABCP program, or of any type of exposure to the conduit representing a financing liability of the conduit, such as loans.
5. (e)The obligor is the borrower or counterparty who is obliged to make payments on the underlying credit claim or a receivable that is part of an asset pool.
6. (f)The seller is the party that (i) concluded (in its capacity as original lender) the original agreement that created the obligations or potential obligations (under a credit claim or a receivable) of an obligor or purchased the obligations or potential obligations from the original lender(s), and (ii) transferred those assets through a transaction or passed on the interest to the ABCP conduit.
7. (g)The sponsor means the sponsor of an ABCP conduit; other relevant parties with a fiduciary responsibility in the management and administration of the ABCP conduit may bear some of the responsibilities of a sponsor.
8. (h)A transaction means an individual transaction in which the ABCP conduit holds a beneficial interest. A transaction may qualify as a securitisation, but may also be a direct asset purchase, the acquisition of undivided interest in a revolving pool of asset, a secured loan etc.

B. Asset Risk

1.Nature of assets

Conduit level

The sponsor should make representations and warranties to investors that the criteria at the transaction level are met, and explain how this is the case on an overall basis. Only if specified should this be done for each transaction.

Provided that each individual underlying transaction is homogeneous in terms of asset type, a conduit may be used to finance transactions of different asset types.

Program-wide credit enhancement should not prevent a conduit from qualifying for STC, regardless of whether such enhancement technically creates a type of resecuritisation.

Transaction level

The assets underlying a transaction in a conduit should be credit claims or receivables that are homogeneous, in terms of asset type. (This does not automatically exclude securitisations of equipment leases and securitisations of auto loans and leases from the short-term STC framework.)

The assets underlying each individual transaction in a conduit should not be composed of “securitisation exposures” as defined in the Central Bank’s Standard on Required Capital for Securitisation Exposures. The transaction-level requirement is still met if the conduit does not purchase the underlying asset with a refundable purchase price discount but instead acquires a beneficial interest in the form of a note which itself might qualify as a securitisation exposure, as long as the securitisation exposure is not subject to any further tranching (i.e. has the same economic characteristic as the purchase of the underlying asset with a refundable purchase price discount).

Credit claims or receivables underlying a transaction in a conduit should have contractually identified periodic payment streams relating to rental,¹¹ principal, interest, or principal and interest payments. Credit claims or receivables generating a single payment stream would equally qualify as eligible. Any referenced interest payments or discount rates should be based on commonly encountered market interest rates, but should not reference complex or complicated formulae or exotic derivatives.

Homogeneity

For capital purposes, homogeneity should be assessed taking into account the following principles:

•The nature of assets should be such that there would be no need to analyse and assess materially different legal and/or credit risk factors and risk profiles when carrying out risk analysis and due diligence checks for the transaction.
•Homogeneity should be assessed based on common risk drivers, including similar risk factors and risk profiles.
•Credit claims or receivables included in the securitisation should have standards obligations, in terms of rights to payments and/or income from assets and that result in a periodic and well-defined stream of payments to investors. Credit card facilities should be deemed to result in a periodic and well-defined stream of payments to investors for the purposes of this criterion.
•Repayment of the securitisation exposure should mainly rely on the principal and interest proceeds from the securitized assets. Partial reliance on refinancing or re-sale of the asset securing the exposure may occur provided that re-financing is sufficiently distributed within the pool and the residual values on which the transaction relies are sufficiently low and that the reliance on refinancing is thus not substantial.

Commonly encountered market interest rates

The term “commonly encountered market interest rates” should be understood to encompass rates reflective of a lender’s cost of funds, to the extent that sufficient data are provided to the sponsors to allow them to assess their relation to other market rates. Examples of these would include:

•Interbank rates and rates set by monetary policy authorities, such as LIBOR, EURIBOR, EIBOR, and the Federal funds rate; and
•Sectoral rates reflective of a lender’s cost of funds, such as internal interest rates that directly reflect the market costs of a bank’s funding or that of a subset of institutions.

Exotic derivatives

Determination of whether particular derivatives are “exotic” is inevitably somewhat subjective, but banks should apply a reasonable and conservative process to identifying exotic instruments. The Global Association of Risk Professionals (GARP) defines an exotic instrument as a financial asset or instrument with features making it more complex than simpler, plain vanilla, products. Interest rate caps and/or floors would not automatically be considered exotic derivatives.

2.Asset performance history

Conduit level

In order to provide investors with sufficient information on the performance history of the asset types backing the transactions, the sponsor should make available to investors sufficient loss performance data on claims and receivables with substantially similar risk characteristics, such as delinquency and default data on similar claims, and for a time period long enough to permit meaningful evaluation. The sponsor should disclose to investors the sources of such data and the basis for claiming similarity to credit claims or receivables financed by the conduit.

Such loss performance data may be provided on a stratified basis. Examples of such data might include:

•all materially relevant data on the conduit’s composition (outstanding balances, industry sector, obligor concentrations, maturities etc) and conduit’s overview; and
•all materially relevant data on the credit quality and performance of underlying transactions, allowing investors to identify collections, and, as applicable, debt restructuring, forgiveness, forbearance, payment holidays, repurchases, delinquencies and defaults.

Transaction level

In order to provide the sponsor with sufficient information on the performance history of each asset type backing the transactions and to conduct appropriate due diligence and to have access to a sufficiently rich data set to enable a more accurate calculation of expected loss in different stress scenarios, verifiable loss performance data, such as delinquency and default data, should be available for credit claims and receivables with risk characteristics substantially similar to those being financed by the conduit, for a time period long enough to permit meaningful evaluation by the sponsor.

The sponsor of the securitisation, as well as the original lender that underwrites the assets, must have sufficient experience in the risk analysis/underwriting of exposures or transactions with underlying exposures similar to those securitized. The sponsor should have well documented procedures and policies regarding the underwriting of transactions and the ongoing monitoring of the performance of the securitized exposures. The sponsor should ensure that the seller(s) and all other parties involved in the origination of the receivables have experience in originating same or similar assets, and are supported by a management with industry experience. For the purpose of meeting the short-term STC capital criteria, investors must request confirmation from the sponsor that the performance history of the originator and the original lender for claims or receivables substantially similar to those being securitized has been established for an “appropriately long period of time.” This performance history must be no shorter than a period of five years for non-retail exposures. For retail exposures, the minimum performance history is three years.

3.Payment status

Conduit level

The sponsor should, to the best of its knowledge and based on representations from sellers, make representations and warranties to investors that the STC criteria at the transaction level are met with respect to each transaction.

Transaction level

The sponsor should obtain representations from sellers that the credit claims or receivables underlying each individual transaction are not, at the time of acquisition of the interests to be financed by the conduit, in default or delinquent or subject to a material increase in expected losses or of enforcement actions.

To prevent credit claims or receivables arising from credit-impaired borrowers from being transferred to the securitisation, the original seller or sponsor should verify that the credit claims or receivables meet the following conditions for each transaction:

•The obligor has not been the subject of an insolvency or debt restructuring process due to financial difficulties in the three years prior to the date of origination;¹²
•The obligor is not recorded on a public credit registry of persons with an adverse credit history;
•The obligor does not have a credit assessment by an external credit assessment institution or a credit score indicating a significant risk of default; and
•The credit claim or receivable is not subject to a dispute between the obligor and the original lender.

The assessment of these conditions should be carried out by the original seller or sponsor no earlier than 45 days prior to acquisition of the transaction by the conduit or, in the case of replenishing transactions, no earlier than 45 days prior to new exposures being added to the transaction. In addition, at the time of the assessment, there should be, to the best knowledge of the original seller or sponsor, no evidence indicating likely deterioration in the performance status of the credit claim or receivable.

Further, at the time of their inclusion in the pool, at least one payment should have been made on the underlying exposures, except in the case of replenishing asset trust structures such as those for credit card receivables, trade receivables, and other exposures payable in a single instalment at maturity.

4.Consistency of underwriting

Conduit level

The sponsor should make representations and warranties to investors that:

1.It has taken steps to verify that, for the transactions in the conduit, any underlying credit claims and receivables have been subject to consistent underwriting standards, and explain how; and
2.When there are material changes to underwriting standards, it will receive from sellers disclosure about the timing and purpose of such changes.

The sponsor should also inform investors of the material selection criteria applied when selecting sellers (including where they are not financial institutions).

Transaction level

The sponsor should ensure that sellers (in their capacity as original lenders) in transactions with the conduit demonstrate to it that:

a.Any credit claims or receivables being transferred to or through a transaction held by the conduit have been originated in the ordinary course of the seller’s business subject to materially non-deteriorating underwriting standards. Those underwriting standards should also not be less stringent than those applied to credit claims and receivables retained on the balance sheet of the seller and not financed by the conduit; and
b.The obligors have been assessed as having the ability and volition to make timely payments on obligations.

The sponsor should also ensure that sellers disclose to it the timing and purpose of material changes to underwriting standards.

In all circumstances, all credit claims or receivables must be originated in accordance with sound and prudent underwriting criteria based on an assessment that the obligor has the “ability and volition to make timely payments” on its obligations.

The sponsor of the securitisation is expected, where underlying credit claims or receivables have been acquired from third parties, to review the underwriting standards (i.e. to check their existence and assess their quality) of these third parties and to ascertain that they have assessed the obligors’ “ability and volition to make timely payments” on their obligations.

If the sponsor of the securitisation did not originate the assets, the additional requirement will ensure that the seller has to check (a) the existence and quality of the underwriting standards; (b) that the borrowers to whom the acquired loans are extended have been screened by the lender; and (c) that their ability and their willingness to repay have been assessed by the original lender. This should not, however, be understood as an obligation for the seller to perform this assessment itself.

5.Asset selection and transfer

Conduit level

The sponsor should:

1.Provide representations and warranties to investors about the checks, in terms of their nature and frequency, it has conducted regarding enforceability of underlying assets; and
2.Disclose to investors the receipt of appropriate representations and warranties from sellers that the credit claims or receivables being transferred to the transactions in the conduit are not subject to any condition or encumbrance that can be foreseen to adversely affect enforceability in respect of collections due.

Transaction level

The sponsor should ensure that credit claims or receivables transferred to or through a transaction financed by the conduit:

a.Satisfy clearly defined eligibility criteria;
b.Are not actively selected after the closing date, actively managed or otherwise cherry-picked.¹³

An in-house legal opinion or an independent third-party legal opinion must support the claim that the true sale and the transfer of assets under the applicable laws comply with points (a) and (b) at the transaction level.

The sponsor should be able to assess thoroughly the credit risk of the asset pool prior to its decision to provide full support to any given transaction or to the conduit.

The sponsor should ensure that the transactions in the conduit effect true sale such that the underlying credit claims or receivables:

1.Are enforceable against the obligor;
2.Are beyond the reach of the seller, its creditors, or liquidators and are not subject to material re-characterization risks or claw-back risks (in which the insolvency or bankruptcy of the seller could result in the assets being taken back from the pool by creditors or liquidators);
3.Are not effected through credit default swaps, derivatives or guarantees, but by a transfer¹⁴ of the credit claims or the receivables to the transaction; and
4.Demonstrate effective recourse to the ultimate obligation for the underlying credit claims or receivables and are not a re-securitisation position.

The sponsor should ensure that, in applicable jurisdictions, for conduits employing transfers of credit claims or receivables by other means, sellers can demonstrate to it the existence of material obstacles preventing true sale at issuance¹⁵ and should clearly demonstrate the method of recourse to ultimate obligors.¹⁶ In such jurisdictions, any conditions where the transfer of the credit claims or receivables is delayed or contingent upon specific events and any factors affecting timely perfection of claims by the conduit should be clearly disclosed.

The sponsor should ensure that it receives from the individual sellers (in their capacity either as original lender or servicer) representations and warranties that the credit claims or receivables being transferred to or through the transaction are not subject to any condition or encumbrance that can be foreseen to adversely affect enforceability in respect of collections due.

6.Initial and ongoing data

Conduit level

To assist investors in conducting appropriate due diligence prior to investing in a new program offering, the sponsor should provide to potential investors sufficient aggregated data that illustrate the relevant risk characteristics of the underlying asset pools in accordance with applicable laws.

To assist investors in conducting appropriate and ongoing monitoring of their investments’ performance and so that investors who wish to purchase commercial paper have sufficient information to conduct appropriate due diligence, the sponsor should provide timely and sufficient aggregated data that convey the relevant risk characteristics of the underlying pools in accordance with applicable laws. The sponsor should ensure that standardized investor reports are readily available to current and potential investors at least monthly. Cut-off dates of the aggregated data should be aligned with those used for investor reporting.

Transaction level

The sponsor should ensure that the individual sellers (in their capacity as servicers) provide it with:

(a)sufficient asset-level data in accordance with applicable laws or, in the case of granular pools, summary stratification data on the relevant risk characteristics of the underlying pool before transferring any credit claims or receivables to such underlying pool; and
(b)Timely asset-level data in accordance with applicable laws or granular pool stratification data on the risk characteristics of the underlying pool on an ongoing basis. Those data should allow the sponsor to fulfil its fiduciary duty at the conduit level in terms of disclosing information to investors, including the alignment of cut-off dates of the asset-level or granular pool stratification data with those used for investor reporting.

The seller may delegate some of these tasks, in which case the sponsor should ensure that there is appropriate oversight of the outsourced arrangements.

The standardized investor reports that are made readily available to current and potential investors at least monthly should include the following information:

•Materially relevant data on the credit quality and performance of underlying assets, including data allowing investors to identify dilution, delinquencies and defaults, restructured receivables, forbearance, repurchases, losses, recoveries and other asset performance remedies in the pool;
•The form and amount of credit enhancement provided by the seller and sponsor at the transaction and the conduit level, respectively;
•Relevant information on the support provided by the sponsor; and
•The status and definitions of relevant triggers (such as performance, termination or counterparty replacement triggers).

¹¹ Payments on operating and financing lease are typically considered to be rental payments rather than payments of principal and interest.

¹² This condition would not apply to borrowers that previously had credit incidents but were subsequently removed from credit registries as a result of the borrowers cleaning their records. This is the case in jurisdictions in which borrowers have the “right to be forgotten.”

¹³ Provided they are not actively selected or otherwise cherry-picked, the addition of credit claims or receivables during the revolving periods or their substitution or repurchasing due to the breach of representations and warranties do not represent active portfolio management.

¹⁴ This requirement should not affect jurisdictions whose legal frameworks provide for a true sale with the same effects as described above, but by means other than a transfer of the credit claims or receivables.

¹⁵ For instance, the immediate realization of transfer tax or the requirement to notify all obligors of the transfer.

¹⁶ For instance, equitable assignment or perfected contingent transfer.

C. Structural Risk

1.Full support

Conduit level

The sponsor should provide the liquidity facility and the credit protection support¹⁷ for any ABCP program issued by a conduit. Such facility and support should ensure that investors are fully protected against credit risks, liquidity risks and any material dilution risks of the underlying asset pools financed by the conduit. On that basis, investors should be able to rely on the sponsor to ensure timely and full repayment of the commercial paper. This is not a comprehensive list of risks, but rather provides typical examples.

The full support provided should be able to irrevocably and unconditionally pay the ABCP liabilities in full and on time.

Number of sponsors providing support

While liquidity and credit protection support at both the conduit level and transaction level can be provided by more than one sponsor, the majority of the support (assessed in terms of coverage) has to be made by a single sponsor (referred to as the “main sponsor”).¹⁸ An exception can, however, be made for a limited period of time, where the main sponsor has to be replaced due to a material deterioration in its credit standing.

General requirements

Under the terms of the liquidity facility agreement:

•Upon specified events affecting its creditworthiness, the sponsor shall be obliged to collateralize its commitment in cash to the benefit of the investors or otherwise replace itself with another liquidity provider.
•If the sponsor does not renew its funding commitment for a specific transaction or the conduit in its entirety, the sponsor shall collateralize its commitments regarding a specific transaction or, if relevant, to the conduit in cash at the latest 30 days prior to the expiration of the liquidity facility, and no new receivables should be purchased under the affected commitment.

The sponsor should provide investors with full information about the terms of the liquidity facility and the credit support provided to the ABCP conduit and the underlying transactions (in relation to the transactions, redacted where necessary to protect confidentiality).

To ensure that investors in the notes issued by the ABCP conduit are fully protected by the facility provided to the ABCP conduit, if the creditworthiness of the liquidity providers deteriorates or if a commitment is not renewed, the liquidity provider shall be required to fully collateralize the facility in cash to ensure the payment of maturing notes. As an alternative, a backup facility provider could be used in case the creditworthiness of the current provider is no longer sufficient. The facility should also be drawn down and used to redeem the outstanding notes in case it is not renewed at least 30 days prior to its expiration.

Information about the support provided to the ABCP structure, at the conduit and the transaction level, as well as the maturity of the facility provided to the ABCP structure, shall also be disclosed to investors. This will enable investors to assess the liquidity risks associated with their exposures to the ABCP structure.

2.Redemption cash flow

Transaction level

Unless the underlying pool of credit claims or receivables is sufficiently granular and has sufficiently distributed repayment profiles, the sponsor should ensure that the repayment of the credit claims or receivables underlying any of the individual transactions relies primarily on the general ability and willingness of the obligor to pay rather than the possibility that the obligor refinances or sells the collateral and that such repayment does not primarily rely on the drawing of an external liquidity facility provided to this transaction.

For capital purposes, sponsors cannot use support provided by their own liquidity and credit facilities towards meeting this criterion. For the avoidance of doubt, the requirement that the repayment shall not primarily rely on the drawing of an external liquidity facility does not apply to exposures in the form of the notes issued by the ABCP conduit.

3.Currency and interest rate asset and liability mismatches

Conduit level

The sponsor should ensure that any payment risk arising from different interest rate and currency profiles that is not mitigated at transaction level, or that may arise at the conduit level, is appropriately mitigated.

The sponsor should also ensure that derivatives are used for genuine hedging purposes only and that hedging transactions are documented according to industry-standard master agreements.

The sponsor should provide sufficient information to investors to allow them to assess how the payment risk arising from the different interest rate and currency profiles of assets and liabilities is appropriately mitigated, whether at the conduit level or at the transaction level.

Transaction level

To reduce the payment risk arising from the different interest rate and currency profiles of assets and liabilities, if any, and to improve the sponsor’s ability to analyze cash flows of transactions, the sponsor should ensure that interest rate and foreign currency risks are appropriately mitigated. The sponsor should also ensure that derivatives are used for genuine hedging purposes only and that hedging transactions are documented according to industry-standard master agreements.

The term “appropriately mitigated” should be understood as not necessarily requiring a completely perfect hedge. The appropriateness of the mitigation of interest rate and foreign currency risks through the life of the transaction must be demonstrated by making available, in a timely and regular manner, quantitative information, including the fraction of notional amounts that are hedged, as well as sensitivity analysis that illustrates the effectiveness of the hedge in extreme but plausible scenarios.

The use of risk-mitigating measures other than derivatives is permitted only if the measures are specifically created and used for the purpose of hedging an individual and specific risk. Non-derivative risk mitigation measures must be fully funded and available at all times.

4.Payment priorities and observability

Conduit level

The commercial paper issued by the ABCP program should not include extension options or other features which may extend the final maturity of the asset-backed commercial paper, where the right to trigger does not belong exclusively to investors.

The sponsor should:

(i) make representations and warranties to investors that the STC criteria are met at the transaction level and, in particular, that it has the ability to appropriately analyse the cash flow waterfall for each transaction which qualifies as a securitisation; and

(ii) make available to investors a summary (illustrating the functioning) of these waterfalls and of the credit enhancement available at program level and transaction level.

Transaction level

To prevent the conduit from being subjected to unexpected repayment profiles from the transactions, the sponsor should ensure that:

1.Priorities of payments are clearly defined at the time of acquisition of the interests in these transactions by the conduit; and
2.Appropriate legal comfort regarding the enforceability is provided.

For all transactions which qualify as a securitisation, the sponsor should ensure that all triggers affecting the cash flow waterfall, payment profile or priority of payments are clearly and fully disclosed to the sponsor in both the transactions’ documentation and reports, with information in the reports that clearly identifies any breach status, the ability for the breach to be reversed and the consequences of the breach. Reports should contain information that allows sponsors to easily ascertain the likelihood of a trigger being breached or reversed. Any triggers breached between payment dates should be disclosed to sponsors on a timely basis in accordance with the terms and conditions of the transaction documents.

For any of the transactions where the beneficial interest held by the conduit qualifies as a securitisation position, the sponsor should ensure that any subordinated positions do not have inappropriate payment preference over payments to the conduit (which should always rank senior to any other position) and which are due and payable.

Transactions featuring a revolving period should include provisions for appropriate early amortization events and/or triggers of termination of the revolving period, including, notably: (i) deterioration in the credit quality of the underlying exposures; (ii) a failure to replenish sufficient new underlying exposures of similar credit quality; and (iii) the occurrence of an insolvency-related event with regard to the individual sellers.

To ensure that debt forgiveness, forbearance, payment holidays, restructuring, dilution and other asset performance remedies can be clearly identified, policies and procedures, definitions, remedies and actions relating to delinquency, default, dilution or restructuring of underlying debtors should be provided in clear and consistent terms, such that the sponsor can clearly identify debt forgiveness, forbearance, payment holidays, restructuring, dilution and other asset performance remedies on an ongoing basis.

For each transaction which qualifies as a securitisation, the sponsor should ensure that it receives, both before the conduit acquires a beneficial interest in the transaction and on an ongoing basis, the liability cash flow analysis or information on the cash flow provisions allowing appropriate analysis of the cash flow waterfall of these transactions.

5.Voting and enforcement rights

Conduit level

To provide clarity to investors, the sponsor should make sufficient information available in order for investors to understand their enforcement rights on the underlying credit claims or receivables in the event of insolvency of the sponsor.

Transaction level

For each transaction, the sponsor should ensure that, in particular upon insolvency of the seller or where the obligor is in default on its obligation, all voting and enforcement rights related to the credit claims or receivables are, if applicable:

1.Transferred to the conduit; and
2.Clearly defined under all circumstances, including with respect to the rights of the conduit versus other parties with an interest (e.g. sellers), where relevant.

6.Documentation disclosure and legal review

Conduit level

To help investors understand fully the terms, conditions, and legal information prior to investing in a new program offering and to ensure that this information is set out in a clear and effective manner for all program offerings, the sponsor should ensure that sufficient initial offering documentation for the ABCP program is provided to investors (and readily available to potential investors on a continuous basis) within a reasonable period of time prior to issuance, such that the investor is provided with full disclosure of the legal information and comprehensive risk factors needed to make informed investment decisions. These should be composed such that readers can readily find, understand and use relevant information.

The sponsor should ensure that the terms and documentation of a conduit and the ABCP program it issues are reviewed and verified by an appropriately experienced and independent legal practice prior to publication and in the event of material changes. The sponsor should notify investors in a timely fashion of any changes in such documents that have an impact on the structural risks in the ABCP program.

To understand fully the terms, conditions and legal information prior to including a new transaction in the ABCP conduit and ensure that this information is set out in a clear and effective manner, the sponsor should ensure that it receives sufficient initial offering documentation for each transaction and that it is provided within a reasonable period of time prior to the inclusion in the conduit, with full disclosure of the legal information and comprehensive risk factors needed to supply liquidity and/or credit support facilities. The initial offering document for each transaction should be composed such that readers can readily find, understand and use relevant information.

The sponsor should also ensure that the terms and documentation of a transaction are reviewed and verified by an appropriately experienced and independent legal practice prior to the acquisition of the transaction and in the event of material changes.

7.Alignment of interest

Conduit level

In order to align the interests of those responsible for the underwriting of the credit claims and receivables with those of investors, a material net economic exposure should be retained by the sellers or the sponsor at the transaction level, or by the sponsor at the conduit level.

Ultimately, the sponsor should disclose to investors how and where a material net economic exposure is retained by the seller at the transaction level or by the sponsor at the transaction or the conduit level, and demonstrate the existence of a financial incentive in the performance of the assets.

8.Cap on maturity transformation

Conduit level

Maturity transformation undertaken through ABCP conduits should be limited. The sponsor should verify and disclose to investors that the weighted average maturity of all the transactions financed under the ABCP conduit is three years or less.

This number should be calculated as the higher of:

1. the exposure-weighted average residual maturity of the conduit’s beneficial interests held or the assets purchased by the conduit in order to finance the transactions of the conduit;¹⁹

2. the exposure-weighted average maturity of the underlying assets financed by the conduit calculated by:

a. taking an exposure-weighted average of residual maturities of the underlying assets in each pool; and then

b. taking an exposure-weighted average across the conduit of the pool-level averages as calculated in Step 2a.

Where it is impractical for the sponsor to calculate the pool-level weighted average maturity in Step 2a (because the pool is very granular or dynamic), sponsors may instead use the maximum maturity of the assets in the pool as defined in the legal agreements governing the pool (e.g. investment guidelines).

¹⁷ A sponsor can provide full support either at the ABCP program level or at the transaction level, i.e. by fully supporting each transaction within an ABCP program.

¹⁸ “Liquidity and credit protection support” refers to support provided by the sponsors. Any support provided by the seller is excluded.

¹⁹ Including purchased securitisation notes, loans, asset-backed deposits and purchased credit claims and/or receivables held directly on the conduit’s balance sheet

D. Fiduciary and Servicer Risk

1.Financial institution

The sponsor should be a financial institution that is licensed to take deposits from the public, and is subject to appropriate prudential standards and levels of supervision.

2.Fiduciary and contractual responsibilities

Conduit level

The sponsor should, based on the representations received from seller(s) and all other parties responsible for originating and servicing the asset pools, make representations and warranties to investors that:

1.The various criteria defined at the level of each underlying transaction are met, and explain how; and
2.The seller’s (or sellers’) policies, procedures and risk management controls are well documented, adhere to good market practices and comply with the relevant regulatory regimes; and that strong systems and reporting capabilities are in place to ensure appropriate origination and servicing of the underlying assets.

The sponsor should be able to demonstrate expertise in providing liquidity and credit support in the context of ABCP conduits, and that it is supported by a management team with extensive industry experience.

The sponsor should at all times act in accordance with reasonable and prudent standards. The policies, procedures and risk management controls of the sponsor should be well documented, and the sponsor should adhere to good market practices and relevant regulatory regime. There should be strong systems and reporting capabilities in place at the sponsor.

The party or parties with fiduciary responsibility should act on a timely basis in the best interests of the investors.

Transaction level

The sponsor should ensure that it receives representations from the seller(s) and all other parties responsible for originating and servicing the asset pools that they:

1.Have well documented procedures and policies in place to ensure appropriate servicing of the underlying assets;
2.Have expertise in the origination of assets that are the same as or similar to those in the asset pools;
3.Have extensive servicing and workout expertise, thorough legal and collateral knowledge and a track record in loss mitigation for the same or similar assets;
4.Have expertise in the servicing of the underlying credit claims or receivables; and
5.Are supported by a management team with extensive industry experience.

In assessing whether “strong systems and reporting capabilities are in place”, well documented policies, procedures and risk management controls, as well as strong systems and reporting capabilities, may be substantiated by an independent third-party review for sellers that are non-banking entities.

3.Transparency to investors

Conduit level

To help provide full transparency to investors and to assist them in the conduct of their due diligence, the sponsor should ensure that the contractual obligations, duties and responsibilities of all key parties to the conduit, both those with a fiduciary responsibility and the ancillary service providers, are defined clearly both in the initial offering and in any relevant underlying documentation²⁰ of the conduit and the ABCP program it issues.

The sponsor should also make representations and warranties to investors that the duties and responsibilities of all key parties are clearly defined at the transaction level.

The sponsor should ensure that the initial offering documentation disclosed to investors contains adequate provisions regarding the replacement of key counterparties of the conduit (e.g. bank account providers and derivatives counterparties) in the event of failure or non-performance or insolvency or deterioration of creditworthiness of any such counterparty.

The sponsor should also make representations and warranties to investors that provisions regarding the replacement of key counterparties at the transaction level are well documented.

The sponsor should provide sufficient information to investors about the liquidity facility and credit support provided to the ABCP program for them to understand its functioning and key risks.

Transaction level

The sponsor should conduct due diligence with respect to the transactions on behalf of the investors.

To assist the sponsor in meeting its fiduciary and contractual obligations, the duties and responsibilities of all key parties to all transactions (both those with a fiduciary responsibility and the ancillary service providers) should be defined clearly in all the documentation underlying these transactions and made available to the sponsor.

The sponsor should ensure that provisions regarding the replacement of key counterparties (in particular, the servicer or liquidity provider) in the event of failure or nonperformance or insolvency or other deterioration of any such counterparty for the transactions are well documented (in the documentation of these individual transactions).

To enhance the transparency and visibility of all receipts, payments and ledger entries at all times, the sponsor should ensure that, for all transactions, the performance reports include all of the following: the transactions’ income and disbursements, such as scheduled principal, redemption principal, scheduled interest, prepaid principal, past due interest and fees and charges, and delinquent, defaulted, restructured and diluted amounts; and accurate accounting for amounts attributable to principal and interest deficiency ledgers.

²⁰ “Underlying documentation” does not refer to the documentation of the underlying transactions.

E. Additional Criteria for Capital Purposes
1.Credit risk of underlying exposures

At the date of acquisition of the assets, the underlying exposures must meet the conditions to be assigned a risk weight equal to or smaller than:
1. 6.40% on a value-weighted average exposure basis for the portfolio where the exposures are loans secured by residential mortgages or fully guaranteed residential loans;
2. 7.50% on an individual exposure basis where the exposure is a loan secured by a commercial mortgage;
3. 8.75% on an individual exposure basis where the exposure is a retail exposure; or
4. 9.100% on an individual exposure basis for any other exposure.
These risk weights should be after taking into account any eligible credit risk mitigation. The thresholds as set are based on the current Standardized Approach to credit risk, and may be revisited if the Standardized Approach for credit risk is subsequently revised.
2.Granularity of the pool

At the date of acquisition of any assets securitized by one of the conduits’ transactions, the aggregated value of all exposures to a single obligor at that date shall not exceed 2% of the aggregated outstanding exposure value of all exposures in the program. In the case of trade receivables where the credit risk of those trade receivables is fully covered by credit protection, provided that the protection provider is a financial institution, only the portion of the trade receivables remaining after taking into account the effective of any purchase price discount and overcollateralization shall be included in the determination of whether the 2% limit is breached.

IX. Market Risk

I. Introduction
1.This Standard articulates specific requirements for the calculation of the market risk capital requirement for banks in the UAE. It is based closely on requirements of the framework for capital adequacy developed by the Basel Committee on Banking Supervision (BCBS), specifically as articulated in Basel II: International Convergence of Capital Measurement and Capital Standards, June 2006, and subsequent revisions and clarifications thereto.
2.This Standard applies to:
- •the risks pertaining to interest rate related instruments and equities in the trading book; and
- •foreign exchange risk and commodities risk throughout the bank.
3.Capital requirements for market risk apply on a consolidated basis for all banks in the UAE. Note that the capital required for general and specific market risk under this Standard is in addition to, not in place of, any capital required under other Central Bank Standards. Banks should follow the requirements of all other applicable Central Bank Standards to determine overall capital adequacy requirements; for example, the Counterparty Credit Risk Standard.
4.The Standards follow the calibration developed by the Basel Committee, which includes a maximum risk weight of 1250%, calibrated on a total capital adequacy requirement of 8%. The UAE instituted a higher minimum capital requirement of 10.5% (excluding capital buffers), applicable to all licensed banks. Consequently, the maximum capital charge for a single exposure will be the lesser of the value of the exposure after applying valid credit risk mitigation, netting and haircuts, and the capital resulting from applying a risk weight of 952% (reciprocal of 10.5%) to this exposure.

II. Definitions
In general, terms in this Standard have the meanings defined in other Regulations and Standards issued by the Central Bank. In addition, for this Standard, the following terms have the meanings defined in this section.
1. a)A commodity is defined as a physical product that is or can be traded on a secondary market, e.g. agricultural products, minerals (including oil) and precious metals.
2. b)Convertible bonds are debt issues or preference shares that are convertible, at a stated price, into common shares of the issuer.
3. c)Deep-discount bonds are defined as bonds with a coupon of less than 3%.
4. d)A financial asset is any asset that is cash, the right to receive cash or another financial asset; or the contractual right to exchange financial assets on potentially favorable terms, or an equity instrument.
5. e)A financial instrument is any contract that gives rise to both a financial asset of one entity and a financial liability or equity instrument of another entity. Financial instruments include either primary financial instruments (or cash instruments) and derivative financial instruments.
6. f)A financial liability is the contractual obligation to deliver cash or another financial asset or to exchange financial liabilities under conditions that are potentially unfavorable.
7. g)General market risk is market risk related to broad movements in overall market prices or rates that reflect common movements among many related market instruments.
8. h)Marked-to-model refers to the use of quantitative models to determine the value of positions or exposures, typically in the absence of reliable market prices.
9. i)Market risk is defined as the risk of losses in on-balance-sheet and off-balance-sheet positions arising from movements in market prices.
10. j)A special purpose entity is an entity, typically created to be bankruptcy-remote from the sponsoring entity, with operations limited to the acquisition and financing of specific assets as a method of isolating risk.
11. k)Specific risk is market risk related to factors affecting a specific issuer, rate, currency, or commodity rather than to broad market movements.
12. l)A two-way market is deemed to exist where there are independent bona fide offers to buy and sell so that a price reasonably related to the last sales price or current bona fide competitive bid and offer quotations can be determined within one day and settled at such price within a relatively short time conforming to trade custom.

III. Requirements

A. Scope and Coverage
5.The capital charges, as explained below, for interest rate related instruments and equities would apply to the trading book. The capital charges for foreign exchange risk and for commodities risk will apply to banks’ total currency and commodity positions.
6.Banks must have clearly defined policies and procedures for determining which exposures to include in, and to exclude from, the trading book for purposes of calculating their regulatory capital, to ensure compliance with the criteria for trading book set forth in this Standard and taking into account the bank’s risk management capabilities and practices. These policies and procedures must be fully documented and subject to periodic internal audit, and at a minimum address the general considerations listed below:
- •The activities the bank considers to be trading and as constituting part of the trading book for regulatory capital purposes;
- •The extent to which an exposure can be marked-to-market daily by reference to an active, liquid two-way market;
- •For exposures that are marked-to-model, the extent to which the bank can:
  - –Identify the material risks of the exposure;
  - –Hedge the material risks of the exposure and the extent to which hedging instruments would have an active, liquid two-way market;
  - –Derive reliable estimates for the key assumptions and parameters used in the model.
- •The extent to which the bank can and is required to generate valuations for the exposure that can be validated externally in a consistent manner;
- •The extent to which legal restrictions or other operational requirements would impede the bank’s ability to effect an immediate liquidation of the exposure;
- •The extent to which the bank is required to, and can, actively risk manage the exposure within its trading operations; and
- •The extent to which the bank may transfer risk or exposures between the banking and the trading books and criteria for such transfers.
7.The following will be the basic requirements for positions eligible to receive trading book capital treatment:
- •Clearly documented trading strategy for the position/instrument or portfolios, approved by senior management (which would include expected holding horizon);
- •Clearly defined policies and procedures for the active management of the position, which must include;
  - –positions are managed on a trading desk;
  - –position limits are set and monitored for appropriateness;
  - –dealers have the autonomy to enter into/manage the position within agreed limits and according to the agreed strategy;
  - –positions are marked to market at least daily and when marking to model the parameters must be assessed on a daily basis;
  - –positions are reported to senior management as an integral part of the institution’s risk management process; and
  - –positions are actively monitored with reference to market information sources (assessment should be made of the market liquidity or the ability to hedge positions or the portfolio risk profiles). This would include assessing the quality and availability of market inputs to the valuation process, level of market turnover, sizes of positions traded in the market, etc; and
- •Clearly defined policy and procedures to monitor the positions against the bank’s trading strategy including the monitoring of turnover and stale positions in the bank’s trading book.
8.Term trading-related repo-style transactions that meet the requirements for trading- book treatment as stated in the paragraph above may be included in the bank’s trading book for regulatory capital purposes even if a bank accounts for those transactions in the banking book. If the bank does so, all such repo-style transactions must be included in the trading book, and both legs of such transactions, either cash or securities, must be included in the trading book. Regardless of where they are booked, all repo-style transactions are subject to a credit risk capital requirement under the Central Bank’s Standard for Credit Risk Capital.
9.When a bank hedges a banking book credit risk exposure using a credit derivative booked in its trading book (i.e. using an internal hedge), the banking book exposure is not deemed to be hedged for capital purposes unless the bank purchases from an eligible third party protection provider a credit derivative meeting the requirements in the Central Bank’s Standard for Credit Risk Capital. Where such third party protection is purchased and is recognized as a hedge of a banking book exposure for regulatory capital purposes, neither the internal nor external credit derivative hedge would be included in the trading book for regulatory capital purposes.
10.Positions in the bank’s own eligible regulatory capital instruments are deducted from capital. Positions in other banks’, securities firms’, and other financial entities’ eligible regulatory capital instruments, as well as intangible assets, will receive the same treatment as that set down by the Central Bank for such assets held in the banking book. Where a bank demonstrates to the Central Bank that it is an active market maker, then the Central Bank may establish a dealer exception for holdings of other banks’, securities firms’, and other financial entities’ capital instruments in the trading book. In order to qualify for the dealer exception, the bank must have adequate systems and controls surrounding the trading of financial institutions’ eligible regulatory capital instruments.
11.For the purposes of these Standards, the correlation trading portfolio incorporates securitisation exposures and nth-to-default credit derivatives that meet the following criteria:
- •The positions are neither resecuritisation positions, nor derivatives of securitisation exposures that do not provide a pro-rata share in the proceeds of a securitisation tranche; and
- •All reference entities are single-name products, including single-name credit derivatives, for which a liquid two-way market exists. This includes commonly traded indices based on these reference entities. Positions that reference an underlying that would be treated as a retail exposure, a residential mortgage exposure, or a commercial mortgage exposure under the standardized approach to credit risk are not included in the correlation-trading portfolio. Positions that reference a claim on a special purpose entity also are not included. A bank may include in the correlation trading portfolio positions that are hedges of securitisation exposures or nth-to-default credit derivatives, but that are not themselves either securitisation exposures or nth-to-default credit derivatives, where a liquid two-way market exists for the instrument or its underlying.

B. Standardized Measurement Methods

1.Interest rate risk

12.This Standard describes the framework for measuring the risk of holding or taking positions in debt securities and other interest rate related instruments in the trading book. The instruments covered include all fixed-rate and floating-rate debt securities and instruments that behave like them, including non-convertible preference shares. Banks should treat convertible bonds as debt securities if they trade like debt securities and as equities if they trade like equities.

13.The minimum capital requirement is expressed in terms of two separately calculated charges, one applying to the “specific risk” of each security, whether it is a short or a long position, and the other to the interest rate risk in the portfolio (“general mark

et risk”) where long and short positions in different securities or instruments can be offset.

Specific risk

14.In measuring the capital charge for specific risk, offsetting of long and short positions is restricted to matched positions in the identical issue (including positions in derivatives). No offsetting is permitted between different issues, even if the issuer is the same.

15.The specific risk capital charges for interest rate risk are as specified in Table 1 below.

Table 1: Specific Risk Charges for Interest Rate Risk

Categories	External credit assessment	Specific risk capital charge
Government	AAA to AA-	0%
	A+ to BBB-	0.25% (residual term to final maturity 6 months or less) 1.00% (residual term to final maturity greater than 6 and up to and including 24 months) 1.60% (residual term to final maturity exceeding 24 months)
	BB+ to B-	8%
	Below B-	12%
	Unrated	8%
Qualifying		0.25% (residual term to final maturity 6 months or less) 1.00% (residual term to final maturity greater than 6 and up to and including 24 months) 1.60% (residual term to final maturity exceeding 24 months)
Other	BB+ to BB-	8%
	Below BB-	12%
	Unrated	8%

16.The category “government” includes all forms of government paper as defined in the Central Bank’s Standard for Credit Risk. Exposure to the Federal Government and Emirates Government receive 0% risk weight, if such exposures are denominated and funded in AED or USD for a transition period of 7 years from the date of implementation of this Standard. After the transition period, 0% risk weights are only applied to exposures that are denominated and funded in AED. In general, only government debt rated AA- or better is eligible for the 0% specific risk charge. However, for debt rated below AA-, when the government paper is denominated in the domestic currency and funded by the bank in the same currency, the Central Bank uses national discretion to apply a 0% specific risk charge.²¹ The national discretion is limited to GCC Sovereigns.

17.The “qualifying” category includes securities issued by public sector entities and multilateral development banks, plus other securities that are rated investment-grade by at least two credit rating agencies recognized by the Central Bank for this purpose per Central Bank standards, or are rated investment-grade by one rating agency and not less than investment-grade by any other rating agency recognized by the Central Bank. Unrated securities may be considered “qualifying” subject to Central Bank approval on a case-by-case basis if the bank deems them to be of comparable investment quality and the issuer has securities listed on a recognized stock exchange. Unrated securities that are considered “qualifying” by the Central Bank can be recategorised from time to time if the Central Bank deems this necessary.

18.The specific risk charges stated in Table 1 for instruments issued by a non-qualifying issuer may considerably underestimate the specific risk for certain debt instruments with a high yield to redemption relative to government debt securities. In such cases, the Central Bank may direct a bank to apply a higher specific risk charge to such instruments, and/or to disallow offsetting of general market risk between such instruments and any other debt instruments.

19.Banks must determine the specific risk capital charge for the correlation trading portfolio by computing (i) the total specific risk capital charges that would apply just to the net long positions from the net long correlation trading exposures combined, and (ii) the total specific risk capital charges that would apply just to the net short positions from the net short correlation trading exposures combined. The larger of these two amounts in terms of domestic currency is then the specific risk capital charge for the correlation-trading portfolio.

Specific risk rules for positions covered under the securitisation framework

20.The specific risk charges for securitisation exposures held in the trading book are based on the risk weights assigned to securitisation exposures under the Central Bank’s Standard on Required Capital for Securitisation Exposures. Specifically, banks should determine the applicable risk weight applied to such positions in the banking book, and multiply the result by 8% to obtain the specific risk charge for the trading book exposure.

21.A securitisation exposure subject to a risk weight of 1250% under the Central Bank requirements (and therefore to a 100% specific risk charge under this Standard) may be excluded from the calculation of capital for general market risk.

Limitation of the specific risk capital charge to the maximum possible loss

22.Banks may limit the capital required for an individual position in a credit derivative or securitisation instrument to the maximum possible loss. For a short risk position, this limit can be calculated as the change in value due to the underlying names immediately becoming default risk-free. For a long risk position, the maximum possible loss could be calculated as the change in value in the event that all the underlying names were to default with zero recoveries. The maximum possible loss must be calculated for each individual position.

Specific risk capital charges for positions hedged by credit derivatives

23.Full allowance and offset can be recognized when the values of two legs, that is, long and short, always move in opposite directions and move broadly to the same extent. This would be the case when the two legs consist of completely identical instruments (e.g. two instruments with exactly the same issuer, coupon, currency, and maturity), or when a long cash position is hedged by a total rate of return swap (or vice versa) and there is an exact match between the reference obligation and the underlying cash position. (The maturity of the swap itself may be different from that of the underlying exposure.) In these cases, no specific risk capital requirement applies to either side of the position.

24.An 80% offset can be recognized when the value of long and short legs always move in opposite directions, but do not move broadly to the same extent. This would be the case when a long cash position is hedged by a credit default swap or a credit linked note (or vice versa) and there is an exact match in terms of the reference obligation, the maturity of both the reference obligation and the credit derivative, and the currency of the underlying exposure. In addition, key features of the credit derivative contract should not cause the price movement of the credit derivative to materially deviate from the price movements of the cash position. To the extent that the transaction transfers risk, that is taking account of restrictive payout provisions such as fixed payouts and materiality thresholds, an 80% specific risk offset can be applied to the side of the transaction with the higher capital charge, while the specific risk requirement on the other side is zero.

25.Partial allowance and offset can be recognized when the value of the long and short legs usually, but not necessarily always, move in opposite directions. This is the case in the following situations:

•The position would meet the conditions for full allowance but there is not an exact match between the reference obligation and the underlying exposure; the position otherwise meets the operational requirements for credit derivatives for credit risk mitigation under the Central Bank’s Standard for Credit Risk Capital.
•The position would meet the conditions for full allowance but there is a currency or maturity mismatch between the credit protection and the underlying asset.
•The position would meet the conditions for full allowance but there is an asset mismatch between the cash position and the credit derivative. However, the underlying asset is included in the (deliverable) obligations in the credit derivative documentation.

In each of the cases above, rather than adding the specific risk capital requirements for each side of the transaction (i.e. the credit protection and the underlying asset), the bank can apply only the higher of the two capital requirements. Otherwise, in cases that do not meet the conditions above, a specific risk capital charge must be assessed against both sides of the position.

26.The capital charge for specific risk for a first-to-default credit derivative is the lesser of (1) the sum of the specific risk capital charges for the individual reference credit instruments in the basket, and (2) the maximum possible credit event payment under the contract. Where a bank has a risk position in one of the reference credit instruments underlying a first-to-default credit derivative and this credit derivative hedges the bank’s risk position, the bank may reduce with respect to the hedged amount both the capital charge for specific risk for the reference credit instrument and that part of the capital charge for specific risk for the credit derivative that relates to this particular reference credit instrument. Where a bank has multiple risk positions in reference credit instruments underlying a first-to-default credit derivative, this offset is allowed only for that underlying reference credit instrument having the lowest specific risk capital charge.

27.For nth-to-default credit derivatives with n greater than one, no offset of the capital charge for specific risk with any underlying reference credit instrument is allowed. If the nth-to-default credit derivative is externally rated, then the protection seller must calculate the specific risk capital charge using the approach applied for securitisation exposures held in the trading book. Specifically, banks should determine the applicable risk weight applied to such positions as securitisation exposures in the banking book, and multiply the result by 8% to obtain the specific risk charge for the derivative exposure. Otherwise, the capital charge for specific risk for nth-to-default credit derivative with n greater than one is the lesser of (1) the sum of the specific risk capital charges for the individual reference credit instruments in the basket but disregarding the n-1 obligations with the lowest specific risk capital charges; and (2) the maximum possible credit event payment under the contract. The capital charge for nth-to-default credit derivative positions applies irrespective of whether the bank has a long or short position, that is, whether the bank obtains or provides protection.

General market risk

28.For general market risk, positions are slotted into time bands. The capital charge is the sum of four components calculated from amounts in each time band:

•The net short or long position in the whole trading book;
•A small proportion of the matched positions in each time-band (the “vertical disallowance”);
•A larger proportion of the matched positions across different time-bands (the “horizontal disallowance”); and
•Where applicable, a net charge for positions in options.

29.A bank can choose between two principal methods of slotting positions into time bands for general market risk: a “maturity” method and a “duration” method.

30.In the maturity method, long or short positions in debt securities and other sources of interest rate exposures including derivative instruments are slotted into a maturity ladder comprising thirteen time-bands (or fifteen time-bands in case of low coupon instruments). Fixed rate instruments must be allocated according to the residual term to maturity and floating-rate instruments according to the residual term to the next repricing date. Opposite positions of the same amount in the same issues (but not different issues by the same issuer), whether actual or notional, can be omitted from the interest rate maturity framework, as can closely matched swaps, forwards, futures, and forward rate agreements (FRAs) that meet the conditions set out below in this Standard on allowable offsetting of matched positions.

31.The first step in the calculation is to weight the positions in each time-band by a risk weight designed to reflect the price sensitivity of those positions to assumed changes in interest rates. The weights for each time-band are set out in the risk-weight column of Table 2. Zero-coupon bonds and deep-discount bonds (defined as bonds with a coupon of less than 3%) should be slotted according to the time-bands set out in the column labeled “Coupon less than 3%” in Table 2.

Table 2: Risk Weights and Assumed Yield Changes for General Market Risk, by Zone and Time Band

Zones	Coupon 3% or more	Coupon less than 3%	Risk weight	Assumed Yield Change
Zone 1	1 month or less	1 month or less	0.00%	1.00
	1 to 3 months	1 to 3 months	0.20%	1.00
	3 to 6 months	3 to 6 months	0.40%	1.00
	6 to 12 months	6 to 12 months	0.70%	1.00
Zone 2	1 to 2 years	1.0 to 1.9 years	1.25%	0.90
	2 to 3 years	1.9 to 2.8 years	1.75%	0.80
	3 to 4 years	2.8 to 3.6 years	2.25%	0.75
Zone 3	4 to 5 years	3.6 to 4.3 years	2.75%	0.75
	5 to 7 years	4.3 to 5.7 years	3.25%	0.70
	7 to 10 years	5.7 to 7.3 years	3.75%	0.65
	10 to 15 years	7.3 to 9.3 years	4.50%	0.60
	15 to 20 years	9.3 to 10.6 years	5.25%	0.60
	over 20 years	10.6 to 12 years	6.00%	0.60
		12 to 20 years	8.00%	0.60
		over 20 years	12.50%	0.60

32.The next step in the calculation is to offset the weighted longs and shorts in each time-band, resulting in a single short or long position for each band. A 10% capital charge to reflect basis risk and gap risk – the vertical disallowance – is levied on the smaller of the offsetting long or short positions in each time-band. The result is two sets of weighted positions, the net long or short positions in each time-band and the vertical disallowances, which have no sign.

33.Next, banks are allowed to conduct two rounds of “horizontal offsetting,” subject to disallowances expressed as a fraction of the matched positions. First, the weighted long and short positions in each of three zones identified in Table 2 may be offset, subject to the matched portion attracting a within-zone disallowance factor that is part of the capital charge:

Within Zone 1:	40%
Within Zone 2 or Zone 3:	30%

34.Second, the residual net position in each zone may be carried over and offset against opposite positions in other zones, subject to a second set of disallowance factors that apply between zones:

Between Zone 1 and Zone 2:	40%
Between Zone 2 and Zone 3:	40%
Between Zone 1 and Zone 3:	100%

35.Under the alternative duration method, banks with the necessary capability may, with the Central Bank’s consent, calculate the price sensitivity of each position separately. Banks must elect and use this method on a continuous basis unless a change in method is approved by the Central Bank. To apply the duration method, banks should apply the following steps in order:

•Calculate the price sensitivity of each instrument in terms of a change in interest rates of between 0.6 and 1.0 percentage points depending on the maturity of the instrument per the last column of Table 2;
•Slot the resulting sensitivity measures into the fifteen time-bands set out in the “Coupon less than 3%” column of Table 2;
•Subject long and short positions in each time-band to a 5% vertical disallowance to reflect basis risk; and
•Carry forward the net positions in each time-band for horizontal offsetting subject to the within-zone and between-zone horizontal disallowances specified above.

36.Under either the maturity method or the duration method, separate maturity ladders should be used for each currency, and capital charges should be calculated for each currency separately and then summed with no offsetting across currencies between positions of opposite sign.

37.In the case of currencies in which business is insignificant, the bank may construct a single maturity ladder, and slot within each appropriate time-band the net long or short position for each currency. However, these individual net positions must be summed within each time-band, irrespective of whether they are long or short positions, to produce a gross position figure. These gross positions in each time band are then subject to the risk weights from Table 2, with no further offsetting permitted.

Interest rate derivatives

38.Interest rate risk calculations for market risk capital should include all interest rate derivatives and off-balance-sheet instruments held in the trading book that respond to changes in interest rates. The derivatives should be converted into equivalent positions in the relevant underlying, and then be subject to the specific and general market risk requirements as described above. Amounts reported should be the market value of the notional amount of the underlying or of the notional underlying. For instruments where the apparent notional amount differs from the effective notional amount, banks must use the effective notional amount.

39.Futures and forward contracts, including forward rate agreements, should be treated as a combination of a long position and a short position in a notional government security. The contractual period until delivery or exercise of a future or FRA, plus the life of the underlying instrument where applicable, should be used as the maturity. Where a range of deliverable instruments may be delivered to fulfil the contract, the bank can choose which deliverable security goes into the maturity or duration ladder, but should take into account any conversion factor defined by the exchange. In the case of a future on a corporate bond index, the position should be included in the maturity or duration ladder at the market value of the notional underlying portfolio of securities.

40.Swaps should be treated as two notional positions in government securities with relevant maturities. For swaps that pay or receive a fixed or floating interest rate against some other reference price such as an equity price, the interest rate component should be slotted into the appropriate repricing maturity category, with the equity component being included in the equity framework. The separate legs of cross-currency swaps are to be reported in the relevant maturity ladders for the currencies concerned.

Allowable offsetting of matched positions

41.If a bank has matching long and short positions in the trading book, where both actual and notional match in identical instruments with exactly the same issuer, coupon, currency and maturity, those positions may be excluded from interest rate capital framework altogether, for both specific and general market risk. A matched position in a future or forward and its corresponding underlying may be fully offset, and thus excluded from the calculation. When the future or forward comprises a range of deliverable instruments, offsetting of positions in the future or forward contract and its underlying is only permissible in cases where there is a readily identifiable underlying security that is most profitable for the trader with a short position to deliver. No offsetting is allowed between positions in different currencies; the separate legs of cross-currency swaps or forward foreign exchange deals are to be treated as notional positions in the relevant instruments and included in the appropriate calculation for each currency.

42.Under certain conditions, opposite positions in the same category of instruments, including options at their delta-equivalent value and the separate legs of different swaps, can be regarded as matched and allowed to offset fully. The positions must relate to the same underlying instruments, be of the same nominal value, and be denominated in the same currency. In addition:

(i)for futures: offsetting positions in the notional or underlying instruments to which the futures contract relates must be for identical products and mature within seven days of each other;
(ii)for swaps and FRAs: the reference rate (for floating rate positions) must be identical and the coupon closely matched (within 15 basis points); and
(iii)for swaps, FRAs and forwards: the next interest fixing date or, for fixed coupon positions or forwards, the residual maturity must correspond to one another within the following limits:
1. (a)less than one month hence: must be same day;
2. (b)between one month and one year hence: must be within seven days of one another; or
3. (c)over one year hence: must be within thirty days of one another.

Specific risk for interest rate derivatives

43.Interest rate and currency swaps, FRAs, forward foreign exchange contracts, and interest rate futures are not subject to a specific risk charge. This exemption also applies to futures on an interest rate index. However, in the case of futures contracts where the underlying is a debt security, or an index representing a basket of debt securities, such a specific risk charge does apply.

General market risk for interest rate derivatives

44.General market risk applies to positions in all derivative products in the same manner as for cash positions, subject only to the allowable offsetting of fully or very closely matched positions in identical instruments as defined above in this Standard. The various categories of instruments should be slotted into the maturity ladder and treated according to the rules identified earlier.

45.Table 3 below presents a summary of the regulatory treatment for interest rate derivatives for market risk purposes. Note that a contract for which the underlying instrument is a government debt security rated AA- or better has no capital requirement for specific risk. Also, note that the specific risk charge relates to the issuer of the instrument that is referenced by the derivative contract; the derivative is still subject to a separate capital charge for counterparty credit risk under the Central Bank’s Standard for Counterparty Credit Risk.

Table 3: Summary of treatment of interest rate derivatives

Instrument	Specific risk charge	General market risk charge
Futures and forward contracts on:
•Government debt securities	Yes, if below AA-
•Corporate debt securities	Yes	Yes, as two positions
•Index on interest rates	No
FRAs and swaps	No	Yes, as two positions
Forward foreign exchange	No	Yes, as one position in each currency
Options on:		Either (a)carve out together with associated hedging positions under the simplified approach; or (b)calculate general market risk charge according to the delta-plus approach (gamma and vega should receive separate capital charges)
•Government debt securities	Yes, if below AA-
•Corporate debt securities	Yes
•Index on interest rates	No
•FRAs and swaps	No

2.Equity position risk

46.This section covers market risk capital for positions in equities held in the trading book. It applies to long and short positions in all instruments that exhibit market behavior similar to equities. It applies to common stocks – whether voting or non-voting – convertible securities that behave like equities, and commitments to buy or sell equity securities, but not to non-convertible preference shares.

47.As with debt securities, the minimum capital standards for equities includes two separately calculated charges, one for the “specific risk” of holding a long or short position in an individual equity, and one for the “general market risk” of holding a long or short position in the market as a whole. The requirements apply in modified form to equity derivative products, stock indices, and index arbitrage; the relevant modifications are described later in this Standard.

Specific and general market risk

48.Specific risk is calculated as a percentage of the bank’s gross equity positions, that is, the sum of all long equity positions and all short equity positions, summed without regard to sign (that is, the sum of the absolute values of the positions in each equity). The capital charge for specific risk is calculated as 8% of gross equity positions.

49.General market risk is calculated based on overall net position in an equity market, which is the difference between the sum of the longs and the sum of the shorts. The capital charge for general market risk is calculated as 8% of overall net equity positions.

50.Long and short positions in the same issue may be reported on a net basis. The long or short position in the market must be calculated on a market-by-market basis, that is, a separate calculation has to be carried out for each national market in which the bank holds equities.

Equity derivatives

51.Equity derivatives and off-balance-sheet positions that are affected by changes in equity prices should be included in the measurement system, with the exception of certain options positions as described further below. This includes futures and swaps on both individual equities and on stock indices.

Calculation of positions

52.To calculate specific and general market risk, derivatives are converted into equivalent positions in the relevant underlying. Positions in derivatives should be converted into notional equity positions as follows:

•Futures and forward contracts relating to individual equities should be reported at current market prices;
•Futures relating to stock indices should be reported as the marked-to-market value of the notional underlying equity portfolio;
•Equity swaps should be treated as two notional positions; and
•Equity options and stock index options should either be “carved out” together with the associated underlying or be incorporated in the measure of general market risk described in this section according to the delta-plus method.

53.Matched positions in each identical equity or stock index in each market may be fully offset, resulting in a single net short or long position to which the specific and general market risk charges will apply. For example, a future in a given equity may be offset against an opposite cash position in the same equity. Any interest rate risk arising out of the future, however, should be treated per the requirements for interest rate risk in the trading book.

Specific Risk and General Market Risk for Equity Derivatives

54.Table 4 below presents a summary of the regulatory treatment for equity derivatives for market risk purposes. Note that derivatives are also subject to a separate capital charge for counterparty credit risk under the Central Bank’s Standard for Counterparty Credit Risk.

Table 4: Summary of treatment of equity derivatives

Instrument	Specific risk charge	General market risk charge
Futures and forward contracts on:
•Individual equities	Yes	Yes, as underlying
•Equity indexes	2%	Yes, as underlying
Options on:		Either (a)carve out together with associated hedging positions under the simplified approach; or (b)calculate general market risk charge according to the delta-plus approach (gamma and vega should receive separate capital charges)
•Individual equities	Yes
•Equity indexes	2%

55.In addition to the general market risk requirement, a further capital charge of 2% must be applied to the net long or short position in index contracts on a diversified portfolio of equities, to cover factors such as execution risk.

56.Where a bank engages in a deliberate arbitrage strategy under which a basket of stocks is matched against a futures contract on a broadly-based index, a modified capital requirement applies, provided:

•The trade has been deliberately entered into and separately controlled as part of the strategy; and
•The composition of the basket of stocks represents at least 90% of the index when broken down into its notional components.

In such a case, the capital requirement is 2% of the gross value of the positions on each side. This requirement applies even if all of the stocks comprising the index are held in identical proportions. Any excess value of the stocks comprising the basket over the value of the futures contract or excess value of the futures contract over the value of the basket must be treated as an open long or short equity position.

57.However, on certain futures-related arbitrage strategies, the additional 2% capital charge is applied to only one side of the trade, with the opposite position exempt from this capital charge. This special treatment applies:

•When a bank takes an opposite position in exactly the same index at different dates or in different market centers; or
•When a bank has opposite positions in contracts involving different but similar indices at the same date (in which case, the Central Bank may determine whether the two indices in such a strategy are sufficiently similar, with sufficient common components).

58.A bank with a position in depository receipts against an opposite position in the underlying equity, or identical equities in different markets, may offset the positions the long and short positions, provided that any costs on conversion are fully taken into account. (Such trades may also introduce foreign exchange risk requiring market risk capital.)

3.Foreign exchange risk

59.This section sets out minimum capital standards to cover the risk of holding or taking positions in foreign currencies, including gold. Gold is treated as a foreign exchange position for purposes of market risk rather than as a commodity, because its volatility is more in line with foreign currencies and because banks typically manage gold exposures in a similar manner to foreign currencies. These requirements apply to all foreign currency and gold exposures throughout the entire bank, in both the trading book and the banking book.

Measuring the exposure in a single currency

60.The bank’s net open position in each currency, long or short, should be calculated by summing:

•The net spot position calculated as all asset items less all liability items denominated in a given currency, including accrued interest and accrued expenses;
•The net forward position calculated as all amounts to be received less all amounts to be paid under forward foreign exchange transactions in a given currency, including currency futures and the principal on currency swaps not included in the spot position;
•Guarantees (and similar instruments) in the given currency that are certain to be called and are likely to be irrecoverable;
•At the discretion of the reporting bank, net future income and expenses not yet accrued but already fully hedged;
•Any other item representing a profit or loss in foreign currencies; and
•The net delta-based equivalent of the total book of foreign currency options. (Options are also subject to additional considerations as described below in this Standard.)

61.Expected but unearned future interest and expenses may be excluded unless the amounts are certain and have been hedged. If a bank includes future income and expenses, it must do so on a consistent basis, and is not permitted to select only those expected future flows that reduce required capital.

62.Positions in composite currencies (such as SDRs or synthetic currencies) should be separately reported, but may be either treated as currencies in their own right or split into their component parts for measuring the bank’s open positions. While either approach may be used, the selected approach should be used consistently by the bank.

63.Positions (either spot or forward) in gold should first be expressed in common units (e.g. kilos or pounds), with the net position converted at current spot rates into UAE Dirham equivalent value. Where gold is part of a forward contract (quantity of gold to be received or to be delivered), any interest rate or foreign currency exposure from the other leg of the contract should be reported as set out for interest rate and currency exposures under this Standard.

64.Forward positions may be valued at current spot market exchange rates. However, banks that use net present values of positions in their normal management accounting are expected to use those net present values, discounted using current interest rates and valued at current spot rates, for measuring their forward currency and gold positions.

65.Items that are deducted from a bank’s capital when calculating its capital base, such as investments in non-consolidated subsidiaries, or other long-term participations denominated in foreign currencies, which are reported in the published accounts at historic cost, do not need to be included as foreign currency exposures for the foreign exchange risk calculation.

66.When assessing foreign exchange risk on a consolidated basis, it may be technically impractical in the case of some marginal operations to include the currency positions of some foreign branches or subsidiaries. In such cases, the bank may use an established internal position limit in each currency as a proxy for the actual position, provided there is adequate ex-post monitoring of actual positions against such limits to confirm that the limits are effective. The bank should add the limits, without regard to sign, to the net open position in each currency.

67.Banks should convert the nominal amount (or net present value) of the net position in each foreign currency and in gold at current spot rates into UAE Dirham (AED) equivalent for purposes of reporting and capital calculations.

Measuring market risk for foreign exchange positions

68.Calculation of market risk capital for foreign currency positions is based on the net open positions in foreign currencies and in gold. For purposes of market risk capital requirements, the Central Bank takes into account the stable relationship between the AED and the US dollar, which results in UAE banks facing no material foreign exchange market risk with respect to open US dollar positions.

69.A bank should calculate its overall net open foreign exchange position for the bank as follows:

•Calculate the sum of all net short foreign currency positions, and the sum of all net long foreign currency positions, excluding the net open position in the US dollar.
•Take the larger of the two sums, from the step above, and add the absolute value of the net position (short or long) in gold.

The capital charge for foreign exchange market risk is 8% of the position resulting from the calculation above.

70.A bank doing negligible business in foreign currency that does not take foreign exchange positions for its own account may, at the discretion of the Central Bank, be exempted from capital requirements on these positions provided that:

•Its foreign currency business, measured as the greater of the sum of its gross long positions and the sum of its gross short positions in all foreign currencies including the US dollar, does not exceed 100% of total capital; and
•Its overall net open foreign exchange position as defined in this section does not exceed 2% of total capital.

4.Commodities risk

71.This section establishes a minimum capital standard to cover the risk of holding or taking positions in commodities, including precious metals but excluding gold. Banks may choose between two alternative approaches for measuring commodities position risk: a maturity ladder approach based on seven time-bands, and a simplified approach.

72.Under either approach, long and short positions may be offset to calculate open positions in each commodity. Banks first express each commodity position (spot plus forward) in a standard unit of measurement (barrels, kilos, grams etc.), then convert the net position in each commodity into a value in AED at current spot rates. For markets that have daily delivery dates, any contracts maturing within ten days of one another may be offset.

73.In general, long and short positions in different commodities may not be offset. However, the Central Bank permits banks to offset long and short positions in different commodities within a given commodity type in cases where the commodities are deliverable against one another, where “commodity type” has the meaning as defined in the Counterparty Credit Risk Standard. The Central Bank may also permit offsetting if the commodities are close substitutes for each other and a minimum correlation of 0.9 between their price movements can be clearly established by the bank over a minimum period of one year. However, a bank basing its capital calculation on correlations must satisfy the Central Bank of the accuracy of the method chosen for assessing correlation, and must obtain the Central Bank’s prior approval. In addition, the bank must have an approved process for identifying commodity types under the Counterparty Credit Risk Standard.²²

74.All commodity derivatives and off-balance-sheet positions that are affected by changes in commodity prices should be included in this measurement framework. This includes commodity futures, commodity swaps, and options where the “delta plus” method is used. In order to calculate the risk, commodity derivatives should be converted into notional commodities positions and assigned to maturities as follows:

•Futures and forward contracts relating to individual commodities should be incorporated in the measurement system as notional amounts of barrels, kilos etc. and should be assigned a maturity with reference to expiry date.
•Commodity swaps where one leg is a fixed price and the other is the current market price should be incorporated as a series of positions equal to the notional amount of the contract, with one position corresponding to each payment on the swap and slotted into the maturity ladder accordingly. The positions would be long positions if the bank is paying fixed and receiving floating, and short positions if the bank is receiving fixed and paying floating.

75.Banks should incorporate commodity swaps where the legs are in different commodities into the relevant maturity ladder, with no offsetting allowed.

Maturity ladder approach

76.Under the maturity ladder approach, the bank assigns positions in each commodity to one of seven time bands, as shown in Table 5 below. Banks must use a separate maturity ladder for each commodity. Holdings of physical stocks of any commodity should be allocated to the shortest time band (that is, 0-1 month).

Table 5: Time-bands for the maturity ladder

Time band	Maturity range
1	0	- 1	month
2	1	- 3	months
3	3	- 6	months
4	6	- 12	months
5	1	- 2	years
6	2	- 3	years
7	over	3	years

77.Capital for commodity market risk consists of two broad components: a set of capital charges on the gross positions (long plus short) in each time band and capital charges against a series of net position calculations. Each component is described further below.

78.For the first component, the bank should calculate 1.5% of the gross position (long plus short, without offsetting) in each of the seven time bands, and sum the results across time bands.

79.For the second component, the bank should first calculate 0.6% of the net position (the absolute value of the difference between long and short positions) in time band 1. To this, the bank should add 0.6% of the net position in time bands 1 and 2 combined. The bank should do the same for time bands 1 through 3 combined, 1 through 4 combined, 1 through 5 combined, and 1 through 6 combined, each time adding 0.6% of the calculated net position. Finally, the bank should add 15% of the net position across all time bands (1 through 7).

80.Required capital for commodity market risk is then the sum of the two broad components calculated per the two paragraphs above.

Simplified approach

81.Under the simplified approach, the capital charge is set at 15% of the net position, long or short, in each commodity. However, each commodity is subject to an additional capital charge of 3% of the bank’s gross position - long plus short - in that particular commodity. In valuing the gross positions in commodity derivatives for this purpose, banks should use the current spot price.

5.Treatment of options

82.Two alternative approaches apply to options. Banks with purchased options only (rather than written or sold options) can choose to use a simplified approach described below. Banks with more complex option positions that also write options must use the delta- plus approach rather than the simplified approach.

83.If a bank has written option positions, but all of those written options are hedged by perfectly matched long positions in exactly the same options, no capital is required for market risk on those options.

Simplified approach

84.Under the simplified approach, banks use the following treatments for option positions as noted:

Purchased call or purchased put: The capital charge is the lesser of (1) the market value of the underlying security multiplied by the sum of specific and general market risk charges for the underlying, or (2) the market value of the option. Where the position does not fall within the trading book (i.e. options on certain foreign exchange or commodities positions not belonging to the trading book), it may be acceptable to use the book value instead of the market value.

Purchased put with a long position in the underlying cash instrument, or purchased call with a short position in the underlying cash instrument: The capital charge is the market value of the underlying security multiplied by the sum of specific and general market risk charges for the underlying, less the amount the option is in the money (if any), bounded at zero. For options with a residual maturity of more than six months, the strike price should be compared with the forward, not current, price. A bank unable to do this must take the in-the-money amount to be zero.

85.In some cases, such as foreign exchange, it may be unclear which side is the “underlying security.” In such cases, the asset that would be received if the option were exercised should be considered as the underlying. In addition, the nominal value should be used for items where the market value of the underlying instrument could be zero, such as caps and floors, swaptions, or similar instruments.

Delta-plus approach

86.Options should be included in market risk calculations for each type of risk as a delta-weighted position equal to the market value of the underlying multiplied by the delta.

87.For options with equities as the underlying, the delta-weighted positions should be incorporated into the equity market risk capital calculation described above in this Standard. For purposes of this calculation, each national market should be treated as a separate underlying. Similarly, the capital charge for options on foreign exchange and gold positions should be based on the method set out in the section on foreign exchange risk. The net delta-based equivalent of the foreign currency and gold options should be incorporated into the measurement of the exposure for the respective currency (or gold) position. The capital charge for options on commodities should be based on either the simplified or the maturity ladder approach.

88.Delta-weighted positions with debt securities or interest rates as the underlying should be slotted into the interest rate time-bands, using either the maturity method or the duration method, under the following procedure. A two-legged approach should be used as for other derivatives, requiring one entry at the time the underlying contract takes effect and a second at the time the underlying contract matures. For instance, a purchased call option on a June three-month interest-rate future should in April be considered, on the basis of its delta-equivalent value, to be a long position with a maturity of five months and a short position with a maturity of two months. A written option should be similarly slotted as a long position with a maturity of two months and a short position with a maturity of five months. Floating rate instruments with caps or floors should be treated as a combination of floating rate securities and a series of European-style options.

89.In addition to the capital charges arising from delta risk as described above, banks using the delta-plus approach are subject to capital charges for gamma and Vega risk as described below. Banks are required to determine the gamma and Vega for each option position (including hedge positions) separately. These sensitivities must be calculated using an approved exchange model, or using the bank’s proprietary options pricing models subject to oversight by the Central Bank. The capital charges should be calculated as follows:

(i)for each individual option a “gamma impact” should be calculated as:
Gamma impact = ½ × Gamma × VU²

where VU = Variation of the underlying of the option.
(ii)VU will be calculated as follows:
- •For interest rate options if the underlying is a bond, the market value of the underlying should be multiplied by the risk weights set out in Table 2. An equivalent calculation should be carried out where the underlying is an interest rate, again based on the assumed changes in yield from Table 2;
- •For options on equities and equity indices, the market value of the underlying should be multiplied by 8%;
- •For foreign exchange and gold options, the market value of the underlying should be multiplied by 8%;
- •For options on commodities, the market value of the underlying should be multiplied by 15%.
(iii)For the purpose of this calculation the following positions should be treated as the same underlying:
- •For interest rates, each time-band as set out in Table 2;
- •For equities and stock indices, each national market;
- •For foreign currencies, each currency pair (and gold);
- •For commodities, each individual commodity.
(iv)Each option on the same underlying will have a gamma impact that is either positive or negative. These individual gamma impacts should be summed; resulting in a net gamma impact for each underlying that is either positive or negative. Only those net gamma impacts that are negative should be included in the capital calculation.

90.The total gamma capital charge is the sum of the absolute value of the net negative gamma impacts as calculated above.

91.For volatility risk or Vega, banks are required to calculate the capital charges by multiplying the sum of the Vegas for all options on the same underlying, as defined above, by a proportional shift in volatility of +/-25%. The total capital charge for Vega risk is the sum of the absolute value of the individual capital charges that have been calculated for Vega risk.

²¹ This use of national discretion aligns the Market Risk Standard with the similar treatment under the Credit Risk Standard.

²² The Central Bank has exercised the national discretion provided under the BCBS framework to permit offsetting of long and short positions in closely related commodities under the conditions described in this Standards. The Central Bank believes that this approach provides appropriate recognition of the actual underlying risks, while requiring well-controlled processes to identify the relevant offsetting commodity positions. It also aligns the treatment of commodities under this Standards with the corresponding treatment of commodity positions with respect to market-driven exposure under the Central Bank’s counterparty credit risk requirements.

IV. Risk-Weighted Assets
92.The total minimum required capital charge for market risk is the sum of the separate calculations for interest rate risk, equity risk, foreign exchange risk, and commodities risk as defined above, with additional capital for options positions as appropriate A bank must calculate the RWA for market risk by multiplying the total capital requirement for market risk as calculated above by the factor 12.5:
Market Risk RWA = (Capital Charge × 12.5)

V. Review Requirements
93.Bank calculations under this Standard and associated bank processes must be subject to appropriate levels of independent review and challenge. Reviews must cover material aspects of the calculations under this Standard, including but not limited to the processes for identification of relevant positions in the trading book and/or banking book, the application of the requirements for calculation of specific risk and general risk for each type of market risk, the identification of offsetting long and short positions, and the treatment of options positions under either the simplified approach or the delta-plus approach.

VI. Shari’ah Implementation
94.Banks offering Islamic financial services which have market exposure in their Shari’ah compliant transactions held in the banking and trading books, which are parallel to the transactions stated in this standard, shall calculate the relevant risk weighted assets to maintain an appropriate level of capital in accordance with the provisions of this Standard, provided that it is in a manner that is Shari’ah compliant.

VII. Appendix: Prudent Valuation Guidance
95.Banks should apply prudent valuation practices for the trading book. These practices should at a minimum include the systems and controls, as well as the aspects of valuation methodologies, described in this Appendix.

A. Systems and Controls
96.Banks must establish and maintain adequate systems and controls sufficient to give management and the Central Bank confidence that their valuation estimates are prudent and reliable. These systems must be integrated with other risk management systems within the organization (such as credit analysis). Such systems must include:
- •Documented policies and procedures for the process of valuation. This includes clearly defined responsibilities of the various areas involved in the determination of the valuation, sources of market information and review of their appropriateness, guidelines for the use of unobservable inputs reflecting the bank’s assumptions of what market participants would use in pricing the position, frequency of independent valuation, timing of closing prices, procedures for adjusting valuations, end of the month and ad-hoc verification procedures; and
- •Clear and independent (i.e. independent of front office) reporting lines for the department accountable for the valuation process. The reporting line should ultimately be to a main board executive director.

B. Valuation Methodologies
1.Marking to market
97.Marking to market is the at-least-daily valuation of positions at readily available close out prices that are sourced independently. Examples of readily available close out prices include exchange prices, screen prices, or quotes from several independent reputable brokers.
98.Banks must mark to market as much as possible. The more prudent side of a bid/offer spread should be used unless the institution is a significant market maker in a particular position type and it can close out at mid-market. Banks should maximize the use of relevant observable inputs and minimize the use of unobservable inputs when estimating fair value using a valuation technique. However, some observable inputs or transactions may not be relevant, such as in a forced liquidation or distressed sale, or transactions may not be observable, such as when markets are inactive. In such cases, the observable data should be considered, but may not be determinative.
2.Marking to model
99.Only where marking to market is not possible should banks mark to model, but this must be demonstrated to be prudent. Marking to model is defined as any valuation that has to be benchmarked, extrapolated, or otherwise calculated from a market input. When marking to model, an extra degree of conservatism is appropriate. The Central Bank will consider the following in assessing whether a mark-to-model valuation is prudent:
- •Senior management should be aware of the elements of the trading book or of other fair-valued positions that are subject to mark to model and should understand the materiality of the uncertainty this creates in the reporting of the risk/performance of the business.
- •Market inputs should be sourced, to the extent possible, in line with market prices (as discussed above). The appropriateness of the market inputs for the particular position being valued should be reviewed regularly.
- •Where available, generally accepted valuation methodologies for particular products should be used as far as possible.
- •Where the institution itself develops the model, it should be based on appropriate assumptions that have been assessed and challenged by suitably qualified parties independent of the development process. The model should be developed or approved independently of the front office. The model should be independently tested, including validation of the mathematics, the assumptions, and the software implementation.
- •There should be formal change control procedures in place, and a secure copy of the model should be held and periodically used to check valuations.
- •Risk management should be aware of the weaknesses or limitations of the models used, and should account for those model weaknesses or limitations when using the valuation output.
- •The model should be subject to periodic review to assess its performance (e.g. assessing continued appropriateness of the assumptions, analysis of P&L versus risk factors, comparison of actual close out values to model outputs).
- •Valuation adjustments should be made as appropriate, for example, to cover the uncertainty of the model valuation.
3.Independent price verification
100.Independent price verification is distinct from daily marking to market. It is the process by which market prices or model inputs are regularly verified for accuracy. While daily marking to market may be performed by dealers, verification of market prices or model inputs should be performed by a unit independent of the dealing room, at least monthly (or, depending on the nature of the market/trading activity, more frequently). It need not be performed as frequently as daily marking to market, since independent marking of positions should reveal any error or bias in pricing, which should result in the elimination of inaccurate daily marks.
101.Independent price verification entails a higher standard of accuracy in that the market prices or model inputs are used to determine profit and loss figures, whereas daily marks are used primarily for management reporting. For independent price verification, where pricing sources are more subjective, for example where there is only one available broker quote, prudent measures such as valuation adjustments may be appropriate.
4.Valuation adjustments
102.As part of their procedures for marking to market, banks must establish and maintain procedures for considering valuation adjustments. The Central Bank expects banks using third-party valuations to consider whether valuation adjustments are necessary. Such considerations are also necessary when marking to model.
103.The Central Bank expects the following valuation adjustments/reserves to be formally considered at a minimum: unearned credit spreads, close-out costs, operational risks, early termination, investing and funding costs, and future administrative costs and, where appropriate, model risk.
104.Banks must establish and maintain procedures for judging the necessity of and calculating an adjustment to the current valuation of less liquid positions for regulatory capital purposes. This adjustment may be in addition to any changes to the value of the position required for financial reporting purposes and should be designed to reflect the illiquidity of the position. Banks should consider the need for an adjustment to a position’s valuation to reflect current illiquidity whether the position is marked to market using market prices or observable inputs, valued using third-party valuations, or marked to model. Such adjustments to the current valuation of less liquid positions should impact Tier 1 regulatory capital, and may exceed valuation adjustments made under financial reporting standards.
105.Bearing in mind that the assumptions made about liquidity in the market risk capital charge may not be consistent with the bank’s ability to sell or hedge out less liquid positions, where appropriate, banks must take an adjustment to the current valuation of these positions, and review their continued appropriateness on an on-going basis. Closeout prices for concentrated positions and/or stale positions should be considered in establishing the adjustment. Banks must consider all relevant factors when determining the appropriateness of the adjustment for less liquid positions. These factors may include, but are not limited to, the amount of time it would take to hedge out the position/risks within the position, the average volatility of bid/offer spreads, the availability of independent market quotes (number and identity of market makers), the average and volatility of trading volumes (including trading volumes during periods of market stress), market concentrations, the aging of positions, the extent to which valuation relies on marking to model, and the impact of other model risks.
106.For complex products such as securitisation exposures and nth-to-default credit derivatives, banks must explicitly assess the need for valuation adjustments to reflect both the model risk associated with using a possibly incorrect valuation methodology, and the risk associated with using unobservable (and possibly incorrect) calibration parameters in the valuation model.

X. Operational Risk

I. Introduction
1.This Standard articulates specific requirements for the calculation of the operational risk capital requirement for banks in the UAE. It is based closely on requirements of the framework for capital adequacy developed by the Basel Committee on Banking Supervision (BCBS), specifically as articulated in Basel II: International Convergence of Capital Measurement and Capital Standards, June 2006, and subsequent revisions and clarifications thereto.
2.Banks are required to calculate operational risk capital charges according to the methods and criteria addressed in this Standard.
3.Capital requirements for Operational Risk apply on a consolidated basis for all banks in the UAE. Banks should follow the requirements of all other applicable Central Bank Standards to determine overall capital adequacy requirements.

II. Definitions
In general, terms in this Standard have the meanings defined in other Regulations and Standards issued by the Central Bank. In addition, for this Standard, the following terms have the meanings defined in this section.
1. a.Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk includes legal and compliance risk but excludes strategic and reputational risk.
2. b.Gross income: net interest income plus net non-interest income, as defined by the Central Bank and/or applicable accounting standards. This measure should:
  - •Be gross of any provisions (e.g., for unpaid interest);
  - •Be gross of operating expenses, including fees paid to outsourcing service providers but excluding fees received by banks that provide outsourcing services (i.e., such outsourcing fees received shall be included in the definition of gross income);
  - •Exclude realised profits/losses from the sale of securities in the banking book (such as securities classified as “held to maturity” and “available for sale” under IFRS, which typically constitute items of the banking book); and
  - •Exclude extraordinary or irregular items as well as income derived from insurance.
3. c.Loans and advances: drawn amounts on credit facilities provided by banks to borrowers.

III. Requirements

A. Approaches

4.Banks can apply one of two methods for calculating the Pillar 1 capital requirement for operational risk as below:

(i)Basic Indicator Approach (BIA); or
(ii)Standardised Approach (SA).

5.The Standardised Approach includes the Alternative Standardised Approach (ASA), which is a simplified version of the Standardised Approach that may be appropriate to small domestic banks focusing on retail or commercial banking activities.

6.Banks are encouraged to move from the BIA to SA as they develop more sophisticated operational risk measurement systems and practices. Qualifying criteria for the Standardised Approach are presented below in Section B.

7.Internationally active banks and banks with significant operational risk exposures (for example, specialised processing banks) are expected to use the SA.

8.The Central Bank will review the capital requirement produced by the operational risk approach used by a bank (whether BIA or SA) for general credibility, especially in relation to a bank’s peer. In the event that credibility is lacking, the Central Bank will consider appropriate supervisory action under Pillar 2.

9.A bank is required to use the same approach, either the BIA or the SA, for all parts of its operations. The use of SA is subject to qualification by the Central Bank on the basis of the qualification criteria outlined in Section B.

10.A bank using the SA is not allowed without supervisory approval to choose to revert to the BIA once it has been approved for the SA. However, if the Central Bank determines that a bank using SA no longer meets the qualifying criteria for this approach, it may require the bank to revert to the BIA.

1.The Basic Indicator Approach (BIA)

11.Banks using the BIA shall hold capital for operational risk equal to the average over the previous three years of a fixed percentage (denoted alpha) of positive annual gross income. Figures for any year in which annual gross income is negative or zero shall be excluded from both the numerator and denominator when calculating the gross income average.

12.The capital requirement shall be calculated as follows:

K_BIA = [∑(GI_1..n × α)]/n

where:

K_BIA	=	The capital charge under the BIA;
GI	=	Annual gross income, where positive, over the previous three years;
n	=	Number of the previous three years for which gross income is positive; and
α	=	15%, relating the industry wide level of required capital to the industry wide level of the indicator.

2.The Standardised Approach (SA)

13.In the SA, banks’ activities are divided into eight business lines, including corporate finance, trading & sales, retail banking, commercial banking, payment & settlement, agency services, asset management, and retail brokerage. The business lines are defined in the table under Paragraph 12.

Principles for business line mapping:

14.The principles that banks shall apply for mapping their own business lines into the regulatory eight business lines as defined by the SA for the purpose of calculating the minimum capital required for operational risk are listed below.

Mapping of Business Lines

Level 1	Level 2	Activity Groups
Corporate Finance	Corporate Finance	Mergers and acquisitions, underwriting, privatisations, securitisation, research, debt (government and high yield), equity, syndications, IPO, secondary private placements
	Municipal/Government Finance
	Merchant Banking
	Advisory Services
Trading and Sales	Sales	Fixed income, equity, foreign exchanges, commodities, credit, funding, own position securities, lending and repos, brokerage, debt, prime brokerage
	Market Making
	Proprietary Positions
	Treasury
Retail Banking	Retail Banking	Retail lending and deposits, banking services, trust and estates
	Private Banking	Private lending and deposits, banking services, trust and estate, investment advice
	Card Services	Merchant/commercial/corporate cards, private labels and retail
Commercial Banking	Commercial Banking	Project finance, real estate, export finance, trade finance, factoring, leasing, lending, guarantees, bills of exchange
Payment and Settlement	External Clients	Payments and collections, funds transfer, clearing and settlement
Agency Services	Custody	Escrow, depository receipts, securities lending (customers) corporate actions
	Corporate Agency	Issuer and paying agents
	Corporate Trust
Asset Management	Discretionary Fund Management	Pooled, segregated, retail, institutional, closed, open, private equity
Asset Management	Non-Discretionary Fund Management	Pooled, segregated, retail, institutional, closed, open
Retail Brokerage	Retail Brokerage	Execution and full service

(i)All activities must be mapped into the eight level 1 business lines in a mutually exclusive and jointly exhaustive manner;
(ii)Any banking or non-banking activity which cannot be readily mapped into the business line framework, but which represents an ancillary function must be allocated to the business line it supports. If more than one business line is supported through the ancillary activity, an objective mapping criteria must be used;
(iii)When mapping gross income, if an activity cannot be mapped into a particular business line then the business line yielding the highest charge must be used. The same business line equally applies to any associated ancillary activity;
(iv)Banks may use internal pricing methods to allocate gross income between business lines provided that total gross income for the bank (as would be recorded under the BIA) still equals the sum of gross income for the eight business lines;
(v)The mapping of activities into business lines for operational risk capital purposes must be consistent with the definitions of business lines used for regulatory capital calculations in other risk categories (i.e., credit and market risk). Any deviations from this principle must be clearly motivated and documented;
(vi)The mapping process used must be clearly documented. In particular, written business line definitions must be clear and detailed enough to allow third parties to replicate the business line mapping. Documentation must, among other things, clearly motivate any exceptions or overrides and be kept on record;
(vii)Processes must be in place to define the mapping of any new activities or products;
(viii)Senior management is responsible for the mapping policy (which is subject to the approval by the board of directors); and
(ix)The mapping process to business lines must be subject to independent review.

Supplementary business line mapping guidance:

15.There is a variety of valid approaches that banks may use to map their activities to the eight business lines, provided the approach used meets the business line mapping principles set out above. The following is therefore an example of one possible approach that could be used by a bank to map its gross income and it is hereby presented for guidance only.

(i)Gross income for retail banking consists of net interest income on loans and advances to retail customers and SMEs treated as retail, plus fees related to traditional retail activities, net income from swaps and derivatives held to hedge the retail banking book, and income on purchased retail receivables. To calculate net interest income for retail banking, a bank takes the interest earned on its loans and advances to retail customers less the weighted average cost of funding of the loans (from whatever source — retail or other deposits).
(ii)Similarly, gross income for commercial banking consists of the net interest income on loans and advances to corporate (plus SMEs treated as corporate), interbank and sovereign customers and income on purchased corporate receivables, plus fees related to traditional commercial banking activities including commitments, guarantees, bills of exchange, net income (e.g., from coupons and dividends) on securities held in the banking book, and profits/losses on swaps and derivatives held to hedge the commercial banking book. The calculation of net interest income is based on interest earned on loans and advances to corporate, interbank and sovereign customers less the weighted average cost of funding for these loans (from whatever source).
(iii)For trading and sales, gross income consists of profits/losses on instruments held for trading purposes (i.e., in the mark-to-market book), net of funding cost, plus fees from wholesale brokerage.
(iv)For the other five business lines, gross income consists primarily of the net fees/commissions earned in each of these businesses. Payment and settlement consists of fees to cover provision of payment/settlement facilities for wholesale counterparties. Payment and settlement losses related to bank’s own activities should also be incorporated in the loss experience of the affected business line. Asset management is management of assets on behalf of others.

Capital Calculation under the Standardised Approach:

16.Within each business line, gross income is a broad indicator that serves as a proxy for the scale of business operations and thus the likely scale of operational risk exposure within each of these business lines. The capital charge for each business line is calculated by multiplying gross income by a factor (denoted by beta) assigned to that business line. Beta serves as a proxy for the industry-wide relationship between the operational risk loss experience for a given business line and the aggregate level of gross income for that business line. It should be noted that in the SA gross income is measured for each business line, not the whole institution, (e.g., in corporate finance, the indicator is the gross income generated in the corporate finance business line).

17.The total capital charge is calculated as the three-year average of the simple summation of the regulatory capital charges across each of the business lines in each year. In any given year, negative capital charges (resulting from negative gross income) in any business line may offset positive capital charges in other business lines without limit. However, where the aggregate capital charge across all business lines within a given year is negative, then the input to the numerator for that year shall be zero. The total capital charge may be expressed as:

where:

K_TSA	=	The capital charge under the SA;
GI_1-8	=	Annual gross income in a given year, as defined above in the BIA, for each of the eight business lines; and
β_1-8	=	A fixed percentage relating the level of required capital to the level of the gross income for each of the eight business lines.

The values of the betas are detailed below.

Business Lines	Beta Factors
Corporate finance (β₁)	18%
Trading and sales (β₂)	18%
Retail banking (β₃)	12%
Commercial banking (β₄)	15%
Payment and settlement (β₅)	18%
Agency services (β₆)	15%
Asset management (β₇)	12%
Retail brokerage (β₈)	12%

Capital Calculation under the Alternative Standardised Approach:

18.The Central Bank may allow a bank to use the ASA provided the bank is able to satisfy the Central Bank that this alternative approach provides an improved basis for capturing its operational risk. Once a bank has been allowed to use the ASA, it will not be allowed to revert to use of the SA without the permission of the Central Bank. Large diversified banks in major markets are not authorized to use the ASA.

19.Under the ASA, the operational risk capital charge and methodology are the same as for the SA except for two business lines — retail banking and commercial banking. For these business lines, loans and advances — multiplied by a fixed factor ‘m’ — replaces grossincome as the exposure indicator. The betas for retail and commercial banking are unchanged from the SA. The ASA operational risk capital charge for retail banking (with the same basic formula for commercial banking) can be expressed as:

K_RB = β_RB × m × LA_RB

where

K_RB	=	The capital charge for the retail banking business line;
β_RB	=	The beta for the retail banking business line;
LA_RB	=	Total outstanding retail loans and advances (non-risk weighted and gross of provisions), averaged over the past three years; and
m	=	0.035.

20.For the purposes of the ASA, total loans and advances in the retail banking business line consists of the total drawn amounts in the following credit portfolios: retail, SMEs treated as retail, and purchased retail receivables.

21.For commercial banking, total loans and advances consists of the drawn amounts in the following credit portfolios: corporate, sovereign, bank, specialised lending, SMEs treated as corporate and purchased corporate receivables. The book value of securities held in the banking book should also be included.

22.Under the ASA, banks may aggregate retail and commercial banking (if they wish to) using a beta of 15%.

23.Similarly, those banks that are unable to disaggregate their gross income into the other six business lines can aggregate the total gross income for these six business lines using a beta of 18%, with negative gross income treated as described in paragraph 15 above.

24.As under the SA, the total capital charge for the ASA is calculated as the simple summation of the regulatory capital charges across each of the eight business lines.

B. Qualifying Criteria for the SA and the ASA
25.In order to qualify for use of the SA or ASA, a bank shall satisfy the Central Bank that, at a minimum:
1. (i)Its board of directors and senior management, as appropriate, are actively involved in the oversight of the operational risk management framework;
2. (ii)It has an operational risk management system that is conceptually sound and is implemented with integrity; and
3. (iii)It has sufficient resources in the use of the approach in the major business lines as well as the control and audit areas.
26.The Central Bank may insist on a period of initial monitoring of a bank’s SA or ASA before it is used for regulatory capital purposes.
27.A bank shall develop specific policies and have documented criteria for mapping gross income for current business lines and activities into the standardised framework. The criteria shall be reviewed and adjusted for new or changing business activities as appropriate. These criteria shall be compliant with the principles for business line mapping that are set out above in paragraph 12.
28.Banks shall also meet the following additional criteria:
1. (i)The bank shall have an operational risk management system with clear responsibilities assigned to an operational risk management function. The operational risk management function shall be responsible for developing strategies to identify, assess, monitor and control/mitigate operational risk; for codifying firm-level policies and procedures concerning operational risk management and controls; for the design and implementation of the firm’s operational risk assessment methodology; and for the design and implementation of a risk-reporting system for operational risk;
2. (ii)As part of the bank’s internal operational risk assessment system, the bank shall systematically track relevant operational risk data including material losses by business line. Its operational risk assessment system shall be closely integrated into the risk management processes of the bank. Its output shall be an integral part of the process of monitoring and controlling the banks operational risk profile. For instance, this information shall play a prominent role in risk reporting, management reporting, and risk analysis. The bank shall have techniques for creating incentives to improve the management of operational risk throughout the firm;
3. (iii)The bank shall have regular reporting of operational risk exposures, including material operational losses, to business unit management, senior management, and to the board of directors. The bank shall have procedures for taking appropriate action according to the information within the management reports;
4. (iv)The bank’s operational risk management system shall be well documented. The bank shall have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operational risk management system, which shall include policies for the treatment of noncompliance issues;
5. (v)The bank’s operational risk management processes and assessment system shall be subject to validation and regular independent review. These reviews shall include both the activities of the business units and of the operational risk management function; and
6. (vi)The bank’s operational risk assessment system (including the internal validation processes) shall be subject to regular review by external auditors and/or the Central Bank.
Additional Qualifying criteria specifically for the ASA
29.Large diversified banks are not allowed to use the ASA.
30.To be permitted to use the ASA, a bank shall demonstrate to the Central Bank that it meets all the following conditions:
1. (i)Its retail or commercial banking activities shall account for at least 90% of its income;
2. (ii)The gross income is not a reliable operational risk exposure indicator; for instance a significant proportion of its retail or commercial banking activities comprise loans associated with a high default probability and therefore interest rate income is inflated and operational risk may be overstated; and
3. (iii)A bank should be able to demonstrate to the Central Bank that the ASA provides a more appropriate basis than the SA for calculating its capital requirement for operational risk.
31.The Central Bank may determine additional qualifying criteria for the ASA.

IV. Review Requirements
32.Bank calculations of operational risk capital requirements under this Standard shall be subject to appropriate levels of independent review and challenge by third parties. Reviews shall cover business line mapping and allocation of gross income and loans and advances to the regulatory-defined business lines.

V. Risk Weighted Assets
33.A bank must calculate the RWA for operational risk by multiplying the total capital requirement for operational risk as calculated above by the factor 12.5:
Operational Risk RWA = Capital Charge × 12.5

VI. Shari’ah Implementation
34.Banks offering Islamic financial services engaging in Shari’ah with respect to operational risks as approved by their internal Shari’ah control committees should calculate the Operational risk capital in accordance with provisions set out in this standard/guidance and in the manner acceptable by Shari’ah. This is applicable until relevant standards and/or guidance in respect of these transactions are issued specifically for banks offering Islamic financial services

Pillar 2

XI. Pillar 2 – Internal Capital Adequacy Assessment Process (ICAAP)

I. Introduction and Scope
1.This Standard discusses the key principles of supervisory review, with respect to banking risks, including guidance relating to, among other things, the treatment of interest rate risk in the banking book, credit risk (stress testing, residual risk, and credit concentration risk), operational risk, enhanced cross-border communication and cooperation, and securitisation.
2.Banks are only permitted to perform a Pillar I Plus approach. Internal models are not allowed in ICAAP for estimating capital requirements for credit, market or operational risk. For risk management purposes, banks may use internal models, but figures reported to the Central Bank should be based on the Standardised Approach.
3.All buffers are to be in addition to existing requirements. An off-setting of certain requirements is not permitted i.e. lower Pillar 2 for Pillar 1 risks are not allowed.
4.The type of capital which the Central Bank will require banks to provide for pillar 2 risks will be solely at the discretion of the Central Bank; this may be CET1 only, or a mix between CET1, AT1 and Tier 2.
5.It should be noted that given a normal business model the capital risk charge for Pillar 2 should always be positive if the risk exists (in particular for the IRRBB and Concentration risk).

II. Definitions
In general, terms in this Standard have the meanings defined in other regulations and standards issued by the Central Bank. In addition, for this Standard, the following terms have the meanings defined in this section.
1. a.Concentration risk is the potential for a loss in value of an investment portfolio of a bank when an individual or group of exposures move together in an unfavorable direction.
2. b.Cyber risk means any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems.
3. c.Management information system, or MIS: Any process, systems or framework used by an institution to collect, store or disseminate data in the form of useful information to the relevant stakeholders for decision-making.
4. d.Operational Risk: The risk of loss resulting from inadequate or failed internal processes, people, systems or from external events. This definition includes legal risk but excludes strategic and reputational risk.

III. Importance of Supervisory Review
6.The supervisory review process, as set forth by the Central Bank, is intended not only to ensure that banks in the UAE have adequate capital to support all the risks in their business, but also to encourage banks to develop and use better risk management techniques in monitoring and managing risks.
7.The supervisory review process recognises the responsibility of bank management in developing an internal capital assessment process and setting minimum capital requirements that are commensurate with the bank’s risk profile and control environment. Bank management continues to bear responsibility for ensuring that the bank has adequate capital to support its risks beyond the core minimum requirements in Pillar 1.
8.The Central Bank will evaluate how well banks are assessing their capital needs relative to their risks and intervene, where appropriate. This interaction is intended to foster an active dialogue between banks, the Central Bank such that when deficiencies are identified, prompt, and decisive action can be taken to reduce risk or restore capital.
9.The Central Bank recognises the relationship that exists between the amount of capital held by the bank against its risks and the strength and effectiveness of the bank’s risk management and internal control processes. However, increased capital must not be viewed as sufficient for addressing increased risks confronting the bank. Other, complementary, means for addressing risk, such as strengthening risk management, applying internal limits, strengthening the level of provisions and reserves, and improving internal controls, must also be considered as complimentary measures. Furthermore, capital must not be regarded as a substitute for addressing fundamentally inadequate control or risk management processes. However, the Central Bank may require banks to hold more capital to compensate for deficiencies.
10.There are three main areas that will be particularly suited for its treatment under Pillar 2: risks considered under Pillar 1 that are not fully captured by the Pillar 1 framework (e.g. credit concentration risk); those factors not taken into account by the Pillar 1 framework (e.g. interest rate risk in the banking book, business and strategic risk); and factors external to the bank (e.g. business cycle effects). A further important aspect of Pillar 2 is the assessment of compliance with the minimum standards and disclosure requirements of the more advanced methods in Pillar 1. The Central Bank will ensure that these requirements are being met, both as qualifying criteria and on a continuing basis. The quality of risk management will also be considered and any shortcoming may warrant a capital add-on by the bank or by the Central Bank.

IV. Four Key Principles of Supervisory Review
11.The Central Bank has followed the international standards²³ set out by the BCBS and identified four key principles of supervisory review.
Principle 1: Banks must have a process for assessing their overall capital adequacy in relation to their risk profile and a strategy for maintaining their capital levels.
12.Banks must be able to demonstrate that the decided minimum capital levels are well founded and that these levels are consistent with their overall risk profile and current operating environment. In assessing capital adequacy, bank management needs to be mindful of the particular stage of the business cycle in which the bank is operating. Rigorous forward-looking stress testing that identifies possible events or changes in market conditions that could adversely affect the bank must be performed. Bank management clearly bears the responsibility for ensuring that the bank has adequate capital to support its risks.
13.The seven main features of a rigorous process are as follows:
1. i.Active board and senior management oversight;
2. ii.Appropriate policies, methodologies for assessment of capital needs, procedures and limits;
3. iii.Sound capital assessment;
4. iv.Comprehensive and timely identification, measurement, mitigation, controlling, monitoring and reporting of risks;
5. v.Appropriate management information systems (MIS) at the business and firm-wide level;
6. vi.Comprehensive internal controls;
7. vii.For the completion of ICAAP, regulatory requirements (Pillar I) is required as the first step of computation.
It should also be noted that under no circumstances could Pillar I and Pillar II be netted against each other. They are both separate requirements.
²³ BCBS128 and BCBS157

A. Board and Senior Management Oversight
14.It is the responsibility of the Board of Directors and senior management to define the bank’s risk appetite and to ensure that the bank’s risk management framework includes detailed policies and methodologies that set specific firm-wide prudential limits on the bank’s activities, which are consistent with its risk taking appetite and capacity. In order to determine the overall risk appetite, the board and senior management must first have an understanding of risk exposures on a firm-wide basis. To achieve this understanding, senior management must bring together the perspectives of the key business and control functions. In order to develop an integrated firm-wide perspective on risk, senior management must overcome organisational silos between business lines and share information on market developments, risks and risk mitigation techniques. Senior management must establish a risk management process that is not limited to credit, market, liquidity and operational risks, but incorporates all material risks. This includes reputational, legal, anti-money laundering, conduct risk and strategic risks, as well as risks that do not appear to be significant in isolation, but when combined with other risks could lead to material losses. The analysis of a bank’s current and future capital requirements in relation to its strategic objectives is a vital element of the strategic planning process. The strategic plan must clearly outline the bank’s capital needs, anticipated capital depletion expenditures, minimum internally assessed required capital level, and external capital sources. Senior management and the board must view capital planning as a crucial element in being able to achieve its desired strategic objectives.
15.The board of directors and senior management must possess sufficient knowledge of all major business lines to ensure that appropriate policies, controls and risk monitoring systems are effective. They must have the necessary expertise to understand the capital markets activities in which the bank is involved – such as securitisation and off-balance sheet activities – and the associated risks. The board and senior management must remain informed on an on-going basis about these risks as financial markets, risk management practices and the bank’s activities evolve. In addition, the board and senior management must ensure that accountability and lines of authority are clearly defined.
16.With respect to new or complex products and activities, senior management must understand the underlying assumptions regarding business models, valuation and risk management practices. In addition, senior management must evaluate the potential risk exposure if those assumptions fail.
17.Before embarking on new activities or introducing products new to the bank, the board and senior management must identify and review the changes in firm-wide risks arising from these potential new products or activities and ensure that the infrastructure and internal controls necessary to manage the related risks are in place. In this review, a bank must also consider and address the possible difficulty in valuing the new products and how they might perform in a stressed economic environment. It is also the responsibility of the banks to assess prudential and market conduct risks when reviewing new products or activities.
18.A bank’s risk function and its Chief Risk Officer (CRO) or equivalent position must be independent of the individual business lines and report directly to the bank’s Board of Directors. In addition, the risk function must highlight to senior management and the board risk management concerns, such as risk concentrations, violations of risk appetite limits as well as violations of minimum internally set capital requirements.

B. Appropriate Policies, Procedures and Limits
19.Firm-wide risk management programmes must include detailed policies that set specific firm-wide prudential limits on the principal risks relevant to a bank’s activities. Additionally, a bank must have a clearly defined risk appetite for market conduct risk (non-prudential risks). A bank’s policies and procedures must provide specific guidance for the implementation of broad business strategies and must establish, where appropriate, internal limits for the various types of risk to which the bank may be exposed. These limits must consider the bank’s role in the financial system and be defined in relation to the bank’s capital, total assets, and earnings or, where adequate measures exist, its overall risk level.
20.A bank’s policies, procedures and limits must:
1. i.Provide for adequate and timely identification, measurement, monitoring, control and mitigation of the risks (prudential and market conduct risks) posed by its lending, investing, trading, securitisation, off-balance sheet, fiduciary and other significant activities at the business line and firm wide levels;
2. ii.Ensure that the economic substance of a bank’s risk exposures, including reputational risk and valuation uncertainty, are fully recognised and incorporated into the bank’s risk management processes;
3. iii.Be consistent with the bank’s stated requirements and objectives, as well as its overall financial strength;
4. iv.Clearly define accountability and lines of authority across the bank’s various business activities, and ensure there is a clear separation between business lines and the risk management function;
5. v.Escalate and address breaches of internal position limits;
6. vi.Provide for the review of new businesses and products by bringing together all relevant risk management, control and business lines to ensure that the bank is able to manage and control the activity prior to it being initiated; and
7. vii.Include a schedule and process for reviewing the policies, procedures and limits and for updating them as appropriate.

C. Sound Capital Assessment
21.Fundamental elements of sound capital assessment include:
1. i.Policies, procedures and methodologies designed to ensure that the bank identifies, measures, and reports all material risks;
2. ii.A process that relates capital to the level of risk;
3. iii.A process that states capital adequacy requirements (i.e. minimum thresholds for CAR ratio) with respect to risk, taking account of the bank’s strategic focus and business plan; and
4. iv.A process of internal controls, reviews and audits to ensure the integrity of the overall management process.

D. Comprehensive Assessment of Risks
22.All material risks faced by the bank must be addressed in the capital assessment process. While the Central Bank recognises that not all risks can be measured precisely, a process must be developed to estimate risks. Therefore, the following risk exposures, which by no means constitute a comprehensive list of all risks, must be considered:
23.Credit risk: Banks must have methodologies that enable them to assess the credit risk involved in exposures to individual borrowers or counterparties as well as at the portfolio level. For banks, the credit review assessment of capital adequacy, at a minimum, must cover four areas: risk rating systems, portfolio analysis/aggregation, securitisation/complex credit derivatives, and large exposures and risk concentrations.
24.Internal risk ratings are an important tool in monitoring credit risk. Internal risk ratings must be adequate to support the identification and measurement of risk from all credit exposures, and must be integrated into a banks’ overall analysis of credit risk and capital adequacy. The ratings system must provide detailed ratings for all assets, not only for watch list or for problem assets. Appropriateness of loan loss reserves must be included in the credit risk assessment for capital adequacy.
25.The analysis of credit risk must adequately identify any weaknesses at the portfolio level, including any concentrations of risk. It must also adequately take into consideration the risks involved in managing credit concentrations and other portfolio issues through such mechanisms as securitisation programmes and complex credit derivatives.
26.Operational risk: The failure to properly manage operational risk can result in a misstatement of a bank’s risk/return profile and expose the bank to significant losses.
27.A bank must develop a framework for managing operational risk (including cyber risk) and evaluate the adequacy of capital given this framework. The framework must cover the bank’s appetite and tolerance for operational risk, as specified through the policies for managing this risk, including the extent and manner in which operational risk is transferred outside the bank. It must also include policies outlining the bank’s approach to identifying, assessing, monitoring and controlling/mitigating the risk.
28.Market risk: Banks must have methodologies that enable them to assess and actively manage all market risks, wherever they arise, at position, desk, business line and firm-wide level. For banks, their assessment of internal capital adequacy for market risk, at a minimum, must be based on stress testing, including an assessment of concentration risk and the assessment of illiquidity under stressful market scenarios, although all firms’ assessments must include stress testing appropriate to their trading activity.
29.A bank must demonstrate that it has enough capital to not only meet the minimum capital requirements but also to withstand a range of severe but plausible market shocks. In particular, it must factor in, where appropriate:
1. i.Illiquidity of prices;
2. ii.Concentrated positions (in relation to market turnover);
3. iii.One-way markets;
4. iv.Non-linear products/deep out-of-the money positions;
5. v.Events and jumps-to-defaults;
6. vi.Significant shifts in correlations;
30.The stress tests applied by a bank for market risk and, in particular, the calibration of those tests (e.g. the parameters of the shocks or types of events considered) must be reconciled back to a clear statement setting out the premise upon which the bank’s internal capital assessment is based (e.g. ensuring there is adequate capital to manage the traded portfolios within stated limits through what may be a prolonged period of market stress and illiquidity, or that there is adequate capital to ensure that, over a given time horizon to a specified confidence level, all positions can be liquidated or the risk hedged in an orderly fashion). The market shocks applied in the tests must reflect the nature of portfolios and the time it could take to hedge out or manage risks under severe market conditions.
31.Concentration risk must be pro-actively managed and assessed by firms and concentrated positions must be routinely reported to senior management.
32.Banks must demonstrate how they combine their risk measurement approaches to arrive at the overall internal capital for market risk.
33.Interest rate risk in the banking book: The measurement process must include all material interest rate positions of the bank and consider all relevant repricing and maturity data, including modelling maturity assumptions. Such information will generally include current balance and contractual rate of interest associated with the instruments and portfolios, principal payments, interest reset dates, maturities, the rate index used for repricing, and contractual interest rate ceilings or floors for adjustable-rate items. The system must also have well-documented assumptions and techniques.
34.Regardless of the type and level of complexity of the measurement system used, bank management must ensure the adequacy and completeness of the system. Because the quality and reliability of the measurement system is largely dependent on the various assumptions used in the model which will be checked by the Central Bank for reasonability, management must give particular attention to these items.
35.Liquidity risk: Liquidity is crucial to the ongoing viability of any banking organisation. Banks’ capital positions can have an effect on their ability to obtain liquidity, especially in a crisis. Each bank must have adequate systems for measuring, monitoring and controlling liquidity risk. Banks must evaluate the adequacy of capital given their own liquidity profile and the liquidity of the markets in which they operate. Please refer to the Regulation regarding Liquidity Risk Circular No: 33/2015
36.Other risks: Although the Central Bank recognises that ‘other’ risks, such as reputational, strategic and anti-money laundering, are not easily measurable, it expects banks to further develop techniques for managing all aspects of these risks.

E. Monitoring and Reporting
37.The bank must establish an adequate system for monitoring and reporting risk exposures and assessing how the bank’s changing risk profile affects the need for capital. The bank’s senior management or board of directors must, on a regular basis, receive reports on the bank’s risk profile and capital needs. These reports must allow senior management to:
1. i.Evaluate the level and trend of material risks and their effect on capital levels;
2. ii.Evaluate the sensitivity and reasonableness of key assumptions used in the capital assessment measurement system;
3. iii.Determine whether the bank holds sufficient capital against the various risks and is in compliance with established internal capital adequacy requirements; and
4. iv.Assess its future capital requirements based on the bank’s reported risk profile (3 to 5 years) and make necessary adjustments to the bank’s strategic plan accordingly as well as the effect of any anticipated changes to regulatory requirements.
38.A bank’s MIS must provide the board and senior management in a clear and concise manner with timely and relevant information concerning their bank’ risk profile. This information must include all risk exposures, including those that are off-balance sheet. Management must understand the assumptions behind and limitations inherent in specific risk measures.
39.The key elements necessary for the aggregation of risks are an appropriate infrastructure and MIS that (i) allow for the aggregation of exposures and risk measures across business lines and (ii) support customised identification of concentrations and emerging risks. MIS developed to achieve this objective must support the ability to evaluate the impact of various types of economic and financial shocks that affect the whole bank. Further, a bank’s systems must be flexible enough to incorporate hedging and other risk mitigation actions to be carried out on a firm-wide basis while taking into account the various related basis risks.
40.To enable proactive management of risk, the board and senior management need to ensure that MIS is capable of providing regular, accurate and timely information on the bank’s aggregate risk profile, as well as the main assumptions used for risk aggregation. MIS must be adaptable and responsive to changes in the bank’s underlying risk assumptions and must incorporate multiple perspectives of risk exposure to account for uncertainties in risk measurement. In addition, it must be sufficiently flexible so that the bank can generate forward-looking bank-wide scenario analyses that capture management’s interpretation of evolving market conditions and stressed conditions. Third-party inputs or other tools used within MIS (e.g. credit ratings, risk measures, models) must be subject to initial and ongoing validation.
41.Banks are required that their MIS must be capable of capturing limit breaches and there must be procedures in place to promptly report such breaches to senior management, as well as to ensure that appropriate follow-up actions are taken. For instance, similar exposures must be aggregated across business platforms (including the banking and trading books) to determine whether there is a concentration or a breach of an internal position limit.

F. Internal Control Review
42.The bank’s internal control structure is essential to the capital assessment process. Effective control of the capital assessment process includes an independent review and, where appropriate, the involvement of internal and external audit. The bank’s board of directors has a responsibility to ensure that management establishes a system for assessing the various risks, develops a system to relate risk to the bank’s capital level, and establishes a method for monitoring compliance with internal policies. The board must regularly verify whether its system of internal controls is adequate to ensure well-ordered and prudent conduct of business.
43.Risk management processes must be frequently monitored and tested by independent control areas and internal, as well as external, auditors. The aim is to ensure that the information on which decisions are based is accurate so that processes fully reflect management policies and that regular reporting, including the reporting of limit breaches and other exception-based reporting, is undertaken effectively. The risk management function of banks must be independent of the business lines in order to ensure an adequate separation of duties and to avoid conflicts of interest.
44.The purpose of periodic reviews of the risk management process is to ensure its integrity, accuracy, and reasonableness. Areas that the Central Bank will review include:
1. i.Appropriateness of the bank’s capital assessment process given the nature, scope and complexity of its activities;
2. ii.Identification of large exposures and risk concentrations;
3. iii.Accuracy and completeness of data inputs into the bank’s assessment process;
4. iv.Reasonableness and validity of scenarios used in the assessment process (scenarios and modelling assumptions behind banks’ response to those scenarios); and
5. v.Stress testing and analysis of assumptions and inputs together with the resultant outputs.
6. vi.Validation of the output (not only of the process) with proper benchmarking to peers and best practice.
Principle 2: The Central Bank will review and evaluate banks’ internal capital adequacy assessments and strategies, as well as their ability to monitor and ensure their compliance with regulatory capital Ratios. The Central Bank will take appropriate supervisory action if it is not satisfied with the result of this process.
45.The Central Bank will regularly review the process by which a bank assesses its capital adequacy, risk position, resulting minimum required capital levels, and quality of capital held. The Central Bank will also evaluate the degree to which a bank has in place a sound internal process to assess capital adequacy. The emphasis of the review must be on the quality of the bank’s risk management and controls with the Central Bank setting the minimum required capital. The periodic review can involve some combination of:
1. i.On-site examinations or inspections;
2. ii.Off-site review;
3. iii.Discussions with bank management;
4. iv.Review of work done by internal auditors and where appropriate external auditors;
5. v.Periodic reporting; and
46.The substantial impact that errors in the methodology or assumptions of formal analyses can have on resulting capital requirements requires a detailed review by the Central Bank of each bank’s internal analysis. The Central Bank will have its own methodologies to benchmark the outcomes of the ICAAP and, if necessary, impose additional capital requirements.

Supervisory Review Process

A. Review of Adequacy of Risk Assessment
47.The Central Bank will assess the degree to which internal requirements and processes incorporate the full range of material risks faced by the bank. The Central Bank will also review the adequacy of risk measures used in assessing internal capital adequacy and the extent to which these risk measures are also used operationally in setting limits, evaluating business line performance, and evaluating and controlling risks more generally. In addition, the Central Bank will review the results of stress tests (including sensitivity analyses and scenario analyses) conducted by the banks and how these results relate to capital plans.

B. Assessment of Capital Adequacy
48.The Central Bank will review the bank’s processes to determine that:
1. i.Minimum capital requirements chosen are comprehensive and relevant to the current operating environment and the risk profile of the bank;
2. ii.Minimum capital requirements are properly monitored and reviewed by senior management; and
3. iii.The composition of capital is appropriate for the nature and scale of the bank’s business.
49.The Central Bank will also consider the extent to which the bank has provided for unexpected events in setting its minimum capital requirements. This analysis must cover a wide range of external conditions and scenarios, and the sophistication of techniques and stress tests used must be commensurate with the bank’s activities.

C. Assessment of the Control Environment
50.The Central Bank will consider the quality of the bank’s management information reporting and systems, the manner in which business risks and activities are aggregated, and management’s record in responding to emerging or changing risks.
51.In all instances, the capital requirement at an individual bank must be determined according to the bank’s risk profile and adequacy of its risk management process and internal controls. External factors such as business cycle effects and the macroeconomic environment must also be considered. Another consideration is the variability in a bank’s profitability in normal circumstances.

D. The Central Bank’s Review of the Regulatory Framework
52.In order for certain internal methodologies (e.g. VaR), credit risk mitigation techniques and asset securitisations to be recognised for regulatory capital purposes, banks will need to meet a number of requirements, including risk management standards and disclosures. In particular, banks will be required to disclose features of their internal methodologies used in calculating minimum capital requirements. As part of the supervisory review process, the Central Bank will ensure that these conditions are met on an ongoing basis.
53.The Central Bank regards this review of as an integral part of the supervisory review process under Principle 2.
54.The Central Bank will also perform a review of compliance with certain conditions and requirements set for standardised approaches.
Principle 3: The Central Bank expects banks to operate above the minimum regulatory capital ratios and may require banks to hold capital in excess of the minimum.
55.The Central Bank will take appropriate action if it is not satisfied with the results of the bank’s own risk assessment and capital allocation or with the minimum capital levels as determined by the bank. The Central Bank will add additional capital requirements where the Central Bank is not satisfied that all risks have been identified. Important to note is that banks shall not disclose this publicly.
56.Pillar 1 capital requirements shall include a buffer for uncertainties surrounding the Pillar 1 regime that affect the banking population as a whole. Bank-specific uncertainties will be treated under Pillar 2. The Central Bank require banks to operate with a buffer, over and above the Pillar 1 standards. Banks must maintain this buffer for example:
1. i.Pillar 1 minimums are anticipated to be set to achieve a level of bank creditworthiness in markets that is below the level of creditworthiness sought by many banks for their own reasons. For example, most international banks appear to prefer to have low risk profile and thus be highly rated by internationally recognised rating agencies. This is currently the case in the UAE. Thus, banks are likely to choose to operate above Pillar 1 minimums for competitive reasons.
2. ii.In the normal course of business, the type and volume of activities will change, as will the different risk exposures, causing fluctuations in the overall capital ratio.
3. iii.It may be costly for banks to raise additional capital, especially if this needs to be done quickly or at a time when market conditions are unfavourable.
4. iv.For banks to fall below minimum regulatory capital requirements is a serious matter. It will place banks in breach of the relevant law and/or prompt nondiscretionary corrective action on the part of supervisors such as withdrawal of license.
5. v.There may be risks, either specific to individual banks, or more generally to an economy at large, that are not taken into account in Pillar 1. The Central Bank uses its own internal benchmarks and may request banks at any time for additional data to calculate an add-on.
57.There are several means available to the Central Bank for ensuring that individual banks are operating with adequate levels of capital. Among other methods, the Central Bank may set higher minimum capital requirements or define categories above minimum ratios (e.g. well capitalised and adequately capitalised) for identifying the capitalisation level of the bank.
Principle 4: The Central Bank will intervene at an early stage to prevent capital from falling below the minimum levels required to support the risk characteristics of a particular bank and will require rapid remedial action if capital is not maintained or restored.
58.The Central Bank will consider a range of options if it becomes concerned that a bank is not meeting the requirements embodied in the supervisory principles outlined above. These actions may trigger the recovery plan that includes and not limited to intensifying the monitoring of the bank, restricting the payment of dividends, requiring the bank to prepare and implement a satisfactory capital adequacy restoration plan, and requiring the bank to raise additional capital immediately. The Central Bank have the discretion to use the tools best suited to the circumstances of the bank and its operating environment.
59.The permanent solution to banks’ difficulties is not exclusively increased capital. However, some of the required measures (such as improving systems and controls) may take some time to implement. Therefore, increased capital requirements might be used as an interim measure while permanent measures to improve the bank’s position are being put in place. Once these permanent measures have been put in place and have been seen by the Central Bank to be effective, the interim increase in capital requirements may be removed.

V. Specific Issues to be Addressed Under the Supervisory Review Process
60.Below are a few important issues that the Central Bank will particularly focus on when carrying out the supervisory review process. These issues include some key risks that are not directly addressed under Pillar 1.

A. Interest Rate Risk in the Banking Book
61.Interest rate risk in the banking book is a potentially significant risk that requires capital. There is considerable heterogeneity across UAE banks in terms of the nature of the underlying risk and the processes for monitoring and managing it. In light of this, the Central Bank considers it is most appropriate to treat interest rate risk in the banking book under Pillar 2 of the Framework.
62.To facilitate the Central Bank’s monitoring of interest rate risk exposures across banks, banks would have to provide the results of their internal measurement systems, expressed in terms of both, economic value and net interest income, relative to capital, using a standardised interest rate shock as described in the accompanying guidance document.
63.If the Central Bank determines that banks are not holding capital commensurate with the level of interest rate risk, they must require the bank to reduce its risk, to hold a specific additional amount of capital or some combination of the two.

B. Stress Tests
64.A bank should ensure that it has sufficient capital to meet the Pillar 1 requirements and the results (where a deficiency has been indicated) of the credit risk stress test performed. The Central Bank will review how the stress test has been carried out.
65.Central bank will use the reference model to challenge the stress test results Reference model is based on +/- 200 basis point shock based on NII and EVE. Central Bank assumes a higher basis point for stress testing which is described in the accompanying guidance document.
66.The results of the stress test will thus contribute directly to the expectation that a bank will operate above the Pillar 1 minimum regulatory capital ratios. The outcome of the Central Bank stress tests will be used as a benchmark. If there is an impact of more than 200bps, the Central Bank will require setting higher minimum capital requirements so that capital resources could cover the Pillar 1 requirements plus the result of a recalculated stress test.

C. Residual Risk
67.This section allows banks to offset credit or counterparty risk with collateral, guarantees or credit derivatives, leading to reduced capital charges in Pillar 1. While banks use credit risk mitigation (CRM) techniques to reduce their credit risk, these techniques give rise to risks that may render the overall risk reduction less effective. Accordingly, these risks (e.g. operational risk or liquidity risk) to which banks are exposed are of supervisory concern. Where such risks arise, and irrespective of fulfilling the minimum requirements set out in Pillar 1, a bank could find itself with greater credit risk exposure to the underlying counterparty than it had expected. Examples of these risks include:
1. i.Inability to seize, or realise in a timely manner, collateral pledged (on default of the counterparty);
2. ii.Refusal or delay by a guarantor to pay; and
3. iii.Ineffectiveness of untested documentation.
68.The Central Bank will require banks to have in place appropriate written CRM policies and procedures in order to control these residual risks. A bank may be required to submit these policies and procedures to the Central Bank and must regularly review their appropriateness, effectiveness and operation.
69.In its CRM policies and procedures, a bank must consider whether, when calculating capital requirements, it is appropriate to give the full recognition of the value of the credit risk mitigant as permitted in Pillar 1 and must demonstrate that its CRM management policies and procedures are appropriate to the level of capital benefit that it is recognising. Where the Central Bank is not satisfied as to the robustness, suitability or application of these policies and procedures they may direct the bank to take immediate remedial action or hold additional capital against residual risk until the deficiencies in the CRM procedures are rectified to the satisfaction of the Central Bank. For example, the Central Bank may direct a bank to:
1. i.Make adjustments to the assumptions on holding periods, supervisory haircuts, or volatility (in the own haircuts approach);
2. ii.Give less than full recognition of credit risk mitigants (on the whole credit portfolio or by specific product line); and/or
3. iii.Hold a specific additional amount of capital.

D. Risk Concentration
70.Unmanaged risk and excessive concentrations are an important cause of major problems in banks. A bank must aggregate all similar direct and indirect exposures regardless of where the exposures have been booked. A risk concentration is any single exposure or group of similar exposures (e.g. to the same borrower or counterparty, including protection providers, geographic area, industry or other risk factors) with the potential to produce (i) losses large enough (relative to a bank’s earnings, capital, total assets or overall risk level) to threaten a bank’s creditworthiness or ability to maintain its core operations or (ii) a change in a bank’s risk profile. Risk concentrations must be analysed on both a bank legal entity and consolidated basis, as an unmanaged concentration at a subsidiary bank may appear immaterial at the consolidated level, but can nonetheless threaten the viability of the subsidiary. A change in the concentration risk is identified as a significant change.
71.Risk concentrations must be viewed in the context of a single or a set of closely related risk-drivers that may have different impacts on a bank. These concentrations must be integrated when assessing a bank’s overall risk exposure. A bank must consider concentrations that are based on common or correlated risk factors that reflect more subtle or more situation-specific factors than traditional concentrations, such as correlations between market, credit risks and liquidity risk.
72.The growth of market-based intermediation has increased the possibility that different areas of a bank are exposed to a common set of products, risk factors or counterparties. This has created new challenges for risk aggregation and concentration management. Through its risk management processes and MIS, a bank must be able to identify and aggregate similar risk exposures across the firm, including across legal entities, asset types (e.g. loans, derivatives and structured products), risk areas (e.g. the trading book) and geographic regions. The typical situations in which risk concentrations can arise include:
1. i.Exposures to a single counterparty, borrower or group of connected counterparties or borrowers;
2. ii.Industry or economic sectors, including exposures to both regulated and nonregulated financial institutions such as hedge funds and private equity firms;
3. iii.Geographical regions;
4. iv.Exposures arising from credit risk mitigation techniques, including exposure to similar collateral types or to a single or closely related credit protection provider;
5. v.Trading exposures;
6. vi.Exposures to counterparties (e.g. hedge funds and hedge counterparties) through the execution or processing of transactions (either product or service);
7. vii.Assets that are held in the banking book or trading book, such as loans, derivatives and structured products; and
8. viii.Off-balance sheet exposures, including guarantees, liquidity lines and other commitments.
73.Risk concentrations can also arise through a combination of exposures across these broad categories. A bank must have an understanding of its firm-wide risk concentrations resulting from similar exposures across its different business lines.
74.While risk concentrations often arise due to direct exposures to borrowers and obligors, a bank may also incur a concentration to a particular asset type indirectly through investments backed by such assets (e.g. collateralised debt obligations – CDOs), as well as exposure to protection providers guaranteeing the performance of the specific asset type (e.g. monoline insurers). A bank must have in place adequate, systematic procedures for identifying high correlation between the creditworthiness of a protection provider and the obligors of the underlying exposures due to their performance being dependent on common factors beyond systematic risk (i.e. “wrong way risk”).
75.Procedures must be in place to communicate risk concentrations to the board of directors and senior management in a manner that clearly indicates where in the organisation each segment of a risk concentration resides. A bank must have credible risk mitigation strategies in place that have senior management approval. This may include altering business strategies, reducing limits or increasing minimum capital requirements in line with the desired risk profile. While it implements risk mitigation strategies, the bank must be aware of possible concentrations that might arise because of employing risk mitigation techniques.
76.Banks must employ a number of techniques, as appropriate, to measure risk concentrations. These techniques include shocks to various risk factors; use of business level and firm-wide scenarios; and the use of integrated stress testing and economic capital models. The Central Bank will use the reference model to challenge the credit concentration risk. The reference model is based on Herfindahl-Hirschman index (HHI), therefore the Central Bank requires all the banks to calculate and report the credit concentration risk using Herfindahl-Hirschman Index (HHI) methodology (single name and sector concentration) to be part of ICAAP document irrespective of the approach chosen by the bank. Identified concentrations must be measured in a number of ways, including for example, consideration of gross versus net exposures, use of notional amounts, and analysis of exposures with and without counterparty hedges. A bank must establish internal position limits for concentrations to which it may be exposed. When conducting periodic stress tests, a bank must incorporate all major risk concentrations and identify and respond to potential changes in market conditions that could adversely have an impact on their performance and capital adequacy.
77.The assessment of such risks under a bank’s ICAAP and the supervisory review process must not be a mechanical process, but one in which each bank determines, depending on its business model, its own specific vulnerabilities. Every bank must discuss these vulnerabilities with the Central Bank. An appropriate level of capital for risk concentrations must be incorporated in a bank’s ICAAP, as well as in Pillar 2 assessments.
78.A bank must have in place effective internal policies, systems and controls to identify, measure, monitor, manage, control and mitigate its risk concentrations in a timely manner. Not only must normal market conditions be considered, but also the potential build-up of concentrations under stressed market conditions, economic downturns and periods of general market illiquidity. In addition, the bank must assess scenarios that consider possible concentrations arising from contractual and non-contractual contingent claims. The scenarios must also combine the potential build-up of pipeline exposures together with the loss of market liquidity and a significant decline in asset values. The Central Bank will use its own benchmarking to determine if banks estimation of additional capital requirements is sufficient.

E. Counterparty Credit Risk
79.Counterparty Credit Risk (CCR) represents a form of credit risk and is covered in Pillar 1.
80.The bank must have counterparty credit risk management policies, processes and systems that are conceptually sound and implemented with integrity relative to the sophistication and complexity of a firm’s holdings of exposures that give rise to CCR. A sound counterparty credit risk management framework shall include the identification, measurement, management, approval and internal reporting of CCR.
81.The bank’s risk management policies must take account of the market, liquidity and operational riks that can be associated with CCR and, to the extent practicable, interrelationships among those risks. The bank must not undertake business with a counterparty without assessing its creditworthiness and must take due account of both settlement and pre-settlement credit risk. These risks must be managed as comprehensively as practicable at the counterparty level (aggregating counterparty exposures with other credit exposures) and at the firm-wide level.
82.The board of directors and senior management must be actively involved in the CCR control process and must regard this as an essential aspect of the business to which significant resources need to be devoted.
83.The bank’s CCR management system must be used in conjunction with internal credit and trading limits. In this regard, credit and trading limits must be the outcome of the firm’s risk measurement model in a manner that is consistent over time and that is well understood by credit managers, traders and senior management.
84.The bank must have a routine and rigorous program of stress testing in place as a supplement to the CCR analysis based on the day-to-day output of the bank’s risk measurement model. The results of this stress testing must be reviewed periodically by senior management and must be reflected in the CCR policies and limits set by management and the board of directors. Where stress tests reveal particular vulnerability to a given set of circumstances, management must explicitly consider appropriate risk management strategies (e.g. by hedging against that outcome, or reducing the size of the firm’s exposures).
85.The bank must have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operation of the CCR management system. The firm’s CCR management system must be well documented, for example, through a risk management manual that describes the basic principles of the risk management system and that provides an explanation of the empirical techniques used to measure CCR.
86.The bank must conduct an independent review of the CCR management system regularly through its own internal auditing process. This review must include both the activities of the business credit and trading units and of the independent CCR control. A review of the overall CCR management process must take place at regular intervals (ideally not less than once a year) and must specifically address, at a minimum:
1. i.The adequacy of the documentation of the CCR management system and process;
2. ii.The organisation of the CCR control;
3. iii.The integration of CCR measures into daily risk management;
4. iv.The approval process for risk pricing models and valuation systems used by front and back-office personnel;
5. v.The validation of any significant change in the CCR measurement process;
6. vi.The scope of counterparty credit risks captured by the risk measurement model;
7. vii.The integrity of the management information system;
8. viii.The accuracy and completeness of CCR data;
9. ix.The verification of the consistency, timeliness and reliability of data sources used to run internal models, including the independence of such data sources;
10. x.The accuracy and appropriateness of volatility and correlation assumptions;
11. xi.The accuracy of valuation and risk transformation calculations;
12. xii.The verification of the model’s accuracy through frequent back testing.

F. Operational Risk
87.Gross income, used in the Basic Indicator and Standardised Approaches for operational risk, is only a proxy for the scale of operational risk exposure of a bank and can in some cases underestimate the need for capital for operational risk. The Central Bank will consider whether the capital requirement generated by the Pillar 1 calculation gives a consistent picture of the individual bank’s operational risk exposure, for example in comparison with other banks of similar size and with similar operations. The use of Pillar 2 to charge capital for inadequacy in risk management may also be applied by the Central Bank.
88.A bank offering Islamic financial services must ensure that its operational risk management framework addresses any operational risks arising from potential noncompliance with Sharī’ah provisions and Higher Shari’ah Authority resolutions.

G. Market Risk
Policies and procedures for trading book eligibility
89.Clear policies and procedures used to determine the exposures that may be included in, and those that must be excluded from, the trading book for purposes of calculating regulatory capital are critical to ensure the consistency and integrity of a bank’s trading book. The Central Bank must be satisfied that the policies and procedures clearly delineate the boundaries of the bank’s trading book and consistent with the bank’s risk management capabilities and practices. The Central Bank must also be satisfied that transfers of positions between banking and trading books can only occur in a very limited set of circumstances. The Central Bank will require a bank to modify its policies and procedures when they prove insufficient with the general principles set forth in this Standard, or not consistent with the bank’s risk management capabilities and practices.

Valuation
90.Prudent valuation policies and procedures form the foundation on which any robust assessment of market risk capital adequacy must be built. For a well-diversified portfolio consisting of highly liquid cash instruments, and without market concentration, the valuation of the portfolio, combined with the minimum quantitative standards may deliver sufficient capital to enable a bank, in adverse market conditions, to close out or hedge its positions in a quick and orderly fashion. However, for less well diversified portfolios, for portfolios containing less liquid instruments, for portfolios with concentrations in relation to market turnover, and/or for portfolios which contain large numbers of positions that are marked-to-model this is less likely to be the case. In such circumstances, the Central Bank will consider whether a bank has sufficient capital. To the extent, if there is a shortfall, the Central Bank will react appropriately. This will usually require the bank to reduce its risks and set higher minimum capital requirements.

H. Reputational Risk and Implicit Support
91.Reputational risk of the bank can be defined as the risk arising from negative perception on the part of customers, counterparties, shareholders, investors, debt-holders, market analysts, other relevant parties or regulators that can adversely affect a bank’s ability to maintain existing, or establish new, business relationships and continued access to sources of funding (e.g. through the interbank or securitisation markets). Reputational risk is multidimensional and reflects the perception of other market participants. Furthermore, it exists throughout the organisation and exposure to reputational risk is essentially a function of the adequacy of the bank’s internal risk management processes, as well as the manner and efficiency with which management responds to external influences on bank-related transactions.
92.Reputational risk can lead to the provision of implicit support by the bank, which may give rise to credit, liquidity, market and legal risk – all of which can have a negative impact on a bank’s earnings, liquidity and capital position. A bank must identify potential sources of reputational risk to which it is exposed. These include the bank’s business lines, liabilities, affiliated operations, off-balance sheet vehicles and the markets in which it operates. The risks that arise must be incorporated into the bank’s risk management processes and appropriately addressed in its ICAAP and liquidity contingency plans.
93.A bank must incorporate the exposures that could give rise to reputational risk into its assessments of whether the requirements under the securitisation framework have been met and the potential adverse impact of providing implicit support.
94.Reputational risk also may affect a bank’s liabilities, since market confidence and a bank’s ability to fund its business are closely related to its reputation. For instance, to avoid damaging its reputation, a bank may call its liabilities even though this might negatively affect its liquidity profile. This is particularly true for liabilities that are components of regulatory capital, such as hybrid/subordinated debt. In such cases, a bank’s capital position is likely to suffer.
95.Bank management must have appropriate policies in place to identify sources of reputational risk when entering new markets, products or lines of activities. In addition, a bank’s stress testing procedures must take account of reputational risk so management has a firm understanding of the consequences and second round effects of reputational risk.
96.Once a bank identifies potential exposures arising from reputational concerns, it must measure the amount of support it might have to provide (including implicit support of securitisations) or losses it might experience under adverse market conditions. In particular, in order to avoid reputational damages and to maintain market confidence, a bank must develop methodologies to measure as precisely as possible the effect of reputational risk in terms of other risk types (e.g. credit, liquidity, market or operational risk) to which it may be exposed. This could be accomplished by including reputational risk scenarios in regular stress tests. For instance, non-contractual off-balance sheet exposures could be included in the stress tests to determine the effect on a bank’s credit, market and liquidity risk profiles. Methodologies also could include comparing the actual amount of exposure carried on the balance sheet versus the maximum exposure amount held off-balance sheet, that is, the potential amount to which the bank could be exposed.
97.A bank must pay particular attention to the effects of reputational risk on its overall liquidity position, taking into account both possible increases in the asset side of the balance sheet and possible restrictions on funding, as well as the loss of reputation as a result in various counterparties’ loss of confidence.
98.In contrast to contractual credit exposures, such as guarantees, implicit support is a more subtle form of exposure. Implicit support arises when a bank provides post-sale support to a securitisation transaction in excess of any contractual obligation. Such non-contractual support exposes a bank to the risk of loss, such as loss arising from deterioration in the credit quality of the securitisation’s underlying assets.
99.By providing implicit support, a bank signals to the market that all of the risks inherent in the securitised assets are still held by the organisation and, in effect, had not been transferred. Since the risk arising from the potential provision of implicit support is not captured ex ante under Pillar 1, it must be considered as part of the Pillar 2 process. In addition, the processes for approving new products or strategic initiatives must consider the potential provision of implicit support and must be incorporated in a bank’s ICAAP.

I. Market Conduct Risk
100.This Standard will focus on regulatory supervision of market conduct by the Central Bank. Supervision will rely on the supervisory activities identified in the previous chapters and is supplemented by the follow requirements and activities.
101.The Central Bank has taken steps to strengthen its regulatory and supervisory framework regarding market conduct of financial institutions by creating a separate Consumer Protection Department (CPD) that will have the resources and mandate to focus on monitoring market conduct, providing regulatory supervision and addressing issues of compliance / enforcement. It also has a mandate to improve consumer financial literacy through consumer education programs and outreach activities.
Consumer Protection Framework
102.A Consumer Protection Framework (CPF) is a regulatory and supervisory response designed to protect consumers by establishing standards of market conduct for institutional behaviour to mitigate potential risks of misconduct and protect consumers from harm.

103.Market conduct is defined simply as to how a financial institution conducts itself in the marketplace in terms of the level of integrity, fairness, and competency that it demonstrates in dealing with consumers. It includes the behaviour and actions of a financial institution in the market place involving such matters as:
1. i.product design, development
2. ii.marketing and sales practices,
3. iii.advertising,
4. iv.compliance with laws,
5. v.fulfilling its obligations to customers,
6. vi.treatment of customer’s / dispute resolution,
7. vii.conflicts of interest,
8. viii.transparency and disclosure
9. ix.Market competition, pricing, etc.
104.The supervisory activities under the CPF are risk-based and requires a comprehensive understanding of the retail operations of the financial institutions; the risks created by the behaviour of these organisations, the risks from products and services offered, and how these risks are being managed. The risk-based approach assesses the nature of the institution’s business activities and the risks that are inherent to each type of activity undertaken. The supervisory framework requires open, transparent and frequent flow of quality data and information between the financial institutions and the Central Bank that allows CPD to effectively perform up-to-date market conduct assessments.
Importance of Supervisory Review – Market Conduct
105.Many of the supervisory requirements discussed in previous sections of these Standards fully apply to the supervision of market conduct. However, supervision of market conduct adds another dimension and perspective in regulatory supervision. The additional supervisory concerns are highlighted as follows.

Board and Senior Management Oversight
106.In addition to the previous chapters, it is expected that effective reporting occur quarterly regarding any compliance issues regarding retail operations, analysis of consumer complaints / trends and identification of systemic issues. Boards should be confident that its retail workers have had the training and qualification to fulfil their responsibilities and regulatory responsibilities and those effective verifications are carried out.

Appropriate Policies, Procedures and Limits:
107.More specifically, market conduct will focus on policies, procedures, practices and related training associated with product design, development, distribution, marketing, advertising and sales. The Central Bank will evaluate the same elements for third parties carrying out outsourced retail activities.

Comprehensive Risk Assessment:
Operational Risk:
108.The financial institution must have a framework for monitoring, identifying and mitigating market conduct risks association with business lines and the products and services offered at the retail level. This includes identifying risks associated with institutional errors or misconduct. Risk analysis must consider such activities including product design, development, marketing, pricing, distribution, sales, advertising, disclosure, suitability, affordability, product assumptions and accuracy / method of calculations, fraud, technology downtime, etc. Institutions must also evaluate the risks related to third party distributors, suppliers / contractors.
109.An important differentiation from prudent supervision is the matter of materiality. It is not the basis for mitigating conduct risks in the retail market place. The regulatory concerns are on proactive mitigation of risks with the objectives of promoting consumer confident in the integrity of the market place, preventing harm done to the consumer and ensuring proper dispute resolution and redress where there is harm.
Reputational Risks:
110.The institution must also evaluate the impact that a risk event in the retail operations may have on its reputation in the market place, (a) whether it is an event of significant misselling or improper disclosure or calculation errors, these may be systemic issues that will attract regulatory actions, may attract public awareness and media attention and (b) what measures will the institution have in place to mitigate this risk and associated response by consumers.
Monitoring and Reporting:
111.Institutions are expected to have an adequate system for monitoring and reporting on their retails operations. The bank’s senior management or board of directors must, ensure proper monitoring and reporting including risk analysis and trends in consumer inquires and complaints. Reporting to the board should evaluate the quality and frequency of training of front line staff; the proper qualifications of staff to sell or market products, the meeting of performance indicators, the identification and frequency of bank errors, compliance with regulatory requirements and other matters of conduct risk.
112.Financial institutions will provide timely and accurate information as requested by the Central Bank including complaint information as required by the Central Bank as per Notice 383/2017 regarding setting up a Complaint Unit.
113.Financial institutions will provide notice to the Central Bank of any material changes and/or important issues that may affect consumers or the retail operations of the financial institution.

J. Liquidity Risk Management and Supervision
114.The financial market crisis underscores the importance of assessing the potential impact of liquidity risk on capital adequacy in a bank’s ICAAP. Senior management must consider the relationship between liquidity and capital since liquidity risk can affect capital adequacy, which, in turn, can aggravate a bank’s liquidity profile.
115.Another facet of liquidity risk management is that a bank must appropriately price the costs, benefits and risks of liquidity into the internal pricing, performance measurement, and new product approval process of all significant business activities.
116.A bank is expected to be able to thoroughly identify, measure and control liquidity risks, especially with regard to complex products and contingent commitments (both contractual and non-contractual). This process must involve the ability to project cash flows arising from assets, liabilities and off-balance sheet items over various time horizons, and must ensure diversification in both the tenor and source of funding. A bank must utilise early warning indicators to identify the emergence of increased risk or vulnerabilities in its liquidity position or funding needs. It must have the ability to control liquidity risk exposure and funding needs, regardless of its organisation structure, within and across legal entities, business lines, and currencies, taking into account any legal, regulatory and operational limitations to the transferability of liquidity.
117.A bank’s failure to effectively manage intraday liquidity could leave it unable to meet its payment obligations at the time expected, which could lead to liquidity dislocations that cascade quickly across many systems and institutions. As such, the bank’s management of intraday liquidity risks must be considered as a crucial part of liquidity risk management. It must also actively manage its collateral positions and have the ability to calculate all of its collateral positions.
118.While banks typically manage liquidity under “normal” circumstances, they must also be prepared to manage liquidity under stressed conditions. A bank must perform stress tests or scenario analyses on a regular basis in order to identify and quantify their exposures to possible future liquidity stresses, analysing possible impacts on the bank’s cash flows, liquidity positions, profitability, and solvency. The results of these stress tests must be discussed thoroughly by management, and based on this discussion, must form the basis for taking remedial or mitigating actions to limit the bank’s exposures, build up a liquidity cushion, and adjust its liquidity profile to fit its risk tolerance. The results of stress tests must also play a key role in shaping the bank’s contingency funding planning, which must outline policies for managing a range of stress events and clearly sets out strategies for addressing liquidity shortfalls in emergencies.
119.The Central Bank’s reserves the right to set higher liquidity requirements in Pillar 2.

K. Valuation Practices
120.In order to enhance the supervisory assessment of banks’ valuation practices, the Basel Committee published Supervisory guidance for assessing banks’ financial instrument fair value practices in April 2009. This guidance applies to all positions that are measured at fair value and at all times, not only during times of stress.
121.The characteristics of complex structured products as well as simple but illiquid products, including securitisation transactions, make their valuation inherently difficult due, in part, to the absence of active and liquid markets, the complexity and uniqueness of the cash waterfalls, and the links between valuations and underlying risk factors. The absence of a transparent price from a liquid market means that the valuation must rely on models or proxy-pricing methodologies, as well as on expert judgment. The outputs of such models and processes are highly sensitive to the inputs and parameter assumptions adopted, which may themselves be subject to estimation error and uncertainty. Moreover, calibration of the valuation methodologies is often complicated by the lack of readily available benchmarks.
122.Therefore, a bank is expected to have adequate governance structures and control processes for fair valuing exposures for risk management and financial reporting purposes. The valuation governance structures and related processes must be embedded in the overall governance structure of the bank, and consistent for both risk management and reporting purposes. The governance structures and processes are expected to explicitly cover the role of the board and senior management. In addition, the board must receive reports from senior management on the valuation oversight and valuation model performance issues that are brought to senior management for resolution, as well as all significant changes to valuation policies.
123.A bank must also have clear and robust governance structures for the production, assignment and verification of financial instrument valuations. Policies must ensure that the approvals of all valuation methodologies are well documented. In addition, policies and procedures must set forth the range of acceptable practices for the initial pricing, marking-to-market/model, valuation adjustments and periodic independent revaluation. New product approval processes (which has to be established in the first place) must include all internal stakeholders relevant to risk measurement, risk management, and the assignment and verification of valuations of financial instruments.
124.A bank’s control processes for testing and reporting valuations must be consistently applied across the firm and integrated with risk measurement and management processes. In particular, valuation controls must be applied consistently across similar instruments (risks) and consistent across business lines (books). These controls must be subject to internal audit. Regardless of the booking location of a new product, reviews and approval of valuation methodologies must be guided by a minimum set of considerations. Furthermore, the valuation/new product approval process must be supported by a transparent, well-documented inventory of acceptable valuation methodologies that are specific to products and businesses. The Board must be familiar with and approve the basic assumptions behind these methodologies.
125.In order to establish and verify valuations for instruments and transactions in which it engages, a bank must have adequate capacity, including during periods of stress. This capacity must be commensurate with the importance, riskiness and size of these exposures in the context of the business profile of the bank. In addition, for those exposures that represent material risk, a bank is expected to have the capacity to produce valuations using alternative methods that cannot just solely rely on the valuations provided by its counterparts in the event that primary inputs and approaches become unreliable, unavailable or not relevant due to market discontinuities or illiquidity. A bank must test and review the performance of its models under stress conditions so that it understands the limitations of the models under stress conditions.
126.The relevance and reliability of valuations is directly related to the quality and reliability of the inputs. Where values are determined to be in an active market, a bank must maximise the use of relevant observable inputs and minimise the use of unobservable inputs when estimating fair value using a valuation technique. However, where a market is deemed inactive, observable inputs or transactions may not be relevant, such as in a forced liquidation or distress sale, or transactions may not be observable, such as when markets are inactive. In such cases, accounting fair value guidance provides assistance on what must be considered, but may not be determinative. In assessing whether a source is reliable and relevant, a bank must consider, among other things:
1. i.The frequency and availability of the prices/quotes;
2. ii.Whether those prices represent actual regularly occurring transactions on an arm's length basis;
3. iii.The breadth of the distribution of the data and whether it is generally available to the relevant participants in the market;
4. iv.The timeliness of the information relative to the frequency of valuations;
5. v.The number of independent sources that produce the quotes/prices;
6. vi.The maturity of the market; and
7. vii.The similarity between the financial instrument sold in a transaction and the instrument held by the bank.

L. Sound Stress Testing Practices
127.In order to strengthen banks’ stress testing practices, as well as improve supervision of those practices, in October 2018 the Basel Committee published Principles for sound stress testing practices and supervision. Improvements in stress testing alone cannot address all risk management weaknesses, but as part of a comprehensive approach, stress testing has a leading role to play in strengthening bank corporate governance and the resilience of individual banks and the financial system.
128.Stress testing is an important tool that is used by banks as part of their internal risk management that alerts bank management to adverse unexpected outcomes related to a broad variety of risks, and provides an indication to banks of how much capital might be needed to absorb losses if large shocks occur. Moreover, stress testing supplements other risk management approaches and measures. It plays a particularly important role in:
1. i.Providing forward looking assessments of risk,
2. ii.Overcoming limitations of models and historical data,
3. iii.Supporting internal and external communication,
4. iv.Feeding into capital and liquidity planning procedures,
5. v.Informing the setting of a banks’ risk tolerance,
6. vi.Addressing existing or potential, firm-wide risk concentrations, and
7. vii.Facilitating the development of risk mitigation or contingency plans across a range of stressed conditions.
129.Stress testing is especially important after long periods of benign risk, when the fading memory of negative economic conditions can lead to complacency and the underpricing of risk, and when innovation leads to the rapid growth of new products for which there is limited or no loss data.
130.Stress testing must form an integral part of the overall governance and risk management culture of the bank. Board and senior management involvement in setting stress testing objectives, defining scenarios, discussing the results of stress tests, assessing potential actions and decision making is critical in ensuring the appropriate use of stress testing in banks’ risk governance and capital planning. Senior management must take an active interest in the development and operation of stress testing. The results of stress tests must contribute to strategic decision making and foster internal debate regarding assumptions, such as the cost, risk and speed with which new capital could be raised or that positions could be hedged or sold. Board and senior management involvement in the stress-testing program is essential for its effective operation.
131.Therefore, a bank’s capital planning process must incorporate rigorous, forward-looking stress testing that identifies possible events or changes in market conditions that could adversely have an impact on the bank. Banks, in their ICAAPs must examine future capital resources and capital requirements under adverse scenarios. In particular, the results of forward-looking stress testing must be considered when evaluating the adequacy of a bank’s capital buffer. Capital adequacy must be assessed under stressed conditions against a variety of capital ratios, including regulatory ratios. In addition, the possibility that a crisis impairs the ability of even very healthy banks to raise funds at reasonable cost must be considered.
132.In addition, a bank must develop methodologies to measure the effect of reputational risk arising from other risk types, namely credit, liquidity, market and other risks that they may be exposed to in order to avoid reputational damages and in order to maintain market confidence. This could be done by including reputational risk scenarios in regular stress tests. For instance, AML sanctions.
133.A bank must carefully assess the risks with respect to commitments to off-balance sheet vehicles and third-party firms related to structured credit securities and the possibility that assets will need to be taken on-balance sheet for reputational reasons. Therefore, in its stress-testing programme, a bank must include scenarios assessing the size and soundness of such vehicles and firms relative to its own financial, liquidity and regulatory capital positions. This analysis must include structural, solvency, liquidity and other risk issues, including the effects of covenants and triggers.
134.The Central Bank will assess the effectiveness of banks’ stress testing programme in identifying relevant vulnerabilities. The Central Bank will review the key assumptions driving stress-testing results and challenge their continuing relevance in view of existing and potentially changing market conditions. The Central Bank will challenge the banks on how stress testing is used and the way it affects decision-making. Where this assessment reveals material shortcomings, the Central Bank will require a bank to detail a plan of corrective action

VI. Other Aspects of the Supervisory Review Process

Supervisory Transparency and Accountability
135.The supervision of banks is not an exact science, and therefore, discretionary elements within the supervisory review process are inevitable. The Central Bank will carry out its obligations in a transparent and accountable manner. The Central Bank will make publicly available the criteria (defined in the accompanying Guidance) to be used in the review of banks’ internal capital assessments. If the Central Bank chooses to set higher minimum capital requirements or to set categories of capital in excess of the regulatory minimum, factors that may be considered in doing so will be publicly available. Where the capital requirements are set above the minimum for an individual bank, the Central Bank will explain to the bank the risk characteristics specific to the bank, which resulted in the requirement and any remedial action necessary.

Supervisory Review Process for Securitisation
136.Further to the Pillar 1 principle that banks must take account of the economic substance of transactions in their determination of capital adequacy, the Central Bank will monitor, as appropriate, whether banks have done so adequately. As a result, regulatory capital treatments for specific securitisation exposures might differ from those specified in Pillar 1 of the Framework, particularly in instances where the general capital requirement would not adequately and sufficiently reflect the risks to which an individual banking organisation is exposed.
137.Amongst other things, the Central Bank will review where relevant a bank’s own assessment of its capital needs and how that has been reflected in the capital calculation as well as the documentation of certain transactions to determine whether the capital requirements accord with the risk profile (e.g. substitution clauses). The Central Bank will also review the manner in which banks have addressed the issue of maturity mismatch in relation to retained positions in their economic capital calculations. In particular, they will be vigilant in monitoring for the structuring of maturity mismatches in transactions to artificially reduce capital requirements. Additionally, the Central Bank will review the bank’s economic capital assessment of actual correlation between assets in the pool and how they have reflected that in the calculation. Where the Central Bank considers that a bank’s approach is not adequate, they will take appropriate action. Such action might include denying or reducing capital relief in the case of originated assets, or increasing the capital required against securitisation exposures acquired.

Significance of Risk Transfer
138.Securitisation transactions may be carried out for purposes other than credit risk transfer (e.g. funding). Where this is the case, there might still be a limited transfer of credit risk. However, for an originating bank to achieve reductions in capital requirements, the risk transfer arising from a securitisation has to be deemed significant by the Central Bank. If the risk transfer is considered insufficient or non-existent, the Central Bank will require the application of a higher capital requirement than prescribed under Pillar 1 or, alternatively, may deny a bank from obtaining any capital relief from the securitisations. Therefore, the capital relief that can be achieved will correspond to the amount of credit risk that is effectively transferred. The following includes a set of examples where the Central Bank will have concerns about the degree of risk transfer, such as retaining or repurchasing significant amounts of risk or “cherry picking” the exposures to be transferred via a securitisation.
139.Retaining or repurchasing significant securitisation exposures, depending on the proportion of risk held by the originator, might undermine the intent of a securitisation to transfer credit risk. Specifically, the Central Bank might expect that a significant portion of the credit risk and of the nominal value of the pool be transferred to at least one independent third party at inception and on an ongoing basis. Where banks repurchase risk for market making purposes, the Central Bank could find it appropriate for an originator to buy part of a transaction but not, for example, to repurchase a whole tranche. The Central Bank will expect that where positions have been bought for market making purposes, these positions must be resold within an appropriate period, thereby remaining true to the initial intention to transfer risk.
140.Another implication of realising only a non-significant risk transfer, especially if related to good quality unrated exposures, is that both the poorer quality unrated assets and most of the credit risk embedded in the exposures underlying the securitised transaction are likely to remain with the originator. Accordingly, and depending on the outcome of the supervisory review process, the Central Bank will increase the capital requirement for particular exposures or even increase the overall level of capital the bank is required to hold.

Market Innovations
141.As the minimum capital requirements for securitisation may not be able to address all potential issues, the Central Bank will consider new features of securitisation transactions as they arise. Such assessments would include reviewing the impact new features may have on credit risk transfer and, where appropriate, the Central Bank will be expected to take appropriate action under Pillar 2. A Pillar 1 response may be formulated to take account of market innovations. Such a response may take the form of a set of operational requirements and/or a specific capital treatment.

Risk Evaluation and Management
142.A bank must conduct analyses of the underlying risks when investing in the structured products and must not solely rely on the external credit ratings assigned to securitisation exposures by the credit rating agencies. A bank must be aware that external ratings are a useful starting point for credit analysis, but are no substitute for full and proper understanding of the underlying risk, especially where ratings for certain asset classes have a short history or have been shown to be volatile. Moreover, a bank also must conduct credit analysis of the securitisation exposure at acquisition and on an ongoing basis. It must also have in place the necessary quantitative tools, valuation models and stress tests of sufficient sophistication to reliably assess all relevant risks.
143.When assessing securitisation exposures, a bank must ensure that it fully understands the credit quality and risk characteristics of the underlying exposures in structured credit transactions, including any risk concentrations. In addition, a bank must review the maturity of the exposures underlying structured credit transactions relative to the issued liabilities in order to assess potential maturity mismatches.
144.A bank must track credit risk in securitisation exposures at the transaction level and across securitisations exposures within each business line and across business lines. It must produce reliable measures of aggregate risk. A bank also must track all meaningful concentrations in securitisation exposures, such as name, product or sector concentrations, and feed this information to firm-wide risk aggregation systems that track, for example, credit exposure to a particular obligor.
145.A bank’s own assessment of risk needs to be based on a comprehensive understanding of the structure of the securitisation transaction. It must identify the various types of triggers, credit events and other legal provisions that may affect the performance of its on- and off-balance sheet exposures and integrate these triggers and provisions into its funding/liquidity, credit and balance sheet management. The impact of the events or triggers on a bank’s liquidity and capital position must also be considered.
146.Banks either underestimated or did not anticipate that a market-wide disruption could prevent them from securitising warehoused or pipeline exposures and did not anticipate the effect this could have on liquidity, earnings and capital adequacy. As part of its risk management processes, a bank must consider and, where appropriate, mark-to-market warehoused positions, as well as those in the pipeline, regardless of the probability of securitising the exposures. It must consider scenarios that may prevent it from securitising its assets as part of its stress testing and identify the potential effect of such exposures on its liquidity, earnings and capital adequacy.
147.A bank must develop prudent contingency plans specifying how it would respond to funding, capital and other pressures that arise when access to securitisation markets is reduced. The contingency plans must also address how the bank would address valuation challenges for potentially illiquid positions held for sale or for trading. The risk measures, stress testing results and contingency plans must be incorporated into the bank’s risk management processes and its ICAAP, and must result in an appropriate level of capital under Pillar 2 in excess of the minimum requirements.
148.A bank that employs risk mitigation techniques must fully understand the risks to be mitigated, the potential effects of that mitigation and whether or not the mitigation is fully effective. This is to help ensure that the bank does not understate the true risk in its assessment of capital. In particular, it must consider whether it would provide support to the securitisation structures in stressed scenarios due to the reliance on securitisation as a funding tool.

Provision of Implicit Support
149.Support to a transaction, whether contractual (i.e. credit enhancements provided at the inception of a securitised transaction) or non-contractual (implicit support) can take numerous forms. For instance, contractual support can include over collateralisation, credit derivatives, spread accounts, contractual recourse obligations, subordinated notes, credit risk mitigants provided to a specific tranche, the subordination of fee or interest income or the deferral of margin income, and clean-up calls that exceed 10 percent of the initial issuance. Examples of implicit support include the purchase of deteriorating credit risk exposures from the underlying pool, the sale of discounted credit risk exposures into the pool of securitized credit risk exposures, the purchase of underlying exposures at above market price or an increase in the first loss position according to the deterioration of the underlying exposures.
150.The provision of implicit (or non-contractual) support, as opposed to contractual credit support (i.e. credit enhancements), raises significant supervisory concerns. For traditional securitisation structures the provision of implicit support undermines the clean break criteria, which when satisfied would allow banks to exclude the securitised assets from regulatory capital calculations. For synthetic securitisation structures, it negates the significance of risk transference. By providing implicit support, banks signal to the market that the risk is still with the bank and has not in effect been transferred. The bank’s capital calculation therefore understates the true risk. Accordingly, the Central Bank will take appropriate action when a banking organisation provides implicit support.
151.When a bank has been found to provide implicit support to a securitisation, it will be required to hold capital against all of the underlying exposures associated with the structure as if they had not been securitised. It will also be required to disclose publicly that it was found to have provided non-contractual support, as well as the resulting increase in the capital charge (as noted above). The aim is to require banks to hold capital against exposures for which they assume the credit risk, and to discourage them from providing non-contractual support.
152.If a bank is found to have provided implicit support on more than one occasion, the bank is required to disclose its transgression publicly and the Central Bank will take appropriate action that may include, but is not limited to, one or more of the following:
1. i.The bank may be prevented from gaining favourable capital treatment on securitised assets for a period of time to be determined by the Central Bank;
2. ii.The bank may be required to hold capital against all securitised assets as though the bank had created a commitment to them, by applying a conversion factor to the risk weight of the underlying assets;
3. iii.For purposes of capital calculations, the bank may be required to treat all securitised assets as if they remained on the balance sheet;
4. iv.The bank must be required by the Central Bank to hold regulatory capital in excess of the minimum risk-based capital ratios.
153.The Central Bank will be vigilant in determining implicit support and will take appropriate supervisory action to mitigate the effects. Pending any investigation, the bank may be prohibited from any capital relief for planned securitisation transactions (moratorium). The Central Bank’s response will be aimed at changing the bank’s behaviour with regard to the provision of implicit support, and to correct market perception as to the willingness of the bank to provide future recourse beyond contractual obligations.

Residual Rrisks
154.As with credit risk mitigation techniques more generally, the Central Bank will review the appropriateness of banks’ approaches to the recognition of credit protection. In particular, with regard to securitisations, the Central Bank will review the appropriateness of protection recognised against first loss credit enhancements. On these positions, expected loss is less likely to be a significant element of the risk and is likely to be retained by the protection buyer through the pricing. Therefore, the Central Bank will expect banks’ policies to take account of this in determining their economic capital. If the Central Bank does not consider the approach to protection recognised as adequate, action will be taken. Such action may include increasing the capital requirement against a particular transaction or class of transactions.

Call Provisions
155.The Central Bank expects a bank not to make use of clauses that entitles it to call the securitisation transaction or the coverage of credit protection prematurely if this would increase the bank’s exposure to losses or deterioration in the credit quality of the underlying exposures.
156.Besides the general principle stated above, the Central Bank expects banks to only execute clean-up calls for economic business purposes, such as when the cost of servicing the outstanding credit exposures exceeds the benefits of servicing the underlying credit exposures.
157.Subject to national discretion, the Central Bank will require a review prior to the bank exercising a call which can be expected to include consideration of:
1. i.The rationale for the bank’s decision to exercise the call; and
2. ii.The impact of the exercise of the call on the bank’s regulatory capital ratio.
158.The Central Bank will also require the bank to enter into a follow-up transaction, if necessary, depending on the bank’s overall risk profile, and existing market conditions.
159.Date related calls must be set at a date no earlier than the duration or the weighted average life of the underlying securitisation exposures. Accordingly, supervisory authorities may require a minimum period to elapse before the first possible call date can be set, given, for instance, the existence of up-front sunk costs of a capital market securitisation transaction.

Early Amortisation
160.The Central Bank will review how banks internally measure, monitor, and manage risks associated with securitisations of revolving credit facilities, including an assessment of the risk and likelihood of early amortisation of such transactions. At a minimum, the Central Bank will ensure that banks have implemented reasonable methods for allocating economic capital against the economic substance of the credit risk arising from revolving securitisations and must expect banks to have adequate capital and liquidity contingency plans that evaluate the probability of an early amortisation occurring and address the implications of both scheduled and early amortisation. In addition, the capital contingency plan must address the possibility that the bank will face higher levels of required capital under the early amortisation Pillar 1 capital requirement.
161.Because most early amortisation triggers are tied to excess spread levels, the factors affecting these levels must be well understood, monitored, and managed, to the extent possible by the originating bank. For example, the following factors affecting excess spread must generally be considered:
1. i.Interest payments made by borrowers on the underlying receivable balances;
2. ii.Other fees and charges to be paid by the underlying obligors (e.g. late-payment fees, cash advance fees, over-limit fees);
3. iii.Gross charge-offs;
4. iv.Principal payments;
5. v.Recoveries on charged-off loans;
6. vi.Interchange income;
7. vii.Interest paid on investors’ certificates;
8. viii.Macroeconomic factors such as bankruptcy rates, interest rate movements, unemployment rates; etc.
162.Banks must consider the effects that changes in portfolio management or business strategies may have on the levels of excess spread and on the likelihood of an early amortisation event. For example, marketing strategies or underwriting changes that result in lower finance charges or higher charge-offs, might also lower excess spread levels and increase the likelihood of an early amortisation event.
163.Banks must use techniques such as static pool cash collections analyses and stress tests to better understand pool performance. These techniques can highlight adverse trends or potential adverse impacts. Banks must have policies in place to respond promptly to adverse or unanticipated changes. The Central Bank will take appropriate action where they do not consider these policies adequate. Such action may include, but is not limited to, directing a bank to obtain a dedicated liquidity line or raising the early amortisation credit conversion factor, thus, increasing the bank’s capital requirements.
164.While the early amortisation capital charge described in Pillar 1 is meant to address potential supervisory concerns associated with an early amortisation event, such as the inability of excess spread to cover potential losses, the policies and monitoring described in this section recognise that a given level of excess spread is not, by itself, a perfect proxy for credit performance of the underlying pool of exposures. In some circumstances, for example, excess spread levels may decline so rapidly as to not provide a timely indicator of underlying credit deterioration. Further, excess spread levels may reside far above trigger levels, but still exhibit a high degree of volatility, which could warrant supervisory attention. In addition, excess spread levels can fluctuate for reasons unrelated to underlying credit risk, such as a mismatch in the rate at which finance charges reprice relative to investor certificate rates. Routine fluctuations of excess spread might not generate supervisory concerns, even when they result in different capital requirements. This is particularly the case as a bank moves in or out of the first step of the early amortisation credit conversion factors. On the other hand, existing excess spread levels may be maintained by adding (or designating) an increasing number of new accounts to the master trust, an action that would tend to mask potential deterioration in a portfolio. For all of these reasons, supervisors will place particular emphasis on internal management, controls, and risk monitoring activities with respect to securitisations with early amortisation features.
165.The Central Bank expects that the sophistication of a bank’s system in monitoring the likelihood and risks of an early amortisation event will be commensurate with the size and complexity of the bank’s securitisation activities that involve early amortisation provisions.
166.For controlled amortisations specifically, the Central Bank will also review the process by which a bank determines the minimum amortisation period required to pay down 90% of the outstanding balance at the point of early amortisation. Where the Central Bank does not consider this adequate, it will take appropriate action, such as increasing the conversion factor associated with a particular transaction or class of transactions.

VIII. Shari’ah Implementation
Banks providing Islamic financial services must comply with the requirements and provisions of this standard for their Shari’ah compliant transactions that are alternative to transactions referred to in this Standard, provided it is acceptable by Islamic Shari’ah. This is applicable until relevant standards and/or guidance are issued specifically for transactions of banks offering Islamic financial services

Pillar 3

XII. Pillar 3 – Market Disclosure

I. Scope and Application
The revised disclosure requirements presented in this Standard supersede the existing Pillar 3 disclosure requirements issued in 2009. These revised requirements are an integral part of the Basel framework and they complement other disclosure requirements issued separately by Central Bank, which are uploaded on Central Bank's online portal for banks to download. Pillar 3 Disclosure requirements apply to all banks in the UAE at consolidated level for local banks and all branches of foreign banks.
Implementation date
The Pillar 3 tables and disclosures will be effective from Q2, 2020 for the previous quarter/year's figures and every quarter/year going forward. Banks need to report in each table as per the requirements for that table set out in the Appendix since few tables are required to be reported every quarter or semi-annually or annually.

Reporting
Banks should publish their Pillar 3 report in a stand-alone document on the bank’s UAE-specific website that provides a readily accessible source of prudential measures for users. The Pillar 3 report may be appended to form a discrete section of a bank’s financial reporting, but the full report will be needed to be disclosed separately in the Pillar 3 tables as well.

II. Shari’ah Implementation
Banks offering Islamic financial services should comply with these disclosure requirements. These requirements are applicable to their activities that are in line with Islamic Shari’ah rules and principals, which are neither interest-based lending nor borrowing but are parallel to the activities described in these Guidance and Explanatory Notes
Further guidance on Pillar 3 disclosure requirements has been set out in the document, “Guidance for Capital Adequacy of Banks in the UAE”.

Leverage Ratio

XIII. Leverage Ratio

I. Introduction and Scope
1.This Standard articulates specific requirements for the calculation of the leverage ratio capital requirement for banks in the UAE. It is based closely on requirements of the framework for capital adequacy developed by the Basel Committee on Banking Supervision, specifically as articulated in Basel III: Finalising post-crisis reforms, December 2017.
2.The Central Bank leverage ratio framework introduces a simple, transparent, non-risk based measure to act as a credible supplement to the risk-based capital requirements. The leverage ratio is intended to:
- •Restrict the build-up of leverage in the banking sector to avoid destabilizing deleveraging processes that can damage the broader financial system and the economy; and
- •Reinforce the risk-based requirements with a simple, non-risk based “backstop” measure.
3.The Central Bank is of the view that:
1. •A simple leverage ratio framework is critical and complementary to the risk-based capital framework; and
2. •A credible leverage ratio is one that ensures broad and adequate capture of both the on- and off-balance-sheet sources of banks’ leverage.
4.This Standards supports the Central Bank’s Regulations Re Capital Adequacy and shall be applied as set forth therein.

II. Definitions
In general, terms in this Standard have the meanings defined in other Regulations and Standards issued by the Central Bank. In addition, for this Standard, the following terms have the meanings defined in this section.
1. a.A central counterparty (CCP) is an entity that interposes itself between counterparties to contracts traded within one or more financial markets, becoming the legal counterparty such that it is the buyer to every seller and the seller to every buyer.
2. b.A clearing member (CM) is defined as a member of, or direct participant in, a CCP that is entitled to enter into transactions with the CCP.
3. c.A clearing member client is defined as a party to a cleared transaction associated with a CCP in which a CM either acts as a financial intermediary with respect to the party or guarantees the performance of the party to the CCP.
4. d.Commitment means any contractual arrangement that has been offered by the bank and accepted by the client to extend credit, purchase assets or issue credit substitutes. It includes any such arrangement that can be unconditionally cancelled by the bank at any time without prior notice to the obligor. It also includes any such arrangement that can be cancelled by the bank if the obligor fails to meet conditions set out in the facility document, including conditions that must be met by the obligor prior to any initial or subsequent drawdown arrangement.
5. e.General provisions or general loan loss reserves are reserves held against future, presently unidentified losses that are freely available to meet losses which subsequently materialize. Provisions ascribed to identify deterioration of particular assets or known liabilities, whether individual or grouped, should be excluded.
6. f.A multi-level client structure is one in which banks can centrally clear as indirect clients; that is, when clearing services are provided to the bank by an institution which is not a direct CM, but is itself a client of a CM or another clearing client. The term “higher level client” refers to the institution that provides clearing services.
7. g.A netting set is a group of contracts with a single counterparty subject to a legally enforceable agreement for net settlement, and satisfying all of the conditions for netting sets specified in this Standards.
8. h.Potential future exposure (PFE) is an estimate of the potential increase in exposure to counterparty risk against which regulatory capital must be held.
9. i.A qualifying central counterparty (QCCP) is a CCP that meets the conditions for QCCPs established by the Central Bank.
10. j.Regular-way purchases or sales are purchases or sales of financial assets under contracts for which the terms require delivery of the assets within the time frame established generally by regulation or convention in the marketplace concerned.
11. k.The remaining maturity of a derivative transaction is the time remaining until the latest date at which the contract may still be active. If a derivative contract has another derivative contract as its underlying (for example, a swaption) and may be physically exercised into the underlying contract (that is, a bank would assume a position in the underlying contract in the event of exercise), then the remaining maturity of the contract is the time until the final settlement date of the underlying derivative contract. For a derivative contract that is structured such that any outstanding exposure is settled on specified dates and the terms are reset so that the fair value of the contract is zero, the remaining maturity equals the time until the next reset date.
12. l.Securities financing transactions (SFTs) are transactions such as repurchase agreements, reverse repurchase agreements, security lending and borrowing, and margin lending transactions, where the value of the transactions depends on market valuations and the transactions are often subject to margin agreements.
13. m.Variation margin (VM) means margin in the form of cash or financial assets exchanged on a periodic basis between counterparties to recognize changes in contract value due to changes in market factors.
14. n.A walkaway clause is a provision that permits a non-defaulting counterparty to make only limited payments or no payment at all, to the estate of a defaulter, even if the defaulter is a net creditor.

III. Requirements

A. Leverage Ratio
5.The Central Bank leverage ratio is defined as the capital measure (the numerator) divided by the exposure measure (the denominator), with this ratio expressed as a percentage:

6.The capital measure for the leverage ratio is Tier 1 capital – comprising Common Equity Tier 1 and/or Additional Tier 1 instruments – as defined in the Central Bank’s Capital Supply Standards.
7.Both the capital measure and the exposure measure are to be calculated on a quarter-end basis. However, banks may, subject to Central Bank approval, use more frequent calculations (e.g. daily or monthly averaging) as long as they do so consistently.
8.Banks must at all times maintain a leverage ratio that equals or exceeds the minimum required leverage ratio as specified in UAE regulations.

B. Scope of Consolidation
9.The leverage ratio framework follows the same scope of regulatory consolidation, including consolidation criteria, as is used for the risk-based capital framework.
10.Treatment of investments in the capital of banking, financial, insurance and commercial entities that are outside the regulatory scope of consolidation: where a banking, financial, insurance or commercial entity is outside the scope of regulatory consolidation, only the investment in the capital of such entities (i.e. only the carrying value of the investment, as opposed to the underlying assets and other exposures of the investee) is to be included in the leverage ratio exposure measure. However, investments in the capital of such entities that are deducted from Tier 1 capital may be excluded from the leverage ratio exposure measure.

C. Exposure Measure
11.The leverage ratio exposure measure generally follows gross accounting values.
12.Unless specified differently below, banks must not take account of physical or financial collateral, guarantees or other credit risk mitigation techniques to reduce the leverage ratio exposure measure, nor may banks net assets and liabilities.
13.To ensure consistency, any item deducted from Tier 1 capital according to the Central Bank’s risk-based capital framework and regulatory adjustments other than those related to liabilities may be deducted from the leverage ratio exposure measure.
14.Liability items must not be deducted from the leverage ratio exposure measure.
15.With regard to traditional securitizations, an originating bank may exclude securitized exposures from its leverage ratio exposure measure if the securitization meets the operational requirements for the recognition of risk transference according to the Central Bank’s securitization framework. Banks meeting these conditions must include any retained securitization exposures in their leverage ratio exposure measure. In all other cases, the securitized exposures must be included in the leverage ratio exposure measure.
16.Where the Central Bank is concerned that transactions are not adequately captured in the leverage ratio exposure measure or may lead to a potentially destabilizing deleveraging process, it will carefully scrutinize these transactions and consider a range of actions to address such concerns. Central Bank actions may include requiring enhancements in banks’ management of leverage, imposing operational requirements (e.g. additional reporting to supervisors), requiring that the relevant exposure is adequately capitalized through a Pillar 2 capital charge, or any other measures deemed appropriate.
17.To facilitate the implementation of monetary policies, the Central Bank may consider temporarily exempting certain central bank reserves (that is, bank balances or placements at the central bank) from the leverage ratio exposure measure in exceptional macroeconomic circumstances. In such an event, the Central Bank would also increase the calibration of the minimum leverage ratio requirement commensurately to offset the impact of exempting central bank reserves. In addition, banks would be required to disclose the impact of any temporary exemption alongside ongoing public disclosure of the leverage ratio without application of such exemption.
18.A bank’s total leverage ratio exposure measure is the sum of the following exposures:
- •On balance sheet exposures (excluding on-balance-sheet derivative and SFT exposures);
- •derivative exposures;
- •SFT exposures; and
- •Off-balance sheet items.
The specific treatments for these four main exposure types are defined below.

1. On-Balance-Sheet Exposures
19.Banks must include all balance sheet assets in their leverage ratio exposure measure, including on-balance-sheet derivatives collateral and collateral for SFTs, with the exception of on-balance-sheet derivative and SFT assets that are covered in subsections two and three below.
20.On-balance-sheet, non-derivative assets are included in the leverage ratio exposure measure at their accounting values less deductions for associated specific provisions. In addition, general provisions or general loan loss reserves, which have reduced Tier 1 capital, may be deducted from the leverage ratio exposure measure.
21.Regular-way purchases or sales of financial assets that have not been settled (hereafter “unsettled trades”) can be accounted for either on the trade date (trade date accounting) or on the settlement date (settlement date accounting). For the purpose of the leverage ratio exposure measure, banks using trade date accounting must reverse out any offsetting between cash receivables for unsettled sales and cash payables for unsettled purchases of financial assets that may be recognized under the applicable accounting framework, but may offset between those cash receivables and cash payables (regardless of whether such offsetting is recognized under the applicable accounting framework) if the following conditions are met:
- •the financial assets bought and sold that are associated with cash payables and receivables are fair valued through income and included in the bank’s regulatory trading book; and
- •the transactions of the financial assets are settled on a delivery-versus-payment basis.
Banks using settlement date accounting will be subject to the treatment set out in the off-balance sheet of this Standard.
22.Cash pooling refers to arrangements involving treasury products whereby a bank combines the credit and/or debit balances of several individual participating customer accounts into a single account balance to facilitate cash and/or liquidity management. For the purposes of the leverage ratio exposure measure, where a cash pooling arrangement entails a transfer at least on a daily basis of the credit and/or debit balances of the individual participating customer accounts into a single account balance, the individual participating customer accounts are deemed to be extinguished and transformed into a single account balance upon the transfer, provided the bank is not liable for the balances on an individual basis upon the transfer. When the transfer of credit and/or debit balances of the individual participating customer accounts does not occur daily, for purposes of the leverage ratio exposure measure, extinguishment and transformation into a single account balance is deemed to occur and this single account balance may serve as the basis of the leverage ratio exposure measure provided all of the following conditions are met:
- •in addition to providing for the several individual participating customer accounts, the cash pooling arrangement provides for a single account, into which the balances of all individual participating customer accounts can be transferred and thus extinguished;
- •the bank (i) has a legally enforceable right to transfer the balances of the individual participating customer accounts into a single account so that the bank is not liable for the balances on an individual basis and (ii) at any point in time, the bank must have the discretion and be in a position to exercise this right;
- •the Central Bank does not deem as inadequate the frequency by which the balances of individual participating customer accounts are transferred to a single account;
- •there are no maturity mismatches among the balances of the individual participating customer accounts included in the cash pooling arrangement or all balances are either overnight or on demand; and
- •the bank charges or pays interest and/or fees based on the combined balance of the individual participating customer accounts included in the cash pooling arrangement.
In the event the abovementioned conditions are not met, the individual balances of the participating customer accounts must be reflected separately in the leverage ratio exposure measure.

2. Derivative Exposures
23.In general, for the purpose of the leverage ratio exposure measure, exposures for derivatives are calculated in accordance with the Central Bank’s Standard for Counterparty Credit Risk Capital through the two components of replacement cost (RC) and PFE, as follows:
Exposure measure = (RC + PFE) × 1.4

Where, RC is Replacement Cost, and PFE is Potential Future Exposure.
24.Where a valid bilateral netting contract is in place, the exposure measure is calculated at the netting set level. However, contracts containing walkaway clauses are not eligible for netting for the purpose of calculating the leverage ratio exposure measure pursuant to this Standards.
25.The PFE for derivative exposures must be calculated in accordance with the Central Bank’s Standard for Counterparty Credit Risk Capital. Mathematically:
PFE = (PFE multiplier) × (AddOn_agg)

where PFE multiplier is as specified in the Standards, and
AddOn_agg is the aggregate Add On for derivatives exposure as specified in the Standards.
However, for the purposes of this Standards, the PFE multiplier from the Standards is fixed at a value of one. Therefore, for the purposes of calculating derivatives exposure for the leverage ratio, PFE is simply equal to the aggregate Add On.
26.Derivative transactions in which a bank sells protection using a written credit derivative are included in this exposure measure as derivatives, but may also create an additional credit exposure that is included as exposure for purposes of the leverage ratio, as set out below in this Standards.
27.As a general principle of the leverage ratio framework, collateral received may not be netted against derivative exposures. Hence, when calculating the exposure amount as set forth above, a bank must not reduce the leverage ratio exposure measure amount by any collateral received from the counterparty. However, the maturity factor in the PFE add-on calculation can recognize the PFE-reducing effect from the regular exchange of VM.
28.Similarly, with regard to collateral provided, banks must gross up their leverage ratio exposure measure by the amount of any derivatives collateral provided where the provision of that collateral has reduced the value of their balance sheet assets under their operative accounting framework.
29.For purposes of this standards, RC of a transaction or netting set is measured as follows:
RC = max(V - CVMr, +CVMp, 0)
where:
V is the market value of the individual derivative transaction or of the derivative transactions in a netting set;
CVMr is the cash VM received that meets the conditions set out below and for which the amount has not already reduced the market value of the derivative transaction V under the bank’s operative accounting standards; and
CVMp is the cash VM provided by the bank and that meets the same conditions.

2.a. Cash Variation Margin
30.In the treatment of derivative exposures for the purpose of the leverage ratio exposure measure, the cash portion of VM exchanged between counterparties may be viewed as a form of pre-settlement payment if the following conditions are met:
- •For trades not cleared through a QCCP, the cash received by the recipient counterparty is not segregated. Cash VM would satisfy the non-segregation criterion if the recipient counterparty has no restrictions by law, regulation, or any agreement with the counterparty on the ability to use the cash received (i.e. the cash VM received is used as its own cash).
- •VM is calculated and exchanged on at least a daily basis based on mark-to-market valuation of derivative positions. To meet this criterion, derivative positions must be valued daily and cash VM must be transferred at least daily to the counterparty or to the counterparty’s account, as appropriate. Cash VM exchanged on the morning of the subsequent trading day based on the previous, end-of-day market values would meet this criterion.
- •The VM is received in a currency specified in the derivative contract, governing master netting agreement (MNA), credit support annex to the qualifying MNA, or as defined by any netting agreement with a CCP.
- •VM exchanged is the full amount that would be necessary to extinguish the mark-to-market exposure of the derivative subject to the threshold and minimum transfer amounts applicable to the counterparty.
- •Derivative transactions and VM are covered by a single MNA between the legal entities that are the counterparties in the derivative transaction. The MNA must explicitly stipulate that the counterparties agree to settle net any payment obligations covered by such a netting agreement, taking into account any VM received or provided if a credit event occurs involving either counterparty. The MNA must be legally enforceable and effective in all relevant jurisdictions, including in the event of default and bankruptcy or insolvency. For the purposes of this paragraph, the term “MNA” includes any netting agreement that provides legally enforceable rights of offset and a Master MNA may be deemed to be a single MNA.
31.If the conditions in the paragraph above are met, the cash portion of VM received may be used to reduce the RC portion of the leverage ratio exposure measure, and the receivables assets from cash VM provided may be deducted from the leverage ratio exposure measure as follows:
- •In the case of cash VM received, the receiving bank may reduce the RC (but not the PFE component) of the exposure amount of the derivative asset.
- •In the case of cash VM provided to a counterparty, the posting bank may deduct the resulting receivable from its leverage ratio exposure measure where the cash VM has been recognized as an asset under the bank’s operative accounting framework, and instead include the cash VM provided in the calculation of the derivative RC.

2.b. Clearing-Related Exposures
32.Where a bank acting as CM offers clearing services to clients, the CM’s trade exposures to the CCP that arise when the CM is obligated to reimburse the client for any losses suffered due to changes in the value of its transactions in the event that the CCP defaults must be captured by applying the same treatment that applies to any other type of derivative transaction. However, if the CM, based on the contractual arrangements with the client, is not obligated to reimburse the client for any losses suffered in the event that a QCCP defaults, the CM need not recognize the resulting trade exposures to the QCCP in the leverage ratio exposure measure. In addition, where a bank provides clearing services as a “higher level client” within a multi-level client structure, the bank need not recognize in its leverage ratio exposure measure the resulting trade exposures to the CM or to an entity that serves as a higher level client to the bank in the leverage ratio exposure measure if it meets all of the following conditions:
- •The offsetting transactions are identified by the QCCP as higher level client transactions and collateral to support them is held by the QCCP and/or the CM, as applicable, under arrangements that prevent any losses to the higher level client due to: (i) the default or insolvency of the CM, (ii) the default or insolvency of the CM’s other clients, and (iii) the joint default or insolvency of the CM and any of its other clients;
- •The bank must have conducted a sufficient legal review (and undertake such further review as necessary to ensure continuing enforceability) and have a wellfounded basis to conclude that, in the event of legal challenge, the relevant courts and administrative authorities would find that such arrangements mentioned above would be legal, valid, binding and enforceable under relevant laws of the relevant jurisdiction(s);
- •Relevant laws, regulation, rules, contractual or administrative arrangements provide that the offsetting transactions with the defaulted or insolvent CM are highly likely to continue to be indirectly transacted through the QCCP, or by the QCCP, if the CM defaults or becomes insolvent. In such circumstances, the higher level client positions and collateral with the QCCP will be transferred at market value unless the higher level client requests to close out the position at market value; and
- •The bank is not obligated to reimburse its client for any losses suffered in the event of default of either the CM or the QCCP.
33.Where a client enters directly into a derivative transaction with the CCP and the CM guarantees the performance of its client’s derivative trade exposures to the CCP, the bank acting as the CM for the client to the CCP must calculate its related leverage ratio exposure resulting from the guarantee as a derivative exposure as if it had entered directly into the transaction with the client, including with regard to the receipt or provision of cash VM.
34.For the above treatment of clearing services, an entity affiliated to the bank acting as a CM may be considered a client if it is outside the relevant scope of regulatory consolidation at the level at which the leverage ratio is applied. In contrast, if an affiliate entity falls within the regulatory scope of consolidation, the trade between the affiliate entity and the CM is eliminated in the course of consolidation but the CM still has a trade exposure to the CCP. In this case, the transaction with the CCP will be considered proprietary and must be included in the leverage ratio exposure measure.

2.c. Written Credit Derivatives
35.In addition to the CCR exposure arising from the fair value of the contracts, written credit derivatives create a notional credit exposure arising from the creditworthiness of the reference entity. Therefore, written credit derivatives must be treated consistently with cash instruments (e.g. loans, bonds) for the purposes of the leverage ratio exposure measure.
36.The effective notional amount referenced by a written credit derivative is to be included in the leverage ratio exposure measure unless the written credit derivative is included in a transaction cleared on behalf of a client of the bank acting as a CM (or acting as a clearing services provider in a multi-level client structure) and the transaction meets the requirements for the exclusion of trade exposures to the QCCP (or, in the case of a multi- level client structure, the requirements for the exclusion of trade exposures to the CM or the QCCP). The “effective notional amount” is obtained by adjusting the notional amount to reflect the true exposure of contracts that are leveraged or otherwise enhanced by the structure of the transaction. Further, the effective notional amount of a written credit derivative may be reduced by any negative change in fair value amount that has been incorporated into the calculation of Tier 1 capital with respect to the written credit derivative.
The resulting amount may be further reduced by the effective notional amount of a purchased credit derivative on the same reference name, provided that:
- •the credit protection purchased through credit derivatives is otherwise subject to the same or more conservative material terms as those in the corresponding written credit derivative. Material terms include the level of subordination, optionality, credit events, reference and any other characteristics relevant to the valuation of the derivative;
- •the remaining maturity of the credit protection purchased through credit derivatives is equal to or greater than the remaining maturity of the written credit derivative;
- •the credit protection purchased through credit derivatives is not purchased from a counterparty whose credit quality is highly correlated with the value of the reference obligation;
- •in the event that the effective notional amount of a written credit derivative is reduced by any negative change in fair value reflected in the bank’s Tier 1 capital, the effective notional amount of the offsetting credit protection purchased through credit derivatives must also be reduced by any resulting positive change in fair value reflected in Tier 1 capital; and
- •the credit protection purchased through credit derivatives is not included in a transaction that has been cleared on behalf of a client (or that has been cleared by the bank in its role as a clearing services provider in a multi-level client services structure) and for which the effective notional amount referenced by the corresponding written credit derivative is excluded from the leverage ratio exposure measure according to this paragraph.
37.For the purposes of the leverage ratio, the term “written credit derivative” refers to a broad range of credit derivatives through which a bank effectively provides credit protection and is not limited solely to credit default swaps and total return swaps. When written options create a similar potential credit exposure to an underlying entity, that credit exposure also must be included in the leverage ratio exposure.
38.For the purposes of the leverage ratio, two reference names are considered to be the same only if they refer to the same legal entity.
39.Credit protection on a pool of reference names purchased through credit derivatives may offset credit protection sold on individual reference names if the credit protection purchased is economically equivalent to purchasing credit protection separately on each of the individual names in the pool. If a bank purchases credit protection on a pool of reference names through credit derivatives, but the credit protection purchased does not cover the entire pool (i.e. the protection covers only a subset of the pool, as in the case of an nth-to- default credit derivative or a securitization tranche), then the written credit derivatives on the individual reference names may not be offset. However, such purchased credit protection may offset written credit derivatives on a pool provided that the credit protection purchased through credit derivatives covers the entirety of the subset of the pool on which the credit protection has been sold.
40.Where a bank purchases credit protection through a total return swap and records the net payments received as net income, but does not record offsetting deterioration in the value of the written credit derivative (either through reductions in fair value or by an addition to reserves) in Tier 1 capital, the credit protection will not be recognized for the purpose of offsetting the effective notional amounts related to written credit derivatives.
41.Banks may choose to exclude from the netting set for the PFE calculation the portion of a written credit derivative which is not offset and for which the effective notional amount is included in the leverage ratio exposure measure.

3. Securities Financing Transaction Exposures
42.SFTs are included in the leverage ratio exposure measure according to the treatment described below.

3.a. General Treatment (Bank Acting as Principal)
43.For a bank acting as principal to an SFT, two components of exposure must be calculated, summed, and included in the leverage ratio exposure measure: adjusted gross SFT assets as described in the following paragraph, and a measure of CCR, as described below.
44.Gross SFT assets as recognized for accounting purposes (i.e. with no recognition of accounting netting) should be reduced by the value of any securities received under an SFT where the bank has recognized the securities as an asset on its balance sheet. In addition, cash payables and cash receivables in SFTs with the same counterparty may be measured net if all the following criteria are met:
- •The transactions have the same explicit final settlement date (transactions with no explicit end date but that can be unwound at any time by either party to the transaction are not eligible);
- •The right to set off the amount owed to the counterparty with the amount owed by the counterparty is legally enforceable both currently in the normal course of business and in the event of the counterparty’s default, insolvency, or bankruptcy; and
- •The counterparties intend to settle net, settle simultaneously, or the transactions are subject to a settlement mechanism that results in the functional equivalent of net settlement – that is, the cash flows of the transactions are equivalent, in effect, to a single net amount on the settlement date. To achieve such equivalence, both transactions must be settled through the same settlement system and the settlement arrangements must be supported by cash and/or intraday credit facilities intended to ensure that settlement of both transactions will occur by the end of the business day and that any issues arising from the securities legs of the SFTs do not interfere with the completion of the net settlement of the cash receivables and payables. If there is a failure of the securities leg of a transaction in such a mechanism at the end of the window for settlement in the settlement mechanism, then this transaction and its matching cash leg must be split out from the netting set and treated gross.
45.A bank must add a measure of CCR for SFTs to the adjusted gross SFT assets as calculated per the previous paragraph. The CCR measure is calculated as current exposure without an add-on for PFE, with current exposure calculated as follows:
- •Where a qualifying MNA is in place, the current exposure (E*) is the greater of zero and the total fair value of securities and cash lent to a counterparty for all transactions included in the qualifying MNA (∑E_i), less the total fair value of cash and securities received from the counterparty for those transactions (∑C_i). This is illustrated in the following formula:
  E* = max {0, [∑Ei – ∑Ci]}
  Where, E* = current exposure,
  ∑Ei = total fair value of securities and cash lent to counterparty “i” and
  ∑Ci = total fair value of securities and cash received from “i”
- •Where no qualifying MNA is in place, the current exposure for transactions with a counterparty must be calculated on a transaction-by-transaction basis – that is, each transaction is treated as its own netting set, as shown in the following formula:
  E* = max {0, [E – C]}
  where E* = current exposure,
  E = total fair value of securities and cash lent in the transaction, and C = total fair value of securities and cash received in the transaction.
E* may be set to zero if E is the cash lent to a counterparty, the transaction is treated as its own netting set, and the associated cash receivable is not eligible for the netting treatment in paragraph 45. For the purposes of this subparagraph, the term “counterparty” includes not only the counterparty of the bilateral repo transactions but also triparty repo agents that receive collateral in deposit and manage the collateral in the case of triparty repo transactions. Therefore, securities deposited at triparty repo agents are included in “total value of securities and cash lent to a counterparty”
(E) up to the amount effectively lent to the counterparty in a repo transaction. However, excess collateral that has been deposited at triparty agents but that has not been lent out may be excluded.

3.b. Sale Accounting Transactions
46.Where sale accounting is achieved for an SFT under the bank’s operative accounting framework, the bank must reverse all sales-related accounting entries, and then calculate its exposure as if the SFT had been treated as a financing transaction under the operative accounting framework (i.e. the bank must include the sum of amounts in paragraphs 45 and 46 for such an SFT) for the purpose of determining its leverage ratio exposure measure.

3.c. Bank Acting as Agent
47.If a bank acting as agent in an SFT provides an indemnity or guarantee to only one of the two parties involved, and only for the difference between the value of the security or cash its customer has lent and the value of collateral the borrower has provided, the bank is exposed to the counterparty of its customer for the difference in values rather than to the full exposure to the underlying security or cash of the transaction.
48.Where a bank acting as agent in an SFT provides an indemnity or guarantee to a customer or counterparty for any difference between the value of the security or cash the customer has lent and the value of collateral the borrower has provided and the bank does not own or control the underlying cash or security resource, then the bank will be required to include a measure of CCR in its leverage ratio exposure measure by applying paragraph 46.
49.A bank acting as agent in an SFT and providing an indemnity or guarantee to a customer or counterparty will be considered eligible for the exceptional treatment set out in the paragraph above only if the bank’s exposure to the transaction is limited to the guaranteed difference between the value of the security or cash its customer has lent and the value of the collateral the borrower has provided. In situations where the bank is further economically exposed (i.e. beyond the guarantee for the difference) to the underlying security or cash in the transaction, a further exposure equal to the full amount of the security or cash must be included in the leverage ratio exposure measure.
50.Where a bank acting as agent provides an indemnity or guarantee to both parties involved in an SFT (i.e. securities lender and securities borrower), the bank will be required to calculate its leverage ratio exposure measure separately for each party involved in the transaction.

3.d. Netting for SFTs
51.The effects of bilateral netting agreements for covering SFTs will be recognized on a counterparty-by-counterparty basis if the agreements are legally enforceable in each relevant jurisdiction upon the occurrence of an event of default and regardless of whether the counterparty is insolvent or bankrupt. In addition, netting agreements must:
- •provide the non-defaulting party with the right to terminate and close out in a timely manner all transactions under the agreement upon an event of default, including in the event of insolvency or bankruptcy of the counterparty;
- •provide for the netting of gains and losses on transactions (including the value of any collateral) terminated and closed out under it so that a single net amount is owed by one party to the other;
- •allow for the prompt liquidation or setoff of collateral upon the event of default; and
- •be legally enforceable in each relevant jurisdiction upon the occurrence of an event of default regardless of the counterparty’s insolvency or bankruptcy.
52.Netting across positions held in the banking book and trading book will only be recognized when all netted transactions are marked to market daily, and the collateral instruments used in the transactions are recognized as eligible financial collateral in the banking book.

4. Off-Balance-Sheet Items
53.Off-balance sheet items include commitments (including liquidity facilities), whether or not unconditionally cancellable, direct credit substitutes, acceptances, standby letters of credit and trade letters of credit. If the off-balance sheet item is treated as a derivative exposure per the bank’s relevant accounting standards, then the item must be measured as a derivative exposure for the purpose of the leverage ratio exposure measure.
54.For the purposes of the leverage ratio, off-balance sheet items will be converted into credit exposures by multiplying the committed but undrawn amount by a credit conversion factor (CCF).
55.A 100% CCF will be applied to the following items:
- •direct credit substitutes;
- •forward asset purchases, forward deposits and partly paid shares and securities, which represent commitments with certain drawdown;
- •the exposure amount associated with unsettled financial asset purchases (i.e. the commitment to pay) where regular-way unsettled trades are accounted for at settlement date. Banks may offset commitments to pay for unsettled purchases and cash to be received for unsettled sales provided that the following conditions are met:
  (i) the financial assets bought and sold that are associated with cash payables and receivables are fair valued through income and included in the bank’s regulatory trading book; and (ii) the transactions of the financial assets are settled on a delivery- versus-payment basis; and
- •Off-balance sheet items that are credit substitutes not explicitly included in any other category.
56.A 50% CCF will be applied to note issuance facilities and revolving underwriting facilities regardless of the maturity of the underlying facility.
57.A 50% CCF will be applied to certain transaction-related contingent items (e.g. performance bonds, bid bonds, warranties and standby letters of credit related to particular transactions).
58.A 40% CCF will be applied to commitments, regardless of the maturity of the underlying facility, unless they qualify for a lower CCF.
59.A 20% CCF will be applied to both the issuing and confirming banks of short-term (i.e. with a maturity below one year), self-liquidating trade letters of credit arising from the movement of goods.
60.A 10% CCF will be applied to commitments that are unconditionally cancellable at any time by the bank without prior notice, or that effectively provide for automatic cancellation due to deterioration in a borrower’s creditworthiness. As appropriate, the Central Bank may apply a higher CCF to certain commitments provided that constraints on a bank’s ability to cancel such commitments are observed.
61.Where there is an undertaking to provide a commitment on an off-balance-sheet item, banks are to apply the lower of the two applicable CCFs.
62.Off-balance sheet securitization exposures must be treated in accordance with the Central Bank’s requirements on securitizations as stated in applicable regulations and standards.
63.In addition, specific and general provisions set aside against off-balance sheet exposures that have decreased Tier 1 capital may be deducted from the credit exposure equivalent amount of those exposures (i.e. the exposure amount after the application of the relevant CCF). However, the resulting total off-balance-sheet equivalent amount for off-balance sheet exposures cannot be less than zero.

IV. Review and Audit Requirements
64.Bank calculations under this Standard and associated bank processes must be subject to appropriate levels of independent review and challenge. Reviews must cover material aspects of the calculations under this Standards, including but not limited to the computation of Tier 1 capital, the measurement of on-balance-sheet, derivative, SFT, and off-balance-sheet exposures, any netting, deductions, or offsets applied in the process, and the accuracy for all components of the leverage calculation reported to the Central Bank as part of regulatory reporting.
65.Banks must meet the minimum leverage ratio requirement at all times. For the purpose of disclosure requirements, banks must calculate the leverage ratio on a quarter-end basis to prevent potential regulatory arbitrage by banks and temporary reductions of transaction volumes in key financial markets around reference dates with the aim of reporting and publicly disclosing elevated leverage ratios. Such leverage ratios are misleading, suggesting that a bank’s reliance on debt to fund its activities is deceptively less than the actual amounts between the reference dates. This misleads stakeholders about its true resilience, and risks disrupting the operations of financial markets.
Accordingly, in evaluating its leverage ratio exposure, a bank should assess the volatility of transaction volumes throughout reporting periods, and the effect on its leverage ratio requirements. Banks should also desist from undertaking transactions with the sole purpose of reporting and disclosing higher leverage ratios at reporting days only.

V. Shari’ah Implementation
66.Banks offering Islamic financial services engaging in Shari’ah compliant leverage practices as approved by their internal Shari’ah control committees should calculate the leverage ratio capital in accordance with provisions set out in these standards & guidance and in the manner acceptable by Shari’ah. This is applicable until relevant standards and/or guidance in respect of these transactions are issued specifically for banks offering Islamic financial services

VI. List of Abbreviations

ABCP:	Asset-Backed Commercial Paper
AED:	Arab Emirates Dirham
AIIB:	Asian Infrastructure Investment Bank (AIIB)
ASA:	Alternative Standardised Approach
Avg RW_fund:	Average Risk Weight for an investment fund
BCBS:	Basel Committee on Banking Supervision
BIA:	Basic Indicator Approach
CBR:	Combined Buffer Requirement
CCF	Credit Conversion Factor
CCP	Central Counterparty
CCR:	Counterparty Credit Risk
CDO	Collateralized Debt Obligation
CDS	Credit Default Swap
CM	Clearing Member
CPMI	Committee on Payments and Market Infrastructures
CRM:	Credit Risk Mitigation
CVA:	Credit Valuation Adjustment
DvP:	Delivery-Versus-Payment
EAD:	Exposure at Default
ECAI:	External Credit Assessment Institution
EIF:	European Investment Fund
ESFS:	European Financial Stability Facility
ESM:	European Stability Mechanism
FBA:	Fall-back Approach
FRA:	Forward Rate Agreements
GRE:	Government related Entities
IBRD:	International Bank for Reconstruction and Development
ICA	Independent Collateral Amount
IDA:	International Development Association
IFC:	International Finance Corporation
IFFIm:	International Finance Facility for Immunization
IFRS:	International Financial Reporting Standards
IOSCO	International Organization of Securities Commissions
LTA:	Look-Through Approach
LTV:	Loan to Value Ratio
MBA:	Mandate-Based Approach
MDBs:	Multilateral Development Banks
MF	Maturity Factor
MIGA:	Multilateral Investment Guarantee Agency
MNA	Master Netting Agreement
MPOR	Margin Period of Risk
NCV	Net Current Value
NIB:	Nordic Investment Bank
NICA	Net Independent Collateral Amount
OTC:	Over the Counter
PFE:	Potential Future Exposure
PSEs:	Public Sector Entities
PvP:	Payment-Versus-Payment
QCCP	Qualifying Central Counterparty
RC	Replacement Cost
RWA:	Risk Weighted Assets
SA:	Standardised Approach
SA-CCR:	Standardized Approach - Counterparty Credit Risk
SD	Supervisory Duration
SDR:	Special Drawing Rights
SEC-ERBA:	Securitisation External Ratings Based Approach
SEC-SA:	Securitisation Standardized Approach
SFT	Securities Financing Transaction
SME:	Small- and Medium-sized Entities
SNE	Single-Name Exposure
SPE:	Special Purpose Entity
STC:	Simple, Transparent, and Comparable
UAE:	United Arab Emirates
UCITS:	Undertakings for Collective Investments in Transferable Securities
VM	Variation Margin
VU:	Variation of the Underlying of an option

Guidance for Capital Adequacy of Banks in the UAE
C 52/2017 STA Effective from 1/4/2021

Introduction and Scope
This document articulates all guidance that have been drafted for banks in the UAE with regards to capital.
The Guidance is based closely on requirements of the framework for capital adequacy developed by the Basel Committee on Banking Supervision.
This Guidance should be read in conjunction with the associated Standards issued by the Central Bank (Standards for Capital Adequacy of Banks in the UAE - October 2019).

Pillar 1

I. Tier Capital Supply

Introduction
This guidance explains how banks can comply with the Tier Capital Supply Standard. It must be read in conjunction with the Capital Regulation and Standards for Capital Adequacy of Banks in the UAE. Guidance regarding Minimum Capital Requirement and Capital buffer as stated in the document have to be followed by all banks for the purpose of regulatory compliance.
1.To help and ensure a consistent and transparent implementation of Capital supply standards, Central Bank will review and update this guidance document periodically.
2.The guidance document has structured into six main sections
1. 1.Scope of Application
2. 2.Eligible capital
3. 3.Regulatory adjustments
4. 4.Threshold deductions
5. 5.Significant investment in commercial entities
6. 6.Frequently Asked Questions

1. Scope of Application
3.“Financial activities” do not include insurance activities and “financial entities” do not include insurance entities.
4.Examples of the types of activities that financial entities might be involved in include financial leasing, issuing credit cards, portfolio management, investment advisory, custodial and safekeeping services and other similar activities that are ancillary to the business of banking
Treatment of investment in Insurance Entities
5.Insurance subsidiaries are to be deconsolidated for regulatory capital purposes (i.e. all equity, assets, liabilities and third-party capital investments in such insurance entities are to be removed from the bank’s balance sheet) and the book value of the investment in the subsidiary is to be included in the aggregate investments.
6.Investments in the capital of insurance entities where the bank owns more than 10% of the insurance entity’s common share capital will be subject to the “Threshold deductions” treatment. Amounts below the threshold that are not deducted are to be risk weighted at 250 %.
(Investments in insurance entities wherein ownership is greater than 10% will also include insurance subsidiaries)

2. Eligible Capital

Accumulated Other Comprehensive Income and Other Disclosed Reserve
7.For unrealized fair value reserves relating to financial instruments to be included in CET1 capital banks and their auditor must only recognize such gains or losses that are prudently valued and independently verifiable (e.g. by reference to market prices). Prior prudent valuations, and the independent verification thereof, are mandatory.
8.The amount of cumulative unrealized losses arising from the changes in fair value of financial instruments, including loans/financing and receivables, classified as “available-for-sale” shall be fully deducted in the calculation of CET1 Capital.
9.Revaluation reserves or cumulative unrealized gains shall be added to CET 1 with a haircut of 55%.
10.The amount of cumulative unrealized gains arising from the changes in the fair value or revaluation of bank’s own premises and real estate investment are not allowed to be included as part of Asset Revaluation reserve for regulatory purposes.
11.IFRS9 will be implemented during 2018. Banks that are impacted significantly from the implementation of IFRS9 may approach the Central Bank to apply for a transition period for the IFRS9 impact. Such applications will be analysed and considered on a case-by-case basis.

Retained Earnings
12.The amount reported under accumulated retained earnings (5.1.4.1) should be as per the audited financial statement at year end and should remain the same for the entire financial year.
13.Current financial year’s/quarter’s profits can only be taken into account after they are properly audited/ reviewed by the external auditors of the bank. Current financial years /quarter’s loss if incurred have to be deducted from the capital.
14.Dividend expected/ proposed for the financial year should be reported under 5.1.4.3 and will be deducted from Retained Earnings/ (Loss) (5.1.4). Expected dividend applies only for Q4 until dividend is actually paid.
15.The dividend deduction must be updated based on each of the following events, if the amount changes, after Annual General meeting, or the approval from the Central Ban, or the release of the Financial Statements by the auditors.
16.Other adjustments to the Retained Earnings includes
1. a.Prudential filter: Partial addback of ECL in accordance with the Regulation Regarding Accounting Provisions and Capital Requirements - Transitional Arrangements should be reported under 5.1.4.4 IFRS transitional arrangement.
2. b.CBUAE Regulatory deductions:
  1. i.Amount exceeding Large Exposure threshold: Any amount that is in violation of Large Exposure regulation of notice 300/2013 shall be deducted from the capital. Any amount deducted from CET1 under 5.1.4.5 of the BRF 95 due to a Large Exposure violation of notice no.226/2018 may be excluded for the calculation of risk weighted assets. However, amounts that are not deducted must be included in risk weighted assets. Furthermore, any counterparty credit risk (under CR2a) associated with such exposure must remain included in the calculation of risk weighted asset.
  2. ii.Loans to directors: The circular 83/2019 on Corporate Governance regulations for Banks, under the article (6) “Transaction with Related parties” requires if the transaction with the related parties are not provided on arm’s length basis, then on general or case by case basis, deduct such exposure from capital. The deduction should be reported under 5.1.4.5 of the BRF 95.

Capital Buffers - Countercyclical Buffer
17.The buffer for internationally active banks will be a weighted average of the buffers deployed across all the jurisdictions to which it has credit exposures. The buffer that will apply to each bank will reflect the geographic composition of its portfolio of credit exposures. When considering the jurisdiction to which a private sector credit exposure relates, banks should use, where possible, an ultimate risk basis; i.e. it should use the country where the guarantor of the exposure resides, not where the exposure has been booked.
18.Banks will have to look at the geographic location of their private sector credit exposures (including non-bank financial sector exposures) and calculate their countercyclical capital buffer requirement as a weighted average of the buffers that are being applied in jurisdictions to which they have an exposure. Credit exposures in this case include all private sector credit exposures that attract a credit risk capital charge or the risk weighted equivalent trading book capital charges for specific risk and securitisation.
19.The weighting applied to the buffer in place in each jurisdiction will be the bank’s total credit risk charge that relates to private sector credit exposures in that jurisdiction, divided by the bank’s total credit risk charge that relates to private sector credit exposures across all jurisdictions. Banks must determine whether the ultimate counterparty is a private sector exposure, as well as the location of the “ultimate risk”, to the extent possible.
20.The charge for the relevant portfolio should be allocated to the geographic regions of the constituents of the portfolio by calculating the proportion of the portfolio’s total credit exposure arising from credit exposure to counterparties in each geographic region.
Please refer to Question 15 of the FAQs below for further guidance and examples of countercyclical buffers.

3. Regulatory Adjustments

Goodwill and Other Intangibles
21.Intangible assets typically do not generate any cash flows and hence their value, when a bank is in need of immediate additional capital to absorb losses, is uncertain. For this reason, all intangible assets are deducted from CET1 (5.1.8.1).
22.From regulatory perspective, goodwill and intangible assets have the same meaning as under IFRS.
23.Capitalized software costs that is not “integral to hardware” is to be treated as an intangible asset and software that is “integral to hardware” is to be treated as property, plant and equipment (i.e. as a fixed asset).
24.The amount of intangible assets to be deducted should be net of any associated deferred tax liability (DTL) that would be extinguished if the asset became impaired or derecognised under the applicable accounting standards.
25.Goodwill and intangible assets that are deducted from CET1, they are excluded from the calculation of RWA for credit risk exposure value.

Deferred Tax Assets
26.Deferred tax assets (DTAs) typically arise when a bank:
1. •suffers a net loss in a financial year and is permitted to carry forward this loss to offset future profits when calculating its tax bill (net losses carried forward)
2. •has to reduce the value of an asset on the balance sheet, but this 'loss in value' is not recognised by the tax authorities until a future period (temporary timing difference)
27.DTAs arising from net losses carried forward have to be deducted in full from a bank's CET1 (5.1.8.2). This recognises that their value can only be derived through the existence of future taxable income. On the other hand, a DTA relying on future profitability and arising from temporary timing differences is subject to the 'threshold deduction rule' (5.1.9.2).

4. Threshold Deduction
28.The purpose of calculating the threshold is to limit the significant investments in the common shares of unconsolidated financial institutions (banks, insurance and other financial entities) and deferred tax assets (arising from temporary differences) to 15% of the CET1 after all deduction (Deduction includes regulatory deductions and the amount of significant investments in the common shares of unconsolidated financial institutions and deferred tax assets in full).
29.Therefore, significant investments in the common shares of unconsolidated financial institutions and deferred tax assets may receive limited recognition of 10% CET1 individually (CET after regulatory adjustment outlined in section 3 of the Tier Capital Supply Standard).
30.The amount that is recognised will receive risk weight of 250% and the remaining amount will be deducted.
See Appendix 5 for an example.

5. Significant Investment in Commercial Entities
31. For purposes of this section, 'significant investments' in a commercial entity is defined as any investment in the capital instruments of a commercial entity by a bank which is equivalent to or more than 10% of CET 1 of the bank (after application of regulatory and threshold deduction). See Appendix 3 for an example.

6. Frequently Asked Questions
Question 1: When will the Standards, Guidance and Template with regards to Solo reporting be issued by the Central Bank?
The Central Bank will issue all related material regarding Solo reporting during 2020. Formal communication will be issued in advance.
Question 2: What is meant by the book value of an investment?
The book value of an investment shall be in accordance with the applicable accounting framework (IFRS). This valuation must be accepted by an external auditor.
Question 3: Are capital shortfalls of non-consolidated insurance companies to be deducted from CET1?
Yes, any capital shortfall on a company has to be deducted.
Question 4: If the Bank meets minimum CET1 ratios can the excess CET1 also be counted to meet AT1 and Total CAR?
Yes.
Question 5: Please clarify whether minority interest related to any other regulated financial entity (which is not a bank) should be included or not.
Only minority interest of the subsidiary that are subject to the same minimum prudential standards and level of supervision as a bank be eligible for inclusion in the capital.
Question 6: Is the bank able to include the profit & loss in the year-end CAR calculation before the issuance of the audited financial statements?
Bank may include interim profit/ yearend profit in CET1 capital only if reviewed or audited by external auditors. Furthermore, the expected dividend should be deducted in Q4.
Question 7: Is subordinated Debt currently considered Tier 2 as per Basel III, hence no amortization is required?
Grandfathering rule plus amortization in last 5 years - refer to Standards for Capital Adequacy of banks in UAE, Tier Capital Supply Standard- paragraph 27 (iv)(b) . Reference should also be made to the Tier Capital Instruments Standards.
Question 8: Do dividends need to be deducted from CET1 after the proposal from the Board or after Central Bank approval or after approval from shareholders at the Annual General Meeting?
Please refer to Question 6
Question 9: How do you treat goodwill and intangible assets arising on an insurance subsidiary? Should it be considered since the standards mentions insurance subsidiaries are to be completely deconsolidated and hence there will be no goodwill?
Goodwill and other intangible must be deducted in the calculation of CET1. In particular deduction is also applied to any goodwill included in the valuation of significant investments in the capital of banking, financial and insurance entities that are outside the scope of consolidation.
Question 10: Subsidiaries which are used for providing manpower services at cost, should these be classified as commercial entities or financial entities?
A non-financial sector entity is an entity that is not:
1. a)a financial sector entity; or
2. b)a direct extension of banking; or
3. c)ancillary to banking; or
4. d)leasing, factoring, the management of unit trusts, the management of data processing services or any other similar services"
Question 11: Obtain an understanding to the timeline by when the Central Bank may advise specific Banks of specific countercyclical buffers?
The underlying process for the implementation of countercyclical buffers will be set and communicated during 2018
Question 12: Criterion 4 for Additional Tier 1 capital. Can the Central Bank give additional guidance on what will be considered to be an incentive to redeem?
The following list provides some examples of what would be considered to be an incentive to redeem:
A call option combined with an increase in the credit spread of the instrument if the call is not exercised.
A call option combined with a requirement or an investor option to convert the instrument into shares if the call is not exercised.
A call option combined with a change in reference rate where the credit spread over the second reference rate is greater than the initial payment rate less the swap rate (ie the fixed rate paid to the call date to receive the second reference rate). For example, if the initial reference rate is 0.9%, the credit spread over the initial reference rate is 2% (ie the initial payment rate is 2.9%), and the swap rate to the call date is 1.2%, a credit spread over the second reference rate greater than 1.7% (2.9-1.2%) would be considered an incentive to redeem.
Conversion from a fixed rate to a floating rate (or vice versa) in combination with a call option without any increase in credit spread will not in itself be viewed as an incentive to redeem. However, as required by criteria 5, the bank must not do anything that creates an expectation that the call will be exercised.
The above is not an exhaustive list of what is considered an incentive to redeem and so banks should seek guidance from Central Bank on specific features and instruments. Banks must not expect Central Bank to approve the exercise of a call option for the purpose of satisfying investor expectations that a call will be exercised.
Question 13: Criteria 4 and 5 for Additional Tier 1 capital. An instrument is structured with a first call date after 5 years but thereafter is callable quarterly at every interest payment due date (subject to supervisory approval). The instrument does not have a step-up. Does instrument meet criteria 4 and 5 in terms of being perpetual with no incentive to redeem?
Criterion 5 allows an instrument to be called by an issuer after a minimum period of 5 years. It does not preclude calling at times after that date or preclude multiple dates on which a call may be exercised. However, the specification of multiple dates upon which a call might be exercised must not be used to create an expectation that the instrument will be redeemed at the first call date, as this is prohibited by criterion.
Question 14: Can an option to call the instrument after five years but prior to the start of the amortisation period viewed as an incentive to redeem?
No, it can’t be viewed as an incentive to redeem.
Question 15: With regards to countercyclical buffer, what are “private sector credit exposures”? What does “geographic location” mean? How should the geographic location of exposures on the banking book and the trading book be identified? What is the difference between (the jurisdiction of) “ultimate risk” and (the jurisdiction of) “immediate counterparty” exposures?
“Private sector credit exposures” refers to exposures to private sector counterparties which attract a credit risk capital charge in the banking book, and the risk weighted equivalent trading book capital charges for specific risk, the incremental risk charge, and securitisation. Interbank exposures and exposures to the public sector are excluded, but non-bank financial sector exposures are included. The geographic location of a bank’s private sector credit exposures is determined by the location of the counterparties that make up the capital charge, irrespective of the bank’s own physical location or its country of incorporation. The location is identified according to the concept of “ultimate risk”. The geographic location identifies the jurisdiction that has announced countercyclical capital buffer add-on rate is to be applied by the bank to the corresponding credit exposure, appropriately weighted
The concepts of “ultimate risk” and “immediate risk” are those used by the BIS' International Banking Statistics. The jurisdiction of “immediate counterparty” refers to the jurisdiction of residence of immediate counterparties, while the jurisdiction of “ultimate risk” is where the final risk lies. For the purpose of the countercyclical capital buffer, banks should use, where possible, exposures on an “ultimate risk” basis.
For example, a bank could face the situation where the exposures to a borrower is in one jurisdiction (country A), and the risk mitigant (e.g. guarantee) is in another jurisdiction (country B). In this case, the “immediate counterparty” is in country A, but the “ultimate risk” is in country B. This means that if the bank has a debt claim on an investment vehicle, the ultimate risk exposure should be allocated to the jurisdiction where the vehicle (or if applicable, its parent/guarantor) resides. If the bank has an equity claim, the ultimate risk exposure should be allocated proportionately to the jurisdictions where the ultimate risk exposures of the vehicle resides.

Appendix

Appendix 1: Banking, Securities, Insurance and Other Financial Entities - Significant Investment (Ownership in the Entity More Than 10%)

Significant investment (ownership in the entity more than 10% )
Entity	Entity activity	Investment Classification	Listed/Unlisted	Bank's ownership in the entity (% of Holding)	Investment Amount
A	Banking	Banking Book	Listed	40%	60
B	Insurance	Banking Book	Listed	18%	35
C	Securities	Banking Book	Unlisted	16%	28
D	Banking	Trading Book	Listed	11%	18
a. Total significant investment (Banking, Securities, insurance and other financial entities)					141
b. Bank's CET1 (after applying all the regulatory deduction except section 3.9 and 3.10 of the Tier Capital Supply Standard)					1000
c. Limit (10 % of bank's CET1)					100
d. Amount to be deducted from bank's CET1					41
e. Amount not deducted to considered for aggregate threshold deduction					100

The remaining amount of 100 is to be distributed amongst the investments on a pro rata / proportionate basis and risk weighted at 250% (assuming no threshold deduction apply).The total of 250 RWA (100 *250%) will be distributed as follows.

Entity	Investment Classification	Investment Amount	as a % of all such investment	Calculation of amount not deducted to be risk weighted	Risk weight	RWA	Section
A	Banking Book	60	42%	43 (100 x 43%)	250%	106.38	Credit Risk
B	Banking Book	35	25%	25 (100 x 25%)	250%	62.06	Credit Risk
C	Banking Book	28	20%	20 (100 x 20%)	250%	49.65	Credit Risk
D	Trading Book	18	13%	13 (100 x 13%)	Equity Risk - Market risk section
		141	100%	100

Appendix 2: Banking, Securities, Insurance and Other Financial Entities - Investment with Ownership Not More Than 10%

Investment (ownership not more than 10%)
Entity	Entity activity	Investment Classification	Listed/Unlisted	Bank's ownership in the entity (% of Holding)	Investment Amount
E	Banking	Banking Book	Listed	10%	50
F	Banking	Trading Book	Listed	3%	11
G	Securities	Banking Book	Unlisted	8%	40
H	Insurance	Banking Book	Listed	2%	9
a.Total investment (Banking, Securities, insurance and other financial entities)					110
b. Bank's CET1 (after applying all the regulatory deduction except section 3.9 and 3.10 of the Tier Capital Supply Standards)					1000
c. Limit (10% of bank's CET1)					100
d. Amount to be deducted from bank's CET1 (a-c)					10
e. Amount not deducted to be risk weighted (Remaining amount) (a-d)					100

The remaining amount of 75 is to be distributed amongst the investments on a pro rata / proportionate basis and risk weighted as stated below

Entity	Investment Classification	Investment Amount	as a % of all such investment	Calculation of amount not deducted to be risk weighted	Listed/ Unlisted	Risk weight	RWA	Section
E	Banking Book	50	45.5%	45.50 (100 x 45.5 %)	Listed	100%	34.50	Credit Risk
F	Trading Book	11	10.0%	10 (100 x 10.00%)	Listed	Equity Risk - Market risk section
G	Banking Book	40	36.4%	36.4 (100 x 36.4%)	Unlisted	150%	40.50	Credit Risk
H	Banking Book	9	8.2%	8.2 (100 x 8.2%)	Listed	100%	6.00	Credit Risk
		110	100%	100

Appendix 3: Significant Investments in Commercial Entities.

Individual Investment Limit Check and its treatment
Bank's CET1 (after applying all the regulatory and threshold deduction)	1000
Individual Limit (10% of bank's CET1D)	100

Step 1: Individual Limit check

Significant investments in commercial entities
Entity	Entity activity	Investment Classification	Listed/ Unlisted	Investment Amount	Amount as a % of bank's CET1	Significant Investment	Amount to RW at 952%	Remaining amount
I	Commercial	Banking Book	Listed	140	14%	Yes	40	100
J	Commercial	Banking Book	Listed	120	12%	Yes	20	100
K	Commercial	Banking Book	Unlisted	110	11%	Yes	10	100
L	Commercial	Banking Book	Listed	115	12%	Yes	15	100
M	Commercial	Banking Book	Listed	75	8%	No		75
N	Commercial	Banking Book	Listed	45	5%	No		45
O	Commercial	Banking Book	Listed	50	5%	No		50
				655			85	570

Risk weighting at 952% on account of 10% threshold on individual basis is 85.

Step 2: Aggregate Limit check

Aggregate of remaining amount of investments after 10% deduction (entity I,J,K,L,M,N & O)	570
Aggregate Limit (25% of bank's CET1)	250
The amount to be risk-weighted at 952% based on the 25% threshold on aggregate basis	250
Remaining amount of investments to be risk-weighted under the applicable risk weighting rules (100% RW for listed and 150% unlisted)	320

Total amount to be risk weighted at 952%: 335 (85 + 250)

Appendix 4: Minority Interest Illustrative Example

This Appendix illustrates the treatment of minority interest and other capital issued out of subsidiaries to third parties, which is set out in section 2.7 of the Tier Capital Supply Standard (Paragraph 35 to 41).

A banking group consists of two legal entities that are both banks. Bank P is the parent, Bank S is the subsidiary, and their unconsolidated balance sheets are set out below

Bank P Balance sheet	Amount (AED)	Bank S Balance sheet	Amount (AED)
Assets		Assets
Loan to customers	100	Loan to customers	150
Investment in CET 1 of Bank S	7
Investment in AT1 of Bank S	4
Investment in T2 of Bank S	2
Total Assets	113	Total Assets	150
Liabilities and Equities		Liabilities and Equities
Depositors	70	Depositors	127
Common Equity (CET1)	26	Common Equity (CET1)	10
Additional Tier1 (AT1)	7	Additional Tier1 (AT1)	5
Tier 2	10	Tier 2	8
Total Liabilities and Equities	113	Total Liabilities and Equities	150

The balance sheet of Bank P shows that in addition to its loans to customers, it owns 70% of the common shares of Bank S, 80% of the Additional Tier 1 of Bank S and 25% of the Tier 2 capital of Bank S. The ownership of the capital of Bank S is therefore as follows:

Capital issued by Bank S
	Amount Issued to Parent	Amount Issued to third party	Total
Common Equity (CET1)	7	3	10
Additional Tier1 (AT1)	4	1	5
Tier 1	11	4	15
Tier 2	2	6	8
Total Capital (TC)	13	10	23

The consolidated balance sheet of the banking group is set out below:

Consolidated Balance sheet of Bank P
Assets	Amount (AED)
Loan to customers	250
Total Assets	250
Liabilities and Equities
Depositors	197
Common Equity (CET1)	26
Additional Tier1 (AT1)	7
Tier 2	10
Minority Interest
Common Equity (CET1)	3
Additional Tier1 (AT1)	1
Tier 2	6
Liabilities and Equities	250

For illustrative purposes, Bank S is assumed to have risk-weighted assets of 100. In this example, the minimum capital requirements of Bank S and the subsidiary’s contribution to the consolidated requirements are the same since Bank S does not have any loans to Bank P. This means that it is subject to the following minimum plus capital conservation buffer requirements and has the following surplus capital:

Minimum and surplus capital of Bank S
Capital	Minimum plus Capital conservation Buffer	Surplus
CET1	(7% + 2.5%) of 100 = 9.5	0.50 (10- 9.5 )
T1	(8.5%+ 2.5%) of 100 = 11	4.00 (10+5-11)
TC	(10.5% +2.5%) of 100 = 13	10 (10+5+8 -13)

The following table illustrates how to calculate the amount of capital issued by Bank S to include in consolidated capital, following the calculation procedure set out in paragraphs 35 to 41 of the Tier Capital Supply Standards.

Bank S: amount of capital issued to third parties included in the consolidated capital.
Capital	Total Amount Issued (A)	Total Amount Issued to third party (B)	Surplus (C)	Surplus attributable to third parties (i.e. amount excluded from consolidated capital) (D) = ( C) * (B/A)	Amount Included in the consolidated capital (E) = (B)-(D)
CET1	10	3	0.5	0.15	2.85
T1	15	4	4	1.07	2.93
TC	23	10	10	4.35	5.65

The following table summarizes the components of capital for the consolidated group based on the amounts calculated in the table above. Additional Tier 1 is calculated as the difference between Common Equity Tier 1 and Tier 1 and Tier 2 is the difference between Total Capital and Tier 1.

Bank S: amount of capital issued to third parties included in the consolidated capital.
Capital	Total amount issued by Parent (all of which is to be included in consolidated capital)	Amount issued by subsidiaries to third parties to be included in the consolidated capital	Total amount of capital issued by parent and subsidiary to be included in the consolidated capital
CET1	26	2.85	28.85
AT1	7	0.08	7.08
T1	33	2.93	35.93
T2	10	2.72	12.72
TC	43	5.65	48.65

Appendix 5: Threshold Deduction

This Appendix is meant to clarify the reporting of threshold deduction and calculation of the 10% limit on significant investments in the common shares of unconsolidated financial institutions (banks, insurance and other financial entities); and the 10% limit on deferred tax assets arising from temporary differences.

CET1 Capital (prior to regulatory deductions)	1000
Regulatory deductions:	300
Total CET1 after the regulatory adjustments above (CET1C)	700
Total amount of significant investments in the common share of banking, financial and insurance entities	150
Total amount of Deferred tax assets arising from temporary differences	150

*This is a “hypothetical” amount of CET1 that is used only for the purpose of determining the deduction of above two items for the aggregate limit. Amount of CET1 = Total CET1 (prior to deduction) – All the deduction except the threshold deduction (i.e. all deduction outlined in para 44 to 68 of the Tier Capital Supply Standards) minus the total amount of both DTA that rely on future profitability and arise from temporary difference and significant investments in the unconsolidated financial institutions.

Appendix 6: Effective Countercyclical Buffer

Assume a bank has the following capital ratios

Capital Base	Minimum Capital Requirements	Bank's Capital Ratio
Common Equity Tier 1 Capital Ratio	7.00%	9.50%
Tier 1 Capital Ratio	8.50%	0.00%
Tier 2 Capital Ratio	2.00%	4.00%
Total Capital Ratio	10.50%	13.50%

From the above table, the bank has fulfilled all minimum capital requirements. In addition, the bank has to meet the additional capital buffers:

Capital Conservation Buffer (CCB)	2.50%
Countercyclical Buffer	0.00%
D- SIB	1.00%
Aggregated Buffer requirement (effective CCB)	3.50%

The table below shows the adjusted quartiles accordingly:

Freely available CET 1 Ratio	Minimum Capital Conservation Ratios (expressed as a percentage of earnings)
Within 1^st quartile of buffer: 0.0 % - 0.875%	100 %
Within 2^nd quartile of buffer: > 0.875% - 1.75%	80 %
Within 3^rd quartile of buffer: > 1.75% - 2.625%	60 %
Within 4^th quartile of buffer: > 2.625% - 3.5%	40 %
Above top of the buffer: > 3.5%	0 %

As the bank does not have Additional Tier 1, the bank has to use 8.5% of its available CET1 to fulfill the minimum Tier 1 requirement of 8.5%. Only the proportion of CET1 that is not allocated to fulfill the minimum capital requirements is freely available to fulfill the buffer requirement. For this bank, 1% CET1 is freely available, because the bank already used 8.5% of its CET1 to fulfill the Tier 1 ratio. (9.5% available CET1 - 8.5% CET1 required to fulfill the Tier 1 minimum requirement of 8.5%).

Impact: The bank breaches the effective CCB with 1% freely available CET1. Capital conservation is required by at least 80% of the bank’s earnings. Distributions to shareholders is limited to maximal 20% of the bank’s earnings (Central Bank approval of dividends still required).

II. Tier Capital Instruments

Introduction

1.This guidance explains how banks should comply with the Tier Capital Instruments Standard. It must be read in conjunction with the Capital Regulation and Standards for Capital Adequacy of Banks in the UAE. It also ensures that banks issue robust and simple Tier capital instruments.

2.A bank needs to take into consideration the below points when issuing capital publicly or privately:

a.The Central Bank expects that issuers will formulate the terms and conditions so that they are not complex, but as simple and as clear as possible.
b.Prudential clauses of importance from a prudential point of view should not be written in italics. They should also not be worded in a way that makes it unclear whether they do actually apply (e.g. ‘it is expected that’, ‘if required by the regulation’, etc.). Terms and conditions must be worded clearly.
c.The wording used must be in accordance with that in the Capital Standards/ Guidance.
d.The text should avoid making references to ‘as determined by the bank’ or to regulatory reporting dates. All requirements must be fulfilled at any time.
e.It is not desirable to specify the reference to say ‘under applicable law’ or ‘if required by the applicable banking rules’ when it is clear that legal requirements come directly from the Central Bank, Capital Regulation, Standards or as Guidance.
f.A detailed list may easily create the impression that the list maybe exhaustive. The bank has to clearly note when a list is not exhaustive.

Distributable Items:

3.The definition of distributable items may change when the Central Bank introduces the solo level concept.

Subordination:

4.Additional Tier 1 instruments will rank below Tier 2 instruments by virtue of subordination. The instrument should not be subject to set-off or netting arrangements that would undermine the instrument's capacity to absorb losses.

Redemption Notices:

5.Where a notice has not been revoked as of the relevant date, it follows that a payment is due to the holder. Any non-payment thereafter may trigger an enforcement event. Any notice for redemption should become void and null as soon as the Central Bank declares that a PONV trigger event has occurred.

Call of Instruments:

a.Optional Call:
The Central Bank does not prohibit the issuer to call the instrument at its option but only after a period of 5 years.
b.Regulatory Call:
The Central Bank does not prohibit the issuer to call the instrument in case of a capital event so that they become or, as appropriate, remain, qualified regulatory capital. However, the amount in case of a capital event can be the outstanding amount or the amount that qualifies as regulatory capital, if some amount of the instrument is held by the issuer or whose purchase is funded by the issuer, save where such non-qualification is only as a result of any applicable limitation on the amount of such capital.
c.Tax Call:
The Central Bank does not prohibit the issuer to call the instruments in case of a tax event. A tax event may occur at any time on or after the issue date. A tax event can occur as a result of a change in the applicable tax treatment of the instrument.

Note that both the optional call and the tax call require the Central Bank’s approval.

Changes of Terms and conditions:

a. Insignificant Changes to Terms and Conditions (Variation):

The issuer may vary the terms and conditions of the instrument subject to the condition of redemption in the Tier capital instrument Standard. Variation of the terms and conditions of the instrument can occur on optional call regulatory call, or tax call. Changes must be legally enforceable.

b. Significant Changes to Terms and Conditions:

Significant changes to the terms and conditions of the instrument will require the approval of the holders. Every instrument that undergoes significant changes needs to meet all requirements of the Tier Capital Instruments Standard.

Every instrument with changed terms and conditions need to be re-approved by the Central Bank by applying Stage 2 of the Approval Process in Appendix B of the Tier Capital Instruments Standard (Stage 1 of the Approval Process can be omitted in this case).

Coupon Payments:

6.No provision should link a change in payments to contractual, statutory or other obligations, as payments are fully discretionary. Payments should also not be linked to payments on other Additional Tier 1 instruments.

Dividend and Redemption Restrictions:

7.Dividend stopper arrangements that prevent for example dividend payments on common shares are not prohibited by the Central Bank. Furthermore, dividend stopper arrangements that prevent dividend payments on other Additional Tier 1 instruments are not prohibited by Central Bank. However, stoppers must not impede the full discretion that bank must have at all times to cancel distributions/payments on the instrument, nor must they act in a way that could hinder the recapitalization of the bank. For example, it would not be permitted for a stopper on an Additional Tier 1 instrument to:

i.attempt to stop payment on another instrument where the payments on this other instrument were not also fully discretionary;
ii.prevent distributions to shareholders for a period that extends beyond the point in time that dividends/coupons on the instrument are resumed;
iii.impede the normal operation of the bank or any restructuring activity (including acquisitions/disposals).

8.A dividend stopper may act to prohibit actions that are equivalent to the payment of dividend, such as the bank undertaking discretionary share buybacks. The dividend stopper will remain until one coupon following the dividend stopper date has been made in full or an amount equal to the same has been duly set aside or provided for in full for the benefit of the holders of the instrument.

Maximum Distributable Amount (MDA):

To further clarify the MDA’s calculation, below is an example of the calculation:

Bank Capital Holdings	14.0%

Bank Capital Requirements	%

CET1	7.0%
AT1	1.5%
Tier 2	2.0%
Pillar 2	0.0%
Capital Conservation Buffer	2.5%
Countercyclical Buffer	0.000%
D-SIB Buffer	1.5%
Total	14.5%

Combined Buffer	4.0%
Quartile of Buffer	1.0%
Bank Capital Gap	0.5%

Quartile 1		Quartile 2		Quartile 3		Quartile 4
0.0	1.0%	1.0%	2.0%	2.0%	3.0%	3.0%	4.0%

The bank first will need to fulfill all minimum requirements. As the bank only has CET1 capital available, it needs to use CET1 capital to fulfill all minimum capital requirements (10.5%=7%+1.5%+2%). After fulfilling the minimum capital requirements, the bank has still 3.5% (=14.0%-10.5%) CET1 capital available to fulfill the combined buffer requirements of 4%. Hence, the Bank’s capital gap is 0.5%.

From the table above 3.5% means that the bank is in the fourth of the buffer requirements. Therefore, the MDA is restricted to 60% of the bank’s earnings, which means the bank may distribute no other restrictions and limitations considered, up to 60% of the earnings in the form of dividend, Additional Tier 1 payments, and variable remuneration.

Note that items considered to be distributions include dividends and share buybacks, discretionary payments on other Tier 1 capital instruments and discretionary bonus payments to staff. Payments that do not result in a depletion of CET1, which may for example include certain scrip dividends, are not considered distributions.

Note also that earnings are defined as distributable profits calculated prior to the deduction of elements subject to the restriction on distributions. Earnings are calculated after the tax, which would have been reported had none of the distributable items been paid. As such, any tax impact of making, such distributions are reversed out. Where a bank does not have positive earnings and has a CET1 ratio less than 9.5%, it would be restricted from making positive net distributions.

Gross-up Clauses:

Gross-up clauses for Additional Tier 1:

9.Gross up clauses are acceptable only if:

i.It is activated by decision of the local tax authority of the issuer and not the investor,
ii.The increased payments do not exceed distributable items,
iii.The gross-up is in relation to the dividend and not the principal.

Gross up Clauses for Tier 2:

10.The second condition related to distributable items is not relevant for Tier 2 instruments, as Tier 2 coupons are not restricted by the amount of available distributable items. Therefore, Tier 2 gross-up clauses can be considered as acceptable if they are activated by a decision of the local tax authority of the issuer, and if they relate to dividend and not on principal. The other two conditions on gross-up clauses are, however, activation is still required by a local tax authority of the issuer and not the investor, and the gross-up is in relation to the dividend payments only not principal.

Point of Non-Viability (PONV):

11.The issuance of any new shares as a result of the Point of Non-Viability must occur prior to any public sector injection of capital so that the capital provided by the public sector is not diluted.

Further guidance on grandfathering:

12.If a Tier 2 instrument eligible for grandfathering begins its final five-year amortisation period prior to 1st January 2018, the base for grandfathering in this case must take into account the amortised amount, not the full nominal amount. As for the rate, if a Tier 2 instrument eligible for grandfathering begins its final amortisation period on 1st January 2018, then individual instruments will continue to be amortised at a rate of 20% per year while the grandfathering cap will be reduced at a rate of 10% per year. Note that each tranche needs to be treated as a separate tranche.

Amortisation of Tier 2 instruments:

13.During the last 5 years of the eligibility before maturity, the eligibility of Tier 2 instruments is written down by 20% per year, i.e. the eligible amount is calculated by multiplying:

i.The nominal amount of the instruments on the first day of the final five year period of their contractual maturity divided by the number of calendar days in that period;
ii.The number of remaining calendar days until the contractual maturity of the instruments.

Documents required to be submitted for the application to issue new Tier Capital Instruments

1.The CN-01 form should be completed, filled and signed by the bank's Chief Executive Officer (CEO), Chief Financial Officer (CFO), Head of Internal Audit, Head of Compliance and Head of Risk.
2.Full terms and conditions, together with the risk factors relating to the instrument.
1. i.Instruments of Islamic banks issued through an SPV must also provide the contract between the bank and the SPV
3.Shareholder Approval:
1. i.Tier capital instruments require shareholder approval.
2. ii.The approval shall relate to an issuance of the specific planned Tier capital instrument (Additional Tier 1 or subordinated Tier 2). Moreover, the approval should clearly mention that the instrument is subordinated; coupon payments may not be paid under certain circumstances, and contains a Point of Non-Viability (PONV) condition.
4.Legal opinion letters:
1. i.Legal Opinion of an independent appropriately qualified and experienced lawyer that the terms and conditions are compliant with the requirements detailed in the Capital Regulations, Standards and Guidance.
2. ii.Legal opinion of an independent appropriately qualified and experienced lawyer that the obligations contained in terms and conditions will constitute legal, valid, binding and enforceable obligations.
3. iii.Legal opinion of an independent appropriately qualified and experienced lawyer that the Self-Assessment of the issuing bank meets the Conditions and the Capital Regulations
5.Capital planning and forecast:

The Business as Usual (BAU) case should be formulated, such as:

a)Amount of assumed issuance and the expected issuance date (e.g. Q1 2018).
b)Capital structure: % in CET1, AT1, Tier 2 and deductions (using Basel 3 capital components)
c)Five (5) year forecast of the Balance sheet, Profit & loss P&L, Risk Weighted Assets RWA.
d)Amortization of Tier Capital Issuances: Subordinated Tier 2 in the last 5 years prior to maturity and AT1 Instruments, if they fall under a grandfathering rule, for example, 10% per year.
e)Key assumptions and analysis (e.g. on balance growth, asset structure, conversation factors CCF for off balance, operational and market risk, total assets growth, of which businesses that will be the main driver for such growth) and CRWA (i.e. on balance sheet exposure in different industry) in numerical as well as qualitative aspect.

6. Stress Testing Scenarios:

The Stress Testing should be submitted in form of a presentation including the underlying data in Excel sheet.

Two Scenarios should be provided as part of the presentation:

a)Top 2 customers defaulting (point in time analysis permitted: End of Year): Definition of top 2 customers; name of top 2 customers; exposure (including on and off balance exposures); what type of eligible collateral and value of collateral, with two sub-scenarios:
1. i.With average provisioning level of similar assets, and
2. ii.75% provisioning level
b)Central Bank’s Macro-Economic Stress Test
1. •Assumptions and results of the latest Macroeconomic stress tests performed by the Central Bank.
7.Non-Funding Notice: Neither the bank nor a related party over which the bank exercises control or significant influence can have purchased the instrument, nor can the bank directly or indirectly have funded the purchase of the instrument.
Private Placements
•Offer letter is required for private placements, including risk factors and the bank's financial and risk situation.
•Market Conformity Analysis: The bank has to provide evidence on why the pricing of the instrument conforms to the market rate.

Frequently Asked Questions (FAQ)
Question 1: The last bullet point mentions “Liability accounted instruments must set the loss absorption trigger at a level of 7.625%.” Is it Central Bank decision to have this trigger set at 7.625%? Are any triggers likely to be set for equity accounted instruments?
It is Central Bank’s decision for the trigger level. However, the trigger level derives directly from Basel. Minimum capital requirement plus 0.625%. Note, that the consultation documents do not consult on a trigger for equity accounted AT1. However, in particular in conjunction with the development of a recovery/ resolution regulation, the introduction of a trigger level may also be discussed again, as pointed out in the presentation that was circulated with the Tier capital instrument documents.
Question 2: Point of Non-Viability mentions that “A Point of Non-Viability means that the Regulator has determined that the issuer has or will become, Non-Viable without: (a) a Write-down; or (b) a public injection of capital (or equivalent support).”. We need clarification as to whether the PONV will be determined by the regulator or the issuer. Also, please advise under what circumstance will partial Write-down be permitted. The regulator determines whether the bank is non-viable or not. Partial write-down will be permitted only for exceptional cases. Explicit examples will not be provided to prevent any expectation.
Question 3: Appendix A: Application Process 1.4: It is mentioned that “Stress Testing with a stress scenario of top 2 customers are defaulting”. Since many UAE banks have concentrations in this area, what loss rate needs to be applied in this stress scenario?
Current status quo is two sub scenarios: 75% loss rate and average loss rate of the bank for such customers.

III. Credit Risk

I. Introduction
1.This section provides the guidance for the computation of Credit Risk Weighted Assets (CRWAs) under the Standardised Approach (SA). This guidance should be read in conjunction with the Central Bank’s Standard on Credit Risk.
2.A bank must apply risk weights to its on-balance-sheet and off-balance-sheet items using the risk- weighted assets approach. Risk weights are based on credit ratings or fixed risk weights and are broadly aligned with the likelihood of obligor or counterparty default.
3.A bank may use the ratings determined by an External Credit Assessment Institution (ECAI) for credit ratings. In general, banks should only use solicited ratings from recognised ECAIs for the purposes of calculating capital requirement under the SA. However, in exceptional cases, the bank may use unsolicited ratings with the Central Bank approval.
4.Note that all exposures subject to the SA should be risk weighted net of specific allowances and interest in suspense. The guidance must be read in conjunction with Securitisation, Equity Investments in Funds, Counterparty Credit Risk and Credit Valuation Guidance.
5.The guidance set out in this section applies to all exposures in the banking book. Exposures in the trading book should be captured as part of a bank’s market risk capital calculations.

II. Clarification and Guiding Principles

A. Claims on Sovereigns
6.UAE Sovereigns: The UAE Sovereign asset class consists of exposures to Federal Government and Emirates governments.
7.Federal Government includes all the UAE Federal entities and Central Bank of the UAE (Central Bank). Banks have transition period of 7 years from the date of implementation for exposures to Federal Government that receive a 0% RW, if such exposures are denominated in AED or USD and funded in AED or USD. However, any claim on UAE Federal Government in foreign currency other than USD should be risk weighted according to the published credit risk rating of UAE Federal Government. In the absence of solicited rating for UAE Federal Government, unsolicited ratings are permissible for assigning risk weights for UAE Federal Government exposures.
8.Emirates Governments’ exposures include exposures to the Ruler and the Crown Prince of each emirate acting in the capacity as ruler and crown prince, as well as exposures to the ministries, municipalities and other Emirates government departments. Banks have transition period of 7 years from the date of implementation for exposures to Emirates Governments that receive a 0% RW, if such exposures are denominated in AED or USD and funded in AED or USD. Any claim on Emirates governments in a foreign currency other than USD should be risk weighted according to the rating of the Emirate Government.
9.GCC Sovereigns: If the regulators in GCC exercise their discretion to permit banks in their jurisdiction to allocate a lower risk weight to claims on that jurisdiction’s sovereign, denominated in the domestic currency of that jurisdiction and funded in that currency, the same, lower risk weight may be allocated to such claims (e.g. 0% assigned to the Government of Saudi Arabia if the exposure is denominated and funded in SAR). This is limited only to GCC sovereign exposures and this lower risk weight may be extended to the risk weighting of collateral and guarantees (refer to section on credit risk mitigation).
10.All other exposures to sovereigns should be risk weighted according to the sovereign rating even if the national supervisory authority adopts preferential risk weights.

B. Claims on Public Sector Entities (PSEs)
Non-Commercial PSEs
11.Non-Commercial PSEs include administrative bodies responsible to the UAE Federal Government, to the Emirates Governments, or to local authorities and other non-commercial undertakings owned by the Federal governments, Emirates Governments or local authorities. These non-commercial PSEs do not have specific revenue- raising powers or specific institutional arrangements the effect of which is to reduce their risks of default. The risk of non-commercial PSE exposures is not equivalent to the risk of sovereign exposures and hence the treatment of claims on sovereigns cannot be applied to non-commercial PSE. However, in exceptional cases, a Non-Commercial PSE may receive the same treatment as its sovereign, if the entity has proven formal arrangements in place to the effect that there is no distinction between the risk of the entity and the risk of its sovereign. The Central Bank's GRE List would reflect this accordingly.
12.If the UAE borrower satisfies the criteria in paragraph 13, the risk weight shall be the same as that for claims on banks. However, the preferential treatment for short-term claims on banks may not be applied. In particular, unrated non-commercial PSE qualify for 50% risk weight. The criteria are based on the principle that non-commercial PSEs qualify for lower risk weights because they have significantly lower risk than a commercial company does. In addition, banks are specifically required to ensure compliance with other aspects of the banking regulations when lending to these entities, for example, but not limited to, the Central Bank large exposure regulations.
13.The alternative criteria listed are to be applied in determining whether an entity qualifies for treatment as a non-commercial PSE. The Central Bank provides a list (so-called GRE List) to all the banks in the UAE which includes non-commercial PSEs.
1. i.Direct government (Federal or Emirate) ownership >50% directly or through a qualifying PSE that itself is majority owned by government.
2. ii.An entity whose complete activities are functions of a government.
3. iii.Its services are of public benefit including when services are sold directly to the public (e.g. electricity and water). The service provided should be of substantial public benefit and the entity should have a monopolistic nature and there should be a significant likelihood that the government would not let the entity go bankrupt.
4. iv.Not listed on any stock exchange.
5. v.Provides internal services to parent or sister companies only, and the parent company is itself a non-commercial PSE.
6. vi.The function of the company is of a non-commercial nature and does not operate in a competitive market.
7. vii.Does not operate overseas.
14.In the case of a UAE sovereign guarantee given to a non-commercial PSE, with the Central Bank approval, the guarantee may be treated as eligible credit risk mitigation (CRM) to reduce the exposure provided the bank ensures compliance with the entire minimum regulatory requirements and operational requirements stated in the credit risk standard.
Government Related Entities (GRE)
15.These are commercial undertakings that are fully owned or more than 50% in ownership by Federal governments, or by Emirates governments. As these entities function as a corporate in the competitive markets even though the government is the major shareholder, Central Bank requires such exposures to be classified under GRE and get the same treatment of claims on corporate with the appropriate risk weights based on the credit rating of the entity.
16.All banks must comply with the latest version of the GRE list for classification and risk weighting of entities. Banks that have information that would lead to the addition (or removal) of an entity to (or from) the GRE list must submit such information to the Central Bank. All banks must comply with the GRE list unless any addition or removal of entities is reflected in the GRE list.
17.Banks Internal audit/compliance department should perform regular reviews to ensure the PSE and GRE classification complies with the Central Bank GRE list.

C. Claims on Multilateral Development Banks (MDBs)
18.Exposures to MDBs shall in general be treated similar to claim on banks, but without using the preferential treatment for short term claims. However, highly rated MDBs, which meet certain criteria specified below, are eligible for a preferential 0% risk weight.
1. i.Very high quality long-term issuer ratings, i.e. a majority of an MDB's external assessments must be AAA;
2. ii.Shareholder structure is comprised of a significant proportion of sovereigns with long-term issuer credit assessments of AA- or better, or the majority of the MDB's fund-raising is in the form of paid-in equity/capital and there is little or no leverage;
3. iii.Strong shareholder support demonstrated by the amount of paid-in capital contributed by the shareholders; the amount of further capital the MDBs have the right to call, if required, to repay their liabilities; and continued capital contributions and new pledges from sovereign shareholders;
4. iv.Adequate level of capital and liquidity (a case-by-case approach is necessary in order to assess whether each MDB's capital and liquidity are adequate), and
5. v.Strict statutory lending requirements and conservative financial policies, which would include among other conditions a structured approval process, internal creditworthiness and risk concentration limits (per country, sector, and individual exposure and credit category), large exposures approval by the board or a committee of the board, fixed repayment schedules, effective monitoring of use of proceeds, status review process, and rigorous assessment of risk and provisioning to loan loss reserve.
19.MDBs currently eligible for 0% risk weight are the World Bank Group comprised of the International Bank for Reconstruction and Development, the International Finance Corporation, the Multilateral Investment Guarantee Agency and the International Development Association, the Asian Development Bank, the African Development Bank, the European Bank for Reconstruction and Development, the Inter-American Development Bank, the European Investment Bank, the European Investment Fund, the Nordic Investment Bank, the Caribbean Development Bank, the Islamic Development Bank, the Council of Europe Development Bank, the International Finance Facility for Immunisation and the Asian Infrastructure Investment Bank. The list of MDBs is by the Basel Committee on Banking Supervision (BCBS) and can be found on the website www.bis.org. All banks are required to refer to and comply with the BCBS list. Whilst the BCBS evaluates the eligibility of the entities on a case-by-case basis, the Central Bank has no role in the assessment and decision of entities being eligible for 0% risk weight.

D. Claims on Banks
20.The types of claims that fall under this asset class are claims not limited to those due from banks, nostro accounts, certificates of deposit (CD) issued by banks, and repurchase agreements (repos). A risk weight of 50% (long term) and 20% (short term) is applied to claims on unrated banks. However, this treatment is subject to the provision that no claim on an unrated bank may receive a risk weight lower than that applied to claims on its sovereign of incorporation.
21.Exposure to intra-group of the bank have to be risk weighted according to the external rating of the counterparty entity (e.g. exposures to the head office shall receive the risk weight according to the rating of the head office).

E. Claims on Securities Firms
In addition to providing loans to other banks in the interbank market, banks provide loans to securities firms. The securities firms use these loans to fund the purchase of securities. Exposures to these securities firms shall be treated as claims on banks if these firms are subject to prudential standards and a level of supervision that is equivalent to those applicable to banks. Such supervision must include at least both capital and liquidity requirements. Exposures to all other securities firms that are not treated as claims on banks will be treated as exposures to corporates.

F. Claims on Corporates
22.For the purposes of calculating capital requirements, exposures to corporates include, but are not limited to, exposures (loans, bonds, receivables, etc.) to incorporated entities, associations, partnerships, proprietorships, trusts, funds and other entities with similar characteristics, except those which qualify for one of the other exposure classes. The corporate exposure class does not include exposures to individuals.
23.Claims on corporates may be risk- weighted based on the entity’s external credit rating assessment. The Central Bank may increase the standard risk weight for unrated claims where it judges that a higher risk weight is warranted by the overall default experience. As part of the supervisory review process, the Central Bank may also consider whether the credit quality of corporate claims held by banks warrants a risk weight higher than 100%.

G. Claims Included in the Regulatory Retail Portfolios
To qualify for a 75% risk weight in the regulatory retail portfolio, claims must meet the four criteria stated in the Credit Risk Standard (orientation criterion, product criterion, granularity criterion and value criterion). All other retail claims should be risk weighted at 100%. For granularity criterion and value criterion, the aggregated exposure means gross amount (i.e. not taking any credit risk mitigation into account) of all forms of retail exposures, excluding residential real estate exposures. In case of off-balance sheet items, the gross amount will be calculated after applying credit conversion factors. In addition, “to one counterparty” means one or several entities that may be considered as a single beneficiary (e.g. in the case of a small business that is affiliated to another small business, the limit would apply to the bank’s aggregated exposure on both businesses).
24.Claims secured by residential property and past due retail loans are to be excluded from the overall regulatory retail portfolio for risk weighting purposes. These are addressed separately in the asset classes for residential property or commercial real estate.

H. Claims Secured by Residential Property
25.Claims secured by residential property are defined as loans secured by residential property that is either self-occupied or rented out. The property must be fully mortgaged in favor of the bank.
26.The Loan-to-Value (LTV) ratio is the outstanding loan exposure divided by the value of the property. The value of the property will be maintained at the value at origination unless the Central Bank requires banks to revise the property value downward. The value must be adjusted if an extraordinary, idiosyncratic event occurs resulting in a permanent reduction of the property value. Such adjustment must be notified to the Central Bank. If the value has been adjusted downwards, a subsequent upwards adjustment can be made but not to a higher value than the value at origination.
27.A 35% risk weighting shall apply to eligible residential claims if the LTV ratio is less than 85% and the exposure is less than AED 10 million. When the loan amount exceeds AED 10 million and the LTV is below 85%, the loan amount up to AED 10 million will receive 35% risk weight and the remaining amount above AED 10 million receives 100% risk weight.
28.A risk weight of 75% may be applied by banks that do not hold information regarding LTVs for individual exposures
29.For residential exposures that meet the criteria for regulatory retail claims and have an LTV greater than 85%, the 75% risk weight must be applied to the whole loan, i.e. the loan should not be split.
30.The risk-weights in this asset class may be applied to a limit of four individual properties made to a single individual customer that are owner- occupied or rented out by a retail borrower. Any additional exposure to a customer with loans for four individual properties shall be classified as a claim on a commercial property and risk weighted with 100%.

I. Claims Secured by Commercial Real Estate
31.Commercial real estate is defined as a loan granted by a bank to a customer specifically for the purpose of buying or constructing commercial property including residential towers and mixed use towers.

J. Past Due Loans
32.Risk weights of past due loans depend on the degree of provision coverage on the claim. For any past due loan, 100% Credit Conversion Factor (CCF) should be applied for the off-balance sheet component to calculate the credit risk-weighted assets. Any exposure that is past due for more than 90 days should be reported under this asset class, net of specific provisions (including partial write-offs). This differs from the IFRS 9 classification as the past due asset includes any loans more than 90 days past due.

K. Higher-Risk Categories
33.Higher risk weights may be applied to assets that reflect higher risks. A bank may decide to apply a risk weight of 150% or higher.

L. Other Assets
34.Assets in this class include any other form of exposure that does not fit into the specific exposure classes. The standard risk weight for all other assets will be 100%, with the exception of the following exposures:
a)0% risk weight applied to
1. i.cash owned and held at the bank or in transit;
2. ii.Gold bullion held at the bank or held in another bank on an allocated basis, to the extent the gold bullion assets are backed by gold bullion liabilities;
3. iii.All the deductions from capital according to the Tier capital supply of Standards of Capital Adequacy in the UAE, for reconciliation between the regulatory return and the audited/reviewed financial statement.
b)20% risk weight:
1. i.Cash items in the process of collection.
c)100% risk weight
1. i.Investments in the capital of banking, financial and insurance entities to which a credit risk standardised approach applies, unless they are deducted from regulatory capital according to section 3.9 of Tier capital supply of Standards Capital Adequacy in the UAE. (listed entity)
2. ii.Investments in commercial entities below the materiality thresholds according to section 5 of Tier capital supply of Standards of Capital Adequacy in the UAE (listed);
3. iii.Premises, plant and equipment and other fixed assets,
4. iv.Prepaid expenses such as property taxes and utilities,
5. v.All other assets
d)150% risk weight
1. i.The amount of investments in the capital of banking, financial and insurance entities to which a credit risk standardised approach applies unless they are deducted from regulatory capital deduction according to section 3.9 of Tier capital supply of Standards of Capital Adequacy in the UAE (unlisted entity);
2. ii.Investments in commercial entities below the materiality thresholds according to section 5 of Tier capital supply of Standards of Capital Adequacy in the UAE (unlisted entity).
e)250% risk weight
1. i.Investments in the capital of banking, financial and insurance entities to which a credit risk standardised approach, applies unless they are deducted from regulatory capital according to the threshold deduction described in section 3.10 of Tier capital supply of Standards of Capital Adequacy in the UAE.
2. ii.Deferred tax assets (DTAs) which depend on future profitability and arise from temporary differences unless they are not deducted under threshold deductions described in section 4 of Tier capital supply of Standards of Capital Adequacy in the UAE.
f)1250% risk weight
1. i.Investments in commercial entities in excess of the materiality thresholds must be risk-weighted at 1/ (Minimum capital requirement) (i.e. 1250%).

M. Off-Balance Sheet Items: Credit Conversion Factors
35.Under the standardised approach, off-balance sheet items are converted into credit exposure equivalents with Credit Conversion Factors (CCFs). CCFs approximate the potential amount of the off-balance sheet facility that would have been drawn down by the client by the time of its default. The credit equivalent amount is treated in a manner similar to an on-balance sheet instrument and is assigned the risk weight appropriate to the counterparty. The categories of off-balance sheet and its appropriate CCFs are outlined in the standard.
Calculating credit equivalent amounts for off-balance sheet item:
(Principal amount – provision amount) * CCF = Credit equivalent amount.
Bank guarantees
36.There are two types of bank guarantees viz. financial guarantees (direct credit substitutes); and performance guarantees (transaction-related contingent items).
37.Financial guarantees essentially carry the same credit risk as a direct extension of credit i.e. the risk of loss is directly linked to the creditworthiness of the counterparty against whom a potential claim is acquired, and therefore attracts a CCF of 100%.
38.Performance guarantees are essentially transaction-related contingencies that involve an irrevocable undertaking to pay a third party in the event the counterparty fails to fulfil or perform a contractual non-financial obligation. In such transactions, the risk of loss depends on the event which need not necessarily be related to the creditworthiness of the counterparty involved. Performance guarantees attract a CCF of 50%.
Commitments
39.The credit conversion factor applied to a commitment is dependent on its maturity. Banks should use original maturity to report these instruments.
40.Longer maturity commitments are considered to be of higher risk because there is a longer period between credit reviews and less opportunity to withdraw the commitment if the credit quality of the customer deteriorates. Commitments with an original maturity up to one year and commitments with an original maturity over one year will receive a CCF of 20% and 50%, respectively.
41.However, any commitments that are unconditionally cancellable at any time by the bank without prior notice, or that effectively provide for automatic cancellation due to deterioration in a borrower’s creditworthiness, will receive a 0% CCF. This requires that banks conduct formal reviews of the facilities regularly and this provides the opportunity to take note of any perceived deterioration in credit quality and thereby cancellability by the bank.
42.For exposures that give rise to counterparty credit risk, the exposure amount to be used in the determination of RWA is to be calculated according to the standardised approach for Counterparty Credit Risk (SA-CCR).

N. Credit Risk Mitigation (CRM)
43.Only eligible collateral, guarantees, credit derivatives, and netting under legally enforceable bilateral agreements (such as ISDAs) are eligible for CRM purposes. For example, a commitment to provide collateral or a guarantee is not recognised as an eligible CRM technique for capital adequacy purposes until the commitment to do so is actually fulfilled.
44.No additional CRM will be recognised for capital adequacy purposes on exposures where the risk weight is mapped from a rating specific to a debt security where that rating already reflects CRM. For example, if the rating has already taken into account a guarantee pledged by the parent or sovereign entity, then the guarantee shall not be considered again for credit risk mitigation purposes.
45.Banks should ensure that all minimum legal and the operational requirements set out in the Standard are fulfilled.
CRM treatment by substitution of risk weights
46.The method of substitution of risk weight is applicable for the recognition of the guarantees and credit derivatives as CRM techniques under both the simple approach and the comprehensive approach. Under this method, an exposure is divided into two portions: the portion covered by credit protection and the remaining uncovered portion.
47.For guarantees and credit derivatives, the value of credit protection to be recorded is the nominal value. However, where the credit protection is denominated in a currency different from that of the underlying obligation, the covered portion should be reduced by a standard supervisory haircut defined in the Credit Risk Standard for the currency mismatch.
48.For eligible collateral, the value of credit protection to be recorded is its market value, subject to a minimum revaluation frequency of 6 months for performing assets, and 3 months for past due assets (if this is not achieved then no value can be recognised). Where the collateral includes cash deposits, certificates of deposit, cash funded credit-linked notes, or other comparable instruments, which are held at a third-party bank in a non-custodial arrangement and unconditionally and irrevocably pledged or assigned to the bank, the collateral will be allocated the same risk weight as that of the third party bank.
Simple Approach
49.Under simple approach, the eligible collateral must be pledged for at least the life of the exposure, i.e. maturity mismatch is not allowed.
50.Where a bank has collateral in the form of shares and uses the simple approach, a 100% risk weight is applied for listed shares and 150% risk weight for unlisted shares.
Comprehensive Approach
51.Under the comprehensive approach, the collateral adjusted value is deducted from the risk exposure (before assigning the risk weight). Standard supervisory haircuts as defined in the Credit Risk Standard are applied to the collateral because collateral is subject to risk, which could reduce the realisation value of the collateral when liquidated.
52.If the exposure and collateral are held in different currencies, the bank must adjust downwards the volatility- adjusted collateral amount to take into account possible future fluctuations in exchange rates.
53.There is no distinction for applying supervisory haircuts between main index equities and equities listed at a recognised exchange. A 25% haircut applies to all equities.
Capital Add-on under Pillar 2
54.While the use of CRM techniques reduces or transfers credit risk, it gives rise to other risks that need to be adequately controlled and managed. Banks should take all appropriate steps to ensure the effectiveness of the CRM and to address related risks. Where these risks are not adequately controlled, the Central Bank may impose additional capital charges or take other supervisory actions as outlined in Pillar 2 Standard.

III. Shari’ah Implementation
55.Banks that conduct all or part of their activities in accordance with the provisions of Shari’ah laws and have exposure to risks similar to those mentioned in the Credit Risk Standard, shall, for the purpose of maintaining an appropriate level of capital, calculate the relevant risk weighted asset in line with these guidelines. This must be done in a manner compliant with the Shari’ah laws.
56.This is applicable until relevant standards and/or guidelines in respect of these transactions are issued specifically for banks offering Islamic financial services.

IV. Frequently Asked Questions (FAQ)
During the industry consultation the Central Bank received a number of questions related to the Credit Risk Standard and Guidance. To ensure consistent implementation of the Credit Risk Standard in the UAE, the main questions are addressed hereunder.
Claims on Sovereigns
Question 1: What does the 7-year transition for USD exposure to the Federal Government and Emirates Government mean for banks?
During the 7-year transition period, banks are required to have a forward looking plan on USD exposures to Federal and Emirate governments. Banks shall monitor and manage the impact of the change in risk weights of exposures in USD on the bank’s capital position. Exposures in USD as well as the banks’ capital plans will be monitored by the Central Bank.
Question 2: What is the appropriate risk weight for exposures to other GCC sovereigns?
A 0% risk weight is applied to GCC Sovereign exposures denominated and funded in the domestic currency of their country. However, exposures in non-domestic currencies (including USD) shall be risk weighted according to the rating of sovereigns.
Question 3: Does the Central Bank allow banks to apply unsolicited ratings in the same way as solicited ratings?
Bank should use ratings determined by an eligible External Credit Assessment Institution (ECAIs). Only solicited ratings are allowed to be used. The Central Bank only allows unsolicited ratings from an eligible ECAI for the UAE federal government. All other exposures shall be risk weighted using solicited ratings.
Claims on Non-Commercial Public Sector Enterprises
Question 4: Can the bank include claims on a GCC PSE denominated in their local currency under claims of Non-Commercial PSEs?
No, the preferential risk weights for Non-Commercial PSEs are only granted for UAE entities.
Question 5: Do all the seven criteria stated in the credit risk guidance have to be met or any of the criterion can be met to classify an entity as non-commercial PSE? In addition, does the bank just follow the so-called GRE list or shall the bank apply the criteria to classify entities as non-commercial PSE?
To classify entities as Non-commercial PSE, the Central Bank will consider in its approval process all seven criteria and in principle all seven criteria must be satisfied. A bank may approach the Central Bank, if the bank thinks that certain entities satisfy the criteria for a Non-commercial PSE that can be added to the GRE list. If banks have information that would lead to changes to of the GRE List, banks should inform the Central Bank accordingly.
Question 6: The guidance requires that the bank’s internal audit/ compliance departments perform regular reviews to ensure the PSE and GRE classification complies with the Central Bank's GRE list. What is the expected frequency of such a review?
The frequency of internal audit/compliance should be commensurate with the bank's size, the nature and risks of bank’s operations and the complexity of the bank.
Claims on Multilateral Development Banks (MDBs)
Question 7: Does an MDB need to satisfy all of the stated criteria or any one of the criteria to apply a 0% risk-weight?
Exposures to MDBs may receive a risk weight of 0% if they fulfill all five criteria. However, the Central Bank does not decide whether an MDB satisfies the criteria or not. The Basel Committee on Banking Supervision (BCBS) evaluates each MDB’s eligibility for inclusion in the list of 0% RW on a case-by-case basis.
Claims on Banks
Question 8: For claims on an unrated bank, can the bank apply the preferential rating as per risk weight table for short-term exposures?
A risk weight of 50% for long term exposures and 20% for short term exposures are applied to claims on unrated banks. However, no claim on an unrated bank may receive a risk weight lower than the risk weight applied to claims on its sovereign of incorporation, irrespectively of the exposure being short-term or long-term.
Claims on Corporates
Question 9: Should loans to High Net Worth Individuals (HNIs) be reported under claims in regulatory retail portfolio or claims on corporate?
No, HNI classification should be aligned with the BRF explanatory note and should be reported under claims on corporate.
Question 10: What is the treatment for SMEs and in which asset class are SME exposures reported?
Answer: Banks have to follow BRF explanatory note 6.21 for the definition of SME. Exposures classified as SME according to BRF explanatory note, are for capital adequacy reporting purposes classified as “Retail SME” and “corporate SME”. SME exposures fulfilling all of four retail criteria as stated in Section III G of the Credit Risk Standard are reported under “claims on retail”. SME that do not fulfill the retail criteria are treated under claims on corporates as per Section III F of the Credit Risk Standard.
Claims secured by Residential Property
Question 11: Does the bank have to assign 100% RW for customers with more than 4 properties?
Yes, if a customer has more than 4 properties, a bank has to report all properties of that customer as claims on commercial properties and the risk weight of the properties shall be 100%.
Question 12: Can the bank apply a preferential RW of 35% for properties under construction?
No, the preferential risk weight of 35% applies only to completed properties, as under construction, residential properties incur higher risks than buying completed properties.
Claims Secured by Commercial Real Estate
Question 13: Do loans with a collateral of a completed commercial property, irrespective of their purpose, fall under Claims secured by Commercial Real Estate?
No, this asset class is for exposures specifically for the purpose of buying/ constructing commercial property, i.e. real estate loans.
Higher-risk Categories
Question 14: What type of exposure would fall under higher risk categories? What is the appropriate RW for higher risk categories?
Almost all the exposures that receive 150% risk weight are reported under the respective asset class. The Central Bank will apply a 150% or higher risk weight, reflecting the higher risks associated with assets that require separate disclosure. For example, but not limited to, real estate acquired in settlement of debt and not liquidated within the statutory period shall be reported under the higher risk asset class with a 150% RW.
Other Assets
Question 15: The Credit Risk Standard states in section 5, that equity investment in commercial entities that are below the thresholds shall be risk weighted at 150% if the entity is unlisted. However, if the banking group has full control over the commercial subsidiary, can a lower risk weight be applied?
A 150% risk weight reflects the additional risk the commercial subsidiary underpins on unlisted equity (absence of regulatory requirement, illiquidity, etc.) exposures than listed equity exposures.
Issuer and Issuance Rating
Question 16: What will be the treatment of a rated entity (e.g. corporate) that issues a bond?
The bank must classify the bond based on the entity classification (Claim on Corporate) and assign risk weight based on the rating of the entity.
Question 17: What will be the treatment of a rated entity (e.g. corporate) that issues a bond with a guarantee by the sovereign specific to the issuance and the bond gets a higher rating than the entity itself?
Classify the bond based on the entity classification (Claim on Corporate) and assign risk weight based on the rating of the bond.
Question 18: What will be the treatment of a rated entity (e.g. corporate) that issues a bond with a lower rating than entity?
Classify the bond based on the entity classification (Claim on Corporate) and assign risk weight based on the rating of the bond.
Question 19: What will be the treatment if an unrated entity (e.g. corporate) that issues a bond (unrated), but the bond has the guarantee from sovereign, specific and direct guarantee?
Classify the bond based on the entity classification (Claim on Corporate) and assign the risk weight based on the bond rating (unrated). The guarantee should be used for credit risk mitigation by substituting the risk weight of the bond using the claims on sovereign mapping table (e.g. AAA - 0% risk weight).
Question 20: What will be the treatment if an unrated entity (e.g. corporate) that issues a bond with a guarantee given by the sovereign to the entity (and not the bond)?
Classify the bond based on the entity classification (Claim on Corporate) and assign the risk weight related to the unrated entity. The guarantee should be used for credit risk mitigation by substituting the risk weight of the bond using the claims on corporate mapping table (e.g. AAA - 20% risk weight).
Off Balance-sheet Items
Question 22: The Credit Risk Standards states that, “Any commitments that are unconditionally cancellable at any time by the bank without prior notice, or that effectively provide for automatic cancellation due to deterioration in a borrower’s creditworthiness must be converted into credit exposure equivalents using CCF of 0%”. For using CCF of 0%, please provide explanation on being cancellable at any time without prior notice.
Majority of the unconditionally cancellable commitments are subject to certain contractual conditions, which in practice may not render them as unconditionally cancelled and thereby do not qualify them for 0% CCF, implying that all the off-balance sheet items bear a risk to the bank. Bank shall conduct a formal review of the commitments at regular intervals to ensure that commitments can be cancelled from a legal and practical perspective.
Credit Risk Mitigation
Question 23: Is an approval required from the Central Bank to switch between the simple and comprehensive approach for Credit Risk Mitigation techniques? For a bank that applies the comprehensive approach, is an approval required to go back to the simple approach?
A bank that intends to apply the comprehensive approach requires prior approval from the Central Bank. Once approved and if the bank wishes to go back to simple approach, a bank requires the Central Bank's approval again to go to the simple approach.

V. Appendix: Computation of Exposures with Credit Risk Mitigation Effects

Bank A repos out cash of AED 1000 to a corporate with an external rating of AA. The corporate provides collateral in the form of debt securities issued by a bank with an external rating of AA. The debt securities have a remaining maturity of 7 years and a market value of AED 990.

Minimum holding period for various products
Transaction type	Minimum holding period	Condition
Repo-style transaction	5 Business days	Daily remargining
Other capital market transactions	10 Business days	Daily remargining
Secured lending	20 Business days	Daily revaluation

The haircut for the transaction with other than 10 business days minimum holding period, as indicated above, will have to be adjusted by scaling up or down the haircut for 10 business days as per the formula given below:

Variables	Details of the Variables	Supervisory haircuts	Scaling factor	Adjusted haircuts
He	Haircut appropriate to the underlying exposure	Exposure in the form of cash, supervisory haircut 0%	0	Not applicable
Hc	Haircut appropriate to the Collateral	Debt securities issued by a bank supervisory haircut 8%	0.71	Supervisory haircut (8%)* Scaling factor (0.71 )= 6%
Hfx	Haircut appropriate for Currency Mismatch	No Currency Mismatch	0	Not applicable

The exposure amount after risk mitigation is calculated as follows:

Variables	*E= max {0, [E x (1 + He) – C x (1 – Hc – Hfx)]}**	Value
E*	Net credit exposure (i.e. exposure value after CRM)	69.4
E	Principal Amount, which is net of specific provisions, if any For off-balance sheet, it is the credit equivalent amount	1000
He	Haircut appropriate to the underlying exposure (cash)	0
C	Value of the collateral before CRM	990
Hc	Haircut appropriate to the Collateral	6%
Hfx	Haircut appropriate for Currency Mismatch	0

Risk weighted asset for the exposure = (69.40 * 50% (AA)) = 34.70

(Exposure * Risk weight)

IV. Counterparty Credit Risk

I. Introduction
14.In March 2014, the Basel Committee on Banking Supervision (BCBS) published a new approach for measurement of counterparty credit risk exposure associated with OTC derivatives, exchange-traded derivatives, and long settlement transactions, the standardised approach for CCR (SA-CCR). The approach in the Central Bank’s Standards for CCR closely follows the SA-CCR as developed by the BCBS in all material areas of substance.
15.The BCBS developed the SA-CCR to replace the two previous non-internal model methods, the Current Exposure Method (CEM) and the Standardized Method (SM). The SA-CCR was designed to be more risk sensitive than CEM and SM. It accurately recognizes the effects of collateralization and recognizes a benefit from over-collateralization. It also provides incentives for centralized clearing of derivative transactions.
16.As is the case with the CEM, under the SA-CCR the exposure at default (EAD) is calculated as the sum of two components: (i) replacement cost (RC), which reflects the current value of the exposure adjusted for the effects of net collateral including thresholds, minimum transfer amounts, and independent amounts; and (ii) potential future exposure (PFE), which reflects the potential increase in exposure until the closure or replacement of the transactions. The PFE portion consists of a multiplier that accounts for over-collateralization, and an aggregate add-on derived from the summation of add-ons for each asset class (interest rate, foreign exchange, credit, equity, and commodity), which in turn are calculated at the hedging set level.

II. Clarifications

A. Replacement Cost
17.Note that in mathematical terms, replacement cost for un-margined transactions is calculated as:
RC = max(V − C; 0)

where RC is replacement cost, V is the total current market value of all derivative contracts in the netting set combined, and C is the net value of collateral for the netting set, after application of relevant haircuts. (In the CCR Standards, the quantity V-C is referred to as the Net Current Value, or NCV.)
18.For margined transactions, the calculation becomes:
RC = max(V − C; TH + MTA − NICA; 0)

where TH is the threshold level of variation that would require a transfer of collateral, MTA is the minimum transfer amount of the collateral, and NICA is the Net Independent Collateral Amount equal to the difference between the value of any independent collateral posted by a counterparty and any independent collateral posted by the bank for that counterparty, excluding any collateral that the bank has posted to a segregated, bankruptcy remote account.
19.When determining the RC component of a netting set, the netting contract must not contain any clause which, in the event of default of a counterparty, permits a non-defaulting counterparty to make limited payments only, or no payments at all, to the estate of the defaulting party, even if the defaulting party is a net creditor.

B. Netting
20.The Standards requires that a bank should apply netting only when it can satisfy the Central Bank that netting is appropriate, according to the specific requirements established in the Standards. Banks should recognize that this requirement would likely be difficult to meet in the case of trades conducted in jurisdictions lacking clear legal recognition of netting, which at present is the case in the UAE.
21.If netting is not recognized, then netting sets still should be used for the calculation. However, since each netting set must contain only trades that can be netted, each netting set is likely to consist of a single transaction. The calculations of EAD can still be performed, although they simplify considerably.
22.Note that there may be more than one netting set for a given counterparty. In that case, the CCR calculations should be performed for each netting set individually. The individual netting set calculations can be aggregated to the counterparty level for reporting or other purposes.

C. PFE Multiplier
23.For the multiplier of the PFE component, when the collateral held is less than the net market value of the derivative contracts (“under-collateralization”), the current replacement cost is positive and the multiplier is equal to one (i.e. the PFE component is equal to the full value of the aggregate add-on). Where the collateral held is greater than the net market value of the derivative contracts (“over-collateralization”), the current replacement cost is zero and the multiplier is less than one (i.e. the PFE component is less than the full value of the aggregate add-on).

D. Supervisory Duration

24.The Supervisory Duration calculation required in the Standards is in effect the present value of a continuous-time annuity of unit nominal value, discounted at a rate of 5%. The implied annuity is received between dates S and E (the start date and the end date, respectively), and the present value is taken to the current date.

25.For interest rate and credit derivatives, the supervisory measure of duration depends on each transaction’s start date S and end date E. The following Table presents example transactions and illustrates the values of S and E, expressed in years, which would be associated with each transaction, together with the maturity M of the transaction.

Instrument	M	S	E
Interest rate or credit default swap maturing in 10 years	10	0	10
10-year interest rate swap, forward starting in 3 years	13	3	13
Forward rate agreement for time period starting in 125 days and ending in one year	1	0.5	1
Cash-settled European swaption referencing 5-year interest rate swap with exercise date in 125 days	0.5	0.5	5.5
Physically-settled European swaption referencing 5-year interest rate swap with exercise date in 125 days	5.5	0.5	5.5
Interest rate cap or floor specified for semi-annual interest with maturity 6 years	6	0	6
Option on a 5-year maturity bond, with the last possible exercise date in 1 year	1	1	5
3-month Eurodollar futures maturing in 1 year	1	1	1.25
Futures on 20-year bond maturing in 2 years	2	2	22
6-month option on 2-year futures on a 20-year bond	2	2	22

26.Note there is a distinction between the period spanned by the underlying transaction and the remaining maturity of the derivative contract. For example, a European interest rate swaption with expiry of 1 year and the term of the underlying swap of 5 years has S=1 year and E=6 years. An interest rate swap, or an index CDS, maturing in 10 years has S=0 years and E=10 years. The parameters S and E are only used for interest rate derivatives and credit-related derivatives.

E. Aggregation of Maturity Category Effective Notional Amounts
27.The Standards allows banks to choose between two options for aggregating the effective notional amounts that are calculated for each maturity category for interest rate derivatives. The primary formula is the following:

28.In this formula, D1 is the effective notional amount for maturity category 1, D2 is the effective notional amount for maturity category 2, and D3 is the effective notional amount for maturity category 3. As defined in the Standards, maturity category 1 is less than one year, maturity category 2 is one to five years, and maturity category 3 is more than five years.
29.As an alternative, the bank may choose to combine the effective notional values as the simple sum of the absolute values of D1, D2, and D3 within a hedging set, which has the effect of ignoring potential diversification benefits. That is, as an alternative to the calculation above, the bank may calculate:
|D1| + |D2| + |D3|

This alternative is a simpler calculation, but is more conservative in the sense that it always produces a larger result. To see this, note that the two calculations would give identical results only if the values 1.4 and 0.6 in the first formula are replaced with the value 2.0. Since the actual coefficient values are smaller than 2.0, the first formula gives a smaller result than the second formula. Choosing the second formula is equivalent to choosing to use the first formula with the 1.4 and 0.6 values replaced by 2.0, increasing measured CCR exposure and therefore minimum required capital.

F. Maturity Factor
30.Note that the Standards requires the use of a standard 250-day trading or business year for the calculation of the maturity factor and the MPOR. The view of the Central Bank is that a single, standardised definition of one year for this purpose will enhance comparability across banks and over time. However, the BCBS has indicated that the number of business days used for the purpose of determining the maturity factor be calculated appropriately for each transaction, taking into account the market conventions of the relevant jurisdiction. If a bank believes that use of a different definition of one year is appropriate, or would significantly reduce its compliance burden, the bank may discuss the matter with bank supervisors.

G. Delta Adjustment

31.Supervisory delta adjustments reflect the fact that the notional value of a transaction is not by itself a good indication of the associated risk. In particular, exposure to future market movements depends on the direction of the transaction and any non-linearity in the structure.

32.With respect to direction, a derivative may be long exposure to the underlying risk factor (price, rate, volatility, etc.), in which case the value of the derivative will move in the same direction as the underlying – gaining value with increases, losing value with decreases – and the delta is positive to reflect this relationship. The alternative is that a derivative may be short exposure to the underlying risk factor, in which case the value of the derivative moves opposite to the underlying – losing value with increases, and gaining value with decreases – and thus the delta is negative.

33.The non-linearity effects are prominent with transactions that involve contingent payoffs or option-like elements. Options and CDOs are notable examples. For such derivative transactions, the impact of a change in the price of the underlying instrument is not linear or one-for-one. For example, with an option on a foreign currency, when the exchange rate changes by a given amount, the change in the value of the derivative – the option contract – will almost always be less than the change in the exchange rate. Moreover, the amount by which the change is less than one-for-one will vary depending on a number of factors, including the current exchange rate relative to the exercise price of the option, the time remaining to expiration of the option, and the current volatility of the exchange rate. Without an adjustment for that difference, the notional amounts alone would be misleading indications of the potential for counterparty credit risk.

34.The supervisory delta adjustments for all derivatives are presented in the table below, which is repeated from the CCR Standards. These adjustments are defined at the trade level, and are applied to the adjusted notional amounts to reflect the direction of the transaction and its non-linearity.

35.Note that the supervisory delta adjustments for the various option transactions are closely related to the delta from the widely used Black-Scholes model of option prices, although the risk-free interest rate – which would ordinarily appear in this expression – is not included. In general, banks should use a forward price or rate, ideally reflecting any interim cash flows on the underlying instrument, as P in the supervisory delta calculation.

36.The expression for the supervisory delta adjustment for CDOs is based on attachment and detachment points for any tranche of the CDO. The precise specification (including the values of the embedded constants of 14 and 15) is the result of an empirical exercise conducted by the Basel Committee on Banking Supervision to identify a relatively simple functional form that would provide a sufficiently close fit to CDO sensitivities as reported by a set of globally active banks.

Supervisory Delta Adjustments

Type of Derivative Transaction	Supervisory Delta Adjustment
Purchased Call Option	F
Purchased Put Option	F-1
Sold Call Option	-F
Sold Put Option	1-F
Purchased CDO Tranche (Long Protection)	G
Sold CDO Tranche (Short Protection)	-G
Any Other Derivative Type, Long in the Primary Risk Factor	+1
Any Other Derivative Type, Short in the Primary Risk Factor	-1

Definitions

For options:

In this expression, P is the current forward value of the underlying price or rate, K is the exercise or strike price of the option, T is the time to the latest contractual exercise date of the option, σ is the appropriate supervisory volatility from Table 2, and Φ is the standard normal cumulative density function. A supervisory volatility of 50% should be used on swaptions for all currencies.

For CDO tranches:

In this expression, A is the attachment point of the CDO tranche and D is the detachment point of the CDO tranche.

H. Complex Derivatives
37.The Standards requires that complex trades with more than one risk driver (e.g. multi-asset or hybrid derivatives) must be allocated to more than one asset class when the material risk drivers span more than one asset class. The full amount of the trade must be included in the PFE calculation for each of the relevant asset classes. Asset-class allocation of complex derivatives is a point of national discretion in the Basel framework, and the Central Bank believes that requiring banks to identify such trades and allocate them accordingly places appropriate responsibility on banks that choose to engage in such trades.
38.Examples of derivatives that reference the basis between two risk factors and are denominated in a single currency (basis transactions) include three-month Libor versus six-month Libor, three-month Libor versus three-month T-Bill, one-month Libor versus OIS rate, or Brent Crude oil versus Henry Hub gas. These examples are provided as illustrations, and do not represent an exhaustive list.
39.Hedging sets for derivatives that reference the volatility of a risk factor (volatility transactions) must follow the same hedging set construction outlined in the Standards for derivatives in that asset class; for example, all equity volatility transactions form a single hedging set. Examples of volatility transactions include variance and volatility swaps, or options on realized or implied volatility.

I. Unrated Reference Assets
40.The supervisory factor for credit derivatives depends on the credit rating of the underlying reference asset. The Basel framework does not provide a specific treatment of unrated reference assets. The Central Bank believes that credit derivatives on unrated reference entities are likely to be rare. However, for the sake of completeness, the Standards requires that any such credit derivatives be treated in a manner that is broadly consistent with the treatment of unrated entities in other aspects of the risk-based capital framework, through use of a Supervisory Factor corresponding to BBB or BB ratings as described in the Standards.
41.For an entity for which a credit rating is not available, a bank should use the Supervisory Factor corresponding to BBB. However, where the exposure is associated with an elevated risk of default, the bank should use the Supervisory Factor for BB. In this context, “elevated risk of default” should also be understood to include instances in which it is difficult or impossible to assess adequately whether the exposure has high risk of loss due to default by the obligor. A bank trading credit derivatives referencing unrated entities should conduct their own analysis to examine this risk.

J. Commodity Derivatives
42.Note that the Standards defines the term “commodity type” for purposes of calculation of exposure for CCR. A commodity type is defined as a set of commodities with broadly similar risk drivers, such that the prices or volatilities of commodities of the same commodity type may reasonably be expected to move with similar direction and timing and to bear predictable relationships to one another. For example, a commodity type such as coal might include several types of coal, and a commodity type such as oil might include oil of different grades from different sources. The prices of commodities of a given type may not move precisely in lock step, but they are likely to move in the same direction at roughly the same time, due to their dependence on common forces in commodity markets. Long and short trades within a single commodity type can be fully offset.
43.For commodity derivatives, defining individual commodity types is operationally difficult. In fact, it is generally not possible to fully specify all relevant distinctions between commodity types, and as a result, a single commodity type is likely to include individual commodities that in practice differ to some extent in the dynamic behaviour they exhibit. As a result, not all basis risk is likely to be captured. Nonetheless, banks should attempt to minimize unrecognized basis risk through sound definitions of commodity types.
44.The Standards requires a bank to establish appropriate governance processes for the creation and maintenance of the list of defined commodity types used by the bank for CCR calculations, with clear definitions and independent internal review or validation processes to ensure that commodities grouped as a single type are in fact similar. A bank can only use the specifically defined commodity types it has established through its adequately controlled internal processes.
45.Trades within the same commodity hedging set (Energy, Metals, Agriculture, and Other) enjoy partial offsetting through the use of correlation values established in the Standards, with correlation values varying by asset subclass. More specifically, partial offsetting applies only to the systematic component, not the issuer-specific or idiosyncratic component. Note that Electricity is a sub-class of the Commodity asset class, but is itself part of the broader Energy hedging set, rather than constituting a distinct hedging set.

K. Single-Name and Index Derivatives
46.For credit derivatives, there is one credit reference entity for each reference debt instrument that underlies a single-name transaction allocated to the credit risk category. Single-name transactions should be assigned to the same credit reference entity only where the underlying reference debt instrument of those transactions is issued by the same issuer.
47.The approach for establishing the reference entity for equity derivatives should correspond to the general approach for credit derivatives.
48.For credit derivatives with indices as the underlying instrument, there should be one reference entity for each group of reference debt instruments or single-name credit derivatives that underlie a multi-name transaction. Multi-name transactions should be assigned to the same credit reference entity only where the group of underlying reference debt instruments or single-name credit derivatives of those transactions has the same constituents. The determination of whether an index is investment grade or speculative grade should be based on the credit quality of the majority of its individual constituents.
49.Again, the approach for equity index derivatives should follow the general approach for credit index derivatives.

L. Special Cases of Margin Agreements
50.When multiple margin agreements apply to a single netting set, the netting set should be broken down into sub-netting sets that align with the respective margin agreement for calculating both RC and PFE.
51.When a single margin agreement applies to multiple netting sets, RC at any given time is determined by the sum of two terms. The first term is equal to the un-margined current exposure of the bank to the counterparty aggregated across all netting sets within the margin agreement reduced by the positive current net collateral (i.e. collateral is subtracted only when the bank is a net receiver of collateral). The second term is non-zero only when the bank is a net poster of collateral: it is equal to the current net posted collateral (if there is any) reduced by the un-margined current exposure of the counterparty to the bank aggregated across all netting sets within the margin agreement. Net collateral available to the bank should include both VM and NICA. Mathematically, RC for the entire margin agreement is:

where the summation NS ∈ MA is across the netting sets covered by the margin agreement (hence the notation), V_NS is the current mark-to-market value of the netting set NS and C_MA is the cash equivalent value of all currently available collateral under the margin agreement.
52.An alternative description of this calculation is as follows:
Step 1: Compute the net value, positive or negative, of each netting set. These calculated values correspond to the terms V_NS in the expression above.
Step 2: Sum the values of all netting sets with positive value, to get Total Positive Value (TPV). This corresponds to the term in the expression above:

Step 3: Sum the values of all of netting sets with negative value, to get Total Negative Value (TNV). This corresponds to the term in the expression above:

Step 4: Calculate the net current cash value of collateral, including NICA and VM. This corresponds to the term C_MA in the expression above. If the bank is net holder of collateral, then C_MA is positive; it is the net value held (NVH). If the bank is a net provider of collateral, then C_MA is negative, and its absolute value is the net value provided (NVP). Note that either NVH>0 and NVP=0, or NVP>0 and NVH=0.
One of the following cases then applies:
Step 5a: If NVH>0 (so NVP=0), then RC = TPV – NVH, but with a minimum of zero – that is, RC cannot be negative.

or

Step 5b: If NVH=0 (so NVP>0), then RC = TPV + NVP – TNV, but with a minimum of TPV – that is, RC cannot be less than TPV.

53.To calculate PFE when a single margin agreement applies to multiple netting sets, netting set level un-margined PFEs should be calculated and aggregated, i.e. PFE should be calculated as the sum of all the individual netting sets considered as if they were not subject to any form of margin agreement.

III. Summary of the EAD Calculation Process
The following diagram provides a visual summary of the CCR calculation of EAD for derivatives, based on replacement cost and potential future exposure.

IV. Frequently Asked Questions

A. Netting
Question A1: Does a bank need written approval for each netting agreement it has in place, or will the Central Bank provide a list of pre-approved jurisdictions or counterparties?
The bank should establish an internal process that considers the factors identified in the Standards. That process should be subject to internal review and challenge per the Standards. The Central Bank will review the identification of netting sets as part of the supervisory process, and notify the bank of any determinations that netting is not appropriate. The Central Bank will not provide a list of pre-approved jurisdictions or counterparties.
Question A2: Do amendments to existing netting agreements require approval from the Central Bank?
Amendments that do not raise new questions about the validity of netting need not be raised to the Central Bank for consideration.
Question A3: What if netting is not valid? Can netting sets still be used for the calculation?
If the requirements of the Standards for recognition of netting are not satisfied, then each transaction is its own netting set – a netting set consisting of a single transaction – and many of the calculations are much simpler.
Question A4: Is use of the standard ISDA agreement sufficient to apply netting?
No, use of the standard ISDA agreement is not in itself sufficient to demonstrate that netting is valid and legally enforceable in the relevant jurisdictions under the requirements of the Standards.
Question A5: Can we treat trades with a UAE counterparty (UAE Bank or Foreign Bank operating in the UAE) having a signed ISDA / CSA as a netting set even though the UAE is not a netting jurisdiction?
No, as noted above, use of the standard ISDA agreement is not in itself sufficient to demonstrate that netting is valid and legally enforceable in the relevant jurisdictions under the requirements of the Standards, and is not a replacement for a determination regarding the legal enforceability of netting.
Question A6: If there is no netting agreement of any sort in place, what would the treatment be for trades with negative mark to market? Will they be included or excluded from the exposure calculation?
Trades with negative value have RC=0, but still have counterparty credit risk, which will be reflected in the calculation of the PFE component of exposure.

B. Collateral
Question B1: What haircuts should be applied to collateral for the calculations of exposure net of collateral?
Banks should apply the standard supervisory haircuts from the capital framework.
Question B2: If a counterparty places initial cash margin against a derivatives facility, but has no signed ISDA / CSA in place, can this cash margin be considered as collateral for Replacement Cost calculations?
Yes, provided the arrangement allows the bank to retain the cash in the event of a default by the counterparty.
Question B3: Can collateral received under a CSA be considered as part of the RC calculation in absence of a netting agreement?
Yes. Note that in the absence of netting, the netting set would consist of a single trade and any collateral corresponding to that trade.

C. Classification of Trades
Question C1: For a currency swap involving principal and interest exchange, since there is exchange rate risk in addition to interest rate risk, do we need to assign the notional to both the currency and interest rate classes?
Yes, derivatives with exposure to more than one primary risk factor should be allocated to all relevant asset classes for the PFE calculation, so this transaction should be included in its full amount in both the Foreign Exchange hedging set and the Interest Rate hedging set.
Question C2: In a cross-currency swap with principal exchange at the beginning and at the end, and with fixed-rate to fixed-rate interest exchange so that there is no interest rate risk, should this trade be included only in the foreign currency category?
Yes, it should be treated as FX exposure.
Question C3: Is there any prescribed PFE treatment for a derivative such as a weather derivative?
Derivatives with "unusual" underlying such as weather or mortality are included in the "Other" hedging set within the Commodity asset class.
Question C4: Can trades with gold as the underlying asset be treated as currency derivatives?
No. Although gold often has been grouped with foreign exchange historically, for the CCR Standards it is to be treated as a metal within the commodity asset class.

D. Supervisory Delta Adjustment
Question D1: What is the Supervisory Delta for FX Swaps and FX Forwards?
These are linear contracts, so the Supervisory Delta is either +1 (for long positions) or -1 (for short positions).
Question D2: The Standards states that the Supervisory Delta for a short position (one that is not an option or CDO) should be -1. However, if netting is not permitted, should the Supervisory Delta be set to +1 for all the short (as well as the long) positions?
In principle, the Supervisory Delta should be -1 if the position is short. However, in the case of a single-trade netting set, there is no possibility of offsetting, so the sign of the Supervisory Delta does not affect the calculation.
Question D3: In the case of an option strategy such as a straddle or strangle involving more than one type of option (e.g. a long call and a long put), which Supervisory Delta should be used?
In the case of positions that involve combinations of options, the position should be decomposed into its simpler option components, appropriate Supervisory Deltas determined for each component, and the weighted average Supervisory Delta applied to the position as a whole.
Question D4: In the case of an option strategy involving multiple options with only one leg having a possibility of exercise, can we consider this structure as a "short" position if we are net receiver of the premium and a "long" position if we are net payer of premium?
As noted above, in the case of positions that involve combinations of options, the position should be decomposed into its simpler option components, appropriate Supervisory Deltas determined for each component, and the weighted average Supervisory Delta applied to the position as a whole. In this case, some of the Supervisory Deltas would be positive, and some would be negative. The sign of the overall Supervisory Delta would depend on the relative size of the positions, and the associated magnitude (in absolute value) of the deltas.
Question D5: Should the same set of Supervisory Deltas be used in the case of path dependent options such as barrier options, or other complex options? For such products, the simple option delta formula may not be appropriate.
Banks should apply the standardised formulas for the CCR calculations, including the Supervisory Delta adjustment for all options. Note that use of a single, simplified formula for the Supervisory Delta for options is a feature of the Standardised Approach. Like all standardised approaches, the SA-CCR involves numerous trade-offs between precision and simplicity. Many other aspects of the Standardised Approach use approximations, such as the assumption that a single correlation should be used for all commodity derivatives, or the use of a single volatility for all FX options. Banks should certainly use more analytically appropriate deltas for internal purposes such as valuation and risk management.

E. Hedging Sets
Question E1: Can different floating rates within the same base currency be included in single hedging set?
Yes, for interest rate derivatives, all rates within one base currency should be included in a single hedging set.
Question E2: Is it possible to determine a hedging set in the absence of a netting set?
Yes, without a netting set, the hedging set would consist of a single transaction, and the add-on would be simply the effective notional amount of that one transaction.

F. Maturity and Supervisory Duration
Question F1: For Supervisory Duration, should S and E be based on original maturity or residual maturity?
Calculation of S and E should be computed relative to the current date, not the date at which the trade was initiated; hence, they are most similar to residual maturity.
Question F2: When calculating the remaining maturity in business days, should we follow the business calendar given in the master agreement, or the business calendar within the jurisdiction in which the bank is operating?
The Basel Committee has provided guidance that the number of business days used for the purpose of determining the maturity factor must be calculated appropriately for each transaction, taking into account the market conventions of the relevant jurisdiction. The Central Bank follows this approach as well.
Question F3: What is the maturity factor if the remaining maturity is greater than 250 business days?
In that case, the maturity factor for the CCR calculations is equal to 1.0.
Question F4: What would be the maturity of a derivative with multiple exchanges of notional over a period of time?
The maturity date is the date of the final exchange or payment under the contract.
Question F5: What is the Maturity Factor for deals such as callable range accruals where the call date is less than 1 year, but the deal maturity is more than 1 year?
Since the deal maturity is more than one year, the Maturity Factor would be equal to 1.0.

G. Other
Question G1: For certain capital calculations in the past, exchange rate contracts with an original maturity of 14 calendar days or less were excluded from certain capital requirements. Is that applicable for the CCR Standards?
No, all in-scope exchange rate contracts must be included, regardless of original or remaining maturity.
Question G2: A single hedging set might include derivatives on underlying rates, prices, or entities that span different Basel categories (e.g. corporates, financials, sovereigns); do these need to be calculated separately in order to compute and report RWA in the format required by the reporting template?
No, the risk-weight, and the category for reporting in the Central Bank’s template, depends on the nature of the counterparty, not the nature of the underlying reference asset. The counterparty for any netting set will fall into one and only one category for risk weighting and for reporting.
Question G3: For a variable notional swap, how should the average notional be calculated?
Use the time-weighted average notional in the CCR calculations.
Question G4: Should the current spot rate be used to compute adjusted notional?
Yes, the current spot rate should be used.
Question G5: Bank ask in case of calculating discounted counterparty exposure is a double count and will inflate CVA Capital charge given SA-CCR EAD already factors in maturity adjustment while computing adjusted notional which is product of trade notional & supervisory duration?
The use of the discount factor in the CVA capital charge does not result in double counting. While there is superficial similarity between the supervisory duration (SD) adjustment in SA-CCR and the discount factor (DF) in CVA, they are actually capturing different aspects of risk exposure. The use of SD in SA-CCR adjusts the notional amount of the derivatives to reflect its sensitivity to changes in interest rates, since longer-term derivatives are more sensitive to rate changes than are shorter-term derivatives. In contrast, the use of DF in the CVA calculation reflects the fact that a bank is exposed to CVA risk not only during the first year of a derivative contract, but over the life of the contract; the DF term recognizes the present value of the exposure over the life of the contract. Thus, these two factors, although they have similar functional forms and therefore appear somewhat similar, are not in fact duplicative.

V. Illustrations of EAD Calculations

A. Illustration 1

Consider a netting set with three interest rates derivatives: two fixed versus floating interest rate swaps and one purchased physically settled European swaption. The table below summarizes the relevant contractual terms of the three derivatives. All notional amounts and market values in the table are given in USD. We also know that this netting set is not subject to a margin agreement and there is no exchange of collateral (independent amount/initial margin) at inception.

Trade #	Nature	Residual maturity	Base currency	Notional (thousands)	*Pay Leg ()**	*Receive Leg ()**	Market value (thousands)
1	Interest rate swap	10 years	USD	10,000	Fixed	Floating	30
2	Interest rate swap	4 years	USD	10,000	Floating	Fixed	-20
3	European swaption	1 into 10 years	EUR	5,000	Floating	Fixed	50

(*) For the swaption, the legs are those of the underlying swap.

The EAD for un-margined netting sets is given by:

EAD = 1.4 * (RC + PFE)

1. Replacement Cost Calculation
The replacement cost is calculated at the netting set level as a simple algebraic sum (floored at zero) of the derivatives’ market values at the reference date. Thus, using the market values indicated in the table (expressed in thousands):
RC = max {V - C; 0} = max {30 - 20 + 50; 0} = 60

Since V-C is positive (equal to V of 60,000), the value of the multiplier is 1, as explained in the Standards.

2. Potential Future Exposure Calculation

All the transactions in the netting set belong to the interest rate asset class. So the Add-on for interest rate class must be calculated as well as the multiplier since

PFE = multiplier × Add-on_agg

For the calculation of the interest rate add-on, the three trades must be assigned to a hedging set (based on the currency) and to a maturity category (based on the end date of the transaction). In this example, the netting set is comprised of two hedging sets, since the trades refer to interest rates denominated in two different currencies (USD and EUR). Within hedging set “USD”, Trade 1 falls into the third maturity category (>5 years) and Trade 2 falls into the second maturity category (1-5 years). Trade 3 falls into the third maturity category (>5 years) of hedging set “EUR”.

S and E represent the start date and end date, respectively, of the time period referenced by the interest rate transactions.

Trade #	Hedging set	Time bucket	Notional (thousands)	S	E
1	USD	3	10,000	0	10
2	USD	2	10,000	0	4
3	EUR	3	5,000	1	11

The following table illustrates the steps typically followed for the add-on calculation:

Steps	Activities
1. Calculate Effective Notional	Calculate supervisory duration Calculate trade-level adjusted notional as trade notional (in domestic currency) × supervisory duration Effective notional for each maturity category = Σ(trade-level adjusted notional × supervisory delta × maturity factor), with full offsetting for each of the three maturity categories, in each hedging set (that is, same currency)
2. Apply Supervisory Factors	Add-on for each maturity category in a hedging set (that is, same currency) = Effective Notional Amount for maturity category × interest rate supervisory factor
3. Apply Supervisory Correlations	Add-on for each hedging set = Σ(Add-ons for maturity categories), aggregating across maturity categories for a hedging set. One hedging set for each currency.
4. Aggregate	Simple summation of the add-ons for the different hedging sets

Calculate Effective Notional Amount

The adjusted notional of each trade is calculated by multiplying the notional amount by the calculated supervisory duration SD as defined in the Standards.

d = Trade Notional × SD = Trade Notional × (exp(-0.05×S) – exp(-0.05 × E)) / 0.05

Trade	Notional Amount	Time Bucket	S	E	Supervisory Duration SD	Adjusted Notional d
Trade 1	10,000,000	3	0	10	7.869386806	78,693,868.06
Trade 2	10,000,000	2	0	4	3.625384938	36,253,849.38
Trade 3	5,000,000	3	1	11	7.485592282	37,427,961.41

Calculate Maturity Category Effective Notional

A supervisory delta is assigned to each trade in accordance with the Standards. In particular:

•Trade 1 is long in the primary risk factor (the reference floating rate) and is not an option so the supervisory delta is equal to 1.
•Trade 2 is short in the primary risk factor and is not an option; thus, the supervisory delta is equal to -1.
•Trade 3 is an option to enter into an interest rate swap that is short in the primary risk factor and therefore is treated as a purchased put option. As such, the supervisory delta is determined by applying the relevant formula using 50% as the supervisory option volatility and 1 (year) as the option exercise date. Assume that the underlying price (the appropriate forward swap rate) is 6% and the strike price (the swaption’s fixed rate) is 5%.

The trade-level supervisory delta is therefore:

Trade	Delta	nstrument Type
Trade 1	1	inear, long (forward and swap)
Trade 2	-1	inear, short (forward and swap)
Trade 3		purchased put option

The Maturity Factor MF is 1 for all the trades since they are un-margined and have remaining maturities in excess of one year.

Based on the maturity categories, the Effective Notional D for the USE and EUR hedging sets at the level of the maturity categories are as shown in the table below:

Hedging Set	Time Bucket	Adjusted Notional	Supervisory Delta	Maturity Factor	Maturity category-level Effective Notional D
HS 1 (USD)	3	78,693,868	1	1	78,693,868
HS 1 (USD)	2	36,253,849	-1	1	-36,253,849
HS 2 (EUR)	3	37,427,961	-0.27	1	-10,105,550

In particular:

Hedging set USD, time bucket 3: D = 1 * 78,693,868 * 1 = 78,693,868

Hedging set USD, time bucket 2: D = -1 * 36,253,849 * 1 = -36,253,849

Hedging set EUR, time bucket 3: D = -0.27 * 37,427,961 * 1 = -10,105,550

Apply Supervisory Factor

The add-on must be calculated for each hedging set.

For the USD hedging set there is partial offset between the two USD trades:

Effective notional^(IR) _USD ₌ [D2² + D3² + 1.4 x D2 x D3]^1/2

= [(-36,253,849)² + 78,693,868² + 1.4 × (-36,253,849) × 78,693,868]^1/2

= 59,269,963

For the Hedging set EUR there is only one trade (and one maturity category):

Effective notional^(IR)_EUR = 10,105,550

In summary:

Hedging set	Time Bucket	Maturity category-level Effective Notional D_j,k	Hedging Set level Effective Notional D_j,k ^(IR)
HS 1 (USD)	3	78,693,868	59,269,963 (Partial offset)
HS 1 (USD)	2	-36,253,849	59,269,963 (Partial offset)
HS 2 (EUR)	3	-10,105,550	10,105,549.58

Aggregation of the calculated add-ons across different hedging sets:

Effective Notional^(IR) = 59,269,963 + 10,105,550 = 69,375,513

(No offset between hedging sets)

The asset class is interest rates; thus the applicable Supervisory factor is 0.50%. As a result:

Add-on = SF × Effective Notional = 0.005 × 69,375,513 = 346,878

Supervisory Correlation Parameters

Correlation is not applicable to the interest rate asset class, and there is no other asset class in the netting set in this example.

Add-on Aggregation

For this netting set, the interest rate add-on is also the aggregate add-on because there are no trades assigned to other asset classes. Thus, the aggregate add-on = 346,878

Multiplier

The multiplier is given by:

multiplier = min { 1; Floor+(1-Floor) × exp [(V-C) /(2 ×(1-Floor)×Add-on_agg)]}

= min {1; 0.05 + 0.95 × exp [60,000 / (2 × 0.95 × 346,878]}

Final Calculation of PFE

In this case the multiplier is equal to one, so the PFE is the same as the aggregate Add-On:

PFE = multiplier × Add-on_agg = 1 × 346,878 = 346,878

3. EAD Calculation
The exposure EAD to be risk weighted for counterparty credit risk capital requirements purposes is therefore
EAD = 1.4 * (RC + PFE) = 1.4 x (60,000 + 346,878) = 569,629

B. Illustration 2

Consider a netting set with three credit derivatives: one long single-name CDS written on Firm A (rated AA), one short single-name CDS written on Firm B (rated BBB), and one long CDS index (investment grade). All notional amounts and market values are denominated in USD. This netting set is not subject to a margin agreement and there is no exchange of collateral (independent amount/initial margin) at inception. The table below summarizes the relevant contractual terms of the three derivatives.

Trade #	Nature	Reference entity / index name	Rating reference entity	Residual maturity	Base currency	Notional (thousands)	Position	Market value (thousands)
1	Single-name CDS	Firm A	AA	3 years	USD	10,000	Protection buyer	20
2	Single-name CDS	Firm B	BBB	6 years	EUR	10,000	Protection seller	-40
3	CDS index	CD X.IG	Investment grade	5 years	USD	10,000	Protection buyer	0

According to the Standards, the EAD for un-margined netting sets is given by:

EAD = 1.4 * (RC + PFE)

1. Replacement Cost Calculation
The replacement cost is calculated at the netting set level as a simple algebraic sum (floored at zero) of the derivatives’ market values at the reference date. Thus, using the market values indicated in the table (expressed in thousands):
RC = max {V - C; 0} = max {20 - 40 + 0; 0} = 0

Since V-C is negative (i.e. -20,000), the multiplier will be activated (i.e. it will be less than 1). Before calculating its value, the aggregate add-on needs to be determined.

2. Potential Future Exposure Calculation

The following table illustrates the steps typically followed for the add-on calculation:

Steps	Activities
1. Calculate Effective Notional	Calculate supervisory duration Calculate trade-level adjusted notional = trade notional (in domestic currency) × supervisory duration Calculate trade-level effective notional amount = trade-level adjusted notional × supervisory delta × maturity factor Calculate effective notional amount for each entity by summing the trade-level effective notional amounts for all trades referencing the same entity (either a single entity or an index) with full offsetting
2. Apply Supervisory Factors	Add-on for each entity in a hedging set = Entity-level Effective Notional Amount × Supervisory Factor, which depends on entity’s credit rating (or investment/speculative for index entities)
3. Apply Supervisory Correlations	Entity-level add-ons are divided into systematic and idiosyncratic components weighted by the correlation factor
4. Aggregate	Aggregation of entity-level add-ons with full offsetting in the systematic component and no offsetting in the idiosyncratic component

Effective Notional Amount

The adjusted notional of each trade is calculated by multiplying the notional amount with the calculated supervisory duration SD specified in the Standards.

d= Trade Notional × SD = Trade Notional × {exp(-0.05×S) – exp(-0.05 × E)} / 0.05

Trade	Notional Amount	S	E	Supervisory Duration SD	Adjusted Notional d
Trade 1	10,000,000	0	3	2.785840471	27,858,405
Trade 2	10,000,000	0	6	5.183635586	51,836,356
Trade 3	10,000,000	0	5	4.423984339	44,239,843

The appropriate supervisory delta must be assigned to each trade: in particular, since Trade 1 and Trade 3 are long in the primary risk factor (CDS spread), their delta is 1; in contrast, the supervisory delta for Trade 2 is -1.

Trade	Delta	Instrument Type
Trade 1	1	linear, long (forward and swap)
Trade 2	-1	linear, short (forward and swap)
Trade 3	1	linear, long (forward and swap)

Thus, the entity-level effective notional is equal to the adjusted notional times the supervisory delta times the maturity factor (where the maturity factor is 1 for all three derivatives).

Trade	Adjusted Notional	Supervisory Delta	Maturity Factor	Entity Level Effective Notional
Trade 1	27,858,405	1	1	27,858,405
Trade 2	51,836,356	-1	1	-51,836,356
Trade 3	44,239,843	1	1	44,239,843

Supervisory Factor

The add-on must now be calculated for each entity. Note that all derivatives refer to different entities (single names/indices). A supervisory factor is assigned to each single-name entity based on the rating of the reference entity, as specified in Table 1 in the relevant Standards. This means assigning a supervisory factor of 0.38% for AA-rated firms (Trade 1) and 0.54% for BBB-rated firms (for Trade 2). For CDS indices (Trade 3), the supervisory factor is assigned according to whether the index is investment or speculative grade; in this example, its value is 0.38% since the index is investment grade.

Asset Class	Subclass	ρ	SF
Credit, Single Name	AA	50%	0.38%
Credit, Single Name	BBB	50%	0.54%
Credit, Index	IG	80%	0.38%

Thus, the entity level add-ons are as follows:

Add-on(Entity) = SF × Effective Notional

Trade	Effective Notional	Supervisory factor SF	Add-on (Entity)
Trade 1	27,858,405	0.38%	105,862
Trade 2	-51,836,356	0.54%	-279,916
Trade 3	44,239,843	0.38%	168,111

Supervisory Correlation Parameters

The add-on calculation separates the entity level add-ons into systematic and idiosyncratic components, which are combined through weighting by the correlation factor. The correlation parameter ρ is equal to 0.5 for the single-name entities (Trade 1-Firm A and Trade 2-Firm B) and 0.8 for the index (Trade 3-CDX.IG) in accordance with the requirements of the Standards.

Add-on^(Credit) = [ [ ∑_k ρ_k ^CR × Add-on (Entity_k) ]² + ∑_k (1- (ρ_k ^CR)²) × (Add-on (Entity_k))²]^1/2

Trade	ρ	Add-on(Entity_k)	ρ × Add-on(Entity_k)	(1 – ρ²)	(1 – ρ²) × (Add-on(Entity_k))²
Trade 1	50%	105,862	52,931	0.75	8,405,062,425
Trade 2	50%	-279,916	-139,958	0.75	58,764,860,350
Trade 3	80 %	168,111	134,489	0.36	10,174,120,000
Systematic Component			47,462	Idiosyncratic Component	77,344,042,776
Full offsetting				No offsetting

Add-on Aggregation

For this netting set, the interest rate add-on is also the aggregate add-on because there are no trades assigned to other asset classes. Thus, the aggregate add-on = 346,878

Aggregation of entity-level add-ons with full offsetting in the systematic component and no offsetting benefit in the idiosyncratic component.

Systematic Component	47,462
Idiosyncratic Component	77,344,042,776

Thus,

Add-on = [ (47,462)² + 77,344,042,776 ]^1/2 = 282,129

Multiplier

The multiplier is given by

multiplier = min {1; Floor+(1-Floor) × exp [(V-C)/(2×(1-Floor)×Add-on_agg)]}

= min {1; 0.05 + 0.95 × exp [-20,000 / (2 × 0.95 × 282,129)]}

=0.96521

Final Calculation of PFE

PFE = multiplier × Add-on_agg = 0.96521 × 282,129= 272,313

3. EAD Calculation
The exposure that would be risk-weighted for the purpose of counterparty credit risk capital requirements is therefore:
EAD = 1.4 * (RC + PFE) = 1.4 x (0 + 272,313) = 381,238

C. Illustration 3

Consider a netting set with three commodity forward contracts. All notional amounts and market values are denominated in USD. This netting set is not subject to a margin agreement and there is no exchange of collateral (independent amount/initial margin) at inception. The table below summarizes the relevant contractual terms of the three commodity derivatives.

Trade #	Nature	Underlying	Position	Direction	Residual maturity	Notional (thousands)	Market value (thousands)
1	Forward	(WTI) Crude Oil	Protection Buyer	Long	9 months	10,000	-50
2	Forward	(Brent) Crude Oil	Protection Seller	Short	2 years	20,000	-30
3	Forward	Silver	Protection Buyer	Long	5 years	10,000	100

1. Replacement Cost Calculation
The replacement cost is calculated at the netting set level as a simple algebraic sum (floored at zero) of the derivatives’ market values at the reference date, provided that value is positive. Thus, using the market values indicated in the table (expressed in thousands):
RC = max {V - C; 0} = max {100 - 30 - 50; 0} = 20

The replacement cost is positive and there is no exchange of collateral (so the bank has not received excess collateral), which means the multiplier will be equal to 1.

2. Potential Future Exposure Calculation

The following table illustrates the steps typically followed for the add-on calculation, for each of the four commodity hedging sets with non-zero exposure:

Steps	Activities
1. Calculate Effective Notional	Calculate trade-level adjusted notional = current price × number of units referenced by derivative Calculate trade-level effective notional amount = trade-level adjusted notional × supervisory delta × maturity factor Calculate effective notional for each commodity-type = Σ(trade-level effective notional) for trades referencing the same commodity type, with full offsetting in commodity type
2. Apply Supervisory Factors	Add-on for each commodity type in a hedging set = Commodity-type Effective Notional Amount × Supervisory Factor
3. Apply Supervisory Correlations	Commodity-type add-ons are divided into systematic and idiosyncratic components weighted by the correlation factor
4. Aggregate	Aggregation of commodity-type add-ons with full offsetting in the systematic component and no offsetting in the idiosyncratic component Simple summation of absolute values of add-ons across the four hedging sets

Effective Notional Amount

Trade-level Adjusted Notional calculation for each commodity derivative trade:

d_i^(COM) = current price per unit × number of units in the trade

Trade	Current price per unit (unit is barrel for oil; ounces for silver)	Number of units in the trade	Adjusted Notional
Trade 1	100	100 barrels	10,000
Trade 2	100	200 barrels	20,000
Trade 3	20	500 ounces	10,000

The appropriate supervisory delta must be assigned to each trade:

Trade	Delta	Instrument Type
Trade 1	1	linear, long (forward & swap)
Trade 2	-1	linear, short (forward & swap)
Trade 3	1	linear, long (forward & swap)

Since the remaining maturity of Trade 1 is less than a year, at nine months (approximately 187 business days), and the trade is un-margined, its maturity factor is scaled down by the square root of 187/250 in accordance with the requirements of the Standards. On the other hand, the maturity factor is 1 for Trade 2 and for Trade 3, since the remaining maturity of those two trades is greater than one year and they are un-margined.

The trade-level effective notional is equal to the adjusted notional times the supervisory delta times the maturity factor. The basic difference between the WTI and Brent forward contracts effectively is ignored since they belong to the same commodity type, namely “Crude Oil” within the “Energy” hedging set, thus allowing for full offsetting. (In contrast, if one of the two forward contracts were on a different commodity type within the “Energy” hedging set, such as natural gas, with the other on crude oil, then only partial offsetting would have been allowed between the two trades.) Therefore, Trade 1 and Trade 2 can be aggregated into a single effective notional, taking into account each trade’s supervisory delta and maturity factor.

Hedging Set	Commodity Type	Trade	Adjusted Notional	Supervisory Delta	Maturity Factor	Effective Notional
Energy	Crude Oil	Trade 1	10,000	1	$\sqrt{\frac{187}{250}} = 0.865$	10,000 x 1 x 0.865 + 20,000x(-1)x1 =-11,350 (full off-setting within the ‘Crude Oil’ commodity type)
Energy	Crude Oil	Trade 2	20,000	-1	1
Metals	Silver	Trade 3	10,000	1	1	10,000

Supervisory Factor

For each commodity-type in a hedging set, the effective notional amount must be multiplied by the correct Supervisory Factor (SF). As described in the Standards, the Supervisory Factor for both the Crude Oil commodity type in the Energy hedging set and the Silver commodity type in the Metals hedging set is SF=18%.

Thus, the add-on by hedging set and commodity type is as follows:

Add-on(Type_k^j) = SF_Typek^(Com) × Effective Notional_Typek^(Com)

Hedging Set	Commodity Type	Effective Notional	Supervisory Factor SF	Add-on by HS and Commodity type
Energy	Crude Oil	-11,350	18%	-2,043
Metals	Silver	10,000	18%	1,800

Supervisory Correlation Parameters

The commodity-type add-ons in a hedging set are decomposed into systematic and idiosyncratic components. The commodity subclass correlations parameters are as stated in the Standards, in this case 40% for commodities.

Thus, the hedging set level add-ons are calculated for each commodity hedging set:

Add-on^(COM) = [( Σ_k ρ_j^(COM) × Add-on (Type_k^j) )² + Σ_k (1- (ρ_j^(COM) )²) × (Add-on (Type ^j))²]_k^1/2

Hedging Set	Commodity Type	ρ	Add-on(Type_k)	Systematic Component (ρ × Add-on(Type_k))²	(1 – ρ²)	Idiosyncratic Component (1 – ρ²) x (Add-on(Type_k)) ²	Add-on_j (Only one commodity type in each HS)
Energy	Crude Oil	40%	-2,043	(-817)²	0.84	0.84 × (-2,043)²	2,043
Metals	Silver	40%	1,800	(720)²	0.84	0.84 × (1,800)²	1,800

However, in this example, since only one commodity type within the “Energy” hedging set is populated (i.e. all other commodity types within that hedging set have a zero add-on), the resulting add-on for the hedging set is the same as the add-on for the commodity type. This calculation shows that when there is only one commodity type within a commodity hedging set, the hedging-set add-on is equal to the absolute value of the commodity-type add-on. (The same comment applies to the commodity type “Silver” in the “Metals” hedging set.)

Add-on Aggregation

Aggregation of commodity-type add-ons uses full offsetting in the systematic component and no offsetting benefit in the idiosyncratic component in each hedging set. As noted earlier, in this example there is only one commodity type per hedging set, which means no offsetting benefits. Computing the simple summation of absolute values of add-ons for the hedging sets:

Add-on = Σ_j Add-on_j

Add-On = 2,043 + 1,800 = 3,843

Multiplier

The multiplier is given by

multiplier = min {1; Floor+(1-Floor) × exp [(V-C)/(2×(1-Floor)×Add-on_agg)]}

= min {1; 0.05 + 0.95 × exp [20 / (2 × 0.95 × 3,843)]}

= 1, since V-C is positive.

Final Calculation of PFE

PFE = multiplier × Add-on_agg = 1 × 3,843 = 3,843

3. EAD Calculation
The exposure EAD to be risk weighted for counterparty credit risk capital requirements purposes is therefore
EAD = 1.4 * (RC + PFE) = 1.4 x (20 + 3,843) = 5,408

VI. Illustrations of Replacement Cost Calculations with Margining

Calculation of Replacement Cost (RC) depends whether or not a trade is collateralized, as illustrated below and in the summary table.

Transaction Characteristics	Replacement Cost (RC)
No collateral	Value of the derivative transactions in the netting set, if that value is positive (else RC=0)
Collateralized, no margin	Value of the derivative transactions in the netting set minus the value of the collateral after applicable haircuts, if positive (else RC=0)
Collateralized and margined	Same as the no margin case, unless TH+MTA-NICA (see definitions below) is greater than the resulting RC

•TH = positive threshold before the counterparty must send collateral to the bank
•MTA = minimum transfer amount applicable to the counterparty
•NICA = net independent collateral amount other than variation margin (unsegregated or segregated) posted to the bank, minus the unsegregated collateral posted by the bank. The quantity TH + MTA – NICA represents the largest net exposure, including all collateral held or posted under the margin agreement that would not trigger a collateral call.

A. Illustration 1: Margined Transaction
A bank has AED80 million in trades with a counterparty. The bank currently has met all past variation margin (VM) calls, so the value of trades with the counterparty is offset by cumulative VM in the form of cash collateral received. Furthermore, an “Independent Amount” (IA) of AED 10 million was agreed in favour of the bank, and none in favour of its counterparty. This leads to a credit support amount of AED 90 million (80 million plus 10 million), which is assumed to have been fully received as of the reporting date. There is a small “Minimum Transfer Amount” (MTA) of AED1 million, and a “Threshold” (TH) of zero.
In this example, the V-C term in the replacement cost (RC) formula is zero, since the value of the trades is more than offset by collateral received; AED80 million – AED90 million = -10 million. The term (TH + MTA - NICA) is -9 million (0 TH + 1 million MTA - 10 million of NICA held). Using the replacing cost formula:
RC = MAX {(V-C), (TH+MTA-NICA), 0}
= MAX{(80-90),(0+1-10),0}
= MAX{-10,-9,0} = 0

Because both V-C and TH+MTA-NICA are negative, the replacement cost is zero. This occurs because of the large amount of collateral posted by the bank’s counterparty.

B. Illustration 2: Initial Margin
A bank, in its capacity as clearing member of a CCP, has posted VM to the CCP in an amount equal to the value of the trades it has with the CCP. The bank has posted AED10 million in cash as initial margin, and the initial margin is held in such a manner as to be bankruptcy-remote from the CCP. Assume that the value of trades with the CCP are -50 million, and the bank has posted AED50 million in VM to the CCP. Also assume that MTA and TH are both zero under the terms of clearing at the CCP.
In this case, the V-C term is zero, since the already posted VM offsets the negative value of V. The TH+MTA-NICA term is also zero, since MTA and TH both equal zero, and the initial margin held by the CCP is bankruptcy remote and thus does not affect NICA. Thus:
RC = MAX {(V-C), (TH+MTA-NICA), 0}
= MAX{(-50-(-50)), (0+0-0), 0}
= MAX{0,0,0} = 0

Therefore, the replacement cost RC is zero.

C. Illustration 3: Initial Margin Not Bankruptcy Remote
Consider the same case as in Illustration 2, except that the initial margin posted to the CCP is not bankruptcy remote. Since this now counts as part of the collateral C, the value of V-C is AED10 million. The value of the TH+MTA-NICA term is AED10 million due to the negative NICA of -10 million. In this case:
RC = MAX {(V-C), (TH+MTA-NICA), 0}
= MAX{(-50-(-50)-(-10)), (0+0-(-10)), 0}
= MAX{10,10,0} = 10

The RC is now AED10 million, representing the initial margin posted to the CCP that would be lost if the CCP were to default.

D. Illustration 4: Maintenance Margin Agreement
Some margin agreements specify that a counterparty must maintain a level of collateral that is a fixed percentage of the mark-to-market (MtM) of the transactions in the netting set. For this type of margining agreement, the Independent Collateral Amount (ICA) is the percentage of MtM that the counterparty must maintain above the net MtM of the transactions covered by the margin agreement. For example, suppose the agreement states that a counterparty must maintain a collateral balance of at least 140% of the MtM of its transactions. Further suppose for purposes of this illustration that there is no TH and no MTA, and that the MTM of the derivative transactions is 50. The counterparty posts 80 in cash collateral. ICA in this case is the amount that the counterparty is required to post above the MTM (140%x50 – 50 = 20). Since MtM minus the collateral is negative (50-80 = -30), and MTA+TH-NICA also is negative (0+0-20 = -20), the replacement cost RC is zero. In terms of the replacement cost formula:
RC = MAX {(V-C), (TH+MTA-NICA), 0}
= MAX{(50-80), (0+0-20), 0}
= MAX{-30,-20,0} = 0

V. Credit Valuation Adjustment (CVA)

VI. Equity Investments in Funds

I. Introduction
1.A credit valuation adjustment (CVA) is an adjustment to the fair value of a derivative instrument to account for counterparty credit risk. CVA is commonly viewed as the cost of counterparty credit risk. For any given position with a counterparty, this cost depends on the market’s perception of the riskiness of the counterparty, as reflected for example in counterparty credit spreads, as well as on the market value of the exposure, which typically depends on underlying market factors.
2.During the financial crisis, banks suffered significant losses due to counterparty risk exposure on over-the-counter (OTC) derivatives. Various analyses have concluded that the majority of these losses came not from counterparty defaults but from fair value adjustments on derivatives. The value of outstanding derivative assets was written down as it became apparent that counterparties had become less likely to meet their obligations. These types of credit-related losses, reflected in changes in CVA, are now widely recognized as a source of risk for banks involved in derivatives activity.
3.Under the Basel II market risk framework, firms were required to hold capital against the variability in the market value of their derivatives in the trading book, but there was no requirement to capitalize against variability in CVA. Counterparty credit risk capital under Basel II was based on the credit risk framework, and designed to provide protection against default and migration risk rather than the potential losses that can arise through variations in CVA.
4.To address this gap in the prudential capital framework, the Basel Committee on Banking Supervision (BCBS) introduced the CVA capital charge as part of Basel III in December 2010. The purpose of the Basel III CVA capital charge is to ensure that bank capital provides adequate protection against the risks of future changes in CVA.
5.In line with the requirements of Basel III, UAE banks are required to calculate risk-weighted assets (RWA) for CVA risk under one of two approaches. Banks must use either:
1. •A standardised approach, described in the Standards and closely based on the standardised approach to CVA risk capital developed by the BCBS; or
2. •A simple alternative approach, under which a bank with an aggregate notional amount of non-centrally cleared derivatives less than or equal to 400 billion AED may calculate RWA for CVA by setting it equal to the bank’s counterparty credit risk (CCR) RWA.
6.The Central Bank is fully aware of the BCBS view that CVA risk cannot be modelled by banks in a robust and prudent manner at this time. Accordingly, the Central Bank has determined that CVA approaches that rely on banks’ internal CVA models, or that use inputs derived from those models, are not appropriate for use in regulatory capital calculations by UAE banks.

I. Introduction
1.In December 2013, the Basel Committee on Banking Supervision (BCBS) published a revised framework for calculating the capital requirements for banks’ equity investments in funds held in the banking book. This followed a BCBS review of the risk-based capital requirements for banks’ exposures to funds, undertaken as part of the work of the Financial Stability Board (FSB) to strengthen the oversight and regulation of shadow banking. The BCBS review was undertaken to clarify the existing treatment of such exposures in the Basel II capital adequacy framework and to achieve a more internationally consistent and risk-sensitive capital treatment for banks’ investments in the equity of funds, reflecting both the risk of the fund’s underlying investments and its leverage.
2.Following the approach developed by the BCBS in Capital requirements for banks’ equity investments in funds, (BCBS 266, published December 2013), the Central Bank Standards for minimum required capital for banks’ equity investments in funds relies on a hierarchy of three successive approaches to risk weighting of fund assets, with varying degrees of risk sensitivity and conservatism:
1. •The “look-through approach” (LTA): The LTA is the most granular approach. Subject to meeting the conditions set out for its use, banks employing the LTA must apply the risk weight of the fund’s underlying exposures as if the exposures were held directly by the bank;
2. •The “mandate-based approach” (MBA): The MBA provides a degree of risk sensitivity, and can be used when banks do not meet the conditions for applying the LTA. Banks employing the MBA assign risk weights on the basis of the information contained in a fund’s mandate or in relevant regulations, national legislation, or other similar rules under which the fund is required to operate; and
3. •The “fall-back approach” (FBA): When neither of the above approaches is feasible, the FBA must be used. The FBA applies a 1250 percent risk weight to a bank’s equity investment in the fund.
To ensure that banks have appropriate incentives to enhance the risk management of their exposures, the degree of conservatism increases with each successive approach.
3.The capital framework for banks’ equity investments in funds also incorporates a leverage adjustment to the risk-weighted assets derived from the above approaches to appropriately reflect a fund’s leverage.

II. Clarifications

II. Clarifications

A. Scope
7.The CVA standards covers all of a bank’s non-centrally cleared derivative exposures. In the context of the CVA standards, derivatives are instruments whose value is based upon the price or value associated with an underlying reference entity. In general, derivatives exhibit the following abstract characteristics:
1. •The transactions generate a current exposure or market value.
2. •The transactions have an associated random future market value based on market variables.
3. •The transactions have contractual terms that provide for an exchange of payments or an exchange of a financial instrument (including commodities) against payment.
4. •The transactions are undertaken with an identified counterparty.
8.Other common characteristics of derivative transactions may include the following:
1. •Collateral may be used to mitigate risk exposure, and may be inherent in the nature of some transactions.
2. •Netting may be used to mitigate risk or to simplify operational aspects of the transaction.
3. •Positions are frequently valued (most commonly on a daily basis), with the value dependent on market variables or their changes.
4. •Margin payments may be employed, with margin held in various forms, and with re-margining agreements that allow for the adjustment of margin either daily or at some other established frequency.
9.In addition, the Central Bank has used national discretion to include securities financing transactions (SFTs) – transactions such as repurchase agreements, reverse repurchase agreements, security lending and borrowing, and margin lending transactions – within the scope of the CVA calculation. However, as the Standards note, if the Central Bank determines that SFT exposures at any individual bank are not a material source of CVA risk, the Central Bank may direct the bank to exclude SFTs from CVA capital calculations.
10.Consistent with the BCBS framework, all derivative transactions for which a central counterparty is the direct counterparty are excluded from the CVA capital calculation. Banks must calculate RWA for those centrally cleared transactions as specified in the Central Bank’s CCR Standards.

A. Scope
4.The Standards covers banks’ equity investments held in the banking book. Note that equity positions within the trading book are covered by the market risk capital requirements that apply to trading book positions.
5.The Central Bank has chosen not to use the national discretion provided within the BCBS framework to exclude from the standard equity positions in entities whose debt obligations qualify for a zero risk weight. The Central Bank also has chosen not to use the national discretion provided within the BCBS framework to exclude from the scope of the standard equity investments made under identified official programs that support specified sectors of the economy

B. CVA Overview
11.The Central Bank’s approach to minimum required capital for CVA risk is based closely on the standardised approach to CVA risk capital described in Basel III: A global regulatory framework for more resilient banks and banking systems (BCBS 189, December 2010, rev June 2011). A few elements also draw on clarifications and other information provided in BCBS publications responding to Frequently Asked Questions, or clarifications contained in Basel III: Finalising post-crisis reforms published by the BCBS in December 2017.
12.Regulatory CVA may differ from the CVA calculated under IFRS or other accounting standards. In particular, regulatory CVA excludes any consideration of the effect of changes in a bank’s own credit risk as perceived by the market. This means that regulatory CVA calculations do not consider so-called debit valuation adjustments, or DVA.

B. General Design of the Capital Requirement
6.At a high level, the framework is designed such that the risk-weight for a bank’s equity investment in a fund depends on the average risk weight that would be applicable to the assets of the fund, and on the extent of use of leverage by the fund. The approach to the average risk weight for any fund will reflect one or more of the three approaches described briefly above (and described more fully in the Standards).
7.The illustration below gives a general overview of how the average risk weight and leverage are combined, subject to a cap of 1250%, and then applied to the bank’s equity investment in the funds.
8.For example, if the average risk weight of the assets held by the fund is 80%, and the fund is financed through half debt and half equity, then the ratio of assets to equity would be 2.0 and the risk weight applied to a bank’s investment in the fund would be:
80% x 2.0 = 160%
If instead the same fund is financed 90% by debt, then the ratio of assets to equity would be 10, and the risk weight applied to the bank’s investment in the fund would be 800% (80% x 10).
9.Another way to view the capital requirement for equity investments in funds is that a bank generally must count a proportional amount of the risk-weighted assets (RWA) of the fund as the bank’s own RWA for capital purposes, in proportion to the bank’s share of the equity of the fund. Ignoring the 1250% limit for simplicity, the RWA calculation can be written as:
The rearrangement of the terms in the equation highlights that the bank’s RWA from the EIF is the bank’s proportional share of the fund’s RWA – if the bank holds a 5% share of the equity in the fund, then the bank’s RWA is 5% of the total RWA of the fund. This is a logical treatment – if a bank effectively owns 5% of a fund, the bank must hold capital as if it owns 5% of the fund’s risk-weighted assets.

C. Hedging
13.The calculation allows banks to recognize the risk mitigating benefits of certain eligible CVA hedges. The Standards allows only certain types of instruments to serve as eligible hedges for CVA, specifically an index credit default swap (CDS), or a single-name CDS, single-name contingent CDS, or equivalent hedging instrument that directly references the counterparty being hedged. An option on an eligible CDS (that is, a swaption on such a CDS) can be eligible, provided the swaption does not contain a “knock out” clause that terminates the swaption in the case of a credit event. Eligible hedges that are included in the CVA capital charge are removed from the bank’s market risk capital calculation.
14.Other types of instruments must not be reflected as hedges within the calculation of the CVA capital charge, even if the bank views them as mitigating counterparty credit risk. For example, tranched or nth-to-default CDS instruments are not eligible CVA hedges. These instead must be treated as any other similar instrument in the bank’s portfolio for regulatory capital purposes.
15.In addition to the restrictions regarding the types of instruments that a bank may recognize as CVA hedges, only transactions entered into explicitly for the purpose of hedging the counterparty credit spread component of CVA risk can be eligible hedges. This means, for example, that a bank might have a single-name CDS referencing an OTC counterparty in its portfolio, and yet that CDS would not be eligible to offset the single-name CVA exposure within the CVA calculation if that CDS was not originated or acquired as part of the bank’s process to manage CVA risk for that particular counterparty.
16.To clearly demonstrate intent to manage CVA risk, the bank should have a documented CVA risk management process or program, so that any CVA hedging transaction is demonstrably consistent with the design and operation of that program, was entered into with the intent to mitigate the counterparty credit spread component of CVA risk, and continues to be managed by the bank in a manner consistent with that intent. The Central Bank expects that any bank wishing to recognize the benefits of hedges in CVA capital calculations will maintain policies and procedures to govern this process. If the Central Bank concludes that a bank’s CVA hedging policies and procedures are inadequate, the Central Bank may limit the bank’s ability to recognize hedges in CVA capital calculations.
17.Another key principle for CVA hedging is that risk mitigation should transfer risk to third parties external to the bank. Some banks use internal transactions to transfer risk between different desks or business units within the bank as part of a broader risk management program, with these transactions typically subject to some type of internal transfer pricing mechanism. Such transactions are permissible and can be a valid component of the management of CVA risk within a bank, but the risk ultimately should be transferred out of the bank, which generally requires a corresponding external transaction to reduce CVA risk.

C. Look-Through Approach
10.The LTA requires a bank to assign the same risk weights to the underlying exposures of a fund as would be assigned if the bank held the exposures directly. The information used for to determine the risk weights must meet the requirements stated in the Standards, including sufficiency, frequency, and third party review. However, that information is not required to be derived from sources that are subject to an external audit.
11.RWA and assets of investment funds should, to the extent possible, be evaluated using the same accounting standards the bank would apply if the assets were held directly. However, where this is not possible due to constraints on available information, the evaluation can be based on the accounting standards applied by the investment fund, provided the treatment of the numerator (RWA) and the denominator (total unweighted assets) is consistent.
12.If a bank relies on third-party calculations for determining the underlying risk weights of the exposures of the fund, the risk weights should be increased by a factor of 1.2 times to compensate for the fact that the bank cannot be certain about the accuracy of third-party information. For instance, any exposure that is ordinarily subject to a 20% risk weight under the risk-based capital standards would be weighted at 24% (1.2×20%) when the look-through is performed by a third party.

D. CVA Capital Concept
18.The standardised approach for calculation of CVA capital is a form of a value-at-risk calculation, an approach commonly used to set capital requirements. Changes in CVA can be viewed as following some distribution, such as the normal distribution illustrated in Figure 2. Conceptually, the general approach to CVA capital is to estimate a level of CVA losses that should be expected to be exceeded no more than a given percentage of the time. The CVA capital calculation reflects a value-at-risk calculation with a one-year, 99% confidence level for CVA risk. Assuming a normal distribution (or equivalently, a log-normal distribution for the underlying risk factors), losses can be expected to be within 2.33 standard deviations of the mean 99% of the time. That concept is illustrated in Figure 2, where the 1% negative tail of the distribution has been highlighted (in this case, σ is the standard deviation).
Figure 2

19. Accordingly, the general form of the CVA capital calculation depends on the standard deviation of CVA losses:

The normality assumption, together with a desired 99% confidence level, is the reason for the inclusion of a 2.33 multiplication factor in the CVA capital formula. Other elements of the CVA capital calculation reflect a theoretical approximation of the variance of changes in CVA.

D. Mandate-Based Approach
13.Under the MBA, banks may use the information contained in a fund’s mandate, or in the rules or regulations governing such investment funds in the relevant jurisdiction. Information used for this purpose is not strictly limited to a fund’s mandate or to national regulations or other requirements that govern such funds. For example, a bank could obtain information from the fund’s prospectus or from other disclosures of the fund.
14.To ensure that all underlying risks are taken into account (including CCR) and that the MBA renders capital requirements no less than the LTA, the Standards requires that risk-weighted assets for funds’ exposures be calculated as the sum of three items:
1. •On-balance-sheet exposures;
2. •Off-balance-sheet exposures including notional value of derivatives exposures; and
3. •CCR exposure for derivatives.
15.As with the LTA, for purposes of the MBA the RWA and assets of investment funds should, to the extent possible, be evaluated using the same accounting standards the bank would apply if the assets were held directly. However, where this is not possible due to constraints on available information, the evaluation can be based on the accounting standards applied by the investment fund, provided the treatment of the numerator (RWA) and the denominator (total unweighted assets) is consistent.
16.In general, the MBA aims to take a conservative approach by calculating the highest risk-weighted assets the fund could achieve under the terms of its mandate or governing laws and regulations. Under the MBA, the bank should assume that the fund’s assets are first invested to the maximum extent allowable in assets that would attract the highest risk weight, and then to the maximum extent allowable in the next riskiest type of asset, and so on until all of the fund’s balance sheet assets have been assigned to a risk-weight category. If more than one risk weight could be applied to a given exposure, the bank must use the maximum applicable risk weight. For example, if the mandate does not place restrictions on the rating quality of the fund’s investments in corporate bonds, the bank should apply a risk weight of 150% to the fund’s corporate bond positions.
17.For derivatives, when the replacement cost is unknown, the Standards takes a conservative approach by setting replacement cost equal to the notional amount of the derivatives contracts. When the notional amount of a fund’s derivative exposure is unknown, the approach again is conservative: the bank should use the maximum notional amount of derivatives allowed under the fund’s mandate. When the PFE for derivatives is unknown, the PFE add-on should be set at 15% of the notional value. Thus, if the replacement cost and PFE add-on both are unknown, a total multiplication factor of 1.15 must be applied to the notional amount to reflect the CCR exposure.
18.Instead of determining a CVA charge associated with the fund’s derivative exposures, the Standards allows banks to multiply the CCR exposure by a factor of 1.5 before applying the risk weight associated with the counterparty. However, a bank is not required to apply the 1.5 factor for situations in which the CVA capital charge would not otherwise be applicable. Notably, this includes derivative transactions for which the direct counterparty is a qualifying central counterparty.

E. CVA Capital Formula
20.In the BCBS publication of Basel III, banks using the standardised approach to calculate CVA capital are to use the following formula:

21.The Central Bank’s CVA calculation, while based directly on the BCBS formula and producing the same result, uses different (generally simpler) notation. The nature of, and motivation for, the main notational differences are explained in this section.
22.A minor difference in notation is the omission of the multiplicative term “” from the BCBS formulation. This term was included by the BCBS to allow the CVA capital calculation to be adjusted to an appropriate prudential horizon. However, in the ultimate calibration of the CVA calculation the horizon h was established at one year, and hence h=1. Since the square root of 1 is also 1, and the term is a multiplicative factor, it has no impact on the resulting capital. Some other jurisdictions have recognized this fact, and have omitted the from the CVA calculation for simplicity in their published capital regulations. The Central Bank has followed this approach.
23.Another difference between the BCBS notation and the presentation of the formula in the Standards is the concept of “single-name exposure” or SNE. Under the Standards, a bank calculates SNE for each counterparty as:
SNE_i = EAD_i^Total × DF_i − H_i × DF_H

In this calculation, EAD_i^Total is the bank’s total exposure to counterparty “i” across all derivatives netting sets plus the counterparty exposure measure arising from SFTs with that counterparty, and H_i is the total notional of eligible single-name CVA hedges for that counterparty. (The symbol H is used in place of B in the BCBS formula, an appropriate adjustment of notation since it reflects hedge instruments. DF is a supervisory discount factor, described further below.) In effect, the discounted value of the individual counterparty exposure is offset by the discounted value of eligible single-name CVA hedges for that counterparty. The Central Bank regards SNE as a useful concept, because it reflects single-name exposure net of hedges. Its use also simplifies presentation of the CVA capital formulas.
24.The form of the supervisory discount factor DF in the Standards differs somewhat from the corresponding BCBS notation. Specifically, DF is defined in the CVA Standards as:

This form of DF is in effect the continuous-time present value of an M-period annuity of one AED discounted at a rate of 5%.

25. In contrast, the BCBS formula includes the maturity term M directly in the denominator of the supervisory discount factor, as follows:

However, the BCBS formula for CVA capital also multiplies by M as part of the CVA capital calculation. As a result of that multiplication, the M in the denominator of the discount factor is cancelled out, making the overall result the same as that provided by DF in the Standards. The formulation in the BCBS text was designed to accommodate the fact that banks using internal models incorporate discounting into the calculation of counterparty exposure, and those banks are required to set the BCBS supervisory discount factor to one, while retaining the multiplication by M. However, since internal-model approaches are not used for regulatory capital purposes in the UAE, this flexibility is not needed, and the simpler version of the calculation has been specified in the Standards. If for operational or other reasons a bank finds using the Basel formulation of the discount factor more convenient, its use is acceptable, provided the bank also multiplies the resulting discount factor by M.

26.If the bank uses single-name hedging only, the bank aggregates SNE across counterparties to calculate CVA capital using the following formula:

where K is CVA capital, and W_i is the risk weight applicable to counterparty “i” taken from the risk-weight table in the Standards.

27.An important insight is that CVA risk has both a systematic component and an idiosyncratic component. The systematic component reflects the fact that credit risks of different counterparties tend to be at least somewhat correlated with one another and move in concert, due to a degree of dependence on the same general economic or market factors. This kind of common risk potentially can be hedged, but cannot be reduced through diversification across counterparties. The non-systematic, or idiosyncratic, component of CVA risk arises from factors that affect credit spreads but are specific to an individual counterparty. In contrast to the systematic risk, the idiosyncratic part of CVA risk can be reduced through diversification, as well as through hedging. If a CVA portfolio is diversified to include many counterparties, it is not very likely that they would all suffer idiosyncratic credit deterioration at the same time, so overall risk is reduced; gains on some may offset losses on others.

28.The CVA capital calculation recognizes the difference between these two kinds of risk, and treats them differently in the calculation. The first term in the square root in the capital calculation reflects the systematic component of CVA variance:

The exposures are weighted and summed before squaring. Holding risk weights constant, spreading a given amount of exposure across more counterparties has no effect on this sum; although there will be more individual terms in the summation, the sum will be the same, and thus there are no gains from diversification. The second term in the square root reflects the idiosyncratic CVA risk:

Here, because the weighted exposures are squared before summing, spreading a given amount of exposure across more counterparties reduces the total, reflecting the beneficial, risk-reducing effects of diversifying the idiosyncratic component of counterparty credit risk.

29.An alternative arrangement of the CVA capital calculation may provide additional intuition:

This form, which separates the factor of 0.5 from the rest of the systematic portion before it is raised to the second power, highlights the fact that the CVA calculation can be viewed as effectively a weighted average of two components, a systematic component with a weight of 25%, and an idiosyncratic component with a weight of 75%. The 25% weight on the idiosyncratic component is the theoretically correct weight if counterparties have a common systematic correlation with the broader market of 50%. Note that this form is simply a mathematical restatement of the capital calculation, yielding an identical answer for the stated case (that is, single-name hedging only, no index hedges).

30.The portfolio-level calculation of CVA risk also recognizes that index hedges may reduce systematic CVA risk. The calculation including index hedges is:

where H_ind is the notional of an eligible purchased index hedge instrument that is used to hedge CVA risk, is the applicable supervisory discount factor, and M_ind is the maturity of the index hedge. Note that the effect of the index hedge appears only in the systematic component of CVA risk within the square root. Also, note that there is no correlation-related coefficient associated with the index hedges, analogous to the 0.5 or 0.75 coefficients for the single-name exposure terms. This reflects the fact that an index CDS closely tracks the market, with a correlation expected to be near perfect. The correct coefficient on the index hedge terms in the model would be approximately 1.0, which is the reason for their omission.

31.The Standards also includes a version of the formula that more closely resembles the full formula used in the BCBS framework:

In this form, the intermediate calculation of SNE is not used. However, the results of the calculation are exactly the same as those produced by the formulation using SNE.

E. Leverage Adjustment
19.A leverage adjustment is applied to the average risk weight of the fund under either the LTA or the MBA. A similar leverage adjustment is not necessary for the FBA, because the risk weight of 1250% applied under the FBA to equity investments in funds is fixed at that maximum value.
20.When determining the leverage adjustment under the MBA, banks are required to make conservative assumptions using information from the fund’s mandate. Specifically, the Standards requires that banks assume the fund will use financial leverage up to the maximum amount permitted under the fund’s mandate, or up to the maximum permitted under the regulations governing that fund. This maximum may be significantly greater than the actual leverage for the fund at any point in time.

F. Maturity Calculation
32.When computing the maturity M for a netting set, banks are required to use a weighted average, with notional values as the weights. For example, suppose a netting set with a particular counterparty includes two exposures, a 2-year swap with a notional amount of 200, and a 3-year swap with a notional amount of 400. The total notional value of the netting set is therefore 200+400=600. The weighted average maturity would be calculated as:

G. Risk Weights
33.Derivatives exposures and CVA hedges enter the CVA capital calculation with associated risk weights that depend on the credit rating of the bank’s counterparties for the covered exposures, or on the credit rating of the underlying entity for hedge instruments. In the case of unrated counterparties or entities, banks should follow the approach applied by the Central Bank for credit derivatives that reference unrated entities in the CCR Standards, treating them as BBB rated unless the counterparty or entity has an elevated risk of default, in which case they should be treated as BB rated.
34.The CVA Standards follows the BCBS framework in specifying an array of risk weights that align with an external rating scale that is most similar to the one used by Standard and Poor’s. Use of this rating scale for purposes of the CVA Standards should not be viewed as an endorsement of that or any other external rating agency. Banks may use other ratings, and should map those ratings to the scale included in the Standards using the historical default experience for the various rating grades as published by the relevant external rating agencies.

H. Risk-Weighted Assets
35.The formula developed by the BCBS to determine CVA capital reflects a calibration based on the 8% minimum capital ratio applied in the Basel capital framework. To calculate a corresponding RWA amount, the Standards requires banks to multiply the calculated CVA capital by a factor of 12.5, which is the reciprocal of 8%. That is, 1/(0.08) = 12.5. This multiplication is appropriate even if the Central Bank applies a higher minimum capital requirement to the resulting RWA, because the purpose of the multiplication by 12.5 is to reverse the calibration implicitly used by the BCBS to produce a capital number in the original formulation.

I. Threshold for the Simple Alternative
36.As part of the finalization of Basel III, the BCBS introduced a materiality threshold, and provided an option for any bank whose aggregate notional amount of non-centrally cleared derivatives is less than or equal to 100 billion euro to choose to set its CVA capital equal to 100% of its capital for counterparty credit risk.
37.To implement this option in the UAE, the Central Bank has established a materiality threshold of 400 billion AED. Banks with an aggregate notional amount of covered transactions less than or equal to 400 billion AED may choose to set CVA RWA equal to the bank’s RWA for counterparty credit risk as calculated under the Central Bank’s CCR Standards. The Central Bank has determined that this threshold is appropriate for the UAE, and is comparable to the 100 Billion Euro threshold included in Basel.
38.If a bank chooses this CDS, it must be applied to all of the bank’s covered transactions, as required under the BCBS framework. In addition, a bank adopting this simple approach may not recognize the risk-reducing effects of CVA hedges.
39.The Central Bank may prohibit a bank from using this simple alternative if the Central bank determines that CVA risk resulting from the bank’s derivative positions and SFTs materially contributes to the bank’s overall risk, and therefore warrants a more sophisticated approach.

III. Frequently Asked Questions
Question 1: Are all transactions with Central Counterparties excluded from the CVA capital calculation?
No, only transactions for which the direct counterparty is a qualifying CCP (QCCP) are excluded. Note that under the CCR Standard, the bank must have a determination of non-objection from the Central Bank with regard to any specific QCCP.
Question 2: Should debit valuation adjustment (DVA) be netted from CVA for the capital calculation?
No, DVA cannot be taken into account to reduce regulatory CVA for the capital calculation.
Question 3: What types of transactions can qualify as CVA hedges?
A CVA hedge can be any financial instrument or contract that refers specifically to the counterparty by name, and whose value increases when the credit quality of the counterparty being hedged deteriorates. However, the Standards does not permit "nth-to-default" credit derivatives (index or basket credit derivatives in which payment is made only on the event of the “nth” default by a reference entity in the basket, rather than the first default) to be used as CVA hedges.
Question 4: If a CDS serves as an eligible CVA hedge for one counterparty, does it also create counterparty exposure to the counterparty for the CDS?
Yes, a CDS or other hedging instrument used for CVA hedging also can create counterparty exposure, and in that case requires capital to cover the associated risks presented by that counterparty, including CVA. For example, if a bank has CVA exposure to counterparty A, and hedges that exposure by purchasing a credit default swap from counterparty B, the CVA charge for exposure to counterparty A may be reduced, but the bank now likely is exposed to CVA risk on counterparty B.
Question 5: For calculating the weighted average maturity, should we use the original deal notional values, or the effective notional values per the CCR standards?
Either approach is acceptable, provided the bank is consistent in its selected approach.
Question 6: If there is no valid netting set with a counterparty, how should average maturity be calculated?
Average maturity is calculated at the netting set level, for each netting set with each counterparty. If netting is not valid, then the “netting set” consists of a single transaction, which will have its own maturity per the contractual terms of the transaction. Without valid netting, there may be as many “netting sets” for a counterparty as there are derivative transactions with that counterparty.
Question 7: To compute weighted average maturity, we have conservatively treated each trade as a stand-alone netting set. Is this conservative treatment acceptable?
Yes, this treatment is acceptable.
Question 8: When calculating average maturity for a netting set, should we consider each asset class separately?
Maturity calculations for CVA must be calculated for each netting set, reflecting all covered transactions within a given netting set, regardless of asset class.
Question 9: If an entity has ratings from multiple rating agencies, which one should be used to determine the risk weight for CVA capital?
If there are ratings from two different rating agencies that map to different risk weights, the higher risk weight should be applied. If there are ratings from three or more rating agencies that map to different risk weights, the two ratings that correspond to the lowest risk weights should be referred to. If these two ratings give rise to the same risk weight, that risk weight should be applied. If the two are different, the higher of the two risk weights should be applied.
Question 10: If a counterparty is within a legal organizational structure that includes multiple entities with different ratings, which rating should be used for the CVA capital calculation?
The bank should use the rating for the entity that is actually obligated as a counterparty to the bank under the terms of the transactions within the applicable netting set.
Question 11: Is there any special CVA treatment for counterparties that have a zero risk weight for credit risk under the risk-based capital standards?
No, they are treated like all other counterparties (other than CCPs). Note that CVA risk is different from the more general type of credit risk treated under the risk-based standards. The risk weights in the CVA standards are intended to reflect credit spread risk, and generally differ from the risk weights used for other capital requirements. For all counterparties, apply the CVA risk weight that corresponds to the rating of the entity, or if unrated, apply the approach specified for unrated counterparties.
Question 12: We prefer to map unrated counterparties to CCC as a conservative treatment; is that acceptable, or must they be mapped to BBB?
The bank is free to apply a more conservative treatment to unrated counterparties, and should do so if it considers the more conservative treatment to be appropriate. However, the bank should be consistent in its approach, and should not apply this process in a way that might reduce exposure for the CVA calculation relative to the treatment stated in the standards.
Question 13: Should all SFT exposures be considered in scope for the CVA calculation, or only those that create gross SFT assets per the leverage ratio exposure measure? Will SFT exposures be classified separately for the computation of Credit RWAs in CAR computation?
All SFTs should be reflected in the CVA calculation, whether or not they create non-zero gross SFT asset values for the leverage ratio.
Credit risk capital for SFT exposures is addressed as part of the general credit risk standards for risk-based capital adequacy requirements.
Question 14: When determining exposure for SFTs, are haircuts to be applied to the fair value of the securities?
No, haircuts should not be applied – use the fair value without haircuts.
Question 15: Can the weighted average maturity for SFT exposures be based on the exposure amounts?
Yes, that approach is acceptable, provided it is applied consistently.
Question 16: Can we consider Global Master Repo Agreements signed with banks in the UAE as qualifying master netting agreements (MNA) for SFT exposure computation?
Banks should apply the requirements for valid netting agreements as stated in the Central Bank’s Standards for Counterparty Credit Risk to determine whether netting is valid in any particular case, rather than using broad categorical criteria.
Question 17: Will the Central Bank establish a specific quantitative materiality threshold to determine whether SFTs are in scope for CVA capital?
The Central Bank does not intend to establish a specific threshold, but instead will determine the materiality of CVA risk from SFTs on a case-by-case basis, taking into account all relevant factors that may affect the CVA risk posed by SFTs at each bank.
Question 18: The CVA guidelines require computation of single-name exposure (SNE), while the CCR Standards is based on hedging sets; different names may be included in the same hedging set. Does this create an inconsistency?
It does not. Note that the single “name” for CVA capital is the derivatives or SFT counterparty. It does not depend on any underlying reference names for credit derivatives or other transactions with a given counterparty. Suppose for example that a bank has two credit derivatives that depend on the performance of Company A and Company B (that is, those are the underlying reference names for the credit derivatives), and that the bank’s counterparty for both credit derivatives is another bank, Bank C. Under the CCR standards, assuming that the netting requirements are met, the two credit derivatives would be in a single hedging set within a netting set with Bank C. For calculation of CVA capital, the SNE would reflect the bank’s CCR exposure to the single “name” that is Bank C; neither the names nor the ratings of Company A or Company B enter the CVA calculation directly. The CVA risk-weight for the bank’s CVA capital calculation would depend on the credit rating of Bank C, not the ratings of either Company A or Company B.
Question 19: Should we multiply the sum of replacement cost and potential future exposure by the same 1.4 scaling factor used in the SA-CCR standards issued by Central Bank?
Yes, that is correct; the same multiplicative scaling factor of 1.4 should be used for the CVA calculation as well.
Question 20: Can banks used the Basic Approach for CVA (BA-CVA) recently published by the Basel Committee on Banking Supervision in December 2017?
Not at this time. The Central Bank may consider the BA-CVA at a later date.
Question 21: Bank ask in case of calculating discounted counterparty exposure is a double count and will inflate CVA Capital charge given SA-CCR EAD already factors in maturity adjustment while computing adjusted notional which is product of trade notional & supervisory duration?
The use of the discount factor in the CVA capital charge does not result in double counting. While there is superficial similarity between the supervisory duration (SD) adjustment in SA-CCR and the discount factor (DF) in CVA, they are actually capturing different aspects of risk exposure. The use of SD in SA-CCR adjusts the notional amount of the derivatives to reflect its sensitivity to changes in interest rates, since longer-term derivatives are more sensitive to rate changes than are shorter-term derivatives. In contrast, the use of DF in the CVA calculation reflects the fact that a bank is exposed to CVA risk not only during the first year of a derivative contract, but over the life of the contract; the DF term recognizes the present value of the exposure over the life of the contract. Thus, these two factors, although they have similar functional forms and therefore appear somewhat similar, are not in fact duplicative.
Question 22: Further elaboration on "equivalent hedging instrument that directly references the counterparty being hedged"?
This could be any instrument or contract that refers specifically to the counterparty by name, and whose value increases when the credit quality of the counterparty being hedged deteriorates.
However, it does not include "nth-to-default" credit derivatives.
Question 23: What if a Bank hold a CVA liability in our books, charged to P&L, once we have the additional capital requirement on CVA, will this liability be netted off against the CVA capital requirement, or an add back to the capital for this P&L charge will be incorporated?
Incurred CVA losses should be used to reduce EAD.

III. Frequently Asked Questions
Question 1: BCBS 266 states “Equity holdings in entities whose debt obligations qualify for a zero risk weight can be excluded from the LTA, MBA and FBA approaches (including those publicly sponsored entities where a zero risk weight can be applied), at the discretion of the national supervisor.” Are such equity holdings excluded under the Central Bank’s Standards?
No, the Central Bank of the UAE has chosen not to adopt this point of national discretion. Bank investments in such funds are subject to the requirements of the Standards.
Question 2: If a bank makes a “seed capital investment” in a fund that is out of scope of consolidation, and is considered a significant investment in the common shares of a banking, financial, or insurance entity, is it within scope as an equity investment in a fund?
If the investment is one that the bank would be required to deduct from capital, then the investment is not in scope for this Standards.
Question 3: If a bank makes a “seed capital investment” in a fund, and that fund is managed by a Fund Manager hired by the bank, is the investment considered to be a direct investment in the fund, or indirect?
Assuming that the fund in question is not consolidated into the bank under accounting rules for financial reporting, such an investment is considered a direct investment under the Standards.
Question 4: Under the Standards, what methodology should a bank use to compute counterparty credit risk exposure for funds in which the bank has an equity investment?
The Standards states that banks must risk weight all exposures as if the bank held those exposures directly. Thus, the risk weights and the exposure amounts for counterparty credit risk should be determined using the standards that would apply to the bank. For banks in the UAE, the applicable standards for counterparty credit risk is the Central Bank’s Standards for Counterparty Credit Risk Capital, which reflects the Standardised Approach to Counterparty Credit Risk (SA-CCR).
Question 5: If a bank relies on a third-party information provider for information used to calculate the leverage adjustment for a fund, does the 1.2 multiplication factor apply?
No, as the Standards states, the factor of 1.2 applies when the bank relies on a third party for the risk weights of the underlying exposures. This is a conservative adjustment to recognize the uncertainty associated with such information about risk weights. It does not apply to the leverage ratio calculation.
Question 6: The FBA applies a risk weight of 1250%, which is significantly higher than the current risk weights of 100% or 150% that apply to equity investments in funds under previous capital requirements. Should this risk weight be lower?
The risk weight of 1250% is aligned with international capital standards as developed by the Basel Committee, and is being adopted by the Central Bank under this Standards. Considering the higher minimum capital requirements in the UAE (10.5% vs 8%), the final risk weight is capped at 952%.
Question 7: What happens when the bank has mandated intermediaries to invest in fixed income? Would this investment be included or excluded in the calculation of Equity Investments?
Banks having mandated Intermediaries have to go through same framework approach. This means that if the bank has information for these intermediaries, the bank may use the LTA approach. If the bank does not have information, then it has to use the MBA or FBA approach.
Question 8: The EIF standards allows for partial use of approaches for reporting EIF and the RWA calculations from each applied approach are summed, and then divided by total fund assets to compute “Avg RWfund”. Should the leverage of the fund be proportioned according to use of approach?
No, the leverage ratio is a single number that applies to the entire fund. When a bank uses more than one approach to determine the risk weight (that is, LTA, MBA, and/or FBA), the bank should report the amounts on separate lines in the reporting template.

IV. Examples

IV. Example Calculations

A. CVA Capital and RWA with No Hedging
For this example, a bank has only two derivatives counterparties, Galaxy Financial with a AA credit rating, and Solar Systems with a BB credit rating. The bank computes counterparty credit risk (CCR) exposure as 800 for Galaxy, and 200 for Solar, following the requirements of the CCR Standards. The bank uses the standardised approach rather than the simple alternative to compute CVA capital and RWA.
The bank calculates the weighted average maturity for exposures to Galaxy at 3 years, and for Solar 1 year. In this example, the bank has no eligible hedges for CVA risk for either counterparty.
Example: Derivatives Portfolio for the Bank
# Counterparty Name Credit Rating CCR Exposure Maturity
1 Galaxy Financial AA 800 3 years
2 Solar Systems BB 200 1 year

The bank must compute the supervisory discount factor, DF_i, for each of the two counterparties. Using the formula in the Standards, the calculations are:

Using these supervisory discount factors, the bank calculates single-name exposure for each counterparty, taking into account the fact that there are no eligible CVA hedges:

The bank must also determine the appropriate risk weights for each of these single-name exposures. Because Galaxy is rated AA, the appropriate risk weight is 0.7% from Table 1 of the Standards. Solar is rated BB, so the corresponding risk weight is 2.0%. That is, W₁=0.007, and W₂=0.02.
The bank’s calculation of CVA capital must use the formula in the Standards:

Substituting in the relevant values for Galaxy and Solar, the calculation is:

In the final step, the bank must compute RWA for CVA using the multiplicative factor of 12.5 as required in the Standards:
CVA RWA = K × 12.5 = 39.61 × 12.5 = 495.16

A. Example of Calculation of Risk-Weighted Assets Using the LTA
21.Consider a fund that aims to replicate an equity index using a strategy based on forward contracts. Assume the fund holds short-term forward contracts for this purpose with a notional amount of 100 that are cleared through a qualifying central counterparty. Further, assume that the fund’s financial position can be represented by the following T-account balance sheet:
Assets Liabilities and Equity
Cash 20 Notes payable 5
Government bonds (AAA) 30
Variation margin receivable on forward contracts 50 Equity 95
100 100

Finally, assume that the bank’s equity investment in the fund comprises 20% of the shares of the fund, and therefore is 20% × 95 = 19.
Using the LTA, the fund’s balance sheet exposures of 100 are risk weighted according to the risk weights that would be applied to these assets by the bank. For cash, the risk weight is 0%; for the government bonds, the risk weight is also 0%. The margin receivable is an exposure to a qualifying CCP, which has 2% risk weight. The underlying risk weight for equity exposures (100%) is applied to the notional amount of the forward contracts.
Assume that the bank is able to determine that the amount of the CCR exposure to the CCP is 10, which then receives the 2% risk weight for exposures to a qualifying CCP. Note that there is no CVA charge because the forward contracts are cleared through the qualifying CCP.
The total RWA for the fund is:
20×0% + 30×0% + 50×2% + 100×100% + 10×2% = 101.2

Given the total assets of the fund of 100, the average risk-weight for the fund is:
Avg RW_fund = 101.2 / 100 = 101.2%

With fund assets of 100 and fund equity of 95, leverage is calculated as the assets-to-equity ratio, or 100/95≈1.05. Therefore, the risk-weight for the bank’s equity investment in the fund is:
Risk Weight = 101.2% × (100/95) = 106.5%

Applying this risk weight to the bank’s equity investment in the fund of 19, the bank’s RWA on the position for the purpose of calculating minimum required capital is 106.5% × 19 = 20.24.

B. CVA Capital and RWA with a Single-Name Hedge
The bank from the previous example has the same portfolio, but in this example enters into a CDS with a third party that provides protection on Galaxy Financial, to protect against a potential increase in credit spreads that would reduce the fair value of transactions with Galaxy if Galaxy’s credit quality deteriorates. The notional value of the CDS is 400, with a maturity of 2 years. Thus, the calculation must now take into account the impact of an eligible single-name CVA hedge, with H₁ = 400 and M_h = 2.
The bank must compute the supervisory discount factor for the CVA hedge:

The presence of the CVA hedge for Galaxy changes. Galaxy’s SNE calculation:

The remainder of the computations proceed as before, with the new vaue for SNE₁:

In the final step, the bank computes RWA for CVA using the multiplicative factor of 12.5 as required in the Standards:
This example illustrates the impact of CVA risk mitigation, as the presence of the eligible CVA hedge reduces CVA capital and RWA compared to the previous example with no hedging.

B. Example of Calculation of Risk-Weighted Assets Using the MBA
22.Consider a fund with current balance-sheet assets of 100, and assume that the bank is unable to apply the LTA due to a lack of adequate information. Suppose that the fund’s mandate states that the fund’s investment objective is to replicate an equity index. In addition to being permitted to invest in equities directly as assets and to hold cash balances, the mandate allows the fund to take long positions in equity index futures up to a maximum notional amount equivalent to 80% of the fund’s balance sheet. Since this means that with 100 in assets the fund could have futures with a notional value of 80, the total on-balance-sheet and off-balance-sheet exposures of the fund could reach 180.
Suppose that the fund’s mandate also places a restriction on leverage, allowing the fund to issue debt up to a maximum of 10% of the total value of the fund’s assets. This debt constraint implies that with 100 in assets, the fund’s maximum financial leverage would be at a mixture of 10 debt and 90 equity, for a maximum assets-to-equity ratio of 100/90≈1.11.
Finally, assume that the value of the bank’s investment in the fund is 20.
For the computation of RWA, the on-balance-sheet assets are assumed to be invested to the maximum extent possible in the riskiest type of asset permitted under the mandate. The mandate allows either cash (which has a zero risk weight) or equities, so the full 100 is assumed to be in equities, with a 100% risk weight.
Next, the fund is assumed to enter into derivatives contracts to the maximum extent allowable under its mandate – stated as 80% of total assets – implying a maximum derivatives notional of 80. This amount receives the risk weight associated with the underlying of the derivatives position, which in this example is 100% for publicly traded equity holdings.
The calculation of RWA must include an amount for the counterparty credit risk associated with derivatives. If the bank cannot determine the replacement cost associated with the futures contracts, then the replacement cost must be approximated by the maximum notional amount of 80. If the PFE is similarly indeterminate, an additional 15% of the notional amount must be added for PFE. Thus, the CCR exposure is 1.4 x (80×1.15) = 129. Assuming the futures contracts clear through a qualifying CCP, a risk weight of 2% applies to the CCR exposure, and no CVA charge is assessed for the CCP.
The total RWA for the fund is the sum of the components for on-balance-sheet assets, off-balance-sheet exposures, and CCR:
100×100% + 80×100% + 129×2% = 182.58

Given the total assets of the fund of 100, the average risk-weight for the fund is:
Avg RW_fund = 182.58 / 100 = 182.58%

As noted above, the fund’s maximum leverage is approximately 1.11 at an assets-to-equity ratio of 100/90. Therefore, the risk-weight for the bank’s equity investment in the fund is:
Risk Weight = 182.58% × (100/90) = 202.87%

Applying this risk weight of 202.87% to the bank’s equity investment in the fund of 20, the bank’s RWA on the position for the purpose of calculating minimum required capital is 202.87% × 20 = 40.57.

C. CVA Capital and RWA with an Index Hedge
The bank from the previous example has the same portfolio, including the single-name hedge of Galaxy Financial, but now enters into an index CDS that provides credit spread protection against a basket of twenty named entities. The notional value of the index CDS is 300, with a maturity of 1.5 years. The bank’s calculation of CVA capital now takes into account the impact of an eligible index hedge, which reduces systematic CVA risk. The relevant form of the calculation from the Standards is:
Because the bank has only one index hedge, the summation for index hedges inside the calculation has only a single (W_ind H_ind DF_ind) term. As stated above, the notional value of the hedge is H_ind=300. The bank needs to calculate the appropriate supervisory discount factor for the index CDS, based on the maturity M_ind=1.5 years:

To determine the risk weight, the bank must determine the credit rating for each of the twenty reference names in the index basket, the corresponding risk weight for each rating (from Table 1 in the Standards), and the weighted average of those risk weights using the relative notional values of the component names for the weights. Suppose that through this process of analysis, the bank determines that the weighted average is 1.2% (slightly worse than BBB). As a result, W_ind=0.012. The impact of risk mitigation from the index CDS enters the calculation through the term:
W_indH_indDF_ind = 0.012 × 300 × 1.445 = 5.20

The bank can now calculate CVA capital, taking into account the impact of the index hedge that mitigates systematic risk. Many of the relevant values are unchanged from the previous example, but there is the addition of the index hedge effect on systematic CVA risk:

As before, the bank computes RWA for CVA using the multiplicative factor of 12.5as required in the Standards:

VII. Securitisation

I. Introduction
1.In December 2014, the Basel Committee on Banking Supervision (BCBS) published a revised framework for calculating bank capital requirements for securitisation exposures, with further revisions in July 2016. The revised securitisation framework aimed to address a number of shortcomings in the Basel II securitisation framework and to strengthen the capital standards for securitisation exposures held in the banking book. The Central Bank’s Standards on Required Capital for Securitisation Exposures is based closely on the BCBS framework.
2.A central feature of the revised framework is a hierarchy of approaches to risk-weighted asset calculations. The BCBS framework includes approaches based on internal credit risk ratings of banks. These approaches have not been included in the Central Bank’s Standards, as internal ratings-based approaches are not deemed appropriate for use in capital calculations at this time by banks in the UAE.
3.Consequently, the hierarchy of approaches within the Central Bank’s Standards begins with the revised External Ratings-Based Approach (SEC-ERBA), and below that in the hierarchy the revised Standardised Approach (SEC-SA). For resecuritisations, the hierarchy excludes the SEC-ERBA, and instead begins with the SEC-SA. If neither the SEC-ERBA nor the SEC-SA can be applied for a particular securitisation exposure, a maximum risk weight of 1250% must be used for the exposure.
4.Calculations under both the SEC-ERBA and the SEC-SA depend to some degree on a measure of “tranche thickness.” The thickness of a tranche is determined by the size of the tranche relative to the entire securitisation transaction. In general, for a given attachment point, a thinner tranche is riskier than a thicker tranche, and therefore warrants a higher risk weight for risk-based capital adequacy purposes. While credit rating agencies capture some aspects of the risk related to tranche thickness in their external ratings, analysis performed by the BCBS suggested that capital requirements for a given rating of a mezzanine tranche should differ significantly based on tranche thickness, and this is reflected in the Standards.
5.Under the SEC-ERBA, risk weights also are adjusted to reflect tranche maturity. The BCBS incorporated a maturity adjustment to reflect unexpected losses appropriately in the capital calculations. External ratings used for SEC-ERBA typically reflect expected credit loss rates, and the BCBS concluded through analysis during the development process that the mapping between these expected losses and unexpected losses (the quantity that capital is intended to cover) depends on maturity.

II. Clarifications

A. Securitisation
6.The Standards defines a securitisation as a contractual structure under which the cash flow from an underlying pool of exposures is used to service claims with at least two different stratified risk positions or tranches reflecting different degrees of credit risk. The creation of distinct tranches is the key feature of securitisation; similar structures that merely “pass through” the cash flows to the claims without modification are not considered securitisations.
7.For securitisation exposures, payments to the investors depend upon the performance of the specified underlying exposures, as opposed to being derived from an obligation of the entity originating those exposures. The stratified/tranched structures that characterize securitisations differ from ordinary senior/subordinated debt instruments in that junior securitisation tranches can absorb losses without interrupting contractual payments to more senior tranches, whereas subordination in a senior/subordinated debt structure is a matter of priority of rights to the proceeds of a liquidation.
8.In some cases, transactions that have some of the features of securitisations should not be treated as such for capital purposes. For example, transactions involving cash flows from real estate (e.g., in the form of rents) may be considered specialized lending exposures. Banks should consult with Central Bank when there is uncertainty about whether a given transaction should be considered a securitisation.

B. Senior Securitisation Exposures
9.A securitisation exposure is considered a senior exposure if it is effectively backed or secured by a first claim on the entire amount of the assets in the underlying securitised pool.
10.While this generally includes only the most senior position within a securitisation tranche, in some instances there may be other claims that, in a technical sense, may be more senior in the waterfall (e.g., a swap claim) but may be disregarded for the purpose of determining which positions are treated as senior.
11.If a senior tranche is retranched or partially hedged (i.e., not on a pro rata basis), only the new senior part would be treated as senior for capital purposes.
12.In some cases, several senior tranches of different maturities may share pro rata in loss allocation. In that case, the seniority of these tranches is unaffected – they all are considered to be senior – since they all benefit from the same level of credit enhancement. (Note that in this case, the material effects of differing tranche maturities are captured by maturity adjustments to the risk weights assigned to the securitisation exposures, per the Standards.)
13.In a traditional securitisation where all tranches above the first-loss piece are rated, the most highly rated position should be treated as a senior tranche. When there are several tranches that share the same rating, only the most senior tranche in the cash flow waterfall should be treated as senior (unless the only difference among them is the effective maturity). In addition, when the different ratings of several senior tranches only result from a difference in maturity, all of these tranches should be treated as senior.
14.In a typical synthetic securitisation, an unrated tranche can be treated as a senior tranche provided that all of the conditions for inferring a rating from a lower tranche that meets the definition of a senior tranche are fulfilled.
15.Usually, a liquidity facility supporting an ABCP program would not be the most senior position within the program; instead, the commercial paper issued by the program, which benefits from the liquidity support, typically would be the most senior position. However, when a liquidity facility that is sized to cover all of the outstanding commercial paper and other senior debt supported by the pool is structured so that no cash flows from the underlying pool can be transferred to other creditors until any liquidity draws are repaid in full, the liquidity facility can be treated as a senior exposure. Otherwise, if these conditions are not satisfied, or if for other reasons the liquidity facility constitutes a mezzanine position in economic substance rather than a senior position in the underlying pool, the liquidity facility should be treated as a non-senior exposure.

C. Operational Requirements for the Recognition of Risk Transference
16.The Standards requires that banks obtain a legal opinion to confirm true sale to demonstrate that the transferor does not maintain effective or indirect control over the transferred exposures and that the exposures are legally isolated from the transferor in such a way (e.g., through the sale of assets or through sub-participation) that the exposures are put beyond the reach of the transferor and its creditors, even in bankruptcy or receivership. However, that legal opinion need not be limited to legal advice from qualified external legal counsel; it may be in the form of written advice from in-house lawyers.
17.For synthetic securitisations, risk transference through instruments such as credit derivatives may be recognized only if the instruments used to transfer credit risk do not contain terms or conditions that limit the amount of credit risk transferred. Examples of terms or conditions that would violate this requirement include the following:
1. (a)Clauses that materially limit the credit protection or credit risk transference, such as an early amortization provision in a securitisation of revolving credit facilities that effectively subordinates the bank’s interest, significant materiality thresholds below which credit protection is deemed not to be triggered even if a credit event occurs, or clauses that allow for the termination of the protection due to deterioration in the credit quality of the underlying exposures.
2. (b)Clauses that require the originating bank to alter the underlying exposures to improve the pool’s average credit quality.
3. (c)Clauses that increase the bank’s cost of credit protection in response to deterioration in the pool’s quality.
4. (d)Clauses that increase the yield payable to parties other than the originating bank, such as investors and third-party providers of credit enhancements, in response to a deterioration in the credit quality of the reference pool.
5. (e)Clauses that provide for increases in a retained first-loss position or credit enhancement provided by the originating bank after the transaction’s inception.

D. Due Diligence
18.The Standards requires banks to have a thorough understanding of all structural features of a securitisation transaction that would materially affect the performance of the bank’s exposures to the transaction. Common structural features that are particularly relevant include those related to the payment waterfall incorporated in the structure, which is the description of the order of payment for the securitisation, under which higher-tier tranches receive principal and interest first, before lower-tier tranches are paid. Credit enhancements and liquidity enhancements also are important structural features; these may take the form of cash advance facilities, letters of credit, guarantees, or credit derivatives, among others. Effective due diligence also should consider unusual or unique aspects of a particular securitisation structure, such as the specific nature of the conditions that would constitute default under the structure.

E. Treatment of Securitisation Exposures

1. Risk Weights for Off-Balance-Sheet Exposures
19.The Standards requires that banks apply a 100% CCF to any securitisation-related off-balance-sheet exposures that are not credit risk mitigants. One example of such an off-balance-sheet exposure that may arise with securitisations is a commitment for servicer cash advances, under which a servicer enters into a contract to advance cash to ensure an uninterrupted flow of payments to investors. The BCBS securitisation framework provides national discretion to permit the undrawn portion of servicer cash advances that are unconditionally cancellable without prior notice to receive the CCF for unconditionally cancellable. The Central Bank has chosen not to adopt this discretionary treatment, and instead requires a 100% CCF for all off-balance-sheet exposures, including undrawn servicer cash advances.

2. Adjustment of Risk-Weights for Overlapping Exposures
20.Banks may adjust risk weights for overlapping exposures. An exposure A overlaps another exposure B if in all circumstances the bank can avoid any loss on exposure B by fulfilling its obligations with respect to exposure A. For example, if a bank holds notes as an investor but provides full credit support to those notes, its full credit support obligation precludes any loss from its exposure to the notes. If a bank can verify that fulfilling its obligations with respect to exposure A will preclude a loss from its exposure to B under any circumstance, the bank does not need to calculate risk-weighted assets for its exposure B.
21.To demonstrate an overlap, a bank may, for the purposes of calculating capital requirements, split or expand its exposures. That is, splitting exposures into portions that overlap with another exposure held by the bank and other portions that do not overlap, or expanding exposures by assuming for capital purposes that obligations with respect to one of the overlapping exposures are larger than those established contractually. The latter could be done, for instance, by expanding either the assumed extent of the obligation, or the trigger events to exercise the facility. A bank may also recognize overlap between exposures in the trading book and securitisation exposures in the banking book, provided that the bank is able to calculate and compare the capital charges for the relevant exposures.

3. External Ratings-Based Approach (SEC-ERBA)
22.To be eligible for use in the securitisation framework, the external credit assessment must take into account and reflect the entire amount of credit risk exposure the bank has with regard to all payments owed to it. For example, if a bank is owed both principal and interest, the assessment must fully take into account and reflect the credit risk associated with timely repayment of both principal and interest.
23.A bank is not permitted to use any external credit assessment for risk-weighting purposes where the assessment is at least partly based on unfunded support provided by the bank itself. For example, if a bank buys ABCP where it provides an unfunded securitisation exposure extended to the ABCP program (e.g., liquidity facility or credit enhancement), and that exposure plays a role in determining the credit assessment on the ABCP, the bank must treat the ABCP as if it were not rated. The bank also must hold capital against the liquidity facility and/or credit enhancement as a securitisation exposure.
24.External credit assessments used for the SEC-ERBA must be from an eligible external credit assessment institution (ECAI) as recognized by the Central Bank in accordance with the Central Bank standards on rating agency recognition. However, the securitisation Standards additionally requires that the credit assessment, procedures, methodologies, assumptions and the key elements underlying the assessments must be publicly available, on a non-selective basis and free of charge. Consequently, ratings that are made available only to the parties to a transaction do not satisfy this requirement. Where the eligible credit assessment is not publicly available free of charge, the ECAI should provide an adequate justification, within its own publicly available code of conduct, in accordance with the “comply or explain” nature of the International Organization of Securities Commissions’ Code of Conduct Fundamentals for Credit Rating Agencies.
25.Under the Standards, a bank may infer a rating for an unrated position from an externally rated “reference exposure” for purposes of the SEC-ERBA provided that the reference securitisation exposure ranks pari passu or is subordinate in all respects to the unrated securitisation exposure. Credit enhancements, if any, must be taken into account when assessing the relative subordination of the unrated exposure and the reference securitisation exposure. For example, if the reference securitisation exposure benefits from any third-party guarantees or other credit enhancements that are not available to the unrated exposure, then the latter may not be assigned an inferred rating based on the reference securitisation exposure.

4. Standardised Approach (SEC-SA)
26.The supervisory formula used for the calculations within the SEC-SA has been calibrated by the BCBS to generate required capital under an assumed minimum 8% risk-based capital ratio. As a result, the appropriate conversion to risk-weighted assets for the SEC-SA generally requires multiplication of the computed capital ratio by a factor of 12.5 (the reciprocal of 8%) to produce the risk weight used within broader calculations of risk-based capital adequacy. This multiplication by 12.5 is reflected in the requirements as articulated in the Central Bank’s Securitisation Standards.
27.If the underlying pool of exposures receives a risk weight of 1250%, then paragraph 5 of the Introduction of the Standards for Capital Adequacy of banks in the UAE is applicable.
28.When applying the supervisory formula for the SEC-SA to structures involving an SPE, all of the SPE’s exposures related to the securitisation are to be treated as exposures in the pool. In particular, in the case of swaps other than credit derivatives, the exposure should include the positive current market value times the risk weight of the swap provider. However, under the Standards, a bank can exclude the exposures of the SPE from the pool for capital calculation purposes if the bank can demonstrate that the risk does not affect its particular securitisation exposure or that the risk is immaterial, for example because it has been mitigated. Certain market practices may eliminate or at least significantly reduce the potential risk from a default of a swap provider. Examples of such features could be:
1. •cash collateralization of the market value in combination with an agreement of prompt additional payments in case of an increase of the market value of the swap; or
2. •minimum credit quality of the swap provider with the obligation to post collateral or present an alternative swap provider without any costs for the SPE in the event of a credit deterioration on the part of the original swap provider.
If the bank is able to demonstrate that the risk is mitigated in this way, and that the exposures do not contribute materially to the risks faced by the bank as a holder of the securitisation exposure, the bank may exclude these exposures from the K_SA calculation.

F. Treatment of Credit Risk Mitigation for Securitisation Exposures

1. Tranched Protection
29.In the case of tranched credit protection, the original securitisation tranche should be decomposed into protected and unprotected sub-tranches. However, this decomposition is a theoretical construction, and should not be viewed as creating a new securitisation transaction. Similarly, the resulting sub- tranches should not be considered resecuritisations solely due to the presence of the credit protection.
30.For a bank using the SEC-ERBA for the original securitisation exposure, the bank should use the risk weight of the original securitisation for the sub-tranche of highest priority. Note that the term “sub-tranche of highest priority” only describes the relative priority of the decomposed tranche. The calculation of the risk weight of each sub-tranche is independent from the question of whether the sub-tranche is protected (i.e., risk is taken by the protection provider) or is unprotected (i.e., risk is taken by the protection buyer).

2. Maturity Mismatches
31.For synthetic securitisations, maturity mismatches may arise when protection is bought on securitised assets (when, for example, a bank uses credit derivatives to transfer part or all of the credit risk of a specific pool of assets to third parties). When the credit derivatives unwind, the transaction will terminate. This implies that the effective maturity of all the tranches of the synthetic securitisation may differ from that of the underlying exposures.

G. Simple, Transparent, and Comparable Criteria
32.In general, to qualify for treatment as simple, transparent, and comparable (STC), a securitisation must meet all of the criteria specified in the Standards, including the Appendix to the Standards. The criteria include a requirement that the aggregated value of all exposures to a single obligor as of the acquisition date not exceed 2% of the aggregated outstanding exposure value of all exposures in the securitisation. However, the BCBS has permitted flexibility for jurisdictions with structurally concentrated corporate loan markets. In those cases, for corporate exposures only, the applicable maximum concentration threshold for STC treatment can be increased to 3%. This increase is subject to ex ante supervisory approval, and banks with such exposures should consult with the Central Bank regarding STC treatment. In addition, the seller or sponsor of such a pool must retain subordinated positions that provide loss-absorbing credit enhancement covering at least the first 10% of losses. These credit-enhancing positions retained by the sellers or sponsor are not eligible for STC capital treatment.

III. Example Calculations

A. Standardised Approach
33.Consider a bank applying the SEC-SA to a securitisation exposure for which the underlying pool of assets has a required capital ratio of 9% under the standardised approach to credit risk. Suppose that the delinquency rate is unknown for 1% of the exposures in the underlying pool, but for the remaining 99% of the pool the delinquency rate is known to be 6%. The bank holds an investment of 100 million in a tranche that has an attachment point of 5% and a detachment point of 25%. Finally, assume that the pool does not itself contain any securitisation exposures, so the exposure is not a resecuritisation.
34.In this example, K_SA is given at 9%. To adjust for the known delinquency rate on the pooled assets, the bank computes an adjusted capital ratio:
(1 − W) × K_SA + (W × 0.5) = 0.94 × 0.09 + 0.06 × 0.5 = 0.1146

35.This calculated capital ratio must be further adjusted for the fact that the delinquency rate is unknown for a small portion (1%) of the underlying asset pool:
K_A = 0.99 × 0.1146 + 0.01 = 0.1235

36.Next, the bank applies the supervisory formula to calculate the capital required per unit of securitisation exposure, using the values of the attachment point A, the detachment point D, the calculated value of K_A, and the appropriate value of the supervisory parameter ρ, and noting that D>K_A:
where:

Note that because this is not a resecuritisation exposure, the appropriate value of the supervisory calibration parameter rho is 1 (ρ=1).
37.Substituting the values of a, U, and L into the supervisory formula gives:

38.This tranche represents a case in which the attachment point A is less than K_A but the detachment point D is greater than K_A. Thus, according to the Standards, the risk weight for the bank’s exposure is calculated as a weighted average of 12.5 and 12.5×K:

39.With a tranche risk weight of 954%, the bank’s risk-weighted asset amount for this securitisation would be 954% of the 100 million investment, or 954 million. If, for example, the bank chose to apply a capital ratio of 13% to this exposure, then the bank’s required capital would be 13% of 954 million, or approximately 85 million, on the investment of 100 million in this securitisation tranche.

B. External Ratings-Based Approach
40.Consider a non-senior securitisation tranche that has been assigned a rating by one of the eligible rating agencies corresponding to a rating of BB+. Suppose that the tranche has an attachment point A of 5%, a detachment point D of 30%, and effective tranche maturity of M_T = 2 years.
1. •From the look-up table for SEC-ERBA, a non-senior securitisation exposure rated BB+ with one-year maturity has a risk weight of 470%; the risk weight for a five-year maturity is 580%.
2. •The tranche maturity of 2 years is one-quarter of the way between one year and five years, so the relevant maturity-adjusted risk weight based on linear interpolation is one quarter of the way between 470% and 580%, or 497.5%.
3. •Because this is a non-senior tranche, it must also be adjusted for tranche thickness, which is the difference between D=30% and A=5%, a difference of 25%. The interpolated risk weight from the table should be multiplied by a factor of 1-(D-A)=0.75, which exceeds the floor of 50% and therefore should be used by the bank in the calculation (0.75 x 497.5%).
4. •The resulting tranche risk weight is 373%.
41.Banks using the SEC-ERBA for securitisation exposures may prefer to incorporate the main features of the ERBA look-up tables into formal calculations of risk weights, including the relevant adjustments for tranche maturity and tranche thickness. In that case, each pair of 1-year and 5-year risk weights can be viewed as coefficients for a formulaic calculation of the risk weight for a tranche of given maturity M_T, and in the case of non-senior tranches, thickness D-A.
42.For example, for a non-senior tranche rated BB+ with M_T between one year and five years, the tranche risk weight RW_T can be computed with a single formula as:

where the coefficients 4.7 and 5.8 correspond to the relevant values from the look-up table of 470% for one-year maturity and 580% for five-year maturity. Substituting in the values for A, D, and M_T from the example above:

43.Senior tranches are not adjusted for thickness; hence, the calculation of the tranche risk weight RW_T for a senior BB+ rated tranche would be computed as:

where again the coefficients 1.4 and 1.6 correspond to the relevant values from the senior tranche columns of the look-up table, specifically 140% for 1-year maturity and 160% for 5-year maturity.

VIII. Market Risk

I. Introduction and Scope
1.This section supports the Market risk standards in clarifying the calculation of the market risk capital requirement.
2.The capital charges for interest rate related instruments and equities will apply to the trading book. The capital charges for foreign exchange risk and for commodities risk will apply to banks’ total currency and commodity positions (i.e. entire book).
3.Capital requirements for market risk apply on a consolidated basis. Note that the capital required for general and specific market risk under these Standards is in addition to, not in place of, any capital required under other Central Bank Standards. Banks should follow the requirements of all other applicable Central Bank standards to determine overall capital adequacy requirements.

II. Identifying Market Risk Drivers
4.For a particular instrument, the risk drivers that influence the market prices of that instrument must be identified. In a portfolio, the correlations between instruments also influence the risk profile of the entire portfolio (i.e. Banking and Trading book).
5.The market price of an asset incorporates virtually all known information concerning that asset. In practice; however, it is very difficult to clearly separate the main sources that influence an instrument's market price and risk level.
As a simplification, the following are generally recognised as the main market risk drivers:

A. Interest Rate Risk
6.Interest rate risk is the potential for losses in on- or off-balance sheet positions from adverse changes in interest rates. Instruments covered by the standardised approach for interest rate risk include all fixed rate and floating rate related instruments, such as debt securities, swaps, forwards and futures.
7.The standardised approach provides a framework for measuring interest rate risk. It takes into account the maturity or duration of the positions, basis risk, and certain correlations among risk factors.
8.Duration is a measure of the average maturity of a debt instrument's cash flows from both coupons and principal repayment. It is expressed in years and allows debt instruments with different coupons and maturities to be compared. Based on the duration, the sensitivity of a fixed income security's price with respect to a small change in its yield can be determined.
9.When hedging positions, basis risk is a key risk for the hedged position and needs to be managed and closely monitored.
Typically, two distinct components of market risk are recognised:
1.General Market Risk
10.General market risk refers to changes in market prices resulting from general market behavior.
For example, in the case of an equity position, general market risk can arise from a change in a stock market index. In the case of a fixed income instrument, general market risk is driven by a change in the yield curve.
The capital charge for general market risk is designed to capture the risk of loss arising from adverse changes in market interest rates.
There are two steps for calculating the general market risk capital charge:
Step 1: Map each interest rate position to a time band
Interest rate positions have different price sensitivities to interest rate shifts depending on their residual maturity. Interest rate shifts are changes in the yield curve. Each interest rate position is mapped to a time band.
There are two methods for mapping interest rate positions:
a)Maturity method maps each position to a maturity ladder based on the residual maturity of each position.
Fixed weightings are used to adjust the positions for sensitivity to the changes in interest rates as per the relevant table under the standard.
Time Bands for the Maturity Method
1. •Fixed income instruments with low coupons have higher sensitivity to changes in the yield curve than fixed income instruments with high coupons, all other things being equal.
2. •Fixed income instruments with long maturities have higher sensitivity to changes in the yield curve than fixed income instruments with short maturities, all other things being equal.
This is why the maturity method uses a finer grid of time bands for low coupon instruments (less than 3%) with long maturities.
Fixed and Floating Rate Instruments
Fixed rate instruments are mapped according to the residual term to maturity. Floating rate instruments are allocated according to the residual term to the next repricing date.
b)Duration method
11.This method maps each position according to its duration to a duration ladder. Duration is a measure of the average maturity of a debt instrument’s cash flows from both coupons and principal repayment. It is expressed in years and allows debt instruments with different coupons and maturities to be compared. The duration method allows banks the necessary capability to calculate price sensitivity based on an instruments’ duration (with the supervisory consent).
Step 2: Calculate the capital charge
The capital charge is the sum of four components calculated from amounts in each time band:
:
1. •A charge on the net short or long position in the whole trading book:
2. •A vertical disallowance charge:
It is a charge, which is levied on the matched position in each time band. This charges accounts for basis risk and gap risk, which can arise because each time band includes different instruments with different maturities. Gap risk, or interest mismatch risk, is the risk of losses due to interest rate changes that arise when the periods over which assets and liabilities are priced, differs. This charge is levied on the matched position in each time band at:
1. •10% if the bank uses the maturity method
2. •5% of the bank uses the duration method
The matched position is the smaller absolute value of the long and short positions. For example: if you have a long position of 1,200 and a short position of 700, the matched position is 700 (the net open position is long 500).
1. •A horizontal disallowance charge:
It is a charge against correlation among the different time bands. It is allowed for correlation to offset positions across different time bands.
There are three rounds of horizontal disallowance:
1. •Round 1 levies a charge on the matched position in each zone. The charge is:
  1. o40% for zone 1
  2. o30% for zone 2 and zone 3
2. •Round 2 levies a charge of 40% on the matched positions between adjacent zones. The adjacent zones are:
  1. oZone 1 and zone 2
  2. oZone 2 and zone 3
3. •Round 3 levies a charge of 100% on the matched position between zone 1 and zone 3.
4. •Where applicable, a net charge for positions in options.
2.Specific Risk
12.Specific risk refers to changes in market prices specific to an instrument owing to factors related to the issuer of that instrument.
13.Specific risk does not affect foreign exchange- and commodities-related instruments. This is because changes in FX rates and commodities prices are dependent on general market movements.
14.The charge for specific risk protects against price movements in a security owing to factors related to the individual issuer, that is, price moves that are not initiated by the general market.
a)Offsetting
15.When specific risk is measured, offsetting between positions is restricted.
1. •Offsetting is only permitted for matched positions in an identical issue.
2. •Offsetting is not allowed between different issues, even if the issuer is the same. This is because differences in coupon rates, liquidity, call features, and so on, mean that prices may diverge in the short run.
b)Specific Risk – Capital Charge
16.Under the standardised approach, market risk exposures are categorised according to external credit assessments (ratings) and based on those assessments a capital charge is assigned. This broad methodology for calculating the specific risk capital charge was not changed by Basel 2.5.
17.The capital charges assigned to those external credit assessments are similar to the credit risk charges under the standardised approach to credit risk.
Categorisation of Securities
18.Consistent with other sections, a lower specific risk charge can be applied to government paper denominated in the domestic currency and funded by the bank in the same currency. The national discretion is limited to GCC Sovereigns. This use of national discretion aligns the Market Risk Standards with the similar treatment under the credit risk standards. The Market Risk Standard is also aligned to the Credit Risk Standard when it comes to the transition period permitted for USD funded and denominated exposures of the individual Emirates.
Qualifying includes securities issued by public sector entities and multilateral development banks, plus other securities that are rated with investment grades by two rating agencies. Unrated securities can also be included, subject to supervisory approval (such as securities deemed to be of comparable investment quality).
Other securities comprise of securities that do not meet the definition of government or the definition of qualifying securities. This category receives the same risk charge as non-investment grade borrowers under the standardised approach to credit risk. However, it is recognised that for some high yielding debt instruments, an 8% specific risk charge may underestimate the specific risk.
Calculating the Capital Requirement for Market and Credit Risk
19.The standards contain different processes for calculating the capital requirement for market and credit risk. For credit risk, assets are first risk weighted (by multiplying them by a risk weight) and then a capital requirement is applied. In contrast, for market risk, exposures are simply multiplied by a specific risk capital charge. For an exposure with a given external credit assessment (rating), the specific risk capital charge is the same as the capital requirement calculated under the standardised approach for credit risk.
Specific Risk – Capital Charge for Positions Covered Under the Securitisation Framework
20.Following the 2009 enhancements to the BCF, the specific risk of securitisation positions held in the trading book are generally calculated in the same way as securitisation positions in the banking book.
21.Specific risk – the capital charges for positions covered under the standardised approach for securitisation exposures.
22.The default position for unrated securitisations can be thought of as a capital charge of 100 percent (that is, equivalent to a risk weight of 1250 percent where the capital charge is 8 percent).
23.Where the specific risk capital charge for an exposure is 100% such that capital is held for the full value of the exposure, it may be excluded from the calculation of the capital charge for general market risk. For further details, please refer to the securitisation framework.
Treatment of Interest Rate Derivatives
24.The interest rate risk measurement system should include all interest rate derivatives and off-balance sheet instruments assigned to the trading book that are sensitive to changes in interest rates.
25.The derivatives are converted into positions in the relevant underlying. These positions are subject to the general market risk charges and, where applicable, the specific risk charges for interest rate risk. The amounts reported should be the market value of the principal amount of the underlying or notional underlying.
26.For instruments where the apparent notional amount differs from the effective notional amount, banks will use the effective notional amount.
Interest rate derivatives include:
1. ▪forward rate agreements (FRAs)
2. ▪other forward contracts
3. ▪bond futures
4. ▪interest rate swaps
5. ▪cross currency swaps
6. ▪forward foreign exchange positions
7. ▪interest rate options
Refer to the examples below in this section for numerical illustrations

B. Equity Risk
27.Market risk can be influenced by changes in equity prices, that is, equity risk.
28.Equity risk is the risk that movement in equity prices will have a negative effect on the value of equity positions. The capital charge for equity risk is the sum of the charges for general and specific market risk.
29.The Central Bank sets out a minimum capital standard to cover the risk of equity positions held in the trading book. It applies to long and short positions in all instruments that exhibit behavior similar to equities, with the exception of non-convertible preference shares, which fall under interest rate risk requirements.
1.Capital Charges for Equity Risk
30.To calculate the minimum capital charge for equity risk, you must calculate two separate charges:
1. ▪A general market risk charge of 8% is applied to the net overall position.
2. ▪A specific risk charge of 8% is applied to the gross equity position. After offsetting long and short positions in the same issue, a bank's gross equity position is the sum of the absolute values of all long equity positions and all short equity positions.
31.Since banks may hold equities in different national markets, separate calculations for general and specific risk must be carried out for each of these markets.
Offsetting
Long and short positions in the same issue can be fully offset, resulting in a single net long or short position.
2.Treatment of Equity Derivatives
32.Equity derivatives and off-balance-sheet positions that are affected by changes in equity prices should be included in the measurement system, with the exception of certain options positions. This includes futures and swaps on both individual equities and on stock indices.
33.Positions in these equity derivatives should be converted into notional positions in the relevant underlying stock or portfolio of stocks. For example, stock index futures should be reported as the marked-to-market value of the notional underlying equity portfolio. A stock index future is an agreement to buy or sell a standard quantity of a specific stock index, on a recognised exchange, at a price agreed between two parties, and with delivery to be executed on a standardised future settlement date. As it is obviously not feasible to deliver an actual stock index, stock index futures contracts are settled by cash, calculated with reference to the difference between the purchase price and the level of the index at settlement.
34.An equity swap is an agreement between two counterparties to swap the returns on a stock or a stock index for a stream of payments based on some other form of asset return. Often, one payment leg is determined by a stock index with the second leg determined by a fixed or floating rate of interest. Alternatively, the second leg may be determined by some other stock index (often referred to as a relative performance swap).
35.Equity swaps should be treated as two notional positions. For example, in an equity swap where a bank is receiving an amount based on the change in value of one stock index and paying an amount based on a different index, the bank is regarded as having a long position in the former index and a short position in the latter index.
36.In addition to the general market risk requirement, a further capital charge of 2% will be applied to the net long or short position in index contracts on a diversified portfolio of equities, to cover factors such as execution risk. As the standard stated.
Refer to the examples below in this section for numerical illustrations

C. Foreign Exchange Rates
37.Market risk can be influenced by changes in foreign exchange rates, that is, foreign exchange risk.
38.Foreign exchange risk is the risk that the value of foreign exchange positions may be adversely affected by movements in currency exchange rates. Foreign exchange positions or exposures incur only general market risk. The capital charge for foreign exchange risk also include a charge for positions in gold. For purposes of market risk capital requirements, the Central Bank takes into account the stable relationship between the AED and the US dollar, with the result that no capital is charged for open positions in USD. Foreign currency is any currency other than the bank's reporting currency.
39.Two steps are required to calculate the overall net open position:
Step 1: Determine the Exposure in Each Currency
The first step is to calculate the bank's open position, long or short in each currency.
The open position in each currency is the sum of:
1. ▪ the net spot FX position (Includes also all asset items less all liability items, including accrued interest, denominated in the currency)
2. ▪ the net forward FX position (Because forward FX rates reflect interest rate differentials, forward positions are normally valued at current spot exchange rates. The net forward position in an exposure should consist of all amounts to be received less all amounts to be paid under forward FX transactions, including currency futures and the principal on currency swaps not included in the spot position. For banks that base their management accounting on the net present values (NPVs), the NPV of each position should be used; discounted using current interest rates and valued at current spot rates)
3. ▪ guarantees and similar instruments that are certain to be called and are likely to be irrecoverable.
4. ▪ net future income and expenses not yet accrued but already fully hedged
5. ▪ any other item representing a profit or loss in foreign currencies
6. ▪ the net delta-based equivalent of the total book of foreign currency options
Step 2: Determine the Overall Net Open Position across FX Exposures
The second step in calculating the capital requirement for FX risk is to measure the risk in the bank's portfolio of foreign currency and gold positions.
You can determine the overall net open position of the portfolio by first converting the exposure in each foreign currency into the reporting currency at the spot rates. Then, calculate the overall net position by summing the following:
1. ▪ the greater of the sum of the net short positions or the sum of the net long positions (excluding the net open position in the US dollar
2. ▪ Take the larger of the two sums, from the step above, and add the absolute value of the net position (short or long) in gold.
The capital charge for foreign exchange market risk is 8% of the position resulting from the calculation above.
Foreign Exchange (FX) Exceptions
40.The Central Bank of UAE may allow banks to exclude certain FX positions from the capital charges calculation. Banks have to comply with both the requirement of para 70 of the Market Risk section of the standards.
41.Items that are deducted from a bank’s capital when calculating its capital base, such as investments in non-consolidated subsidiaries, or other long-term participations denominated in foreign currencies, which are reported in the published accounts at historic cost, do not need to be included as foreign currency exposures for the foreign exchange risk calculation.
42.Banks with negligible business in foreign currencies and with no FX positions taken for their own account may exclude their FX positions if they meet both of the following requirements:
1. ▪ their FX business (the greater of the sum of their gross long positions and the sum of their gross short positions) does not exceed 100% of total capital (Tier 1 + Tier 2)
2. ▪ their overall net open position does not exceed 2% of its total capital

D. Commodity Risk

43.Market risk can be influenced by changes in commodity prices, that is, commodity risk. Commodity risk is the risk that on- or off-balance sheet positions will be adversely affected by movements in commodity prices.

44.A commodity is defined as a physical product that can be traded on a secondary market, for example, agricultural products, minerals and precious metals. Gold; however, is covered under the framework for foreign exchange.

45.Price risk in commodities is often more complex and volatile than price risk associated with currencies and interest rates. One reason for this is that commodity prices are influenced by natural events such as floods and droughts. Changes in supply and demand also have more dramatic effects on price and volatility, and commodity markets often lack liquidity.

46.Commodity risk only has a general market risk component because commodity prices are not influenced by specific risk.

47.Banks using portfolio strategies involving forward and derivative contracts on commodities are exposed to a variety of additional risks, such as:

▪ Basis risk. the risk of changes in the cost of carry for forward positions and options. Cost of carry is a margin and refers to the net effect of borrowing funds for a certain period of time and investing them in a financial instrument or commodity for the same period of time. If the interest earned on the instrument or commodity is greater than the cost of borrowing, then the cost of carry is positive. The cost of carry can also be negative if the cost of borrowing is greater than the interest earned.
▪ Forward gap risk. This is the risk wherein forward prices may change for reasons other than a change in interest rates.

48.It is important to note that these risks could well exceed the risk associated with changes in spot prices of commodities.

1.Treatment of Commodities

Offsetting

49.When measuring risk in commodities, offsetting between positions is restricted.

▪ Offsetting is allowed between long and short positions in exactly the same commodity to calculate open positions.
▪ In general, offsetting is not allowed between positions in different commodities. However, the Central Bank may permit offset between different sub-categories of the same commodity, for example, different categories of crude oil, if:
1. ▪ they are deliverable against each other
2. ▪ they are close substitutes for each other, with a minimum correlation of 0.9 between price movements over a period of at least one year

Correlations

50.Banks using correlations between commodities to offset commodity positions must have obtained prior approval from the Central bank of UAE.

2.Calculating the Capital Charge

51.Two alternative approaches for calculating the capital charge for commodities are set out by the standardised measurement method:

a)Simplified Approach

52.Under the simplified approach, banks must express each commodity position, spot plus forward, in terms of the standard unit of measurement (barrels, kilos, grams, and so on).

The capital charge is the sum of two charges:

▪ 15% of the net position in each commodity. All commodity derivatives and off-balance sheet positions affected by changes in commodity prices should be included.
▪ 3% of the bank's gross commodity positions, that is, the sum of the net long plus net short positions in each commodity, calculated using the current spot price. This charge addresses basis risk, interest rate risk and forward gap risk.

b)Maturity Ladder Approach

53.There are seven steps involved in calculating the capital charge for commodities using the maturity ladder approach. A separate maturity ladder must be used for each commodity.

The maturity ladder approach
Step 1	Express each commodity position in terms of the standard unit of measurement, and value in the reporting currency at the current spot price
Step 2	Slot each position into a time band in the maturity ladder according to remaining maturity
Step 3	Apply a capital charge of 1.5% to the sum of the matched long and short positions in each time band to capture spread risk. Instead of applying the 1.5% spread risk charge to the sum of matched long and short positions in each time band, some countries apply a 3% spread risk charge to the matched position.
Step 4	Apply a capital charge of 0.6% to the residual net position carried forward to the next relevant time band, multiplied by the number of time bands it is carried.
Step 5	Repeat step 3 and step 4 for each time band.
Step 6	Apply a capital charge of 15% to the overall long or short net open position.
Step 7	Derive the total capital charge by summing the charges for spread risk, for positions carried forward and for the overall net open position.

3.Treatment of Commodity Derivatives

54.All commodity derivatives and off-balance sheet positions affected by changes in commodity prices should be included in the commodities risk measurement framework. This includes commodity futures, commodity swaps, and options where the “delta plus” method is used.

E. Options

Treatment of Options

55.There is a section of the market risk framework devoted to the treatment of options.

The market risk charge for options can be calculated using one of the following methods:

▪ the simplified approach
▪ an intermediate approach: the delta-plus method

56.The more significant a bank's trading activities, the more sophisticated the approach it should use. The following table shows which methods a bank can use:

	Simplified approach	Intermediate approach
		Delta- plus method
Bank uses purchased options only	√	√
Bank writes options	_x	√

57.Banks that solely use purchased options are free to use the simplified approach, whereas banks that also write options are expected to use the intermediate approach. If a bank has option positions, but all of those written options are hedged by perfectly matched long positions in exactly the same options, no capital is required for market risk on those options. However, banks need to report the hedged options in the respective sheet.

a)Simplified Approach

58.Option positions and their associated underlying (cash or forward) are 'carved out' from other risk types in the standardised approach. They are subject to separately calculated capital charges that incorporate both general market risk and specific risk. These charges are then added to the capital charges for the relevant risk categories: interest rate risk, equities risk, foreign exchange risk or commodities risk.

59.In some cases, such as foreign exchange, it may be unclear which side is the “underlying security.” In such cases, the asset that would be received if the option were exercised should be considered as the underlying. In addition, the nominal value should be used for items where the market value of the underlying instrument could be zero, such as caps and floors, swaptions, or similar instruments.

60.The capital charges under the simplified approach are as follows:

Simplified approach : capital charges
Position	Treatment
Hedged positions: long cash position in the underlying instrument and long put or short cash position in the underlying instrument and long call	The capital charge is the market value of the underlying security multiplied by the sum of specific and general market risk charges for the underlying, less the amount the option is in-the-money (if any) bounded at zero.
Outright option positions: long call or long put	The capital charge is the lesser of: •The market value of the underlying security multiplied by the sum of specific and general market risk charges for the underlying •The market value of the option

b)Intermediate Approach

61.The procedure for general market risk is explained below. The specific risk capital charges are determined separately by multiplying the delta-equivalent of each option by the specific risk charges for each risk category.

The delta-plus method

62.The delta-plus method uses the sensitivity parameters or Greek letters associated with options to measure their market risk and capital requirements.

63.Options should be included in market risk calculations for each type of risk as a delta- weighted position equal to the market value of the underlying multiplied by the delta.

64.The delta-equivalent position of each option becomes part of the standardised approach, with the delta-equivalent amount subject to the applicable market risk capital charges. Separate capital charges are then applied to the gamma and Vega risks of the option positions.

Greek Letters: Five coefficients are used to help explain how option values behave in relation to changes in market parameters (price of the underlying asset, the strike price, the volatility of the underlying, the time to maturity and the risk-free interest rate). These are represented by the Greek letters delta, gamma, Vega, theta and rho, and are referred to as the 'option Greeks'.

•Delta (Δ) measures the rate of change in the value of an option with respect to a change in the price of the underlying asset.
•Gamma (Γ) measures the rate of change in the delta of an option with respect to a change in the price of the underlying asset.
•Vega (Λ) measures the rate of change in an option price with respect to a change in market volatility for the underlying asset price.

III. Shari’ah Implementation:
65.Bank that conduct all or part of their activities in accordance with the provisions of Shari’ah and have exposure to risks similar to those mentioned in the Market Risk Standard, shall, for the purpose of maintaining an appropriate level of capital, calculate the relevant risk weighted asset (RWA) in line with these guidelines. This must be done in a manner compliant to the Shari’ah.
66.This is applicable until relevant standards and/or guidelines in respect of these transactions are issued specifically for banks offering Islamic financial services.

IV. Frequently Asked Questions
Question 1: Are issues rated AA- or better by Supranational issuers qualify for 0% specific risk charge? For such issues, the Country of Risk = SNAT as classification in Bloomberg would be considered as Supranational
No, there is no specification to supranational and thereby low risk charge.
Question 2: Please clarify whether futures or options on ETFs and volatility indices such as VIX are treated as equity index instrument.
Yes, it will be part of equity and reported under equity derivative. Please refer to the Market risk section of the standards for further guidance.
Question 3: Under the treatment of interest rate derivatives for general market risk, in reference to table 3, credit derivatives have not been listed. Kindly advise if these products are excluded from the capital requirement stipulated under general market risk.
Credit derivatives (including CDS and TRS) are subject to the general market risk treatment for interest rate risk if the instrument involves periodic payments of interest. Credit derivatives are subject to specific risk capital as described in paragraphs 26 and 27 of the Market Risk section of the Standards. Note that Table 3 in the text covers only interest rate derivatives, and therefore credit derivatives should not be included. Credit derivatives must be analysed whether they are subject to the general market risk treatment for interest rate risk. For example, Credit Default Swaps are usually not subject to general interest rate risk, whereas Total Return Swaps and credit linked notes are usually subject to general market risk. Please note, that the analysis to which risk types a specific instrument type is exposed, must be provided to the Central Bank upon request.
Question 4: Clarity is needed on what constitutes trading book. For example, Investment Grade bonds classified as AFS, however with no active trading and a holding period of almost till maturity (e.g. callable, decision to sell closer to maturity) does this need to be banking book? Similarly, HTM under this description can be either trading or banking book.
The Market Risk Standard as published does not change the definition of trading book. The requirements of BCBS 128 paragraphs 685 to 689 have been applied in the text of the Standards. Please refer to the Market Risk Regulation under Notice 3018/2018 for the full definition of trading book.
Question 5: For Qualifying category, if the issuer of the security is a rated corporate by any one of rated agencies i.e. Moody's, S&P, Fitch with investment grade. Should it be included under Qualifying Category?
Yes, this will fall under qualifying category as long as it rated investment grade by at least two credit rating agencies.
Question 6: Should general criteria for all investment grade securities other than Government Issuers be taken under the category of Qualifying?
Yes, these instruments will be classified as qualifying provided in paragraphs 16-19.
Question 7: As per the Standards, "the separate legs of cross-currency swaps or forward foreign exchange deals are to be treated as notional positions in the relevant instruments and included in the appropriate calculation for each currency". Under which method these are required to be included in MR-3 i.e Maturity method or Duration method.
General risk can be computed using Maturity and Duration approach. Paragraph 41 on "Allowable offsetting of matched positions" of the market risk standard applies to both approaches and depends on what approach the bank uses for reporting.
Question 8: If the options are hedged, do we need to input the numbers in the template.
If it is fully micro hedged, then Net Forward Purchase (Sales) & Delta weighted positions for Options will be zero. Refer to VII Appendix: Prudent Valuation Guidance as part of Market risk standard.
Question 9: Banks have the possibility to include the repo transactions in the trading book for regulatory capital calculation even though they are accounted in the banking book?
Term trading-related repo-style transactions that meet the requirements for trading-book treatment may be included in the bank’s trading book for regulatory capital purposes even if a bank accounts for those transactions in the banking book. If the bank does so, all such repo-style transactions must be included in the trading book, and both legs of such transactions, either cash or securities, must be included in the trading book. Regardless of where they are booked, all repo-style transactions are subject to a credit risk capital requirement under the Central Bank’s Standards for Credit Risk Capital. The secured part of the exposure is risk weighted based on the credit rating/type of the issuer the security serving as collateral, and the unsecured part is risk weighted based on the credit rating/type (bank-sovereign-corporate) of the counterparty. In addition, how/where the reporting should be under which risk type (e.g. interest rate risk (Specific and/or General), FX, Equity, etc.) depends on the nature of the cash placement (one ‘leg’) and that of the security/collateral (other ‘leg’). The two legs are reportable to the relevant market risk type. For example, if the cash placement is floating rate and denominated in foreign currency it would be reported under FX. In regards to position risk (interest rate and equity risk types), it would be under General risk.
Question 10: How do we treat the capital charge when an exposure in the Banking book is hedged via a derivative in the trading book?
As long as the position got an open leg under one of the two books (i.e. Banking or trading), applicable capital charge should be taken in place. When a bank hedges a banking book credit risk exposure using a credit derivative booked in its trading book (i.e. using an internal hedge), the banking book exposure is not deemed to be hedged for capital purposes unless the bank purchases from an eligible third party protection provider a credit derivative meeting the requirements in the Central Bank’s Standards for Credit Risk. Where such third party protection is purchased and is recognised as a hedge of a banking book exposure for regulatory capital purposes, neither the internal nor external credit derivative hedge would be included in the trading book for regulatory capital purposes.
Question 11: BCBS standards provides banks two options to include large swap books in the maturity or duration ladder (Convert the payments into their present values or to calculate the sensitivity of the net present value). It would be useful to clarify which methods are acceptable.
Currently both methods are acceptable but to move forward with sensitivity or NPV approach, the bank shall seek Central Bank approval by providing all relevant documents.
Question 12: How to treat Multilateral Development Banks (MDBs), PSEs and GREs that qualify 0% risk weight as per Credit Risk Section of the Standards for the “Qualifying” criteria of Specific Risk?
All MDBs are considered “qualifying” for this purpose and will receive a RW of 0%.
PSE that meets the conditions to be treated like a sovereign for credit risk can be considered “government" for specific risk.
Commercial GREs that are treated as corporates for credit risk should also be treated as corporates for market risk, for consistency.
Question 13: Can the securities issued by local government be reported under government? If yes, what capital charge will be applied?
Only if they qualify for treatment as “sovereign” under the credit risk framework, a 0% can be applied.
Question 14: What is meant by 'broadly' in paragraphs 23 and 24 of the Market Risk Standard. Any threshold for the size of the movement e.g. a negative correlation of more than 0.6?
No, there is no specific threshold. "Broadly" in this context means "with close approximation," to allow for minor deviations from perfect correlation. The bank should have a sensible policy to ensure that objective, which should be subject to supervisory review.
Question 15: What is meant by "long term participation"? What is included in it?
Long-term participations could take a number of forms, but a typical example would be investments accounted at historical cost (and in this context, denominated in a foreign currency). Paragraph 65 edited for clear understanding.
Question 16: Do the banks have to meet certain criteria to apply duration or maturity approach or is the choice of method fully within the bank's discretion?
Maturity approach shall be the initial approach to be used. In case the bank requires to apply Duration approach, then banks will have to seek Central Bank consent to switch between the approaches.
Question 17: Under Specific interest rate risk, what will be the treatment for the debt securities that are denominated and funded in domestic currency or foreign currency?
The preferential treatment/national discretion will be applicable to GCC sovereign’s papers denominated and funded in local currency. In addition, exposures to the Federal Government and Emirates Government receive 0% risk weight, if such exposures are denominated and funded in AED or USD for a transition period of 7 years from the date of implementation of this Standard. After the transition period, 0% risk weights are only applied to exposures that are denominated and funded in AED. Elsewise (if denominated and funded in foreign currency and if the debt security is not GCC sovereign paper) rating and residual maturity shall be applied.
Question 18: Interest Rate Risk: How are derivatives treated from a market risk and credit risk perspective that a foreign branch has with its head office and other branches of the group? Are all the derivative transactions under the umbrella of the group, can such derivatives be excluded from the capital charge?
1. •Exemption is not eligible; all derivatives are to be included under credit and market risk.
2. •If the branch and the head office both have the same ISDA contract, netting and collateral will not be eligible. However, if the ISDA contract contains only the deals from the branch, then netting and collateral would be eligible.
3. •From Market risk perspective, if the bank's transactions are fully hedged, i.e. certain derivatives with UAE customers are fully hedged back to back with the head office, then the bank can offset for example the general and specific interest rate risks (based on paragraphs 41 to 45). However, counterparty credit risk is still to be considered.
Question 19: Treatment of Options: Do banks have to meet certain criteria to apply the simplified approach or the delta plus method? Or is the choice of method fully within bank's discretion?
As per Para 82 (Standard), two alternative approaches apply to options. Banks that only purchase options (rather than written options) can choose to use a simplified approach. Unless all written option positions (under the simplified approach) are hedged by perfectly matched long positions in exactly the same options, in which case no capital charge for market risk is required. Banks with more complex option positions that also write options must use the delta-plus approach rather than the simplified approach.
Question 20: Specific Interest Rate Risk: When the securities are not externally credit rated, does the Central Bank have a list of specific treatment for issuers/ issues that are unrated?
The Central Bank does not have a discretionary list of customers that do receive a special treatment if an external rating is not available.
1. •The standard is exhaustive for all special treatments. For example: UAE and GCC sovereign exposure that are funded and denominated in the domestic currency receive 0% RW (independent of the external rating of that sovereign)
2. •Exposures to the Federal Government and Emirates Government receive 0% risk weight, if such exposures are denominated and funded in AED or USD for a transition period of 7 years from the date of implementation of this Standard. After the transition period, 0% risk weights are only applied to exposures that are denominated and funded in AED.
Question 21: If a bank has exposure in equity investments in the trading book, how will this exposure be treated under Market risk?
Risk-weighted assets for equity exposures arising from bank investments in funds that are held in the trading book are subject to the market risk capital rules. Equity investments in funds will be allocated to the trading book if the bank is able to “look through” to the fund’s underlying assets (i.e. determine capital requirements based on the underlying positions held by the fund), or where the bank has access both to daily price quotes and to the information contained in the mandate of the fund. The reporting is based on the underlying positions held by the fund; it could be covered under different areas of the market risk (e.g. FX, IRR and equity risk).
Question 22: As per paragraph 21 of the Market Risk Standard, it is mentioned that a securitisation exposure subject to a risk weight of 1250% under the Central Bank requirements (and therefore to a 100% specific risk charge under this Standard) may be excluded from the calculation of capital for general market risk. Should the cap for the UAE be 1250% or 952% as mentioned in paragraph 5 of the Introduction of the standards?
Yes, the RW has to be capped at 952% as mentioned in the introduction of the standards.

V. Examples
Note that capital charges calculated in all examples below still need to be converted into risk weighted assets via Section IV in the Market Risk Standards.

A. Interest Rate Risk

1.Calculating the General Market risk charge

Calculate the general market risk capital charge for XYZ bank’s interest rate positions using the maturity method.

Long position in a qualifying bond: Market value AED 13.33m. Residual maturity 8 years & coupon 8%

Long position in a government bond: Market value AED 75m. Residual maturity 2 months & coupon 7%

Interest rate swap: Notional value AED 150m. Residual life of swap 8 years & bank receives floating rate interest and pays fixed. Next interest fixing after 9 months

Long position in interest rate government bond future: Contract size AED 50mn.

The treatment of interest rate future positions assume a bank is exposed to a long position in a 6-month interest rate future bought today and settled in two months' time. The long position in interest rates needs to be slotted into the 6-12 months’ time band because the maturity of the long position is considered to be eight months. This is because the position is taken on today and will be settled in two months with a maturity of six months.

Delivery date after 6 months & remaining maturity of the CTD government security 3.5 years.

Cheapest to deliver CTD refers to the underlying instrument that result in the greatest profit or the least loss when delivered in satisfaction of futures contracts.

Calculating the general market risk capital charge comprises two main steps and a number of sub-steps.

Step 1: Map each interest rate position

We are using the maturity method to map the positions. None of the bank’s positions have a coupon of less than 3%, so we will use a ladder of 13 time bands. Each position is mapped to the appropriate time band according to its residual maturity.

Step 2: calculate the total capital charge

Overall net open position

	Zone 1 (months)				Zone 2 (years)			Zone 3 (years)
Time band	0-1	1-3	3-6	6-12	1-2	2-3	3-4	4-5	5-7	7-10	10-15	15-20	>20
Weighted position (AED m)		+0.15	-0.2	+1.05			+1.125			-5.625+0.5

The net open position is the sum of all the positions across all the time bands. The net open position is AED 3m short, which leads to a capital charge at 100% of AED 3,000,000.

Calculation:

+75*0.2%=+0.15

-50*0.4%=-0.2

+150*0.7%=+1.05

+50*2.25%=+1.125

-150*3.75%=-5.625

+13.33*3.75%=+0.5

Vertical disallowance

The long position of AED 0.5m is offset against the short position of AED 5.625m as per the marked area. The matched position is AED 0.5m and the net open position is AED -5.125m.

This leads to a capital charge of 10% of AED 0.5m, or AED 50,000

	Zone 1 (months)				Zone 2 (years)			Zone 3 (years)
Time band	0-1	1-3	3-6	6-12	1-2	2-3	3-4	4-5	5-7	7-10	10-15	15-20	>20
Weighted position (AED m)		+0.15	-0.2	+1.05			+1.125			-5.625+0.5
Vertical disallowance										-5.125

Calculation

Matched position = 0.5

Net open position = -5.625+0.5= -5.125

Horizontal disallowance

The third part of the capital charge is a charge for the horizontal disallowance. There are three rounds of horizontal offsetting.

In round 1, the horizontal disallowance within each zone is calculated. In this example, charge applies to zone 1 only because it is the only zone with a long and a short position. (With more than one position). The short position, -0.2 is offset against the total long position, +1.2. The matched position is 0.2 and the net open position is +1.

The capital charge for the horizontal disallowance within zone 1 is 40% of AED 0.2m, or AED 80,000

In round 2, calculate the horizontal disallowance between adjacent zones, i.e., between:

Zone 1 and zone 2

Zone 2 and zone 3

In this example, zone 1 and zone 2 both contain long positions, so there is no matched position and therefore no offsetting between these zones. The long position of 1.125 in zone 2 is offset against the short position of -5.125 in zone 3. The matched position is 1.125 and the net open position is -4. The capital charge for the horizontal disallowance between zones 2 and 3 is 40% of AED 1.125m= AED 450,000.

In round 3, we calculate the horizontal disallowance between zones 1 and 3.

In this example, the long position of 1 in zone 1 is offset against the short position of -4 in zone 3. The matched position is 1 and the net open position is -3. The capital charge for the horizontal disallowance between zones 1 and 3 is 100% of AED 1m = AED 1m.

After the three rounds of horizontal offsetting, the total charge for the horizontal disallowance is AED 80,000 + AED 450,000 + AED 1,000,000 = AED 1,530,000

Having completed the horizontal and vertical offsetting, the remaining overall net open position is AED 3m, which is equivalent to the overall net open position we calculated across all time bands when we calculated the first part of the capital charge.

	Zone 1 (months)				Zone 2 (years)			Zone 3 (years)
Time band	0-1	1-3	3-6	6-12	1-2	2-3	3-4	4-5	5-7	7-10	10-15	15-20	>20
Weighted position (AED m)		+0.15	-0.2	+1.05			+1.125			-5.625+0.5
Vertical disallowance										-5.125
Horizontal disallowance Round 1	+1
Horizontal disallowance Round 2								-4
Horizontal disallowance Round 3								-3

We have now calculated the total capital charge for general market risk for this example.

Capital charge		AED
1	A charge for the net open position	3,000,000
2	A charge for the vertical disallowance	50,000
3	A charge for horizontal disallowance
	Round 1: Charge for the horizontal disallowance within each zone	80,000
	Round 2: Charge for the horizontal disallowance between adjacent zones	450,000
	Round 3: Charge for the horizontal disallowance between zones 1 and 3	1,000,000	1,530,000
	net charge for positions in options		0
	Total capital charge		4,580,000

2.Specific Market Risk – Example

Relate to the same example as above.

Given that, the government bonds are AAA-rated and that the qualifying bond is BBB-rated.

The interest rate swap does not incur a specific risk charge. The AAA-rate government bonds incur a 0% specific risk charge. The qualifying bond has a residual maturity of 8 years and is BBB-rated, so if has a specific risk charge of 1.6%

The capital charge is 1.6% of AED 13.33m, or AED 213,280.

B. Equity Risk – Calculating the Capital Charge
Bank XYZ has the following positions in its equity portfolio for a particular national market.
Company Position No. of shares Market price (AED) Market value (AED)
A Corp. Long 10,000 35 350,000
B Corp. Short 20,000 25 500,000
C Corp. Short 5,000 50 250,000
D Corp. Long 15,000 20 300,000
E Corp. Short 2,000 60 120,000

To calculate the general market risk charge, we must first determine the overall net open position. The sum of the net long positions is AED 650,000 and the sum of the net short positions is AED 870,000. The overall net open position is short AED 220,000.
The capital charge for general market risk is 8% of AED 220,000, or AED 17,600.
Next, we must work out the specific risk charge.
The capital charge for specific risk is 8% of AED 1,520,000 or AED 121,600.
That lead to, overall capital charge for this portfolio is AED 17,600 + AED 121,000, or AED 139,200.

C. FX Risk – Calculating the Capital Charge
Below is an example of calculating the capital charge for FX risk.
A bank has the following positions that have been converted at spot rates into its reporting currency, United Arab dirhams (AED).
Currency JPY EUR GBP AUD USD Gold
Net position (AEDm) +50 +100 +150 -20 -180 -35

The higher of the sum of the net long and net short currency positions is AED 300m.
The capital charge is therefore calculated as 8% of AED 300m, plus the net position in gold (AED 35m):
Capital charge = 8% of AED 335m = AED 26.8m
Another example;
A bank has the following positions that have been converted at spot rates into its reporting currency (AED)
Currency EUR JPY GBP AUD SGD
Net position (AEDm) +150 -100 +75 -30 -15

The sum of the net long positions is AED 225m and the sum of the net short positions is -AED 145m. The capital charge is calculated as 8% of the higher of these two positions, so the charge is 8% of AED 225m, or AED 18m.

D. Commodity Risk

1.Simplified approach

XYZ bank is exposed to a number of positions in the same commodity. The bank’s reporting currency is AED. The following positions are held in EUR:

Position	Standard units (kg)	Maturity
Long	128	4 months
Short	-160	5 months
Long	96	13 months
Short	-96	4 years

Firstly, calculate the current value for these positons in the reporting currency.

The following is the current situation:

Current spot price of the commodity per unit (kg) in local currency	5.00	EUR per kg
Current EUR/AED FX spot rate	4.25	1 EUR = 4.25 AED

Further calculation to the position after conversion to local reporting bank’s currency

Position	Standard units (kg)	Spot price	Value (EUR)	FX spot rate 1 EUR = 4.25 AED	Value (AED)	Maturity
Long	128	5.00	640	4.25	2,720	4 months
Short	-160	5.00	-800	4.25	-3,400	5 months
Long	96	5.00	480	4.25	2,040	13 months
Short	-96	5.00	-480	4.25	-2,040	4 years

640*4.25=2,720
-800*4.25=-3,400
480*4.25=2,040
-480*4.25=-2,040

Calculate the capital charge, first a capital charge of 15% of the overall net open position in the commodity is required.

The overall net position is the sum of the long and short positions:
AED 2,720 – AED 3,400 + AED 2,040 – AED 2,040 = - AED 680
The overall net positon is short AED 680. This leads to a capital charge of AED 102 (680 * 15%) Next, a capital charge of 3% of the bank’s gross positon in the commodity is required.
The gross position is the sum of the absolute values of the long and short positions:
AED 2,720 + AED 3,400 + AED 2,040 + AED 2,040 = AED 10,200

XYZ bank’s gross position is AED 10,200. This leads to a capital charge of AED 306 (10,200 * 3%).
Now, sum the charges to find the total capital charge for this commodity. The charge for the overall net open position is AED 102, and the charge for the bank’s gross position in the commodity is AED 306.
Therefore, XYZ bank’s total market risk capital charge for positions held in this commodity is AED 102 + AED 306, or AED 408.

2.Maturity ladder approach

Recall that XYZ bank is exposed to a number of positions in the same commodity. The bank’s reporting currency is AED. The following positions are held in EUR:

Position	Standard units (kg)	Maturity
Long	128	4 months
Short	-160	5 months
Long	96	13 months
Short	-96	4 years

Step 1:

First express each commodity position in terms of the standard unit of measurement, and value in the reporting currency at the current spot price.

The following is the current situation:

Current spot price of the commodity per unit (kg) in local currency	5.00	EUR per kg
Current EUR/AED FX spot rate	4.25	1 EUR = 4.25 AED

This is done the same way as for the simplified approach.

Position	Standard units (kg)	Spot price	Value (EUR)	FX spot rate 1 EUR = 4.25 AED	Value (AED)	Maturity
Long	128	5.00	640	4.25	2,720	4 months
Short	-160	5.00	-800	4.25	-3,400	5 months
Long	96	5.00	480	4.25	2,040	13 months
Short	-96	5.00	-480	4.25	-2,040	4 years

Step 2:

Slot each position into a time band in the maturity ladder according to its remaining maturity. Physical stocks should be allocated to the first time band.

Maturity ladder
Time bands	Positions (AED)
	Long	Short
0-1 months
1-3 months
3-6 months	2,720	-3,400
6-12 months
1-2 years	2,040
2-3 years
Over 3 years		-2,040

Step 3:

Apply a capital charge: of 1.5% to the sum of the matched long and short positions in each time band to capture spread risk.

Maturity ladder			Matched position	Capital charge for spread risk rate = 1.5%
Time bands	Positions (AED)
	Long	Short
0-1 months
1-3 months
3-6 months	2,720	-3,400	2,720	81.6*
6-12 months
1-2 years	2,040
2-3 years
Over 3 years		-2,040

*start with the 3-6 months’ time band.
Multiply the sum of the ling and short matched positions by the spread rate 1.5%, to calculate the capital charge: (AED 2,720 + AED 2,720) * 1.5% = AED 81.6

Step 4:

Apply a capital charge of 0.6% to the residual net position carried forward to the next relevant time band, multiplied by the number of time bands it is carried forward.

The maturity ladder approach allows for netting between unmatched long and short positions across time bands. The residual net position in a time band can be carried forward to the next relevant time band, thus offsetting exposures in time bands further out. Because this is imprecise, resulting in an “imperfect hedge”; a capital charge is required.

The residual net position in the 3-6 months’ band is short AED 680. This net position is carried forward two time bands to offset exposures in the next relevant time band, the 1-2 years’ band.

Maturity ladder			Matched position	Net position	Capital charge for spread risk rate = 1.5%	Capital charge for positions carried forward rate = 0.6%
Time bands	Positions (AED)
	Long	Short
0-1 months
1-3 months
3-6 months	2,720	-3,400	2,720	-680 (3400-2720)	81.6	8.16*
6-12 months
1-2 years	2,040	-680
2-3 years
Over 3 years		-2,040

*The capital charge is calculated as follows: AED 680 * 2 * 0.6% = AED 8.16

Step 5:

Repeat step 3 and step 4 for each time band.

When determining the matched position in each time band, take into account the residual net position carried forward.

Maturity ladder			Matched position	Net position	Capital charge for spread risk rate = 1.5%	Capital charge for positions carried forward rate = 0.6%
Time bands	Positions (AED)
	Long	Short
0-1 months
1-3 months
3-6 months	2,720	-3,400	2,720	-680 (3400-2720)	81.6	8.16
6-12 months
1-2 years	2,040	-680	680	1,360	20.4*	16.32**
2-3 years
Over 3 years	1,360	-2,040	1,360	- 680	40.8***

*(680+680)*1.5% = AED 20.4
**(1,360*2*0.6%) = AED 16.32
***(1,360+1360) *1.5% = AED 40.8

Step 6:

Apply a capital charge of 15% to the overall long or short net open position.

The net position in the final time band is subject to a capital charge of 15% as to say 680 * 15% = AED 102

Step 7:

Derive the total capital charge by summing the charges for spread risk, for positions carried forward and for the overall net open position.

Capital charges	AED
Charge for spread risk	142.8
Charge for the positions carried forward	24.48
Charge for the overall net position	102
Total capital charge	269.28

In this example, the capital charge calculated using the maturity ladder approach; AED 269.28 is significantly lower than that calculated using the simplified approach, AED 408.

E. Options
Simplified approach
A bank holds 100 shares currently valued at USD 10, and also holds an equivalent number of put options with a strike price of USD 11 (each option entitles the bank to sell one share).
Since these are equity options, they are subject to the capital charges for general market risk and specific risk according to the standardised framework for equity risk. The capital charge is levied at 8% for general market risk and 8% for specific risk, giving a summed charge of 16%.
Market value of 100 shares = USD 1,000
First, multiply the market value by the sum of general market risk and specific risk charges.
USD 1,000 x 16% = USD 160
Then, calculate the amount the option is in-the-money.
(USD 11 - USD 10) x 100 = USD 100
The capital charge is the general market risk and specific risk charge less the amount the option is in-the-money.
USD 160 - USD 100 = USD 60
A similar methodology applies for options whose underlying is a foreign currency, an interest rate related instrument or a commodity.
Another example for simplified approach
A bank holds 500 shares currently valued at USD 25.50 and holds an equivalent number of put options with a strike price of USD 26.25 (each option entitles the bank to sell one share).
The capital charge is calculated as follows:
Market value of 500 shares = USD 12,750
USD 12,750 x 16% (that is, 8% specific plus 8% general market risk) = USD 2,040
The amount the option is in-the-money = (USD 26.25 - USD 25.50) x 500 = USD 375.
This gives a capital charge of USD 2,040 - USD 375 = USD 1,665

IX. Operational Risk

I. Introduction and Scope
1.This section of the guidance supports the Operational Risk Standard in clarifying the calculation of the Operational risk capital requirement.
2.Operational risk has existed since banks have been in business. However, it is only in recent decades that the management of operational risk (including measurement techniques) has evolved into a distinct discipline, long after this was the case for both credit risk and market risk.
3.In this same period, the significance of operational risk in banks became widely recognised. This development was influenced by numerous high-profile operational risk events and related losses, along with such factors as banks' greater reliance on technology and increased use of outsourcing, the growing sophistication of cyber threats, and the pace of change in the financial services sector.

II. Clarification
4.Operational risk includes legal and compliance risk but excludes strategic and reputational risk. The exclusion of strategic and reputational risk is because they relate more to indirect losses, the definition, measurement and quantification of which would give rise to significant complexities.
5.The operational risk capital charge represents the amount of capital that a bank should maintain as a cushion against losses arising from operational risk.
6.The operational risk capital charge is first calculated using the appropriate approach under Basel III. It is then converted into a risk-weighted asset equivalent by multiplying the charge by 12.5 and adding the result to the total risk-weighted assets for credit risk.

III. Approaches
7.The calculation of the operational risk capital charge is covered under the Standards for Capital Adequacy of banks in the UAE.
8.The approaches represent a continuum of increasing sophistication and risk sensitivity. The charge is to be calculated using one of the following two approaches:

a. Basic Indicator Approach (BIA)
9.The Basic Indicator Approach (BIA) is a simple approach for calculating the capital charge for operational risk. It can be used by banks that are not internationally active, as well as by banks that are internationally active but may not yet have risk management systems in place for using the more advanced approaches for measuring operational risk.
10.While the approach is available for all banks as a 'point of entry', irrespective of their level of sophistication, Central Bank expects internationally active banks and banks with significant operational risk to discontinue indefinitely with the Basic Indicator Approach.
The Basic Indicator Approach Components
11.The operational risk capital charge under the BIA is based on two components:
1. 1.The exposure indicator, represented by the Gross Income (GI) of a bank as a whole.
2. 2.The fixed factor, alpha (α), set by the Basel Committee.
The formula for calculating the capital charge for operational risk under the BIA is as follows:
KBIA=[∑(GI1..n×α)]/n

Where:

K_BIA = The capital charge under the BIA;
GI = Annual gross income, where positive, over the previous three years;
n = Number of the previous three years for which gross income is positive; and
α =15%, relating the industry wide level of required capital to the industry wide level of the indicator.

1.Gross Income of the Bank
12.Gross income is a broad indicator that serves as a proxy for the likely exposure of a bank to operational risk. It is the total of net interest income plus net non-interest income of a bank as a whole. Net interest income is defined as interest income of a bank (for example, from loans and advances) minus the interest expenses (for example, interest paid on deposits). Net non-interest income is defined as fees and commissions earned minus the non-interest expenses (that is, fees and commissions paid) and other income.
13.Gross income used in the calculation of the capital charge for operational risk should be:
1. -Gross of any provisions, for example, for unpaid interest. This is because such amounts should have normally formed part of a bank's income but have been set aside for likely credit losses.
2. -Gross of operating expenses, including fees paid to outsourcing service providers. This is because outsourcing of activities does not fully transfer operational risk to the service provider. Outsourcing is the strategic use of outside resources to perform business functions that are traditionally managed by internal staff. Outsourcing offers the advantage of access to specialised and experienced personnel that may not be available internally, and enables banks to concentrate on their core business and reduce costs.
14.Only sustainable, renewable and recurrent sources of income are to be used as the basis for calculating the operational risk capital charge. Banks should perform a reconciliation between the gross income reported on the capital adequacy return and the audited financial statements. This information should be available to the Central Bank upon request. As such, gross income should exclude:
1. -realised profits/losses from the sale of securities classified as 'held to maturity' and 'available for sale', which typically constitute items of the banking book under certain accounting standards. The intention is to hold such securities for some time or up to their full term and not for trading purposes. Their sale does not represent sustainable income from normal business.
2. -Held to maturity securities are those that the bank intends to hold indefinitely or until the security reaches its maturity. Available for sale securities includes securities that are neither held for trading purposes nor intended to be held till maturity. These are securities that the bank intends to hold in the short or medium term, but may ultimately sell. Banking book relates to positions that are held to maturity with no trading intent associated with them. Most loans and advances are included in the banking book as they are intended to be held until maturity. At times, there may also be liquid positions assigned to the banking book if they are intended to be held over a longer term or to maturity.
3. -Extraordinary or irregular items as well as income derived from insurance claims. Again, these items are to be excluded, as they are not sustainable sources of income for a bank.
15.Banks sometimes outsource certain activities, such as processing and maintaining data on loan collection services to external service providers. Alternatively, banks may act as service providers to other banks. This results in the payment or receipt of a fee for the outsourced service.
16.Basel provides the following guidance for the treatment of outsourcing fees paid or received, while calculating the gross income for the purpose of calculating the operational risk capital charge:
1. -Outsourcing fees paid by a bank to a service provider do not reduce the gross income of the bank.
2. -Outsourcing fees received by a bank for providing outsourcing services are included in the definition of gross income.
2.Alpha
17.Alpha is a fixed factor, set by the Basel Committee. It serves as a proxy for the industry-wide relationship between operational risk loss experience of a bank and the aggregate level of the operational risk exposure as reflected in its gross income.

Treatment of Negative Gross Income
18.The operational risk capital charge under the BIA is assumed that a bank has positive gross income for all of the previous three years. However, some banks may have negative gross income for some year(s), for example, resulting from poor financial performance. Figures for any year in which annual gross income is negative or zero shall be excluded from both the numerator and denominator when calculating the gross income average.
19.On this basis, the figures presented in the 3 years' calculations should reconcile (or be reconcilable) with the bank’s audited financial statements.

b. Standardised Approach (SA)

20.The Standardised Approach (SA) represents a refinement along the continuum of approaches for calculating the operational risk capital charge. While this approach also relies on fixed factors as a percentage of gross income, it allows banks to use up to eight such factors, called betas, depending upon their business lines.

21.The calculation of the operational risk charge under this approach is more risk sensitive than the BIA.

The Standardised Approach Capital Charge

22.Under the Standardised Approach (SA), the operational risk capital charge is based on the operational risk capital charges for individual business lines in a bank. The formula for calculating the operational risk capital charge under the SA is as follows:

Where:

K_TSA = the capital charge under the Standardised Approach

GI_1-8 = the annual gross income in a given year, as defined in the Basic Indicator Approach (BIA), for each of the eight business lines

β _1-8 = a fixed percentage, set by the committee, relating the level of required capital to the level of the gross income for each of the eight business lines

The Standardised Approach Components

23.The Standardised Approach identifies two main components to be used in calculating the operational risk capital charge:

1.Gross Income of Eight Business Lines

24.Eight business lines are recommended for use by the Basel Committee in calculating the operational risk charge under the SA. These business lines are considered as being representative of the various kinds of businesses undertaken by banks. The identified business lines briefed below are:

1.Corporate finance: banking arrangements and facilities provided to large commercial enterprises, multinational companies, non-bank financial institutions, government departments etc.
2.Trading and sales: treasury operations, buying and selling of securities, currencies and commodities for proprietary and client accounts.
3.Retail banking: financing arrangements for private individuals, retail clients and small businesses such as personal loans, credit cards, auto loans, etc. as well as other facilities such as trust and estates and investment advice.
4.Commercial banking: financing arrangements for commercial enterprises, including project finance, real estate, trade finance, factoring, leasing, guarantees, bills of exchange etc.
5.Payment and settlement: activities relating to payments and collections, interbank funds transfer, clearing and settlement.
6.Agency services: acting as issuing and paying agents for corporate clients, providing custodial services etc.
7.Asset management: managing funds of clients on a pooled, segregated, retail, institutional, open or closed basis under a mandate.
8.Retail brokerage: broking services provided to customers that are retail investors rather than institutional investors.

25.Under the SA, the gross income is calculated for each of the eight business lines. It serves as a proxy for the likely scale of exposure of that business line of the bank to operational risk. Since all income has to be allocated to a business line, the sum of the gross income of the eight business lines should equal the gross income for the bank as a whole

26. Just like in the Basic Indicator Approach, gross income for SA comprises net interest income plus net non-interest income as defined in the Operational Risk section of the Standards re Capital Adequacy.

2.Beta

27.Beta serves as a proxy for the industry-wide relationship between the operational risk loss experience and the level of operational risk exposure as reflected in the gross income for a business line. It is representative of the amount of loss that can be incurred by a bank given that level of exposure (represented by gross income) in a business line.

28.The beta factors for the eight business lines as set by the Basel Committee are as follows:

Beta	Business line	Beta factor
β ₁	Corporate finance	18%
β ₂	Trading and sales	18%
β ₃	Retail banking	12%
β ₄	Commercial banking	15%
β ₅	Payment and settlement	18%
β ₆	Agency services	15%
β ₇	Asset management	12%
β ₈	Retail brokerage	12%

29.The beta factors have been set within a range of 12-18% depending upon the degree of operational risk perceived in a business line. Thus, a 12% beta factor for retail banking indicates that, in general, the operational risk in retail banking is lower than the operational risk in commercial banking. The latter, which has a beta of 15%, carries a lower operational risk than, for example, payment and settlement, which carries a beta factor of 18%.

Treatment of Negative Gross Income from Business lines

30.Some banks may have negative gross income for some years in some business lines. This will result in a negative capital charge for the business line for that year. If the gross income and the resulting capital charge of a specific business line is negative, the aggregate of the capital charges across business lines for that year could still be positive, so long as the gross income from other business lines is positive.

31.The following guidance applies for treatment of negative capital charges under the Standardised Approach:

-In any given year, negative charges in business lines may offset positive capital charges in other business lines without any limit.
-If the total capital charge, after offsetting negative and positive capital charges of business lines, is negative for a given year, then the numerator for that year will be set to zero.
-If negative gross income distorts the operational risk capital charge calculated under the SA, the Central Bank will consider appropriate supervisory action under Pillar 2.

Calculating the Operational risk capital charge under the Standardised Approach (SA)

The calculation of the capital charge for operational risk under the SA follows the following steps:

Step 1: Calculate the capital charge for each business line using its gross income and applicable beta factor in year 1.

If the gross income from a business line is negative, the capital charge for that business line in year 1 will be negative.

Step 2: Sum the eight capital charges of business lines for Year 1.

In a year, negative capital charges in some business lines may offset positive capital charges for other business lines without any limit.

Steps 3 and 4: Follow steps 1 and 2 for the other two years.

Step 5: Calculate the 3-year average of the aggregated capital charges. Where the aggregate capital charge across all business lines in a given year is negative, then the input to the numerator for that year will be zero. The denominator will remain 3, representing the three years included in the calculation.

Central Bank supports the use of the Beta given in the Standards re Capital Adequacy as well as here in this guidance above as the basis for the capital calculations under SA.

c. Alternative Standardised Approach (ASA) Capital Charge
32.The Alternative Standardised Approach provides a different exposure indicator for two of the eight business lines, retail banking and commercial banking. These activities essentially comprise traditional banking business and still represent the main business of banks in several jurisdictions.
Calculation of Operational Risk Capital Charge under Alternative Standardised Approach (ASA)
33.Using the ASA, the operational risk capital charge for retail banking and commercial banking will be based on the following formulas:
KRB=βRB×m×LARB

Where:
K_rb = is the capital charge for retail banking
m = 0.035
β _rb = is the beta factor for retail banking (12%)
LA_rb = is the total outstanding retail loans and advances (non-risk weighted and gross of provisions), averaged over the past three years
$K_{CB} = β_{CB} \times m \times {LA}_{CB}$

Where:
K_CB = is the capital charge for commercial banking
m = 0.035
β_CB= is the beta factor for commercial banking (15%)
LA_CB = is the total outstanding commercial loans and advances (non-risk weighted and gross of provisions), averaged over the past three years
For the other six business lines, the calculation of the operational risk capital charge will be based on the gross income and beta factor of that business line, as prescribed under the SA.
Further Options under the Alternative Standardised Approach (ASA)
34.Further options are available at under the ASA for calculating the operational risk capital charge to address problems in disaggregation of the exposure indicator among business lines by banks. However, the greater the disaggregation, the better will be the alignment of the capital charge with a bank's operational risk profile.
35.Available options relate to using loans and advances in commercial and retail banking business lines and gross income in the other six business lines as the exposure indicators with different beta factor combinations:
1. -Option 1 – using a common beta factor of 15% for commercial loans and retail loans, and the SA beta factors for the other six business lines
2. -Option 2 – using the SA beta factors of 15% and 12%, respectively, for commercial loans and retail loans and a common beta factor of 18% for the other six business lines
3. -Option 3 – using a common beta of 15% for commercial loans and retail loans and a common beta factor of 18% for the other six business lines
For further details, kindly refer to the Appendix below.

IV. Shari’ah Implementation
36.Banks that conduct all or part of their activities in accordance with the provisions of Shari’ah law and have exposure to risks similar to those mentioned in the Operational Risk Standard, shall, for the purpose of maintaining an appropriate level of capital, calculate the relevant risk weighted asset in line with these guidelines. This must be done in a manner compliant to the Shari’ah law.
37.This is applicable until relevant standards and/or guidelines in respect of these transactions are issued specifically for banks offering Islamic financial services.

V. Frequently Asked Questions

A. Basic Indicator Approach
Question 1: If a bank incurs a negative gross income in any of the previous three years, will it be taken into account under the Basic Indicator Approach (BIA)?
The basis for working out the capital charge for operational risk under the BIA is three-year average of positive gross income. If the gross income for any of the previous three years is negative or zero, the figures for that year will be excluded from both the numerator and the denominator when calculating the capital charge. The negative gross income will not be added to the numerator and the denominator will exclude the year in which the income is negative.
As mentioned under the Basic Indicator Approach, if negative gross income distorts a bank’s Pillar 1 capital charge under the Standardised Approach, supervisors will consider appropriate supervisory action under Pillar 2.
Question 2: Can the Central Bank detail or provide examples of the extraordinary or irregular items under the definition of Gross income. Does this cover the bank selling off certain part of its business?
An extraordinary or irregular item consists of gains or losses included on a bank's P&L statement (usually reported separately as these items are not predictors of future performance) from events that are unusual and infrequent in nature. Such items are the result of unforeseen and atypical events that are outside the normal course of the core banking business (i.e. outside the types of income described in paragraph 13 of the Operational Risk section of Standards re Capital Adequacy in the UAE). For example, income derived from non-core banking business; income from discontinued operations; extraordinary income (e.g. from the sale of certain part a banking business).

B. Standardised Approach
Question 3: Define business Segments under 'Retail Brokerage' and 'Asset Management'?
1. •Retail Brokerage - Examples of activities:
  Execution and full service, such as:
  1. i.Reception and transmission of orders in relation to one or more financial instruments
  2. ii.Execution of orders on behalf of clients
2. •Asset Management- Examples of activities:
  1. i.Portfolio management
  2. ii.Managing of Investments funds, including: pooled funds, segregated funds, retail funds, institutional funds, closed funds, open funds, private equity funds
Question 4: What is the objective mapping criteria for mapping ancillary business function that supports more than one business line?
Such objective mapping criteria depends on the business and ancillary business mix of a bank. These criteria are not preset by the Central Bank. A bank should establish internally such criteria, reflecting its internal organisation, and these should be subject to independent review as per point (ix) of paragraph 12 of the Operational Risk section of Standards re Capital Adequacy in the UAE. The allocation can be done pro-rata based on the chosen criteria.
Examples of objective criteria include:
1. 1.number of full-time equivalent members of staff,
2. 2.time sheet man-hours,
3. 3.number of clients or transactions originated from each business line,
4. 4.volume of business originated from each business line.
Question 5: Business Segments/ functions that are to be mapped to 'Payment and Settlement' can be clearly articulated, as currently Level 2 defines the business segment as 'External Clients'
There is no fixed definition of external clients but all clients that the bank deals with externally with regards to Payment and Settlements need to be incorporated in this business line.

C. Alternative Standardised Approach

Question 6: What exposure indicator is used in the ASA approach?
In the ASA, gross income is replaced by the credit volume in terms of outstanding loans and advances (L&A) multiplied by a factor m (fixed at 0.035), as the exposure indicator for retail and commercial banking business lines. The loans and advances are non-risk weighted and gross of provisions.

Question 7: Why is the volume-based indicator alternative provided?
This volume-based indicator is provided to avoid large differences in the operational risk requirement caused by differences in income margins across banks and jurisdictions in these business lines. Gross income is not an appropriate exposure indicator of the extent of operational risk in retail and commercial lending.

Question 8: Can a bank choose to adopt ASA on its own?
No, the Central Bank must be satisfied that the alternative approach provides an improved basis for calculating the capital charge for operational risk in the bank. Reverting to the SA after adopting ASA is only possible with the approval of the Central Bank.

Question 9: What comprises Commercial Loans and Advances?
Under the ASA, commercial loans and advances will include outstanding amounts (non-risk weighted and gross of provisions) averaged over the past three years, from the following credit portfolios:

Commercial loans included for ASA	Definitions
Corporates	Loans to a corporation, partnership or proprietorship firm
Sovereigns	Loans to sovereigns and their central banks, certain public sector enterprises and multilateral development banks
Banks	Loans to other banks and regulated securities firms
Specialised lending	Loans for project finance, object finance, commodities finance, income producing real estate and commercial real estate
Small and medium enterprises treated as corporates	Loans to small and medium enterprises belonging to a group with annual gross turnover that exceeds AED 250 million
Purchased corporate receivables	Bank finance against amounts due to corporates from third parties for goods and/or services provided by them.
Book value of securities held in the banking book	The value at which securities have been purchased rather than their market value. Securities that are held in the banking book are intended to be held until maturity. There is no intent of trading in these securities.

Question 10: What comprises Retail Loans?
For the purpose of the ASA, retail loans will include total outstanding amounts (non-risk weighted and gross of provisions) averaged over the past three years in the following credit portfolios:

Retail loans included for ASA	Definitions
Retail	Exposures to individuals, residential mortgage loans etc.
SMEs treated as retail	Loans extended to small and medium businesses and managed as retail exposures by the bank.
Purchased retail receivables	Bank finance against amounts due to bank’s retail clients from third parties for goods and/or services provided by them

Question 11: What is the threshold to decide a large diversified bank in terms of assets book size/composition or any other indicators?
Currently, there is no such threshold. The Central Bank will perform an assessment for each bank applying to qualify for ASA. The qualifying criteria provided in paragraph 28 of the Operational Risk section of Standards re Capital Adequacy in the UAE, especially the first one (90% income from retail/commercial banking) are stringent. The Central Bank will review whether the bank meets the 90% standard to determine whether an additional size cut-off is appropriate.

Question 12: Retail or commercial banking activities shall account for at least 90% of its income. Please clarify whether this needs to be seen in the current year or an average of all the 3 years based on which the Operational Risk capital is being computed
Testing the 90% rule across a period of three consecutive years will be more appropriate.

Question 13: "The bank's operational risk management processes and assessment system shall be subject to validation and regular independent review". Can we get clarification on the difference between the validation and the review, and what are the scope and responsible party for each?
Validation of models and tables must be performed by the internal auditor or by the external auditor.

Question 14: In terms of the "regular reporting", is an official ORM meeting required? For example, Operational Risk Business/ Country / Group Committee meetings?
It is up to the bank how it conveys the regular reports to the senior management and the board of directors, but the evidence of these reports were submitted needs to be documented for example senior management signatures on the reports.

Question 15: Is operational risk capital charge revision a quarterly activity going forward or it remains as a yearly activity at the end of the year?
Will it be more adequate if we use current years’ gross income to compute operational risk rather last year's audited numbers only.
If the quarterly income is audited, the bank should use the quarterly data, which means the same quarter in the previous two years needs to be taken into consideration or else, the yearly audited data needs to be incorporated
The standards state only audited numbers need to be used and as such, if the current year’s income is audited, it can be used as part of the computation

Question 16: Elaboration of definition and scope of Operational Risk should be helpful. For example, whether Operational Risk includes other risk types such as Fraud Risk, Business Continuity Risk etc.
The definition and scope of Operational risk is sufficiently elaborated in the Operational Risk Standard of the Capital Adequacy Standards of Banks in the UAE and the Operational Risk Guidance. If operational risks were not sufficiently covered under Pillar I, then the uncovered risk should be part of the Pillar 2 ICAAP calculation.

Question 17: As per the definition of gross income, "income derived from insurance" is to be excluded from the income while computing Operational RWA.
We would request clarification if this also refers to bancassurance i.e.Bank's commission income earned on insurance products that are sold on behalf of insurance companies."
Any income which the bank earns out of the bancassurace should be treated as income derived from insurance.

VI. Examples

A. Basic Indicator Approach

The Basic Indicator Approach (BIA) is a simple approach for calculating the capital charge for operational risk. It can be used by banks that are not internationally active, as well as by banks that are internationally active but may not as yet have risk management systems in place for using the more advanced approaches for measuring operational risk. Below is an example of ABC bank and how the Operational risk capital charge is calculated on Basic Indicator Approach

1- Calculating gross income through the table shows part of the income statement of ABC bank for 2003.

Income statement of ABC bank for 2003
Operating income
Interest income	150
Interest expenses	110
Provisions made	20
Net interest income after provisions	20
Fees and commissions received	80
Fees and commissions paid	50
including fees paid for outsourcing	12
Other income From disposal of subsidiaries From disposal of available for sale Investments	10 8 0
Net non-interest income	48
Total operating income	68

The net interest income to be used in gross income for calculating the operational risk capital charge after provisions. Normally banks reduce this amount to arrive at the operating income, however, in the calculation of capital charge for operational risk, net interest income is gross of provisions.

In this example, net interest income is interest income minus interest expenses.

150 – 110 = 40

While for calculating net non-interest income for calculating operational risk capital charge, in this example:

Net non-interest income is fees and commissions received (80) minus fees and commissions paid, adjusted for outsourcing fees paid (50 – 12 = 38). Therefore, the amount will be 42.

2- Calculating operational risk capital charge under BIA

The following table shows how to calculate the operational risk capital charge under the BIA.

Year	Gross income of the bank
2002	120
2003	20
2004	250
Total positive GI for 3 years	390 (120+20+250)
Three year average of positive Gross Income	130 (390/3)
Alpha	15%
Operational risk capital requirement under BIA	19.5 ((39015%)/3 or 13015%

3- Treatment of Negative Gross Income

Below is the calculation of the operational risk capital charge when the bank has negative gross income for a year.

	Amount
Gross income year 1	-120
Gross income year 2	20
Gross income year 3	250
Total of positive gross income	270
Number of years with positive gross income	2
Average of positive annual gross income for the last three years	135 (270/2)
Alpha	15%
Operational risk capital requirement	20.25 (135*15%)

Since negative gross income leads to exclusion of data points for that year from both the numerator and the denominator of the BIA operational risk formula, it could at times result in some distortions. For example, a bank that has negative gross income for one of three years might end up with a higher operational risk capital charge than if it were to have positive gross income for that year, even if it was a small amount. To ensure that such distortions do not occur, the supervisor should review and consider appropriate actions under Pillar 2.

B. Standardised Approach

1- Below is small example indicated which to include and exclude in the gross income:

Included	Excluded
Provisions	Profits/losses from sale of securities
Operating expenses	Extraordinary/ irregular items

Gross income for each business line should:

-Be gross of any provisions (for example, for unpaid interest).
-Be gross of operating expenses, including fees paid to outsourcing service providers.
-Exclude realised profits/losses from the sale of securities in the banking book.
-Exclude extraordinary or irregular items as well as income derived from insurance claims.

2- The following table shows how to calculate the capital charge for operational risk using the Standardised Approach:

Business line	Beta factor	Gross income			Capital requirement
		Year 1	Year 2	Year 3	Year 1	Year 2*	Year 3	Average
Corporate finance	18%	250	300	200	45	54	36
Trading and sales	18%	100	-70	-80	18	-12.6	-14.4
Retail banking	12%	500	200	-300	60	24	-36
Commercial banking	15%	400	300	400	60	45	60
Payment and settlement	18%	300	350	300	54	63	54
Agency services	15%	75	50	45	11.25	7.5	6.75
Asset management	12%	50	-100	-20	6	-12	-2.4
Retail brokerage	12%	150	100	80	18	12	9.6
Total Gross Income		1,825	1,130	625
Aggregate Capital Requirement**					272.25	180.9	113.55	189***

*Gross Income x Beta factor

**Sum of eight capital charges for the year – remember within a year negative capital charges can offset positive charges among business lines

***Three-year average capital charge

3- Another example to illustrate the negative Gross income:

Business line	Beta factor	Gross income			Capital requirement
		Year 1	Year 2	Year 3	Year 1	Year 2	Year 3	Average
Corporate finance	18%	250	-300	200	45	54	36
Trading and sales	18%	100	-70	-80	18	-12.6	-14.4
Retail banking	12%	500	200	-300	60	24	-36
Commercial banking	15%	400	-300	400	60	45	60
Payment and settlement	18%	300	350	300	54	63	54
Agency services	15%	75	50	45	11.25	7.5	6.75
Asset management	12%	50	-100	-20	6	-12	-2.4
Retail brokerage	12%	150	100	80	18	12	9.6
Total Gross Income		1,825	-70	625
Aggregate Capital Requirement					272.25	0*	113.55	129**

*Total capital charge against all business lines for year 2 is negative (-17.1), so the numerator for year 2 is set to zero

**Capital charge averaged for three years, with the numerator for year 2 set to zero

C. Alternative Standardised Approach

The following table shows how to calculate the capital charge for operational risk using the Alternative Standardised Approach.

Business line	Beta factor	Exposure Indicator*			Capital requirement**
		Year 1	Year 2	Year 3	Year 1	Year 2	Year 3	Average
Corporate finance	18%	250	300	200	45	54	36
Trading and sales	18%	100	-70	-80	18	-12.6	-14.4
Retail banking	12%	700***	875***	945***	84	105	113.4
Commercial banking	15%	875***	910***	980***	131.25	136.5	147
Payment and settlement	18%	300	350	300	54	63	54
Agency services	15%	75	50	45	11.25	7.5	6.75
Asset management	12%	50	-100	-20	6	-12	-2.4
Retail brokerage	12%	150	100	80	18	12	9.6
Total Gross Income		2,500	2,415	2,450
Aggregate Capital Requirement					367.5	353.4^#	349.95	356.95^##

*Gross income/loans & advances ^x m
**Exposure indicator (GI or LA ^x m) ^x β
***Outstanding loans and advances ^x m (0.035)
# Sum of eight capital charges for the year
## Three year average capital charge

VII. Appendix
Further Options under the ASA – Option 1
Under the ASA Option 1, banks may aggregate retail and commercial banking using a common beta of 15%, instead of 12% and 15%, respectively, as prescribed under the Standardised Approach (SA). For the other six business lines, the relevant beta factors as prescribed under the SA are used. The exposure indicator remains the volume of loans and advances for commercial and retail banking and gross income for the other six business lines.
Further Options under the ASA – Option 2
Under Option 2, banks may maintain the SA beta factors of 12% and 15% for retail and commercial banking and aggregate the other six business lines with a beta factor of 18%. The volume of loans and advances is used as the exposure indicator for commercial and retail banking. Gross income is used for the other six business lines. Banks undertaking predominantly traditional banking activities, such as retail and commercial banking, and unable to segregate their gross income according to business lines may find it useful to adopt this option.
Further Options under the ASA – Option 3
Under Option 3, banks may aggregate retail and commercial banking with a beta factor of 15% and the other six business lines with a beta factor of 18%. The volume of loans and advances is used as the exposure indicator for retail banking and commercial banking. Gross income is used for the other six business lines.

X. External Credit Assessment Institutions

I. Introduction and Scope
1.Banks are required to use external ratings to determine risk weights for certain types of exposures. However, only external ratings provided by External Credit Assessment Institutions (ECAIs) that have been recognized as eligible for that purpose by the Central Bank may be used. This Guidance describes the specific requirements for the recognition of eligible ECAIs, together with certain other aspects of the use of ratings within the Central Bank’s capital adequacy framework. Note that additional requirements related to the use of ratings in capital requirements for securitisation are provided in the Central Bank’s Standards on Required Capital for Securitisation Exposures.
2.The Guidance is based closely on requirements of the framework for capital adequacy developed by the Basel Committee on Banking Supervision (BCBS), specifically the requirements articulated by the BCBS in International Convergence of Capital Measurement and Capital Standards: A Revised Framework (comprehensive version June 2006), and the revisions from Basel III: A global regulatory framework for more resilient banks and banking systems, December 2010 (rev June 2011).

II. Eligibility Criteria
3.ECAIs may be considered eligible for recognition if they meet the criteria articulated in this section. The Central Bank also takes into account the criteria and conditions provided in the IOSCO Code of Conduct Fundamentals for Credit Rating Agencies (IOSCO CRA Code) when determining ECAI eligibility.
4.The Central Bank’s eligibility determination for each ECAI applies only with respect to the types of claims for which the eligibility criteria have been met by that ECAI.

A. Objectivity
5.ECAI’s should have a methodology for assigning credit ratings that is rigorous and systematic, and is subject to validation based on historical experience. Ratings assessments should be based on methodologies combining qualitative and quantitative approaches. Moreover, assessments must be subject to ongoing review and responsive to changes in financial condition. To establish that an ECAI fulfils this primary component of eligibility criteria, it must demonstrate that it meets the following minimum standards:
1. (i)The ECAI has established rating definitions, criteria, and methodologies, and apply them consistently;
2. (ii)The ECAI should have a robust procedure of rating assignment based on published information, market data, interviews with management, and/or other sources of information that provide a sound basis for purposes of assigning the ratings;
3. (iii)When assigning risk ratings, the ECAI should take into account all major features of credit quality that are relevant under the ECAI’s applicable methodology, and should ensure that the ratings are assigned taking into account all risk factors of the rated entity or issue relevant under the ECAI’s applicable methodology;
4. (iv)The ECAI should demonstrate that rating methodologies are subject to quantitative back testing. For this purpose, the ECAI should calculate and publish default studies, recovery studies, rating transition matrices, or other analyses as relevant to the ECAI’s rating methodology. The analysis should reflect a definition of default that is consistent with international standards, subject to possible adjustments to take into account local practices or institutional or market conditions;
5. (v)The rating methodology for each market segment, including rigorous back testing, must have been established for at least one year and preferably three years;
6. (vi)All rating decisions should be made based on the ECAI’s established criteria and methodologies, subject to documented variations approved in accordance with the ECAI’s procedures;
7. (vii)The ECAI should have a mechanism to review its procedures and methodologies to adapt them to a potentially changing environment; and
8. (viii)The ECAI should maintain adequate systems and internal records to support its assigned ratings.

B. Independence
6.The ECAI should be free from any economic or external political pressures that may influence its credit ratings. In particular, an ECAI should not delay or refrain from taking a rating action based on its potential effect (economic, political or otherwise). The independence of an ECAI shall be assessed on the basis of the following five parameters:
1. (i)Ownership: The ownership structure should not be such that it could jeopardize the objectivity of the rating process. For example, the owners should not hold 10 percent or more of the equity of any entity rated by the ECAI.
2. (ii)Organizational Structure and Corporate Governance: The ECAI should demonstrate that its organizational structure minimizes the scope for external influences to influence the rating process inappropriately. The ECAI should have in place effective corporate governance that safeguards the independence of its credit ratings, promotes integrity, and ensures that internal disagreements over ratings are resolved in ways that do not compromise the overall effectiveness of the rating process.
3. (iii)Financial Resources: The ECAI must demonstrate that its business is financially viable and is able to sustain any commercial pressure that might be exerted by external entities, including the entities being rated. The ECAI’s financial position should not depend significantly on the provision of other services to the rated entities.
4. (iv)External Conflict of Interest: The credit rating process of the ECAI should have the ability to withstand external pressures. The ECAI should demonstrate that it is free from any type of external conflicts of interest, or that conflicts of interest are disclosed and managed.
5. (v)Separation: An ECAI should separate its rating business operationally, legally, and if practicable, physically from its other business operations that may present a conflict of interest, such as advisory services.

C. International Access and Transparency
7.The individual ratings, the key elements underlying the ratings, and whether the issuer participated in the rating process should be information that is publicly available on a non-selective basis.
8.In order to promote transparency and enable stakeholders to make decisions about the appropriateness of its credit rating methods, an ECAI should disclose sufficient information (e.g., rating definition, methods of arriving at the rating, rating process, time horizon of the rating, and the surveillance and review procedure) to facilitate such decisions. The ECAI’s general procedures, methodologies, and assumptions for arriving at ratings should be publicly available.

D. Disclosure
9.A rating should be disclosed as soon as practicably possible after issuance. When disclosing a rating, the information should be clearly worded, and should indicate the nature of the rating and relevant limitations, while providing appropriate warning to users of the potential danger of unduly relying on the rating to make investment or other decisions.
10.To promote transparency and market discipline, an ECAI should demonstrate that it provides access to information that enables stakeholders to make decisions about the appropriateness of ratings for the intended use or uses. At a minimum, the ECAI is expected to make public the following information:
1. •Code of conduct;
2. •Definition of default;
3. •The time horizons reflected in ratings;
4. •Rating definitions;
5. •Rating methods;
6. •Actual default rates experienced in each rating category;
7. •Rating transition matrices;
8. •Whether particular ratings are solicited or unsolicited;
9. •The date of last review and update of ratings;
10. •The general nature of compensation arrangements with rated entities; and
11. •Any actual or potential conflicts of interest.
11.At a minimum, the following conflict-of-interest situations and their influence on the ECAI’s credit rating methodologies or credit rating actions must be disclosed:
1. (i)The ECAI is being paid to issue a credit rating by a rated entity or by the obligor, originator, underwriter, or arranger of a rated obligation;
2. (ii)The ECAI is being paid by subscribers with a financial interest that could be affected by a credit rating action of the ECAI;
3. (iii)The ECAI is being paid by rated entities, obligors, originators, underwriters, arrangers, or subscribers for services other than issuing credit ratings or providing access to the ECAI’s credit ratings;
4. (iv)The ECAI is providing a preliminary indication or similar indication of credit quality to an entity, obligor, originator, underwriter, or arranger prior to being hired to determine the final credit rating for the entity, obligor, originator, underwriter, or arranger; and
5. (v)The ECAI has a direct or indirect ownership interest in a rated entity or obligor, or a rated entity or obligor has a direct or indirect ownership interest in the ECAI.
12.An ECAI should disclose the general nature of its compensation arrangements with rated entities, obligors, lead underwriters, or arrangers. When the ECAI receives compensation unrelated to its credit rating services from a party such as a rated entity, obligor, originator, lead underwriter, or arranger, the ECAI should disclose such compensation as a percentage of the total annual compensation received from that party in the relevant credit rating report or elsewhere, as appropriate. An ECAI should disclose in the relevant credit rating report or elsewhere, as appropriate, if it receives 10% or more of its annual revenue from a single party (e.g., a rated entity, obligor, originator, lead underwriter, arranger, or subscriber, or any of their affiliates).

E. Resources
13.ECAI should possess sufficient human and technical resources to produce high quality credit ratings. Evidence of resource sufficiency includes:
1. (i)Technical expertise of the people should be sufficient to conduct the analysis to support the assignment of ratings, and to maintain contact with senior and operational levels within the entities that are rated. In particular, ECAIs should assign analysts with appropriate knowledge and experience to assess the creditworthiness of the type of entity or obligation being rated; and
2. (ii)With respect to technical resources, an ECAI is expected to apply quantitative techniques and models that can appropriately process and analyze the quantities of data required to support the rating process.

F. Credibility
14.The ECAI must demonstrate that it enjoys credibility in the markets in which it operates. Such credibility is gauged on the basis of:
1. (i)The extent to which it meets the resources requirements stated above;
2. (ii)The extent to which independent parties (investors, insurers etc.) rely on the ECAI’s risk ratings; and
3. (iii)The existence of internal procedures to prevent misuse of confidential information.

G. No Abuse of Unsolicited Ratings
15.The Central Bank may request the ECAI to demonstrate that it has not used unsolicited ratings to put pressure on entities to obtain solicited ratings. If the Central Bank becomes aware of an ECAI using unsolicited ratings to put pressure on entities to obtain solicited ratings, the Central Bank may consider whether it is appropriate to revoke the recognition of the ECAI as eligible for capital adequacy purposes.

H. Cooperation with the Supervisor
16.Eligible ECAIs should notify the Central Bank of significant changes to methodologies, and should provide the Central Bank with sufficient access to external ratings and other relevant data to support initial and ongoing determination of eligibility.

I. Code of Conduct and Regulation
17.The ECAI must adopt and adhere to a code of conduct that is consistent with the IOSCO CRA Code. The ECAI must be subject to effective supervision on an ongoing basis by a competent regulatory authority that has adopted a regulatory regime consistent with the IOSCO CRA Code, and that incorporates a registration system for ECAIs.

III. Recognition of ECAIs

18.The Central Bank’s standards for capital adequacy include mappings that identify risk weights for various types of exposures using a scale that corresponds most closely to the rating system used by Standard & Poor’s. This is done for purposes of exposition and for consistency with the BCBS framework. However, banks should not interpret use of this scale as a Central Bank endorsement of any particular rating agency. Banks may select among all eligible rating agencies as appropriate for purposes of determining risk weights.

19.On the basis of information assessed by the Central Bank, the following entities currently meet the criteria for eligible ECAIs described in this Guidance:

(i)Standard & Poor’s Ratings Services;
(ii)Moody’s Investors Service;
(iii)Fitch Ratings; and
(iv)Capital Intelligence.

20.The Central Bank has concluded that banks can use the ratings of any of the above ECAIs. Banks should be aware that the Central Bank regularly reassesses the extent to which any ECAI meets the criteria stated in this Guidance. Banks must take steps to confirm that any ratings used in capital adequacy calculations are obtained from ECAIs that continue to be viewed as eligible by the Central Bank. Additional entities may be approved as eligible ECAIs in due course.

21.Based on available information regarding the rating processes of these ECAIs, the Central Bank has established the correspondence shown in Table 1 between the long-term rating scales of the various ECAIs. However, if a bank determines that a different mapping is more appropriate, the bank should use that alternative mapping, provided the results are at least as conservative as using the mapping below.

Table 1: Long-Term Rating Correspondence

S & P	Fitch	Moody’s	Capital Intelligence
AAA to AA-	AAA to AA-	Aaa to Aa3	AAA to AA-
A+ to A-	A+ to A-	A1 to A3	A+ to A-
BBB+ to BBB-	BBB+ to BBB-	Baa1 to Baa3	BBB+ to BBB-
BB+ to BB-	BB+ to BB-	Ba1 to Ba3	BB+ to BB-
B+ to B-	B+ to B-	B1 to B3	B+ to B-
Below B-	Below B-	Below B3	Below B-
Unrated	Unrated	Unrated	Unrated

22.For certain aspects of capital adequacy calculations, short-term ratings are used. Based on available information regarding the rating processes of these ECAIs, the Central Bank has established the correspondence shown in Table 2 between the short-term rating scales of the eligible ECAIs. However, as with the long-term ratings, if a bank determines that a different mapping is more appropriate, the bank should use that alternative mapping, provided the results are at least as conservative as using the mapping below.

Table 2: Short-Term Rating Correspondence

S & P	Fitch	Moody’s	Capital Intelligence
A-1+, A-1	F1+, F1	P-1	A1+, A1
A-2	F2	P-2	A2
A-3	F3	P-3	A3
Below A-3	Below F3	Not prime	Below A3

IV. Bank Use of Ratings

A. Bank Use of ECAI Ratings
23.For the purpose of applying ECAI ratings to derive risk-weights for exposures, banks should apply the following process:
1. (i)Identify an ECAI (the “nominated ECAI”) whose assigned ratings the bank intends to use to derive risk weights for some type of exposure that is subject to an external ratings-based approach under Central Bank standards;
2. (ii)Confirm that the nominated ECAIs can provide reasonable coverage of the bank’s exposures in terms of the types of counterparties and the geographical regions covered;
3. (iii)Document the selection of the ECAI and the analysis demonstrating that the ratings of ECAI are appropriate for the specific use;
4. (iv)Notify the Central Bank of the nominated ECAI and of the intended application of the ratings of that ECAI to the bank’s external ratings-based calculations; and
5. (v)Use the ratings of the ECAI within external ratings-based calculations consistently.
24.Banks must use the chosen ECAIs and their ratings consistently for each type of claim for which the ECAI and its ratings are approved, and must seek the consent of the Central Bank on any subsequent changes to the application of those ratings. Banks may not “cherry-pick” the ratings provided by different ECAIs, and must maintain records of which ECAIs they use for various purposes within capital adequacy calculations. Banks may not use unsolicited ratings that may be provided by any ECAI.
25.When banks use external ratings to assign risk weight to securitisation exposures under the Central Bank’s Standards on Capital for Securitisation Exposures, additional operational requirements apply to the ratings and the ECAI that is the source of the ratings.

B. Multiple Ratings
26.If there is only one rating by a nominated ECAI for a particular claim, that rating should be used to determine the risk weight of the exposure.
27.If there are two ratings by nominated ECAIs that map to different risk weights, the higher risk weight must be applied.
28.If there are three or more ratings with different risk weights, the ratings corresponding to the two lowest risk weights should be referred to. If these give rise to the same risk weight, that risk weight should be applied. If different, the higher risk weight should be applied.

C. Other Considerations in the Use of Ratings
29.External ratings for one entity within a corporate group cannot be used to risk weight other entities within the same group.
30.A bank must treat a relevant exposure or the person to whom the bank has a relevant exposure as “unrated” for risk weighting purposes if that exposure or that person does not have a rating assigned to it by the ECAI otherwise used by the bank.
31.Where a bank is applying external ratings to an exposure that corresponds to a particular issue with an issue-specific rating, the risk weight of the claim must be based on this issue-specific rating. In other cases, the following requirements apply:
1. (i)In circumstances where the borrower has a specific rating for an issued debt claim, but the bank’s exposure does not relate to this particular rated claim, a high-quality credit rating (that is, one that maps to a risk weight lower than the risk weight that would apply to an unrated claim) on that specific issue may only be applied to the bank’s un-assessed exposure if the exposure ranks pari passu with or senior to the rated issue in all respects. If not, the credit rating cannot be used, and the un-assessed claim exposure should receive the risk weight for unrated claims.
2. (ii)In circumstances where the borrower has an issuer rating, this rating typically applies to senior unsecured claims on that issuer. Consequently, only senior claims on that issuer will benefit from a high-quality issuer rating if one exists. Other un-assessed claims of a highly assessed issuer will be treated as unrated. If either the issuer, or a particular issue from that issuer, has a low-quality rating (that is, one that would map to a risk weight equal to or higher than would apply to an unrated exposure), then a bank with an unrated exposure to the same counterparty that ranks pari passu with or is subordinated to senior unsecured (in the case of an issuer rating) or to the specific issue (in the case of an issue-specific rating) should risk-weight that exposure using the low-quality rating.
32.Where a bank intends to rely on an issuer or an issue-specific rating, the rating must take into account and reflect the entire amount of credit risk exposure a bank has with regard to all amounts owed to it.
33.Where exposures are risk-weighted based on the rating of an equivalent exposure to that borrower, foreign currency ratings should be used for exposures in foreign currency. If there is a separate domestic currency rating, it should be used only to risk-weight exposures denominated in the domestic currency.
34.In order to avoid double counting of credit enhancement factors, no supervisory recognition of credit risk mitigation techniques will be taken into account if the credit enhancement is already reflected in the rating of a specific issue.

V. Ongoing Review
35.The Central Bank determines on an ongoing basis whether an ECAI meets the criteria for recognition according to this Guidance. In this regard, the Central Bank conducts periodic reviews of each recognized ECAI. Any changes to the list of approved ECAIs or to the established correspondence between their ratings will be publicly disclosed by the Central Bank in a timely manner.

VI. Requests for Recognition of ECAIs
36.The Central Bank may consider additional ECAIs as eligible for use within capital adequacy standards. These additional ECAIs may be identified for consideration by the Central Bank, or may be identified by banks or by the ECAIs themselves. The Central Bank will evaluate potential additional ECAIs against the eligibility requirements in this Guidance, under procedures established by the Central Bank.
37.Banks that identify potential additional ECAIs for consideration by the Central Bank must provide information about the ECAI that would allow an appropriate evaluation by the Central Bank according to this Guidance. The banks should identify the types of claims to which the ECAIs ratings might be applied, as well as the geographies covered, and explain the need for, or value of, recognizing the ECAI as eligible. Banks should provide a preliminary evaluation, subject to Central Bank review, of how the ECAI meets all of the eligibility criteria described above in this Guidance.
38.ECAIs may also request recognition from the Central Bank. In such cases, the ECAI must provide detailed information that would allow a complete evaluation by the Central Bank under this Guidance. The ECAI should provide evidence, subject to Central Bank review, that the ECAI meets all of the eligibility criteria described above in this Guidance, including full compliance with the IOSCO CRA Code.

VII. Frequently Asked Questions
Question 1: What is meant by “international standards” in connection with the definition of default?
The most widely accepted international standards for assessing the capital adequacy of banks, i.e. the Basel framework, incorporate specific definitions of default for wholesale and retail credit. ECAI definitions of default should broadly reflect those definitions, although they need not precisely duplicate the Basel definitions.
Question 2: Can definitions of default be adjusted to take into account local practices or institutional or market conditions?
Yes, as the Guidance notes, certain adjustments for local conditions may be appropriate, particularly to account for default conditions that should be interpreted as demonstrating that a borrower is “unlikely to pay.” As the BCBS has noted in guidance to banks, some flexibility in the definition of default is appropriate to reflect the particular circumstances of each jurisdiction.
Question 3: Must the quantitative back testing of ratings outcomes incorporate an analysis of recovery rates in all cases?
No, the quantitative analysis conducted should be tailored as appropriate to demonstrate the performance of the actual rating methodology applied by the ECAI. Specifics of the analysis may differ depending on the methodology; for example, if the rating methodology solely reflects default probabilities rather than loss rates, then recovery studies may not be relevant.
Question 4: Can unsolicited ratings be used for bank capital calculations?
No, the Central Bank of the UAE has determined that unsolicited ratings do not provide an appropriate basis for capital calculations by banks in the UAE.
Question 5: Does the recognition of certain rating agencies by the Central Bank imply an endorsement of those ECAIs?
No, recognition reflects only a determination that an ECAI and its ratings meet the requirements to be used for regulatory capital calculations as articulated in Central Bank standards and regulations.
Question 6: Does the requirement that rating methodologies be established for at least one year preclude new rating methodologies from being introduced?
No, this requirement does not preclude the development and implementation of new rating methods by an ECAI. However, use of ratings for capital adequacy calculations (as opposed to other uses of ratings) requires a demonstration of the reliability of the ratings. Demonstration of reliability takes time; one year of experience is the minimum requirement, and longer periods of observation, perhaps operating in parallel with previous rating methodologies, are preferable.
Question 7: Do ratings correspond to specific risk weights for capital, and if so where is that correspondence found?
Yes, the purpose of recognition of ECAIs and the alignment of their ratings as specified in the Guidance is to facilitate the use of these ratings for risk-weight assignments in regulatory capital adequacy calculations. Please consult the relevant Standards (such as the Standards on Credit Risk) for risk weights corresponding to each rating category.

VIII. List of Abbreviations
BCBS: Basel Committee on Banking Supervision
ECAI: External Credit Assessment Institution
IOSCO: International Organization of Securities Commissions

Pillar 2

Pillar 2 – Internal Capital Adequacy Assessment Process (ICAAP)
Updated version of this section of the Guidance to be issued.

I. Introduction and Purpose

1. All banks licensed by the Central Bank of the UAE must ensure that Pillar 1 risks - credit, market, and operational risk - are mitigated by capital, in compliance with the capital adequacy framework articulated in the document Central Bank “Regulations re Capital Adequacy” issued under Notice 60/2017 and the supporting capital standards and guidance, articulated in the document Central Bank “Standards and Guidance re Capital Adequacy of Banks in the UAE”. Incompliance with the Standards, each bank is required to quantify all risks that are not covered, or not sufficiently covered by Pillar 1 capital, and determine the additional capital required to mitigate these risks. The capital required to cover these risks is referred to as Pillar 2 capital.

2. Each bank is required to have a process to assess its overall capital adequacy as a function of its risk profile and its strategy. Each bank is required to maintain appropriate capital levels in accordance with the Central Bank Standards on Pillar 2 capital. This process is termed the Internal Capital Adequacy Assessment Process (ICAAP).

3. As part of the Supervisory Review and Evaluation Process (SREP), the Central Bank analyses the capitalisation levels of banks among other information, referring to the results of the ICAAP with regard to the internal view of capital adequacy. If the evaluation concludes that the capital levels of the individual bank are not satisfactory, the Central Bank may require a bank to meet an adjusted Minimum Capital Adequacy ratio accordingly.

4. Consequently, Pillar 2 is both a bank internal process reported under the ICAAP, and the evaluation of each bank’s compete capital adequacy includes the ICAAP in its regulatory process - the SREP. First, it is the responsibility of each bank to ensure that its ICAAP is comprehensive and proportionate to the nature, scale, and complexity of its activities. Each bank bears the responsibility for the appropriate identification, estimation, and reporting of risks, and the corresponding the calibration of capital necessary to mitigate these risks. Second, the ICAAP is a critical reference for supervision and for the supervisory dialogue between banks and Central Bank.

Purpose

5. This Guidance presents minimum expected practices to be considered by each bank in order to undertake their ICAAP, covering the process, content, outcome, and usage. It clarifies the application of the Central Bank’s expectations regarding the requirements of the Central Bank ICAAP Standards. Note, that the Central Bank plans to issue separately detailed requirements relating to the Internal Liquidity Adequacy Assessment Process (ILAAP).

6. It also intends to support each bank in the identification, measurement, reporting, and mitigation of Pillar 2 risks. This Guidance does not prescribe specific methodologies but rather, it provides a framework, within which a bank should elaborate research, analyse, and draw conclusions relevant to the risk profiles of their books. Each bank remains fully responsible for the methodology and process supporting the ICAAP.

7. All methodologies employed by a bank for its ICAAP should be relevant to its business model, risk profile, to the geographies of its exposures, and, in particular, to the features of the UAE economy. The methodologies and processes employed by the bank in its ICAAP should be fully documented, transparent and replicable. Each bank should be in a position to justify their decisions and modelling choices with historical data and benchmarking across a range of practices, which will be subject to supervisory scrutiny. Models employed for the measurement of Pillar 2 risks should comply with the Central Bank Model Management Standards and Guidance.

8. The Central Bank may apply proportionality for smaller and less complex banks when evaluating the ICAAP. This does not mean that smaller or less complex banks are exempted from the reporting requirements or from undertaking a comprehensive assessment of the risks they face. Smaller banks have to perform the whole ICAAP and address the full reporting scope. In cases where a bank’s capabilities lead them to use simpler methodologies, a more conservative capital treatment may be appropriate. However, the Central Bank expects a more sophisticated risk management approach from large banks and/ or banks with complex risk profiles in the assessment of their Pillar 2 risks.

9. For the licensed operations of foreign banks in the UAE, when this document refers to the bank’s Board, it should be comprehended as the Managing Director and/ or the highest committee in the UAE operations of the bank in which the Managing Director has to be the Chairman.

10. This Guidance serves several purposes. It

(i)	Explains in more detail the Central Bank’s expectations on fulfilling the requirements of the ICAAP Capital Standards, in particular, related to the ICAAP (process) at each bank and certain aspects of the content of the ICAAP report;
(ii)	Covers expectations on some processual elements of the ICAAP, such as an appropriate approval process of the ICAAP report and its submission timelines; and
(iii)	Formulates expectations about additional sections of the ICAAP report (e.g. related to internal audit findings and changes compared to the previous ICAAP report).

II. ICAAP Executive Summary

11. It is important that the executive summary of the ICAAP document produced by each bank should explain the views of Senior Management and the Board on the suitability of the bank’s capital to cover the risks faced by the bank in light of its risk profile, its risk appetite and its future business plans. These views must be supported by key quantitative results including the current and expected capital position of the bank under various economic conditions including stressed circumstances. It should also provide a clear analysis of the drivers of capital consumption, including Pillar 1 and Pillar 2 risks and stress testing. The conclusion should be unambiguous, forward-looking and consider the uncertainty of the business and economic conditions.

12. More specifically, the executive summary of the ICAAP report should contain the following elements:

(i)	The main findings of the ICAAP;
(ii)	A brief description of the ICAAP governance framework covering the stakeholders, the assessment process, the challenging process and the approval process;
(iii)	A brief presentation of the bank’s structure, subsidiaries, businesses, material risks, risk appetite, and risk mitigating actions, where applicable;
(iv)	A description of the current capital position of the bank showing the allocation of capital per risk type, covering Pillar 1 and Pillar 2 risks;
(v)	Each bank should complete the ICAAP Executive Summary Table (Table 3) as indicated in Appendix 2 of this document;
(vi)	A description of the current capital composition of the bank against minimum capital requirements covering at least CET1, AT1, and Tier 2 capital ratios;
(vii)	A forward-looking analysis of the budgeted capital position of the bank, based on the bank’s expected business plan over the next three (3) years, reflecting the current, and expected economic conditions. This needs to cover expected dividend distribution;
(viii)	An analysis of the capital position and capital ratios under several stress scenarios, the analysis of the stress scenarios should include the intended risk mitigation actions;
(ix)	An assessment of the adequacy of the bank’s risk management processes including critical judgment on the areas that need improvement; and
(x)	A conclusion of the ICAAP addressing the suitability of the capital to cover the bank’s current and expected risks.

13. Appendix 3.4 lists further information and documentation that is required to accompany a bank’s ICAAP report.

III. ICAAP Governance
14. Given the critical and major role of the ICAAP in banks’ sustainability and strategy, the Board of Directors is required to approve the ICAAP. The ICAAP should be subject to an effective decision-making process, by which the assumptions, projections, and conclusions are thoroughly discussed, analysed, and challenged at several levels in the organisation including (i) the relevant committees of subject matter experts, (ii) Senior Management, and (iii) the Board.
15. The Board has ultimate ownership and responsibility of the ICAAP. It is required to approve an ICAAP on a yearly basis. The Board is also expected to approve the ICAAP governance framework with a clear and transparent assignment of responsibilities, adhering to the segregation of functions, as described in Refer to Appendix 3.1. The governance framework should ensure that the ICAAP is an integral part of the bank’s management process and decision-making. The ICAAP governance framework should include a clear approach to the regular internal review and validation by the appropriate functions of the bank.
16. The policy framework should be approved by the Board. Senior Management has to implement the framework via effective procedures and systems. The framework must include measures reflected in the ICAAP report applied in day-to-day business and supported by suitable MIS at appropriate frequencies. A key aspect of this requirement is the “Use Test” principle covered in the next section. The risk framework has to be applied across the organisation.

IV. ICAAP Methodology, Scope and Use Test

Methodology

17. The ICAAP is an ongoing process. On an annual basis, every bank is required to submit a document outlining the outcome of the ICAAP to the Central Bank, usually referred to as its ICAAP document or report. The ICAAP supplements the Pillar 1 minimum regulatory capital requirements by (i) identifying risks that are not addressed or not fully addressed through Pillar 1 regulations, referred to as Pillar 2 risks, and (ii) determining a level of capital commensurate with the level of risk. The Central Bank requires each bank to adopt a Pillar 1 plus approach. According to this, the bank’s total capital requirements include the minimum Pillar 1 regulatory capital requirements, plus the capital required to cover Pillar 2 risks. As a result, the ICAAP should result in additional capital requirements specific to each bank’s business model.

18. Board and Senior Management are responsible to deliver a comprehensive, effective, and accurate assessment of capital adequacy. Each bank is consequently required to conduct an ICAAP supported by appropriate methods and procedures to ensure that adequate capital covers all material risks. Each bank should adopt progressively more sophisticated approaches in measuring risks to keep up with the business model evolvement, the risk profile, size of the bank, and appropriate market practice. The key objective is for each bank to be transparent and demonstrate the relevance of the approach taken in relation to the nature of their activities and risk profile to the Board and the Central Bank.

19. The frequency of reporting to the Board is expected to be at least quarterly, but, depending on the size, complexity, business model, risk types of the institution, and the market environment, reporting might need to be more frequent to ensure timely management actions. The quarterly reporting should comprise the internal calculation of the capital ratios (Pillar 1 and Pillar 2 under business-as-usual (BAU) and under stress scenarios), which includes determining the surplus/ shortfall of capital. Stress scenarios and internal forecasts only need to be updated on a quarterly basis, if required. Nevertheless, the ICAAP reporting to the Central Bank remains an annual exercise. However, if the quarterly results deviate significantly compared to the results of the ICAAP report as submitted to the Central Bank, then the bank should inform the Central Bank of the updated capital plan (including reasons for the deviations, capital ratios and mitigation actions).

20. The ICAAP should be supported by robust methodologies and data. All models used directly or indirectly in the ICAAP should follow the bank’s model management framework, in compliance with the Central Bank Standards and Guidance. The data employed in the ICAAP should be comprehensive, reliable, follow rigorous quality checks, and control mechanisms.

Scope

21. Each bank is expected to ensure the effectiveness and consistency of the ICAAP at each level, with a special focus on the group level for local banks. The ICAAP of these banks is expected to assess capital adequacy for the bank on a stand-alone basis, at regulatory consolidated level, and for the entities of the group. The ICAAP should primarily evaluate the capital requirement and capital adequacy of the bank at group level, following the regulatory consolidation. However, each bank should analyse whether additional risks arise from the group structure of the bank. The group structure must be analysed from different perspectives. To be able to effectively assess and maintain capital adequacy across entities, strategies, risk management processes, decision-making, methodologies, and assumptions applied should be coherent across the entire group. Identified additional risks may increase the capital requirement on group level accordingly.

22. Capital transferability within the group should be assessed conservatively and cautiously, which should be considered in the ICAAP. Each bank should have a process to ensure capital transferability that addresses any restrictions on the management's ability to transfer or allocate capital into or out of the bank's subsidiaries (for example contractual, commercial, regulatory, or statutory/legal restrictions that may apply). The capital allocation or distribution and the approval process between the bank’s holding company (group/parent) and the subsidiaries in the banking group should be well defined. The analysis should also consider risks arising from structural foreign currency positions relating to assets, liabilities, and equity.

23. A bank that has domestic or foreign subsidiaries or branches is expected to evaluate the difference between the ICAAP determined for the bank (including its subsidiaries) and the ICAAP at solo level (without subsidiaries). Therefore, the bank should identify any potential and additional risks both at consolidated group level and at solo bank level. The analysis should also address international operations that have jurisdictional capital requirements or restrictions.

24. Additional risks may also arise from entities that are not consolidated under Pillar 1, e.g. investments in commercial subsidiaries, including Special Purpose Vehicles (SPV), and insurance companies. Each bank should evaluate whether the required Pillar 1 capital adequately covers all risks arising from those entities. The evaluation should consider all risk types, including credit risk, reputational risk, and step-in risk, etc. The analysis should not be limited to branches and subsidiaries but should also consider affiliates, if material. Such analysis should not be limited to local banks only, also foreign banks operating in the UAE should identify and analyse all their dependencies on parent companies through centralised risk management/ shared services etc.

Use Test

25. The ICAAP and the bank’s business strategy form a feedback process. While the ICAAP has to reflect the bank’s business strategy, and business decisions. The bank should implement a formal process to analyse whether the outcomes of the ICAAP influence the business strategy. Banks should determine which additional capital requirements under Pillar 1 and Pillar 2 in business as usual BAU and stress scenarios on the top of the minimum regulatory requirements would be adequate and whether the bank’s risk appetite is adequate or requires to be adjusted accordingly. The formal feedback process should also include links to the banks’ business decisions, risk management process (e.g. using the ICAAP methodologies, results in the approval process, limit setting, strategic processes, such as capital planning or budgeting, and performance measurement). For that purpose, the Board and Senior Management should lead and approve the assumptions, methodology, framework, and outcome of the ICAAP. The usage of the ICAAP within the organisation and its alignment with strategic decisions is referred to as the ‘Use Test’.

26. The ICAAP should have an interactive relationship with other key processes within the bank, including but not limited to, (i) business strategies, (ii) financial budgeting, (iii) risk management, (iv) risk appetite setting, and (v) stress tests. Metrics related to capital allocation and capital consumption should be included in the banks’ risk appetite. Conversely, the metrics pertaining to business management and to risk management should take into consideration the capital plan.

27. Conceptually, this circular process should be articulated according to the following illustration and guidance. Each bank should design its own iterative process:

(i)	The Board, Senior Management and the business lines should provide their business plan and budget to construct the ICAAP;
(ii)	The risk management function should analyse the feasibility and the risks associated to such business plan;
(iii)	The ICAAP should result in an estimation of the adequate level of capital given the business and risk assumptions. This should be approved by the Board and by Senior Management; and
(iv)	In return, the ICAAP and capital requirements should feed back to the business lines and the risk management function in order to steer the strategy of the bank.

28. The stakeholders should regularly interact with each other during the production of the ICAAP in order to (i) obtain consistent forward-looking capital projections, and (ii) use capital projections consistently in their own decision-making. The stakeholders should include, but not be limited to, the Board, Senior Management, the business lines, the risk management function, and the finance function.

29. Each bank should demonstrate its appropriate usage of the ICAAP via the production of thorough documentation, reporting covering the process, methodology, decision-making for capital allocation, and strategy. Each bank should document the overall ICAAP design, including key elements and the mechanism by which they interact with each other. Such components should include, but not be limited to, the business strategies, risk appetite statement, risk measurement methods, stress tests programme, and reporting across the Group.

30. Regular reporting should be constructed to measure and monitor Pillar 2 risks in addition to the annual ICAAP report exercise. Adequate metrics and associated limits should be designed in relation to the bank’s size and complexity.

31. The Central Bank shall evaluate evidence that the bank has embraced the process for business rather than regulatory reasons. Evidence should be provided that the management has, through the ICAAP, made the business more efficient or less risky.

V. Capital Planning

32. Each bank should operate above the minimum capital requirements set by the Central Bank. Each bank should have a capital plan approved by the Board. The objective of capital planning is to ensure that:

(i)	Each bank is compliant with minimum regulatory requirements;
(ii)	The bank is viable and able to endure external economic changes; and
(iii)	Each bank’s capital is calibrated to its risk profile in order to absorb unexpected losses through time, including periods of economic downturn.

33. The ICAAP should be designed as a tool to adequately support these objectives. Each bank’s management is expected to develop and maintain an appropriate strategy that ensure the level of capital and the process to estimate such level should be commensurate with the nature, scope, scale, size, complexity, and risks of each bank.

34. The ICAAP should be forward-looking taking into account both internal and external drivers over a period covering three (3) to five (5) years. The capital planning should take into account the bank’s business plan, its strategic development and the economic environment.

35. The multi-year capital forecast should be assessed and calibrated through two perspectives:

(i)	Pillar 1: The bank’s ability to fulfil all of its capital-related regulatory, supervisory requirements, and demands; and
(ii)	Pillar 2: The bank’s ability to cope with capital demands beyond that of the regulatory requirements, in accordance to its risk profile.

36. Both perspectives should be function of the bank’s business plan. In addition, the second perspective should incorporate a more granular, specific, and accurate measurement of risks. Both perspectives should take into account the current, expected economic environment, and consider the occurrence of stressed events.

37. If the bank identifies a shortfall in capital pertaining to either Pillar 1 or Pillar 2. It is expected to consider measures to maintain adequate capitalisation, reverse the trend, review its strategy, and risk appetite.

38. For each internal stress test scenario for capital planning purposes, each bank is expected to consider credible, quantifiable management actions that the bank could practically take to mitigate any capital impact of stress scenarios. Such mitigating actions for ICAAP stress scenarios may differ from actions related to recovery planning. The timing and execution of these management actions should be supported by appropriate trigger points of the bank’s capital position, which may be informed by their internal risk appetite for capital adequacy. When the bank’s capital ratios fall below its internal risk appetite, it is expected that the bank is able to execute the necessary measures, i.e. the bank should explain how the capital adequacy would be ensured/ restored (e.g. via a capital contingency plan). In assessing the effectiveness of a management action, each bank should also consider the perceived reputational impact (e.g. as viewed by the market, customers, government etc.) on taking such an action in a stress. The results should be disclosed in the ICAAP report with and without those management actions that have been approved by the bank’s Board.

39. If the bank plans the increase of its capital base (e.g. capital issuances, rights issues, reduction in the equity, etc.), the bank may consider the capital increase in its capital planning. The bank should only consider capital increases that have obtained Senior Management approval and form part of the bank’s official capital plan and that have been discussed with the Central Bank. A bank that considers capital increases in it capital planning has to perform an additional stress test scenario to analyse the impact if the capital increase does not materialise.

40. The following elements should be included in the ICAAP report or related appendix:

(i)	Assumptions related to business developments over the forecasted period;
(ii)	Assumptions related to the economic environment over the forecasted period;
(iii)	Summary of historic capital base, aggregate RWAs, and CAR ratios for a minimum of five (5) years;
(iv)	Disclosure of the following forecasted financial projections:
(v)	Detailed balance sheet;
(vi)	Detailed statement of profit and loss;
(vii)	Break down of Capital base into its regulatory components;
(viii)	Break down of Risk Weighted Assets (RWAs) components;
(ix)	Significant ratios (e.g. CET 1, Tier 1, and CAR);
(x)	A method to calibrate capital needs to the current and expected levels of risks, in coherence with the bank’s risk appetite, business plan, and strategy;
(xi)	It should include the likely future constraints on the availability and the use of capital; and
(xii)	Any future regulatory and accounting changes that can potentially impact such plan.

41. Banks are required to fulfill internal risk appetite requirements in the bank’s self-assessment of Pillar 1 and Pillar 2 minimum regulatory capital requirements. Banks should fulfill the minimum capital requirements plus capital buffer requirements under business as usual (BAU) conditions. Under stress testing (ST) banks should fulfill the minimum capital requirements without the requirement to meet buffer requirements.

42. The capital planning should not be limited to risk-based capital ratios but should also consider the leverage ratio of the bank. Bank should analyse and consider unaccounted foreseeable events in the capital plan, e.g. regulatory changes like the revised standardised approaches for credit, market and operational risk.

VI. Material Risks

43. As a part of its risk management practices, each bank is responsible for implementing a regular process to identify, measure, report, monitor, and mitigate risks. Such risk management process should be used as direct input into the calibration of capital demand to cover both Pillar 1 and Pillar 2 risks. The framework supporting the estimation of capital consumption for each risk type should approved by Senior Management and the Board.

44. All risks identified as material risks are expected to be addressed in the ICAAP. Risk materiality should depend on each bank’s business model and risk profile. The scope of such risk identification should cover the entire group, including all branches and subsidiaries of the bank. The Central Bank considers credit concentration risk and interest rate risk in the banking book (IRRBB) as defined in this Guidance, as material risks. Given the growing risk universe outside of traditional Pillar 1 risks, each bank must define, update, and review the applicable ICAAP risks on a continuous basis (e.g. quarterly).

45. The identification of risks should distinguish between direct risks and indirect risks. Direct risks are explicit and commonly identifiable risks, such as the credit risk associated with facility underwriting. Indirect risks are arising as second order consequences of direct risks and unforeseen events. For instance, an increase in fraud and cyber-attacks as a consequence of an economic downturn or a pandemic during which employees are forced to work from home. Other examples are the credit risk arising from derivatives during periods of high market volatility or the increase in credit risk resulting from a drop in collateral values following a real estate market crash.

46. The identification of risks should be supported by a regular and structured process. An inventory of risks should be recorded for each business activity and each portfolio on a regular basis. In addition to the regular updates (i.e. at least quarterly), it is expected to adjust the inventory whenever it no longer reflects the risks that are material, e.g. because a new product has been introduced or certain business activities have been expanded. This should support the production of ICAAP from one year to the next.

47. The measurement of risk should be transparent, documented, and supported by subject-matter experts throughout the bank. Each expert function should contribute to its area of expertise, in such way that the ICAAP is a reflection of a collective work substantiated by thorough analysis. Each dedicated risk team should provide a comprehensive assessment of the risk drivers and materiality of the risk they manage.

48. The estimation of the capital consumption associated with each risk should be based upon clear methodologies designed appropriately for each risk type. Each bank should identify the owner of such methodology either within the team responsible to manage risks or with a centralised team responsible for aggregating risk information and to construct the ICAAP. Ultimately, the process to identify, measure risks, and estimate the associated capital consumption should be approved by Senior Management and the Board.

49. In the case of vendor models, this includes the expectation that such models are not expected to be imported mechanistically, but rather they are expected to be fully understood by the bank and well suited for, and tailored to, its business and its risk profile.

50. The identification of risks should result in distinct types:

(i)	Pillar 1 risks that are not fully captured and that are covered by insufficient capital. For instance, the market risk capital consumption under Pillar 1 might not incorporate sufficient basis risk; and
(ii)	Risks that are not captured at all as part of the Pillar 1 framework.

51. Each bank should not develop separate methodologies for risk measurement, if those are not employed for risk management. The Use Test assumes that the method and conclusion of the ICAAP should be coherent with the bank’s internal practices.

52. To ensure an adequate assessment of high quality, each bank should establish, and implement an effective data quality framework, to deploy adequate processes, and control mechanisms to ensure the quality of data. The data quality framework should ensure reliable risk information that supports sound decision-making, covers all relevant risk data, and data quality dimensions.

53. The next sections contain explanations and expectations on certain risk types (e.g. Business Model Analysis (BMA) and strategic risk, Interest Rate Risk in the Banking Book, and Credit concentration risk).

A. Business Model Analysis (BMA) and Strategic Risk

54. Business model analysis embodies the risk that the bank has failed to structure its organisation and operations (expertise, systems, and processes) in a way that leads to achieving its primary business and strategic objectives.

55. Strategic risks arise when the bank’s business model, organisation structure, operations, and/or strategy are no longer adequate to deliver the objective of the bank as specified by the Board.

56. The bank should conduct regular business model analysis (BMA) to assess its business and strategic risks to determine:

(i)	The ability of the bank’s current business model to deliver suitable results over the following 12 months;
(ii)	The sustainability of the bank’s strategy and its ability to deliver suitable/ acceptable results over a forward-looking period of at least three (3) to five (5) years, based on the strategic plans and financial planning;
(iii)	The sustainability and sufficient diversification of income over time (three (3) to five (5) years). This analysis should consider the sources and levels of income and expenses; and
(iv)	The ability of the bank to deliver total financial data across the group and for each of its key business units (includes forward-looking performance and profitability).

57. An effective BMA contains a through-the-cycle view of the sustainability of the business model in its current state and against a projected view of the bank’s funding structure, return on equity (ROE), capital supply, and capital demand, the effect this has on the product, service pricing, and resource requirements. The business planning should be clear, aligned, and integrated with the bank’s strategy, governance, risk-appetite statement, recovery plans, internal controls, stress tests, and internal reporting (MIS).

58. Each bank should elaborate on the linkage and consistency between their strategic decisions, risk appetite, and the resources allocated for achieving those strategies. The bank should articulate the frequency of monitoring and quantifying changes in its financial projections (e.g. balance sheet, profit and loss, and concentrations) regularly to verify that they are consistent with the business model, risk appetite, and the achievement of the bank’s strategic goals.

59. An effective BMA enables banks to identify vulnerabilities at an early stage and assess their ability to adapt to changes in their specific operating environment therefore helps to promote the safety and soundness of banks. A well-designed and comprehensive BMA approach provides banks with the basis to understand, analyse, assess the sustainability of their business models, enhance proactive, forward-looking operations, and strategy evaluation.

60. Each bank’s business model should be based on analyses and realistic assumptions (stress tests, scenario analyses, and driver analyses, etc.) about the effect of strategic choices on financial and economic outcomes of operations performed. This will enable the bank and the Central Bank to understand the nature of the business model and the inherent risks. Each bank should perform an analysis that involves identifying, challenging the dependency of strategies on uncontrollable external factors, and assumptions (e.g. market interest rates, demand growth in the target customer markets, degree of competition in the markets, cost of entry, and compliance costs).

61. An effective BMA addresses the banks’ ability to produce aggregate financial data across the banking group as a whole, and the bank solo level, for each of its main business units and business lines. Moreover, to make the best use of this data and transform it into relevant inputs, banks need to develop and use analytical tools including stress tests, peer group assessments, profitability forecasts and analysis, and scenario analyses.

62. The documentation provided in support of the business model should contain an overview of the business activities of the bank and an overview of the structure/organisational details of the bank. For example a brief description of the business model, present financial condition, any expected changes in the present business model, the expected future business environment, business plans, and the projected financial condition for the following year.

63. The following additional information and documentation should be referenced (if not part of) the ICAAP report:

(i)	Bank’s strategic plan(s) with current-year, forward-looking forecasts, and underlying economic assumptions;
(ii)	Financial reporting (e.g. profit and loss (P&L), and balance sheet), covering the most recent period and the whole (forward-looking) ICAAP reporting period;
(iii)	Internal reporting (e.g. management information, capital reporting, liquidity reporting, and internal risk reporting);
(iv)	Recovery plans, including the results of resolvability assessment, if any, and identification of critical functions;
(v)	Third-party reports (e.g. audit reports, and reports by equity/credit analysts), states their main concerns and issues;
(vi)	A descriptive report on the main business lines generating revenues broken down by main products, services, other activities, geographies, and market position; and
(vii)	Peer group analysis segregated by competitor bank, product, or business lines targeting the same source of profits and customers (e.g. credit card businesses targeting consumers at a particular economic stratum in a specific country.

64. Business model analysis may act as a base for the development of Reverse Stress Test scenarios.

B. Credit Risk
65. Credit risk is the risk of losses arising from a borrower or counterparty failing to meet its obligations as they fall due. Each bank should assess all its credit exposures and determine whether the risk weights applied to such exposures under the regulatory standardised approach for credit risk (Standardised Approach) are appropriate for the inherent risk of the exposures. Each bank should have the ability to assess credit risk at the portfolio level as well as at the exposure or counterparty level.
66. To ensure that each bank has sufficient capital allocated for credit risk, each bank should compare their capital consumption under two methods for all credit exposures across all asset classes: (i) the Standardised Approach and (ii) an estimation under the foundation internal-rating based approach (F-IRB) in the Basel Framework (“IRB approach: risk weight functions”, CRE31).
67. The Central Bank recognises that some banks may not have appropriately calibrated probability of defaults (PDs) for the calculation of the F-IRB approach. In the absence of such calibration, banks should rely on their 1-year PD used for IFRS provisioning purposes. Each bank should undertake this comparison at asset class level, where higher F-IRB numbers indicate additional required capital. Drivers of material differences between the two approaches should be explained.
68. If a bank uses credit risk mitigation techniques (CRMT), it should analyse and evaluate the risks associated to such mitigation under Pillar 2 risks measurement. The bank should analyse potential effects, the enforceability and the effectiveness of such CRMT, in particular in the case of real estate collaterals in order to estimate residual credit risk with prudence.

C. Market Risk
69. Market risk is the risk of losses in on- and off-balance sheet positions arising from movements in market factors such as interest rates, foreign exchange rates, equity prices, commodities prices, credit spreads, and options volatilities. Each bank should have methodologies and limits that enable it to assess and actively manage all material market risks, at several levels of granularity including position, desk, business line, or firm-wide level.
70. Under its ICAAP, each bank should assess its capital adequacy for market risk by considering methods other than the regulatory standardised approach for market risk. Each bank should start this assessment with the metrics already employed to measure market risk as part of regular risk management, including net open positions (NOP), value-at-risk (VaR), stressed VaR, and economic stress tests. The calibration of capital associated to Pillar 2 risks should be undertaken with prudence and should include risks such as concentration risk, market illiquidity, basis risk, and jump-to-default risk.
71. Ultimately, market risk capital should be designed to protect the bank against market risk volatility over the long term, including periods of stress and high volatility. Therefore, each bank should ensure that such calibration include appropriate stressed periods. The analysis should be structured based on the bank’s key drivers of market risk, including portfolios, asset classes, market risk factors, geographies, product types and tenors.
72. Each bank should analyse its amortised cost portfolio under Pillar 2, considering the difference between the market value against the book value.

D. Operational Risk
73. Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, or systems, or external events. This definition includes legal risk and compliance risk but excludes strategic and reputational risk. The framework for operational risk management should cover the bank’s appetite and tolerance for operational risks, and the manner and extent to which operational risk is transferred outside the bank.
74. Operational risk is a recurrent and a material source of losses for many banks but the existing approaches (the Basic Indicator Approach (BIA), the Standardised Approach (SA), and the Alternative Standardised Approach (ASA)) for calculating Pillar 1 operational risk capital may not reliably reflect the nature and scale of potential operational risk losses. The Pillar 1 Standardised Approach for operational risk uses gross income as a measure of capital. Gross income is a risk-insensitive proxy for operational risk capital, which may lead banks to underestimate the risk. This was evident during the economic downturn in 2009, when banks’ income dropped, lowering their regulatory operational risk capital requirement, yet operational risks were either constant or even elevated in some cases. Therefore, banks should ensure that their Pillar 2 capital charge covers operational risks that are not captured by regulatory capital methodologies. The analysis should include a robust and conservative forecast of operational risk losses and respective capital requirements (at least split into conduct and non-conduct risks).
75. Legal risk is considered an operational risk. Each bank is required to analyse, assess, and quantify the impact of legal risk failures on its capital structure. Examples of legal risk include inadequate documentation, legal, regulatory incapacity, the insufficient authority of a counterparty, and contract invalidity/ unenforceability. The Legal department of each bank bear responsibility for the identification and management of this risk. They must consult with internal and external legal counsel. Subsidiaries and branches of major international banking groups typically have in-house legal departments, acting under the guidance of the group, which aims to facilitate the business of the group, by providing proactive, business-oriented advice. The outcome of legal and/or regulatory issues to which the bank is currently exposed, and others, which may arise in the future, is difficult to predict and, consequently, there can be no assurance that the outcome of a legal matters will not be material to the financial condition of the bank.
76. Given the potential impact from operational risk, each bank should evaluate under Pillar 2 risks arising from business conduct risks and money laundering / financing of terrorism. In addition, each bank should consider internal and external operational risks faced by it, including but not limited to operational cyber risk, IT risks, and outsourcing, and each bank is expected to consider ways in which it can improve its operational resilience. Each bank should provide details in the ICAAP report on the outcome of its Risk Control Self-Assessment (RCSA) process to collate bottom-up operational risk drivers across businesses.
77. Each bank should undertake quantitative stress testing based on its historical loss data and operational risk profile.

E. Credit Concentration Risk

78. Section V.D of the ICAAP Standard requires banks to address weaknesses at the portfolio level including credit concentrations risk. Credit concentration risk is the incremental credit loss in a portfolio of credit exposures, caused by high correlation between the credit risk drivers of those exposures. Such concentration risk arises mostly due to high correlations and dependencies between individual obligors (name concentration) or between economic sectors (sectoral concentration). Credit concentration risk can affect a bank’s health or core operations, liquidity, earnings and capital ratios. The Central Bank considers concentration risk as a key material Pillar 2 risk for all UAE banks.

79. Consequently, credit concentration arises when large exposures are associated with a small number of obligors or a small number of sectors, but not only. Credit concentration risk can arise from a seemingly granular portfolio but with high correlation between the obligors’ risk drivers.

80. In accordance with the Central Bank re Large Exposures - Credit Concentrations Limits (Notice No.226/2018), an exposure is deemed large if it accounts for more than 10% of a bank’s capital. Such threshold has been implemented for regulatory purposes. The measurement of concentration risk for risk management purposes and for determining Pillar 2 risk capital requirements should refer to the wider definition of concentration risk. Each bank is exposed to a degree of concentration risk, even when complying with the Large Exposure Regulation.

81. Each bank should perform a detailed risk analysis specific to the Real Estate exposures (RE) of the bank and the Central Bank re Standards for Real Estate Exposures (Notice No. 5733/2021).

82. Credit concentration risk is a common feature of UAE banks, but currently the Central Bank regulations for banks do not include an explicit Pillar 1 capital requirement for name and sector concentration risk. Credit concentration risk is a key prudential risk for which the capital requirement is at the discretion of banks, and it should be held under Pillar 2. This risk should warrant particular attention from each bank. In particular:

(i)	For the purpose of risk management, each bank should ensure that credit concentration risk is pro-actively and efficiently addressed. Each bank should develop policies and procedures for the identification, measurement, monitoring, and reporting of credit concentration risk. Credit concentration risk arises from exposures to obligors structured as conglomerates. Therefore each bank should have a mechanism in place to identify and aggregate exposures across related entities based on their legal relationships. Data should be aggregated across systems operated by different business units or entities. This should be indicated through the bank’s management information system (MIS);
(ii)	For the purpose of estimating the Pillar 2 capital associated with credit concentration risk, each bank should build upon the methodologies employed for risk management. These methods should be developed further, as deemed appropriate, in order to fully measure the additional capital. Each bank should compare several methodologies and propose a choice based on clear and documented justification. At a minimum, each bank should calculate and report the additional capital using the Herfindahl-Hirschman Index (HHI) methodology; and
(iii)	For the purpose of capital planning, each bank should ensure that concentration risk is taken into account adequately within its ICAAP. Each bank should assess the amount of capital, which it consider adequate to hold given the level of concentration risk in their portfolios and given their business plan and the expected economic environment.

F. Interest Rate Risk in the Banking Book (IRRBB)

83. IRRBB is the risk of loss in the banking book caused by changes in interest rates. Interest rate risk can arise both in the banking book and/or the trading book. While interest rate risk in the trading book is addressed under the Pillar 1 market risk framework, the interest rate risk in the banking book should be addressed under Pillar 2. Conventional banks refer to this risk as IRRBB while Islamic banks are exposed to the analogous risk called profit rate risk in the banking book (PRRBB).

84. Each bank should define a risk appetite pertaining to IRRRB that should be approved by the Board and implemented through a comprehensive risk appetite framework, i.e. policies and procedures for limiting and controlling IRRBB. Each bank should have a process supported by adequate policies to manage IRRBB appropriately. This involves, as for any other risk, comprehensive identification, measurement, reporting, monitoring, and mitigation.

85. The measurement process should be based upon several existing Standards and Guidance:

(i)	Central Bank “Standards re Capital Adequacy of Banks in the UAE - ICAAP Standards”;
(ii)	Central Bank “Regulation and Standards re Interest Rate & Rate of Return Risk in the Banking Book” in 2018 (Notice 3021/2018 and Circular 165/2018);
(iii)	Central Bank Model Management Standards and Guidance in 2022 (Notice 5052/2022); and
(iv)	Basel Framework - Interest Rate Risk in the Banking Book (SRP 31).

Measurement

86. The assessment should include all positions of each bank’s potential basis risk, re-pricing gaps, commercial margins, gaps for material currencies optionality, and non-maturing deposits. The quantitative impact analysis should be supported by description and analysis of the key assumptions made by the bank, in particular, assumptions regarding loan prepayments, the behaviour of non-maturity deposits (CASA), non-rated sensitive assets, contractual interest rate ceilings or floors for adjustable-rate items, and measuring the frequency of the interest rate risk in the banking book.

87. DSIBs and other banks with significant interest rate risk (IRR) exposure should compute the economic value of equity (EVE) at a granular facility level, while non-DSIBs may compute EVE at exposure level, which is based upon the summation of discounted gap risk across time buckets, rather than a granular net present value (NPV) estimation at exposure level.

Scenarios

88. For the purpose of capital calibration, each bank should employ the interest rate shock scenarios corresponding to Table 12 of Central Bank Model Management Guidance and table 2 of the SRP 31 for their AED and non-AED positions respectively.

89. In addition to the standard shocks prescribed above, DSIBs and other banks with significant exposure to interest rate risk are expected to apply further shocks/ idiosyncratic scenarios, which will take into account:

•	The bank’s inherent risk profile;
•	Historical shocks experienced by the bank due to market sentiment and corresponding to macro-financial factors; and
•	Additional scenarios prescribed by the Central Bank specifically through supervisory interactions or financial stability processes.

Capital Calculation

90. The capital requirement should be aggregated across all currencies and scenarios conservatively.

91. The estimation of the Pillar 2 capital corresponding to IRRBB should be based on the most conservative loss arising from (i) the change in the economic value of equity (ΔEVE), and (ii) the change in net interest income (ΔNII). The most conservative result should be considered across all the scenarios calibrated by the bank. (In avoidance of doubt, the allocated capital for IRRBB should not be lower than the maximum of the absolute EVE impact and the absolute NII impact: Max(abs(EVE impact), abs(NII impact).

92. The Central Bank considers a bank as an outlier when the IRRBB EVE impact based on the standard parallel shock leads to an economic value decline of more than 15% of its Tier 1 capital. The Central Bank may request an outlier bank to:

(i)	Reduce its IRRBB exposures (e.g. by hedging);
(ii)	Raise additional capital;
(iii)	Set constraints on the internal risk parameters used by a bank; and/ or
(iv)	Improve its risk management framework.

93. Irrespective of the approach or model chosen by the bank, at a minimum each bank should calculate and report IRRBB using the methodology described by the Central Bank Model Management Standards and Guidance.

G. Model Risk
94. Models have become an integral part of decision-making in the banking sector for risk management, business decisions, and accounting. Inaccurate model results, e.g. based on wrong assumptions or valuations, may lead to actual or potential financial losses or an underestimation of risks. Therefore, the Central Bank considers model risk a significant risk type.
95. Simple models should not be confused with poorly designed models. Poorly designed models can be misleading and interfere with sound decision-making. Small and/or unsophisticated banks can employ simple models. However, they cannot employ poorly designed models. Each bank should manage model risk in accordance to the Central Bank Model Management Standards and Guidance.
96. Model risk should be incorporated in each banks’ risk framework alongside other key risks, as inherent consequences of conducting their activities (refer to Appendix 3.2). Consequently, model risk should be managed through a formal process incorporating the bank’s appetite for model uncertainty. The framework should be designed to identify, measure, monitor, and mitigate this risk. A bank should mitigate a large appetite for model risk by counter-measures such as conservative buffers on model results and/ or additional allocated Pillar 2 capital.
97. The Central Bank recognises that the estimation of model risk is challenging. However, each bank should demonstrate that they have implemented steps to measure the potential losses arising from model risk. At minimum, each bank should implement a grouping approach to categorise models according to their associated model risk. The uncertainty and losses arising from models should be estimated by using a range of different techniques, including:

(i) Internal and external validations;

(ii) Comparison against alternative models;

(iii) Sensitivity analysis; and

(iv) Stress tests.

98. Each bank should also consider the quality of its model risk management in the model risk analysis, including but not limited to the quality of model documentation, data, assumptions, validation, staff, implementation, and usage.
Risk Diversification Effects
99. Each bank is expected to take a prudent approach whenever assuming risk diversification effects. Furthermore, each bank should be aware that the Central Bank as a matter of principle will not take into account inter-risk diversification in the SREP. Banks should be cognisant of this when applying inter-risk diversification in its ICAAP.

H. Financial Risks from Climate Change
100. Banks are expected to build up Board awareness and understanding of the financial risks arising from climate change and how they will affect their business models. Each bank should use scenario analysis and stress tests to improve the risk identification process, to understand the short- and long-term financial risks to their business model from climate change, and to develop appropriate strategies accordingly.

I. Liquidity Risk and Funding Cost
101. Though capital is not a direct mitigation for liquidity risk and liquidity is not a mitigation for capital risk, both risk types are interlinked. The Internal Capital Adequacy Assessment Process (ICAAP) and the Internal Liquidity Adequacy Assessment Process (ILAAP) are expected to inform each other; with respect to the underlying assumptions, stress test results, and forecasted management actions. Each bank is expected to assess the potential impact of scenarios, integrating capital and liquidity impacts, and potential feedback processes, taking into account, in particular, losses arising from the liquidation of assets, increased funding costs or availability of funding during periods of stress.
102. For example, each bank is expected to assess the impact of deteriorating capital levels, as projected in the ICAAP, on their liquidity. A downgrade by an external rating agency could, for example, have direct implications for the refinancing ability of the bank. Vice versa, changes in funding cost could impact capital adequacy.

VII. ICAAP Stress Test and Reverse Stress Test

103. Stress test helps to improve the bank’s understanding of the vulnerabilities that it faces under exceptional, but plausible events, and provide the bank with an indication of how much capital might be needed to absorb losses if such events occur, which supplements other risk management approaches and measures. These events can be financial, operational, legal, or relate to any other risk that may have an economic impact on the bank. The results derived from stress tests can also assist the bank in determining the appropriate appetite for different types of risks and in estimating the amount of capital that should be set aside to cover them.

104. Each bank is required to implement a stress testing framework to address both the needs of the ICAAP and broader risk management. Stress tests and the stress test outcome analysis should not be confined to the ICAAP. It should be designed to support decision-making across the bank as explained in this section.

105. Each bank should perform an in-depth review of its potential vulnerabilities, capturing all material risks on a bank-wide basis that result from its business model and operating environment in the context of adverse events, stressed macroeconomic (e.g. economic cycle risk), and financial conditions.

106. As part of the ICAAP exercise, each bank should carry out integrated, regular, rigorous, and forward-looking stress tests that are appropriate to the nature of the bank’s business model and major sources of risk. The frequency should be annually and more frequently, when necessary, depending on the individual circumstances.

107. The Central Bank may challenge the key assumptions and their continuing relevance to ensure that there is sufficient capital to withstand the impact of possible adverse events and/ or changes in market conditions.

Governance

108. The Board is responsible for the effective implementation of the stress tests framework through appropriate delegation to Senior Management and subject-matter experts across the bank. This framework should be supported by robust governance, processes, methods, and systems with associated policies and procedures approved by the Board. The Board is not only responsible for the stress testing policies, but also for oversight of the stress testing execution. It is also responsible for the potential measures to mitigate stress scenario outcomes and the key decisions and actions taken based on the stress testing results, such as the consideration of stress testing outcomes in strategy and capital planning.

109. The stakeholders involved in a particular stress testing framework depend on the type of stress tests. The scenario design, quantification of impact and the identification of mitigating actions will involve a range of subject matter experts across the bank. Stress test-related activities are not the sole responsibility of the team in charge of preparing the ICAAP or in charge of the stress testing programme. Rather, the execution of stress tests is a collective exercise, whereby numerous stakeholders contribute to the design, measurement, reporting and analysis of stress tests. Stakeholders should include Senior Management and the Board.

Types of stress test exercises

110. Each bank is required to establish several distinct forms of stress test exercises as described hereunder, however for the purposes of an ICAAP the minimum expectation is to conduct internal enterprise-wide stress tests and portfolio-level stress tests. Regulatory stress tests are not acceptable as the only form of internal stress tests:

a)	Internal enterprise-wide stress tests: The purpose of these exercises to analyse the impact of stress events on the entire bank’s solvency, profitability, stability, and capital. The methodology and scope of such stress tests should be designed to address the specific risk profile of each bank, and will thus differ from regulatory stress tests. These exercises are generally executed as top-down exercises, with the objective to capture a wide scope of risks and portfolios. Such exercise should support strategic decision related to the risk appetite of the bank, its risk profile, and its portfolio allocation. Each bank should employ at least three (3) scenarios in the execution of internal enterprise-wide stress tests.
b)	Internal portfolio-level stress tests: The purpose of these exercises to execute frequent, variable and proactive stress tests on the various portfolios of the bank. These stress tests are generally executed as bottom-up exercises, with the objective to measure the stress impact at portfolio level accurately. The scenarios and the methodologies should be granular and fully tailored to the risk profile of each portfolio. Deteriorating economic circumstances are typically the drivers for conducting unscheduled stress tests on a particular portfolio, for example a declining outlook in the residential real estate sector would motivate a stress tests on the commensurate portfolio. These stress tests can result in the identification of risks that were not captured by the enterprise-wide stresses. Consequently, these exercises should support, motivate strategic, and tactical decisions at portfolio and/or facility level.
c)	Regulatory stress tests: These exercises are commissioned by the Central Bank or other supervisors, to whom banks’ foreign subsidiaries are accountable. These exercises follow the scenarios and methodologies prescribed by supervisors, which cover most of the bank’s portfolio. The purpose of such an exercise is to analyse the impact of stress events on the entire bank in order to assess its solvency, profitability, stability, and ultimately the suitability of its capital. While these exercises are originally designed to inform regulators for supervision purposes, they should also inform Senior Management and steer internal decision-making.

111. The frequency of stress test exercises should depend on their type, scope, depth, and on the wider economic context. Each bank should execute enterprise-wide stress tests based on a set of scenarios regularly at least quarterly is recommend. Each bank should execute portfolio-level stress tests more frequently depending on the needs of risk management and the business functions. Market risk stress tests in particular may have to be performed more frequently.

112. The capital impact results of these stress tests should be analysed, compared, incorporated, and presented in the ICAAP. One or several internal enterprise-wide stress test outcomes should be explicitly incorporated in the capital planning, and presented accordingly in the ICAAP capital planning section. The results from all types of stress tests exercise should be employed by Senior Management and the Board to assess the suitability of the bank’s capital.

Scenarios

113. Stress test scenarios should be designed to capture the risks and potential losses appropriately, in coherence with the characteristics of each bank’s risk profile and portfolio. The scope of these scenarios should cover all the risks identified as part of the identification process documented in the ICAAP. At a minimum, the scope of risks should cover strategic risk, credit risk, market risk, counterparty risk, operational risk, liquidity risk, IRRBB, credit concentration risk, funding risk, reputational risk, and climate risk.

114. Stress scenarios should lead to a reliable measurement of loss under extreme but plausible events. Such scenarios are essential tool to support risk quantification in providing impact on Pillar 1 and Pillar 2. Consequently, the scenario design should be supported by a clear choice of risk factors and associated shocks. Several types of design are commonly employed:

(i)

Sensitivity analysis involve shifting the values of an individual risk factor or several risk factors by using standardised shocks. Sensitivity analysis is employed to estimate the P&L profile and risks to the bank from a range of shocks. This is particularly useful to identify non-linear response in the loss profile. For instance, this could include measuring NII with parallel shifts of +/-50bp, +/-100bp, +/-150bp and higher shocks applied to a yield curve. It also includes measuring expected credit loss (ECL) and capital requirements with standard parallel shocks of +/-100bp, +/-200bp, +/-300bp applied to the PD term structure of a given portfolio (e.g. worsening of credit spreads, adverse changes in interest rates, other macroeconomic or idiosyncratic variables).

(ii)

Scenario analysis involves measuring the combined effect of several risk factors with shocks designed in coherence with an economic narrative affecting the bank’s business operations simultaneously. Such narrative should be based on an analysis of the current economic conditions, the business environment and the operating conditions of the bank. The scope of events should be broad, consider an appropriate range of risk types, and geographies. The narrative should be constructed with a clear sequence of unfolding events leading to (a) direct risks, (b) second-order risks, and/or (c) systemic risks, and how these risks affect the profit and loss profile and risks of the bank based on a scale of shocks (e.g. an economic recession coupled with a tightening of market liquidity and declining asset prices). The scope of the narrative should take into account the economic environment and the features of each portfolio in scope. The calibration of shocks should be supported by rigorous methodologies using (a) historical data and past events, and/or (b) forward-looking assumptions. Practitioners refer to ‘historical scenarios’ and ‘hypothetical scenarios’.

115. Each bank is expected to continuously monitor and identify new threats, vulnerabilities and changes in the environment to assess whether its stress testing scenarios remain appropriate at least quarterly and, if not, adapt them to the new circumstances. The impact of the scenarios is expected to be updated regularly (e.g. quarterly). In case of any material changes, the bank is expected to assess their potential impact on its capital adequacy over the course of the year.

116. If the bank forecasts the increase of its capital base (e.g. capital issuances, rights issues, reduction in the equity, etc.) and the capital planning reflects the proposed changes, the bank must perform an additional stress scenario. In these additional stress scenarios the bank should analyse the impact under the assumption that the capital increase does not materialise. The impact analysis should include management actions and formal trigger points.

Methodology

117. The process of stress tests should be supported by robust and documented methodologies. All models employed in the quantification of stress results should comply with the requirements presented in the Central Bank Model Management Standards and Guidance.

118. For the measurement of capital under stress, each bank should employ a dedicated financial model to forecast their financial statements under several economic conditions. Such projection should be constructed over a minimum of three (3) years, in coherence with the most recent capital plan and with the Central Bank regulatory exercise.

119. Stress scenarios may be derived from stochastic models or historical events, and can be developed with varying degrees of precision, depth, and severity, particularly the impact on asset quality, profitability, and capital adequacy. Each bank should consider three (3) to five (5) scenarios (each scenario can have multiple severity levels (i.e. Low, medium, and high). Although it is expected to consider the supervisory stress tests (“stress test exercise of the Financial Stability Department (FSD)”) as one scenario, it is the bank’s responsibility to define scenarios and sensitivities in the manner that best addresses its situation and to translate them into risk, loss, and capital figures.

Use Test

120. Stress tests should support decision-making throughout the bank effectively. Stress tests should be embedded in banks’ business decision-making and risk management process at several levels of the organisation. Senior Management and the Board should lead and approve all assumptions, the methodology framework and authorise the use of stress test results.

121. Stress tests do not stop with the production of results. Risk mitigations should always be considered in light of the stress severity and likelihood. If no action is deemed necessary, this should be documented and clearly justified.

Reverse Stress Test

122. In addition to normal stress testing, each bank is expected to conduct reverse stress tests. Reverse stress tests start with the identification of a pre-defined outcome where the bank’s business model becomes non-viable (e.g. through insolvency), or it breaches supervisory compliance minima, e.g. by breaching minimum capital requirements (i.e. the bank will breach the regulatory capital buffer and minimum capital requirements). The next step is to assess which scenarios and shocks lead to that identified outcome. Finally, the objective is to assess whether the likelihood of occurrence is realistic and the impact warrants mitigating actions. If a bank considers mitigation strategies, e.g. hedging strategies, the bank should consider if such strategies would be viable. For example, a market that is stressed at a financial system level may be characterised by a lack of market liquidity and increased counterparty credit risk.

123. Effective reverse stress testing is a challenging exercise that requires the involvement of all material risk areas across the bank’s subject matter experts, Senior Management, and the Board.

124. Each bank should conduct a reverse stress test at least once a year. A well-designed reverse stress test should also include enough diagnostic information to allow the identification of the sources of potential failure. This enables proactive risk management actions and implementation of an appropriate strategy for refined risk monitoring, prevention, and mitigation. The reverse stress test requires each bank to consider scenarios beyond normal business forecasts and aids identification of events linked to contagion with potential systemic implications. Reverse stress testing has important quantitative and qualitative uses, through informing Senior Management of vulnerabilities, and supporting measures to avoid them. (Please refer to Appendix 3.3).

VIII. ICAAP Submission and Approval

Submission of the ICAAP report

125. The annual ICAAP report should be submitted to the Central Bank on or before the submission dates addressed in Table 1.

126. All documents have to be submitted to the respective Central Bank reviewer by softcopy (submitted in word or pdf format), sending a copy to bsed.basel@cbuae.gov.ae.

127. The submission dates below as per Notice 2940/2022 differentiate between (i) national banks and foreign bank and (ii) size and importance of the banks: (Table 1)

Table 1 - Submission date for ICAAP Report

Banks	Report for FY 2022	Report for FY 2023 onwards
Large banks: FAB, ENBD, ADCB, DIB, Mashreq, ADIB, CBD	15/03/2022	01/03
Other local banks and HSBC, Standard Chartered Bank, Citibank, Arab Bank, and Bank of Baroda	31/03/2022	31/03
Other Foreign Banks	15/04/2022	15/04

Approval of the ICAAP report:

128. The ICAAP report should be approved by:

(i)	Senior Management (including the CRO): The bank should use Appendix 1 – ICAAP – Mandatory disclosure form (Table 2) and include it as an attachment to the ICAAP report;
(ii)	Board approval: For all local banks, the ICAAP document must be approved by the Board or Board risk committee, and Senior Management prior to submission to the Central Bank. The meeting minutes of the Board of Directors meeting should state the approval of the ICAAP document and challenges that have taken place; and
(iii)	For foreign branches, the ICAAP document should be approved by (a) the managing director and/ or relevant highest committee of the bank in the UAE, and by (b) their head office, stating that the ICAAP assumptions and forecasts are in line with the group’s assumptions, forecasts, and that the group’s Board approves/ endorse the results of the ICAAP.

IX. Internal Control Review

129. The bank’s internal control structure is essential to the capital assessment process. Effective control of the internal capital adequacy assessment process should include an independent review and the involvement of both internal audit and external audit (refer to Appendix 3.1). Senior Management has a responsibility to ensure that the bank establishes a system for assessing the full scope of its risks, develops a system to relate risk to the bank’s capital level, and establishes a method for monitoring compliance with internal policies.

130. Internal Audit should perform an audit on the bank’s ICAAP report annually. The report has to be submitted no later than three (3) months after the submission of the ICAAP report to the bank’s reviewer and in copy to bsed.basel@cbuae.gov.ae.

131. Internal control functions should perform regular reviews of the risk management process to make sure its coherence, validity, and rationality. The review of the ICAAP should cover the following:

(i)	Ensuring that the ICAAP is complete and suitable as of the bank’s context , operational conditions, the reliability of controls behind it;
(ii)	The process of identifying all material risks;
(iii)	Efficiency of the information systems that support the ICAAP;
(iv)	Ensuring that the measurement methodologies in use are suitable to support the ICAAP valuation,
(v)	Ensuring the accuracy, and comprehensive of the data input to the ICAAP;
(vi)	Rational behind the ICAAP output and assumptions in use;
(vii)	Rational and suitability of stress tests and analysis of assumptions;
(viii)	Consolidation of the ICAAP outcomes with the risk management (e.g., limit setting and monitoring); and
(ix)	Rational of the capital plan and internal capital targets.

132. In addition, the review should cover the integrity and validity of regulatory data submitted to the Central Bank during the course of the year relating to Pillar 1 capital requirements, which should address, but not be limited to the following:

(i)	Appropriate classification of risk-weighted assets (RWA);
(ii)	Appropriate inclusion of the off-balance sheet values and the application of credit conversion factors (CCF); and
(iii)	Appropriate credit risk mitigation (CRM) methodology application and values.

133. The role and validity of internal control functions are also important and should be verified with regard to other topics. For example:

(i)	All risk quantification methodologies and models must be subject to independent validation (internal/ external); and
(ii)	Internal Audit should perform an independent review of the bank’s capital framework implementation every year in accordance with the Capital Standards. If the Central Bank is not satisfied with the quality of work performed by the bank’s Internal Audit function, the Central Bank may require an external review.

X. Frequently-Asked Questions (FAQ)

Question 1: What defines independent validation?

Answer: Independent validation can be performed by an independent function of the bank. However, in some instances an external validation/ review is required. For large banks, external validations are strongly encouraged, if not explicitly required.

Question 2: What are sustainable business model criteria?

Answer: Sustainable business models may be defined in different ways. For the purpose of this guidance, a bank will be considered to have a sustainable business model if it meets all the following criteria:

(i)	The bank generates strong and stable returns, which are acceptable given its risk appetite and funding structure;
(ii)	The bank does not have any material asset concentrations or unsustainable concentrated sources of income;
(iii)	The bank has a strong competitive position in its chosen markets and its strategy is likely to reinforce this strength;
(iv)	The bank’s forecasts are based on plausible assumptions about the future business environment; and
(v)	The bank’s strategic plans are appropriate given the current business model and management’s execution capabilities.

Question 3: What is the definition of model?

Answer: A quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.

Question 4: Who should be the owner of ICAAP, Finance or Risk Management?

Answer: Multiple committees and working groups have to be involved in the ICAAP. However, Risk Management should have the ultimate responsibility for the final ICAAP outcome report, the ICAAP being in substance a risk evaluation process. The Board must approve the ICAAP, its outcomes, and the proposed mitigation actions.

Question 5: The bank uses multi-period ST scenarios over three years. Which reporting year (Y1/2/3) shall be reported in the Pillar 2 template in Appendix 2 – ICAAP: Executive summary table (Table 3)?

Answer: Banks using multi-period stress scenarios should include the most severe period of the most severe stress test results (reverse stress scenarios not considered). All other banks that perform a simpler point in time or 1-period stress scenario should include the most severe ST results (reverse stress scenarios not considered). In addition, the evaluation of Pillar 2 risks and stress test impact as of the reporting date is mandatory for all banks.

Question 6: Does the bank have to present the capital contingency plan as part of ICAAP report?, If the bank plans to inject capital, is it required to have two capital plans, one with and a second plan without capital injection?

Answer:

(i)

The bank must have a Board-approved capital contingency policy. The actual capital contingency plan as a response to the ICAAP results has to be in line with the capital contingency policy and the ICAAP report should contain at least an overview of the capital contingency plan.

(ii)

If the bank plan to change its capital base, the bank should have one capital plan, which reflects the capital injections (and reflects the source of injection). Injections can be considered if approved by Senior Management, if part of the official bank’s capital plan and if the Central Bank is informed on the planned capital injections. A stress test scenario has to show the impact if the injections do not materialise.

Question 7: What is the ICAAP submission timeframe and can an extension be granted?

Answer: The ICAAP submission should comply with the schedule specified in Section VIII - ICAAP Submission and Approval. An extension of the ICAAP report submission date will only be granted in exceptional cases, by the bank’s Central Bank reviewer.

Question 8: Can banks implement the IRB methodology in full (i.e. A-IRB) while reporting credit risk under the ICAAP, and is it mandatory?

Answer: The bank should apply whichever approach is deemed appropriate for their size and complexity, as the ICAAP is an internal process. The evaluation of whether the Pillar 1 capital is adequate for the bank's risk is mandatory. The F-IRB approach is an accepted approach. With the implementation of IFRS9 banks have a PD for every exposure, which may be used to calculate the F-IRB capital. It is, however, not mandatory to fully implement the F-IRB approach. Comparing regulatory capital requirements with those determined using the F-IRB does indicate to what extent regulatory Pillar 1 capital requirements may be insufficient. The comparison between the F-IRB approach and the regulatory standardised approach for credit risk has to be performed on an asset class level and the greater capital requirement should be applied in the ICAAP.

The F-IRB should follow the floor on the PD of 0.03% and apply a fixed 45% LGD. The bank may consider certain eligible collateral to reduce the LGD accordingly. The bank shall not use own estimations of the LGD under the F-IRB.

Question 9: Is it required to calculate a capital charge against the financial risks from climate change in the ICAAP? Is any calculation methodology prescribed for this?

Answer: The bank should understand risks related to climate change and their impact on the sustainability of the bank and the risks of its business strategy. Banks should develop adequate methodologies to quantify the risk with models sophistication depending on size and business model. Stress tests and scenario analysis should be explored. Banks should consider assessing their green asset ratio (GAR) which measures a bank's “green assets” as a share of its total assets as an initial tool. The risk identification process should determine whether the risk arising from climate change is a material capital risk for the bank.

Question 10: How commercial / non-commercial subsidiaries have be treated as part of the ICAAP exercise? And how to treat investments in insurance subsidiaries?

Answer: One of the key components of the ICAAP is to determine whether the capital requirement under the Standardised Approach is adequately reflecting the risk. Additional risks arising from investment in subsidiaries should be addressed and assessed in the ICAAP. The bank should consider any subsidiary including commercial, non-commercial, and insurance subsidiaries.

Question 11: The ICAAP has to be performed on consolidated level. Is it an additional requirement to perform the ICAAP also at solo level or should the ICAAP also have a solo-level analysis?

Answer: The ICAAP needs to address additional risks that are not covered (or not fully covered) under Pillar 1. The ICAAP is expected to assess capital adequacy for the bank on a stand-alone basis, at regulatory consolidated level, and for the entities of the group. The ICAAP should evaluate the capital requirement and capital adequacy of the bank at group level, following the regulatory consolidation. However, each bank should analyse whether additional risks arise from the group structure of the bank. The ICAAP guidance lays out the importance to consider the group structure when evaluating the banks' capital adequacy, in Section IV "ICAAP Methodology, Scope and Use Test”. The bank should be in a position to report, measure and manage risks arising from its subsidiaries, branches, group entities and from the consolidation process. The ICAAP should reflect the results of the bank’s analysis. Consequently, the analysis should consider all relevant levels of the group structure (consolidated, solo, entity level, and including significant affiliate investments). Additional risks may have to be addressed as a specific additional capital add-on.

Question 12: Does the bank require a separate capital plan approved by the Board, or is it sufficient to have the approved ICAAP that includes the capital plan?

Answer: The capital management policy and the ICAAP complement each other. The policy sets the framework and the capital management plan describes the capital management strategy and the steps to achieve it in compliance with the policy. The capital management plan can be a separate document. However, the ICAAP report should display the full picture, including an overview of the capital management policy and the capital management plan related to the ICAAP outcomes.

Question 13: If a bank reports regulatory operational risk capital requirements using the BIA, can the Standardised Approach be used to quantify the potential additional operational risk charge under Pillar 2 if the capital requirement is higher under the SA compared to the BIA?

Answer: The ICAAP is an internal process and the bank must determine the most adequate methodology to quantify the extent to which regulatory capital requirements for operational risk fail to adequately address the true extent of its potential operational risk losses.

Question 14: Can the bank use the market risk stress test template as shared for Central Bank Econometric Stress test exercise in its ICAAP?

Answer: The bank should determine the most adequate approach to quantify its risks. The quantification methodology should obtain internal approval. The methodology needs to be explained, validated and reasoned in detail as part of the methodology development and continuous model monitoring process.

Question 15: Does the Internal Audit (IA) review required under Section IX - Internal Control Review contradict the requirement in Appendix 3.4, which requires banks to disclose the Internal Audit findings in the ICAAP report?

Answer: The Central Bank is of the opinion that IA is not suffering a conflict of interest by reviewing a bank’s ICAAP and by disclosing its general findings and findings specific to the ICAAP in the ICAAP report. IA is involved twofold in the ICAAP report:

(i)	IA has to perform a review of the ICAAP (process) periodically as part of the audit function.
(ii)	IA has to perform the prescribed review for each ICAAP, to be submitted within 3 months of the submission.

The ICAAP report shall contain the most recent (available) audit findings, their status, and actions taken. (Note, that in the Capital Standards, para 13 under Introduction and Scope requires an annual review of the capital framework.)

Question 16: Why does the Standard/ Guidance not address any specifics related to Islamic banking?

Answer: The ICAAP is an internal process and the bank should determine the most adequate methodology to quantify risks arising for Islamic banks in general and Islamic banking products specifically.

Question 17: Being a branch of an international bank, is a third party validation required, as this is already conducted at the parent company/ group level covering risk frameworks, systems and models?

Answer: Branches and subsidiaries of foreign banks are required to validate the risk valuation methodologies deployed in their UAE operations. If the branch or subsidiary is applying head office methodologies, these should nevertheless be validated on branch or subsidiary level. In addition, the branch or subsidiary has to have a full understanding of the applied methodologies as it cannot fully rely on the head office.

XI. Appendices

Appendix 1 - ICAAP: Mandatory disclosure form (Table 2)

134. All banks are required to disclose the following information as a separate cover sheet when submitting the ICAAP report to the Central Bank:

Table 2 - ICAAP Mandatory Details

Bank			XXXX
Date			20XX
Contact point name and contact details		[name, email, phone number]
Scope of ICAAP (entities included)		[name, email, phone number]
*I (full name) in my role as CRO hereby confirm the following on the ICAAP report:*
(i) We have identified all material risks and allocated capital accordingly			[tick box if completed]
(ii) We have set out a 3-5 year forward looking capital plan based on the strategic/ financial plan of the bank			[tick box if completed]
(iii) We have implemented a 3-5 year forward-looking stress test and measured the impact on the capital position of the bank			[tick box if completed]
(iv) The ICAAP has been signed off by:	[relevant details from Board committee (Managing Director /highest committee for foreign banks)]
(v) The ICAAP has been challenged/ by the Board (highest committee for foreign banks) and the nature of the challenge will be communicated to the Central Bank			[tick box if completed]
CRO signature	[signature]
Date	[date]

Appendix 2 - ICAAP Executive Summary

Table 3 - ICAAP Executive Summary

As of the reporting date of the ICAAP	Pillar 1 in AED '000	Pillar 1 in AED '000Pillar	Pillar 2 in AED '000
Date	Reporting date of the ICAAP, e.g. 31/12/2022	year with the most severe impact for the most severe ST scenario, e.g. 31/12/2024.	year with the most severe impact for the most severe ST scenario, e.g. 31/12/2024.
Effective Capital Conservation Buffer (CCB) (standard CCB of 2.5% + D-SIB Buffer + CCyB) in percentage points (in %)	2.50%	2.50%	2.50%
Capital requirements under Business as Usual
Total Pillar 1	-	-	-
Top 3 Pillar 2 capital requirements



Other Pillar 2 capital requirements
Total Pillar 2			-
Minimum regulatory CAR requirement (incl. CCB)	10.50%	10.50%	10.50%
Actual CAR Ratio
Total Capital Surplus/ deficit (Measured including capital buffer requirements)	-	-	-
Minimum CET1 regulatory requirement (incl. CCB)	7.00%	7.00%	7.00%
Actual CET1 Ratio
CET 1 capital surplus/ deficit (measure includes capital buffer requirements)	-	-	-
Stress Testing
Minimum regulatory CAR requirement (excl. CCB)		10.50%	10.50%
Actual CAR Ratio under ST
Additive impact of ST on CAR
Surplus / (Deficit, i.e., additional capital required)		-	-
Minimum regulatory CET1 requirement (excl. CCB)		7.00%	7.00%
Actual CET1 Ratio under ST
Additive impact of ST on CET1 ratio
CET1 capital surplus/ deficit (measure includes capital buffer requirements)		-	-

135. The ICAAP: Executive Summary Table (Table 3) above should be used for the ICAAP report for the FY2022 ICAAP report. Each bank is required to download the most current reporting template prior to finalizing the ICAAP report from the CBUAE IRR SYSTEM (BRF/BASEL Portal) (CBUAE IRR), in the live environment for banks:

(i)	Detailed reporting template including description (this report must be available upon request); and
(ii)	Executive Summary report (should form part of the ICAAP report Executive Summary).

Appendix 3 – Additional Requirements for the ICAAP

3.1 Governance and Risk Management
136. In the ICAAP report, each bank should provide high level summaries of key areas of the risk framework of the bank: organisational structure, governance framework, risk management function and the risk control function. The bank’s high level summaries should refer to the relevant policies, procedures, manuals, and limits:

3.1.1 Organisational Structure

137. Each bank is expected to describe how

(i)	The bank’s Board encourages a risk culture and prudent behaviours at all levels;
(ii)	The Board Risk Committee (“BRC”) provides oversight and challenges the risk exposures, risk appetite, and tolerance; and
(iii)	The Risk Management Function (RMF) is structured, including reporting lines and a summary of functions and responsibilities. The RMF should have authority, responsibilities, and resources, to conduct risk related policies and the risk management framework, and committees addressing the risk function.

3.1.2 Governance Framework

138. Each bank is expected to describe

(i)	Board and Senior Management oversight (i.e. ICAAP governance framework with a description of responsibilities, and the separation of functions);
(ii)	Arrangements through which the Board and Senior Management define the bank-wide risk appetite;
(iii)	Relevant policies and risk appetite/limits/tolerance; and
(iv)	How the Chief Risk Officer (CRO) is held responsible for the methodology and utilisation of the ICAAP, including

•	reporting comprehensive, comprehensible information on risks; and
•	advising the Board independently and objectively, enabling them to understand the bank’s overall risk profile and to effectively discharge their responsibilities.

3.1.3 Risk Management Function (RMF) and Risk Control Function

139. With regard to the bank’s risk management and control function, the ICAAP report is expected to describe

(i)

How the RMF has access to all business lines and other units that might have possibility in generating risk , and to all relevant subsidiaries, and affiliates;

(ii)

RMF processes/ practices/ mechanisms through which the bank effectively identifies, measures, monitors, and reports material risks;

(iii)

Mechanisms that ensure that the policies, methodologies, controls, and risk monitoring systems are developed, validated, maintained and appropriately approved;

(iv)

Processes to effectively identify and review the changes in risks arising from the bank’s strategy, business model, new products, and changes in the economic environment;

(v)

Capital contingency plans for surviving unexpected events;

(vi)

Risk management information systems (MIS) that ensure:

•	That the bank distributes regular, accurate, and timely information on the bank’s aggregate risk profile internally;
•	The appropriate frequency and distribution of risk management information;
•	Early warning processes for pre-empting capital limit breaches; and
•	Internal decision-making process are facilitated to allow the bank’s management to authorize remedial actions before capital adequacy is compromised.

(vii)

The bank’s risk appetite as defined and used in the preparation of the ICAAP, which should be consistently referenced for taking business decisions;

(viii)

Risk quantification methodologies that are clearly articulated and documented, including high-level risk measurement assumptions and parameters;

(ix)

The approaches used to assess capital adequacy, which should include the stress test framework and a well-articulated definition of capital adequacy;

(x)

The capital planning process objectives, which should be forward-looking and aligned to the bank’s business model and strategy;

(xi)

Capital allocation processes including monitoring among business lines and identified risk types (e.g. risk limits defined for business lines, entities, or individual risks should be consistent to ensure the overall adequacy of the bank’s internal capital resources); and

(xii)

The boundary of entities included,

(xiii)

The process of risk identification, and

(xiv)

The bank’s risk inventory and classification, reflecting the materiality of risks and the treatment of those risks through capital.

140. The internal control functions should play a vital role in contributing to the formation of a sustainable business strategy. The ICAAP report should describe the following with regard to internal control functions:

(i)	The responsibilities of Internal Audit and Compliance concerning risk management;
(ii)	Any relevant internal and external audit reviews of risk management and the conclusions reached; and
(iii)	Outsourcing arrangements that have a material effect on internal capital adequacy management, if any. This should elaborate the bank’s reliance on, or use of, any third parties such as external consultants or suppliers. The bank should provide a high-level summary reports or reviews of the outsourced functions’ related policy documentation and processes.

3.2 Models

141. The ICAAP report is required to address models used to comply with regulatory and accounting requirements, and those used for internal capital management, including but not limited to models used for:

(i)	IFRS9 accounting requirements;
(ii)	The appropriate assessment of Pillar 1 risks for capital requirements under the Pillar 2;
(iii)	The appropriate assessment of Pillar 2 risks for capital requirements;
(iv)	Regulatory stress tests requirements;
(v)	Risk Management Regulations;
(vi)	Valuation adjustments; and
(vii)	Pricing models, capital allocation models, and budgeting models.

3.3 Reverse Stress Testing

142. In addition to normal stress testing, each bank is expected to conduct reverse stress tests and document the process and outcomes of the process in the ICAAP report.

143. Banks are expected to apply a mix of qualitative analyses and quantitative analyses, which may vary in relation to the nature, scale, and complexity of the banks’ business activities and the risks associated with those activities. Accordingly, it may be acceptable for smaller and less complex banks to develop reverse stress tests that focus more on qualitative analyses, while larger and more banks that are complex should include more quantitative elements alongside the qualitative analyses. Appropriate scenarios differ based on each bank economic circumstances, business model and risk drivers.

144. A bank may consider implementing the following steps, which are presented purely for illustrative purposes:

(i)

Define specific trigger points that could threaten the bank’s viability or solvency. Such trigger points may involve situations in which:

•	The bank’s capital or liquidity positions fall below the minimum regulatory requirements;
•	Specific indicators which, if hit, reflect a loss of confidence by the bank’s counterparties (e.g. access to wholesale funding markets denied) or by depositors (e.g. deposit run-off rates reach a significant level); or
•	The bank is unable to repay its debt obligations. Some of the indicators may render the banks unviable (e.g. due to illiquidity resulting from a substantial and rapid deposit run) before it becomes insolvent.

(ii)

Reverse-engineering the bank’s business model to the point that the trigger points are breached. In this way, it is possible to identify what adverse but plausible financial or non-financial events, either independently or combined, cause the bank to reach those trigger points notwithstanding existing management actions. That is, for reverse stress testing purposes, the bank is to tweak the parameters of a stress scenario until the point at which current systems and controls (e.g. accepted risk limits, controls, exposures and collaterals, etc.) are not able to prevent the bank from hitting the trigger point(s). The bank should understand the parameters and conditions in the scenario that precipitate a failed reverse stress test to analyse its risks and weaknesses. Feasible remedial actions should be designed that could prevent the consequences of such a scenario. For example, the bank could amend its business strategy regarding a specific sector.

3.4 Supplementary Content Required in an ICAAP Report

145. The following supplementary topics should be documented in the ICAAP report.

(a)	Summary of outstanding findings and required management actions from pertinent assessments, examinations and audits (e.g. current outstanding actions emanating from internal audits, external audits, risk management assessments, capital management reviews, Central Bank examinations, and Pillar 3, etc.), including the status of official actions;
(b)	Key items which warrant immediate Central Bank attention, such as a projected shortfall in regulatory minimum capital amount; a breach in outlier status under IRRBB, and any other material risks;
(c)	A list of the major changes compared to the previous ICAAP report, e.g. changes in data, MIS, organisation, process, and methodology; and
(d)	Key actions resulting from ICAAP discussions with the Board of Directors, in the form of meeting minutes included as an Appendix. (Relevant evidence should be made available upon request).

Pillar 3

Pillar 3 – Market Disclosures

Introduction
1.Market discipline has long been recognized as a key objective of the Central Bank of the UAE. The provision of meaningful information about common key risk metrics to market participants is a fundamental principle of a sound banking system. It reduces information irregularity and helps promote comparability of banks’ risk profiles within UAE. Pillar 3 of the Basel framework aims to promote market discipline through regulatory disclosure requirements. These requirements enable market participants to access key information relating to a bank’s regulatory capital and risk exposures in order to increase transparency and confidence about a bank’s exposure to risk and the overall adequacy of its regulatory capital.
2.The revised Pillar 3 disclosures in this guidance focus on regulatory measures defined in Pillar 1 of the Basel framework, which requires banks to adopt specified approaches for measuring credit, market and operational risks and their associated resulting risk-weighted assets (RWA) and capital requirements. In some instances, Pillar 3 also requires supplementary information to be disclosed to improve the understanding of underlying risks. Central Bank continues to believe that a common disclosure framework based around Pillar 1 is an effective means of informing the market and allowing market participants to take informed investment decisions. However, in the wake of the 2007–09 financial crisis, it became apparent that the existing Pillar 3 framework failed to promote the identification of a bank’s material risks and did not provide sufficient, and sufficiently comparable, information to enable market participants to assess a bank’s overall capital adequacy and to compare it with its peers. The revised Pillar 3 disclosure requirements in this guidance are based on an extensive review of Pillar 3 reports.
3.A key goal of the revised Pillar 3 disclosures is to improve comparability and consistency of disclosures. However, it is recognized that a balance needs to be struck between the use of mandatory templates that promote consistency of reporting and comparability across banks, and the need to allow senior management sufficient flexibility to provide commentary on a bank’s specific risk profile. For this reason, the revised disclosure regime introduces a “hierarchy” of disclosures; prescriptive fixed form templates which are used for quantitative information that is considered essential for the analysis of a bank’s regulatory capital requirements, and templates with a more flexible format are proposed for information which is considered meaningful to the UAE market but not central to the analysis of a bank’s regulatory capital adequacy. In addition, senior management may accompany the disclosure requirements in each template with a qualitative commentary that explains a bank’s particular circumstance and risk profile.

Disclosure of Pillar 3 Information

A. Scope and Implementation of the Revised Pillar 3 Framework
Scope of application
4.The revised disclosure requirements presented in this guidance supersede the existing Pillar 3 disclosure requirements issued in 2009. These revised requirements are an integral part of the Basel framework and they complement other disclosure requirements issued separately by Central Bank, which are uploaded on Central Bank's website/online portal for banks to download. Pillar 3 applies to all banks in the UAE at the top consolidated level for local banks and all branches of foreign banks. Banks having a banking subsidiary will be required to be consolidated at Group level as one Pillar 3 report as well as at subsidiary solo level as a separate Pillar 3 report Banks offering Islamic financial services should comply with these disclosure requirements. These requirements are applicable to their activities that are in line with Islamic Sharia rules and principals, which are neither interest-based lending nor borrowing but are parallel to the activities described in these Guidance and Explanatory Notes
Implementation date
5.The Pillar 3 tables and disclosures will be effective from the beginning of 2019 for the previous year's figures and every year going forward. Banks need to report in each table as per the requirements for that table set out in the Appendix since few tables are required to be reported every quarter or semi-annually or annually.
Reporting
6.Banks should publish their Pillar 3 report in a stand-alone document on the bank’s UAE-specific website that provides a readily accessible source of prudential measures for users. The Pillar 3 report may be appended to form a discrete section of a bank’s financial reporting, but the full report will be needed to be disclosed separately in the Pillar 3 tables as well.
7.Signposting of disclosure requirements is permitted in certain circumstances, as set out in paragraphs 21–23 below. Banks should also make available on their websites a 5-year archive of Pillar 3 reports (i.e. quarterly, semi-annual or annual) relating to prior reporting periods (past 5 years’ data)
Frequency and timing of disclosures
8.The reporting frequencies for each disclosure requirement are set out in the schedule in paragraph 27 below. The frequencies vary between quarterly, semi-annual and annual reporting depending upon the nature of the specific disclosure requirement. If a bank publishes interim financial statements, then the bank should publish the quarterly Pillar 3 report, three (3) weeks after the interim financial statements are published. For banks who do not have an interim financial statement, the Pillar 3 quarterly report needs to be published 6 weeks from quarter end.
9.A bank’s Pillar 3 report should be published with its financial report for the corresponding period as mandated in paragraph 8 above. If a Pillar 3 disclosure is required to be published for a period when a bank does not produce any financial report, the disclosure requirement should be published as soon as possible. However, the time lag should not exceed that allowed to the bank for its regular financial reporting period-ends (e.g. if a bank reports only annually and its annual financial statements are made available six weeks after the end of the annual reporting period-end, interim Pillar 3 disclosures on a quarterly and/or semi-annual basis should be available within six weeks after the end of the relevant quarter or semester).
Assurance of Pillar 3 data
10.The information provided by banks under Pillar 3 should be subject, at a minimum, to the same level of internal review and internal control processes as the information provided by banks for their financial reporting (i.e. the level of assurance should be the same as for information provided within the management discussion and analysis part of the financial report).
1. •The Pillar 3 Disclosures and reports have to be reviewed by internal audit of all bank for all Pillar 3 reports.
2. •All local banks and large foreign banks will need to have the annual Pillar 3 reports externally audited every two (2) years and smaller foreign banks (as defined in paragraph 27) will need to have the annual Pillar 3 reports externally audited every four (4) years.
11.Banks should also have a formal board-approved disclosure policy for Pillar 3 information that sets out the internal controls and procedures for disclosure of such information. The key elements of this policy should be described in the year-end Pillar 3 report. The board of directors and senior management are responsible for establishing and maintaining an effective internal control structure over the disclosure of financial information, including Pillar 3 disclosures. They should also ensure that appropriate review of the disclosures takes place. One or more senior officers of a bank, ideally at board level or equivalent, should attest in writing that Pillar 3 disclosures have been prepared in accordance with the board-agreed internal control processes. For larger banks, Board member attestation will be expected.
Proprietary and confidential information
12.The Central Bank believes that the disclosure requirements set out below strike an appropriate balance between the need for meaningful disclosure and the protection of proprietary and confidential information. In exceptional cases, disclosure of certain items required by Pillar 3 may reveal the position of a bank or contravene its legal obligations by making public information that is proprietary or confidential in nature. In such cases, a bank would need to approach the Central Bank first and obtain approval for non-disclosure of such information they deem to be confidential. The Central Bank will review the information and provide approval if the bank does not need to disclose those specific items, but should disclose more general information about the subject matter of the requirement instead. The bank should also explain to Central Bank the specific items of information that cannot be disclosed and the reasons for this.

B. Guiding Principles for Banks’ Pillar 3 Disclosures
13.The Central Bank has agreed upon five guiding principles for banks’ Pillar 3 disclosures. Pillar 3 complements the minimum risk-based capital requirements and other quantitative requirements (Pillar 1) and the supervisory review process (Pillar 2) and aims to promote market discipline by providing meaningful regulatory information to investors and other interested parties on a consistent and comparable basis. The guiding principles aim to provide a firm foundation for achieving transparent, high-quality Pillar 3 risk disclosures that will enable users to better understand and compare a bank’s business and its risks.
14.The principles are as follows:
Principle 1: Disclosures should be clear
Disclosures should be presented in a form that is understandable to key stakeholders (i.e. investors, analysts, financial customers and others) and communicated through an accessible medium. Important messages should be highlighted and easy to find. Complex issues should be explained in simple language with important terms defined. Related risk information should be presented together.
Principle 2: Disclosures should be comprehensive
Disclosures should describe a bank’s main activities and all significant risks, supported by relevant underlying data and information. Significant changes in risk exposures between reporting periods should be described, together with the appropriate response by management.
Disclosures should provide sufficient information in both qualitative and quantitative terms on a bank’s processes and procedures for identifying, measuring and managing those risks. The level of detail of such disclosure should be proportionate to a bank’s complexity.
Approaches to disclosure should be sufficiently flexible to reflect how senior management and the board of directors internally assess and manage risks and strategy, helping users to better understand a bank’s risk tolerance/appetite.
Principle 3: Disclosures should be meaningful to users
Disclosures should highlight a bank’s most significant current and emerging risks and how those risks are managed, including information that is likely to receive market attention. Where meaningful, linkages should be provided to line items on the balance sheet or the income statement. Disclosures that do not add value to users’ understanding or do not communicate useful information should be avoided. Furthermore, information, which is no longer meaningful or relevant to users, should be removed.
Principle 4: Disclosures should be consistent over time
Disclosures should be consistent over time to enable key stakeholders to identify trends in a bank’s risk profile across all significant aspects of its business. Additions, deletions and other important changes in disclosures from previous reports, including those arising from a bank’s specific, regulatory or market developments, should be highlighted and explained.
Principle 5: Disclosures should be comparable across banks
The level of detail and the format of presentation of disclosures should enable key stakeholders to perform meaningful comparisons of business activities, prudential metrics, risks and risk management between banks and across jurisdictions.

C. Presentation of the Disclosure Requirements
Templates and tables
15.The disclosure requirements are presented either in the form of templates or of tables. Templates should be completed with quantitative data in accordance with the definitions provided. Tables generally relate to qualitative requirements, but quantitative information is also required in some instances. Banks may choose the format they prefer when presenting the information requested in tables.
16.In line with Principle 3 above, the information provided in the templates and tables should be meaningful to users. The disclosure requirements in this guidance that necessitate an assessment from banks are specifically identified. When preparing these individual tables and templates, banks will need to consider carefully how widely the disclosure requirement should apply. If a bank considers that the information requested in a template or table would not be meaningful to users, for example because the exposures and RWA amounts are deemed immaterial, it may choose not to disclose part or all of the information requested. In such circumstances, however, the bank will be required to explain in a narrative commentary why it considers such information not to be meaningful to users. It should describe the portfolios excluded from the disclosure requirement and the aggregate total RWAs those portfolios represent.
Templates with a fixed format
17.Where the format of a template is described as fixed, banks should complete the fields in accordance with the instructions given.
18.If a row/column is not considered to be relevant to a bank’s activities the bank may delete the specific row/column from the template, but the numbering of the subsequent rows and columns should not be altered. Banks may add extra rows and extra columns to fixed format templates if they wish to provide additional detail to a disclosure requirement by adding sub-rows or columns, but the numbering of prescribed rows and columns in the template should not be altered.
Templates/tables with a flexible format
19.Where the format of a template is described as flexible, banks may present the required information either in the format provided in this guidance or in one that better suits the bank. The format for the presentation of qualitative information in tables is not prescribed.
20.However, where a customized presentation of the information is used, the bank should provide information comparable with that required in the disclosure requirement (i.e. at a similar level of granularity as if the template/table were completed as presented in this document).
Signposting
21.Banks may disclose in a document separate from their Pillar 3 report (e.g. in a bank’s annual report or through published regulatory reporting) the templates/tables with a flexible format, and the fixed format templates where the criteria in paragraph 22 are met. In such circumstances, the specific Pillar 3 table(s) may form a section in a bank’s financial reporting, but the full table will be needed to be disclosed in the Pillar 3 tables separately as well.
22.The disclosure requirements for templates with a fixed format can be disclosed by banks in a separate document other than the Pillar 3 report provided all of the following criteria are met:
1. •the information contained in the signposted document is equivalent in terms of presentation and content to that required in the fixed template and allows users to make meaningful comparisons with information provided by banks disclosing the fixed format templates;
2. •the information contained in the signposted document is based on the same scope of consolidation as the one used in the disclosure requirement;
3. •the disclosure in the signposted document is mandatory.
Banks should note that although signposting may be allowed in the annual report, the bank would still need to disclose this table separately in the Pillar 3 Disclosure along with all other tables mentioned in paragraph 27 below.
23.Banks can only make use of signposting to another document if the level of assurance on the reliability of data in the separate document are equivalent to, or greater than, the internal assurance level required for the Pillar 3 report (see sections on reporting and assurance of Pillar 3 data above).
Qualitative narrative to accompany the disclosure requirements
24.Banks are expected to supplement the quantitative information provided in both fixed and flexible templates with a narrative commentary to explain at least any significant changes between reporting periods and any other issues that management considers to be of interest to market participants. The form taken by this additional narrative is at the bank’s discretion.
25.Disclosure of additional quantitative and qualitative information will provide market participants with a broader picture of a bank´s risk position and promote market discipline.
26.Additional voluntary risk disclosures allow banks to present information relevant to their business model that may not be adequately captured by the standardised requirements. Additional quantitative information that banks choose to disclose should provide sufficient meaningful information to enable market participants to understand and analyze any figures provided. It should also be accompanied by a qualitative discussion. Any additional disclosure should comply with the five guiding principles set out in paragraph 14 above.

D. Format and Reporting Frequency of Each Disclosure Requirement

27.The schedule below presents a summary of the disclosure requirements, whether they are required in a fixed or flexible format. It also lists the publishing frequency associated with each template and table. Please also note that the below tables will be available as an Excel file on the Central Bank alert portal on the Central Bank's website for download.
Please note: It is mandatory for all local banks to report all tables as per below schedule. It is also mandatory for branches of foreign banks with RWA of more than AED 5 billion to report all tables as per below schedule.
Branches of foreign banks with RWA of less than AED 5 billion should report the below tables highlighted in Yellow and BOLD only as mandatory.

Topic	Table	Information Overview	Format	Disclosure Frequency
Overview of risk management and RWA	KM1	Key metrics (at consolidated group level)	Fixed	Quarterly
	OVA	Bank risk management approach	Flexible	Annual
	OV1	Overview of RWA	Fixed	Quarterly
Linkages between financial statements and regulatory exposures	LI1	Differences between accounting and regulatory scopes of consolidation and mapping of financial statement categories with regulatory risk categories	Flexible	Annual
	LI2	Main sources of differences between regulatory exposure amounts and carrying values in financial statements	Flexible	Annual
	LIA	Explanations of differences between accounting and regulatory exposure amounts	Flexible	Annual
Prudential valuation adjustments	PV1	Prudent valuation adjustments	Fixed	Annual
Composition of capital	CC1	Composition of regulatory capital	Fixed	Semi-annual
	CC2	Reconciliation of regulatory capital to balance sheet	Flexible	Semi-annual
	CCA	Main features of regulatory capital instruments	Fixed	Semi-annual
Macroprudential Supervisory measures	CCyB1	Geographical distribution of credit exposures used in the countercyclical buffer	Flexible	Semi-annual
Macroprudential Supervisory measures	LR1	Summary comparison of accounting assets vs leverage ratio exposure measure (January 2014 standards)	Fixed	Quarterly
Leverage ratio	LR2	Leverage ratio common disclosure template (January 2014 standards)	Fixed	Quarterly
Leverage ratio	LIQA	Liquidity risk management	Flexible	Annual
Liquidity	LIQ1	Liquidity Coverage Ratio	Fixed	Quarterly
	LIQ2	Net Stable Funding Ratio	Fixed	Semi-annual
	CRA	General qualitative information about credit risk	Flexible	Annual
Credit risk	CR1	Credit quality of assets	Fixed	Semi-annual
	CR2	Changes in the stock of defaulted loans and debt securities	Fixed	Semi-annual
	CRB	Additional disclosure related to credit quality of assets	Flexible	Annual
	CRC	Qualitative information on the mitigation of credit risk	Flexible	Annual
	CR3	Credit risk mitigation techniques – overview	Fixed	Semi-annual
	CRD	Qualitative disclosures on banks' use of external credit ratings under the standardised approach for credit risk	Flexible	Annual
	CR4	Standardised approach - credit risk exposure and CRM effects	Fixed	Semi-annual
	CR5	Standardised approach - exposures by asset classes and risk weights	Fixed	Semi-annual
	CCRA	Qualitative disclosure related to CCR	Flexible	Annual
Counterparty credit risk (CCR)	CCR1	Analysis of CCR by approach	Fixed	Semi-annual
	CCR2	Credit valuation adjustment capital charge	Fixed	Semi-annual
	CCR3	Standardised approach - CCR exposures by regulatory portfolio and risk weights	Fixed	Semi-annual
	CCR5	Composition of collateral for CCR exposure	Flexible	Semi-annual
	CCR6	Credit derivatives exposures	Flexible	Semi-annual
	CCR8	Exposures to central counterparties	Fixed	Semi-annual
	SECA	Qualitative disclosures related to securitisation exposures	Flexible	Annual
Securitisation	SEC1	Securitisation exposures in the banking book	Flexible	Semi-annual
	SEC2	Securitisation exposures in the trading book	Flexible	Semi-annual
	SEC3	Securitisation exposures in the banking book and associated regulatory capital requirements - bank acting as originator or as sponsor	Fixed	Semi-annual
	SEC4	Securitisation exposures in the trading book and associated capital requirements - bank acting as investor	Fixed	Semi-annual
	MRA	General qualitative disclosure requirements related to market risk	Flexible	Annual
Market risk	MR1	Market risk under the standardised approach	Fixed	Semi-annual
Market risk	IRRBBA	IRRBB risk management objectives and policies	Flexible	Annual
Interest rate risk in the banking book (IRRBB)	IRRBB1	Quantitative information on IRRBB	Fixed	Annual
Interest rate risk in the banking book (IRRBB)	OR1	Qualitative disclosures on operational risk	Flexible	Annual
Operational risk	REMA	Remuneration policy	Flexible	Annual
Remuneration Policy	REM1	Remuneration awarded during the financial year	Flexible	Annual
	REM2	Special payments	Flexible	Annual
	REM3	Deferred remuneration	Flexible	Annual

Frequently Asked Questions (FAQ)
Question 1: One or more senior officers of a bank, ideally at board level or equivalent, should attest in writing that Pillar 3 disclosures have been prepared in accordance with the board-agreed internal control processes.For banks of foreign branches, is Country Manager or CFO at Head office attestation sufficient?
For local banks and large foreign banks, Board member attestation will be expected. For smaller foreign bank branches, Country Manager/GM will be sufficient
Question 2: There are requirements on the Pillar III disclosure that is dependent on the BASEL returns (BRF 95), in relation to this, the submission that mentions 6 weeks after the end of the relevant quarter starts from the BASEL quarter reporting deadline or actual quarter end?
Pillar 3 disclosure submission will be 6 weeks after the quarter end date. For example, December quarter submission will be 6 weeks from December 31^st and not 6 weeks from January 31^st. Since the BRF95 should mandatorily be submitted by banks within 4 weeks from quarter end, the bank still has additional 2 weeks to complete the Pillar 3 disclosures based on BRF95.
Question 3: Pillar 3 applies to all banks in the UAE at the top consolidated level for local banks...Please clarify in case of subsidiary of a bank, whether revised pillar 3 disclosures will be required to be prepared at consolidated Group level or stand-alone level?
Bank subsidiaries will be consolidated at stand-alone subsidiary level and the group bank will be consolidated at the stand-alone of the group bank only without the bank’s subsidiary data.
Question 4: Pillar 3 disclosures can be presented in a separate report; however, Can it be signposted to the audited financial statements?
Signposting is allowed if the bank chooses to use the same template in their audited financial statements but a separate reporting template needs to be prepared as per Pillar 3 templates which is mandatory and cannot be omitted from the Pillar 3 tables.
Question 5: If any section/ table of Template is not applicable to the Bank (i.e.DSIBs, Securitisation), shall the Bank exclude this section/ table completely irrespective of type of table.
Yes, banks can exclude the tables/templates not pertaining to the bank, for example DSIB and Securitisation
Question 6: Banks should also have a formal board-approved disclosure policy for Pillar 3 information that sets out the internal controls and procedures for disclosure of such information.Should this formal Disclosure policy still be submitted to Central Bank along with ICAAP or it shall only be published / disclosed as mentioned?
The formal disclosure policy should not be submitted but should be available on request by Central Bank of UAE.
Question 7: Will it be sufficient to publish Basel 3 disclosures on its investor relations page on the bank’s website without any physical printouts?
Banks should publish their Pillar 3 report in a stand-alone document on the bank’s UAE-specific website. This can be anywhere on the website but it needs to be clearly visible and easily available for all stakeholders. Banks which do not have a UAE-Specific website should create a website specific to UAE so that all stakeholders can have access to the Pillar 3 disclosures of the bank.
Question 8: For REM1 template, is Central Bank expecting the Bank to report overseas earnings or only the locally paid compensation? Are deferrals awarded in the current year only to be reported? If an employee has a deferral which has a tranche of a prior year paid out after they have left the Branch, is it expected that this would be reported or not? If a prior year tranches awarded is reported should this be reported if the individual is no longer an employee of the Branch?
All contract earnings of all employees need to be reported even if the employee is earning compensation in UAE and outside UAE. The full contractual award needs to be mentioned and not only the physical payout
Question 9: Is the End of Service Benefit (EOSB) i.e.severance payment for a normal leaver to be reported depending upon the definition of “other material risk taker” OR are banks also required to report any additional payment such as a redundancy type payment? Should a transfer of Senior Management personnel or Other Material Risk-takers to other branch of the Bank be considered as severance for reporting purpose?
All payments regardless of the type of payment based on the contract needs to be reported
Question 10: For branches of foreign banks where the Head Office reports to the home regulator, there are pre-fixed formats prepared and submitted at a frequency as stipulated by home regulator.Can the branch of foreign banks provide such reports in UAE which are submitted to the home regulator as a part of UAE Pillar 3 Disclosures?
Reports sent between Head Office and UAE needs to be separated and only the Pillar 3 disclosures as per this Guidance needs to be reported for UAE branches in the mandatory formats published here.
Question 11: What does “Fully loaded” ECL accounting model mean and what is the difference between total capital and fully loaded capital?
"Fully Loaded" means bank’s regulatory capital compared with a situation where the transitional arrangement had not been applied
Question 12: For branches of foreign banks, would Central Bank allow for a transition period if the threshold for partial disclosure is reached? (i.e.if RWA exceed AED 5 billion)
Transition will be granted on a case by case basis
Question 13: Currently CCyB buffer is 0% in UAE.In this case, what do banks need to report in CCyB template?
Currently CCyB is not applicable in UAE but if banks in UAE have branches in other countries this needs to be reported if CCyB is being reported as per that foreign country’s regulations. Banks, hence, need to calculate and fill the CCyB1 as explained in the Capital Supply standards.
Question 14: In Sheet CR5, for "Unrated" Category, should we include the Post CRM and CCF amounts in their respective Risk Weight categories or should we club it under "Others"?
Yes, it can be placed in “Others” along with any other ratings.
Question 15: In Sheet OV1, is the minimum requirements simply 10.5% of the RWA.
Pillar 1 capital requirements at the reporting date will normally be RWA*10.5% but may differ if a floor is applicable or adjustments (such as scaling factors).
Question 16: CCR8 requires Bank to report Exposures to Non QCCPs (excluding initial margin and default fund contribution) arising of (i) OTC derivatives, (ii) Exchange-traded derivatives, (iii) Securities financing transactions & (iv) Netting sets where cross-product netting has been approved.Does this mean the Exposures computed under SA-CCR which are eligible under Netting Jurisdiction to be disclosed under (iv)?
Currently, UAE has no netting jurisdiction but such exposures reported will be taken into consideration on a case-by-case basis.
Question 17: LIQA, Liquidity exposures and funding needs at the level of individual legal entities, foreign branches and subsidiaries, taking into account legal, regulatory and operational limitations on the transferability of capital.Are insurance or non-bank subsidiaries to be included?
All entities that are consolidated by the bank must be included.
Question 18: LIQA, Balance sheet and off-balance sheet items broken down into maturity buckets and the resultant liquidity gaps.Is there any format for reporting the liquidity gap report?
As per BRF 9 reported by the bank. The bank may add a section for Off Balance sheet as required

Leverage Ratio

Leverage Ratio

Introduction
1.Risk-based capital adequacy ratios measure the extent to which a bank has sufficient capital relative to the risk of its business activities. They are based on a foundational principle: that a bank that takes higher risks should have higher capital to compensate.
2.Leverage, on the other hand, measures the extent to which a bank has financed its assets with equity. It does not matter what those assets are, or their risk characteristics. The leverage ratio, by placing an absolute cap on exposures relative to a bank’s capital, is an important component of the Central Bank capital framework, and complements the risk-based capital adequacy regime. However, neither of these parts of the framework stands alone: it is important to look at Central Bank capital requirements as a package of constraints that mutually reinforce prudent behaviour. Even though the leverage ratio has been designed as a backstop, it must be a meaningful backstop if it is to serve its intended purpose.
3.One of the underlying causes of the global financial crisis is believed to have been the build-up of excessive on- and off-balance-sheet leverage in the banking system. At the height of the crisis, developments in financial markets forced banks to reduce leverage in a manner that likely amplified downward pressures on asset prices. This deleveraging process exacerbated the feedback loop between losses, falling bank capital, and shrinking credit availability.
4.The Central Bank’s leverage ratio framework introduces a simple, transparent, non-risk-based leverage ratio to act as a credible supplementary measure to the risk-based capital requirements. The leverage ratio is intended to:
•restrict the build-up of leverage in the banking sector to avoid destabilizing deleveraging processes that can damage the broader financial system and the economy; and
•reinforce the risk-based requirements with a simple, non-risk-based “backstop” measure.
5.The Basel Committee on Banking Supervision (BCBS) adopted the leverage ratio with the launch of Basel III in December 2010. A revised leverage ratio framework, titled Basel III Leverage Ratio Framework and Disclosure Requirements, was published in January 2014. In December 2017, the leverage ratio was finalized along with the rest of the Basel III capital framework. Prior to each release of the leverage ratio, the BCBS published consultative documentation and sought comments from the industry. Additionally, in 2015 and 2017, the BCBS published revised Pillar 3 disclosure requirements, including updated disclosure requirements for the leverage ratio.
6.In designing the UAE leverage ratio framework, the Central Bank considered the full evolution of the BCBS leverage ratio, including consultative frameworks, reporting requirements, and comments raised by banks and industry bodies across the globe. The Central Bank’s Standards for Leverage Ratio is based closely on the requirements articulated by the BCBS in the document Basel III: Finalising post-crisis reforms, December 2017.
7.This Guidance should be read in conjunction with the Central Bank’s Standards on Leverage Ratio, as it is intended to provide clarification of the requirements of that Standards, and together with that Standards supports the Central Bank’s Regulations Re Capital Adequacy.

Clarifications of the Standards
8.The leverage ratio framework is designed to capture leverage associated with both on- and off-balance-sheet exposures. It also aims to make use of accounting measures to the greatest extent possible, while at the same time addressing concerns that (i) different accounting frameworks across jurisdictions raise level playing field issues and (ii) a framework based exclusively on accounting measures may not capture all risks.

Leverage Ratio and Capital
9.The leverage ratio is defined as the capital measure divided by the exposure measure, expressed as a percentage:

10.The capital measure is Tier 1 capital as defined for the purposes of the Central Bank risk-based capital framework, subject to transitional arrangements. In other words, the capital measure for the leverage ratio at a particular point in time is the applicable Tier 1 capital measure at that time under the risk-based framework.
11.The minimum requirement for the leverage ratio is established in the Central Bank’s Regulations Re Capital Adequacy.
12.The Standards includes the possibility that the Central Bank may consider temporarily exempting certain central bank “reserves” from the leverage ratio exposure measure to facilitate the implementation of monetary policies in exceptional macroeconomic circumstances. In this context, the term “reserves” refers to certain bank balances or placements at the Central Bank. Certain other jurisdictions have pursued monetary policies that resulted in a significant expansion of such bank balances at the Central Bank, for example through policies commonly described as “quantitative easing.” While the Central Bank has no plan to implement such policies, the inclusion of this flexibility in the Standards ensures that, in the event that such policies were to be implemented, the minimum leverage requirement could be adjusted in a manner that allows it to continue to serve its appropriate prudential role. Per the requirements of the BCBS framework, the Central Bank would also increase the calibration of the minimum leverage ratio requirement commensurately to offset the impact of exempting central bank reserves, since actual bank leverage ratios would be expected to increase due to the exclusion of these exposures.

Scope of Consolidation
13.The framework applies on a consolidated basis, following the same scope of regulatory consolidation used in the risk-based capital requirements (see Regulations re Capital Adequacy). For example, if proportional consolidation is applied for regulatory consolidation under the risk-based framework, the same criteria shall be applied for leverage ratio purposes.
14.Where a banking, financial, insurance or commercial entity is outside the scope of regulatory consolidation, only the investment in the capital of such entities (that is, only the carrying value of the investment, as opposed to the underlying assets and other exposures of the investee) is included in the exposure measure. However, any such investments that are deducted from Tier 1 capital may be excluded from the exposure measure.

Exposure Measure
15.The exposure measure includes both on-balance-sheet exposures and off-balance-sheet (OBS) items. On-balance-sheet exposures are generally included at their accounting value, although exposures arising from derivatives transactions and securities financing transactions (SFTs) are subject to separate treatment.
16.Except where a different treatment is specified, no offset is allowed for physical or financial collateral held, guarantees in favour of the bank or other credit risk mitigation techniques.
17.Balance sheet assets that are deducted from Tier 1 capital may also be deducted from the exposure measure. For example:
•Where a banking, financial or insurance entity is not included in the regulatory scope of consolidation, the amount of any investment in the capital of that entity that is totally or partially deducted from Common Equity Tier 1 (CET1) or Additional Tier 1 capital may also be deducted from the leverage ratio exposure measure.
•Prudent valuation adjustments for exposures to less liquid positions that are deducted from Tier 1 capital as per the Central Bank’s Market Risk Standards may be deducted from the leverage ratio exposure measure.
18.Liability items must not be deducted from the leverage ratio exposure measure. For example, gains/losses on fair valued liabilities or accounting value adjustments on derivative liabilities due to changes in the bank’s own credit risk must not be deducted from the leverage ratio exposure measure.
19.The Central Bank will be vigilant to transactions and structures that have the result of inadequately capturing banks’ sources of leverage. Examples of concerns that might arise in such leverage ratio exposure measure minimizing transactions and structures may include: securities financing transactions where exposure to the counterparty increases as the counterparty’s credit quality decreases or securities financing transactions in which the credit quality of the counterparty is positively correlated with the value of the securities received in the transaction (i.e. the credit quality of the counterparty falls when the value of the securities falls); banks that normally act as principal but adopt an agency model to transact in derivatives and SFTs in order to benefit from the more favorable treatment permitted for agency transactions under the leverage ratio framework; collateral swap trades structured to mitigate inclusion in the leverage ratio exposure measure; or use of structures to move assets off the balance sheet. This list of examples is by no means exhaustive.

On-Balance Sheet Exposures
20.Where a bank recognizes fiduciary assets on the balance sheet, these assets can be excluded from the leverage ratio exposure measure provided that the assets meet the IFRS 9 criteria for de-recognition and, where applicable, IFRS 10 for deconsolidation.

Derivative Exposures
21.The basis for the framework’s treatment of derivative transactions is a modified version of Standardised Approach to Counterparty Credit Risk (SA-CCR) in Basel III. It captures both the exposure arising from the underlying of the derivative contract and the related counterparty credit risk. The exposure measure amount is generally equal to the sum of the replacement cost (the mark-to-market value of contracts with positive value) and an add-on representing the transaction’s potential future exposure, with that sum multiplied by a scaling factor of 1.4. Valid bilateral netting contracts can reduce the exposure amount, but collateral received generally cannot. There are specific rules governing the treatment of cash variation margin, clearing services and written credit derivatives.
22.If, under a bank’s operative accounting standards, there is no accounting measure of exposure for certain derivative instruments because they are held (completely) off balance sheet, the bank must use the sum of positive fair values of these derivatives as the replacement cost.
23.Netting across product categories such as derivatives and SFTs is not permitted in determining the leverage ratio exposure measure. However, where a bank has a cross-product netting agreement in place that meets the eligibility criteria; it may choose to perform netting separately in each product category provided that all other conditions for netting in this product category that are applicable to the leverage ratio framework are met.”
24.Variation margin may be netted against derivative exposures, but only where the margin is paid in cash. This is the appropriate treatment for the leverage calculation, since the cash margin payment is, for all intents and purposes, a settlement of a liability. It also has the advantage, as would not have otherwise been the case, of encouraging the good risk management practice of taking cash collateral against derivative exposures, and is consistent with broader regulatory objectives that promote the margining of OTC derivatives.
25.One of the criteria necessary in order to recognize cash variation margin received as a form of pre-settlement payment is that variation margin exchanged must be the full amount necessary to extinguish the mark-to-market exposure of the derivative. In situations where a margin dispute arises, the amount of non-disputed variation margin that has been exchanged can be recognized.
26.Where a bank provides clearing services as a “higher level client” within a multi-level client structure, the bank need not recognize in its leverage ratio exposure measure the resulting trade exposures to the ultimate clearing member (CM) or to an entity that provides higher-level services to the bank if it meets specific conditions.
27.Among these conditions is a requirement that offsetting transactions are identified by the QCCP as higher level client transactions and collateral to support them is held by the QCCP and/or the CM, as applicable, under arrangements that prevent any losses to the higher level client due to the joint default or insolvency of the CM and any of its other clients. To clarify, upon the insolvency of the clearing member, there must be no legal impediment (other than the need to obtain a court order to which the client is entitled) to the transfer of the collateral belonging to clients of a defaulting clearing member to the QCCP, to one or more other surviving clearing members or to the client or the client’s nominee.
28.Another required condition is that relevant laws, regulation, rules, contractual or administrative arrangements provide that the offsetting transactions with the defaulted or insolvent CM are highly likely to continue to be indirectly transacted through the QCCP, or by the QCCP, if the CM defaults or becomes insolvent. Assessing whether trades are highly likely to be ported should consider factors such as a clear precedent for transactions being ported at a QCCP, and industry intent for this practice to continue. The fact that QCCP documentation does not prohibit client trades from being ported is not sufficient to conclude that they are highly likely to be ported.
29.The effective notional amount referenced by a written credit derivative is to be included in the leverage ratio exposure measure. Note that this is added to the general exposure measure for derivatives because a written credit derivative exposes a bank both to counterparty credit risk and to credit risk from the underlying reference entity for the derivative.
30.The effective notional amount of a written credit derivative may be reduced by any negative change in fair value amount that has been incorporated into the calculation of Tier 1 capital with respect to the written credit derivative. For example, if a written credit derivative had a positive fair value of 20 on one date, but then declines by 30 to have a negative fair value of 10 on a subsequent reporting date, the effective notional amount of the credit derivative may be reduced by 10 – the effective notional amount may not be reduced by 30. However, if on the subsequent reporting date, the credit derivative has a positive fair value of five, the effective notional amount cannot be reduced at all. This treatment is consistent with the rationale that the effective notional amounts included in the exposure measure may be capped at the level of the maximum potential loss, which means that the maximum potential loss at the reporting date is the notional amount of the credit derivative minus any negative fair value that has already reduced Tier 1 capital.
31.The resulting exposure amount for a written credit derivative may be further reduced by the effective notional amount of a purchased credit derivative on the same reference name, provided that certain conditions are met. Among these conditions is a requirement that credit protection purchased through credit derivatives is otherwise subject to the same or more conservative terms as those in the corresponding written credit derivative. For example, the application of the same material terms would result in the following treatments:
•In the case of single name credit derivatives, the credit protection purchased through credit derivatives is on a reference obligation that ranks pari passu with, or is junior to, the underlying reference obligation of the written credit derivative. Credit protection purchased through credit derivatives that references a subordinated position may offset written credit derivatives on a more senior position of the same reference entity as long as a credit event on the senior reference asset would result in a credit event on the subordinated reference asset.
•For tranched products, the credit protection purchased through credit derivatives must be on a reference obligation with the same level of seniority.
32.Another required condition is that the credit protection purchased through credit derivatives is not purchased from a counterparty whose credit quality is highly correlated with the value of the reference obligation, which would generate wrong-way risk. Specifically, the credit quality of the counterparty must not be positively correlated with the value of the reference obligation (i.e. the credit quality of the counterparty falls when the value of the reference obligation falls and the value of the purchased credit derivative increases). This determination should reflect careful analysis of the actual risk; a legal connection does not need to exist between the counterparty and the underlying reference entity.
33.For the purposes of the leverage ratio, the term “written credit derivative” refers to a broad range of credit derivatives through which a bank effectively provides credit protection and is not limited solely to credit default swaps and total return swaps. For example, all options where the bank has the obligation to provide credit protection under certain conditions qualify as “written credit derivatives.” The effective notional amount of such options sold by the bank may be offset by the effective notional amount of options by which the bank has the right to purchase credit protection that fulfils the conditions stated in the Standards. For example, to have the same or more conservative material terms, the strike price of the underlying purchased credit protection would need to be equal to or lower than the strike price of the underlying sold credit protection.

Securities Financing Transaction (SFT) Exposures
34.Secured lending and borrowing in the form of SFTs is an important source of leverage. How the framework measures exposure from SFTs depends on whether the bank is acting as a principal or agent. For principal banks, the exposure measure is equal to the sum of gross SFT assets (gross receivables related to SFTs, with some adjustments) and an amount representing counterparty credit risk. When acting as an agent, depending on the structure of the SFT, a bank may be able to ignore the collateral involved and reflect only the counterparty credit risk component, or it may have to include both. The framework also includes specific rules for SFTs that qualify for sale treatment under the operative accounting regime.
35.A degree of netting is allowed for SFTs, but only where strict criteria are met (for example, same counterparty, same maturity date). In these cases, the net position provides the better measure of the degree of leverage in a set of transactions between counterparties.
36.When a bank acts as a principal, its SFT exposure is the sum of gross SFT assets (subject to adjustments) and a measure of counterparty credit risk calculated as the current exposure without an add-on for potential future exposure.
37.For SFT assets subject to novation and cleared through QCCPs, “gross SFT assets recognized for accounting purposes” are replaced by the final contractual exposure, that is, the exposure to the QCCP after the process of novation has been applied, given that pre-existing contracts have been replaced by new legal obligations through the novation process. However, banks can only net cash receivables and cash payables with a QCCP if the requisite criteria are met. Any other netting permitted by the QCCP is not permitted for the purposes of the Basel III leverage ratio. Gross SFT assets recognized for accounting purposes must not recognize any accounting netting of cash payables against cash receivables (e.g. as currently permitted under the IFRS accounting framework). This regulatory treatment has the benefit of avoiding inconsistencies from netting which may arise across different accounting regimes.
38.Where a bank acting as an agent in an SFT does not provide an indemnity or guarantee to any of the involved parties, the bank is not exposed to the SFT and therefore need not recognize those SFTs in its leverage ratio exposure measure.
39.In situations where a bank is economically exposed beyond providing an indemnity or guarantee for the difference between the value of the security or cash its customer has lent and the value of the collateral the borrower has provided, a further exposure equal to the full amount of the security or cash must be included in the leverage ratio exposure measure. An example of this scenario could arise due to the bank managing collateral received in the bank’s name or on its own account rather than on the customer’s or borrower’s account (e.g. by on-lending or managing unsegregated collateral, cash or securities). However, this does not apply to client omnibus accounts that are used by agent lenders to hold and manage client collateral provided that client collateral is segregated from the bank’s proprietary assets and the bank calculates the exposure on a client-by-client basis.

Off-Balance Sheet Items
40.OBS items arise from such transactions as credit and liquidity commitments, guarantees and standby letters of credit. The amount that is included in the exposure measure is determined by multiplying the notional amount of an OBS item by the relevant credit conversion factor (CCF) from the Central Bank’s Standards for Leverage Ratio.
41.The off-balance-sheet exposure measure will be calculated using credit equivalent values. This reflects the fact that the degree of leverage in these transactions is not the same as if banks had made fully funded loans. That is, a 100% credit conversion factor (CCF) overestimates leverage. The use of standardised CCFs retains a consistent and conservative treatment that is not dependent on the risk of the bank’s counterparty.
42.Where there is an undertaking to provide a commitment on an off-balance-sheet item, banks are to apply the lower of the two applicable CCFs. For example:
•If a bank has a commitment to open short-term self-liquidating trade letters of credit arising from the movement of goods, a 20% CCF will apply, instead of a 40% CCF; and
•If a bank has an unconditionally cancellable commitment to issue direct credit substitutes, a 10% CCF will apply, instead of a 100% CCF.

Frequently Asked Questions
Question 1: Is the starting point for the leverage ratio exposure calculation total on-balance-sheet assets as reported in the financial statements?
Yes, total assets are the correct starting point, with adjustments as specified in the Standards, and with additions for off-balance-sheet exposure as required under the Standards.
Question 2: Should aspects of derivatives exposures or SFT exposures that are on the balance sheet be included as part of on-balance-sheet exposure, or as part of derivatives or SFT exposure?
Certain exposures related to derivatives may appear on the balance sheet; the same is true for SFTs. Those exposures related to derivatives or SFTs should be excluded from the on-balance-sheet component of the leverage ratio exposure calculation, and instead included with either derivatives exposure or SFT exposure, as appropriate.
Question 3: Why is collateral on the bank’s balance sheet part of the exposure measure for the leverage ratio calculation?
The leverage ratio framework as developed by the Basel Committee treats all assets on a bank’s balance sheet as creating equal risk. If the bank holds collateral on its balance sheet, the collateral is an asset of the bank, and changes in the value of that collateral affect the bank’s total assets and capital. In this sense, the leverage ratio calculation treats collateral as an additional source of risk exposure to the bank, even though the purpose of taking the collateral may be credit risk mitigation. The leverage ratio treats most types of secured exposures the same way, on a gross basis without taking into account the effects of collateral.
Question 4: Is the calculation of counterparty credit risk exposure the same as the calculation used in the SA-CCR standards of the Central Bank?
Not quite – the CCR exposure calculation for the leverage ratio is similar, but with some differences. Potential Future Exposure is different because the PFE multiplier is set equal to 1, rather than possibly being less than 1 as under the CCR Standards. Replacement Cost also differs, due to some differences in the treatment of eligible collateral. The requirements are covered in para 44 to 46 of the Leverage Ratio Standards.
Question 5: Why is the PFE multiplier set to 1 for derivatives in the calculation of the leverage ratio exposure measure?
The PFE multiplier is set to 1 because unlike the SA-CCR calculation, there is no “credit” given to the bank for overcollateralization for the leverage ratio. This is in the spirit of other aspects of the leverage ratio exposure calculation, which strictly limits the recognition of various forms of credit risk mitigation.
Question 6: What types of commitments can qualify for a CCF less than 40%?
Commitments that are unconditionally cancellable at any time by the bank without prior notice, or that effectively provide for automatic cancellation due to deterioration in a borrower’s creditworthiness, without observed constraints on the bank’s ability to cancel such commitments. As noted in the Standards, such commitments are subject to a 10% CCF.
Question 7: The Standards states “general provisions or general loan loss reserves which have reduced Tier 1 capital may be deducted from the leverage ratio exposure measure.” Does this imply that for banks under the standardised approach all general provisions held on the balance sheet are permitted to be deducted from the exposure measure?
Yes, that interpretation is correct.
Question 8: The Standards does not mention interest in suspense; are bank’s allowed to deduct this from the leverage ratio exposure measure?
No, interest in suspense should be included as an exposure. However, specific provisions for interest in suspense can be deducted.

Examples: Calculation of Gross SFT Assets
This section provides simple examples to help clarify the calculation of adjusted gross SFT assets for the leverage ratio exposure measure. These examples are for guidance only; banks should consult the actual Leverage Ratio Standards for the specific requirements. Note that the SFT examples do not include the calculation of CCR exposure for the SFTs, which is required under the leverage ratio standards.
For purposes of these examples, consider a bank with a simple initial balance sheet consisting of assets of 200 cash and 400 in investment securities, funded by 600 in equity, with no other initial liabilities. In simple T-account format, the bank’s initial position is the following:
Assets Liabilities and Equity
Cash 200
Investment Securities 400 Equity 600
600 600

Example 1: Single Repurchase Agreement
A customer obtains financing from the bank through a repurchase agreement. The customer provides securities to the bank of 110, receives cash of 100, and commits to repurchase the securities at a specified future date. This is the bank’s only SFT.
After the transaction, the bank’s balance sheet appears as follows:
Assets Liabilities and Equity
Cash 100
Investment Securities 510
Repo Encumbered
Securities -110
Cash Receivable 100 Equity 600
600 600

For purposes of the leverage ratio, gross SFT assets would be the sum of the cash receivable created and the investment securities received, 100+110, for a total of 210. However, this total is reduced by the value of the securities received under the SFT because the bank has recognized the securities as an asset on its balance sheet, leading to an adjusted gross SFT asset value of 100 for inclusion in the leverage ratio exposure measure.
Note that in this example, the net effect on leverage ratio exposure would be zero, since on-balance-sheet assets exclusive of SFT assets decline by 100.
Example 2: Single Reverse Repurchase Agreement
A bank obtains funding by reversing out securities in exchange for cash. The bank receives 100 cash, repos out 110 in securities, and will repurchase the securities at a specified future date. This is the bank’s only SFT.
After the transaction, the bank’s balance sheet appears as follows:
Assets Liabilities and Equity
Cash 300
Investment Securities 290 Cash Payable 100
Repo Encumbered Securities 110 Equity 600
700 700

For purposes of the leverage ratio, gross SFT assets would be simply the 100 cash received. Note that in this example, the net effect would be to increase the measured leverage ratio exposure by 100.
Example 3: Simple Repo Portfolio
The bank has two SFTs, the repo from Example 1 above, and the reverse repo from Example 2 above. Both SFTs are with the same counterparty, and are subject to a qualifying master netting agreement under which cash payables and receivables qualify for netting. These are the bank’s only SFTs.
After the transaction, the bank’s balance sheet appears as follows:
Assets Liabilities and Equity
Cash 200
Investment Securities 400 Cash Payable 100
Cash Receivable 100 Equity 600
700 700

Because the SFT transactions have matching terms, there are offsetting accounting entries for Repo Encumbered Securities, Investment Securities, and Cash. In this case, gross SFT assets would be 310, consisting of 100 cash receivable, 110 investment securities received, and 100 cash received. However, this total is adjusted down by the amount of the securities received and held on the balance sheet (110), and by another 100 due to the netting of the cash payable and the cash receivable, leaving an adjusted total gross SFT assets of 100 to be included in the leverage ratio exposure measure.

Minimum Capital for Banks Regulation
C 12/2021 Effective from 14/3/2021

Introduction
Under article 75 of the Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions (and its amendments), the Central Bank is required to establish regulations on the minimum capital requirement for licensed financial institutions. Through this regulation, the Central Bank establishes the minimum capital requirements for Banks.

Scope
This Regulation applies to all Banks, including branches of foreign banks, operating in the UAE.

Objective
The objective of this Regulation is to establish the minimum capital requirement for banks operating in the UAE.

Article (1): Definitions
1. 1.1 Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
2. 1.2 Central Bank: The Central Bank of the United Arab Emirates
3. 1.3 Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organisation of Financial Institutions and Activities, and its amendments.
4. 1.4 Regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
5. 1.5 Specialized Bank: A Specialized Bank as defined in and licensed under the Specialized Bank with low risk Regulation issued by the Central Bank.

Article (2): Requirement to Maintain a Minimum Level of Capital
1. 2.1 Banks must at all times maintain a minimum level of paid up capital. The level of this requirement is set in article 3 of this Regulation.
2. 2.2 This minimum level of paid-up capital must be held on an ongoing basis and is a prerequisite for licensing.

Article (3): Minimum Level of Capital Required to be Held
1. 3.1 Banks incorporated in the UAE must maintain fully paid-up capital of at least two billion Dirham (AED 2,000,000,000).
2. 3.2 Specialized Banks incorporated in the UAE must maintain fully paid-up capital of at least three hundred million Dirham (AED 300,000,000).
3. 3.3 Branches of foreign banks must maintain:
  1. 3.3.1 fully paid-up capital of at least one hundred million Dirham (AED 100,000,000) at the level of the branch; and,
  2. 3.3.2 eligible capital of at least two billion Dirham (AED 2,000,000,000) (or equivalent) at the entity level.

Article (4): Quality of the Capital to be Held
1. 4.1 The minimum capital requirement in this Regulation must be met solely with fully paid-up capital.
2. 4.2 For branches of foreign banks, fully paid-up capital at branch level shall mean funds allocated to the branch with the following characteristics:
  1. 4.2.1 the allocated funds are irrevocable, unconditional, and not subject to any restrictions;
  2. 4.2.2 the allocated funds do not bear any interest;
  3. 4.2.3 the allocated funds are paid in UAE Dirham only; and,
  4. 4.2.4 the head office has signed an undertaking to cover any shortfalls in fully paid-up capital.
  5. 4.3 For branches of foreign banks, eligible capital at entity level shall mean regulatory capital as defined under the Basel framework as implemented in the jurisdiction where the bank is incorporated.

Article (5): Interaction with Other Capital Requirements
1. 5.1 The minimum paid-up capital requirements as defined by this Regulation do not interact with the requirements of other Regulations, including the risk-based capital requirements.
2. 5.2 This implies that the minimum paid-up capital requirement of this Regulation should not be added to, subtracted from, or otherwise influence the requirements of other Regulations.
3. 5.3 This also implies that the paid-up capital used to comply with the requirements of this Regulation, is still fully available to meet the requirements of other Regulations.

Article (6): New Licensing
1. 6.1 As part of the licensing process, the Central Bank may impose higher minimum capital requirements to those defined in Article (3), and define the quality of capital eligible to meet these requirements. These higher minimum capital requirements will remain applicable until a new capital decision is taken.
2. 6.2 As part of the licensing process, applicants are required to submit a 3-year business plan. Their proposed level of paid-up capital must be sufficient to cover the expected regulatory capital requirements over that 3 year period, based on the projected activities.

Article (7): Breaching the Minimum Capital Requirement
Banks, which breach or are likely to breach the minimum paid-up capital requirement as per this Regulation must immediately inform the Central Bank thereof.

Article (8): Enforcement & Sanctions
Violation of any provision of this Regulation may be subject to supervisory actions and sanctions as deemed appropriate by the Central Bank.

Article (9): Interpretation of Regulation
The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article (10): Cancellation of Previous Circulars and Notices
This Regulation repeals and replaces the following Central Bank Circulars and Notices:
1. 10.1 Circular No. 80 dated 20 December 1981;
2. 10.2 Telex No. 82/2679 dated 2 June 1982;
3. 10.3 Telex 83/827 dated 9 March 1983;
4. 10.4 Circular No. 202 dated 7 June 1983;
5. 10.5 Circular No. 289 dated 30 July 1984; and,
6. 10.6 Circular No. 372 dated 14 January 1986.

Article (11): Publication & Effective Date
1. 11.1 This Regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.
2. 11.2 Existing Banks not meeting the requirements of this Regulation upon its coming into force, must meet the requirements by no later than 31 December 2023.

Regulation Regarding Accounting Provisions and Capital Requirements - Transitional Arrangements
C 4/2020 Effective from 22/4/2020
After greetings,
Please be informed that the Board of Directors of the Central Bank has issued Decision No. 49/3/2020 dated 5^th April 2020, regarding the Targeted Economic Support Scheme (TESS), to contain the repercussions of the COVID-19 pandemic in the UAE.
Arising from this, the Central Bank is issuing the attached “Regulation Regarding Accounting Provisions and Capital Requirements - Transitional Arrangements”.
This Regulation provides for a “Prudential Filter” that permits Banks and Finance Companies to add back increases in IFRS 9 provisions to the regulatory capital over a transition period of 5 years, on a proportionate basis.
The increase in IFRS 9 provision requirements is determined by calculating the difference between the IFRS 9 provision as at 31/12/2019 and the IFRS 9 provision as at of the respective reporting date.
The proportion of the increase in IFRS 9 provisions that is permitted to be added-back to regulatory capital from 1 January 2020 onwards will decline over a 5-year transition period (100%, 100%, 75%, 50%, 25% for the years 2020-2024).
This Regulation is effective immediately.
Any queries you may have should be submitted via the following email address:
bsed.basel@cbuae.gov.ae
Please bring this Notice to the attention of the board of directors of your institution at the next board meeting.
Yours faithfully,

Introduction
1. 1.This Regulation is issued pursuant to the powers vested in the Central Bank of the UAE (the “CBUAE”) under the Decretal Federal Law No. 14 of 2018, Regarding the Central Bank & Organization of Financial Institutions and Activities.
2. 2.The CBUAE recognizes that the International Financial Reporting Standard IFRS 9 has introduced fundamental changes in provisioning practices in qualitative and quantitative ways. The usage of economic models and economic forecasts can lead to higher volatility in the expected loss for the calculation of IFRS 9 accounting provisions. The change from incurred loss model to expected loss model has been advocated by the global regulatory community, but the regulators are also mindful of any unintended consequences. Arising from the Covid-19 developments, the CBUAE has decided to require a phasing-in of increases in IFRS 9 expected credit loss (ECL) provisions over a transition period.
3. 3.This Regulation provides for a ‘prudential filter’, through transitional arrangements, to smooth the impact of ECL accounting on Capital, based on a 5-year transitional period to manage the regulatory impact. The transitional phase is implemented with immediate effect, with the initial application of the transitional arrangements commencing retroactively on 1 January 2020.
4. 4.The portion of ECL provisions that can be included in Capital will decrease incrementally over time down to zero to ensure the full implementation of IFRS 9 by 1 January 2025.
5. 5.The CBUAE has opted to adopt a “dynamic” approach for the transition arrangements. It is aimed to address the ongoing evolution of ECL provisions (e.g. rise in ECL due to unexpectedly worsening macroeconomic outlook) during the transition period.

Article (1) Definitions
1. a)Bank: Any juridical person licensed in accordance with the provisions of the Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities, to primarily carry out the activity of taking deposits, and any other Licensed Financial Activities.
2. b)Finance Company: As defined in the “Finance Companies Regulation” (Circular 112/2018).
3. c)Capital: CET1 for banks as defined in “Regulation re Capital adequacy Circular” (52/2017) and Aggregate Capital Funds as defined in Article 11 in “Finance Companies Regulation” (Circular 112/2018).

Article (2) Scope of Application
1. 6.This Regulation applies to all Banks, including branches of foreign banks, and Finance Companies operating in the UAE.
2. 7.The ‘prudential filter’ only applies to IFRS 9 provisions and not to the CBUAE provisioning requirements contained in “Regulations for Classification of Loans and Determining their Provisions” (Circular 28/2010).
3. 8.ECL provisions subject to phase-in arrangement are IFRS 9 provisions in Stages 1 and 2 only.
4. 9.This Regulation amends the earlier provisions in relation to transitional arrangements contained in the CBUAE’s "Guidance Note to Banks and Finance Companies on the Implementation of IFRS 9 (Financial Instruments) in the UAE", issued in March 2018.

Article (3) Calculation of Transitional Adjustment Amount
1. 10.All Banks and Finance Companies must apply the transitional arrangements in accordance with this Regulation and add back to their Capital, a portion of the ECL provisions required under IFRS 9, in accordance with the following calculation:
  The IFRS 9 stage 1 and stage 2 provisions at the respective reporting date minus the IFRS 9 stage 1 and stage 2 provisions as at 31 December 2019.
2. 11.The amount to be added back to the Capital on each reporting period shall be multiplied by a designated factor for each year as stated below.
  - •100% during the period from 1 January 2020 to 31 December 2020;
  - •100% during the period from 1 January 2021 to 31 December 2021;
  - •75% during the period from 1 January 2022 to 31 December 2022;
  - •50% during the period from 1 January 2023 to 31 December 2023;
  - •25% during the period from 1 January 2024 to 31 December 2024.
3. 12.The amount of the capital relief that shall be added back to Capital calculated as Partial add-back of ECL impact to Capital = (I - t) * K;
  where:
  I = the amount calculated in accordance with paragraph 10
  t = increase of Capital that is due to tax deductibility of the amounts in paragraph 10, if applicable
  K = the applicable factor in accordance with paragraph 11
  Partial add-back is only applicable for positive values calculated herein.

Article (4) Consequential Adjustments due to Transitional Arrangement
1. 13.All Banks and Finance Companies are required to recalculate the regulatory capital requirements which are directly affected by ECL, by making the following adjustments to regulatory capital:
  1. a)The amount of deferred tax assets that shall be deducted by Banks from Capital in accordance with regulatory adjustment and threshold adjustment or risk weighted as per Section 3.10 of the Tier Capital Supply Standard (contained in the “Standards for Capital Adequacy of Banks in the UAE” issued under the CBUAE Notice No. 1733/2020).
  2. b)The specific provision credit risk adjustments by which the exposure value is reduced under the Standardized Approach for credit risk should be reduced by a factor, which has the effect of increasing the exposure value. This would ensure that Banks and Finance Companies would not benefit from both an increase in Capital due to transitional arrangements as well as a reduced exposure value.
  3. c)The amount of Tier 2 capital for Banks calculated as per Section 2.5 of the Tier Capital Supply Standard (contained in the “Standards for Capital Adequacy of Banks in the UAE” issued under the CBUAE Notice No. 1733/2020).
  4. d)Any other exposure or capital element which is directly affected by the ECL provision to ensure they do not receive an inappropriate capital relief.

Article (5) Reference to the Capital Metrics
1. 14.The adjusted figure obtained for Capital is to be used to calculate other measures of regulatory capital as well as related measures (e.g. regulatory capital ratios, leverage ratio and large exposure limits).

Article (6) Transparency and Disclosure Requirement
1. 15.Banks and Finance Companies are required to publicly disclose that the transitional arrangement is applied. Where there is a requirement to disclose Capital and other Capital related ratios (e.g. regulatory capital ratios, leverage ratio), comparative ratios to show the position had the transitional arrangements not been applied must also be disclosed. Banks should disclose this information as part of the Pillar 3 report and Finance Companies as part of the Annual report.

Article (7) Interpretation of this Regulation
1. 16.The Regulatory Development Division of the CBUAE shall be the sole reference for interpretation of the provisions of this Regulation, and its interpretations thereof shall be considered final.

Article (8) Enforcement and Sanctions
1. 17.Violation of any provision of this Regulation may be subject to supervisory action and sanctions as deemed appropriate by the CBUAE.

Article (9) Application and Publication
1. 18.This Regulation shall be communicated to whomsoever is concerned for implementation, and shall be published in the Official Gazette in English.

Governance, Internal Control and Shareholding

Corporate Governance Regulation for Banks
C 83/2019 Effective from 18/7/2019

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, Banks are required to have a comprehensive approach to corporate governance to ensure their resiliency and enhance overall financial stability. In particular, Banks and Groups must have robust corporate governance policies and processes covering strategy, organizational structure, control environment, risk management responsibilities and compensation of Boards and Staff.
In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approaches to corporate governance are in line with leading international practices.
This Regulation and the accompanying Standards establish the overarching prudential framework for corporate governance. Regulatory requirements for selected governance areas such as risk management, internal controls, compliance, internal audit, financial reporting, external audit and outsourcing are established in separate Central Bank Regulations and Standards.
This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where this Regulation, or its accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements that are additional to the listing provided in the relevant Article.

Objective
The objective of this Regulation is to establish the minimum acceptable standards for Banks’ approach to corporate governance, with a view to:
1. Ensuring the soundness of Banks; and
2. Contributing to financial stability and consumer protection.
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to corporate governance for Banks.
The Bank's Board is in ultimate control of the Bank and accordingly ultimately responsible for the Bank’s corporate governance. There is no one-size-fits-all or single best solution. Accordingly, each Bank could meet some elements of the minimum requirements of the Regulation and Standards in a different way; the onus is on the Board to demonstrate to the Central Bank that it has implemented a comprehensive approach to corporate governance.¹ Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards.

¹The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller Banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited therein.

Scope of Application
This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation and the Standards are adhered to on a solo and Group-wide basis.
Branches of foreign Banks licensed to operate in the UAE must adhere to this Regulation and Standards or establish equivalent arrangements so as to ensure regulatory comparability and consistency, with the exception of Article (3) of this Regulation. Branches of foreign Banks must establish local governance structures that meet the objectives of Articles (2) and (4) of this Regulation.
This Regulation and the accompanying Standards are in addition to the provisions relating to public joint stock companies in the Federal Law No. 2 of 2015 on Commercial Companies (the “Commercial Companies Law”), and the Chairman of Authority's Board of Directors' Resolution No. (7 R.M) of 2016 Concerning the Standards of Institutional Discipline and Governance of Public Shareholding Companies (“SCA Regulation”). In the event of contradiction with any provisions of the SCA Regulation, the requirements of the Central Bank’s Regulation and Standards shall prevail.

Article (1): Definitions
1. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
2. Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
3. Board: The Bank’s board of directors.
4. Central Bank: The Central Bank of the United Arab Emirates.
5. Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities.
6. Chief Executive Officer: The most senior executive appointed by the Board.
7. Conflict of Interest: A situation of actual or perceived conflict between the duty and private interests of a person, which could improperly influence the performance of his/her duties and responsibilities.
8. Control Functions: The Bank’s functions that have a responsibility independent from management to provide objective assessment, reporting and/or assurance; this includes the risk management function, the compliance function and the internal audit function.
9. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the Board of directors, or the decisions made by the Board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence.
10. Corporate Governance: The set of relationships between the Bank’s management, Board, shareholders and other stakeholders which provides the structure through which the objectives of the Bank are set, and the means of attaining those objectives and monitoring performance. It helps define the way authority and responsibility are allocated and how corporate decisions are made.
11. Duty of Care: The duty to decide and act on an informed and prudent basis with respect to the Bank. Often interpreted as requiring Members of the Board to approach the affairs of the Bank the same way that a “prudent person” would approach his/her own affairs.
12. Duty of Confidentiality: The duty to observe confidentiality applies to all information of a confidential nature with which a Member of the Board is entrusted by the Bank or which is brought to his or her attention during or at any time after the carrying out of his/her assignment
13. Duty of Loyalty: The duty to act in the good faith in the interest of the Bank. The duty of loyalty should prevent individual Members of the Board from acting in their own interest, or the interest of another individual or group, at the expense of the Bank and shareholders.
14. First-Degree Relatives: The individual’s parents, siblings and children.
15. Fit and Proper Process: The evaluation of a Bank’s proposed members of the Board and Senior Management as to expertise and integrity. The specific fit and proper criteria are listed in article 2.13 of the Standards.
16. Government:The UAE Federal Government or one of the governments of the member Emirates of the Union.
17. Group: A group of entities which includes an entity (the ‘first entity’) and:
  1. any Controlling Shareholder of the first entity;
  2. any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
  3. any Affiliate, joint venture, sister company and other member of the Group.
18. Higher Shari`ah Authority: The Higher Shari`ah Authority that was established at the Central Bank by the Cabinet Resolution no. (102/ 1/ و5) 2016.
19. Independent Member of the Board: A Member of the Board who has no relationship with the Bank or Group that could lead to benefit which may affect his/her decisions. He/she must not be under any other undue influence, internal or external, ownership or control, which would impede the Member’s exercise of objective judgment. The Independent Member of the Board forfeits his/her independence in the cases specified in Article 3.4 of the Standards.
20. Islamic Financial Services: Shari`ah compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products.
21. Material Risk Takers: Staff whose work is deemed to have a significant impact on the overall risk profile of the Bank or the Group.
22. Non-Executive Member of the Board: A Member of the Board who does not have any management responsibilities within the Bank, and may or may not qualify as an Independent Member of the Board.
23. Pillar 3: Pillar 3 disclosure requirements – consolidated and enhanced framework issued by the Basel Committee on Banking Supervision in March 2017 and any subsequent revisions.
24. Public Joint Stock Company: A Public Joint Stock Company is a company whose capital is divided into equal and negotiable shares. The founders shall subscribe to part of such shares while the other shares are to be offered to the public under a public subscription. A shareholder shall be liable only to the extent of his share in the capital of the company, as per the Federal Law No. (2) of 2015 on Commercial Companies.
25. Regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
26. Related Parties: The Group and its Controlling Shareholder’s Members of the Board and Senior Management (and their First-Degree Relatives) and persons with control, joint control or significant influence over the Bank (and their First-Degree Relatives).
27. Related Party Transactions: Include on-balance sheet and off-balance sheet credit exposures and claims as well as dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. The term transaction incorporates not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a Bank has an existing exposure) subsequently becomes a related party; disclosures must reflect all related party events and transactions for the financial period.
28. Risk Appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
29. Risk Governance Framework: As part of the overall approach to corporate governance, the framework through which the Board and Senior Management establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risks limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
30. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the Chief Executive Officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
31. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or under full control of that entity regarding the appointment of the Board of directors.
32. Staff: All the persons working for a Bank including the members of Senior Management, except for the Members of its Board.

Article (2): Responsibilities of the Board
1. Members of the Board must act with integrity, exercising their Duty of Care, Duty of Confidentiality and Duty of Loyalty. They are responsible for ensuring effective control over the Bank’s entire business.
2. Members of the Board must ensure that a Bank and, if applicable, Group has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. In the case of offering Islamic financial services, a Bank must fully comply with Shari`ah rules and establish a sound and effective Shari`ah governance framework with the key mechanisms and functionalities to ensure effective and independent Shari`ah oversight, as per the requirements set out by the Central Bank and the Higher Shari`ah Authority.
3. Members of the Board are responsible for approving and overseeing implementation of the Bank’s Risk Governance Framework and the alignment of its strategic objectives with its Risk Appetite.
4. Members of the Board are responsible for establishing and communicating corporate culture and values through measures including, but not limited to, a written code of conduct, a conflict of interest policy, a whistleblowing policy mechanism, an insider trading policy and a strong internal control environment.
5. Members of the Board are responsible for the organizational structure of the Bank and the Group, if applicable, including executing the key responsibilities of the Board and specifying the key responsibilities and authorities of its committees and Senior Management.
6. Members of the Board are responsible for overseeing Senior Management, ensuring that the Bank’s activities are carried out in a manner consistent with the business strategy, Risk Governance Framework, compensation and other policies approved by the Board.
7. Members of the Board are responsible for establishing a Fit and Proper Process for the selection of Senior Management, including the heads of the risk management, compliance and internal audit functions, and the maintenance of succession plans for Senior Management.

Article (3): Board Composition & Qualifications
1. A Bank’s Board must be sufficiently diverse in its composition. Collectively, the Board must have knowledge of all significant businesses of the Bank, and if applicable, Group. The Board must have an appropriate balance of skills, diversity and expertise commensurate with the size, complexity and risk profile of the Bank, and if applicable, Group.
2. A Bank’s Board must be comprised of at least seven (7) members and a maximum of eleven (11) members, each with a maximum three (3) year renewable term of membership. All Members of the Board must be Non-Executive, of which at least one third (1/3) must be Independent members. The chair may be a Non-Executive Member of the Board or an Independent Member of the Board. The Board should not contain any executive members with management responsibilities in the Bank.
3. The chair and the majority of the Members of the Board must be UAE nationals.
4. The Board may not delegate to the chair all the powers of the Board in an absolute manner.
5. The maximum tenure as an Independent Member of the Board in the same Bank is twelve (12) consecutive years from the date of his/her appointment. At the expiration of the tenure, the Member is no longer regarded as Independent.
6. A Member of the Board may hold memberships in the boards of up to five (5) Public Joint Stock Companies (PJSCs) in the UAE. This is also applicable to PJSCs inside the banking Group. The Member of the Board may hold memberships in the Board of only one (1) Bank in the UAE and up to four (4) Banks outside the UAE. The Member of the Board must obtain permission from the Bank’s Board before accepting nomination to serve on another Board and no conflict of interest must be present. The provisions of this article shall apply equally to persons appointed by a Government shareholder.
7. If the Government owns 5% or more of the Bank’s capital, it may appoint persons to represent it on the Board with the same proportion to the number of Members of the Board with minimum one (1) person. A Government-owned Bank’s Board composition must allow the exercise of objective and independent judgment.
8. A Board must have a clear and rigorous process for identifying and selecting all the candidates for the Board of the Bank, and if applicable, Group. This must include a Fit and Proper Process. At least twenty per cent (20%) of candidates for consideration for the Board’s membership must be female.
9. The no-objection of the Central Bank must be obtained prior to the appointment, nomination or renewal of any person for membership of the Board. In all cases, a Bank must immediately notify the Central Bank if it becomes aware of any material information that may negatively affect the fitness and probity of a Member of the Board. The no-objection of the Central Bank must be obtained prior to the removal of a Member of the Board during his/her term of membership.

Article (4): Board Structure & Committees
1. The chair of the Board is responsible for the overall effective functioning of the Board and its committees.
2. The Board must meet at least six (6) times a year. The Bank must appoint a secretary to the Board of Directors who is not a Member of the Board. The Board and its committees must maintain appropriate minutes, which reflect details of issues discussed, recommendations made, decisions taken and dissenting opinions.
3. The Board and its committees may invite members of the Bank’s Staff and external experts to attend meetings as deemed appropriate. Staff of the Central Bank may attend meetings of the Board and/or its committees and have access to their minutes.
4. The Board may delegate specific authority, but not its responsibilities, to specialized Board committees. Each committee created by the Board must have a charter or other instrument that sets out its membership, mandate, scope, working procedures and means of accountability to the Board. The committees must have access to external expert advice where needed to ensure a collective balance of skills and expert knowledge commensurate with the complexity of the Bank and the duties to be performed.
5. The Board structure must include committees with responsibilities for audit, risk, nomination and compensation. The Board may also establish other specialized committees (e.g. ethics, assets and liabilities, etc).
6. The audit and risk committees must not be merged with any other Board committees. Both committees’ chairs must be must be Independent Members of the Board, who are distinct from the chair of the Board and the chairs of other committees. The audit committee must be made up of Independent or Non-Executive Members of the Board and include Members who collectively have experience in audit practices, financial reporting and accounting. The risk committee must be made up of a majority of Independent Members of the Board and include Members who collectively have experience in risk management issues and practices.
7. Banks may merge the nomination and compensation committees. Their chairs and members may be Non-Executive or Independent Members of the Board.
8. The Board must carry out annual assessments, alone or with the assistance of external experts, of the Board as a whole, its committees, and individual members.
9. The Board must establish and periodically update its by-laws, procedural rules or other similar documents setting out its organization, responsibilities and key activities.

Article (5): Senior Management
1. A Bank must have a clearly defined organization structure and decision-making process with authorities delegated by the Board to Senior Management.
2. Under the direction and oversight of the Board, Senior Management must carry out and manage the Bank’s activities in a manner consistent with the business strategy, risk appetite, compensation and other policies approved by the Board.
3. Senior Management must provide the Board with the information it requires to carry out its responsibilities, including the supervision and assessment of the performance of Senior Management.
4. A Board must have a clear and rigorous process for identifying and selecting candidates for the Senior Management of the Bank, and if applicable, Group. This must include a Fit and Proper Process.
5. A member of Senior Management may not hold a Staff position in any other entity, neither inside nor outside the banking Group. A member of Senior Management may hold memberships in the boards of up to two (2) non-Bank entities outside the banking Group. In addition, the member of Senior Management, with the exception of Chief Risk Officers and Heads of the compliance and internal audit functions, may hold memberships in the boards of entities inside the banking Group. The member of Senior Management must obtain permission from the Board before accepting nomination to serve on a board in any other entity and no conflict of interest must be present.
6. The no-objection of the Central Bank must be obtained prior to the appointment or renewal of employment contract of any member of Senior Management. In all cases, a Bank must immediately notify the Central Bank if it becomes aware of any material information that may negatively affect the fitness and probity of a member of Senior Management.

Article (6): Transactions with Related Parties
1. A Bank must enter into any transactions with Related Parties on an arm’s length basis, monitor these transactions, and take appropriate steps to control or mitigate the risks and write off exposures to Related Parties in accordance with standard policies and processes.
2. The Central Bank may set, on a general or case-by-case basis, limits for exposures to Related Parties, deduct such exposures from capital when assessing capital adequacy, or require collateralization of such exposures.
3. A Bank may extend credit facilities to members of the Board, Staff, and relatives of such persons as determined by the Central Bank in its Regulations as amended from time to time. Credit facilities extended to Staff and their Relatives must be approved by the Board or one of its committees. Credit facilities extended to a Member of their Board must be approved by the whole Board. In all cases, a Member of the Board must abstain from voting on the approval of the credit facilities where he/she may have a related conflict of interest.

Article (7): Group Structure
1. The members of the Board, for which the Central Bank is the primary regulator, having Group relationships including subsidiaries, affiliates, or international branches, are responsible for the Group. This includes the establishment and operation of a clear governance framework appropriate to the structure, business and risks of the parent Bank and all its related entities.
2. The Board must exercise adequate oversight over the Group while respecting the independent legal and governance responsibilities that might apply to the individual entities. The Board and Senior Management must understand the Group organizational structures, both at the legal entity and business line, and the risks posed.

Article (8): Risk Management
A Bank must have an appropriate Risk Governance Framework that provides a Bank-wide, and if applicable, Group-wide view of all material risks. This includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report, and control or mitigate material sources of risk on a timely basis. The Bank’s risk management function must be independent of the management and decision-making of the Bank’s risk-taking functions and have a direct reporting line to the Board or the Board risk committee. Governance requirements for Risk Management are contained in separate Regulations and Standards issued by the Central Bank.

Article (9): Internal Control, Compliance & Internal Audit
A Bank must have strong internal control frameworks and establish permanent, independent and effective compliance and internal audit functions. The Bank’s compliance function must have primary reporting obligations to the Chief Executive Officer and a right of direct access to the Board or the Board audit committee and/or Board risk committee. The Bank’s internal audit function must report to the Board or the Board audit committee. Governance requirements for internal control, compliance and internal audit are contained in a separate Regulation and Standards issued by the Central Bank.

Article (10): Financial Reporting & External Audit
A Bank must maintain appropriate records, prepare financial statements in accordance with the International Financial Reporting Standards (IFRS) and the instructions of the Central Bank, and publish annual financial statements bearing the opinion of an external auditor approved by the Central Bank. Governance requirements for financial reporting and external audit are contained in a separate Regulation and Standards issued by the Central Bank.

Article (11): Outsourcing
A Bank must establish appropriate policies and processes to assess, manage and monitor outsourced activities. Any outsourcing arrangements entered into by a Bank must be subject to appropriate due diligence, approval and ongoing monitoring in order to identify and mitigate risks inherent to outsourcing. Governance requirements for outsourcing are contained in a separate Regulation and Standards issued by the Central Bank.

Article (12): Compensation
1. A Bank must have a Board-approved compensation system that supports sound corporate governance and risk management, including appropriate incentives aligned with prudent risk-taking. Performance standards must be consistent with the long-term sustainability and financial soundness of the Bank.
2. The Board together with its compensation committee must approve the compensation of Senior Management and oversee the development and operation of compensation policies, systems and related control processes.
3. Compensation outcomes must be symmetric with risk outcomes. Compensation payout schedules must be sensitive to the time horizon of risks through arrangements that defer a sufficiently large portion of the compensation until risk outcomes become better known. The compensation framework must provide for mechanisms to adjust variable compensation, including through inyear adjustment, and malus or clawback arrangements, which can reduce variable compensation after it is awarded or paid.
4. Members of the Board must be compensated only with fixed compensation comprising the payment of an annual fixed amount and the reimbursement of directly related costs to the discharge of their responsibilities. Bonus or any incentive-based mechanisms based on the performance of the Bank must be excluded.
5. The compensation of Staff in the control functions of risk management, compliance and internal audit must be predominantly fixed to reflect the nature of their responsibilities and determined independently of the performance of the Bank. The variable compensation must be based on performance targets related to their functions and independent of the lines of business they monitor and control.
6. For Senior Management and Material Risk Takers, a proportion of the total compensation must be performance-based. Provisions must be included so that compensation can be reduced or reversed based on realized risks and violations of laws, Regulations, codes of conduct or other policies, before compensation vests.
7. The annual individual bonus for Senior Management and Material Risk Takers must not exceed 100% of the fixed proportion of his/her total compensation. A higher bonus of up to 150% would require approval by the Board. A bonus up to 200% would require approval by the General Assembly of the Bank.
8. The annual total bonus for all Staff must not exceed 5% of the Bank’s net profit. A higher bonus would require approval by the General Assembly of the Bank before disbursement, along with an attestation signed by all Members of the Board that the Bank is in compliance with all the Regulations issued by the Central Bank.

Article (13): Disclosure & Transparency
1. The Bank’s corporate governance policies and processes must ensure that timely and accurate disclosure is made on all material matters regarding the Bank, including the financial situation, performance, ownership, and governance of the Bank.
2. A Bank must publish an annual corporate governance-specific and comprehensive statement in a clearly identifiable section of its annual report. More frequent disclosure of corporate governance matters is encouraged.
3. A Bank must include in their corporate governance statement clear, comprehensive and timely information about their compensation practices to facilitate constructive engagement by all stakeholders. In particular, Banks must comply with the relating Pillar 3 disclosure requirements.
4. A Bank must include in their corporate governance statement details of transactions with related parties during the reporting period and the aggregate amount of all related party exposures at the end of the reporting period.
5. A Bank must include in their corporate governance statement an attestation signed by the chair of the Board (or in the case of a branch of a foreign Bank the Senior Management committee or equivalent), confirming that all internal policies required to ensure compliance with the Central Bank’s Regulations and Standards on corporate governance, risk management, internal controls, compliance, internal audit, financial reporting, external audit and outsourcing have been implemented and reviewed for adequacy by the Board within the last year. Otherwise, the attestation must specify those requirements not met and the date by which the Bank intends to comply fully.

Article (14): Islamic Banking
1. A Bank offering Islamic financial services must ensure that its corporate governance framework adequately provides for:
  1. Internal Shari`ah review and Shari`ah governance reporting to ensure compliance with Shari`ah rules;
  2. The role of the internal Shari`ah control committee in the governance of the Bank;
  3. The rights of investment account holders and the processes and controls for protecting their rights in line with the general terms and conditions for accounts and Islamic financial services; and
  4. Transparency of financial reporting in respect of investment accounts.
2. A Bank offering Islamic financial services must ensure compliance with any direction or guidance issued by the Higher Shari`ah Authority with respect to its Shari`ah governance framework.
3. A Bank offering Islamic financial services must immediately notify the Central Bank if it becomes aware of any material information that may negatively affect the fitness and probity or independence of an internal Shari`ah control committee member.

Article (15): Enforcement & Sanctions
1. Violation of any provision of this Regulation and the accompanying Standards may be subject to supervisory action and sanctions as deemed appropriate by the Central Bank.
2. Without prejudice to the provisions of the Central Bank Law, supervisory action and sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of Senior Management or Members of the Board, providing for the interim management of the Bank, or barring individuals from the UAE banking sector.

Article (16): Interpretation of Regulation
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article (17): Cancellation of Previous Notices
1. This Regulation and the accompanying Standards repeal and replace the following previous Central Bank Circulars and Notices:
  1. Notice No 2203/2011 dated 5 April 2011, Membership of Board of Directors of Banks;
  2. Circular No 23/00 dated 22 July 2000, Required Administrative Structure in Banks; and
  3. Circular No 10/92 dated 24 November 1992, Senior Management Positions.

Article (18): Publication & Application
1. This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.
2. A Bank must comply fully with the provisions of this Regulation and the accompanying Standards within 3 years from the date of its coming into effect.

Corporate Governance Standards for Banks

Introduction
1. These Standards form part of the Corporate Governance Regulation (Circular No. 83/2019). All Banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.
2. The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.

1. Definitions
1. 1. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
2. 2. Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
3. 3. Board: The Bank’s board of directors.
4. 4. Central Bank: The Central Bank of the United Arab Emirates.
5. 5. Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities.
6. 6. Chief Executive Officer: The most senior executive appointed by the Board.
7. 7. Conflict of Interest: A situation of actual or perceived conflict between the duty and private or other interests of a person, which could improperly influence the performance of his/her duties and responsibilities.
8. 8. Control Functions: The Bank’s functions that have a responsibility independent from management to provide objective assessment, reporting and/or assurance; this includes the risk management function, the compliance function and the internal audit function.
9. 9. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the Board of directors, or the decisions made by the Board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence.
10. 10. Corporate Governance: The set of relationships between the Bank’s management, Board, shareholders and other stakeholders which provides the structure through which the objectives of the Bank are set, and the means of attaining those objectives and monitoring performance. It helps define the way authority and responsibility are allocated and how corporate decisions are made.
11. 11. Duty of Care: The duty to decide and act on an informed and prudent basis with respect to the Bank. Often interpreted as requiring Members of the Board to approach the affairs of the Bank the same way that a “prudent person” would approach his/her own affairs.
12. 12. Duty of Confidentiality: The duty to observe confidentiality applies to all information of a confidential nature with which a Member of the Board is entrusted by the Bank or which is brought to his or her attention during or at any time after the carrying out of his/her assignment.
13. 13. Duty of Loyalty: The duty to act in the good faith in the interest of the Bank. The duty of loyalty should prevent individual Members of the Board from acting in their own interest, or the interest of another individual or group, at the expense of the Bank and shareholders.
14. 14. First-Degree Relatives: The individual’s parents, siblings and children.
15. 15. Fit and Proper Process: The evaluation of a Bank’s proposed members of the Board and Senior Management as to expertise and integrity. The specific fit and proper criteria are listed in article 2.13 of the Standards.
16. 16. Government: The UAE Federal Government or one of the governments of the member Emirates of the Union.
17. 17. Group: A group of entities which includes an entity (the ‘first entity’) and:
  1. a. any Controlling Shareholder of the first entity;
  2. b. any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
  3. c. any Affiliate, joint venture, sister company and other member of the Group.
18. 18. Higher Shari`ah Authority: The Higher Shari`ah Authority that was established at the Central Bank by the Cabinet Resolution no. (102/ 1/ و 5) 2016.
19. 19. Independent Member of the Board: A Member of the Board who has no relationship with the Bank or Group that could lead to benefit which may affect his/her decisions. He/she must not be under any other undue influence, internal or external, ownership or control, which would impede the Member’s exercise of objective judgment. The Independent Member of the Board forfeits his/her independence in the cases specified in Article 3.4 of the Standards.
20. 20. Islamic Financial Services: Shari`ah compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products.
21. 21. Material Risk Takers: Staff whose work is deemed to have a significant impact on the overall risk profile of the Bank or the Group.
22. 22. Non-Executive Member of the Board: A Member of the Board who does not have any management responsibilities within the Bank, and may or may not qualify as an Independent Member of the Board.
23. 23. Pillar 3: Pillar 3 disclosure requirements – consolidated and enhanced framework issued by the Basel Committee on Banking Supervision in March 2017 and any subsequent revisions.
24. 24. Regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
25. 25. Related Parties: The Group and its Controlling Shareholder’s Members of the Board and Senior Management (and their First-Degree Relatives) and persons with control, joint control or significant influence over the Bank (and their First-Degree Relatives).
26. 26. Related Party Transactions: Include on-balance sheet and off-balance sheet credit exposures and claims as well as dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. The term transaction incorporates not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a Bank has an existing exposure) subsequently becomes a Related Party; disclosures must reflect all related party events and transactions for the financial period.
27. 27. Relatives: The individual’s father, mother, brother, sister, children, spouse, father-in-law, mother-in-law, and children of the spouse.
28. 29. Risk Appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
29. 30. Risk Limits: Specific quantitative measures that must not be exceeded based on, for example, forward looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations or other measures as appropriate.
30. 31. Risk Governance Framework: As part of the overall approach to corporate governance, the framework through which the Board and Senior Management establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risks limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
31. 32. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the Chief Executive Officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
32. 33. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or under full control of that entity regarding the appointment of the Board of directors.
33. 34. Staff: All the persons working for a Bank including the members of Senior Management, except for the Members of its Board.

2. Responsibilities of the Board
1. The Board must act in the best interests of its various stakeholders while meeting regulatory expectations. Treating customers fairly must be an integral part of all Banks’ good governance and corporate culture.
2. Members of the Board are responsible for the overall interests of the Bank. This applies to Members of the Board representing or appointed by an individual shareholder or group of shareholders. The Duty of Loyalty precludes individual Members of the Board acting in their own interest, or the interest of another individual or group, at the expense of the Bank, its depositors or shareholders. Depositors’ interests take precedence over shareholders’ interests.
3. The Members of the Board shall exercise their Duty of Care, Duty of Confidentiality and Duty of Loyalty to the Bank when carrying out their activities, which include, but are not limited to:
1. a. Actively engaging in the affairs of the Bank to ensure strategy and policies are implemented as designed as well as acting in a timely manner to protect the long-term interests of the Bank;
2. b. Overseeing the development of and approving the Bank’s business objectives and strategy, and monitoring their implementation;
3. c. Playing a lead role in establishing the Bank’s corporate culture and values;
4. d. Overseeing implementation of the Bank’s governance framework and periodically reviewing it to ensure that it remains appropriate in the light of material changes to the Bank’s size, complexity, business strategy, markets and regulatory requirements;
5. e. Establishing the Bank’s Risk Appetite, taking into account the competitive and regulatory landscape and the Bank’s long-term interests, risk exposures and ability to manage risk effectively;
6. f. Overseeing the Bank’s adherence to its Risk Appetite and Risk Limits;
7. g. Approving and overseeing the implementation of key policies including, but not limited to, credit, liquidity and the internal capital adequacy assessment process;
8. h. Approving the annual financial statements and requiring periodic independent review of critical areas of the business and internal controls;
9. i. Approving the selection of and overseeing the performance of Senior Management;
10. j. Overseeing the Bank’s approach to Board and Staff compensation, including monitoring and reviewing executive compensation and assessing whether it is aligned with the Bank’s culture and Risk Appetite; and
11. k. In the case of a Bank offering Islamic financial services, fully complying with Islamic Shari`ah rules and establishing a sound and effective Shari`ah governance framework with the key mechanisms and functionalities to ensure effective and independent Shari`ah oversight, as per the requirements set by the Central Bank and the Higher Shari`ah Authority.
4. The Members of the Board are responsible for the implementation of an effective risk management culture and internal control framework across the Bank and the Group. In order to promote a sound corporate culture, Members of the Board must establish the “tone from the top” by:
1. a. Setting and adhering to corporate values that create expectations that all business must be conducted in a legal and ethical manner, and overseeing the adherence to such values by Staff;
2. b. Promoting risk awareness within a strong risk culture, and setting the expectation that all Staff are responsible for ensuring the Bank operates within the established Risk Governance Framework, Risk Appetite and Risk Limits;
3. c. Ensuring that appropriate steps have been taken to communicate throughout the Bank the corporate values, professional standards and codes of conduct approved by the Board together with supporting policies; and
4. d. Ensuring that Staff are aware that appropriate disciplinary or other actions will follow unacceptable behaviors and transgressions.
5. The Board approved Risk Governance Framework must incorporate a “three lines of defence” approach including Senior Management of the business lines, the functions of risk management and compliance, and an independent and effective internal audit function. In the case of a Bank providing Islamic financial services, an independent and effective internal Shari`ah audit function reporting to the internal Shari`ah control committee must be in place.
6. The Risk Governance Framework may vary with the specific circumstances of the Bank, particularly its risk profile, size, business mix and complexity. Banks must incorporate the minimum requirements specified in the separate Regulations and Standards issued by the Central Bank on 1) Risk Management, 2) Internal Control, Compliance and Internal Audit and 3) Outsourcing into their Risk Governance Framework.
7. A Bank must have a written code of conduct that defines acceptable and unacceptable behaviors. It must explicitly prohibit illegal activity including fraud, breach of sanctions, money-laundering, anti-competitive practices, bribery and corruption, and the violation of consumer rights. It must make clear that Staff are expected to conduct themselves ethically and perform their jobs with skill, due care and diligence in addition to complying with laws, regulations and Bank policies.
8. The Bank’s corporate culture must recognize the critical importance of timely and frank discussion and escalation of problems to higher levels. Staff must be encouraged and must be able to communicate legitimate concerns about illegal, unethical or questionable practices confidentially and without the risk of reprisal.
9. The Board must oversee a whistleblowing policy mechanism and ensure that Senior Management appropriately addresses legitimate issues flagged through the whistleblowing mechanism. The Board is responsible for ensuring that Staff who raise concerns are protected from detrimental treatment or reprisals. The Board must oversee and approve how and by whom legitimate matters are investigated and addressed by an objective internal or external body, Senior Management, and/or by the Board itself.
10. The Board must have a formal written Conflict of Interest policy for its members. The policy must include, but is not limited to:
1. a. A Member of the Board’s duty to avoid, to the extent possible, activities that could create conflicts of interests or the appearance of conflicts of interests;
2. b. Examples of how conflicts can arise where serving as a Member of the Board;
3. c. A process for management of conflicts of interests by the Board or an ethics committee where one exists;
4. d. A review and approval process for Members of the Board before they engage in specific activities, such as serving on another Board, to ensure that such activities will not create a conflict of interest;
5. e. A process to prevent members from holding directorships in competing institutions;
6. f. A Member of the Board’s duty to promptly disclose any matter that may result, or has already resulted, in a conflict of interest;
7. g. A Member of the Board’s responsibility to abstain from voting on any matter where the Member of the Board may have a conflict of interest or where the Member of the Board’s objectivity or ability to properly fulfil duties to the Bank may be otherwise compromised;
8. h. Procedures to ensure that transactions with related parties are undertaken on arm’s length basis; and
9. i. The way the Board will deal with non-compliance with the Conflict of Interest policy.
11. The Board must provide oversight of Senior Management. It must hold members of Senior Management accountable for their actions and enumerate the consequences if those actions are not aligned with the Board’s expectations. This includes adhering to the Bank’s values, Risk Appetite and risk culture. Oversight by the Board should include, but is not limited to:
1. a. Monitoring Senior Management’s actions to ensure that they are consistent with the strategic objectives and policies approved by the Board and are aligned with its Risk Appetite;
2. b. Meeting regularly with Senior Management;
3. c. Critically reviewing and challenging explanations and information provided by Senior Management;
4. d. Setting appropriate performance and compensation standards for Senior Management consistent with the long-term strategic objectives and the financial soundness of the Bank;
5. e. Assessing whether Senior Management’s collective knowledge and expertise remain appropriate given the nature of the business and the Bank’s risk profile; and
6. f. Actively engaging in succession planning for the Chief Executive Officer and ensuring that appropriate succession plans are in place for Senior Management positions.
12. Senior Management must implement, consistent with the direction given by the Board, systems, processes and controls for managing the risks to which the Bank is exposed and for complying with laws, regulations and internal policies. This includes comprehensive and independent risk management, compliance and audit functions, as well as an effective overall system of internal controls.
13. The nomination committee must lead the process for identifying, assessing and selecting candidates for the Board and Senior Management. Fit and proper criteria must ensure that candidates:
1. a. Possess the necessary knowledge, skills, and experience;
2. b. Have a record of integrity and good repute;
3. c. Have sufficient time to fully discharge their responsibilities;
4. d. Provide for a collective suitability and added value to the Board;
5. e. Do not have any conflict of financial and non-financial interests; and
6. f. Have a record of financial soundness.
Before providing the no-objection for nominations, appointments or renewals, the Central Bank will conduct additional interview and/or background checks to ensure the fitness and probity of the candidates, including their ability to manage the time commitments required for their role in the Bank, and confirm the accuracy and completeness of the information and documentation provided by the Banks.
14. Branches of foreign Banks must establish local governance structures, such as a Senior Management committee or equivalent, that fulfill the responsibilities of a Board required by this Corporate Governance Regulation and Standards. Branches must ensure their Control Functions are operating effectively. Branches must establish Control Functions that are robust, report to the local management structures and are accountable to the Group’s heads of Control Functions. The local management structure of the branch must take steps as are necessary to help the branch meet its own corporate governance responsibilities in line with the Regulation. It is the responsibility of the local management structures to ensure that local legal and regulatory requirements are implemented and, where appropriate, make adjustments where the Group conflicts with a provision of this Regulation.

3. Board Composition and Qualifications
1. A Bank’s Board must be comprised of individuals with a balance of skills, diversity and expertise who collectively possess qualifications commensurate with the size, complexity and risk profile of the Bank. In assessing its collective suitability, the factors a Board should take into account include, but are not limited to:
1. a. Whether Members of the Board have a range of knowledge and experience in relevant areas and varied backgrounds to promote diversity of views;
2. b. Relevant individual areas of competence which may include, but are not limited to, capital markets, financial analysis, financial stability, financial reporting, information technology, strategic planning, risk management, compensation, regulation, corporate governance, management, accounting, audit and Shari`ah rules and principles in case of a Bank providing Islamic financial services;
3. c. Whether the Board collectively has a good understanding of local, regional and global economic and market forces and of the legal and regulatory environments applicable to the Bank’s operations; and
4. d. Whether individual Members of the Board can contribute to effective communication, collaboration and critical debate in the meetings of the Board and its committees.
2. The nomination committee must establish a policy to require at least 20% of candidates for consideration for the Board to be female. Information on the policy and actual figures of female candidates’ consideration and representation on the Board must be disclosed in the Bank’s annual corporate governance statement.
3. Members of the Board, individually and collectively, must be and remain qualified for their positions. Members of the Board must understand their oversight and corporate governance role and be able to exercise sound, objective judgement about the affairs of the Bank. Members of the Board must not have any conflict of interest that may impede their ability to perform duties independently and objectively, or be subject to any undue influence from:
1. a. Other persons/business;
2. b. Previous or current positions held; or
3. c. Personal, professional or other economic relationships with other Members of the Board or Senior Management, or
4. d. Other entities within the Group.
4. A Member of the Board shall lose his/her independence in the following cases:
1. a. If his/her tenure as an independent Member of the Board in the same Bank exceeds twelve (12) consecutive years from the date of his or her appointment. This provision applies equally to persons appointed by a Government shareholder;
2. b. If he/she, or any of his/her first-degree relatives, has worked as Staff of the Bank or its Subsidiaries during the past two (2) years;
3. c. If he/she has worked for, or is a partner, in a company that performs consulting works for the Bank or its Group or he/she has acted in such capacity during the past two (2) years;
4. d. If he/she has had any personal services contracts with the Bank or its Group during the past two (2) years;
5. e. If he/she has been affiliated with any non-profit organization that receives significant funding from the Bank or its Group;
6. f. If he/she, or any of his/her first-degree relatives, has been a partner or employee of the Bank’s auditor during the past two (2) years;
7. g. If he/she, or any of his/her first-degree relatives, has or had a direct or indirect interest in the contracts and projects of the Bank or its Subsidiaries during the last two (2) years, and the total of such transactions exceeds the lower of 5% of the Bank’s paid capital or of the amount of five million Dirhams or its equivalent amount in a foreign currency, unless such relationship is part of the nature of the Bank’s business and involves no preferential terms; and
8. h. If he/she and/or any of his/her first-degree relatives (individually or collectively) own directly or indirectly 10% or more of the Bank’s capital or is a representative of a shareholder who owns directly or indirectly more than 10% of Banks’ capital.
The provisions in items b to h above do not apply to Members of the Board appointed by a Government shareholder.
5. All nominated members for the Board must have sufficient competence, knowledge and experience to effectively carry out their duties and be subject to the Fit and Proper Process.
6. An ex-ante review and approval process must be completed before a Member of the Board accepts nomination to serve on another Board as permitted by this Regulation so as to ensure that the activity will not create a Conflict of Interest. In addition, each Member of the Board must confirm annually that he/she has sufficient time available to manage the time commitments required from the role in the Bank.

4. Board Structure and Committees
1. The chair of the Board must provide leadership to the Board and is responsible for its overall effectiveness. The chair must ensure that Board decisions are taken on a sound and well-informed basis, encourage and promote critical discussion and ensure that dissenting views can be freely expressed during the decision-making process. The chair must:
1. a. Ensure that the Board acts efficiently, fulfils its responsibilities and discusses all issues on a timely basis;
2. b. Approve the agenda of each Board meeting, ensuring that the content, organization, quality of documentation and time allocated to each topic allows for sufficient discussion and decision making;
3. c. Encourage all Members of the Board to fully and efficiently participate in the Board meetings in order to ensure that the Board acts in the best interests of the Bank;
4. d. Adopt suitable procedures to ensure efficient communication with the shareholders and the communication of their views to the Board;
5. e. Facilitate the effective participation of Independent Members of the Board and the development of constructive relations between individual Members; and
6. f. In the case of a Bank offering Islamic financial services, safeguard an effective independent oversight of Shari`ah compliance within the organizational framework.
2. The majority of the Members of the Board must be present in each Board and its committees’ meeting for a quorum. Attendance at meetings must be by physical presence or via audio or audio-videoconferencing subject to appropriate safeguards to preserve confidentiality and accuracy of deliberations.
3. The Board and its committees’ resolutions must be issued by the majority of votes. In the case of parity, the Chairman shall have a casting vote.
4. There must be effective communication and coordination between the audit committee and the risk committee to facilitate the exchange of information and effective coverage of all risks, including emerging risks, and any needed adjustments to the Bank’s Risk Governance Framework. The risk committee must, without prejudice to the tasks of the compensation committee, examine whether incentives provided by the remuneration system take into consideration risk, capital, liquidity and the likelihood and timing of earnings.
5. The Board must ensure that new Members of the Board participate in an appropriate induction program that must include an introduction to the strategy, structure, codes of conduct, main policies and material businesses of the Bank. In addition, the induction program must include an overview of the regulatory environment applicable to the Bank, including the requirements of the Central Bank Law, Regulations and Standards.
6. The Board must dedicate sufficient time, budget and other resources to an ongoing training and development program for the Members of the Board and draw on external expertise as needed. The Board must review annually its program for ensuring that Members of the Board acquire, maintain and enhance knowledge and skills relevant to their responsibilities.
7. The Board must structure itself in terms of effective composition, size and the use of committees so as to effectively carry out its oversight role and other responsibilities. This includes ensuring that the Board has the time and means to cover all necessary subjects in sufficient depth and have a robust discussion of issues.
8. The Board, or the Board nomination committee, must carry out at least annually an assessment of the Board as a whole, its committees, and individual members. This must include an independent assessment by an external third party at least once every five (5) years.
9. Annual assessments of the Board must include but are not limited to:
1. a. Reviewing the structure, size and composition of the Board as a whole and its committees;
2. b. Reviewing the effectiveness of Board governance procedures, determining where improvements are needed and making any necessary changes; and
3. c. Assessing the ongoing suitability of each Member of the Board, taking into account the fit and proper criteria and his/her performance on the Board.
10. Issues relating to the assessment of the performance of the Board as a whole include, but are not limited to:
1. a. Has the Board set clear performance objectives, and how well has it performed against these objectives?
2. b. Has the Board been effective in the strategy development process?
3. c. What has been the Board’s contribution to ensuring effective risk management?
4. d. Is the membership of the Board appropriate with the right mix of skills and knowledge?
5. e. Is the organizational structure and interaction between the Board and Senior Management working effectively?
6. f. How well has the Board responded to problems and challenges?
7. g. Is the Board dealing with the right issues?
8. h. Is the relationship between the Board and its committees working effectively?
9. i. Is the Board kept up to date with regulatory and market developments?
10. j. Is the Board provided with appropriate and timely information of the right depth and quality?
11. k. Are Board meetings of the right frequency and length to enable proper consideration of issues?
12. l. Is the content of the agenda appropriate for the size, nature and complexity of the Bank?
13. m. Are Board procedures adequate for effective performance?
11. Issues relating to the assessment of the performance of committees of the Board include, but are not limited to:
1. a. Does each committee have appropriate terms of reference, and how well has it performed against the terms of reference?
2. b. Does the committee keep the Board adequately informed of its work?
3. c. Is the relationship between the committee and the Board as a whole working effectively?
4. d. Is the membership of the committee appropriate with the right mix of skills and knowledge?
5. e. Is the interaction between the committee and Senior Management working effectively?
6. f. How well has the committee responded to problems and challenges?
7. g. Is the committee dealing with the right issues?
8. h. Are committee meetings of the right frequency and length to enable proper consideration of issues?
12. Issues relating to the assessment of the performance of individual Members of the Board include, but are not limited to:
1. a. Does the Member of the Board continue to meet the requirements of fitness and probity, and in the case of Independent Members of the Board, independence?
2. b. Has the Member of the Board actively contributed to the work of the Board, and if applicable, Board committees?
3. c. If newly appointed, has the Member of the Board participated in the Board’s induction program?
4. d. Has the Member of the Board participated in ongoing training on relevant issues?
5. e. Has the Member of the Board kept up to date with regulatory and market developments?
13. Branches of foreign Banks must establish local governance structures that meet the requirements of this Regulation and Standards. This includes, without limitation, the use of Senior Management committee and/or other committees to effectively carry out the oversight role and other responsibilities of the Board.

5. Senior Management
1. Senior Management is responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank. The organization, procedures and decision-making of Senior Management must be transparent and provide clarity on the role, authority and responsibility of the various positions within Senior Management.
2. Consistent with the direction given by the Board, Senior Management must implement business strategies, risk management systems, risk culture, processes and controls for managing the risks to which the Bank is exposed. This includes comprehensive and independent risk management, compliance and audit functions as well as an effective overall system of internal controls. Senior Management must recognize and respect the independent duties of the risk management, compliance and internal audit functions, and in the case of a Bank offering Islamic financial services, Shari`ah compliance and audit functions, and must not interfere with the exercise of such duties.
3. Senior Management must provide oversight of those they manage, and ensure that the Bank’s activities are consistent with the business strategy, Risk Appetite and the policies approved by the Board. Senior Management is responsible for delegating duties to Bank staff and must establish a management structure that promotes accountability and transparency throughout the Bank.
4. Senior Management must provide the Board with comprehensive and timely reporting to enable it to effectively discharge its responsibilities, including the oversight of Senior Management. Information Senior Management must regularly provide to the Board includes, but is not limited to:
1. a. Performance relative to the Bank’s strategy and Risk Appetite;
2. b. Performance against budget and other financial targets, and the financial condition of the Bank;
3. c. Breaches of Risk Limits or compliance rules categorized by frequency, scope and impact;
4. d. Internal control failures;
5. e. Legal or regulatory concerns;
6. f. Current and developing market conduct issues, including a semi-annual analysis on client complaints and inquiries;
7. g. Issues raised as a result of the Bank’s whistleblowing mechanism; and
8. h. Breaches of Shari`ah rules and principles in the case of Banks offering Islamic financial services.
5. An ex-ante review and approval process must be completed before a member of Senior Management accepts nomination to serve on a board as permitted by this Regulation so as to ensure that the activity will not create a conflict of interest. In addition, each member of Senior Management must confirm annually that he/she has sufficient time available to manage the time commitments required for their role in the Bank.

6. Transactions with Related Parties
1. Transactions with Related Parties must not be undertaken on more favorable terms (e.g. in credit assessment, tenor, interest rates, fees, amortization schedules, requirement for collateral) than corresponding transactions with non-related counterparties.
2. Banks must have policies and processes in place to identify individual exposures to and transactions with Related Parties as well as the total amount of exposures, and monitor and report on them through an independent credit review or audit process. Exceptions to policies, processes and limits must be reported to the appropriate level of the Bank’s Senior Management and, if necessary, to the Board, for timely action. Senior Management must monitor Related Party Transactions on an ongoing basis, and the Board must also provide oversight of these transactions
3. The Board must ensure that transactions with Related Parties (including internal group transactions) are reviewed to assess risk and are subject to appropriate restrictions (e.g. by requiring that such transactions be conducted on arm’s length terms) and that corporate or business resources of the Bank are not misappropriated or misapplied.
4. Transactions with Related Parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the Bank’s Board. Members of the Board with conflicts of interest must be excluded from the approval process of granting and managing related party transactions. Banks must report any breaches promptly to the Central Bank. The Central Bank may determine additional capital and/or provisioning requirements to cover any such breaches.
5. Banks must have policies and processes in place to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction.
6. Banks must maintain a register of related parties and details for each related party transaction.

7. Group Structure
1. In order to fulfil its responsibilities, the Board of the Bank as a Controlling Shareholder must ensure:
1. a. There is a corporate governance framework at Group level with clearly defined roles and responsibilities taking into account the complexity and significance of the individual entities;
2. b. There is an appropriate Group management structure and internal control framework which takes into account the material risks to which the Group and its individual entities are exposed;
3. c. The Group’s corporate governance framework includes adequate policies, processes and controls and addresses risk management across the entities;
4. d. The Group’s corporate governance framework includes appropriate processes and controls to identify and address potential intragroup conflict of interest, such as those arising from intragroup transactions;
5. e. There are Board-approved policies and clear strategies for establishing new structures and legal entities, which ensure that they are consistent with the policies and interests of the Group;
6. f. There are effective systems in place to facilitate the exchange of information among the various entities, to manage the risks of the individual entities as well as of the Group as a whole, and to ensure effective control of the Group;
7. g. There are sufficient resources to monitor the compliance of all entities with all applicable legal, regulatory and governance requirements; and
8. h. There is an effective internal audit function, and in the case of a Bank offering Islamic financial services an effective internal Shari`ah audit function, which ensures audits are being performed on all Group entities and the Group itself.
2. While the Board of the Bank as a Controlling Shareholder must conduct strategic, group-wide risk management and prescribe corporate risk profiles, the individual entities’ management and boards must have appropriate input to their local or regional application and the assessment of local risks. It is the responsibility of the individual entities’ boards, or equivalent in the case of foreign branches, to assess the compatibility of the Group policy with local legal and regulatory requirements.
3. The Board and Senior Management must take into account the financial, legal, reputational and other risks to the Bank from operating through complex or non-transparent structures. Measures to avoid or mitigate these risks include, but are not limited to:
1. a. Avoiding setting up complicated structures that lack economic substance or business purposes;
2. b. Continually maintaining and reviewing appropriate policies, procedures and processes governing the approval and maintenance of those structures or activities, including fully vetting the purpose, the associated risks and the Bank’s ability to manage those risks prior to setting up new structures and initiating associated activities;
3. c. Having a centralized process for approving the creation of new legal entities and dissolution of dormant entities based on established criteria, including the ability to monitor and fulfil each entity’s regulatory, tax, financial reporting, governance and other requirements;
4. d. Establishing adequate procedures and processes to identify and manage all material risks arising from these structures, including lack of management transparency, operational risks introduced by interconnected and complex funding structures, intragroup exposures, trapped collateral and counterparty risk, ensuring that structures are only approved if the material risks can be properly identified, assessed and managed; and
5. e. Ensuring that the activities and structure are subject to regular internal and external audit reviews and Shari`ah audit review in case of providing Islamic banking services.

8. Risk Management
Governance requirements for risk management are contained in separate Regulation and Standards issued by the Central Bank.

9. Internal Control, Compliance and Internal Audit
Governance requirements for internal control, compliance and internal audit are contained in separate Regulation and Standards issued by the Central Bank.

10. Financial Reporting and External Audit
Governance requirements for financial reporting and external audit are contained in separate Regulation and Standards issued by the Central Bank.

11. Outsourcing
Governance requirements for outsourcing are contained in separate Regulation and Standards issued by the Central Bank.

12. Compensation
1. The compensation committee is responsible for the overall oversight of management’s implementation of the compensation system for the entire Bank. In addition, the compensation committee must regularly monitor and review outcomes to assess whether the Bank-wide compensation system is creating the desired incentives for managing risk, capital and liquidity. It must have clear terms of reference, be properly constituted to exercise competent and independent judgement on the institution’s compensation policies and practices and work closely with the institution’s risk committee in the evaluation of incentives created by the compensation system. It must review the compensation plans, processes and outcomes at least annually. This must include an independent assessment by an external third party at least once every five (5) years.
2. Boards must have oversight of the compensation system for the whole institution, not just for Senior Management. The compensation structure must be in line with the strategy, Risk Appetite, objectives, values and long-term interests of the Bank. Incentives embedded within compensation structures should not incentivize Staff to take excessive risk.
3. Issues that the compensation committee of the Board must consider in overseeing the operation of Bank-wide compensation policies include, but are not limited to:
1. a. the ratio and balance between the fixed (basic salary and any routine employment allowances that are predetermined and not linked to performance) and variable components of compensation;
2. b. the nature of the duties and functions performed by the relevant Staff and their seniority within the Bank;
3. c. the assessment criteria against which performance-based components of compensation are to be awarded; and
4. d. the integrity and objectivity of the process of performance assessment against the set criteria.
4. The payment of the annual fixed amount to the Members of the Board should include a part relating to their service on the Board and another on the Board committees, with greater weighting applied to chairing committees. The payment may also include the value of other non-monetary benefits, e.g. insurance and healthcare. The contract signed by each Member of the Board must determine all the details of his/her compensation.
5. Negative financial performance or net loss reported by a Bank in a financial year should generally lead to a contraction of the Board’s total compensation. The Central Bank may impose additional reductions to the Board’s total compensation where the negative financial performance was due to non-compliance with Regulations, omission or error by the Board. In addition, a net loss reported by a Bank in a financial year is expected to lead to a contraction of the Staff bonus pool.
6. Staff in the Control Functions of risk management, compliance and internal audit and in the case of Banks offering Islamic financial services, Shari`ah compliance and audit, must be compensated in a way that makes their incentives independent of the lines of business whose risk taking they monitor and control. Instead, their performance measures and performance incentives must be based on achievement of their own objectives so as not to compromise their independence. This also applies to the compliance function staff embedded in independent support or control units.
7. If Staff in the Control Functions receives variable compensation, their total compensation must be made up of a higher proportion of fixed relative to variable compensation.
8. Banks must identify, both on a solo basis and at the Group level, the Staff who has the potential to take or commit the Bank to significant risk, including reputational and other forms, and consider the extent to which the structure of their compensation is effectively risk aligned (Material Risk Takers). The identification must be performed by means of an annual self-assessment and based primarily on control and influence over risk; i.e. Staff who receive incentive compensation and have an ability, either alone or as a member of a group, to take or influence risk that is significant to the Bank. These may include but not limited to:
1. a. Senior Management and key Staff (including but not limited to the Chief Executive Officer and other members of Senior Management who are responsible for oversight of the Bank’s key business lines and, if applicable, the Control Functions);
2. b. Staff whose duties involve the assumption of risk or the taking on of exposures on behalf of the Bank (including but not limited to proprietary traders, dealers, and loan officers);
3. c. Staff who engage in the design, sales and management of either securities or derivative products;
4. d. Staff who are incentivized to meet certain quotas or targets by payment of variable remuneration (including but not limited to those in marketing, sales and distribution functions);
5. e. Staff in the Control Functions, if applicable.
9. For Senior Management and Material Risk Takers:
1. a. a proportion of compensation must be variable and paid on the basis of individual, business-unit and Bank-wide measures that adequately measure performance;
2. b. a substantial portion of the variable compensation must be payable under deferral arrangements over at least three (3) years. These proportions should increase significantly along with the level of seniority and/or responsibility. For Senior Management and the most highly paid staff, the percentage of variable compensation that is deferred should be substantially higher;
3. c. a portion of variable compensation may be awarded in shares or equivalent ownership interests or share-linked or equivalent non-cash instruments in the case of non-listed Banks, as long as these instruments create incentives aligned with long-term value creation and the time horizons of risk. Awards in shares or share-linked instruments should be subject to an appropriate share retention policy; and
4. d. The remaining portion of the deferred compensation can be paid as cash compensation vesting gradually. In the event of negative contributions of the Bank and/or the relevant line of business in any year during the vesting period, any unvested portions should be clawed back, subject to the realised performance of the Bank and the business line.
10. Contractual payments related to a termination of employment should be examined to ensure there is a clear basis for concluding that they are aligned with long-term value creation and prudent risk-taking; prospectively, any such payments should be related to performance achieved over time and designed in a way that does not reward failure.
11. Banks are encouraged to follow the guidance provided by the Financial Stability Board in its issued Principles and Standards on Sound Compensation Practices as updated from time to time.

13. Disclosure and Transparency
1. Disclosure in the annual corporate governance statement must include, but not be limited to:
1. a. Material information on the Bank’s objectives, organizational and governance structures and policies;
2. b. Major share ownership and voting rights;
3. c. Related Party Transactions;
4. d. The recruitment approach for the selection of Members of the Board and for ensuring an appropriate diversity of skills, backgrounds and viewpoints;
5. e. Education and experience of Members of the Board and key members of Senior Management;
6. f. Type and composition of Board committees and the number of times they met;
7. g. Incentive and compensation policy including the decision-making process used to determine the Bank-wide compensation policy, the most important design characteristics of the compensation system and aggregate quantitative information on compensation;
8. h. The individual compensation of the Members of the Board and key members of Senior Management;
9. i. Information on the policy and actual figures of female candidates’ consideration and representation on the Board;
10. j. Key points concerning its risk exposures and risk management strategies without breaching necessary confidentiality;
11. k. Information on the purpose, strategies, structures, and related risks and controls of material and complex or non-transparent activities;
12. l. Forward looking statements and foreseeable risk factors; and
13. m. In the case of Banks offering Islamic financial services, Annual Shari`ah Reports on the compliance with Shari`ah rules and the resolutions of the Higher Shari`ah Authority, or any other disclosures required by the Bank or the Higher Sharia Authority.
2. Where useful, Banks may make reference to the information contained in the Financial Statements’ Notes.
3. Qualitative and quantitative disclosure requirements on remuneration to be published annually in a Bank’s Pillar 3 report must include the following information for Senior Management and Material Risk-Takers:
1. a. Description of the main elements of their remuneration system and how the system has been developed;
2. b. Fixed and Variable remuneration awarded during the financial year;
3. c. Special Payments: Guaranteed bonuses, sign-on awards and severance payments; and
4. d. Deferred remuneration.
4. Boards should approve and publicly disclose a statement providing assurance that the corporate governance arrangements of their Banks are adequate and efficient.

Standard Re. Shari'ah Governance for Islamic Financial Institutions
STA-LFI-GOV-2020 Effective from 21/4/2020

Article (1) Introduction
1.1 The Central Bank seeks to promote development of the banking activities to ensure its effectiveness and efficiency. To achieve this, financial institutions that conduct all or part of their activities and businesses in accordance with the provisions of Islamic Shari'ah (Islamic Financial Institutions "IFIs") must have in place comprehensive and effective governance frameworks to enhance the compliance with Islamic Shari'ah provisions and principles ("Islamic Shari'ah") in those institutions. to ensure their resilience, and promote general financial stability.
1.2 IFIs must have Shari'ah governance policies and mechanisms that cover all their operations and activities to ensure they are compliant with Islamic Shari'ah.
1.3 This standard is issued pursuant to the powers vested in the Central Bank under the provisions of the Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities (the Central Bank Law).
1.4 Where this standard includes a requirement to provide information, or to take certain measures, or to address certain items listed as a minimum, the Central Bank may impose requirements, which are additional to the requirements provided in the relevant article.

Article (2) Objective
2.1 The objective of this standard is to set the minimum requirements for IFIs to ensure their compliance with Islamic Shari'ah in all their objectives, activities, operations, and code of conduct.
2.2 This standard elaborates on the supervisory expectations of the Central Bank with respect to Shari'ah Governance for IFIs.

Article (3) Scope of Application
3.1 This standard applies to all IFIs. IFIs established in the UAE with Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Standard is adhered to on a solo and Group-wide basis.
3.2 This standard must be read in conjunction with the standards and resolutions issued by Higher Shari'ah Authority and notified to IFIs.

Article (4) Definitions
For the purposes of this standard, the following words and phrases shall have the meanings stated below.
1. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank or IFI, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions. The term Senior Management includes the head of Islamic banking at the licensed financial Institutions that conduct part of their activities and businesses in accordance with the provisions of Islamic Shari'ah.
2. Independence: Ensuring that the Internal Shari'ah Supervision Committee is not subject to any form of undue influence when issuing resolutions and fatwas in accordance with the Shari'ah parameters, and ensuring that the Internal Shari'ah Control Division or Section and Shari'ah Audit Division or Section are also not subject to any form of undue influence. This should be carried out to strengthen the confidence of both shareholders and stakeholders in the IFIs compliance with Islamic Shari'ah.
3. External Shari'ah Audit: An annual assessment conducted by external body to inspect and assess the IFI's compliance with Islamic Shari'ah and the level of adequacy and effectiveness of the governance of Shari'ah supervision systems.
4. Internal Shari'ah Audit: regular process to inspect and assess the IFI's compliance with Islamic Shari'ah and the level of adequacy and effectiveness of IFI's Shari'ah governance systems.
5. Compliance with Islamic Shari'ah refers to compliance with Shari'ah in accordance with :
  a. resolutions, fatwas, regulations, and standards issued by the Higher Shari'ah Authority in relation to licensed activities and businesses of IFIs ("HSA's Resolutions"), and
  b. resolutions and fatwas issued by ISSC ("ISSC") of the respective IFI, in relation to licensed activities and businesses of such institution ("the Committee's Resolutions"), provided they do not contradict HSA's Resolutions.
6. Shari'ah Supervision: monitoring of IFI's compliance with Islamic Shari'ah in all its objectives, activities, operations, and code of conduct.
7. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or under full control of that entity regarding the appointment of the Board of directors.
8. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
9. Fatwas: juristic opinions on any matter pertaining to Shari'ah issues in Islamic finance, issued by HSA or ISSC.
10. Internal Shari'ah Supervision Division (or Section): a technical division (or section) in the IFI with a mandate to support the ISSC in its duties.
11. Internal Shari'ah Supervisory Committee ("ISSC"): a body appointed by the IFI, comprised of scholars specialized in Islamic financial transactions, which independently supervises transactions, activities, and products of the IFI and ensures they are compliant with Islamic Shari'ah in all its objectives, activities, operations, and code of conduct.
12. Board: IFI's board of directors
13. Group: A group of entities which includes an entity (the 'first entity') and:
  a. any Controlling Shareholder of the first entity;
  b. any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
  c. any Affiliate, joint venture, sister company and other member of the Group.
14. Shari'ah Non-Compliance Risks: probability of financial loss or reputational damage that IFI might incur or suffer due to not complying with Islamic Shari'ah.
15. Confidential Information: information that is publicly unavailable and its disclosure is not allowed.
16. Code of Conduct: refers to the principles that are intended to govern the activities of IFI with regard to (a) protection of their customers' interest, and (b) market integrity (c) and internal work environment.
17. Islamic Financial Institutions (Institutions/IFIs): The CBUAE licensed financial Institutions that conduct all or part of their activities and businesses in accordance with the provisions of Islamic Shari'ah.
18. Higher Shari'ah Authority (HSA): is the Central Bank's Higher Shari'ah Authority for financial and banking activities.

Article (5) General Requirements for Shari'ah Governance Standard
5.1 The IFI must comply with Islamic Shari'ah in all of its goals, activities, operations and code of conduct at all times.
5.2 An IFI must have in place governance controls and mechanisms in accordance to its size and complexity of its operations to ensure compliance with Islamic Shari'ah in all of its activities, operations and code of conduct.
5.3 Branches of foreign licensed financial institutions that conduct all or part of their activities and businesses in accordance with the provisions of Islamic Shari'ah must adhere to this standard or establish equivalent arrangements to ensure regulatory comparability and consistency. The equivalent arrangement, if applicable, should include the matters related to general assembly, the Board and its Committees without contradicting the prevailing laws in the UAE. The equivalent arrangements shall be submitted to the CBUAE for approval.
5.4 The Shari'ah governance of IFIs must include the following as minimum requirements:
1. Stating the responsibility of the Board in regards to the IFI's compliance with Islamic Shari'ah, the oversight over the IFI, and establishing an adequate Shari'ah governance framework.
2. Identification of the senior management responsibilities related to the IFI's compliance with Islamic Shari'ah and for providing adequate resources for implementation of Shari'ah governance requirements to ensure that the IFI's business is carried out in compliance with Islamic Shari'ah.
3. Appointment of a qualified ISSC in accordance with the eligibility and competence requirements set out in this standard.
4. Establishment of Internal Shari'ah Control Division (or Section).
5. Establishment of Internal Shari'ah Audit division (or section).
6. Publication of the ISSC's resolutions regarding standard products, services, fees, and other basic mechanisms governing IFIs operations, including late payment fees and the commitment to donate it, or awards granted by the IFI, and other essential matters.
7. Providing training and awareness programs related to compliance with Islamic Shari'ah in the IFI, this should include all levels in the organization.
5.5 This standard must be implemented through a set of policies and procedures that outline the structure, roles, responsibilities, accountability, scope and duties of different functions, and reporting lines and communication channels between different functions with regard to the IFI's compliance with Islamic Shari'ah.
5.6 The IFI must spread awareness regarding Islamic finance and boost the culture of compliance with Islamic Shari'ah within the IFI, including workshops for the members of the Board and senior management on Islamic financial transactions and compliance with Islamic Shari'ah.

Article (6) IFI's Responsibility
The Board
1. 6.1 IFI's Board is ultimately responsible for IFI's compliance with Islamic Shari'ah. The Board is expected to be aware of Shari'ah non-compliance risk and its potential impact on the IFI. Accordingly, the Board is responsible for establishing and implementing a Shari'ah governance framework that is commensurate with the size and complexity of the operations of the IFI and its risk appetite, to ensure the IFI's compliance with Islamic Shari'ah. The Shari'ah governance framework should incorporate the three lines of defense approach comprising the business line, the support and control functions, and internal Shari'ah audit function.
2. 6.2 Members of the Board must nominate ISSC members to the general assembly for the establishment of ISSC.
3. 6.3 The Board must, in coordination with the ISSC, ensure the development, approval and implementation of internal policies related to the IFI compliance with Islamic Shari'ah.
4. 6.4 The Board must maintain effective communication with the ISSC. Meetings must be held to discuss issues pertaining to Shari'ah compliance, with at least one meeting per financial year.
5. 6.5 The Board must refer to the ISSC for all Shari'ah matters related to IFI activities, operations and code of conduct.
6. 6.6 The Board must ensure that the annual Shari'ah report issued by the ISSC is submitted to the HSA for review and approval before sharing it with shareholders at the general assembly.
Board's Risk Committee
1. 6.7 The Board's Risk Committee ("Risk Committee") must supervise and monitor management of Shari'ah non-compliance risk, and set controls in relation to this type of risk, in consultation with ISSC and through the internal Shari'ah control division or section.
2. 6.8 The Risk Committee is responsible to review and approve the establishment of framework for managing Shari'ah non-compliance risk as part of the overall risk management framework of the IFI, and must oversee its implementation by the Senior Management.
3. 6.9 The Risk Committee must ensure there is an information system that enables IFI to measure, assess and report Shari'ah non-compliance risk. Reports must be provided on a timely manner to the Board and Senior Management, in formats suitable for their use and understanding.
Board's Audit Committee
1. 6.10 The Board's Audit Committee ('Audit Committee') must:
  1. Evaluate the effectiveness of IFI's policies (approved by ISSC) designed to monitor compliance of the IFI with Islamic Shari'ah.
  2. Assess the effectiveness and adequacy of internal Shari'ah audit and its contribution in ensuring IFI's compliance with Islamic Shari'ah. The Audit Committee's responsibility includes the following:
    - - Assess the independence, effectiveness and adequacy of internal Shari'ah audit scope and programs.
    - - Review the reports prepared by the internal Shari'ah audit division or section to ensure that all necessary measures have been undertaken.
    - - Facilitate the work of the internal Shari'ah audit division or section.
    - - Hold regular meetings with the head of internal Shari'ah audit division or section twice a year, at minimum.
  3. Review the scope, results, and adequacy of the external Shari'ah audit review (if applicable). In addition, the Audit Committee's responsibility includes the following:
    - - Facilitate the work of the external Shari'ah auditor.
    - - Review the reports prepared by external Shari'ah auditor to ensure that the senior management have taken all necessary measures in this regard.
    - - Hold meetings with the external Shari'ah auditor with a minimum of one meeting per financial year.
2. 6.11 It is recommended that the Audit Committee invite a member of the ISSC to attend the meetings when discussing the internal Shari'ah audit report to ensure compliance of the IFI with the resolution of the ISSC concerning the report. The Audit Committee and the member of ISSC are not authorized to change the ISSC's resolution in this regard.
Senior Management
1. 6.12 The Senior Management must execute and manage the IFI's activities and businesses in compliance with Islamic Shari'ah.
2. 6.13 The Senior Management must report to the Board regarding IFI's compliance with Islamic Shari'ah in all of its activities, operations, policies, internal regulations, and code of conduct.
3. 6.14 The Senior Management is responsible before the Board for:
  1. submitting Shari'ah matters related to all IFI's businesses and activities, including its policies, internal regulations, code of conduct, all onshore/offshore transactions, services and products to ISSC, and should not consider approval of any of the Group's Shari'ah supervision committees (or equivalent committees) outside the country as substitution to approval of the ISSC,
  2. ensuring implementation of the ISSC's fatwas and resolutions.
4. 6.15 The Senior Management must fully disclose all relevant information required by the ISSC in a transparent, accurate and timely manner.
5. 6.16 The senior management shall provide the ISSC with financial and human resources that are commensurate with the IFI size and the nature of its business.
6. 6.17 The Senior Management must:
  - - facilitate work of internal Shari'ah audit and external Shari'ah audit,
  - - ascertain that the Shari'ah auditors are not obstructed in their work,
  - - enable Shari'ah auditors to access information or staff, from all different levels.
7. 6.18 The Senior Management is responsible to establish sufficient knowledge regarding the Compliance with Islamic Shari'ah requirements and the culture of Islamic Shari'ah compliance banking in the IFI.

Article (7) ISSC
Membership and Appointment
1. 7.1 The Board shall nominate the members of ISSC, and send the member's appointment request to HSA for approval prior to presenting its nomination to the general assembly.
2. 7.2 IFI's general assembly have the authority to appoint the ISSC members based on the Board's nomination and after HSA's approval.
3. 7.3 The composition of ISSC members in IFI should not be less than (5) five members with proper qualifications and competence (as prescribed in this standard).
  
  The CBUAE may exempt IFI from this requirement in consideration to its size and the complexity of its operations during the approval process of IFI's Shari'ah governance framework. The number of members of the ISSC shall not be less than three, in all cases.
4. 7.4 Emirati members in ISSC should not be less than one third.
5. 7.5 The membership of each member in the ISSC is subject to the following:
  1. must not exceed three ISSC memberships inside the UAE,
  2. must not exceed a total of (15) fifteen ISSC (or equivalent committees) memberships inside and outside the UAE ¹,
  3. Only one member of the IFI's ISSC may have more memberships stated in (7.5/b).
6. 7.6 The HSA may exempt UAE nationals from the clause (7.5) if necessary.
7. 7.7 If a position of ISSC member becomes vacant, at any time, and that causes lack of quorum, the Board must nominate a substitute member and shall send the appointment request to HSA for approval before presenting the same to the general assembly.
  However, if a position of ISSC member becomes vacant, at any time, and this leads to non-compliance with the clause no. 7.3 in this standard, but it does not breach the quorum, the Board may appoint a member after obtaining the HSA approval on the appointment. It is not required in this case to hold the general assembly for the appointment provided that the appointment is tabled to general assembly for final approval in its next meeting.
8. 7.8 The term of office for ISSC members shall be specified in the IFI's engagement letter with a minimum of three years, and may be renewed for a similar period.
  The engagement letter must also specify the responsibilities of the ISSC members and their remunerations. The remuneration must not be linked to the performance of the ISSC members.
9. 7.9 Membership of ISSC shall be renewed upon a recommendation from the Board. HSA shall approve the membership renewal request before presenting it to the general assembly. The renewal shall not be considered as new appointment.
Second: Eligibility and Competence
1. 7.10 Members of the ISSC must:
  1. be Muslim persons (not a company);
  2. hold a bachelor degree (as a minimum) in Islamic Shari'ah, particularly in jurisprudence of transactions, from a university that is acknowledged in Shari'ah studies, especially methodologies of jurisprudence, or have a minimum of 10 years' experience in fatwas issuance related to jurisprudence of financial transactions.
  3. have proven competence and expertise, especially in jurisprudence of financial transactions;
  4. have a strong comprehension of finance in general and Islamic finance in particular, and should have worked in the spectrum of Islamic finance and/or Shari'ah Supervision for a minimum of (10) ten years whether in direct employment or advisory level, or at least (10) ten years of post-graduation experience in teaching and scientific research related to jurisprudence of financial transactions;
  5. have good knowledge of the legal and supervisory framework related to financial and banking activities in the UAE;
  6. be excellent in Arabic, and preferably to have good knowledge of English;
  7. have good conduct and behavior, particularly with regard to credibility, integrity, and reputation in professional and financial transactions.
2. 7.11 HSA may exempt UAE candidates from some of the above clauses that would not impair their competence in performing their duties, provided that the candidate commits to the development and training required by the HSA.
Third: Termination or Resignation of ISSC member
1. 7.12 Termination of appointment or resignation of ISSC members is not considered effective until the termination or resignation request is approved by HSA, before it is presented to the general assembly for approval.
2. 7.13 The request must clarify the reasons for termination or resignation of the ISSC member.
¹ This is not applicable to companies of under one group. The ISSC member may be an ISSC member of the group's companies and that will count as one membership.

Article (8) Responsibility of ISSC
1. 8.1 ISSC undertakes Shari'ah supervision of all businesses, activities, products, services, contracts, documents, and code of conducts of the IFI.
  ISSC issues Shari'ah fatwas and resolutions that are binding upon IFI. The members of ISSC are accountable for the resolutions and fatwas they issue to the IFI, and their compliance with the resolutions and standards issued by the HSA.
2. 8.2 ISSC must monitor, through internal Shari'ah control division or section and internal Shari'ah audit, the IFI's compliance with Islamic Shari'ah.
3. 8.3 In case a Shari'ah non-compliance issue is identified in an IFI, the ISSC must review and approve:
  1. corrective measures, if the correction is feasible,
  2. remediation required by the Islamic Shari'ah regarding the consequences arising from the Shari'ah non-compliance issue if the correction is not feasible,
  3. preventive measures to avoid reoccurrence of such issues.
4. 8.4 ISSC shall review and approve from Shari'ah perspective:
  1. the method for calculation and distribution of profits, and for allocation of expenditures and costs and their division between holders of investment accounts and shareholders.
  2. final annual accounts before presenting them to the Central Bank.
5. 8.5 In case where an IFI is a branch or subsidiary of an offshore bank, the ISSC of such IFI should approve all business operations, products, services investments, and financial securities that IFI executes, issues, manages, promotes, offers to its customers, or participates in. The approvals from offshore Shari'ah committees (or similar committees) in relation to the above should not be used as a substitute for the onshore ISSC approval.
6. 8.6 The ISSC must issue an annual report stating the extent of IFI's compliance with Islamic Shari'ah that is published within the financial statement in the IFI's disclosures and other available means.
7. 8.7 The annual Shari'ah report of ISSC must contain the main components specified by the HSA in the annual Shari'ah report form.
8. 8.8 The annual Shari'ah report should be submitted to the HSA for review and approval prior to presenting the same to the general assembly.
Performance Assessment of ISSC
1. 8.9 The IFI in coordination with the chairman of the ISSC should develop an assessment for ISSC based on the following aspects:
  
  First: Shari'ah and scholarly aspects in terms of the member's participation in decision making, discussions, and review of contracts, documents and reports submitted to ISSC. This should account for 70% of the assessment.
  Second: Organizational aspect in terms of members' attendance of meetings and adherence to meeting schedule (dates and times), and other procedures prescribed by ISSC charter, in line with this standard. This should account for 30% of the assessment.
  The IFI should inform each ISSC member upon appointment and at the beginning of each fiscal year about the assessment criteria.
2. 8.10 At the end of a fiscal year, the Chairman of the ISSC shall provide HSA with a report on performance assessment.
ISSC Charter
1. 8.11 IFI must adopt a charter for the ISSC that defines details of decision making process and their implementation, and setting of adequate methods to fulfil ISSC's responsibilities without prejudice to the requirements of this standard, and in accordance to the format approved by the HSA.
ISSC Independence
1. 8.12 The following controls and guidelines, as a minimum, must be observed to ensure the independence of ISSC members:
  1. Members of the ISSC must not have a first-degree relative as member of IFI's Board or executive body in the IFI.
  2. Should not be an owner/shareholder of/in a company that provides consultancy or Shari'ah services to the IFI where he acts as member of ISSC.
  3. Members of the ISSC should not be employees at the IFI or any of its affiliates when serving as members of the committee and should not provide services to the IFI outside the scope of ISSC's assigned functions.
  4. Members of the ISSC shall not accept any allowance from IFI or its affiliates other than the allowance they receive for being members of the ISSC, the allowance for attending ISSC meetings, and other matters related thereto. If a financing is granted to a member of the ISSC, such member should be treated as ordinary customers and should not receive any preferential treatment,
  5. Member of ISSC or his first or second-degree relatives, shall not own a share equal to/or more than 5% that entitles him to act as executives or managers in any commercial company to which the IFI has paid, or received from, payments of material size, or one of its subsidiaries during the current or previous fiscal year.
  6. The entitlement to ISSC allowances should not be conditional on achieving certain results, or linking it to the results of the services provided by the ISSC (conditional remuneration).
  7. The foregoing cases are examples of ISSC members' independence. In case the IFI desires to treat ISSC members independent despite the existence of one or more of the above relationships, it must transparently disclose those instances and bear the responsibility for clarifying the reason for considering such members independent.
  8. In case of inevitable conflict of interest, member of the ISSC must notify the IFI management thereof in writing. He must also disclose any conflict of interest cases related to his family members or business partners or companies he has interest in. Also in cases where conflict of interest is related to a third party, he has to refrain from participating in the decision. In case of reporting conflict of interests, this must be recorded.
  9. The IFI must immediately notify the central bank if it become aware of any material information that may negatively affect the independence of any ISSC member.
Confidentiality
1. 8.13 Member of the ISSC must not disclose Confidential Information of the IFI unless such disclosure is required by law or by the Central Bank.
Consistency
1. 8.14 The ISSC members should try to achieve agreement related to fatwas and resolutions, to the extent possible. ISSC shall not resort to majority vote unless members are unable to reach agreement within a reasonable period.

Article (9) Internal Shari'ah Controls
1. 9.1 The IFI must establish effective internal Shari'ah controls comprising of three lines of defense approach that are independent from each other, which includes:
  - the first line of defense, represented by the business line, which should set clear policies, procedures, and controls, approved by ISSC, and execute the business activities in a manner compliant with Islamic Shari'ah at all times,
  - the second line of defense, represented by the internal Shari'ah control division or department, which undertakes the functions prescribed in the Article 10, and it should not be organizationally part of any business division or reporting to it,
  - the third line of defense represented by internal Shari'ah audit division or department, which undertakes Shari'ah audit and monitors compliance, and it should not be organizationally part of any business division or reporting to it.
2. 9.2 The IFI must provide sufficient financial and human resources that suit the size and nature of IFI's activities so that internal Shari'ah control section and internal Shari'ah audit section can carry their work effectively and efficiently, in consultation with the ISSC.
3. 9.3 The internal Shari'ah control division or section and internal Shari'ah audit division or section perform two different tasks, and must stay separate from each other in terms of reporting and human resources in accordance with the three lines of defense approach.

Article (10) Internal Shari'ah Control Division or Section
1. 10.1 This division or section supports the ISSC in its duties. It is comprised of the number of employees of the size that is commensurate with the size and nature of the IFI operations. The ISSC shall supervise the work of this division or section from the technical perspective.
2. 10.2 The IFI should appoint a head for internal Shari'ah control division or section, who shall report to the Board.
  The head for internal Shari'ah control division or section must:
  1. be a Muslim,
  2. have a university degree in Islamic Shari'ah, or relevant specializations,
  3. have a professional certificate in Shari'ah and Islamic Banking Control from one of the organizations that supports Islamic Finance like the Accounting and Auditing Organization for IFIs (AAOIFI) and the General Council for Islamic Banks And Financial Institutions (CIBAFI),
  4. have an experience of 10 years (at least), as a minimum, in the field of Shari'ah Supervision,
  5. not have been sentenced by a court in crimes related to honor or honesty, or was convicted of offences and sentenced to imprisonment,
  6. have strong command of English and reasonable command of Arabic.
3. 10.3 The internal Shari'ah control division or section should not issue fatwas or resolutions. Instead, the internal Shari'ah control division should refer back to ISSC in all matters that it considers and all tasks it carries out, unless there were fatwas or resolutions issued for the matters before.
4. 10.4 In matters related to promotions, bonus, performance assessment, and removal, the internal Shari'ah control division or section head and staff shall not report to the senior management, but to the Board or its committees in consultation with the ISSC.
5. 10.5 Internal Shari'ah control division or section staff shall not assume any executive powers or responsibilities related to the businesses and activities that may be monitored by themselves.
6. 10.6 The internal Shari'ah control division or section shall assume the following functions:
  1. ISSC Secretariat Function: undertakes the following:
    - - preparing, and organizing the meetings of the ISSC,
    - - preparing and drafting the minutes of the meetings,
    - - communicating the resolutions to the internal Shari'ah control division and internal Shari'ah audit division in addition to other divisions and sections of the IFI,
    - - following up with resolution implementation as per the follow-up list required by ISSC,
    - - filing fatwas and resolutions, and
    - - follow-up administrative matters related to ISSC.
  2. Shari'ah Consultations Function: provides consultation based on the ISSC's fatwas and resolutions in regards to:
    - - contracts and documents and other aspects related to the IFI's financial products and services, including products manual, policies, internal procedures,
    - - IFI's Shari'ah related inquiries and issues,
    - - Promotional / advertising materials and publications,
    - - Customers complaints (related to the compliance with Islamic Shari'ah), and
    - - other Shari'ah issues faced by the IFI especially the ones related to structuring and products.
    The IFI must ensure that persons tasked with this function must have high Shari'ah expertise and qualifications, and must be familiar with Islamic financial products, IT systems, and internal procedures.
  3. Shari'ah Research & Development Function: undertakes the following:
    - - conducting researches for related Shari'ah and procedural issues requested by ISSC,
    - - contributing, with other relevant sections in the IFI, to the development of products and formulation of policies, procedures, contracts, and
    - - other areas of development in IFIs .
  4. Shari'ah Compliance Function: is responsible to continuously monitor compliance of IFI's businesses and activities with resolutions, fatwas, regulations, standards, which are issued by the HSA.
    - - The Shari'ah compliance function must not be outsourced to external entities.
    - - The Shari'ah compliance report must be submitted to the ISSC to look at the technical Shari'ah related matters prior to submitting the same to the chief executive officer. The Shari'ah compliance must have a right of direct access to the Board.
    - - The work of the Shari'ah compliance function must be integrated within the overall compliance function of the IFI. It must have a dotted reporting line to the head of compliance of the IFI to submit reports regarding the compliance with Islamic Shari'ah.
  5. Shari'ah Training Function: conducts training for IFI's staff on those aspects of their duties related to IFI's compliance with Islamic Shari'ah.
    This function also provides adequate trainings for the staff on what they need to be equipped with information and skills, depending on nature of work of each employee, to ascertain that the IFI complies with Islamic Shari'ah at all times.

Article (11) Internal Shari'ah Audit Division or Section
1. 11.1 The internal Shari'ah audit division or section undertakes Shari'ah audit and monitors IFI's compliance with Islamic Shari'ah. This is conducted through an annual plan to collect and assess evidence of IFI's activities and transactions to ensure their compliance with Islamic Shari'ah and ensure the adequacy of internal procedures and Shari'ah governance frameworks.
2. 11.2 The Board should appoint a Shari'ah controller to serve as head for internal Shari'ah audit division or section.
  The head for internal Shari'ah audit division or section must:
  1. be Muslim,
  2. have a university degree in Islamic Shari'ah, or relevant specializations,
  3. have a professional certificate in Shari'ah and Islamic Banking Audit from one of the organizations that support Islamic Finance like the Accounting and Auditing Organization for IFIs (AAOIFI) and the General Council for Islamic Banks And Financial Institutions (CIBAFI). It is also preferable to have a professional certificate in auditing issued by an international organization,
  4. have an experience of 10 years (at least), as a minimum, in the field of Shari'ah audit,
  5. not have been sentenced by a court in crimes related to honor or honesty, or sentenced by imprisonment, and
  6. have strong command of English and reasonable commend of Arabic.
3. 11.3 The head of internal Shari'ah audit division or department shall report to the Board. The head of internal Shari'ah audit division or section shall submit the reports to the ISSC for resolutions on Shari'ah matters mentioned in his/her reports. He/She shall then report with the ISSC resolutions to the Board's audit committee for the implementation of their content and follow-up of their requirements.
4. 11.4 The internal Shari'ah audit division or section submits its reports to the ISSC and to the Board audit committee biannually (at minimum)².
5. 11.5 The internal Shari'ah audit division and the internal audit division must coordinate and exchange their findings and reports.
6. 11.6 In matters related to promotions, bonus, performance assessment, and removal, internal Shari'ah audit division or section head and staff shall not report to the senior management they are auditing, but to the Board, through the audit committee, and in consultation with the ISSC.
7. 11.7 Internal Shari'ah audit division or section staff shall not assume any executive powers or responsibilities related to the businesses, activities, and contracts that may be audited by them.
8. 11.8 Internal Shari'ah audit division or section must carry out its duties in line with specified work procedures.
9. 11.9 The internal Shari'ah auditor must meet the requirements mentioned in (11.2) above, except for the condition of experience; where the internal Shari'ah auditor must have a minimum practical experience of five years in Shari'ah internal audit.
10. 11.10 Internal Shari'ah audit division or section shall carry out the following duties:
  1. Development of internal Shari'ah audit manual, and to undertake review and update of the manual on a regular basis.
  2. Prepare the annual Shari'ah audit plan, which must be approved by the ISSC in coordination with the audit committee, while upholding the best practices in this process (e.g. Risk based Shari'ah Audit ).
  3. Undertake assessment of businesses and activities of IFI to ensure the IFI's compliance with Islamic Shari'ah.
  4. Assess effectiveness of the internal Shari'ah supervision to ensure that the IFI's compliance with Islamic Shari'ah.
  5. Ensure that the products, services forms, contracts, agreements, activities and transactions execution procedures, and other related matters are approved by ISSC.
  6. Ensure the IFI's branches, its internal and external departments, and affiliates comply with Islamic Shari'ah.
  7. Conduct regular field audit to the IFI's internal and external departments, and branches (if any).
  8. Prepare internal audit forms and programs required for conducting inspection, and to verify and documents the sound execution of transactions in light of the ISSC's fatwas and HSA's resolutions.
  9. Conduct meetings with IFI's departments and branches to discuss the Shari'ah observations and request putting in place appropriate measures to prevent recurrences of similar issues, and in cooperation with relevant entities inside the IFI.
  10. Prepare a report of the outcomes of the Internal Shari'ah audit.
11. 11.11 The internal Shari'ah audit must not be outsourced to external entities. The internal Shari'ah audit division may be assisted by additional external bodies after the approval of the CBUAE.
² The frequency of reports submitted by the internal Shari'ah audit division or section depends on the size and nature of the IFI's works, which might require submitting more reports

Article (12) External Shari'ah Audit
1. 12.1 IFI may appoint a specialized external body to conduct external Shari'ah audit.

Article (13) Compliance with the Standard
1. 13.1 The IFI must set a Shari'ah governance framework in accordance to this standard within 180 days from issuing this standard. The same must be submitted to the CBUAE for approval.
2. 13.2 The IFIs should comply fully with these standard requirements within one year from publishing this standard.
3. 13.3 The Regulatory Development Division of the Central bank shall be the reference for interpretation of the provisions of this standard.

Major Acquisitions Regulation
C 2/2020 Effective from 24/4/2020

Introduction:
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, it is necessary to regulate and supervise Major Acquisitions proposed and undertaken by banks and banking groups.
In introducing this Regulation, the Central Bank intends to ensure that Banks adopt prudent approaches to Major Acquisitions within a Regulatory framework in line with leading international practices.
This Regulation is issued pursuant to the powers vested in the Central Bank under the Central Bank Law (Decretal Federal Law No. (14) of 2018).
Where this Regulation includes a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements that are additional to the listing provided in the relevant Article.
The onus is on the Board to demonstrate that it has implemented a comprehensive approach to Major Acquisitions. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation.

Objective:
The objective of this Regulation to establish a prudential framework for evaluating Banks’ approaches to Major Acquisitions, with a view to:
1. Ensuring the soundness of Banks; and
2. Contributing to financial stability and the protection of retail customers

Scope of Application:
This Regulation applies to all Banks operating in the UAE. Banks established in the UAE with significant group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation is adhered to on a solo and group-wide basis.

Article (1): Definitions
1. Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
2. Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities as defined in Article 65 of the Central Bank Law.
3. Board: The Bank’s board of directors.
4. Central Bank: The Central Bank of the United Arab Emirates.
5. Central Bank Law: Decretal Federal Law No. (14) of 2018 regarding the Central Bank & Organisation of Financial Institutions and Activities as amended or replaced from time to time.
6. Central Bank regulations: Any regulation, resolution, circular, rule, standard or notice issued by the Central Bank.
7. Islamic Financial Services: Shari`ah compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
8. Major Acquisition: An acquisition or investment by a Bank (where assets are being acquired, including shares but not including debt (except convertible debt), the aggregate amount (in one juridical person) of which exceeds 5% of Total Regulatory Capital, or which is deemed in advance by the Central Bank to be a Major Acquisition.
9. Notification Acquisition: An acquisition or investment by a Bank (where assets are being acquired, including shares but not including debt), the amount of which does not meet the criteria for a Major Acquisition, but which does exceed 1% of Total Regulatory Capital.
10. Purchase Price: Gross amount.
11. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
12. Subsidiary: an entity (the 'first entity') is a subsidiary of another entity (the ‘second entity’) if the second entity:
  1. holds a majority of the voting rights in the first entity;
  2. is a shareholder of the first entity and has the right to appoint or remove a majority of the board of directors or managers of the first entity;
  3. is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity;
  4. Or:
    if the first entity is a subsidiary of another entity which is itself subsidiary of the second entity
13. Total Regulatory Capital: The sum of a Bank’s Common Equity Tier 1, Additional Tier 1 and Tier 2 capital.

Article (2): Approval of Major Acquisitions
1. A Bank shall not acquire any other institution, regardless of its type of activity, nor transfer any part of its liabilities to another person, without obtaining the Central Bank’s prior approval.
2. A Bank must obtain written approval from the Central Bank prior to completing a Major Acquisition. An application for Central Bank approval must provide at a minimum:
  1. A detailed description and analysis of the proposed Major Acquisition including the consideration and value received, funding, and projected impact on the financial position, income statement, and prudential requirements;
  2. Projected impact on the Bank, and if applicable group business model, pro-forma statements of the combined entity, the potential impact on market share and competitive dynamics, customer access, product and services, risk profile, governance (including reporting lines), risk management, internal controls, internal audit, information systems and human resources;
  3. Due diligence report and other relevant documents, including those provided to the Board as part of the Bank’s internal approval process, Banks should consider obtaining Central Bank no objection before entering the due diligence process;
  4. The valuation methodology used to price the Major Acquisition;
  5. An explanation of how the Major Acquisition transaction meets the criteria set out in Article 5 of this Regulation; and
  6. Any other information necessary to enable the Central Bank to reach an informed decision on the merits of the application.
3. Banks must ensure that at all times they do not hold shares (and convertible debt) in commercial companies beyond a limit of 10% of their Total Regulatory Capital.
4. This Regulation does not apply to the purchase of a Subsidiary or Affiliate. Banks are required to seek Central Bank approval separately for any purchases of a commercial entity’s shares which would result in that commercial entity becoming a Subsidiary or Affiliate of the Bank. Where a Bank is fully acquiring or merging with another entity, the Central Bank may approve the transaction beyond the 10% limit.

Article (3): Board Responsibility
1. The Board is responsible for establishing adequate policies and procedures to ensure that the risks inherent in Major Acquisitions are identified, understood and mitigated to the extent possible. At a minimum, policies and procedures must require:
  1. a) Approval by the Board; and
  2. b) Reporting that enables the Board and senior management to monitor and manage the risks on an ongoing basis.
2. Acquisitions, purchase of all or part of a business, or other changes to Bank or group structure may lead to increased risks for the Bank, or if applicable, group. For this reason, all Major Acquisitions must be approved by the Board, in accordance with the Board-approved policy. Elements of the review by the Board, of a Major Acquisition must include, but are not limited to the assessment of:
  1. a) Risks and impacts on the Bank’s capital, income, liquidity, overall financial position and compliance with prudential requirements under a variety of scenarios, particularly with more pessimistic assumptions than in the baseline case;
  2. b) Risks and impacts on existing customer exposures, documentation and services;
  3. c) The extent to which the Bank’s business lines, risk management, legal and regulatory compliance and information technology functions have the necessary expertise, systems and other tools to measure and manage the associated risks.

Article (4): Provision of Information
1. The Central Bank may require from any source whatsoever, such information and perform such investigation as it considers reasonably necessary to evaluate an application, to which end the Central Bank may appoint an agent deemed suitably qualified by the Central Bank
2. A Bank, which is in possession of information or documentation relevant to a Central Bank review, must present promptly such information or documentation to the Central Bank, or its agent
3. A person who provides the Central Bank with false, fraudulent, fictitious, materially misleading, or materially incorrect information in relation to an application may be determined by the Central Bank not to be a fit and proper person and thus precluded from being a member of the Senior Management or Board of a Bank

Article (5): Assessment Criteria
1. A Bank must demonstrate to the satisfaction of the Central Bank that the proposed Major Acquisition would not expose the Bank to undue (prudential and/or consumer protection) risks, hinder effective supervision, or the implementation of corrective measures in the future, including an orderly resolution of the bank, and that the Bank has adequate financial, managerial and organizational resources for the transaction.
2. When the proposed Major Acquisition is to be undertaken by a subsidiary or affiliate of the Bank, the Bank must demonstrate to the satisfaction of the Central Bank that it has the ability to manage any risks arising from the proposed Major Acquisition and that it would not expose the Bank to undue risk, hinder effective supervision, or the implementation of corrective measures in the future, including an orderly resolution of the Bank.
3. The Central Bank will consider each application on its own merits, applying the criteria set out in the Regulation
4. When the proposed Major Acquisition is outside the U.A.E., the Central Bank requires more enhanced due diligence to be undertaken by the Bank which includes detailing of the political, economic and legal risks of the overseas jurisdiction in question, including country regulations and related authorities’ reputation. Due diligence should also cover market environment with respect to macroeconomic development, and the subsequent impacts it may have, as per Articles 2(2) and 3(1) of this Regulation.
5. The Central Bank will also consider whether the authorities in the host country perform supervision effectively and whether the Central Bank will be able to exercise supervision on a consolidated basis. The Central Bank may not approve a transaction if bank secrecy or other laws, or any other factors, would impair effective consolidated supervision.

Article (6): Decision On An Application
1. The Central Bank may approve the application, whether unconditionally or subject to such conditions, as it may deem necessary; or refuse the application, in which event the Central Bank will inform the applicant of the reasons for the refusal. A Bank shall be notified of the Central Bank’s decision within the period set out in Article 100 of the Central Bank Law.
2. The Central Bank will not make a decision on an application unless it has received all of the information specified in this Regulation as well as any other information the Central Bank may determine is necessary for the review.

Article (7): Notification Requirements
1. A Bank must make a written notification to the Central Bank, detailing any acquisition which meets the definition of a Notification Acquisition within thirty (30) days after the transaction has been made. At a minimum the notification should cover, a description of the transaction, the rationale, details of the approval authority within the bank and the calculation of the percentage of Total Regulatory Capital based on the most recent audited financial statements.

Article (8): Revocation of Approval
1. Should the Central Bank determine that it had approved a Major Acquisition based on an application containing false, fraudulent, fictitious, or in any other way materially misleading or incorrect information, the Central Bank may withdraw its approval and reject the application, or modify its approval through the imposition of one or more conditions, or require the reversal of the transaction.

Article (9): Islamic Banking
1. Banks offering Islamic Financial Services must ensure that any Major Transactions they undertake which fall under the scope of this regulation are done so in accordance with the principles of Islamic Shari’ah and any relevant Higher Shari’ah Authority resolutions/fatwas.

Article (10): Duty to Report to the Central Bank
1. A Bank must provide the Central Bank with such information as is prescribed in this Regulation or may be required by the Central Bank.
2. A Bank must immediately notify the Central Bank when it becomes aware of any new or additional information, which has a material impact on a proposed Major Acquisition.

Article (11): Enforcement & Sanctions
1. Violation of any provision of this Regulation and any accompanying Standards may be subject to supervisory action and administrative & financial sanctions as deemed appropriate by the Central Bank.
2. Supervisory action and administrative & financial sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, imposition of fines or barring individuals from the UAE banking sector.

Article (12): Interpretation of Regulation
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article (13): Publication & Application
1. This Regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect one (1) month from the date of its publication.

Transfer of Significant Shareholding Regulation
C 5/2020 Effective from 15/5/2020

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, it is necessary to ensure the suitability of Banks’ significant and controlling shareholder/s.
In introducing this Regulation, the Central Bank intends to ensure that the transfer of significant shareholding is controlled in line with leading international practices.
This Regulation is issued pursuant to the powers vested in the Central Bank under the Central Bank Law (Decretal Federal Law No. (14) of 2018)¹.
Where this Regulation includes a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements that are additional to the listing provided in the relevant Article.

¹ Article 95 of the law prohibits persons from holding controlling interests or increasing controlling interests in any licensed financial institutions unless Central Bank prior approval is obtained. Article 95 also confers powers on the Central Bank’s Board of directors to issue regulations relating to interests and instances of control.

Objective
The objective of this Regulation is to establish the minimum acceptable standards for Banks’ approach to transfer of significant ownership with a view to:
1. Ensuring the soundness of banks; and
2. Contributing to financial stability and protection of retail customers

Scope of Application
This Regulation applies to all Banks operating in the UAE and all of the bank’s current and potential shareholders. Banks established in the UAE with significant Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation is adhered to on a solo and Group-wide basis.
The branches of international Banks operating in the UAE are required to only notify the Central Bank when there is any change in significant/controlling shareholders (as per the definitions included in this Regulation) of the parent entity.

Article (1): Definitions
1. Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
2. Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
3. Beneficial shareholder: The natural person exercising or entitled to the rights of a particular direct shareholding.
4. Beneficial shareholding: The particular direct shareholding over which a natural person exercises, or is entitled to exercise, the rights thereof, regardless of whether the natural or legal person is a direct shareholder.
5. Board: The Bank’s board of directors.
6. Central Bank: The Central Bank of the United Arab Emirates.
7. Central Bank Law: Decretal Federal Law No. (14) of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities.
8. Control: the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
9. Controlling shareholder: One or more beneficial shareholder/s who, directly or indirectly, singly or acting in concert:
  1. a) own/s or control/s more than 50 percent of the sum of the issued ordinary shares and financial instruments convertible into ordinary shares;
  2. b) control/s more than 50 percent of the votes related to the sum of the issued ordinary shares and financial instruments convertible into ordinary shares;
  3. c) control/s the election of the majority of the directors and/or directs and determine/s the decisions of the board of directors; or
  4. d) exercise/s a controlling influence over the policies, strategies, governance, management or financial affairs of a bank, as determined by the Central Bank in its sole discretion.
  In determining the votes which can be exercised at a shareholders’ meeting, all votes related to ordinary shares and all votes related to other instruments which are convertible into ordinary shares must be included.
10. Controlling shareholding: The issued ordinary shares and financial instruments convertible into ordinary shares held by Controlling Shareholders as defined in this Regulation
11. Group: A group of entities which includes an entity (the 'first entity') and:
  1. a) any Controlling Shareholder of the first entity;
  2. b) any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
  3. c) any Affiliate
12. Significant Shareholder: one or more beneficial shareholder/s who, directly or indirectly, singly or acting in concert;
  1. a) own/s or control/s a shareholding equal to or exceeding five percent (5%) of the sum of the issued ordinary shares and financing instruments convertible into ordinary shares;
  2. b) control/s votes equal to or exceeding five percent (5%) of the sum of the votes related to the issued ordinary shares and financial instruments convertible into ordinary shares.
13. Significant shareholding: The issued ordinary shares and financial instruments convertible into ordinary shares held by Significant Shareholder. For the avoidance of doubt, a Controlling Shareholder is also a Significant Shareholder, and a Controlling Shareholding is also a Significant shareholding.
14. Islamic Financial Services: Shari'ah compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
15. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
16. Subsidiary: an entity (the 'first entity') is a subsidiary of another entity (the ‘second entity’) if the second entity:
  1. holds a majority of the voting rights in the first entity;
  2. is a shareholder of the first entity and has the right to appoint or remove a majority of the board of directors or managers of the first entity;
  3. is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity;
  4. Or:
    if the first entity is a subsidiary of another entity which is itself subsidiary of the second entity.

Article (2): Shareholder Register
1. The Board is responsible for ensuring that a bank establishes and maintains an up to date shareholder register, and that written records are established and maintained in relation to all the bank’s shareholders and their shareholdings.
2. Banks are required to have in place policies and procedures to ensure that all Significant and Controlling Shareholders are identified and recorded in writing in the shareholders register.

Article (3): Requirement for Approval
1. A person may not obtain or divest, directly or indirectly, a shareholding in a Bank equal to or exceeding five percent (5%) of the sum of the issued ordinary shares and financial instruments convertible into ordinary shares, without first having applied for and received the prior written approval of the Central Bank.
2. A person may not increase, by any margin, a shareholding in a bank above five percent (5%) of the sum of the issued ordinary shares and financial instruments convertible into ordinary shares that they may already hold, without first having applied for and received the prior written approval of the Central Bank
3. Prior written notice to the Central Bank is required if a person intends, in relation to a bank, to:
  1. obtain or divest a Significant or Controlling Shareholding; or
  2. obtain or divest the right to exercise voting rights in relation to a Significant or Controlling Shareholding; or
  3. increases their shareholding to a level which would result in his aggregate holding qualifying as a Significant or Controlling Shareholding; or
  4. increases the number of voting rights they are entitled to exercise to a level constituting him as a Significant Shareholder or Controlling Shareholder.
4. Should a person obtain or divest a shareholding exceeding five percent (5%) of the sum of the issued ordinary shares and financial instruments convertible into ordinary shares in a bank without prior written Central Bank approval, he is required immediately to apply for Central Bank approval. Unless and until Central Bank approval has been obtained, this shareholder is prohibited, in relation to that part of his shareholding which exceeds five percent (5%) of the bank’s issued ordinary shares (excess shareholding), from exercising any related voting right and receiving any related dividend. The Board must ensure that these prohibitions are enforced, and that any related dividends are retained by the bank until a final decision has been made by the Central Bank.
5. A person who obtained a shareholding exceeding five percent (5%) of the sum of the issued ordinary shares and financial instruments convertible into ordinary shares in a bank without prior written Central Bank approval may not dispose of the shareholding without the prior written approval and under the direction of the Central Bank.
6. No person is permitted to obtain or increase a Significant or Controlling Shareholding in a Bank, whether held directly or indirectly, unless the person obtains in advance the Central Bank’s prior written approval. Similarly, no person is permitted to obtain or increase voting rights in a bank up to or above a level equivalent to that of a significant or controlling shareholding unless the person obtains in advance the Central Bank’s prior written approval.
7. Banks must notify the Central Bank where a shareholding of (1%) one percent or more of the issued ordinary shares and financing instruments convertible into ordinary shares is obtained.

Article (4): Deeming a Significant or Controlling Shareholding
1. The Central Bank may, when it, in its sole discretion considers this to be the substance of the matter, deem that one or more beneficial shareholder/s, singly or acting in concert, is or constitutes a Significant Shareholder or Controlling Shareholder, as the case may be. In this event, the corresponding shareholding/s held will be deemed to constitute a Significant Shareholding/s or a Controlling shareholding/s, as the case may be.
2. Banks are required to provide the Central Bank with sufficient information to identify those persons who control the exercise of a significant or controlling number of voting rights. The Board is responsible for ensuring the Bank’s compliance with these reporting requirements.

Article (5): Application for Approval
1. An application for Central Bank approval must be in such form and be accompanied by such information as the Central Bank may require.
2. An application for Central Bank approval must contain the following information and address the following issues:
  1. a) A duly completed questionnaire in the form prescribed by the Central Bank which will include requirements to demonstrate the shareholders appropriate financial standing and reputation;
  2. b) A detailed exposition of the applicant’s shareholding/s in the Bank, including all direct and indirect shareholdings, setting out also the names of any nominee shareholder/s and shareholding/s. In addition, the same information must be provided in respect of the shareholding/s in the Bank of any party or parties acting in concert with the applicant;
  3. c) Detailed financial information of the applicant entity covering a period of at least 3 years prior to the application date;
  4. d) Any other information reasonably necessary for the Central Bank to reach a decision on the merits of the application.
3. The Central Bank considers each application on its own merits, on a case-by-case basis. The applicant must demonstrate to the satisfaction of the Central Bank that it currently meets the criteria and in future will continue to meet the criteria to be a significant or controlling shareholder of a bank.
4. An application for Central Bank approval must be made by and in the name of the (ultimate) beneficial shareholder. Breach of this requirement invalidates any Central Bank approval issued in relation to such an application, and any person involved with such an application is deemed not to be a fit to be a significant or controlling shareholder, officer or director of a bank.
5. Any action or inaction which conceals the true identity of a beneficial shareholder intending to obtain or holding a significant or controlling shareholding invalidates any Central Bank approval issued in relation to that application. Any person involved with such an application is deemed not to be a fit and proper person to be a significant or controlling shareholder, officer or director of a bank.
6. A person who provides the Central Bank with false, fraudulent, fictitious, materially misleading or materially incorrect information in relation to an application is deemed not to be a fit and proper person to be a significant or controlling shareholder, officer or director of a bank.

Article (6): Decision on an Application
1. The Central Bank may approve the application for approval to obtain or divest a Significant or Controlling Shareholding, whether unconditionally or subject to such conditions as it may deem necessary, or refuse the application, in which event the Central Bank must inform the applicant of the reasons for the refusal.
2. The Central Bank may require information from any source and perform such investigation as it considers reasonably necessary to evaluate an application. Banks must provide any information deemed relevant to an investigation to the Central Bank.
3. The Central Bank will not make a decision on an application unless it has received all the information specified in this Regulation as well as any other information the Central Bank may consider necessary for its review.
  
  An applicant must demonstrate to the satisfaction of the Central Bank that the resulting ownership structure will not impede effective Central Bank supervision of the bank and its group (where applicable), or the discharge of the Central Bank’s financial stability mandate, and that the beneficial shareholder is fit and proper.
  
  Where a financial institution (whether domestic or foreign) proposes to obtain or divest a Significant or Controlling Shareholding in a Bank, the Central Bank will consider whether:
  1. a) The institution is supervised by an authority which discharges its mandate in line with international practises;
  2. b) The institution’s supervisor applies consolidated or cross-border supervision in relation to the institution;
  3. c) The institution’s supervisor will include the acquired entity when performing consolidated and cross-border supervision in relation to the institution; and
  4. d) The institution’s supervisor has provided the Central Bank with a written confirmation of its consent or no objection to the proposed transaction.

Article (7): Revocation of Approval
1. Should the Central Bank determine that it had approved a change in ownership of a significant shareholding based on an application containing misleading or incorrect information, the Central Bank may withdraw its approval and reject the application, modify its approval through the imposition of one or more conditions, or require the shareholder to dispose of the shareholding subject to the conditions set by the Central Bank.
2. Until an unapproved significant shareholding is divested in accordance with the conditions prescribed by the Central Bank, the shareholder is prohibited, in relation to that part of their shareholding which exceeds five percent (5%) of the bank’s issued ordinary shares (Excess Shareholding), from exercising any related voting rights, and receiving any related dividend. The Board must ensure that these prohibitions are enforced, and that any related dividends are retained by the bank until a final decision has been made by the Central Bank.
3. The requirement that a Significant or Controlling Shareholder be fit and proper is a continuing requirement. The Central Bank may revoke an approval of a Significant or Controlling Shareholder if that shareholder is no longer fit and proper or the Central Bank determines that any of the information provided as part of an application was false, fraudulent, and fictitious or in any other way materially misleading or incorrect.

Article (8): Duty to Report to the Central Bank
1. The Bank must provide the Central Bank with such information as is required in relation to Significant Shareholder/s or Controlling shareholder/s. Failure to comply constitutes a breach of the continuous requirements of this Regulation.
2. Unless and until the situation is regularized to the satisfaction of the Central Bank, a shareholder failing to comply with the reporting requirements of this Regulation must dispose of that part of their shareholding which exceeds five percent (5%) of the Bank’s issued ordinary shares (Excess Shareholding) as prescribed by the Central Bank. They are also prohibited, in relation to such Excess Shareholding, from exercising any related voting right or receiving any related dividend. The Board must ensure that these prohibitions are enforced and that any related dividends are retained by the bank until a final decision has been made by the Central Bank.
3. A Bank must provide the Central Bank with such information regarding its shareholders as is prescribed in this Regulation or may be required by the Central Bank.
4. A Bank must immediately notify the Central Bank when it becomes aware of a change or proposed change in a Significant Shareholder or Significant Shareholding, or in a Controlling Shareholder or Controlling Shareholding.
5. A Bank must immediately notify the Central Bank when it becomes aware of any material information which may negatively affect the suitability of a Significant or Controlling Shareholder.
6. A foreign bank branch must immediately notify the Central Bank upon becoming aware of any change or proposed change in controlling shareholding or significant shareholding of its parent entity, and provide the Central Bank with such relevant information as it may require.
7. Nominee shareholders are required, upon request by the Bank, to provide the Bank with the name and any other required details of the beneficial shareholder.
8. Banks must take into account the identity of beneficial shareholders when reporting to the Central Bank on significant and controlling shareholder/s and Shareholding/s as required by this Regulation.
9. Banks must obtain from all significant shareholders and controlling shareholders the information required to be submitted to the Central Bank on an annual basis.

Article (9): Islamic Banking
1. Banks offering Islamic Financial Services must ensure that any Major Transactions they undertake which fall under the scope of this regulation are done so in accordance with the principles of Islamic Shari’ah and any relevant Higher Shari’ah Authority resolutions/fatwas.

Article (10): Enforcement and Sanctions
1. Violation of any provision of this Regulation and any accompanying Standards may be subject to supervisory action and administrative & financial sanctions as deemed appropriate by the Central Bank.
2. Supervisory action and administrative & financial sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, imposition of fines or barring individuals from the UAE banking sector.

Article (11): Interpretation of Regulation
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article (12): Publication and Application
1. This Regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect one (1) month from the date of its publication.

National Shareholding in Banks Regulation
C 18/2021 Effective from 15/12/2021

Introduction
The Central Bank Law stipulates that the Board of Directors of the Central Bank determines the conditions and controls for ownership of shares of Banks incorporated in the UAE and shareholdings contribution in their capital and, in all cases, the national shareholding must not be less than sixty percent (60%).

Objective
The objective of this Regulation is to ensure that national shareholding remains in compliance with the Central Bank Law at all times. Banks must take all reasonable measures to ensure compliance with the minimum national shareholding requirement as determined by the Board of Directors of the Central Bank. The measures referred to in article 3.1 of this Regulation, encompass at a minimum (if and when applicable) that Banks schedule the matter for a general assembly meeting and/or make necessary amendments in their Articles of Association, and/or provide a reasoned voting advice.

Scope of Application
This Regulation applies to all Banks incorporated in the UAE.

Article (1): Definitions
1. Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
2. Central Bank: The Central Bank of the United Arab Emirates.
3. Central Bank Law: Decretal Federal Law No. (14) of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities and its amendments, or replacement from time to time.
4. Regulation of Significant Shareholder: Transfer of Significant Shareholding Regulation 05/2020 of 15 April 2020 on the transfer of significant shareholding.
5. State: United Arab Emirates “UAE”.

Article (2): National Ownership of Banks incorporated in the UAE
In all cases, the national shareholding percentage should not be less than sixty percent (60%) of the capital of the banks incorporated in the State. Natural persons owning this percentage must be citizens of the State. The percentage of ownership of the State citizens in a juridical person is calculated as per their shareholding in it.

Article (3): Role & Responsibility of the Board of Directors
1. The board of directors and shareholders of a Bank shall ensure that national shareholding is in accordance with the minimum requirement set out in Article 2 of this Regulation and shall take all reasonable measures to achieve compliance with this minimum requirement and the requirements of the Regulation of Significant Shareholder.
2. The board of directors of a Bank shall ensure that voting decisions of a shareholder, or shareholders, at a general assembly meeting comply fully with the Central Bank Law.

Article (4): Informing the Central Bank
Banks must inform the Central Bank at the time of the invitation by the Bank’s board of directors to a general assembly meeting when a proposed shareholding change is on the agenda.

Article (5): Central Bank’s Representatives at a General Assembly Meeting
The Central Bank may send one or more representatives to attend a general assembly meeting when a proposed shareholding change is on the agenda, without having any right to vote. The presence of such representatives shall be stated in the minutes of meeting.

Article (6): Central Bank Powers
1. The Central Bank may take all measures it deems appropriate to maintain conduct of operations of Banks, within the frameworks and limits set by the Board of Directors of the Central Bank.
2. The Central Bank may:
  
  a. Request to hold a meeting of a general assembly of the Bank to discuss any issue the Central Bank deems important.
  
  b. Request to include any item that the Central Bank deems necessary into the agenda of a general assembly meeting of the Bank.
  
  c. Stop the implementation of any decision issued by a general assembly of the Bank in the event that it violates the laws or regulations in force.

Article (7) : Enforcement and Sanctions
Violation of this Regulation may be subject to supervisory action and sanctions as deemed appropriate by the Central Bank.
Without prejudice to the provisions of the Central Bank Law, supervisory action and sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of the members of the board, providing for the interim management of the Bank, or barring individuals from the UAE banking sector.

Article (8) : Abuse of the Exercise of a Right
Violation of Article 3.2 of this Regulation will render that shareholder(s)’ vote unlawful as the expected interests are not commensurate with the prejudice sustained by the Bank and/or other shareholder/s.

Article (9) : Interpretation of Regulation
The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article (10) : Publication and Application
This Regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect one (1) month from the date of its publication.

Liquidity

Regulations Re Liquidity at Banks
C 33/2015 Effective from 1/7/2015

Introduction
Following consultation with banks operating in the UAE and after reviewing international best practices in the area of liquidity risk management and regulations, the Central Bank has decided to enact these Regulations for controlling and monitoring of liquidity at banks. All banks must abide by the provisions of these Regulations and the Guidance Manual, which will be issued at a later stage, at all times.

Scope
All Banks must comply with the provisions of these Regulations at all times.

Objective
The objective of these Regulations is to ensure that liquidity risks are well managed at banks operating in the UAE and are in line with the Basel Committee for Banking Supervision (BCBS) recommendations and international best practice.

Article (1): Definitions
Terminology and concepts used in the qualitative requirements section: As defined by the Basel Committee for Banking Supervision (BCBS) in the document titled "Principles for Sound Liquidity Management and Supervision" dated September 2008.
Eligible Liquid Assets Ratio (ELAR): Ratio of the stock of eligible liquid assets to total liabilities (excluding liabilities allowed in the regulatory capital base).
Liquidity Coverage Ratio (LCR): Ratio of the stock of high quality liquid assets to total net cash outflows over the next 30 days as defined by the Basel Committee for Banking Supervision (BCBS) in the document titled "Basel III: The Liquidity Coverage Ratio and Liquidity Risk Monitoring Tools" issued in January 2013.
Net Stable Funding Ratio (NSFR): The ratio of available amount of stable funding to the required amount of stable funding, as defined by the Basel Committee for Banking Supervision (BCBS) in the document titled "Basel III: the net stable funding ratio", issued in October 2014.

Article (2): Qualitative Requirements
A Liquidity Risk Management Framework is an integral part of risk management within all banks. The framework should ensure that liquidity risk is well managed to minimize the likelihood of a liquidity stress occurring at a bank and its impact when it occurs
The Central Bank believes that liquidity risk governance, measurement and management is equally important and complements the quantitative requirements.
When reviewing the liquidity framework, the Central Bank will apply a proportionate approach which will take into account the size of the bank, scope of operations, interconnectedness, and its possible impact on the UAE financial system.
A robust Liquidity Risk Management Framework should incorporate the following requirements:
1. Banks are responsible for managing their liquidity risk in a prudent manner using all available liquidity management tools at their disposal.
2. The bank’s Board of Directors bears ultimate responsibility for liquidity risk management within the bank.
  The bank’s Board should clearly articulate liquidity risk tolerance for the bank in line with the bank’s objectives, strategy and overall risk appetite.
3. Board members should familiarize themselves with liquidity risk and how it is managed. At least one board member should have a detailed understanding of liquidity risk management.
4. Senior management is to develop strategies, policies and practices to manage liquidity risk in accordance with the board of directors' approved risk tolerance and ensure that the bank maintains sufficient liquidity.
  
  The bank's liquidity management strategy should be continuously reviewed and compliance should be reported to the board of directors on a regular basis.
5. A bank must incorporate liquidity costs, benefits and risks into the product pricing and approval process for all significant business activities.
6. A bank must have sound processes and systems for identifying, measuring, monitoring and controlling liquidity risk in a timely and accurate manner.
7. A bank must establish a forward-looking funding strategy that provides effective diversification in the sources and tenor of funding.
8. A bank must establish a liquidity risk management framework including limits, warning indicators, communication and escalation procedures. The framework should be shared with the Central Bank upon request.
9. A bank must conduct its own internal liquidity stress tests on a regular basis for a variety of institution specific and market wide stress scenarios (individually and in combination). The scenarios should be based on the individual bank specific circumstances and business model.
  
  A bank should use its internal stress testing outcomes to adjust its liquidity risk management strategies, policies and position and develop effective contingency funding plans.
  The scenarios and results of the stress tests should be shared with the Board of Directors on a regular basis and the Central Bank upon request.
10. A bank must have a formal contingency funding plan (CFP) that clearly sets out the strategies for addressing liquidity shortfalls in emergency situations. The CFP should be shared with the Central Bank upon request.
11. A bank must maintain an adequate cushion of unencumbered, high quality liquid assets to be held as insurance against a range of liquidity stress scenarios.
12. A bank is required to develop a transfer-pricing framework to reflect the actual cost of funding. The sophistication of the framework should be commensurate with the bank’s liquidity risk tolerance and complexity.

Article (3): Quantitative Requirements
A minimum level of liquid assets should be held at banks to ensure their ability to sustain a short term liquidity stress (both bank specific and market wide).
Banks should also structure their funding profile to limit the impact of long term market disruptions and avoid cliff effects (A large amount of liabilities maturing at the same time).
To achieve these two objectives, the Central Bank requires banks to comply with the following ratios, at all times;
1. The Eligible Liquid Assets Ratio (ELAR); or
2. The Liquidity Coverage Ratio (LCR) - following approval from the Central Bank.
  
  The transition to the LCR ratio will take effect from 1 January 2016. Banks must demonstrate that both the qualitative and quantitative measures have been adequately addressed before adoption of the LCR ratio.
  All banks approved to move to the LCR are expected to implement the LCR by the final Basel III implementation date of 1 January 2019.
3. Banks approved to move onto the LCR will also be required to comply with the Net Stable Funding Ratio (NSFR) when this ratio comes into effect by 1 January 2018.
The Central Bank will set up a liquidity task force to ensure a smooth implementation of the LCR and NSFR. The team will visit banks and request a "road map" with clear milestones explaining how the bank will meet the LCR and the NSFR by their respective due dates. The team will then assess the plan and provide guidance. The team will also monitor the progress of the bank against its internally set milestones.

Article (4) Eligible Liquid Assets Ratio (ELAR)
Banks are required to hold an amount equivalent to the specified percentage set by the Central Bank of their total liabilities in eligible liquid assets, consisting of the following items:
- Account balances at the Central Bank.
- Physical cash at the bank.
- Central Bank Certificates of Deposit (CDs).
- UAE Federal Government bonds and Sukuk.
- Reserve requirements.
- UAE local governments and public sector entities publicly traded debt securities, provided they are assigned a 0% risk weighting under Basel II standardized approach (limited to 20% of eligible liquid assets).
- Foreign, Sovereign debt instruments or instruments issued by their respective central banks, which receive 0% Risk Weight under Basel II Standardized approach (limited to 15% of eligible liquid assets).
This ratio will become effective on 1 July 2015. The initial compliance level for this ratio is set at 10 percent. The Central Bank will periodically review this ratio to ensure consistency between banks in the application of liquidity requirements in the UAE.

Article (5): Liquidity Coverage Ratio (LCR) (Effective Transition From 1 January 2016 for Approved Banks)
The LCR is taken from Basel III requirements. It represents a 30 day stress scenario with combined assumptions covering both bank specific and market wide stresses that the bank should be able to survive using a stock of high quality liquid assets.
The LCR requires that banks should always be able to cover the net cash outflow with high quality liquid assets.

The Basel III accord requires that the minimum LCR is 100%, starting on 1 January 2015 with 60% minimum coverage and increasing by 10% each year to reach 100% by 1 January 2019.
High quality liquid assets are separated into two categories - Level 1 and Level 2. The composition of Level 1 and Level 2 high quality liquid assets and ‘run off rates’ for cash outflows will be based on the definitions and conditions contained in the document "Basel III: The Liquidity Coverage Ratio and liquidity risk monitoring tools" - issued in January 2013.
The full details of the level 1 and level 2 high quality liquid assets and cash outflows that will apply for the LCR will be contained the Guidance Manual, which is required to be published under Article (10) of these Regulations, taking account of international and local regulatory developments and local market practices.

Article (6): Net Stable Funding Ratio (NSFR) (Effective 1 January 2018 for Approved Banks)
This is a structural ratio that aims to ensure that long term assets on the banks’ balance sheets are funded using a sufficient amount of stable liabilities. It also requires an amount of stable funding to cover a portion of the contingent liabilities. The NSFR mirrors the Basel III standard.
The NSFR identifies the key uses of funds and the different types of funding sources used by banks. It assigns Available Stable Funding (ASF) factors to the sources of funds and Required Stable Funding (RSF) (usage) factors to asset classes and the off balance sheet contingent exposures.
The assigned ASF factor depends on the term of funding and the perceived stability of the funding source. The assigned RSF factor will depend on the liquidity of the asset being funded under a market wide stress. Both factors will follow the Basel III NSFR standard.
Under Article (10) below, the Banking Supervision Department within the Central Bank is required, to issue a Guidance Manual that specifies the stability factors to be assigned to funding sources and the required stable funding (Usage) factors of various asset classes.
The Loans to Stable Resources Ratio specified in Circular No. 394 dated 12/07/1986 shall continue to apply, except for those banks approved to move to the NSFR.

Article (7): Reporting Requirements
The frequency and scope of reporting requirements under the ELAR and LCR will be set out in the Guidance Manual.
From time to time, banks will be required to complete a liquidity report to enable the Central Bank to monitor effectively the liquidity positions at banks and to take appropriate and timely action at early signs of a liquidity stress.
The report should be based on contractual data with no behavioral assumptions made.
The Central Bank will apply homogeneous assumptions to the data to perform its liquidity analysis on both micro and macro prudential levels.
Banks are required to use the liquidity reporting templates mentioned in the Guidance Manual, to be issued afterward.

Article (8): Commencement of these Regulations
The Eligible Liquid Assets Ratio (ELAR) will take effect from 1 July 2015.
The Qualitative Requirements of these Regulations also take effect from 1 July 2015.
The transition phase for the Liquidity Coverage Ratio (LCR) will commence on 1 January 2016 for those banks approved to move to this ratio.
The transition phase for the Net Stable Funding Ratio (NSFR) will also commence on 1 January 2016 for those banks approved to move to this ratio. Approved banks will be required to comply with the NSFR from 1 January 2018.

Article (9): Cancellation of Previous Regulations
Circular No. 30/2012 dated 12/7/2012, regarding Liquidity Regulations at Banks is withdrawn from the date these Regulations become effective.

Article (10): Guidance Manual
The Central Bank will issue a Guidance Manual on compliance with the Eligible Liquid Assets Ratio (ELAR), Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR).
The Guidance Manual will also include definitions and assumptions for the LCR and NSFR calculation which will follow the standards set out in Basel III.
The Guidance Manual will also include liquidity reporting templates and a more detailed explanation of what is expected from banks under the qualitative rules.
The manual will be updated with any changes to Basel III liquidity standards that might take place between the date of these Regulations and the respective implementation date.

Article (11): Interpretation
Reference shall be made to the Regulatory Development Division of the Central Bank for interpretation of these Regulations, and this interpretation shall be final.

Article (12): Notification and Publication
These Regulations shall be communicated to all concerned parties for implementation as per the phases specified in Article (8) of these Regulations and shall be published in the Official Gazette in both Arabic and English.
Yours faithfully,,,

Guidance Manual for Circular Number 33/2015 Liquidity Regulations at Banks
C 33/2015 GUI Effective from 1/12/2015

Introduction and Overview
This manual explains how banks can comply with the requirements of Circular Number 33/2015 - Regulations re Liquidity at Banks. It must be read in conjunction with these Regulations.
Banks fulfill an important role in the economy by providing maturity transformation (borrow short term and lend long term). The aim of these liquidity regulations is to ensure that banks have a robust liquidity risk management and governance process in place to mitigate this imbalance.
It also ensures that banks are holding sufficient liquid assets to withstand a liquidity stress for a reasonable period of time.
This manual follows the structure of the Regulations and is set out in three parts:
1. 1) Qualitative requirements;
2. 2) Quantitative requirements;
  1. A – Eligible Liquid Assets Ratio (ELAR)
  2. B – Advances to Stable Resources Ratio (ASRR)
  3. C – Liquidity Coverage Ratio (LCR)
  4. D – Net Stable Funding Ratio (NSFR)
3. 3) Reporting requirements
These three parts cover the key requirements of liquidity risk management and governance in banks and form the basis of the regulations.
Note this Manual will remain a working document and under constant review throughout the period of the LCR transition period.

1. Qualitative Requirements
The manual addresses each of the qualitative requirements contained in the regulations and emphasizes the key focus of the Central Bank in its on and off site examination of banks.
The qualitative rules come into force on 1 July 2015. Any bank that expects to be in breach of the regulation when the regulation commences should approach the Central Bank to discuss a remediation plan. Breaches will be dealt with on case by case basis. The Central Bank will apply proportionality in determining the suitability of some of the more complex requirements for smaller banks.
Those banks that are aspiring to be Basel III approved will not have proportionality applied in relation to qualitative requirements, given such banks are expected to comply with all of the qualitative requirements before they can be considered for approval.

2. Quantitative Requirements
The quantitative requirements come into force on 1 July 2015.
Banks that apply and are approved to be assessed under the Basel III requirements cannot elect to revert to the ELAR regulatory framework and once approved must comply with both the LCR and the NSFR when they become effective - i.e. on 1 January 2016 and 1 January 2018 respectively.
There are four ratios under quantitative requirements (see below), two of which are provided by the Basel Committee on Banking Supervision (BCBS) in what is commonly called the Basel III framework. The Liquidity Coverage Ratio (LCR) is fully described in their publication 'Basel III: The Liquidity Coverage ratio and liquidity risk monitoring tools' dated January 2013. The Net Stable Funding Ratio (NSFR) is fully described in their publication ‘Basle III: the net stable funding ratio’ dated October 2014
The ratios are as follows:
A – Eligible Liquid Assets Ratio (ELAR)
This is a measure to ensure banks hold minimum buffers of liquid assets.
The ratio requires the bank to hold an amount equivalent to 10% of its total balance sheet liabilities (excluding those included in regulatory capital) in high quality liquid assets, as described in detail later in this manual.
This ratio will be periodically reassessed and if necessary adjusted to reflect the appropriate Central Bank policy as well as any recalibration necessary to keep it aligned with the LCR.
B – Advances to Stable Resources Ratio (ASRR)
The ASRR is a measure that recognizes both the actual uses as well as the likely uses of funds in terms of the contractual maturity and behavioral profile of the sources of funds available to the bank, in order to ensure that there are limited maturity mismatches and cliff effects. Central Bank reporting for BRF 7 details the requirements of the ratio.
C – Liquidity Coverage Ratio (LCR)
This is a short term (30 days) stress test that covers bank specific and market wide stresses. It is determined by the Basel III standards and will be effective from 1 January 2016 at a compliance level of 70%. Subsequent years will see a flight path of an extra 10% per year until full (100%) compliance on 1 January 2019. Those banks that are permitted to use the Basel III ratios will comply at a 70% level as at 1 January 2016, 80% level at 1 January 2017, 90% at 1 January 2018 and 100% at 1 January 2019.
The relevant section in this manual will provide the definitions and assumptions used in the LCR calibration. Most of these assumptions are taken from the Basel Committee for Banking Supervision (BCBS) document titled “Basel III: The Liquidity Coverage Ratio and liquidity risk monitoring tools “issued January 2013. The section will also provide guidance over areas where national discretion has been utilized.
This section will be updated with any changes to the Basel III liquidity framework between the date of issuance of this manual and the effective date of the Basel III standards.
D – Net Stable Funding Ratio (NSFR)
This is a structural ratio that aims to ensure that the banks have sufficient long term funding beyond the LCR’s 30 day time horizon to meet both the funding of its long term assets and the funding of a portion of contingent liability drawdowns under a period of market wide stress.
Like the LCR, the relevant section of the manual will provide guidance in a local context but fundamentally the guidance is derived from the October 2014 paper from the BCBS. Any subsequent changes will be updated accordingly.
Banks approved by the Central Bank to move onto the LCR will also be required to comply with the NSFR. However, the date for compliance will be 1 January 2018 and until then banks must comply with the Advances to Stable Resources Ratio described in these guidelines.
From the date of these Regulations the ratios that all banks must comply with are the ELAR and the ASRR. Only those banks approved by the Central Bank to do so will be able to use the LCR and the NSFR for regulatory compliance.

3. Reporting Requirements
All banks are required to report their liquidity position to the Central Bank in accordance with ELAR and ASRR reporting requirements as issued by the Central Bank.
Those banks approved to move to the Basel III liquidity standards (LCR and NSFR) will be required to report their liquidity position to the Central Bank in a form and manner prescribed by the Central Bank.
Banks may also be required to provide the Central Bank with ad hoc reports on liquidity as and when requested to do so.

Part One: Qualitative Requirements
1. 1) The qualitative requirements are based on the Basel Committee on Banking Supervision (BCBS) document titled “Principles for Sound Liquidity Management and Supervision" dated September 2008. We encourage banks to familiarize themselves with the content of this document.
2. 2) The Regulations requires banks to comply with 12 criteria when setting up their liquidity risk management and governance frameworks. These criteria are essential for a robust framework designed to minimize liquidity risk at banks. These criteria are discussed below in details:
3. Banks are responsible to manage their liquidity risk in a prudent manner using all available liquidity management tools at their disposal.
4. 3) A bank should establish a robust liquidity risk management framework that is well integrated into the bank-wide risk management process. A primary objective of the liquidity risk management framework should be to ensure with a high degree of confidence that the firm is in a position to both address its daily liquidity obligations and withstand a period of liquidity stress affecting its funding sources, the source of which could be bank-specific or market-wide.
5. The Board of directors bears ultimate responsibility for liquidity risk management within the bank. The board should clearly articulate liquidity risk tolerance for the bank in line with the banks objectives, strategy and overall risk appetite.
6. 4) The board of directors is ultimately responsible for the liquidity risk assumed by the bank as well as the manner in which this risk is managed and, therefore, should establish the bank’s liquidity risk tolerance.
7. 5) Liquidity risk tolerance is defined as the level of liquidity risk that the bank is willing to assume, it should be appropriate for the business strategy of the bank and its role in the financial system and should reflect the bank’s financial condition and funding capacity. The tolerance level should ensure that the firm manages its liquidity well in normal times to enable it to withstand a prolonged period of stress. There are a variety of ways in which a bank can express its risk tolerance. For example, a bank may quantify its liquidity risk tolerance in terms of the level of funding gap the bank decides to assume under normal and stressed business conditions for different maturity buckets.
8. Board members should familiarize themselves with liquidity risk and how it is managed. At least one board member should have detailed understanding of liquidity risks management.
9. 6) The board of directors, as a whole, should have a thorough understanding of the close links between funding liquidity risk (capacity to meet expected and unexpected cash flows without significant interruptions to bank’s operations and financial position) and market liquidity risk (the ability to close positions in the market at a reasonable cost). The board should also understand how other risks affect the bank’s overall liquidity risk strategy, i.e. how a tighter funding market will impact the bank’s liquidity and how other risks, if materialized, could result in a liquidity run on the bank.
10. 7) The board should have in place a system to review liquidity reports sent to it by management and identify liquidity concerns and follow up on remedial action undertaken by management. It should also ensure that senior management and appropriate personnel have the necessary expertise and systems to measure and monitor all sources of liquidity risk.
11. 8) The board should ensure that senior management translates the strategy into clear policies, controls and procedures.
12. Senior management is to develop a strategy, policies and practices to manage liquidity risk in accordance with the board of directors' approved risk tolerance and ensure that the bank maintains sufficient liquidity. The bank's strategy should be continually reviewed and compliance should be reported to the board of directors on a regular basis.
13. 9) Senior management has an integral role in liquidity risk management as it is responsible to implement the board approved risk appetite.

Strategy
1. 10) The strategy should include specific policies on liquidity management, such as:
  - • the composition of assets and liabilities;
  - • the diversity and stability of funding sources;
  - • the approach to managing liquidity in different currencies, across borders, and across business lines and legal entities;
  - • the approach to intraday liquidity management; and
  - • The assumptions on the liquidity and marketability of assets.
2. 11) The strategy should take account of liquidity needs under normal conditions as well as under periods of liquidity stress as a result of firm specific or a market wide crisis and a combination of these two. The strategy may include various high-level quantitative and qualitative targets. The board of directors should approve the strategy and critical policies and practices and review them at least annually.
3. 12) The liquidity strategy should be appropriate for the nature, scale and complexity of the bank’s activities. In formulating this strategy, the bank should take into consideration its legal structures, key business lines, the breadth and diversity of markets, products, and jurisdictions in which it operates, and the regulatory requirements it is subject to.

Policies and Processes
1. 13) Senior management should determine the structure, responsibilities and controls for managing liquidity risk and for overseeing the liquidity positions of all legal entities, branches and subsidiaries in the jurisdictions in which a bank is active, and outline these elements clearly in the bank’s liquidity policies. The structure for managing liquidity should take into consideration any legal, regulatory or operational restrictions on the transfer of funds.
2. 14) Processes should be in place to ensure that the group’s senior management is actively monitoring and quickly responding to all material developments across the group and reporting to the board of directors as appropriate.
3. 15) Senior management should have a thorough understanding of the close links between funding liquidity risk and market liquidity risk, as well as how other risks, including credit, market, operational and reputation risks affect the bank’s overall liquidity risk strategy.

Market Monitoring
1. 16) Senior management should closely monitor current trends and potential market developments that may present significant, unprecedented and complex challenges for managing liquidity risk so that they can make appropriate and timely changes to the liquidity strategy as needed.
2. 17) Senior management should define the specific procedures and approvals necessary for exceptions to policies and limits, including the escalation procedures and follow-up actions to be taken for breaches of limits.
3. 18) Senior management should present to the board regular reports on the liquidity position of the bank. The board should be informed immediately of new or emerging liquidity concerns. These include increasing funding costs or concentrations, the growing size of a funding gap, the drying up of alternative sources of liquidity, material and/or persistent breaches of limits, or a significant decline in the cushion of unencumbered, highly liquid assets. The board should ensure that senior management takes appropriate remedial actions to address the concerns.

Individuals Responsible for Liquidity Management
1. 19) The liquidity strategy, key policies for implementing the strategy, and the liquidity risk management structure should be communicated throughout the organization by senior management. All individuals within business units conducting activities that have a material impact on liquidity should be fully aware of the liquidity strategy and operate under the approved policies, procedures, limits and controls.
2. 20) Individuals responsible for liquidity risk management should maintain close links with those monitoring market conditions, as well as with other individuals with access to critical information, such as credit risk managers.
3. 21) Individuals with direct responsibility over liquidity risk management at the banks should meet the fit and proper criteria of the Central Bank including appropriate academic qualifications, good character and sound financial position.

Independent Oversight
1. 22) Senior management should ensure that operationally independent, appropriately trained and competent personnel are responsible for implementing internal controls.
2. 23) Independent oversight and verification should be performed by middle office and/or risk management staff who are capable of assessing treasury’s adherence to liquidity limits, policies and procedures.
3. 24) It is critical that personnel in independent control functions have the skills and authority to challenge information and modeling assumptions provided by business lines. When significant changes impact the effectiveness of controls and revisions or enhancements to internal controls are warranted, senior management should ensure that necessary changes are implemented in a timely manner.
4. 25) Internal audit should regularly review the implementation and effectiveness of the agreed framework for controlling liquidity risk.
5. A bank must incorporate liquidity costs, benefits and risks into the product pricing and approval process for all significant business activities.
6. 26) Senior management should appropriately incorporate liquidity costs, benefits and risks in the product pricing, and new product approval process for all significant business activities (both on- and off-balance sheet).
7. 27) This quantification of liquidity costs, benefits and risks should incorporate factors related to the anticipated holding periods of assets and liabilities, their market liquidity risk characteristics, and any other relevant factors, including the benefits from having access to relatively stable sources of funding, such as some types of retail deposits.
8. 28) The quantification and attribution of these risks should be explicit and transparent at the line management level and should include consideration of how liquidity would be affected under stressed conditions.
9. 29) Liquidity risk costs, benefits and risks should be addressed explicitly in the new product approval process.
10. Banks must have sound processes and systems for identifying, measuring, monitoring and controlling liquidity risk in a timely and accurate manner.

A. Identifying Liquidity Risk
1. 30) A bank should define and identify the liquidity risk it is exposed to in all jurisdictions in which it operates directly or through its subsidiaries, branches and related entities. A bank should evaluate each major on and off balance sheet position, including contingent exposures that may affect the bank’s sources and uses of funds, and determine how it can affect liquidity risk.
2. 31) A bank should consider the interactions between exposures to funding liquidity risk and market liquidity risk¹. A bank that obtains liquidity from capital markets and interbank markets should recognize that these sources may be more volatile than traditional retail deposits. For example, under conditions of stress, investors in money market instruments may demand higher compensation for risk, require roll over at considerably shorter maturities, or refuse to extend financing at all. Moreover, reliance on the full functioning and liquidity of financial markets may not be realistic as asset and funding markets may dry up in times of stress. Market illiquidity may make it difficult for a bank to raise funds by selling assets and thus increase the need for funding liquidity.
3. 32) A bank should ensure that assets are prudently valued according to relevant financial reporting and supervisory standards. A bank should fully factor into its risk management the consideration that valuations may deteriorate under market stress, and take this into account in assessing the feasibility and impact of asset sales during stress on its liquidity position.
4. 33) A bank should recognize and consider the strong interactions between liquidity risk and the other types of risk to which it is exposed. These include interest rate, credit, operational, legal and reputational risks, which may influence a bank’s liquidity profile. Liquidity risk often can arise from perceived or actual weaknesses, failures or problems in the management of other types of risk. A bank should identify events that could have an impact on market and public perceptions about its soundness, particularly in wholesale markets.
¹ See paragraph 6 for definitions of funding liquidity risk and market liquidity risk.

B. Measurement of Liquidity Risk
1. 34) Liquidity measurement involves assessing a bank’s cash inflows against its outflows and the liquidity value of its assets to identify the potential for future net funding shortfalls. A bank should be able to measure and forecast its prospective cash flows for assets, liabilities, off-balance sheet commitments and derivatives over a variety of time horizons, under normal conditions and under a range of stress scenarios, including scenarios of severe stress. It should also consider funding needs in currencies in which the bank is active and liquidity needs arising from correspondent banking and settlement activities. Below is an overview of what is expected under the above mentioned risk drivers.
2. Future cash flows of assets and liabilities
3. 35) A bank should have a robust liquidity risk management framework providing prospective, dynamic cash flow forecasts that include assumptions on the likely behavioral responses of key counterparties to changes in conditions and are carried out at a sufficiently granular level. A bank should make realistic assumptions about its future liquidity needs for both the short- and long-term that reflect the complexities of its underlying businesses, products and markets. The Central Bank reporting format attached to this manual can provide a good starting point.
4. 36) A bank should analyze the quality of assets that could be used as collateral, in order to assess their potential for providing secured funding in stressed conditions. A bank should also manage the timing of incoming flows in relation to known outgoing sources in order to obtain an appropriate maturity distribution for its sources and uses of funds.
5. 37) In estimating the cash flows arising from its liabilities, a bank should assess the “stickiness” of its funding sources. In particular, for large wholesale funds providers, both secured and unsecured, a bank should assess the likelihood of roll-over of funding lines and how the r fund providers are likely to behave under stress - and therefore consider the possibility that secured and unsecured funding might dry up in times of stress. For secured funding with overnight maturity, a bank should not assume that the funding will automatically roll over. In addition, a bank should assess the availability of term funding back up facilities and the circumstances under which they can be utilized. In assessing the ‘stickiness’ of retail deposits a bank should also consider factors such as size, interest-rate sensitivity, geographical location of depositors and the deposit channel (e.g. short term high interest rate promotion).
6. 38) Regarding the time horizons over which to identify measure, monitor and control liquidity risk, a bank should ensure that its liquidity risk management practices integrate and consider a variety of factors. These include vulnerabilities to changes in liquidity needs and funding capacity on an intraday basis; day-to-day liquidity needs and funding capacity over short and medium-term horizons up to one year; longer-term liquidity needs over one year; and vulnerabilities to events, activities and strategies that can put a significant strain on internal cash generation capability.
7. Sources of contingent liquidity demand
8. 39) A bank should identify measure, monitor and control potential cash flows relating to off-balance sheet commitments and other contingent liabilities. This should include a robust framework for projecting the potential consequences of undrawn commitments being drawn, considering the nature of the commitment and credit worthiness of the counterparty, as well as exposures to business and geographical sectors, as counterparties in the same sectors may be affected by stress at the same time.
9. 40) For banks engaged in securitization activities, they should monitor the existence of recourse provisions in asset sales, the extension of liquidity facilities to securitization vehicles and the early amortization triggers of certain asset securitization transactions. Banks should also consider the nature and size of the bank’s potential non-contractual “obligations”, where the support provided to securitization and conduit programmes is critical to maintaining ongoing access to funding and the bank reputation in the market.
10. 41) A bank should incorporate cash flows related to the re-pricing, exercise or maturity of financial derivatives contracts in its liquidity risk analysis, including the potential for counterparties to demand additional collateral in an event such as a decline in the bank’s credit rating or creditworthiness or a decline in the price of the underlying asset.
11. Guarantees and commitments
12. 42) Undrawn loan commitments, letters of credit and financial guarantees represent a potentially significant drain of funds for a bank. A bank may be able to ascertain a "normal" level of cash outflows under routine conditions, and then estimate the scope for an increase in these flows during periods of stress. For example, an episode of financial market stress may trigger a substantial increase in the amount of draw-downs of letters of credit provided by the bank to its customers. Similarly, liquidity issues can arise when a bank relies on committed lines of credit provided by others.
13. Currencies in which a bank is active
14. 43) A bank should assess its aggregate foreign currency liquidity needs and determine acceptable currency mismatches. A bank should undertake a separate analysis of its strategy for each currency in which it has significant activity, considering potential constraints in times of stress. The size of foreign currency mismatches should take into account: (a) the bank’s ability to raise funds in foreign currency markets; (b) the likely extent of foreign currency back-up facilities available in its domestic market; (c) the ability to transfer a liquidity surplus from one currency to another, and across jurisdictions and legal entities; and (d) the likely convertibility of currencies in which the bank is active, including the potential for impairment or complete closure of foreign exchange swap markets for particular currency pairs.
15. 44) A bank should be aware of, and have the capacity to manage, liquidity risk exposures arising from the use of foreign currency deposits and short-term credit lines to fund domestic currency assets as well as the funding of foreign currency assets with domestic currency. A bank should take account of the risks of sudden changes in foreign exchange rates or market liquidity, or both, which could sharply widen liquidity mismatches and alter the effectiveness of foreign exchange hedges and hedging strategies.
16. Correspondent, custody and settlement activities
17. 45) Where relevant, a bank should understand and have the capacity to manage correspondent, custodian and settlement bank services and how they can affect its cash flows. Given that the gross value of customers’ payment traffic (inflows and outflows) can be very large, unexpected changes in these flows can result in large net deposits, withdrawals or line-of credit draw-downs that impact the overall liquidity position of the correspondent or custodian bank, both on an intraday and overnight basis. A bank also should understand and have the capacity to manage the potential liquidity needs it would face as a result of the failure-to-settle procedures of payment and settlement systems in which it is a direct participant.

C. Measurement Tools
1. 46) A bank should employ a range of customized internal measurement tools, or metrics, as there is no single metric that can comprehensively quantify liquidity risk. To obtain a forward looking view of liquidity risk exposures, a bank should use metrics that assess the structure of the balance sheet (e.g. by source and tenor of funding and liquid assets composition) as well as metrics that project cash flows and future liquidity positions, taking into account off-balance sheet risks (liquidity gap reports). These metrics should span vulnerabilities across business-as-usual and stressed conditions over various time horizons.
2. 47) Under business-as usual conditions, the report should identify needs that may arise from projected outflows relative to routine sources of funding. Under stress conditions, the reports should be able to identify funding gaps at various horizons, and in turn serve as a basis for liquidity risk limits and early warning indicators.
3. 48) The scenarios for the reports can be based on assumptions of the future behavior of assets, liabilities and off-balance sheet items, and then used to calculate the cumulative net excess or shortfall over the time frame for the liquidity assessment. Measurement should be performed over incremental time periods to identify projected and contingent flows taking into account the underlying assumptions associated with potential changes in cash flows of assets and liabilities.
4. 49) Management should tailor the measurement and analysis of liquidity risk to the bank’s business mix, complexity and risk profile.
5. 50) A bank should take steps to ensure that its assumptions are reasonable and appropriate, documented and periodically reviewed and approved. They should also be updated in-line with changes observed in the market.

D. Monitoring System
1. 51) A bank should have a reliable management information system designed to provide the board of directors, senior management and other appropriate personnel with timely and forward-looking information on the liquidity position of the bank.
2. 52) The management information system should have the ability to calculate liquidity positions in all of the currencies in which the bank conducts business – both on a subsidiary/branch basis in all jurisdictions in which the bank is active and on an aggregate group basis. It should capture all sources of liquidity risk, including contingent risks and the related triggers and those arising from new activities, and have the ability to deliver more granular and time sensitive information during stress events.
3. 53) To effectively manage and monitor its net funding requirements, a bank should have the ability to calculate liquidity positions on an intraday basis, on a day-to-day basis for the shorter time horizons, and over a series of more distant time periods thereafter. The management information system should be used in day-to-day liquidity risk management to monitor compliance with the bank’s established policies, procedures and limits.
4. 54) To facilitate liquidity risk monitoring, senior management should agree on a set of reporting criteria, specifying the scope, manner and frequency of reporting for various recipients (such as the board, senior management, and asset – liability committee) and the parties responsible for preparing the reports.
5. 55) Reporting of risk measures should be done on a frequent basis (e.g. daily reporting for those responsible for managing liquidity risk, and at each board meeting during normal times, with reporting increasing in times of stress) and should compare current liquidity exposures to established limits to identify any emerging pressures and limit breaches.
6. A bank must establish a forward-looking funding strategy that provides effective diversification in the sources and tenor of funding.
7. 56) A bank should diversify available funding sources in the short-, medium- and long term. Diversification targets should be part of the medium- to long-term funding plans and is aligned with the budgeting and business planning process.
8. 57) Funding plans should take into account correlations between sources of funds and market conditions. The desired diversification should also include limits by counterparty, secured versus unsecured market funding, instrument type, tenor, securitization vehicle, currency, and geographic market. As a general liquidity management practice, banks should limit concentration in any one particular funding source or tenor.
9. 58) For institutions active in multiple currencies, access to diverse sources of liquidity in each currency is required, since banks are not always able to swap liquidity easily from one currency to another.
10. 59) Senior management should be aware of the composition, characteristics and diversification of the bank’s assets and funding sources. Senior management should regularly review the funding strategy in light of any changes in the internal or external environments.
11. 60) An essential component of ensuring funding diversity is maintaining market access. Market access is critical for effective liquidity risk management, as it affects both the ability to raise new funds and to liquidate assets. Senior management should ensure that market access is being actively managed, monitored and tested by the appropriate staff.
12. 61) Managing market access can include developing markets for asset sales or strengthening arrangements under which a bank can borrow on a secured or unsecured basis. A bank should maintain an active presence within markets relevant to its funding strategy. This requires an ongoing commitment and investment in adequate and appropriate infrastructures, processes and information collection.
13. 62) A bank should not assume it can access markets in a timely manner for which it has not established the necessary systems or documentation, or where these arrangements have not been periodically utilized or the bank has not confirmed that willing counterparties are in place.
14. 63) A bank should have full knowledge of the legal framework governing potential asset sales, and ensure that documentation is reliable and legally robust.
15. 64) A bank should identify and build strong relationships with current and potential investors. The frequency of contact and the frequency of use of a funding source are two possible indicators of the strength of a funding relationship. A bank should also establish and maintain a relationship with the Central Bank.
16. 65) A bank needs to identify alternative sources of funding that strengthen its capacity to withstand a variety of severe yet plausible institution-specific and market-wide liquidity shocks. Depending on the nature, severity and duration of the liquidity shock, potential sources of funding include the following:
  - • Deposit growth.
  - • The lengthening of maturities of liabilities.
  - • New issues of short- and long-term debt instruments.
  - • Intra-group fund transfers, new capital issues, the sale of subsidiaries or lines of business.
  - • Asset securitization.
  - • The sale or repo of unencumbered, highly liquid assets.
  - • Drawing-down committed facilities.
  - • Borrowing from the central bank’s marginal lending facilities.
17. A Bank must establish a liquidity risk management framework including limits, warning indicators, communication and escalation procedures.

Setting up Limits
1. 66) A bank should set limits to control its liquidity risk exposure and vulnerabilities. A bank should regularly review such limits and corresponding escalation procedures. Limits should be relevant to the business in terms of its location, complexity, and nature of products, currencies and markets served.
2. 67) Limits should be used for managing day-to-day liquidity within and across lines of business and legal entities under “normal” conditions. The limit framework should also include measures aimed at ensuring that the bank can continue to operate in a period of market stress, bank-specific stress and a combination of the two.
3. 68) For example a commonly used simple limit is the size of cumulative net cash outflow (based on board approved assumptions) and covers various time horizons. The limit may also include estimates of outflows resulting from the drawdown of commitments or other obligations of the bank.

Early Warning Indicators
1. 69) A bank should design a set of indicators to aid this process to identify the emergence of increased risk or vulnerabilities in its liquidity risk position or potential funding needs. Such early warning indicators should identify any negative trend and cause an assessment and potential response by management in order to mitigate the bank’s exposure to the emerging risk.
2. 70) Early warning indicators can be qualitative or quantitative in nature and may include but are not limited to:
  - • Rapid asset growth, especially when funded with potentially volatile liabilities.
  - • Growing concentrations in assets or liabilities.
  - • Increases in currency mismatches.
  - • A decrease of weighted average maturity of liabilities.
  - • Repeated incidents of positions approaching or breaching internal or regulator limits.
  - • Negative trends or heightened risk associated with a particular product line, such as rising delinquencies.
  - • Significant deterioration in the bank’s earnings, asset quality, and financial condition.
  - • Negative publicity.
  - • A credit rating downgrade.
  - • Stock price declines or rising debt costs.
  - • Widening debt or credit-default-swap spreads.
  - • Rising wholesale or retail funding costs.
  - • Counterparties that begin requesting or request additional collateral for credit.
  - • Correspondent banks that eliminate or decrease their credit lines.
  - • Increasing retail deposit outflows.
  - • Increasing redemptions of CDs before maturity.
  - • Difficulty accessing longer-term funding.
3. 71) Early warning indicators should be closely monitored by senior management on a regular basis. Limits and analysis of the indicators above should be reviewed and breaches/emerging trends should be escalated up to the board committees or the full board if significant enough.
4. 72) Clear procedures and escalation criteria should be put in place based on the warning indicators; these include the circumstances where the Contingency Funding Plan (CFP) should be invoked.
5. A bank must conduct its own internal stress tests on a regular basis for a variety of institution specific and market wide stress scenarios (individually and in combination). The scenarios should be based on the individual bank specific circumstances and business model.
6. 73) While a bank typically manages liquidity under “normal” circumstances, it should also be prepared to manage liquidity under stressed conditions. A bank should perform stress tests or scenario analyses on a regular basis in order to identify and quantify its exposures to possible future liquidity stresses, analyzing possible impacts on the institution’s cash flows, liquidity position, profitability and solvency.
7. Stress testing process
8. 74) Tests should be :
  - • Test should be done on individual entity basis, group basis and business lines.
  - • Tests should consider the implication of the scenarios across different time horizons, including on an intraday basis.
  - • The extent and frequency of testing should be commensurate with the size of the bank and its liquidity risk exposures.
  - • Banks should build in the capability to increase the frequency of tests in special circumstances, such as in volatile market conditions or at the request of the Central Bank.
  - • Senior management should be actively involved in the stress test demanding rigorous assumptions and challenging the results.
  - • The board should be informed of the stress testing results and should be able to challenge outcomes, assumptions and actions taken on the basis of the tests.

Scenarios and Assumptions
1. 75) Banks should take into account the nature of the bank’s business, activities and vulnerabilities in designing stress scenarios. The scenarios should incorporate the major funding and market liquidity risks to which the bank is exposed. These include risks associated with its business activities, products (including complex financial instruments and off-balance sheet items) and funding sources. The defined scenarios should allow the bank to evaluate the potential adverse impact these factors can have on its liquidity position. Regardless of how strong its current liquidity situation appears to be, a bank should consider the potential impact of severe stress scenarios.
2. 76) Historical data and past experiences in addition to sound judgment should be used in the scenarios. A bank should consider short-term and long term stresses as well as institution-specific and market-wide scenarios and a combination of both in the stress tests scenarios. The stress test scenarios should consider the following:
  - • A simultaneous drying up of market liquidity in several previously highly liquid markets (inter-bank money markets, non UAE funding markets, securitization).
  - • Severe constraints in accessing secured and unsecured wholesale funding;
  - • The run-off of retail funding
  - • Contingent claims and more specifically, potential draws on committed lines extended to third parties or the bank's subsidiaries, branches or head office and the liquidity absorbed by off-balance activities.
  - • Severe operational or settlement disruptions affecting one or more payment or settlement systems.
  - • Take into account the link between reductions in market liquidity and constraints on funding liquidity. This is particularly important for banks with significant market share in, or heavy reliance upon, specific funding markets.
  - • A bank should also consider the results of stress tests performed for various other risk types and consider possible interactions between liquidity risk and these other types of risk (e.g. capital stress tests).
  - • Tests should reflect accurate time-frames for the settlement cycles of assets that might be liquidated (i.e. time to receive the sale proceeds).
  - • If a bank relies upon liquidity outflows from one system to meet obligations in another, it should consider the risk that operational or settlement disruptions might prevent or delay expected flows across systems. This is particularly relevant for firms relying upon intra-group transfers or centralized liquidity management.
  - • Additional margin calls and collateral requirements.
  - • The availability of contingent lines extended to the bank.
  - • The impact of credit rating triggers.
  - • The access to Central Bank facilities.
  - • The potential reputational impact when executing contingency /remedial action.
  - • Estimates of future balance sheet growth.
  - • A bank should consider the likely behavioral response of other market participants (similar response to market stress might amplify market strain).
  - • A bank should consider the likely impact of its own behavior on other market participants.
  - • Where a bank uses a correspondent or custodian to conduct settlement, the analysis should include the impact of those agents restricting their provision of intraday credit.
3. The scenario design should be subject to regular reviews to ensure that the nature and severity of the tested scenarios remain appropriate and relevant to the bank.

Utilization of Results
1. 77) Senior management should review stress test scenarios and assumptions as well as the results of the stress tests. The bank’s choice of scenarios and related assumptions should be well documented and reviewed together with the stress test results. Stress test results and vulnerabilities and any resulting actions should be reported to and discussed with the board and the Central Bank.
2. 78) Senior management should integrate the results of the stress testing process into the bank’s strategic planning process (e.g. bank management could adjust its asset-liability composition) and the firm's day-to-day risk management practices (e.g. through monitoring sensitive cash flows or reducing concentration limits). The results of the stress tests should be explicitly considered in the setting of internal limits.
3. 79) Senior management should decide how to incorporate the results of stress tests in assessing and planning for related potential funding shortfalls in the institution's contingency funding plan. To the extent that projected funding deficits are larger than (or projected funding surpluses are smaller than) implied by the bank’s liquidity risk tolerance, management should consider whether to adjust its liquidity position or to bolster the bank’s contingency plan in consultation with the board.
4. A bank must have a formal contingency funding plan (CFP) that clearly sets out the strategies for addressing liquidity shortfalls in emergency situations.
5. 80) A bank should put in place plans for responding to severe disruptions to its ability to fund some or all of its activities in a timely manner and at a reasonable cost.
  CFPs should have the following characteristics.
  - • Be commensurate with a bank’s complexity, risk profile, scope of operations and role in the financial systems in which the bank operates.
  - • Include a clear description of a diversified set of contingency measures for preserving liquidity and making up cash flow shortfalls in various adverse situations.
  - • CFP should articulate available potential contingency funding sources and the amount of funds a bank estimates can be derived from these sources; clear escalation/prioritization procedures detailing when and how each of the actions can and should be activated; and the lead time needed to tap additional funds from each of the contingency sources.
  - • The CFP's design, plans and procedures should be closely integrated with the firm’s ongoing analysis of liquidity risk and with the results of the scenarios and assumptions used in stress tests (requirement 9).
  - • CFPs should prepare the bank to manage a range of scenarios of severe liquidity stress that include both firm-specific and more generalized market-wide stress, as well as the potential interaction between them.
  - • The plan should include a diversified menu of options in order for management to have an overview of the potentially available contingency measures. Banks should also examine the time periods for which measures can be carried out under various assumptions and stresses.
  - • CFPs should contain clear specification of roles and responsibilities, including the authority to invoke the CFP.
  - • The establishment of a formal "crisis team" should facilitate internal coordination and decision-making during a liquidity crisis; names and contact details of members of the team responsible for implementing the CFP and the locations of team members; and the designation of alternates for key roles should also be clearly stated.
  - • To facilitate the timely response needed to manage disruptions, the plan should set out a clear decision-making process on what actions to take at what time, who can take them, and what issues need to be escalated to more senior levels in the bank.
  - • The plan should explicitly set out the procedures to deliver effective internal coordination and communication across the bank’s different business lines and locations. It should also address when and how to contact external parties, the Central Bank, stakeholders, market participants, and the media.
  - • A bank’s CFP (as well as the bank's day-to-day liquidity risk management) should reflect Central Bank lending programmes and collateral requirements.
  - • The plan should be reviewed and tested regularly to ensure their effectiveness and operational feasibility timely action should be taken by management to remedy any issue identified. Key aspects of this testing include:
    - ▪ ensuring that roles and responsibilities are appropriate and understood,
    - ▪ confirming that contact information is up to date,
    - ▪ proving the transferability of cash and collateral,
    - ▪ reviewing that the necessary legal and operational documentation is in place to execute the plan at short notice,
    - ▪ The ability to sell or repo certain assets or periodically draw down credit lines.
  - • Senior management should review and update the CFP at least every year for the board’s approval, or more often as business or market circumstances change.
  - • The CFP should be consistent with the bank’s business continuity plans and should be operational under situations where business continuity arrangements have been invoked.
6. A Bank must maintain a cushion of unencumbered, high quality liquid assets to be held as insurance against a range of liquidity stress scenarios.
7. 81) Although the predefined stress test in the LCR will result in a regulatory liquid asset requirement to be held by the bank to cover the stressed outflows, the bank should assess the need for holding liquid assets that can be sold or pledged to obtain funds in a range of stress scenarios beyond the regulatory minimum established by the LCR.
8. 82) The internal stress testing referred to in requirement 9 above should be used to determine the size and composition of the liquid asset pool required to maintain sufficient resilience to unexpected stress while the bank continues to meet its daily payment and settlement obligations on a timely basis for the duration of the stress.
9. 83) The liquidity cushion should include cash and high quality government bonds or similar instruments, to guard against the most severe stress scenarios. For insuring against less intense, but longer duration stress events, a bank may choose to widen the composition of the cushion to hold other unencumbered liquid assets which are marketable.
10. 84) A bank should be realistic about how much cash it will be able to obtain from the Central Bank against eligible assets. Moreover, a bank should not rely on the Central Bank altering the amount of or the terms on which it provides liquidity.
11. Banks are required to develop a transfer-pricing framework to reflect the actual cost of funding.
12. 85) Senior management should appropriately incorporate liquidity costs, benefits and risks in the internal pricing and performance measurement for all significant business activities (both on- and off-balance sheet). The sophistication of the transfer pricing framework should be in line with the bank level of sophistication and business complexity.
13. 86) These costs, benefits and risks should then be explicitly attributed to the relevant activity so that line management incentives are consistent with and reinforce the overarching liquidity risk tolerance and strategy of the bank, with a liquidity charge assigned as appropriate to positions, portfolios, or individual transactions.
14. 87) This assignment of liquidity costs, benefits and risks should incorporate factors related to the anticipated holding periods of assets and liabilities, their market liquidity risk characteristics, and any other relevant factors, including the benefits from having access to relatively stable sources of funding, such as some types of retail deposits.
15. 88) The quantification and attribution of these risks should be explicit and transparent at the line management level and should include consideration of how liquidity would be affected under stressed conditions.
16. 89) The analytical framework should be reviewed as appropriate to reflect changing business and financial market conditions and so maintain the appropriate alignment of incentives.

Part Two: Quantitative Requirements

A. Eligible Liquid Assets Ratio (ELAR)
This is a ratio all banks must comply with. Eligibility is limited as follows:
1. a. Account balances at the Central Bank
2. b. Physical cash at the bank
3. c. Central Bank CDs
4. d. UAE Federal Government bonds and sukuks
5. e. Reserve requirements
6. f. UAE local government and PSE’s publicly traded debt securities that are assigned 0% credit risk weighting under Basel II Standardized approach (limited to a maximum of 20% of eligible liquid assets)
7. g. Foreign, Sovereign debt instruments or instruments issued by their central banks, also multilateral development banks all of which receive 0% credit risk weighting under Basel II Standardized approach (limited to a maximum of 15% of eligible liquid assets)
Banks must hold an amount equivalent to at least 10% (or some other percentage as set by the Central Bank) of their total on balance sheet liabilities at all times in the above assets. This ratio will be subject to upward revisions from time to time either as a result of Central Bank policy or as a result of a recalibration exercise when assessing the impact of the LCR.

B. Advances to Stable Resources Ratio (ASRR)
This measure detailed in the current Central Bank reporting (BRF7) continues to be in effect until an individual bank is permitted to apply the NSFR under the Basel III rules.
The NSFR will come into effect on 1 January 2018.In the meantime all banks must comply with the ASRR.

C. Liquidity Coverage Ratio (LCR)
1. 90) The LCR ratio comes directly from the BCBS recommendations mentioned at the beginning of this manual. It is therefore recommended that banks familiarize themselves with the BCBS final recommendations on liquidity titled “Basel III: The Liquidity Coverage Ratio and liquidity risk monitoring tools' issued January 2013. This guidance manual concentrates on the more common factors that affect the liquidity of banks in the UAE. There will undoubtedly be some specific issues that will affect individual banks but are not detailed in this manual. The manual also attempts to simplify some of these factors for the sake of brevity as well as exercise national discretion where warranted and the possibility for such discretion exists. In the event that any confusion is created as a result then the BCBS document referred to above takes precedence.
2. 91) LCR is a coverage ratio of liquid assets to net cash outflows. It represents a 30 days stress scenario with combined assumptions covering both bank specific and market wide stresses. Therefore, the LCR aims to promote short-term resilience of a bank’s liquidity risk profile by ensuring that it has sufficient high-quality liquid assets to survive a significant stress scenario lasting for one month.
3. 92) The LCR assumptions are applied to contractual data representing the main liquidity risk drivers (liabilities and contingent liabilities) at banks to determine the total cash outflows within the 30 days stress period.
4. 93) Total cash inflow is also calculated based on assumptions applied to contractual inflows during the 30 day period. The total cash outflow is then reduced by the total cash inflow to arrive at the net cash outflow in 30 days. A cap on the amount of inflows that can be used to offset outflows is set at 75% of the outflows².
5. Total net cash outflows over the next 30 calendar days = Outflows – Inflows (restricted to 75% of outflows)
6. 94) Banks should always be able to cover the net cash outflow with high quality liquid assets at the minimum LCR determined by the Central Bank.
² The 75% max reduction limit is to ensure that the banks always have a net cash outflow of at least 25% which they are required to hold liquid assets against.

Current LCR and Expected Glide Path
1. 95) Compliance with the LCR will be on a glide path basis. This starts in January 2016 with a compliance level of 70% and banks are expected to be at the minimum compliance level of 100% by January 2019. The table below sets out the timetable for compliance:
Table 1 Glide Path
1 January 2016 1 January 2017 1 January 2018 1 January 2019
Minimum LCR 70% 80% 90% 100%

The Central Bank will set up a liquidity task force to ensure a smooth implementation of the LCR by its implementation date. Banks wishing to move to the Basel III liquidity framework must apply in writing to the Central Bank for approval to do so. Prior to approval, banks will be required to provide the Central Bank with suitable validation of adequate governance, systems and controls in place to demonstrate the bank’s ability to comply with the requirements of the Basel III liquidity framework in full.
The Central Bank task force team will engage closely with these banks as part of the on–boarding process. Banks must provide the Central Bank team with a “road map” setting out clear milestones explaining how the bank will meet the LCR and the NSFR by their respective due dates. The team will then assess the plan and provide guidance. The team will also monitor the progress of the bank against its internally set milestones.

High Quality Liquid Assets

96) High quality liquid assets are strictly defined in the LCR to ensure that these assets remain liquid³ under severe stress scenarios both firm specific and market wide. It is worth mentioning that the asset that is usually liquid under normal conditions might not be liquid under a severe stress scenario. Therefore, these assets must fulfill certain pre-defined criteria before they can be considered eligible, they must be:
- • traded in large, deep and active repo or cash markets characterized by a low level of concentration;
- • have a proven record as a reliable source of liquidity in the markets (repo or sale) even during stressed market conditions. Level 2A and 2B must meet a predefined test that the maximum decline of price must not exceed volatility targets over a 30 day period during a relevant period of significant liquidity stress;
- • not an obligation of a financial institution or any of its affiliated entities
97) High quality liquid assets are separated into two categories, Level 1 and Level 2 liquid assets. Level 1 liquid assets must only be those assigned a 0% risk weight under Basel II Standardized Approach for credit risk and are allowed with no haircuts and no cap applied to them. These assets are:
- • Cash at Central Bank and physical cash at the bank.
- • Reserves and account balances held at the Central Bank
- • Central Bank CDs and all debt issued or explicitly guaranteed by UAE Federal Government or Local Governments.
- • Debt issued by multilateral development banks and the IMF.
- • Foreign Sovereign or Central Bank debt or guaranteed debt receiving 0% Risk Weight under Basel II standardized approach.
- • UAE Public Sector Entities’ (PSE or GRE) debt securities which receive 0% Risk Weight under Basel II Standardized approach
Those assets that are 0% risk weighted and unrated are unlikely to have the same depth of market as those that are rated above investment grade in a stress scenario. Banks must take this into account when assessing an asset’s suitability and a liquidity premium charged. In any case, 0% risk weighted assets that are not rated cannot exceed 25% of the total Level 1 HQLA.
98) Level 2 liquid assets (comprising Level 2A and Level2B) are also classified as highly liquid assets. However, the realizable market value under a liquidity stress might be lower than the normal market value. Level 2 assets are allowed up to 40% in total of high quality liquid assets. The following assets, after being reduced by the corresponding haircuts, are eligible as Level 2A liquid assets (‘Corporate’ in this sense may include Sovereign securities).

Table 2 Level 2 A Liquid Assests

Level 2 A liquid assets	Value
Marketable securities representing claims issued or guaranteed by Sovereigns, Central Banks, PSE’s or multi-lateral development banks receiving 20% risk weight under Basel II standardized approach.	85%
Corporate bonds holding an AA- equivalent or higher long term credit rating provided it is not issued by a financial institution or any of its affiliates.	85%
Covered Bonds holding an AA- equivalent or higher long terms credit rating provided it is not issued by the bank itself or any of its affiliates	85%

Level 2B assets (subject to a 15% ceiling of the total) consist of residential mortgage backed securities, lower rated debt securities and common equity shares. The qualifying tests for these types of assets are to be strictly applied as per the Basel rules and it is unlikely that many domestic assets will qualify, if any. (‘Corporate’ in this sense may include Sovereign securities).

Table 3 Level 2B Liquid Assets

Level 2 B liquid assets	Value
Residential Mortgage Backed Securities (RMBS)	75%
Corporate bonds holding a rating of between A+ and BBB-.	50%
Common equity shares (strict qualifying conditions)	50%

99) Only unencumbered liquid assets that meet the above criteria are eligible for the LCR.
100) Banks should endeavor to hold eligible liquid assets in the currencies that match the currencies of the net cash outflow.
101) Liquid asset portfolio should be well diversified in terms of counterparties and tenor and held for the sole purpose of managing liquidity risk.
The Central Bank recognizes that given the nascent debt markets that exist in the UAE, the qualitative requirements placed by Basel around the robustness of markets that underpins the liquidity and pricing of these assets may require a less strict interpretation – except in the case of Level 2 B assets. However, banks must be able to demonstrate to the Central Bank that assets held in the LCR are liquid.
Unrated UAE domiciled GRE or PSE issuers that do not receive a 0% risk weighting can be included in Level 2A liquid assets with a 30% haircut, for the time being at least.
Given that the UAE Dirham is pegged to the US Dollar, for the sake of flexibility US$/AED currency mismatches can be offset. It should be noted though that Basel III requires that liquid assets be held in the currency of the net outflow, including both the US$ and AED individually, and banks are expected to comply where possible. However, net outflows in other GCC currencies pegged to the US$ that exceed 15% of the total LCR net outflows must be matched. Other pegged and free floating currencies must be matched if they exceed 10% of total net LCR outflows.
Where no suitable HQLA exists in the currency of the net outflow O/N placements, in that currency, with either the relevant Central Bank or a bank rated at A or better will suffice.

³ Liquidity is the ability to convert the asset immediately into cash at little or no loss in market value under a liquidity stress.

Cash Outflows
1. 102) Cash outflows are calculated by assigned run off assumptions against various liabilities both on and off balance sheet.
2. Liabilities maturing outside the 30 days stress period - 0% run off
3. 103) All liabilities that have a contractual maturity over 30 days and where the bank is not contractually obliged to pay the customer before the maturity date receive 0% run off.
4. 104) Where the bank has guaranteed payment to the customer prior to maturity upon request, the liability is treated as being contractually due immediately and is subject to the applicable run off assumptions listed below.

Retail Deposits4
1. 105) Retail deposits include both term deposits (maturity over 1 day) and current/savings/at call deposits which banks are under contractual obligation to pay immediately.
2. 106) Retail deposits are separated into stable and less stable deposits.
  
  Stable retail deposits receives 5% run off & less stable receives 10% run off
3. 107) Current retail deposits are considered stable if:
  - ▪ They are resident deposits and,
  - ▪ A relationship with the customer has been well established, for example the customer has been dealing with the bank for over 1 year; or
  - ▪ The customer uses the account for transactions such as salary being deposited in the account, paying bills and standing orders.
4. 108) Retail term deposits which are maturing within the 30 day period are classified as stable if:
  - ▪ They are resident deposits and,
  - ▪ A relationship with the customer has been well established, for example the term deposit has a history of being rolled over at maturity with the bank or the relationship has been established for over 1 year with the customer.
5. 109) No more than 60% of retail deposits maturing within 30 days can be classified as stable. This cap will only be applicable during the transition period until 1 January 2019 after which all banks are expected to be in a position to comply with the Basel III requirements in full.
6. 110) All other retail deposits that do not meet the criteria for classification as “stable” are considered less stable retail deposit and receive 10% run off factor against them.
7. 111) Deposits from small and medium size entities (SMEs)⁵ can be treated as retail deposits (and sections (107)‎ to 110)‎ apply to them), if their deposit amount is less than AED 20⁶ Million.
8. Unsecured deposits from non-financial corporates – 40% run off for Non-operational & 25% run off for operational.
9. 112) Unsecured wholesale deposits (current and term) are deposits from legal entities⁷ that are not collateralized by assets owned by the bank and are not sourced from a financial institution⁸. It includes deposits sourced from Sovereigns, Public Sector or Government Related entities. Obligations related to derivative contracts are explicitly excluded.
10. 113) It includes all funding that is callable within the 30 day horizon according to its earliest possible contractual maturity date, including those that are exercisable at the investor's discretion.
11. 114) Unsecured wholesale deposits from non-financial institutions are separated into operational and non-operational wholesale deposits. Operational wholesale deposits have one or more of the following characteristics:
  - ▪ The customer is reliant on the bank to perform payments, clearing, collections, custody, cash management (and) or payroll supported by a legally binding contractual agreement. The bank will have to prove reliance.
  - ▪ The deposits are by-products of the underlying services provided by the banking organization and not sought out in the wholesale market in the sole interest of offering interest income.
  - ▪ The deposits are held in specifically designated accounts and priced without giving an economic incentive to the customer to leave any excess funds.
12. 115) It is understood that exact segregation of operational and non-operational accounts is operationally challenging for banks. The Central Bank expects banks to use their best endeavors and sound judgment in the process. Banks must also undertake a continuous upgrading/improvement of systems and MIS to ensure that by the final implementation date of 1 January 2019 they can fully comply with the requirements of Basel III in this respect. Any deliberate manipulation of the classification will result in all wholesale deposits being classified as non-operational. For example, banks would be expected to ascertain the ‘normal’ balance in these accounts for operational purposes and exclude those balances that are in excess.
13. 116) No more than 40% of total wholesale deposits maturing in one month can be classified as operational.
  Banks who operate the LCR will be expected to adjust their liability products over time, both retail and corporate, so that they can more directly reflect the characteristics of the Basel III requirements. Once this is achieved the 40% ceiling will be lifted.
14. 117) All other deposits from legal entities, including those from SMEs in excess of AED 20 million are non-operational and attract a run-off factor of 40%.
  
  Unsecured wholesale funding from financial institutions – Operational 25% run off, Non-operational at 100% run off
15. 118) This category includes non-collateralized deposit sourced from banks, insurance companies, brokers, securities firms (and the affiliates of these companies) as well as NCDs, Bonds, MTNs, CPs and other unsecured debt instruments issued by the bank and are maturing within the 30 day stress period. These are also separated into operational and non-operational deposits depending on their characteristics.
16. 119) Operational deposits from financial institutions receive 25% run off against them and have the all following characteristics:
  - ▪ The criteria is met as prescribed above for deposits from non-financial operational accounts
  - ▪ The deposits do not arise from correspondent banking, or from the provision of prime brokerage services.
  - ▪ If the deposit placed by a bank receives a 25% run off against it, the depositing bank receives 0% inflow for it. The Central Bank will ensure this treatment is applied when conducting its onsite and offsite reviews.
17. 120) A run off factor of 100% is assigned to all non-operational financial services deposits maturing within 30 days and that do not meet the above characteristics.
⁴ Defined as deposits from individuals (natural persons)
⁵ Small and medium enterprises refer to legal entities that have an annual turnover of less than AED 75 million
⁶ The AED 20 million limit is to be determined on a relationship level.
⁷ Excludes SME deposits that fall under 111)‎
⁸ Financial institution includes banks, insurance companies, brokers and their affiliates.

Secured Wholesale Funding

121) Wholesale funding, that is secured by giving rights to an asset in insolvency, are assumed to be relatively more stable as the counterparts are likely to renew the funding upon maturity in a stress given the more secured position they enjoy.
122) It is important to note that the stability of this funding source depends on the quality of the asset pledged as collateral. The below table shows the run off assumptions applied to wholesale deposits depending on the type of Collateral used.

Table 4 Collateral for maturing wholesale funding

Collateral securing the maturing wholesale funding	Run off Factor
Level 1 Liquid Asset	0%
Level 2A Liquid Assets	15%
Transactions with sovereigns, central banks, PSEs, GREs that are not backed by Level 1 or Level 2A assets. (PSEs and GREs that receive this treatment should have a risk weight of 20% or lower under Basel II Standardized approach).	25%
Level 2B assets	50%
All other types of collateral	100%

Off Balance Sheet Facilities
Credit lines⁹ and liquidity facilities provided to retail customers - 5% draw down
1. 123) Credit lines and liquidity facilities provided to retail customers and retail SMEs (as per section 111)‎ will have 5% draw down assumption applied to the undrawn amount of the advised limit whether revocable or not.
  
  Credit lines and liquidity facilities provided to non-financial corporate customers - 10% draw down for committed credit lines and 30% for liquidity facilities
2. 124) Credit lines provided to non-financial corporate customers are assumed to draw down at 10%, liquidity facilities assume 30% draw down. This takes into account the difficulty in replacing these lines from other banks in a market wide stress and the potential actions by corporates to secure cash to ensure no interruption to their business.
  
  Credit lines and liquidity facilities to banks subject to UAE prudential supervision
3. 125) Banks should assume a 40% drawdown of the undrawn portion of these facilities.
  
  Credit lines and liquidity facilities provided to financial corporate customers - 40% draw down for committed credit lines and 100% for liquidity facilities
4. 126) Credit lines provided to other financial institutions receive 40% draw down to reflect the likelihood that they will be drawn upon in a market crisis. Similarly, liquidity facilities are assumed to be 100% fully drawn.
  
  Liquidity facilities provided to all other entities (including embedded in transactions)-100%
5. 127) A liquidity facility is defined by the BCBS as a committed undrawn back up facility put in place expressly for the purpose of refinancing debt of a customer where the customer is unable to obtain funding from the financial markets.
⁹ Credit lines include undrawn portion of overdrafts, credit cards, bill discounting facilities and other commitments to provide credit.

Letters of Guarantee, Letters of Credit and Trade Finance Facilities
1. 128) LGs and LCs that are not trade finance related will be assessed based upon the nature of the beneficiary of the guarantee and the draw down assumptions as relates to credit lines, as above, will apply. However, if by the nature of the transaction 100% of the guarantee is likely to be drawn down at once then it must be assumed to be a liquidity facility and treated accordingly.
2. 129) LCs and other trade finance facilities receive 5% draw down on the outstanding amount.

Derivative Contracts
Derivative contracts – assumed 3 notch downgrade to credit rating– 100% outflow
1. 130) Some banks might have derivative contracts that include Credit Support Annex (CSA) which requires the bank to post collateral against its MTM position depending on its credit rating.
2. 131) Banks should assume a three notch downgrade to their credit rating and determine the cash outflow required to obtain the additional collateral required under the CSA as a result of the downgrade. The cash outflow will be treated as 100% outflow in the 30 day stress period under the LCR.
  
  Derivative contracts –Net outflow under the contract within 30 days – 100% outflow
3. 132) Known amounts to be paid on derivative contracts less known amounts to be received from derivative contracts within 30 days should be included in the LCR outflows at 100%. Cash flows may be calculated on a net basis by counterparty only where a valid netting agreement exists or when the inflow and outflow occurs within the same business day. Derivative cash flows in different currencies from the same counterparty when the inflow and outflow occurs on the same business day may be offset against each other.

Cash Inflows
Cash Inflows – 100% in the normal course of business inflows with a cap of 75% of outflows
1. 133) Contractual cash inflows from assets that are expected to come in within the 30 day stress period under normal business conditions (see details below) are allowed to be included in the LCR up to 75% of cash outflows (see paragraph 93).
2. 134) Cash inflows from the principal and interest repayment of loans and advances to retail, SMEs and non-financial corporates are included at 50% cash inflow. This assumes that the bank will continue to extend new loans at 50% of the contractual inflows. However, because of the self-liquidating nature of trade finance transactions these may be included as a 100% cash inflow provided there is no obligation on the bank to extend further credit to the customer once the transaction has been settled. The bank must prove to the Central Bank’s satisfaction that it has exercised this option before applying the 100%.
3. 135) No Credit card and overdraft repayments are allowed as a cash inflow.
4. 136) Contractual cash inflows that are generated from financial institutions maturing within 30 days are assumed to be received in full (100% inflow). Similarly, all debt instruments that are maturing within the 30 day period will receive 100% cash inflow.
5. 137) No lines of credit, liquidity facilities, and contingent funding facilities given to the bank are allowed to be included in the cash flows (0% inflow).
6. 138) Derivative cash flows can be shown as 100% of all the net cash inflows. The methodology is the same as for outflows.
7. 139) No operational deposits made to financial institutions should be allowed as a cash inflow (0% cash inflow).
  
  Maturing secured lending transactions-Run offs depending on quality of collateral
8. 140) Transactions backed by Level 1 assets 0% inflow
9. 141) Transactions secured by Level 2A assets 15% inflow (0% if the collateral is used to cover a short position)
10. 142) Margin lending backed by all other collateral (including Level2B assets) 50% inflow (0% if the collateral is used to cover a short position)
11. 143) Transactions backed by other collateral 100% inflow (0% if the collateral is used to cover a short position)

D. NSFR (Net Stable Funding Ratio)
A more detailed description of the NSFR is contained in the BCBS document “Basel III: the net stable funding ratio” dated October 2014. If there is any ambiguity between this guidance manual and this document the BCBS document takes precedent. Banks are expected to meet the NSFR on an ongoing basis.
1. 144) The NSFR standard is derived from the BCBS document ‘Basel III: the net stable funding ratio’ and will come into effect on 1 January 2018. There will no requirement to comply with the standard until that date although reporting will start beforehand and only for those banks who qualify for the LCR as their liquidity ratio will be affected. It is meant to compliment the LCR by limiting the cliff effects associated with a stacking up of liability maturities within a short period of time. It is designed to ensure that banks fund their activities with sufficiently stable sources of funding to mitigate the risk of future funding stress.
2. 145) The NSFR is defined as the amount of available stable funding relative to the amount of required stable funding. This ratio should be equal to at least 100% on an ongoing basis.
3. 146) Available stable funding’ is defined as the portion of capital and liabilities expected to be reliable over a 1 year time horizon. The amount of stable funding required is a function of the liquidity characteristics and residual maturities of the various assets held by an institution including off-balance sheet exposure
4. 147) To simplify the NSFR is:

Definition of Available Stable Funding (ASF)
1. 148) The ASF is determined by assigning weighted values to various funding sources depending on the nature of the source, its contractual maturity and the propensity of funding providers to withdraw their funding. This includes such things as call options and the ability of the bank to refuse the exercising of the call. Only those proportions of the cash flow actually maturing beyond the maturity thresholds as prescribed by the ratio can be included.
2. 149) The cash flows for derivative contracts will be assessed at the replacement cost where the contract has a negative value. If a netting agreement exists then this can be taken into account and the netted position can be used. Collateral posted as variation margin can also be allowed for.
3. 150) Liabilities and capital receiving a 100% ASF factor are:
  1. a) The total amount of regulatory capital excluding the proportion of Tier 2 instruments with a residual maturity of less than one year
  2. b) Any capital instrument not included in (a) that has an effective residual maturity of one year or more (excludes those with explicit or embedded option that negates this condition)
  3. c) The total amount of secured and unsecured borrowings and liabilities with effective residual maturities of one year or more.
4. 151) Liabilities receiving a 95% ASF factor:
5. These comprise ‘stable’ demand deposits as per the LCR (paragraphs 107 and 108) as well as retail term deposits as per the LCR with residual maturities of less than one year.
6. 152) Liabilities receiving a 90% ASF factor
7. These comprise ‘less stable’ demand deposits as defined in the LCR (paragraph 109) as well as retail term deposits as per the LCR with residual maturities of less than one year
8. 153) Liabilities receiving a 50% ASF factor
  1. a) Funding (secured and unsecured) with a residual maturity of less than one year provided by non-financial corporate customers
  2. b) Operational deposits (as defined in the LCR paragraph 114)
  3. c) Funding with a residual maturity of less than one year from sovereigns, public sector entities and multilateral and development banks and
  4. d) Funding from other sources not included above with a residual maturity between 6 months and one year.
9. 154) Liabilities receiving a 0% ASF factor
  
  These comprise everything else with a few technical exceptions including net derivative liabilities (refer BCBS document paragraph 25 and paragraph 149 above)

Definitions of Required Stable Funding (RSF)
1. 155) The amount of required stable funding is measured based on the broad characteristics of the liquidity risk profile of an institutions assets and OBS exposures. The calculation first assigns a carrying value of the asset to the prescribed categories and then multiplies this by the required RSF factor. The total RSF is the sum of the weighted amounts for both on and off balance sheet exposures.
2. 156) The rationale behind the RSF factors is that they approximate the amount of a particular asset that would have to be funded, either because it will (or is likely to be) rolled over and could not be monetized either by sale or as collateral, over the course of one year without significant expense. These amounts have to be supported by stable funding.
3. 157) Assets are allocated to the appropriate RSF factor based on their residual maturity or liquidity value. Residual maturity has to take into account any options either explicit or implied that may extend the maturity of the asset (or OBS exposure). Amortized loans can be adjusted for that portion falling due within the one year time horizon.
4. 158) Encumbered assets are assessed as per the period they are encumbered for at the highest applicable RSF factor if that period is greater than 6 months. Where the encumbrance period is less that 6 months the factor will be the same as unencumbered assets.
5. 159) Banks should exclude from their assets securities which they have borrowed in financing transactions such as reverse repos and collateral swaps where they do not have beneficial ownership. Banks should include securities they have lent where they retain beneficial ownership. Securities received through collateral swaps should not be included if they do not appear on the balance sheet. Generally, if the bank retains beneficial ownership and the security appears on the balance sheet it should be assigned a RSF factor.
6. 160) Netting can be accommodated provided there is a valid netting agreement. Likewise cash collateral can be taken into account.
7. 161) Derivative assets are firstly based on replacement cost where the contract has a positive value.
8. 162) Assets assigned a 0% RSF factor
  1. a) Coins and bank notes
  2. b) Central Bank Reserves
  3. c) All claims on Central Banks with residual maturities of less than 6 months
  4. d) ‘trade date receivables’ as per BCBS document paragraph 30 and 36 (d)
9. 163) Assets assigned a 5% RSF factor
  1. a) Unencumbered Level 1 high quality liquid assets as defined in the LCR excluding those receiving a 0% RSF as above
  2. b) Marketable securities representing claims or guaranteed by those entities prescribed a 0% risk weight by the Basel II standardized approach for credit risk.
10. 164) Assets assigned a 10% RSF factor
  1. a) Unencumbered loans to financial institutions with residual maturities of less than 6 months where the loan is secured against Level 1 assets as defined by the LCR and where the bank can freely use the collateral for the life of the loan.
11. 165) Assets assigned a 15% RSF factor
  1. a) Unencumbered Level 2A assets as defined in the LCR
  2. b) All other unencumbered loans to financial institutions with residual maturities of less than 6 months not included in 164
12. 166) Assets assigned a 50% RSF factor
  1. a) Unencumbered Level 2B assets as per the LCR (when allowed)
  2. b) HQLA (as per the LCR) that are unencumbered for a period of between six months and one year
  3. c) Loans to financial institutions and central banks with a residual maturity of between six months and one year
  4. d) Deposits held at other financial institutions for operational purposes
  5. e) All other assets not included in the above categories that have a residual maturity of less than one year including loans to non-financial corporate clients, retail and SME loans as well as loans to sovereigns and PSEs. (GREs included).
  6. f) Overdrafts that are core are to be assessed on a case by case basis and will be assumed to have a maturity greater than one year.
13. 167) Assets assigned a 65% RSF factor
  1. a) Unencumbered residential mortgages with a residual maturity of one year or more providing they qualify for a 35% or lower risk weight under Basel II standardized approach for credit risk.
  2. b) Other unencumbered loans not included in the above categories, excluding loans to financial institutions, with a residual maturity of one year or more that would qualify for a 35% or lower risk weight under Basel II standardized approach.
14. 168) Assets assigned an 85% RSF factor
  1. a) Cash, securities or other assets posted as initial margin for derivative contracts or assets provided to contribute to the default fund of a central counterparty.
  2. b) Other unencumbered performing loans that do not qualify for the 35% or lower risk weight requirements in 167) and have residual maturities of one year or more, excluding loans to financial institutions
  3. c) Unencumbered securities with a remaining maturity of one year or more as well as exchange traded equities that are not in default and do not qualify as HQLA under the LCR.
  4. d) Physical traded commodities such as gold
15. 169) Assets assigned a 100% RSF factor
  1. a) All assets that are encumbered for a period of one year or more
  2. b) NSFR derivative assets as calculated subject to paragraph 160 and 161 net of NSFR derivative liabilities calculated as per paragraph 149, if the NSFR derivatives assets are greater than liabilities.
  3. c) All other assets not included in the above categories including non-performing loans, loans to FIs with a residual maturity of one year or more, non-exchange traded equities, fixed assets, items deducted from regulatory capital, subsidiary interests and defaulted securities
  4. d) 20% of derivative liabilities as calculated according to paragraph 149

Off-Balance Sheet Exposures
1. 170) 5% RSF factor of the currently undrawn portion
  1. a) Irrevocable and conditionally revocable credit and liquidity facilities for any client
  2. b) Trade finance related obligations (including guarantees and letters of credit)
2. 171) 10% RSF factor
  1. a) Non-contractual obligations such as potential requests for debt repurchases of the banks own debt, structured products where the bank has to maintain liquidity and managed funds where there is a commitment to maintain stability
3. 172) 20% RSF factor
  1. a) Guarantees and letters of credit unrelated to trade finance obligations

Standard Re Liquidity at Islamic Banks
C 33/2015 STA Effective from 3/1/2022

Article (1) Introduction
1. 1.1 This Standard Re Liquidity at Islamic Banks (“the Standard”) forms part of the Regulations re Liquidity at Banks (“The Regulation”). Licensed banks that conduct all or part of their activities in accordance with the provisions of Islamic Shari’ah must comply with this Standard in the same manner as they must comply with the Regulation.
2. 1.2 This Standard must be read in conjunction with the Regulation re. Liquidity at Banks. The Standard follows the structure of the Regulation and covers these specific elements:
  1. 1) Qualitative Requirements;
  2. 2) Quantitative Requirements including:
    1. a. Eligible Liquid Asset Ratio (ELAR),
    2. b. Advances to Stable Resources Ratio (ASRR),
    3. c. Liquidity Coverage Ratio (LCR), and
    4. d. Net Stable Funding Ratio (NSFR);
  3. 3) Reporting Requirements.
3. 1.3 This Standard is issued pursuant to the powers vested in the Central Bank under the provisions of the Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities (the “Central Bank Law”).
4. 1.4 Where this Standard stipulates that a licensed bank provide information, undertake certain measures, or address certain terms listed as a minimum, the Central Bank may impose requirements, which are additional to those outlined in the relevant article of the Standard.
5. 1.5 This Standard delineates on the supervisory expectations of the Central Bank with respect to liquidity risk management for Shari’ah compliant businesses and activities in a legally binding manner.

Article (2) Scope of Application
1. 2.1 This Standard applies to all licensed banks that conduct all of their activities in accordance with the provisions of Islamic Shari’ah (“Islamic Banks” or “IBs). IBs established in the UAE with Group relationships, including subsidiaries, Affiliates, or international branches, must ensure that the Standard is adhered to on a solo and a Group-wide basis.
2. 2.2 A licensed bank that fully owns an Islamic Bank must adhere to the requirements set out within this Standard at the level of the subsidiary and consolidate these requirements into its overall risk management framework.
3. 2.3 Licensed banks that conduct part of their activities in accordance with the provisions of Islamic Shari’ah (“Banks housing an Islamic Window”) may refer to this Standard to familiarise themselves with the requirements in order to be aware of the liquidity risks arising from Shari’ah compliant activities and businesses.
4. 2.4 Banks housing an Islamic Window must comply with the liquidity requirements set by the Central Bank’s Regulations and Guidance re liquidity at banks. For monitoring purposes only, banks housing an Islamic Window are required to report stand-alone quantitative measures as set-out in this Standard without having to comply with the ratios set by this Standard.

Article (3) Objective
1. 3.1 The aim of this Standard is to ensure that IBs have a robust liquidity risk management and governance framework in place, while ensuring compliance with the provisions of Shari’ah, in line with the Central Bank’s Regulation regarding Liquidity at Banks.
2. 3.2 The Standard aims to ensure that Islamic Banks are holding sufficient Shari’ah compliant liquid assets to withstand a liquidity stress for a reasonable period of time.

Article (4) Definitions
1. a. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
2. b. Board: Islamic Bank’s board of directors.
3. c. Compliance with Islamic Shari’ah refers to compliance with Islamic Shari’ah in accordance with:
  1. a. resolutions, fatwas, regulations, and standards issued by the Higher Shari’ah Authority (“HSA”)in relation to licensed activities and businesses of Islamic Bank (“HSA’s Resolutions”), and
  2. b. resolutions and fatwas issued by Internal Shari’ah Supervision Committee (“ISSC”) of respective Islamic Bank, in relation to licensed activities and businesses of such institution (“the Committee’s Resolutions”), provided they do not contradict HSA’s Resolutions.
4. d. Central Bank: Central Bank of the UAE
5. e. Confidential Information: information that is publicly unavailable and where its disclosure is not permitted as per Article 120 of Decretal Federal Law No. (14) of 2018.
6. f. Fatwas: juristic opinions on any matter pertaining to Shari’ah issues in Islamic finance, issued by HSA or ISSC.
7. g. Group: A group of entities which includes an entity (the ‘first entity’) and:
  1. a. any Controlling Shareholder of the first entity;
  2. b. any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
  3. c. any Affiliate, joint venture, sister company and other member of the Group.
8. h. High Quality Liquid Assets or HQLA: Assets unencumbered by liens and other restrictions on transfer which can be converted into cash easily and immediately, with little or no loss of value, including under the stress scenario.
9. i. Higher Shari’ah Authority or HSA: is the Central Bank’s Higher Shari’ah Authority for Islamic banking and financial activities.
10. j. Independence: Ensuring that the ISSC is not subject to any form of undue influence when issuing resolutions and fatwas in accordance with the Shari’ah parameters, and ensuring that the Internal Shari’ah Control Division or Section and Shari’ah Audit Division or Section are also not subject to any form of undue influence. This should be carried out to strengthen the confidence of both shareholders and stakeholders in the Islamic Bank compliance with Islamic Shari’ah.
11. k. Internal Shari’ah Audit: regular process to inspect and assess Islamic Banks’ compliance with Islamic Shari’ah and the level of adequacy and effectiveness of Islamic Banks’ Shari’ah governance systems.
12. l. Internal Shari’ah Control Division Section: a technical division (or section) in the Islamic Bank with a mandate to support the ISSC in its mandate.
13. m. Internal Shari’ah Supervisory Committee or ISSC: a body appointed by the Islamic Bank, comprised of scholars specialized in Islamic financial transactions, which independently supervises transactions, activities, and products of the Islamic Bank and ensures they are compliant with Islamic Shari’ah in all its relevant objectives, activities, operations, and code of conduct.
14. n. Liquidity Risk Tolerance: the level of liquidity risk that the bank is willing to assume, it should be appropriate for the business strategy of the bank and its role in the financial system and should reflect the bank’s financial condition and funding capacity.
15. o. Restricted Investment Account: The account holders authorize Islamic Banks to invest their funds based on Mudarabah or agency contracts (Wakala) with certain restrictions as to where, how and for what purpose these funds are to be invested.
16. p. Unrestricted Investment Account: The account holders authorize Islamic Banks to invest their funds based on Mudarabah or agency contracts (Wakala) without imposing any restrictions. The Islamic bank can commingle these funds with their own funds and invest them in a pooled portfolio.
17. q. Islamic Window: refers to the licensed activities that are carried on in accordance with the Islamic Shari’ah that are carried on by financial institutions for their account or for the account of or in partnership with third parties which comply with the regulatory requirements stated in this Standard and other regulations issued by the Central Bank.
18. r. Senior Management: The executive management of the Islamic Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the financial institution, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions. The term Senior Management includes the head of Islamic Bank.
19. s. Shari’ah Non-Compliance Risk: probability of financial loss or reputational risk that an Islamic Bank might incur or suffer for not complying with Islamic Shari’ah.
20. t. Shari’ah Supervision: monitoring of Islamic Bank’s compliance with Islamic Shari’ah in all its objectives, activities, operations, and code of conduct.
21. u. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or under full control of that entity regarding the appointment of its board of directors.

Article (5) Qualitative Requirements
1. a. This article addresses the qualitative requirements contained in the regulations and emphasises the key focus of the Central Bank in its on and off site examination of IB.
2. b. The qualitative rules in this Standard come into force on 30 June 2022. Any IB that expects to be in breach of the Regulations and Standard must approach the Central Bank to discuss a remediation plan. Breaches will be dealt with on a case by case basis. The Central Bank will apply proportionality in determining the suitability of some of the more complex requirements for smaller IBs.

5.1 Liquidity Management Framework:
1. a.IBs must have appropriate governance processes, including Board and Senior Management oversight, in order to identify, measure, monitor, report and control the liquidity risk in compliance with Shari’ah rules and principles, and within the context of available Shari’ah-compliant instruments and markets.
2. b.The governance structure of an IB must specify the roles and responsibilities of senior management, the Internal Shari’ah Supervision Committee (ISSC), and its functional and business units, including that of the risk management department, with appropriate segregation between operational and monitoring functions.
3. c.IBs must have in place a sound and comprehensive liquidity risk management framework, integrated into the bank-wide risk management process. The primary objective of the liquidity risk management framework must be to ensure, with a high degree of confidence, that the IB is able to maintain sufficient liquidity to meet its regular funding requirements and payment obligations in the normal course of business; and to help it withstand a reasonable period of liquidity stress based on its liquidity risk tolerance level. The source of funding could be IB specific or market-wide.
4. d.The liquidity risk management process of an IB must involve adequate tools to identify, measure, monitor, report and control the liquidity risk in compliance with Shari’ah rules and principles, including a plan to meet contingency funding requirements and setting limits on the basis of robust stress testing and scenario analysis.
5. e.The Board bears the ultimate responsibility for approving a comprehensive liquidity risk management framework, and for monitoring the level of liquidity risk by the IB. This framework must include strategy and robust policies for the management of liquidity risk by the IB, keeping in view the nature, size and complexity of its operations, business model, funding profile, mix of Shari’ah-compliant financing and investment products, and availability of Shari’ah-compliant liquidity instruments and mechanisms.
6. f.Senior management is responsible for executing and implementing the Board-approved strategy and must develop policies for managing the liquidity risk; for having a clear view of all sources and linkages of liquidity risks by taking a holistic approach to risk management; and for laying down the procedures and processes for continuous monitoring of liquidity risk and reporting to the Board.
7. g.The strategy and policies of IBs for liquidity risk management must explicitly incorporate both normal and stressed times scenarios.
8. h.The liquidity risk management framework must cover identifying, mitigating and managing liquidity risk. The IB must ensure that its liquidity risk management function does not take the opportunity to make profits at the expense of prudent management of liquidity risk.
9. i.Liquidity risk management strategy and policies must cover all on and off-balance sheet items. IB must perform an impact analysis on management and mitigation of liquidity risks arising from new business initiatives and product approvals. The IB must have comprehensive and appropriate internal controls and internal audit mechanisms, in order to evaluate and test the adequacy of controls in the liquidity risk management framework. The senior management must ensure that all such functions and business units are operating under the approved policies, procedures and limits.
10. j.IBs must have a robust Shari’ah governance framework in accordance with the Standard re Shari’ah Governance for Islamic financial institutions in order to ensure an effective independent oversight of Shari’ah compliance, especially liquidity risk management mechanisms and instruments. The involvement of the ISSC must include the following elements:
  1. i.approving new Shari’ah-compliant liquidity risk management instruments and mechanisms, including Shari’ah-compliant hedging products;
  2. ii.ensuring proper execution of its approved products and mechanisms,
  3. iii.verifying and controlling the non-commingling of funds between Islamic windows/branches/subsidiaries and parent conventional entities; and
  4. iv.ensuring Shari’ah compliance of the IB’s placements with other entities, including placements with conventional banks, if any.

5.2 The Role of the Board
1. a.The Board has the ultimate responsibility for setting the level of liquidity risk tolerance and the liquidity risk management framework of the IB. The liquidity risk tolerance for the IB must be commensurate with its ability to have sufficient recourse to Shari’ah-compliant funds in order to mitigate this risk.
2. b.The members of the Board should familiarise themselves with liquidity risk and how it is managed, including IB’s specific liquidity risk. The Board should also understand how other risks affect the IB’s overall liquidity risk strategy, i.e. how a tighter funding market will impact the IB’s liquidity and how other risks, if materialised, could result in a liquidity run on the IB. At least one of the Board members must have detailed understanding of liquidity risk management for Islamic Banks.
3. c.The Board must ensure that the IB’s liquidity risk tolerance is transformed into actionable elements, reflecting its potential response to a range of plausible events. There are a variety of ways in which an IB can express its risk tolerance. For example, an IB may quantify its liquidity risk tolerance in terms of the level of funding gap the bank decides to assume under normal and stressed business conditions for different maturity buckets.
4. d.The Board must ensure that liquidity risk tolerance is communicated to all levels of management so that it is taken into account in the various processes of the institution Including, but not limited to product approval, documentation, execution and subsequent monitoring and reporting.
5. e.The Board must, on a regular basis, and at least on an annual basis, evaluate the relevance of the liquidity risk management strategy and policies based on prevailing and future potential market conditions, ground realities and stakeholders’ expectations while making appropriate changes, as needed. In the case of rapidly changing market conditions related to liquidity, the Board may decide to make appropriate revisions more frequently. The strategy may comprise different high-level qualitative and quantitative objectives, parameters and limits.
6. f.In line with the stated risk tolerance, the Board must establish, approve and review from time to time, the liquidity risk management strategy and significant policies, taking into consideration the IB’s business model, legal structure, complexity, key lines of business, and macroeconomic and regulatory environment.
7. g.The Board must ensure that senior management transforms board-approved strategies and policies into detailed and well-documented guidance, procedures and operating instructions which are properly aligned from risk and reward perspectives.
8. h.The Board must also approve and review the IB’s liquidity contingency funding plan (CFP) established for handling institution-specific or market-wide liquidity stress to ensure that the IB continues to fund its important activities on a timely basis, without incurring unacceptable costs or losses.
9. i.The Board must establish a mechanism for regular monitoring and detailed reporting of the liquidity risk profile of the IB. It must periodically review this information, and information on the IB’s level of liquidity, in order to be able to provide strategic direction on a timely basis. The Board must have in place a system to review liquidity reports sent to it by management; identify liquidity concerns; and follow up on remedial action undertaken by management.
10. j.The Board must proactively seek and review information related to any major institutional- and market-level events that could impair the liquidity position of the IB. Institutional-level events may include deterioration in the value and marketability of liquid asset holdings, significant funding concentrations, increasing costs of funding, significant withdrawal of deposits and investment accounts (IA), an escalating funding gap, frequent and sizeable breaches of limits, cash-flow shortages, major losses in operational results, etc. Market-level events may include a rating downgrade or a significant breach in Shari`ah compliance or other breaches, with a potential to transform into increased reputational risk and other negative market events.

5.3 The Role of Senior Management
1. a.Senior management is to develop a strategy, policies and practices to manage liquidity risk in accordance with the Board approved risk tolerance and ensure that IB maintains sufficient liquidity. The strategy should include specific policies on liquidity management, such as:
  1. -the composition of assets and liabilities;
  2. -the diversity and stability of funding sources;
  3. -the approach to managing liquidity in different currencies, across borders; across business lines and legal entities;
  4. -the approach to intraday liquidity management; and
  5. -the assumptions on the liquidity and marketability of assets.
  The IB’s strategy should be continually reviewed and compliance must be reported to the Board on a regular basis.
2. b.The strategy should take account of liquidity needs under normal conditions as well as under periods of liquidity stress as a result of IB specific or a market wide crises, and a combination of these two. The strategy may include various high-level quantitative and qualitative targets. The strategy should be appropriate for the nature, scale and complexity of the IB’s activities. In formulating this strategy, the IB must take into consideration Shari’ah compliance; its legal structures; key business lines; the breadth and diversity of markets, products, and jurisdictions in which it operates; and the regulatory requirements it is subject to. The Board must approve the strategy and critical policies and practices and review them at least annually.
3. c.Senior management must ensure that liquidity is effectively managed on a regular and timely basis and that appropriate policies and procedures are established to limit and control material sources of liquidity risk.
4. d.Senior management must have ongoing and active involvement in order to effectively manage liquidity on a regular and timely basis.
5. e.IBs must designate responsibility for monitoring and managing liquidity risk to an appropriate committee e.g. the Assets and Liabilities Committee (“ALCO”), the Executive Risk Committee and/or the Risk Management Committee, etc.
6. f.The ALCO or any other committee assigned to monitor an IB’s liquidity risk must actively monitor the IB’s liquidity risk profile and have adequate broad representation within the IB, including finance, treasury, senior managers, credit, deposits and investments, financing and risk management. The Board must define the mandate of this committee in terms of planning, directing and controlling the flow, level, mix, cost and yield of the IB’s funds and investments.
7. g.The committee must ensure that the system set up for liquidity risk management is able to adequately identify and measure the risk exposure. The committee must also ensure that the IB has an information system which is sufficiently flexible and able to prepare and provide timely, accurate and relevant reports to senior management, the Board and the Central Bank about the institution’s liquidity risk exposure.
8. h.Senior management must observe the changes in market conditions and new developments that can present significant challenges in terms of the smooth management of liquidity risk in the IB. Senior management must present to the Board regular reports on the liquidity position of the bank. The Board should be informed immediately of new or emerging liquidity concerns. These include increasing funding costs or concentrations, the growing size of a funding gap, the drying up of alternative sources of liquidity, material and/or persistent breaches of limits, and/or a significant decline in the cushion of unencumbered, highly liquid assets. The Board must ensure that senior management takes appropriate remedial actions to address the concerns. Senior management must be able to recommend to the Board any necessary amendments to the strategy and policies for managing liquidity risk.
9. i.Senior management is responsible for determining the structure, responsibilities and controls for managing liquidity risk in all legal entities, branches and subsidiaries in the jurisdictions in which IB is active, and outline these elements clearly in the IB’s liquidity policies. The management structure of an IB must be established in such a way that it provides for segregation of duties between operational and monitoring functions, which can minimise the chances of conflicts of interest. It is expected that the primary responsibility for monitoring liquidity risk management must be independent of business units that are involved in the financing, investment and trading functions.
10. j.It is the responsibility of the Board and senior management to ensure that adequate internal controls and internal audit mechanisms are in place to protect the integrity of the established liquidity risk management process. Senior management must define the specific procedures and approvals necessary for exceptions to policies and limits, including the escalation procedures and follow-up actions to be taken for breaches of limits.
11. k.The active involvement of senior management is vital to the stress testing process in the IB. Senior management must demand that rigorous stress scenarios be considered, even in times when liquidity is plentiful.
12. l.The strategy, key policies for implementing the strategy and the liquidity risk management structure must be communicated throughout the organisation by senior management. All individuals within business units conducting activities that have a material impact on liquidity must be fully aware of the liquidity strategy and operate under the approved policies, procedures, limits and controls.
13. m.Individuals responsible for liquidity risk management must maintain close links with those monitoring market conditions, as well as with other individuals with access to critical information, such as credit risk managers. Individuals with direct responsibility over liquidity risk management at the banks must meet the fit and proper criteria set by the Central Bank including appropriate academic qualifications, good understanding of Shari’ah compliant activities and its liquidity related risks, good character and sound financial position.
14. n.Senior management must ensure that independent oversight and verification is performed by middle office and/or risk management staff who are capable of assessing treasury’s adherence to liquidity limits, policies and procedures. The independent control functions must have the skills and authority to challenge information and modeling assumptions provided by business lines. In addition, internal audit must regularly review the implementation and effectiveness of the agreed framework for controlling liquidity risk.

5.4 Identification of Liquidity Risk
1. a.IBs must be able to identify the exposure to liquidity risk, in the short and long term, arising from institution-specific, market-wide or cross-border events for all its operations including subsidiaries, branches, or similar arrangements. In the process of identification, the IB must identify and recognise each significant on- and off-balance sheet position that can have an impact on its liquidity in normal and stressed times and establish a range of metrics. The IB must consider the types of events and activities that can expose it to liquidity risk. It must have a robust framework for projecting the contingent liabilities and other commitments, including calculating the impact of drawing on undrawn commitments.
  The identification process must consider, among other things, the nature of exposure, the creditworthiness of the counterparty, correlations between the various business and geographical sectors, and the nature of the relationship with various counterparties. IB must be able to identify incidents that can negatively influence perception in the marketplace about its creditworthiness and the fulfilment of its obligations.
2. b.IBs must consider the interactions between exposures to funding liquidity risk and market liquidity risk. An IB that obtains liquidity from capital markets and interbank market Shari’ah compliant instruments must recognise that these sources may be more volatile than normal deposits and IAs.
3. c.An IB must be able to model the contractual and behavioral profiles of its fund providers with respect to normal and disruptive market conditions, which can be impacted by its smoothing techniques. For instance, an IB must ensure the availability of sufficient funds as and when the demand arises from non-remuneration accounts and other accounts guaranteed by IB. In addition, an IB must also model the behavioral profile of its investment accounts, as the IB may be affected by runs or panic withdrawals of funds by the Investment Accounts Holders (“IAH”s) in the case of rate of return risk, Shari’ah non-compliance risk or reputational risk which may have an impact on the liquidity condition of the IB.
4. d.An IB must ensure that assets are prudently valued according to relevant financial reporting and supervisory standards. An IB must fully factor into its risk management, the consideration that valuations may deteriorate under market stress, and take this into account in assessing the feasibility and impact of asset sales during stress on its liquidity position.
5. e.In analysing the risk profile of investment accounts, an IB must take into consideration the smoothing techniques adopted by the IB in line with the Central Bank’s standards and regulations. Stress testing, including scenario analysis, must be used to evaluate the behaviour of IAH and other fund providers of the IB and its impact. IB’s own historical data may provide a good basis for performing an internal assessment of the expectations and incentives of IAH, in normal as well as stressed times
6. f.For restricted investment accounts, an IB normally makes matching investments. However, in the case where restricted investment accounts have the right to withdraw funds before the assets are liquidated, the IB may need to fund the gap for the intervening period until the assets are converted into cash. If the withdrawals are more than expected, the IB may be exposed to liquidity risk.
7. g.Due to the IB’s dual role in meeting its obligations to current and investment accounts, and managing the expectations of its IAH, it is imperative that the IB performs liquidity cash-flow analysis periodically and under various market conditions. The analysis must include assumptions about the repayment of invested funds to the IAH to the extent that the amount of capital erosion due to investment losses is sufficiently mitigated by Investment Reserve Risk (“IRR”).
8. h.If the IB is sourcing funds using contracts other than Mudaraba or Wakala, especially if using sale based instruments, such practices will expose the IB to refinancing risk (through renewal of contract) in stressed market conditions. Observing the Shari’ah requirements in such cases, especially Shari’ah rules pertaining to sale of debt which, among other things, requires that renewal of the contract can only be made after the initial contract has been terminated. Counterparties may be less willing to hold their funds with the IB, resulting in a liquidity shortage and possibly a liquidity crisis, especially in the case of stressed markets, as well as perceived or actual financial or reputational problems of the IB.
9. i.IB must be aware that identification of liquidity risk must take into consideration various liquidity risks associated with its own balance sheet (corporate books) operations. An IB may face funding liquidity problems due to:
  1. i.refinancing risk (e.g. due to system-wide liquidity stress or credit crunch),
  2. ii.the inadequacy of the liquidity infrastructure in the jurisdiction, or
  3. iii.the inability of a particular counterparty to renew a liquidity facility, in the absence of more general liquidity stress.
  Due to the significant size of such transactions and their potential impact on the profitability and liquidity of the institution, IB must monitor the timing, counterparties, nature and terms of transactions (e.g. secured or unsecured), etc.
10. j.IB must also keep track of information related to significant counterparties and other market related information that can impact, directly or indirectly, the management of its liquidity risk. Such information about significant counterparties, most notably financial institutions, may include, but is not limited to, institutional credit rating, market reputation regarding repayment capacity, share prices, profitability, frequency and capacity to renew the funding, financial results of cross-border operations, credit ratings of issued Sukuk, etc. The market-related information may include Islamic money market rates, profit rates paid to IAH and fund providers by competitors, market indices, latest auction rates of local and sovereign Sukuk, as well as movements in foreign exchange and commodities markets – both in local and cross-border markets.
11. k.IB must design a set of indicators to aid this process to identify the emergence of increased risk or vulnerabilities in its liquidity risk position or potential funding needs. Such early warning indicators must identify any negative trend and trigger an assessment and potential response by management in order to mitigate the IB’s exposure to the emerging risk. Early warning indicators can be qualitative or quantitative in nature and may include, but are not limited to:
  1. -Rapid asset growth, especially when funded with potentially volatile liabilities.
  2. -Growing concentrations in assets or liabilities.
  3. -Increases in currency mismatches.
  4. -A decrease of weighted average maturity of liabilities.
  5. -Repeated incidents of positions approaching or breaching internal or regulatory limits.
  6. -Negative trends or heightened risk associated with a particular product line, such as rising delinquencies.
  7. -Significant deterioration in the IB’s earnings, asset quality, and overall financial condition.
  8. -Negative publicity.
  9. -A credit rating downgrade.
  10. -Stock price declines or rising debt costs.
  11. -Widening debt or credit-default-swap spreads.
  12. -Rising wholesale or retail funding costs.
  13. -Counterparties that begin requesting or request additional collateral for credit.
  14. -Correspondent banks that eliminate or decrease their credit lines.
  15. -Increasing retail deposit outflows.
  16. -Increasing redemptions of Islamic CDs before maturity.
  17. -Difficulty accessing longer-term funding.
12. l.Early warning indicators must be closely monitored by senior management on a regular basis. Limits and analysis of the indicators in (l) above must be reviewed and breaches/emerging trends must be escalated up to the board committees or the full board, if significant enough. Clear procedures and escalation criteria must be put in place based on the warning indicators, these include the circumstances where the CFP must be invoked.

5.5 Integration of Liquidity Risk into Enterprise Risk Management Framework
1. a.IB must ensure that liquidity risk management practices are incorporated within an institution-wide, integrated enterprise risk management framework that fully takes into account the interactions between liquidity risk and other risks, including market, credit and operational risk, displaced commercial risk, reputational and Shari’ah non-compliance risk, as per the Central Bank’s risk management regulations and standards. This framework must also address liquidity risk arising from various Shari’ah-compliant financial contracts, either directly due to the nature of the contract or indirectly as a consequence of other risks, at any stage during the period of the contract.
2. b.IB must take into account the fact that various types of risks interact with liquidity risk in a variety of ways, both in normal and stressed conditions.
3. c.Credit risk in an IB can transform into liquidity risk if it faces major defaults in its financing and investment portfolio. Uncertainty about the creditworthiness and quality of an IB’s financing portfolio can make it difficult to obtain funding from the market or to resell an eligible asset portfolio to other IBs. For instance, Murabahah and other debt modes of financing cannot be resold in the market due to Shari’ah restrictions on the selling of debt. In addition, during stressed conditions, an IB may find it difficult to sell or collateralise these assets to generate liquidity. Furthermore, any reputational problem experienced by the IB due to perceived Shari’ah non-compliance or fiduciary risk may result in the withdrawal of funds by the fund providers, resulting in heightened liquidity risk for the IB.
4. d.The liquidity risk management framework of the IB must factor-in these and similar relationships and interactions between liquidity risk and other risks while setting limits, performing stress testing, preparing CFP, and executing its risk management strategy and policies in its operational environment.
5. e.Rate of return risk, which is a major cause of displaced commercial risk, can also give rise to liquidity problems in the IB. For instance, IBs may have invested investment accounts’ funds into relatively long maturity assets such as long-maturity Murabahah, Ijarah without repricing, and thereby have locked in lower rates of return on assets than those currently on offer in the market. Despite the contractual features of the investment accounts, the investment account holders may choose to move their funds to other institutions offering higher return, posing a liquidity risk for the IB. To mitigate this risk, IB may smooth the profits payout to their IAH.
6. f.IB must address liquidity risks arising from various Shari’ah-compliant modes for financing and investment. IB must especially look into risk transformation in the transactions during the various stages of execution, which might impact the liquidity of these products, directly or indirectly.
  1. i.In a Murabahah contract, an IB’s liquidity is impacted by the risk of cancellation in a non-binding Murabahah contract and by late or non-payment by customers.
  2. ii.In the case of Ijarah, IB may face liquidity risk due to the late or non-payment of instalments by the customer, the inability to sell or lease the asset to a new customer at the end of an earlier contract, or default by the customer.
  3. iii.In a Salam contract, the illiquidity of commodity markets and the non-permissibility of exiting the contract before delivery can pose a liquidity risk for an IB.
  4. iv.In the case of the investment modes, Mudarabah and Musharakah, liquidity risk can arise in the case of late or non-payment of profit payments during the contract and non-payment by the customer of the principal at the end of the contract.
7. g.The IB must be able to analyse its financing and investment portfolio with reference to features of Shari’ah-compliant contracts that can lead to liquidity risk and make appropriate adjustments, as needed. Overall liquidity risk for an IB will largely depend on the mix of various Shari’ah-compliant modes of financing and investment in its asset portfolio and the concentration of individual customers exposed to each type of contract.
8. h.The IB must take into consideration that liquidity risk can arise either directly due to the nature of the contract or indirectly as a consequence of other risks at any stage during the period of the contract, mostly through credit risk, whereas continuous illiquidity in the Sukuk market mostly impacts an IB’s liquidity through market risk.
9. i.An IB must be able to take fully into account the interaction between funding and market liquidity in its analysis of liquidity risk. With the increasing interconnections between the two types of liquidity, it is imperative that the IB evaluate the potential systemic consequences of liquidity problems.
10. j.A liquidity risk management framework must include limits, warning indicators, communication and escalation procedures. IB must set limits to control its liquidity risk exposure and vulnerabilities. IB must regularly review such limits and corresponding escalation procedures. Limits must be relevant to the business in terms of its location, complexity, and nature of products, currencies and markets served.
  Limits must be used for managing day-to-day liquidity within and across lines of business and legal entities under “normal” conditions. The limit framework must also include measures aimed at ensuring that the IB can continue to operate in a period of market stress, bank-specific stress and a combination of the two. For example, a commonly used simple limit is the size of cumulative net cash outflow (based on board approved assumptions) and covers various time horizons. The limit may also include estimates of outflows resulting from the drawdown of commitments or other obligations of the bank.

5.6 Measurement of Liquidity Risk
1. a.IB must be able to measure and forecast its future cash flows arising from all of its positions, whether on or off-balance sheet, over a range of time bands. The IB must use a range of time horizons in order to assess its vulnerability to changes in its cash flows and liquidity requirements over time, given the size and mix of its balance sheet components. These time horizons can range from intraday, overnight, weekly and monthly for short-term liquidity assessments, up to one year for medium term and over one year for longer-term assessments.
2. b.An IB must have robust, documented and well tested methodologies for measuring liquidity risk, and must make appropriate amendments and revalidation to reflect changing market conditions, so as to ensure that the major assumptions and parameters continue to be relevant and up to date.
3. c.IBs must also take into consideration the impact of potential payments and commitments arising from off-balance sheet items such as committed lines, guarantees, letters of credit and Shari’ah-compliant derivatives. Particular importance must be paid to covenants that trigger the drawing of liquidity lines or that allow counterparties not to fulfil their obligations. Implicit support to restricted investment accounts or any securitisation vehicles of the IB (held off-balance sheet in most cases) must also be considered in the liquidity analysis. For securitisation vehicles, an IB must also take into consideration the contingent exposure and triggering events stemming from its contractual and non-contractual relationships with special purpose vehicles. (“SPV”).
  Undrawn commitments, letters of credit and financial guarantees represent a potentially significant drain of funds for IB. IB may be able to ascertain a "normal" level of cash outflows under routine conditions, and then estimate the scope for an increase in these flows during periods of stress.
4. d.IBs must recognise that the behaviour of their cash flows can be considerably different from other types of institutions owing to the different nature of the contracts used for their financing and investment products. Cash flows in an IB may be categorised as follows:
  1. i.Known cash flows: are those cash flows where the amount and maturities are known in advance, such as receivables from Murabahah, Ijarah, based financing.
  2. ii.Conditional but predictable cash flows: are dependent on the performance of commitments or work, and fulfilment of agreed terms and conditions over an agreed period by the counterparties, as in the case of Salam, Istisna` and Diminishing Musharakah.
  3. iii.Conditional but unpredictable cash flows: are related to equity participations by the IB where the recovery of invested capital and possible levels of return on investment are conditional on the financial results of the activity in which the funds are invested, as in Musharakah and Mudarabah.
5. e.For measuring liquidity risk, IB must utilise a range of measurement techniques, time horizons and levels of granularity. Depending upon the nature, size and complexity of operations of an IB, cash-flow forecasts and projections can range from simple spreadsheets to sophisticated modelling techniques, including utilising static simulations, value at risk, liquidity at risk and others. IB may use, for measuring and monitoring liquidity risk, the cash-flow mismatch/maturity gap for calculating the net funding requirement, which is based on an estimation of the amount and timing of future cash flows with respect to contractual or expected maturity.
6. f.IBs must analyse liquidity gaps, breaking them down by type of product, business unit and currency, with appropriate forecasting of liquidity needs in various stress scenarios. In order to ensure the reliability of the forecasting process, IB must collect and aggregate relevant data, and verify that the data are processed and transferred correctly through various systems and channels. IBs must also validate the forecasted cash flows and ensure that the data are complete and reconciled, with appropriate plausibility checks. The validations and back-testing results must be properly documented and communicated to senior management for their information.
7. g.The maturity gap approach helps the IB to address the net funding requirement in each time horizon. The analysis of net funding requirements involves the construction of a maturity ladder and the calculation of a cumulative net excess or deficit in funding at a series of points in time.
8. h.For calculating net funding requirements, the IB must analyse prospective cash flows based on assumptions of the future behaviour of assets, liabilities and off-balance sheet items, and then calculate the cumulative net excess or shortfall over the time frame.
9. i.Assumptions related to the behaviour of various fund providers and asset classes, or regarding possible triggers of any contingent liability and liquidity disruption, play an extremely important role in measuring and projecting cash flows. IBs must ensure that the assumptions it makes are practical, realistic and properly documented.
10. j.Assumptions related to the behaviour and stability of investment accounts, current accounts and funds generated from wholesale investors, as well as the volatility of asset portfolios on the basis of investment modes such as Mudarabah and Musharakah, are important. IBs must be able to test various scenarios on the availability of alternative funding sources from Islamic money and capital markets under adverse market conditions, as well as the effects of a deterioration in its asset quality or capital adequacy. An important consideration in such analyses is the critical role that the reputation and creditworthiness of an IB plays in accessing funds from the market on reasonable terms and in time. IB must be aware of any information that may adversely affect its public image and reputation, and hence its access to funds from the Islamic interbank market. Such information includes any negative publicity appearing in the media on the IB’s Shari’ah non-compliance, rating downgrade and fall in earnings.
11. k.Evaluating the liquidity position and liquidity risk of an IB requires an analysis of the behaviour of different cash flows under various market conditions. This behaviour can be analysed using various stress testing or “what-if” scenarios, to determine what the impact would be on cash stocks (i.e. cash balances) or cash flows. Stress testing helps to quantify potential liquidity gaps in specified stress scenarios using deterministic and stochastic cash flows and, therefore, must be linked with various actions and countermeasures.
12. l.IBs must also include sensitivity and scenario analyses in their stress testing. While sensitivity analyses test the dependence on a selected risk factor, scenario analyses simultaneously examine the effect of several risk factors on liquidity. The results of stress testing exercises must be the basis of setting limits, preparing the CFP, and revising the strategy, policies and procedures for liquidity risk management in the IB.
13. m.Stress testing must be conducted on a regular basis and must consider the following:
  1. -It must be done on individual entity basis, group basis and across business lines.
  2. -It must consider the implication of the scenarios across different time horizons, including on an intraday basis.
  3. -The extent and frequency of testing should be commensurate with the size of the bank and its liquidity risk exposures.
  4. -IB must build in the capability to increase the frequency of tests in special circumstances, such as in volatile market conditions or at the request of the Central Bank.
  5. -Senior management must be actively involved in the stress testing process, demanding rigorous assumptions and challenging the results.
  6. -The Board must be informed of the stress testing results and must be able to challenge outcomes, assumptions and actions taken on the basis of the tests.
14. n.IBs must ensure consistency in the reporting process to allow for comparability overtime and assist in measuring changes in the risk exposure and/or profile.
15. o.The stress test scenarios must consider the following:
  1. -A simultaneous drying up of market liquidity in several previously highly liquid markets (inter-bank money markets, non UAE funding markets, securitisation).
  2. -Severe constraints in accessing secured and unsecured wholesale funding.
  3. -The run-off of retail funding.
  4. -Contingent claims and more specifically, potential draws on committed lines extended to third parties or the IB’s subsidiaries, branches or head office and the liquidity absorbed by off-balance activities.
  5. -Severe operational or settlement disruptions affecting one or more payment or settlement systems.
  6. -Take into account the link between reductions in market liquidity and constraints on funding liquidity. This is particularly important for IBs with significant market share in, or heavy reliance upon, specific funding markets.
  7. -IBs must also consider the results of stress tests performed for various other risk types and consider possible interactions between liquidity risk and these other types of risk (e.g. capital stress tests), and including consistency across stressed credit and liquidity methodologies/metrics.
  8. -Tests must reflect accurate time-frames for the settlement cycles of assets that might be liquidated (i.e. time to receive the sale proceeds).
  9. -If an IB relies upon liquidity outflows from one system to meet obligations in another, it must consider the risk that operational or settlement disruptions might prevent or delay expected flows across systems. This is particularly relevant for IBs relying upon intra-group transfers or centralised liquidity management.
  10. -Additional margin calls and collateral requirements.
  11. -The availability of contingent lines extended to the IB.
  12. -The impact of credit rating triggers.
  13. -The access to Central Bank facilities.
  14. -The potential reputational impact when executing contingency /remedial action.
  15. -Estimates of future balance sheet growth.
  16. -The likely behavioral response of other market participants (similar response to market stress might amplify market strain).
  17. -The likely impact of its own behaviour on other market participants.
  18. -Where a bank uses a correspondent or custodian to conduct settlement, the analysis must include the impact of those agents restricting their provision of intraday credit.
16. p.IBs must use various kinds of limits for controlling its liquidity risk. These limits are normally set at the group level and are apportioned downwards to the various entities, including subsidiaries, units/divisions or desks. Through limits, IBs can ensure that it does not have a level of outflows, which cannot be funded in the market, taking account of its risk tolerance and historical record. Overall, IBs must set their limit structure so that it continues to operate in an idiosyncratic stress or market-wide stress, or both.
17. q.IBs may use internal fund transfer pricing technique for measuring and analysing pricing, profitability and performance of various business lines, products and branches within the IB.
  Since the internal prices affect the performance measurement of different functional units, products and lines of business, senior management must assign such responsibility to an independent unit in a transparent manner. It must also uphold the Shari’ah requirements in case IB has different pools of funds. In addition, the internal pricing must be decided after an interactive discourse between the business lines and the unit/s responsible for the fund transfer price and must cover all significant business activities of the IB, including off-balance sheet. This process must take into account different factors related to assets, liabilities and off-balance sheet items, including their expected holding periods and associated changes in liquidity risk, “stickiness” or stability of funding sources, and other related factors. It must also be updated at appropriate intervals.
18. r.Senior management must appropriately incorporate liquidity costs, benefits and risks in the internal pricing and performance measurement for all significant business activities (both on- and off-balance sheet). The sophistication of the transfer pricing framework must be in line with the bank’s level of sophistication and business complexity. The costs, benefits and risks must then be explicitly attributed to the relevant activity so that line management incentives are consistent with and reinforce the overarching liquidity risk tolerance and strategy of the bank, with a liquidity charge assigned, as appropriate, to positions, portfolios, or individual transactions.
19. s.This assignment of liquidity costs, benefits and risks must incorporate factors related to the anticipated holding periods of assets and liabilities, their market liquidity risk characteristics, and any other relevant factors, including the benefits from having access to relatively stable sources of funding, such as some types of retail deposits.
  The quantification and attribution of these risks must be explicit and transparent at the line management level and must include consideration of how liquidity would be affected under stressed conditions.
  The analytical framework must be reviewed as appropriate to reflect changing business and financial market conditions and so maintain the appropriate alignment of incentives.
20. t.IBs must assess its aggregate foreign currency liquidity needs and determine acceptable currency mismatches. IBs must undertake a separate analysis of its strategy for each currency in which it has significant activity, considering potential constraints in times of stress. The size of foreign currency mismatches must take into account: (a) the IB’s ability to raise funds in foreign currency markets; (b) the likely extent of foreign currency back-up Shari’ah compliant facilities available in its domestic market; (c) the ability to transfer a liquidity surplus from one currency to another, and across jurisdictions and legal entities; and (d) the likely convertibility of currencies in which the bank is active.
  IBs must take account of the risks of sudden changes in foreign exchange rates or market liquidity, or both, which could sharply widen liquidity mismatches and alter the effectiveness of foreign exchange hedges and hedging strategies.

5.7 Control and Mitigation of Liquidity Risk
1. a.IBs must ensure that it has a well-diversified funding base, which must be commensurate with the nature and size of its business, products offered and regulatory market environment. It must maintain strong relationships with various fund providers – retail, corporate or interbank – to ensure proper diversification of its funding base. It must also be able to identify major factors that influence the decision-making process of various fund providers and take measures to control and mitigate those factors, as well as to maintain relationships with its core investment funds and deposit base. The diversification of funding sources must span a range of maturities, including the short, medium and longer term, so as to provide a suitable match with maturities in its assets portfolio.
2. b.As a part of its diversification strategy, an IB must manage and limit its funding concentrations. IB must limit funding concentrations by name–type, product, geographical location, sector, currency and nature of the provider.
3. c.IBs that rely on the funding from wholesale investors as a major funding source must assess the likelihood of being able to continue to rely on keeping funds with such investors when under duress and must incorporate in its analysis that funding from wholesale investors might dry up in stressed conditions.
4. d.IBs may use securitisation of financing and investment assets for managing liquidity, freeing up assets from the balance sheet and raising new funds, in addition to reducing their risk exposures.
5. e.IBs must also take into consideration the features and risks of various sources of funds and mechanisms e.g. retail and corporate fund providers on the basis of current accounts, investment accounts, other type of accounts, and the Islamic interbank market. being used.
6. f.Preserving market access is an important element of achieving diversification in the funding base of IB. Access to various funding markets ensures that the IB is able to raise new funds and sell its Shari’ah-compliant assets and Sukuk with ease and without a major price distortion. IB must also be able to spot alternative funding sources in order to meet any situation of market duress and these must form part of its CFP. Possible sources of such funding in the IB may be an expansion of its deposits and investment accounts, securitisation, the sale of unencumbered Shari`ah-compliant assets, the drawing down of committed lines of financing, accessing the local Islamic interbank market, secured financing through Shari’ah-compliant alternative structures, etc.

5.8 Consolidated Management of Liquidity Risk
1. a.In the case of an IB that is part of a group which has a centralised structure for managing liquidity risk, the Board and Senior Management at the group/parent level must prepare a strategy, policies and procedures for the Islamic operations taking into account the position of such operations within the overall group/parent, with due consideration to mutual Shari’ah independencies and constraints in transfers of liquidity on a Shari’ah-compliant basis between the group entities.
2. b.A major consideration in the transfer of liquidity from an Islamic entity to the conventional group/head office, or vice versa, is the issue of segregation of funds, constraints on any such transfer, and the Shari’ah-compliant structures or mechanisms that can be used to facilitate the placement of funds.

5.9 Maintaining a High-Quality Liquidity Buffer
1. a.IBs must maintain a liquidity buffer as the first line of defense in the event of a liquidity disruption. A liquidity buffer consists of cash and other highly liquid, unencumbered, Shari’ah-compliant assets and is an important tool in disruptive market conditions when an IB may need to generate liquidity in a short span of time and normal funding sources become dry or are unable to provide liquidity. The availability of this excess liquidity precludes the need for an IB to take extraordinary measures during initial periods of stress.
2. b.IBs must calibrate the magnitude of its liquidity buffer on the basis of its funding gap and stress testing exercise over specific time horizons. The calibration of a liquidity buffer is highly dependent on assumptions used for defining the stress conditions. These assumptions incorporate the factors such as net and cumulative funding requirements in various time buckets, as well as encompassing both contractual and non-contractual cash flows. Assumptions must also include factors such as the length and severity of stress, the withdrawal of funding by investment accounts and depositors, and the non-availability of funding on an unsecured basis (including interbank Mudarabah, and Wakalah) as well as on a secured basis (using Shari’ah-compliant alternatives structure to a repurchase agreement) from modestly liquid assets.
3. c.The IB liquidity buffer must comprise cash and highly liquid assets which can be sold or used as collateral for a Shari’ah-compliant alternative to a repurchase agreement in disruptive market conditions.
  In addition to the highly liquid instruments, other instruments which may need a relatively longer time in liquidation may be considered, provided the IB can demonstrate the ability to generate the liquidity from such instruments in an agreed timeframe. The core component of this buffer must be eligible as collateral for generating liquidity from the Central Bank on a Shari’ah-compliant basis.
4. d.The IB can also include statutory reserves with the Central Bank in its calculation of a liquidity buffer provided it can demonstrate that such reserves can be withdrawn in case of need without any regulatory repercussions. The criteria for specifying an instrument’s eligibility as a liquidity buffer include its issuer, size, maturity, depth of the market, currency, tradability from a Shari’ah perspective, and the range of investors holding such an instrument.
5. e.IBs must ensure that its liquidity buffer is reasonably diversified, and that there are no constraints – whether legal, regulatory or operational – on the utilisation of these assets. The IB must also consider maintaining buffers of highly liquid assets in other major currencies, especially in cases where the local currency is non-convertible.
6. f.An IB must also test and be active in each market in which it keeps Shari’ah compliant assets as liquidity buffers. This will provide an assurance to the IB about the liquidity of such instruments in various market conditions and will provide an opportunity to test its assumptions.

5.10 Preparing a Contingency Funding Plan (CFP)
1. a.IBs, regardless of their nature and complexity, must have a CFP that delineates the strategy, action plan and procedures for dealing with liquidity stress events, including making up cash flow in adverse circumstances. Such a plan must be prepared with input from all relevant functions of the IB, while carefully incorporating the results from stress tests, including scenario analyses and considering any limitations to sourcing funding in the future.
2. b.The CFP must establish a clear designation of roles and responsibilities and backup of key functions, with a suitable internal and external communication plan addressing various stages of stress events. The plan must include regular monitoring of related triggers, with appropriate escalation procedures.
3. c.Key objectives of a CFP are to reduce the effects of liquidity shocks, maintain going-concern status, and send market signals that the IB is in reasonable health.
4. d.The main components of a CFP include:
  1. i.definition of the triggering events that will activate the CFP;
  2. ii.governance of the CFP during the various stages of stress events, including describing the roles and responsibilities of various functions and committees;
  3. iii.escalation procedures explaining when to consider, and how to take, additional measures for generating funds;
  4. iv.internal and external communication plans, including major counterparties, customers, investment account holders, auditors, media and the Central Bank; and
  5. v.the frequency and parameters used as a basis for revising the CFP.
5. e.CFPs must have the following characteristics:
  1. i.Be commensurate with a IB’s complexity, risk profile, scope of operations and role in the financial systems in which the IB operates.
  2. ii.Include a clear description of a diversified set of contingency measures for preserving liquidity and making up cash flow shortfalls in various adverse situations.
  3. iii.Articulate available potential contingency funding sources and the amount of funds a bank estimates can be derived from these sources; clear escalation/prioritisation procedures detailing when and how each of the actions can and must be activated; and the lead time needed to tap additional funds from each of the contingency sources.
  4. iv.The CFP's design, plans and procedures must be closely integrated with the IB’s ongoing analysis of liquidity risk and with the results of the scenarios and assumptions used in stress tests.
  5. v.It must prepare the IB to manage a range of scenarios of severe liquidity stress that include both IB-specific and more generalised market-wide stress, as well as the potential interaction between them.
  6. vi.It must include a diversified menu of options to allow management to have an overview of the potentially available contingency measures. Banks must also examine the time periods for which measures can be carried out under various assumptions and stresses.
6. f.IB’s CFP must be closely integrated with the overall strategy, policies and procedures for managing liquidity risk and must be proportionate with the IB’s size, nature of products, risk profile and level of tolerance. It must also address constraints on obtaining Shari’ah compliant funding.
7. g.During the process of preparation of the CFP, an IB must take input from all relevant functions and bodies, and most importantly from the senior management, treasury, and risk management and finance departments. It must be then formally approved by the Board of the IB.
8. h.IBs must also define the triggering events that will activate the various stages of the CFP. Such events may include events related to the IB, such as a downgrade in its credit rating or that of Sukuk that it has originated or for which it is an obligor; problems in specific products or lines of business (e.g. issues affecting an important market segment resulting in a reduction of cash flows to the IB from losses of customers and collectability problems); and/or the default or a rating downgrade of Sukuk it is holding, etc.
9. i.There might be some external events that can cause the need for activation of CFP, such as a lower rating or defaults in its holding of Sukuk or other Shari’ah-compliant securities, deterioration of overall market conditions, negative publicity about its Shari’ah compliance, or changes in legal, accounting and tax regulations that might impact negatively on the IB’s liquidity position. IB is expected to perform regular monitoring of related triggers that will activate the CFP with related reporting to the senior management and relevant committees such as ALCO.
10. j.IBs must clearly designate the roles and responsibilities of the various personnel involved in the management of the CFP during each stage of the liquidity crisis. An IB must define the classification of these stages and may consider delimiting various stages, such as:
  1. i.recognition of various triggering events where withdrawals do not follow predictable patterns;
  2. ii.a liquidity crunch where unsecured funding might be partially inaccessible and there is a need to liquidate assets or investments in an orderly manner; and
  3. iii.a condition of severe liquidity shock where unsecured funding is not available and securing funding is difficult to obtain.
11. k.During the course of each defined stage, the IB must lay down the roles and responsibilities of the relevant board and senior management committees, as well as other staff, in order to prevent any confusion and misconception about their roles. IB can also consider the establishment of a crisis management team with clearly assigned leadership roles to increase internal coordination and decision-making during a liquidity disruption.
12. l.The IB CFP must illustrate the decision-making process to be adopted at different stages of the liquidity crisis. The process must outline the nature and timing of action to be taken by the personnel responsible for managing liquidity disruptions with respect to their assigned roles. It must also elaborate the parameters for escalating any issue to higher senior management. The procedures must explain the nature and extent of internal and external communication.
13. m.The communication plan of the IB, as defined in the CFP, must ensure clear, timely and regular internal communication to warrant timely decision-making and avoid any misconception or confusion about the appropriate steps to be taken during the crisis and roles of the various personnel.
14. n.Senior management must review and update the CFP at least every year for the Board’s approval, or more often as business or market circumstances change. The review must take place in order to assess its effectiveness and to ensure that it remains relevant and up to date in the changing market conditions. An IB may consider assessing the efficacy of CFP during the simulation of stress conditions, if conducted and make appropriate changes to reflect the applicability of the CFP if needed.
15. o.IBs must also conduct regular contingency tests to ensure that key exposures are taken into account, contingency procedures are well understood, and relevant expectations from each function are clear during times of crisis. The testing procedure must also assess the reliability of key contacts, the effectiveness of legal and operational documentation, the availability of credit lines, and the marketability of its Shari`ah-compliant asset portfolio by selling or through any collateralised mechanism. Key aspects of these tests include:
  1. -ensuring that roles and responsibilities are appropriate and understood,
  2. -confirming that contact information is up to date,
  3. -proving the transferability of cash and collateral,
  4. -ensuring that the necessary legal and operational documentation is in place to execute the plan at short notice,
  5. -proving ability to sell or purchase certain assets or periodically draw down credit lines.
16. p.The CFP must be consistent with the IB’s business continuity plans and must be operational under situations where business continuity arrangements have been invoked.

5.11 Managing Shari’ah-Compliant Collateral
1. a.IBs must be able to identify its needs for Shari’ah-compliant collateral over different time horizons, and must address the Shari’ah, legal and operational constraints on the use of such collateral. The IB must actively manage its collateral positions while differentiating between encumbered and unencumbered assets, and its information system must be able to identify available unencumbered collateral by type, currency and location, in both normal and stressed times.
2. b.IBs must have a strategy, policies and procedures in place in order to ascertain its collateral needs over various time horizons in both normal and stressed times. The IB must also determine the Shari’ah, legal, regulatory and operational constraints on utilisation and transfer of collateral over different jurisdictions and currencies, and according to the nature of assets. The IB must also estimate the level of collateral according to its liquidity buffer requirements and in consideration of the various stages of liquidity crisis stated in its CFP. The IB must also explore the opportunity to expand the range of collateral it is holding, which can be diversified in terms of currency, jurisdiction, type and tenor.
3. c.An IB must actively manage its collateral positions while differentiating between encumbered and unencumbered assets. The IB must have a robust management information system that can meet the requirements and challenges of liquidity risk management and keep track of expected cash flows in light of contractual and behavioral profiles of assets, liabilities and off-balance sheet items.

5.12 Collaboration Between IBs
1. a.IBs, especially within the same jurisdiction, should closely cooperate among themselves in order to develop Shari’ah-compliant arrangements, solutions and trading mechanisms for liquidity management purposes.
2. b.Such collaboration shall provide a robust platform and harmonised agreements for active trading amongst the IBs, with availability of market makers in various trading instruments and mechanisms.

5.13 Meeting Payment and Settlement System Obligations
1. a.Irrespective of whether an IB uses a net or a gross payment and settlement system, it must be able to manage short-term (overnight and intraday) liquidity in order to meet, on a timely basis, its payment and settlement obligations in all circumstances.
2. b.In view of the interdependencies and interconnectedness between payment and settlement systems, IBs must ensure that its critical payments are always made on a timely basis in order to avoid any potential systemic disruptions, which could prevent the smooth functioning of other payment systems and money markets.
3. c.IBs must monitor important liquidity flows and must directly contact the counterparties in the case of any late payments. IB must also assign clear roles and responsibilities with respect to the intraday management of liquidity. Looking at the time-critical nature of intraday liquidity management, IB must be able to formalise its decision-making and follow-up processes so that settlements can be monitored on a continuous basis with proper internal controls and allocation of responsibilities. Its management information system must be facilitative enough to provide the senior management and other relevant personnel with information on the IB’s liquidity and collateral positions, with flexibility to provide more detailed information when needed, especially during stressed market conditions.
  IBs must implement back-up measures in order to reduce any operational problems, such as problems with trading and settlement systems, information system networks and unauthorised access to the systems, etc. The IB must also take account of intraday considerations in its stress testing and scenario analysis exercise, the results of which must be incorporated into its CFP. IB must include the possibility of any unforeseen interruption in its intraday liquidity flows as a part of its liquidity risk planning.

5.14 Foreign Exchange Liquidity Risk
1. a.IB must have a measurement, monitoring and control mechanism for liquidity positions in each currency with a significant exposure. IB must assess, monitor and, where appropriate, limit the size of its cash-flow mismatches over particular time horizons for foreign currencies in aggregate and for each significant individual currency in which it operates, especially with respect to its domestic currency (or, where different, its functional currency).
2. b.The IB must employ appropriate stress tests and make use of Shari’ah-compliant hedging strategies for limit setting and controlling currency risk. The IB must especially limit its exposures in currencies that are not highly liquid or have low convertibility.
3. c.As a part of the overall stress testing exercise of the IB, foreign exchange liquidity must also be analysed under normal and stressed market conditions. The IB must adopt hedging techniques, including Shari`ah-compliant derivatives, if any (the swap market, in particular), remains a key feature of managing relevant foreign exchange exposures.
4. d.Where an IB provides financing facilities in foreign currencies, it can face a number of risks that must be considered as a part of its overall liquidity risk management strategy and policies. IB must consider the impact of changes in foreign currency exchange rates with respect to the domestic currency and the likely convertibility of these currencies in the event of need. In the case of an unexpected currency devaluation, local customers will be unable or will find it difficult to pay back their foreign currency financing, resulting in cash-flow problems for the IB providing such financing. As a part of its foreign currency liquidity strategy, IB must evaluate the profile of its customers in terms of the nature of its business and the sources of earnings which can impact its ability to settle the foreign currency financing.
5. e.IB must apply suitable limits on mismatches and positions in various foreign currencies on the basis of appropriate stress tests and scenario analysis. These limits must be reviewed on a regular basis. IB must also evaluate the possibility of loss of access to the foreign exchange markets, as well as the inability or difficulty in swapping currencies in the case of market disruption.
6. f.Foreign exchange settlement risk arises when an IB finds itself in unexpected positions in currencies as the result of a counterparty’s failure to settle its payments on time. In the correspondent settlement of foreign exchange, the full amount of settlement is at risk until the counterparty fulfils its foreign currency obligations. IBs must establish effective control measures and communications channels in order to mitigate any such settlement risk.

5.15 Reporting and Disclosure of Liquidity Risk
1. a.An IB must have a fully integrated information system, commensurate with its nature, size and complexity of operations, that provides clear, timely and accurate liquidity risk reports to its relevant functional units and senior management. The information system must, at suitable intervals, present to senior management and the Board a clear understanding of the IB’s liquidity risk exposures and vulnerabilities, its compliance with established policies and limits, as well as the appropriateness of management strategies with respect to approved risk tolerance.
2. b.IBs must have a reliable management information system designed to provide the Board, senior management and other appropriate personnel with timely and forward-looking information on the liquidity position of the IB. The management information system must have the ability to calculate liquidity positions in all of the currencies in which the bank conducts business – both on a subsidiary/branch basis in all jurisdictions in which the bank is active and on an aggregate group basis. It must capture all sources of liquidity risk, including contingent risks and the related triggers and those arising from new activities, and have the ability to deliver more granular and time sensitive information during stress events.
3. c.To effectively manage and monitor its net funding requirements, IBs must have the ability to calculate liquidity positions on an intraday basis, on a day-to-day basis for the shorter time horizons, and over a series of more distant time periods thereafter. The management information system must be used in day-to-day liquidity risk management to monitor compliance with the bank’s established policies, procedures and limits.
4. d.The IB must make appropriate and regular disclosures of qualitative and quantitative information about its liquidity position and liquidity risk management practices through suitable channels.
5. e.Senior management must define the types, contents, scope and frequencies of reporting to different levels of management and the board, including various committees such as ALCO and the risk management committee.
6. f.Liquidity risk reports must provide aggregate information with adequate supporting granularity to enable the recipients to assess the liquidity risk position of the IB in changing market conditions. The reports must pick up any “early warning signals” and provide enough information to the recipients for them to make informed decisions and appropriate changes in policies, procedures and associated thresholds. The reports must also provide information on compliance with the IB’s established policies and procedures, along with details of any breaches and exceptions. The reporting must enable the management to evaluate trends in the aggregate liquidity risk exposure of the IB, as well as its components, in order to provide a basis for timely decision-making and corrective actions.
7. g.IB’s liquidity risk disclosures must include:
  1. i.summary of the liquidity risk management framework that addresses risk exposure for each category of funding (current accounts, unrestricted and restricted IA), as well as on an aggregate basis;
  2. ii.general information on policies to manage and mitigate liquidity risk, taking into account the ease of access to Shari`ah-compliant funds and the diversity of funding sources;
  3. iii.indicators of exposure to liquidity risk, such as the ratio of short-term assets to short-term liabilities and investment accounts, liquid asset ratios or funding volatility;
  4. iv.maturity analysis of financing and various categories of funding (current account, unrestricted and restricted investment account) by different maturity buckets;
  5. v.policy on maintaining liquidity buffers;
  6. vi.the frequency and type of internal liquidity reporting;
  7. vii.an explanation of the utilisation of stress testing in a liquidity risk management framework;
  8. viii.a summary of the features and testing plans of the CFP; and
  9. ix.supervisory restrictions on the transfer of liquidity among group entities, if any.

Article (6) Quantitative Requirements
1. a.This article addresses the quantitative requirements contained in the regulations and emphasises the key focus of the Central Bank in its on and off site examination of IB.
2. b.The quantitative requirements come into force on 30 June 2022, meanwhile, IBs must continue to report based on the existing enforceable standards. Any IB that expects to be in breach of the Regulations and Standard must approach the Central Bank to discuss a remediation plan. Breaches will be dealt with on a case by case basis. The Central Bank will apply proportionality in determining the suitability of some of the more complex requirements for smaller IBs.
Liquidity Ratios
1. c.There are four main liquidity ratios:
  1. i.Eligible Liquid Asset Ratio (“ELAR”),
  2. ii.Advances to Stable Resources Ratio (“ASRR”),
  3. iii.Liquidity Coverage Ratio (“LCR”), and
  4. iv.Net Stable Funding Ratio (“NSFR”).
  IBs that apply and are approved to be assessed under LCR and NSFR cannot elect to revert to the ELAR regulatory framework and once approved must comply with both LCR and NSFR.

6.1 Eligible Liquid Asset Ratio
1. a.ELAR is a ratio of the stock of eligible liquid assets to total liabilities (excluding liabilities allowed in the regulatory capital base). It is a measure that aims to ensure that banks hold minimum buffers of liquid assets.
2. b.Eligible liquid assets under ELAR are:
  1. i.Account balances at the Central Bank;
  2. ii.Physical cash at the IB;
  3. iii.Central Bank Islamic CDs and other Central Bank’s other Islamic instruments;
  4. iv.UAE Federal Government Sukuk;
  5. v.Reserve requirements;
  6. vi.UAE local government and Public Sector Entities’ publicly traded Shari’ah compliant securities that are assigned 0% credit risk weighting under standardized approach (limited to a maximum of 20% of eligible liquid assets);
  7. vii.Foreign, Sovereign Shari’ah compliant instruments or Shari’ah compliant instruments issued by their central banks, also multilateral development banks all of which receive 0% credit risk weighting under Standardized approach (limited to a maximum of 15% of eligible liquid assets).
3. c.IBs required to comply with ELAR must hold an amount equivalent to at least 10% (or some other percentage as set by the Central Bank) of their total on balance sheet liabilities at all times in the above assets. This ratio may be subject to upward revisions from time to time either as a result of Central Bank policy or as a result of a recalibration exercise.

6.2 Advances to Stable Resources Ratio
This measure detailed in the current Central Bank reporting (BRF7) continues to be in effect for IBs unless an individual IB is permitted to apply the NSFR under the Central Bank's LCR/NSFR Liquidity Framework.

6.3 Liquidity Coverage Ratio
1. a.LCR is the ratio of the stock of High Quality Liquid Assets (“HQLA”) to total net cash outflows over the next 30 days. It represents a 30 days stress scenario with combined assumptions covering both bank specific and market wide stresses.
2. b.The objective of the LCR is to promote IBs’ resilience against short-term liquidity shocks. To meet this requirement, an IB is obliged to have an adequate stock of unencumbered HQLA that can be converted easily and immediately into cash with no or little loss of value, in order to meet its liquidity needs for a 30-calendar-day period under a liquidity stress scenario. This is based on the assumption that, if the requirement is met, the IB could survive for the 30 days of the given stress scenario. This period allows the IB an adequate time to make necessary arrangements and undertake corrective actions to resolve internal liquidity problems.
3. c.Therefore, the LCR is based on the assumption that a combined set of idiosyncratic and market-wide shocks may trigger the run-off of a proportion of retail deposits, including investment accounts, and a partial loss of unsecured wholesale funding capacity. The LCR is also developed based on the possibility that stressed market conditions would result in a partial loss of secured, short-term financing with certain collateral and counterparties, and an increase in market volatilities that impact the quality and solvency of the collateral, given that many IB’s transactions are backed by physical assets. In volatile market conditions, an IB may encounter additional contractual outflows and unscheduled drawdowns of committed but unused credit and liquidity facilities. Similarly, IB could find itself compelled to honor non-contractual obligations for the sake of avoiding the reputational risk that would arise from a perception by the market that the IB was, for example, allowing a related entity to become insolvent.

6.3.1 Formula for Calculating LCR
1. a. The LCR consists of two components:
  HQLA (Shari’ah-compliant) as the numerator and net cash outflows over the next 30 days as the denominator, both in a stress scenario. The HQLA are the assets that can be easily and immediately converted into cash, with no or little loss of value, during a time of stress.
  The total net cash outflows will be calculated as the total expected cash outflows minus total expected cash inflows in the specified stress scenario for the subsequent 30 calendar days.
2. b. The formula for calculating LCR, therefore, is as follows:
1. c. Total expected cash inflows are calculated by multiplying the outstanding balances of various categories of contractual receivables by the rates at which they are expected to flow in under the specified scenario up to an aggregate cap of 75% of total expected cash outflows. There is a cap applied on total cash inflows in order to prevent IBs from relying solely on anticipated inflows to meet their liquidity requirements, and also to ensure a minimum level of HQLA holdings. Accordingly, the amount of inflows that can offset outflows is capped at 75% of total expected cash outflows. Therefore, by applying this cap, the IB is required to hold a minimum amount of stock of HQLA equal to 25% of the total net cash outflows.
2. d.
  Total net cash outflows over the next 30 calendar days = Total gross expected cash outflows - Lesser of (total expected cash inflows; 75% of total expected cash outflows)
3. e. The LCR requirement is based on a scenario that entails a combination of idiosyncratic and market-wide shocks; nevertheless, IBs must develop its own scenarios based on liquidity stress testing of their portfolio. IBs must hold more HQLA if the results of their stress tests indicate that this is necessary. Such internal stress tests must incorporate longer time horizons than that mandated by this Standard. IB is expected to share the results of these additional stress tests with the Central Bank.

6.3.2 Components of High-Quality Liquid Assets (HQLA)
1. a.The HQLA are defined as assets unencumbered by liens and other restrictions on transfer which can be converted into cash easily and immediately, with little or no loss of value, including under the stress scenario.
2. b.HQLA are to be determined on the basis of the eligibility criteria for different categories of HQLA and must be subject to the limits applicable to each category. These eligibility criteria for HQLA and composition limits are intended to ensure that an IB’s HQLA stock provides it with the ability to generate liquidity in fairly short order, through sale or secured funding in a stress scenario. The assets are required to meet fundamental and market-related characteristics, particularly in terms of low risk, ease and certainty of valuation, and low volatility. HQLA is also eligible for intraday and overnight liquidity facilities offered by the Central Bank.
3. c.To be considered as HQLA, an asset must also have a low correlation with risky assets, an active and sizeable market, and low volatility. This requirement has to be fulfilled at all times, including during an underlying stress scenario. These factors assist the Central Bank to determine which assets qualify as HQLA. The Central Bank also will consider risk components of HQLA, such as liquidity risk, market risk, credit risk, and operational risk. For Shari’ah-compliant assets, the risk of Shari’ah non-compliance and associated reputational problems could significantly limit liquidity for these assets – both sale and interbank trading – in the secondary market.
4. d.HQLA (except Level 2B assets, as defined below) is eligible for use as collateral when seeking short- to medium-term liquidity facilities from the Central Bank.
5. e.To meet HQLA requirements, the assets must possess the following characteristics:
  i.Fundamental characteristics:
  The assets must be low risk, as reflected in the high credit rating of the issuer or the instruments. The assets must be easy to value, have a homogeneous and relatively simple structure, and not be subject to wrong-way (highly correlated) risk. Shari’ah compliance of the structure and contracts underlying the liquid assets is another critical criterion of HQLA for IBs. Ideally, the asset must be listed on a national, regional or international stock exchange to ensure that sufficient information on pricing and trading is available to the public.
  ii.Market-related characteristics
  The assets are expected to be liquefiable at any time. Thus, as far as possible, there must be historical evidence of market breadth and depth. This could be demonstrated by low bid–ask spreads, high trading volumes, and a large and diverse number of market participants. Availability of market-makers is another factor for consideration. The asset prices are expected to have remained relatively stable and be less prone to sharp price declines over time, including during stress conditions.
  Assets must be tested through sale or Shari’ah-compliant alternatives of repurchase (repo) transactions to ascertain whether the liquid assets meet the criteria of “high quality” and fulfil the fundamental and market-related characteristics mentioned above. It is required that the liquidity-generating capacity of HQLA remains unchanged in periods of severe idiosyncratic and market stress. Lower-quality assets typically fail to meet that test. It must be noted that, in severe market conditions, if IBs attempt to raise liquidity from lower-quality assets, this will lead to significantly discounted prices. This may not only worsen the market’s confidence in the Islamic Banks but also may generate mark-to-market losses for its similar assets and put pressure on its liquidity position. In these conditions, market liquidity for lower-quality assets is likely to disappear quickly.

6.3.3 Categorisation of HQLA
1. a.Level 1 Assets:
  HQLA are divided into two main categories or levels: Level 1 and Level 2. Level 1 assets can constitute an unlimited share of the pool and are not normally subject to a haircut under the LCR.
2. b.Level 1 assets are limited to:
  1. a.Coins and Banknotes;
  2. b.Reserves and account balances held at the Central Bank;
  3. c.Central Bank’s Islamic CDs;
  4. d.Sukuk and other Shari’ah-compliant marketable securities issued or guaranteed by UAE Federal Government or Local Governments;
  5. e.Sukuk and other Shari’ah-compliant marketable securities issued or guaranteed by multilateral development banks (MDBs) which are assigned a 0% risk weight;
  6. f.Sukuk and other Shari’ah-compliant marketable securities issued by foreign sovereign or foreign central banks that have a 0% risk weight; and
  7. g.Sukuk and other Shari’ah-compliant marketable securities issued by UAE Public Sector Entities’ (PSE or GRE) that have a non-0% risk weight.
3. c.Those assets that are 0% risk weighted and unrated are unlikely to have the same depth of market as those that are rated above investment grade in a stress scenario. IBs must take this into account when assessing an asset’s suitability and a liquidity premium charged. In any case, 0% risk weighted assets that are not rated cannot exceed 25% of the total Level 1 HQLA.
4. d.Level 2A Assets:
  Level 2 assets compromise Level 2A and Level 2B assets as permitted by the Central Bank. Level 2A assets are limited to the following, subject to a 15% haircut applied to the current market value of each asset:
  1. a.Shari’ah-compliant marketable securities/Sukuk issued or guaranteed by sovereigns, central banks, PSEs, MDBs, which are assigned a 20% risk weight;
  2. b.Shari’ah-compliant securities (including Shari’ah-compliant commercial paper) and Sukuk that satisfy all of the following conditions:
    1. i.not issued by an IB /financial institution or any of its affiliated entities;
    2. ii.either: (a) have a long-term credit rating from a recognised external credit assessment institution (ECAI) of at least AA- or, in the absence of a long-term rating, a short-term rating equivalent in quality to the long-term rating; or (b) do not have a credit assessment by a recognised ECAI but are internally rated as having a probability of default corresponding to a credit rating of at least AA-.
    These assets must be:
    a) traded in a market characterised by a low level of concentration; and
    b) able to be regarded as a reliable source of liquidity at all times (i.e. maximum decline of price must not exceed volatility targets over a 30 day period during a relevant period of significant liquidity stress).
5. e.Level 2B Assets:
  The Level 2B assets are limited to the following:
  1. 1)Sukuk and other Shari’ah-compliant securities backed by commodity(ies) and other real asset(s) that satisfy all of the following conditions, subject to a 25% haircut:
    1. i.not issued by the IB, and the underlying assets have not been originated by, the IB itself or any of its affiliated entities;
    2. ii.have a long-term credit rating from a recognised ECAI of AA or higher, or in the absence of a long-term rating, a short-term rating equivalent in quality to the long-term rating;
    3. iii.being traded in a market characterised by a low level of concentration and being regarded as a reliable source of liquidity at all times – that is, a maximum decline of price must not exceed volatility targets over a 30 day period during a relevant period of significant liquidity stress; and
    4. iv.the underlying asset pool is restricted to Shari’ah-compliant (residential) mortgages and cannot contain structured products.
  2. 2)Sukuk and other Shari’ah-compliant securities that satisfy all of the following conditions may be included in Level 2B, subject to a 50% haircut:
    1. i.not issued by a financial institution or any of its affiliated entities;
    2. ii.either: (a) have a long-term credit rating from a recognised ECAI of between A+ and BBB- or, in the absence of a long-term rating, a short-term rating equivalent in quality to the long-term rating; or (b) do not have a credit assessment by a recognised ECAI and are internally rated as having a probability of default corresponding to a credit rating of between A+ and BBB-; and
    3. iii.being traded in a market characteried by a low level of concentration and being regarded as a reliable source of liquidity at all times – that is, a maximum decline in price not exceeding 20% or an increase in a haircut over a 30-day period not exceeding 20 percentage points during a relevant period of significant liquidity stress.
  3. 3)Shari’ah-compliant equity shares that satisfy all of the following conditions may be included in Level 2B, subject to a 50% haircut:
    1. i.not issued by a financial institution or any of its affiliated entities;
    2. ii.exchange traded and centrally cleared;
    3. iii.a constituent of the major stock index in the UAE or where the liquidity risk is taken, as decided by the Central Bank of the UAE where the index is located;
    4. iv.denominated in the UAE dirhams or in the currency of the jurisdiction where its liquidity risk is taken; and
    5. v.being traded in a capital market characterised by a low level of concentration and being regarded as a reliable source of liquidity at all times – that is, a maximum decline in share price not exceeding 40% or an increase in a haircut not exceeding 40 percentage points over a 30-day period during a relevant period of significant liquidity stress.
  4. 4)Other Shari’ah-compliant instruments or Sukuk that are widely recognised in the UAE may be included in Level 2B, subject to a minimum 50% haircut if they meet the following conditions:
    1. i.not issued by a financial institution or any of its affiliated entities; and
    2. ii.being traded in a market characterised by a low level of concentration and being regarded as a reliable source of liquidity at all times.
  5. 5)Sukuk and other Shari’ah-compliant marketable securities issued by sovereign or central banks rated BBB+ to BBB- that are not included in Level 1 assets may be included in Level 2B assets with a 50% haircut.
6. f.A cap will be applicable to the use of Level 2 assets, up to 40% of the total stock of HQLA, after the application of required haircuts. Specific to the Level 2B assets, the total assets under this category must comprise no more than 15% of the total stock of HQLA after the application of required haircuts and must be included within the overall 40% cap on Level 2 assets.
7. g.Given that the UAE Dirham is pegged to the US Dollar, for the sake of flexibility US$/AED currency mismatches can be offset. It must be noted though that it is required that liquid assets be held in the currency of the net outflow, including both the US$ and AED individually, and IBs are expected to comply where possible. However, net outflows in other GCC currencies pegged to the US$ that exceed 15% of the total LCR net outflows must be matched. Other pegged and free floating currencies must be matched if they exceed 10% of total net LCR outflows.

6.3.4 Operational Considerations for HQLA
1. a.Assets meeting the fundamental and market-related characteristics cannot automatically be recognised as HQLA. The assets are subject to operational requirements that are designed to ensure that the stock of HQLA is managed in such a way that an IB can, and is able to demonstrate that it can, immediately use the stock of assets as a source of contingent funds that is available to the IB to convert into cash through Shari’ah-compliant mechanisms – that is, outright sale or the use of Shari’ah-compliant alternatives to repurchase (repo) transactions – to fill funding gaps between cash inflows and outflows at any time during the 30-day stress period, with no restriction on the use of the liquidity generated. IBs may follow the internationally accepted operational requirements for the asset to be recognised as HQLA.
2. b.In particular, the assets must fulfil the following operational requirements:
  1. i.All assets included in HQLA must meet the requirement to be unencumbered, which means free of legal, regulatory, contractual or other restrictions on the ability of the IBs to liquidate, sell, transfer or assign the asset. However, assets which qualify as HQLA that have been pre-positioned or deposited with, or pledged to, the Central Bank or a PSE, but have not been used to generate liquidity, may be included in the stock.
  2. ii.The assets must be under the control of the IB’s liquidity risk management function. IBs may segregate the HQLA from other assets with the sole intent to use HQLA as a source of liquidity. IBs must undertake the necessary initiatives to ensure the assets are accessible to the market, to minimise the risk that they cannot be transferred and liquidated during a period of actual stress. To ensure the liquidity of the HQLA in a stress period, IBs must periodically liquidate a sample of HQLA to test their access to the market, the effectiveness of their processes of liquidation, and the availability of the assets.
  3. iii.IBs must mitigate market and rate of return risk associated with ownership of the stock of HQLA in accordance with the Shari’ah rules and principles. IBs must also consider the impact of early settlement on the mitigation technique, if applicable, as well as other risks that may occur due to such transactions. If an IB chooses to mitigate some underlying risk by hedging it in a Shari’ah-compliant manner, the IB must include in its total cash outflows those that would result from the termination of any specific hedging transaction against the HQLA.
  4. iv.Any surplus of HQLA held by a legal entity within a group can be included at the consolidated level only if those assets would also be freely available to the consolidated (parent) entity in times of stress.
  5. v.A bank must develop and implement procedures, systems and controls that enable it to determine the stock of HQLA in terms of composition and various characteristics. Such procedures and systems enable the IBs to:
    - •confirm the eligibility of an asset for inclusion as a HQLA;
    - •ensure that its HQLA are appropriately diversified across asset type, issuer, currency and other factors associated with liquidity risk;
    - •identify the location of HQLA; and
    - •confirm that the amounts of HQLA held in foreign markets are adequate to meet its LCR in those markets.
  6. vi.IBs must periodically monetise a representative proportion of the assets in its stock of HQLA through sale and Shari’ah-compliant alternatives of repurchase (repo) transactions in order to test its access to the market, the effectiveness of its processes for liquidation and the availability of the assets, and to minimise the risk of negative signaling during a period of actual stress.
3. c.The stock of HQLA must be well diversified within the asset classes (except for instruments issued by the sovereign government of the UAE or from the jurisdiction in which the IB operates, Central Bank reserves, Central Bank securities and cash). IB must therefore have policies and limits in place in order to avoid concentration with respect to asset types, issue and issuer types, and currency (consistent with the distribution of net cash outflows by currency) within asset classes.
4. d.IBs must endeavour to hold eligible liquid assets in the currencies that match the currencies of the net cash outflow. Liquid asset portfolios must be well diversified in terms of counterparties and tenor and held for the sole purpose of managing liquidity risk.

6.3.5 Components of Total Net Cash Outflows
1. a.The term “total net cash outflows” is defined as the total expected cash outflows minus total expected cash inflows in the specified stress scenario for the subsequent 30 calendar days. Total expected cash outflows are calculated by multiplying the outstanding balances of various categories or types of liabilities and IA, and off-balance sheet (OBS) commitments by the rates at which they are expected to run off or be drawn down.
2. b.Total expected cash inflows are calculated by multiplying the outstanding balances of various categories of contractual receivables by the rates at which they are expected to flow in under the scenario up to an aggregate cap of 75% of total expected cash outflows.
3. c.To avoid double counting, for assets that are included as part of the stock of HQLA (i.e. the numerator of the LCR), the associated cash inflows cannot also be counted as cash inflows in calculating net cash outflows. Therefore, instruments that are utilised for intraday liquidity facilities must be excluded from the components of HQLA. Obligations arising from the assets will remain recorded as components of total net cash outflows.

6.3.6 Cash Outflows

a.IB shall calculate total cash outflows based on the categories of cash outflows as listed below. Each category consists of various types of liabilities or IA, which have their own run-off factors tied to their behavioral characteristics.
b.Treatment of IAs
Income-earning deposits with IB, whether retail or wholesale, typically take the form of IA, which are categorised as follows:
a) Restricted IA (RIA), and
b) Unrestricted IA (UIA).
c.The applicable run-off factor for IA depends on the withdrawal rights of the IAH and whether they are retail or wholesale accounts. Whether the IA are reported on-or off-balance sheet is not relevant. In the case of RIA, IAH may or may not have the right to withdraw funds before the contractual maturity date. For RIA with no withdrawal rights prior to maturity, the IB managing the RIA is not exposed to run-off for LCR purposes, unless the contract maturity date falls within the next 30 days. Alternatively, IAH may have withdrawal rights subject to giving at least 30 days’ notice. In this case, also, the IBs managing these RIA is not exposed to run-off from them for LCR purposes (except for those accounts for which notice of withdrawal has been given and the withdrawal date falls within the next 30 days, or those which mature within the next 30 days). Only in the case of RIA from which the IAH may withdraw funds at less than 30 days’ notice without any “significant reduction of profit” is the IB exposed to run-off for LCR purposes. To be “significant”, a reduction of profit must be considerably more than a mere loss of accrued income. Where an IB offers such RIA, it would be expected to retain a proportion of HQLA in the relevant RIA fund in order to meet withdrawals, in which case the HQLA would be netted off the amount of the run-off in calculating the total net cash outflows. However, it must be noted that if an IB has voluntarily waived such restrictions and permitted withdrawals to be made at short notice (i.e. less than 30 days) without any significant reduction of profit, such restrictions will have to be ignored subsequently in determining the applicable run-off factor. The run-off factor applied to the RIA is based on the aforementioned minimum ratios. Where the funds of RIA are invested in assets with a liquid secondary market, such that under normal conditions the assets may be monetised rapidly in time to meet a demand for withdrawal, there is a risk that under stressed conditions it may not be possible to monetise the assets so readily. Hence, there is a potential exposure to a (net) run-off for LCR purposes. The amount of the run-off for LCR purposes must therefore be reduced only in respect of cash and HQLA held in the RIA fund.
d.For UIA, in some cases withdrawals will be permitted either on demand or at less than 30 days’ notice. The run-off factor applied to UIA depends on the contractual withdrawal rights of the IAH.
e.Retail Deposits and IAs
Retail deposits are separated into stable and less stable deposits. Stable retail deposits receive 5% run off and less stable receive 10% run off.
f.Current retail deposits/IA are considered stable if:
1. i.They are resident deposits and,
2. ii.A relationship with the customer has been well established, for example the customer has been dealing with the bank for over 1 year; or
3. iii.The customer uses the account for transactions such as salary being deposited in the account, paying bills and standing order payments.
g.Retail term deposits/IA which are maturing within the 30 day period are classified as stable if:
1. i.They are resident deposits, and
2. ii.A relationship with the customer has been well established, for example, the term deposit has a history of being rolled over at maturity with the IB, or the relationship has been established for over 1 year with the customer.
h.Deposits from small and medium sized entities (SMEs) can be treated as retail deposits (as per the clauses above), if their deposit amount is less than AED 20 Million.
i.Unsecured deposits from non-financial corporates – 40% run off for Non- operational and 25% run off for operational.
j.Unsecured Wholesale Funding
Unsecured wholesale funding is defined as those liabilities and general obligations of the IBs that are raised from non-natural persons such as legal entities, including sole proprietorships and partnerships and are not collateralised by legal rights to specifically designated assets owned by the funding institution in the case of bankruptcy, insolvency, liquidation or resolution. The wholesale funding included in the LCR includes funding that is callable within the LCR’s horizon of 30 days or that has its earliest possible contractual maturity date situated within this horizon, as well as funding with an undetermined maturity. Wholesale funding that is callable by the funds provider subject to a contractually defined and binding notice period surpassing the 30-day horizon is not included.
k.The outflows to unsecured wholesale funding are further categorised into five categories. First are current and term accounts (less than 30 days’ maturity) provided by small business customers. As with the categorisation of retail deposits, these types of current and term accounts are further divided into stable and less stable deposits. Treatment of the current and term accounts provided by small business customers is also similar to the treatment of the retail deposits. Stable deposits are assigned a 5% run-off factor, while less stable deposits are assigned run-off factors based on the different buckets that are determined according to the risk profiles of each group, with a minimum run-off factor of 10%. As indicated above, in the case of IBs that do not practice “smoothing” of profit payouts to IAH, a higher run-off factor must be applied. Categorisation of the buckets and their run-off factors shall be similar to that of the buckets of less stable current and term accounts in the retail category.
l.The second category is operational accounts generated by clearing, custody and cash management activities. These deposits are defined as deposits placed by financial and non-financial customers in order to facilitate their access to and ability to use payment and settlement systems and otherwise make payments. These funds are assigned a 25% run-off factor. However, this factor is only applicable if the customer has a substantive dependency on the IBs and the deposit required for such activities, and meets the international definition and qualifying criteria for funds to be recognised as operational accounts.
m.In order to ensure consistent and effective implementation of operational accounts, one or more of the following criteria for determining the eligibility of any account as an operational account must be met:
1. i.used for providing cash management, custody or clearing products only;
2. ii.must be provided under a legally binding agreement to institutional customers;
3. iii.termination of these accounts shall be subject to either a notice period of at least 30 days or a significant reduction of profit for closing these accounts; and
4. iv.returns on these accounts are determined without giving any economic incentive to the customer to leave any excess funds in the accounts.
n.Any excess balances that could be withdrawn and would still leave enough funds to fulfil the clearing, custody and cash management activities do not qualify for the 25% factor. In other words, only that part of the deposit balance with the service provider that is proven to serve a customer’s operational needs can qualify as stable. Excess balances must be treated in the appropriate category for non-operational accounts. If the IB is unable to determine the amount of the excess balance, then the entire deposit must be assumed to be excess to requirements and, therefore, considered non-operational. The IB must determine the methodology for identifying excess deposits that are excluded from this treatment. This assessment must be conducted at a sufficiently granular level to adequately assess the risk of withdrawal in an idiosyncratic stress scenario.
o.The third category includes funds from an institutional network of cooperative IB. In some jurisdictions, there are IBs that act as “central institutions” or central service providers for lower-tier IBs, such as Islamic cooperatives. A 25% run-off rate can be applied by such an IBs to the amount of deposits member institutions place with it as their central institution or specialised central service provider that are placed (a) due to statutory minimum deposit requirements, and which are registered at regulatory authorities, or (b) in the context of common task-sharing and legal, statutory or contractual arrangements. As with other operational accounts, these deposits would receive a 0% inflow assumption for the IBs. Supervisory approval would be needed in each case to ensure that IBs utilising this treatment actually are the central institutions or central service providers (e.g. to a cooperative network).
p.The fourth category is unsecured wholesale funding provided by non-financial corporates and sovereigns, the Central Bank, MDBs and PSEs. A 40% run-off factor is applicable to funds from such sources that are not specifically held for operational purposes.
q.The last category is “other entities”. This category consists of all deposits and funding from other institutions including, among others, banks, IBs, securities firms, insurance or Islamic insurance (Takaful) companies, etc., fiduciaries and beneficiaries, conduits and special purpose vehicles, affiliated entities of the IBs, and any other entities that are not specifically held for operational purposes and are not included in the prior categories. The run-off factor for these funds is 100%.
r.Secured Funds
Secured funding is defined as liabilities and general obligations with maturities of less than 30 days that are collateralised by legal rights to specifically designated assets owned by the counterparty in the case of bankruptcy, insolvency, liquidation or resolution. Various run-off factors are assigned to these funds, depending on the type of collateral. The secured funding transactions with a central bank counterparty or backed by Level 1 assets with any counterparty are assigned a 0% run-off factor. A 15% run-off factor is assigned to secured funding transactions backed by Level 2A assets with any counterparty.
s.Higher run-off factors are assigned to secured funding not backed by Level 1 or Level 2A assets. Secured funding transactions backed by assets that are neither Level 1 nor Level 2A, with domestic sovereign, MDBs or domestic PSEs as a counterparty, as well as secured funding backed by commodity or real assets eligible for inclusion in Level 2B, may receive 25% run-off factors. On the other hand, secured funding backed by other Level 2B assets and all other secured funding transactions that do not fall within the above categorisations shall be assigned 50% and 100% run-off factors, respectively.
t.For all other maturing transactions, the run-off factor is 100%, including transactions where IB has met customers’ short positions with its own long inventory. Table below summarises the applicable standards.
u.For all other maturing transactions, the run-off factor is 100%, including transactions where IB has met customers’ short positions with its own long inventory. Table below summarises the applicable standards.
Amount to Add to Cash Outflows:

Categories for outstanding maturing secured funding transactions	Amount to add to cash outflows
Backed by Level 1 assets or with central banks	0%
Backed by Level 2A assets	15%
Secured funding transactions with domestic sovereign, PSEs or MDBs that are not backed by Level 1 or 2A assets. PSEs that receive this treatment are limited to those that have a risk weight of 20% or lower. Backed by Shari’ah-compliant residential mortgage-backed securities (RMBS)28 eligible for inclusion in Level 2B	25%
Backed by other Level 2B assets	50%
All others	100%

Additional Requirements:

v.Some instruments under this category could include Shari’ah-compliant hedging (Tahawwut) instruments, which are assigned a 100% run-off factor; undrawn credit and liquidity facilities to retail and small business customers, which are assigned a 5% run-off factor; undrawn financing facilities to non-financial corporates as well as sovereigns, central banks, PSEs and MDBs, which are assigned a 10% run-off factor for credit and a 30% run-off factor for liquidity; as well as other contractual obligations extended to financial institutions/IBs, which are assigned a 100% run-off factor.
w.Some instruments under this category could include Shari’ah-compliant hedging (Tahawwut) instruments, which are assigned a 100% run-off factor; undrawn credit and liquidity facilities to retail and small business customers, which are assigned a 5% run-off factor; undrawn financing facilities to non-financial corporates as well as sovereigns, central banks, PSEs and MDBs, which are assigned a 10% run-off factor for credit and a 30% run-off factor for liquidity; as well as other contractual obligations extended to financial institutions/IBs, which are assigned a 100% run-off factor.
x.Shari’ah-compliant Interbank Contracts
The instruments traded in the conventional interbank market are usually short-term and liquid in nature, and their maturities range from one day up to a year. The trading is wholesale and mostly conducted over the counter. An Islamic interbank money market would essentially perform similar functions with the exception that the instruments used must comply with Shari’ah principles. Widely used Shari’ah-compliant instruments used by IBs for interbank liquidity management are based on Mudarabah, commodity Murabahah or Wakalah arrangements. All these contracts are structured as unsecured wholesale funding. The run-off rate applied to these transactions, maturing in the next 30 calendar days, is 100%.

6.3.7 Cash Inflows
1. a.Cash Inflows – 100% in the normal course of business inflows with a cap of 75% of outflows
2. b.When considering its cash inflows, an IB must include only contractual inflows from outstanding exposures that are fully performing and for which the IB has no reason to expect a default within the 30-day time horizon. Contingent inflows (such as returns on profit-sharing instruments) are not included in total net cash inflows. IB need to monitor the concentration of expected inflows across wholesale counterparties. In order to prevent IB from placing too much reliance on expected inflows to meet their liquidity requirement, and to ensure a minimum level of HQLA holdings, the amount of inflows that can offset outflows is capped at 75% of total expected cash outflows as defined in this standard.
3. c.The first category of cash inflows is secured financing, including Shari’ah-compliant alternatives to reverse repos and securities borrowing. Unless stated otherwise, the run-off rates mentioned in the following can be applied.
4. d.IB must assume that the maturity of financing secured by Level 1 assets will be rolled over and will not give rise to any cash inflows. Therefore, an inflow factor of 0% will be applied to this kind of transaction. Maturing financing secured by Level 2 assets will lead to cash inflows equivalent to the relevant haircut for the specific assets. For instance, a 15% inflow factor is assigned if the transaction is secured by Level 2A assets; and an inflow factor of 25–50% is assigned if it is secured by Level 2B assets. IB is assumed not to roll over maturing secured financing covered by non-HQLA assets, and can assume that it will receive back 100% of the cash related to those agreements (i.e. an inflow factor of 100%).
5. e.The second category of IB cash inflows is committed facilities. No financing facilities, liquidity facilities or other contingent funding facilities that the IB holds at other institutions for its own purposes will be assumed to be drawn. Such facilities receive a 0% inflow rate, meaning that this scenario does not consider inflows from committed financing or liquidity facilities.
6. f.The third category of cash inflows is inflows from various counterparties, for which the inflow rate is determined by the type of counterparty. This category of inflows takes into account cash inflows from either secured or unsecured transactions from various counterparties, which are categorised as: (a) retail customers and small business customers and (b) wholesale inflows, including non-financial corporates, as well as financial institutions/IBs and other entities. The inflow rate will be determined based on the type of counterparty. Non-financial wholesale counterparties, as well as retail customers, may be assigned a 50% inflow factor, while financial institutions/IBs and central bank counterparties may be assigned a 100% inflow factor.
7. g.Inflows from financing that have no specific maturity (i.e. have undefined or open maturity) must not be included. Therefore, no assumptions must be applied as to when maturity of such financing would occur. An exception to this would be minimum payments of principal, fee or profit associated with an open maturity financing, provided that such payments are contractually due within 30 days. These minimum payment amounts must be captured as inflows, at the rates prescribed in (d), to these transactions.
8. h.Inflows from securities maturing within 30 days that are not included in the stock of HQLA must be placed in the same category as inflows from financial institutions (i.e. 100% inflow). IBs may also recognise in this category inflows from the release of balances held in segregated accounts in accordance with regulatory requirements for the protection of customer trading assets, provided that these segregated balances are maintained in HQLA. These inflows must be calculated in line with the treatment of other related outflows and inflows covered in this standard. Level 1 and Level 2 securities maturing within 30 days must be included in the stock of HQLA rather than being counted as inflows, provided that they meet all operational and definitional requirements.
9. i.Deposits held at other IBs for operational purposes which fall under the category of operational accounts are assumed to stay at the counterparties. Thus, no inflows can be counted for these funds (0% inflow rate). The same treatment applies for deposits held at the centralised institution in a cooperative banking network, as such funds are assumed to stay at the centralised institution.
10. j.The last category is other cash inflows – that is, inflows that are not categorised under the above categories. This category includes Shari’ah-compliant hedging to which an inflow rate of 100% is assigned. Cash inflows related to non-financial revenues, however, are not taken into account in the calculation of the net cash outflows for the purposes of the LCR.

6.4 Net Stable Funding Ratio (NSFR)
1. a.NSFR is the ratio of the available amount of stable funding relative to the required amount of stable funding. It is a structural ratio that aims to ensure that the banks have sufficient long-term funding beyond the LCR’s 30 day time horizon to meet both the funding of its long term assets and the funding of a portion of contingent liability.
2. b.The intention of the NSFR is to promote better stable funding of the assets and activities of banking institutions. The NSFR is applicable to IBs approved by the Central Bank to operate under the LCR/NSFR regulatory framework. The purpose of the NSFR is to promote resilience over a longer time horizon than the LCR by creating additional incentives for institutions to fund their activities with more stable sources of funding on an ongoing basis. The NSFR supplements the LCR and has a time horizon of one year. It has been developed to promote a sustainable maturity structure of assets and liabilities. It ensures that longer-term assets are funded with at least a minimum amount of stable liabilities over a 12-month time horizon.
3. c.The NSFR can be summarised as the requirement for a minimum amount of “stable funding” over a one-year time horizon based on liquidity risk factors assigned to assets, OBS liquidity exposures and other contingent funding obligations. The objective of the ratio is to ensure stable funding on an ongoing, viable entity basis, over one year.

6.4.1 Formula for Calculating NSFR
1. a.There are two components of the NSFR:
  - -available stable funding (ASF); and
  - -required stable funding (RSF).
  The NSFR is defined as the ratio of the amount of available amount of stable funding to the amount of required stable funding. This ratio must be equal to at least 100% on an ongoing basis. Available stable funding is defined as the portion of those types and amounts of equity and liability financing expected to be reliable sources of funds over a one-year time horizon. Required stable funding is based on the liquidity characteristics and residual maturities of the various kinds of assets held by IBs as well as those included in its OBS exposures.
2. b.
3. c.The amount of ASF is composed of the total amount of an IB’s (1) capital, (2) UIA with a maturity equal to or greater than one year, (3) liabilities or Sukuk issued with effective or remaining maturities of one year or greater, and (4) that portion of “stable” deposits and/or UIA with maturities of less than one year that would be expected to stay with the IB. On the other hand, the amount of RSF is measured using supervisory assumptions about the broad characteristics of the liquidity risk profiles of an IB’s assets and OBS exposures. A certain RSF factor is assigned to each asset type, with those assets deemed to be more liquid receiving a lower RSF factor and therefore requiring less stable funding.
4. d.The ASF and RSF are based on a presumed degree of stability of liabilities and liquidity characteristics of assets under the extended stress conditions, respectively. On the liability side (ASF), funding tenor and funding type and counterparty are two dimensions that must be taken into account. For example, longer-term liabilities are assumed to be more stable than short-term liabilities, and deposits or UIA from retail and small business customers are more stable than wholesale funding with the same maturity. Mostly, IBs rely on deposits and UIA provided by retail customers. These deposits and UIA are behaviorally more stable than other types of deposit. However, on the asset side (RSF), resilient credit creation, IBs behaviour, asset tenor, asset quality and liquidity value are the criteria for the appropriate amount of required stable funding. There is trade-off between these criteria. The difficulties for the IBS are lack of HQLA, unavailability of a Shari’ah-compliant repo mechanism to securitise and trade, and the absence of a secondary market.
Available Stable Funding
1. e.The amount of available stable funding (ASF) is calculated by multiplying the carrying values of funding side items by the applicable ASF factors which are based on the broad characteristics of the relative stability of an IB’s funding sources, including the contractual maturity of its liabilities and the differences in the propensity of different types of funding providers to withdraw their funding. Five categories are mentioned in this standard, IBs must first assign the carrying value of an IB’s capital and liabilities to one of the five categories as presented below. The amount assigned to each category is then multiplied by an ASF factor, and the total ASF is the sum of the weighted amounts. Carrying value represents the amount at which a liability or equity instrument is recorded before the application of any regulatory deductions, filters or other adjustments.
2. f.When determining the maturity of an equity-based or liability instrument, investors are assumed to redeem a call option at the earliest possible date in Shari’ah-compliant ways. For funding with options exercisable at the IB’s discretion, the reputational factors that may limit an IB’s ability not to exercise the option, must be taken into account. In particular, where the market expects certain liabilities to be redeemed before their legal final maturity date, IBs must assume such behaviour for the purpose of the NSFR and include these liabilities in the corresponding ASF category. For long-dated liabilities, only the portion of cash flows falling at or beyond the six-month and one-year time horizons must be treated as having an effective residual maturity of six months or more and one year or more, respectively.
3. g.RIA do not count as ASF, but retail UIA may fall into one of the categories mentioned below mostly receiving ASF factors in the 100%, the 95% or the 90% category. Sukuk issued with an effective maturity of one year or more would also qualify for a 100% ASF.
4. h.The first category of ASF is the liabilities and capital instruments receiving a 100% ASF factor. This category comprises:
  1. i.the total amount of regulatory capital, before the application of capital deductions, excluding the proportion of Tier 2 instruments with residual maturity of less than one year;
  2. ii.the total amount of any capital instrument not included in (a) that has an effective residual maturity of one year or more, but excluding any instruments with explicit or embedded options that, if exercised, would reduce the expected maturity to less than one year; and
  3. iii.the total amount of secured and unsecured funding and liabilities (including deposits and/or UIA) with effective residual maturities of one year or more. Cash flows falling below the one-year horizon but arising from liabilities with a final maturity greater than one year do not qualify for the 100% ASF factor.
5. i.The second category is the liabilities receiving a 95% ASF factor. This category comprises “stable” deposits and/or UIA with residual maturities of less than one year provided by retail and small business customers.
6. j.The third category is the liabilities of IB receiving a 90% ASF factor. It comprises “less stable” deposits and/or UIA with residual maturities of less than one year provided by retail and small business customers.
7. k.The fourth category is the liabilities receiving a 50% ASF factor which comprises:
  1. i.funding (secured and unsecured) with a residual maturity of less than one year provided by non-financial corporate customers;
  2. ii.operational accounts;
  3. iii.funding with residual maturity of less than one year from sovereigns, public sector entities (PSEs), and multilateral and national development banks; and
  4. iv.other funding (secured and unsecured) not included in the categories above with residual maturity between six months and less than one year, including funding from central banks and financial institutions.
8. l.The last category is the liabilities receiving a 0% ASF which are:
  1. i.all other liabilities and equity categories not included in the above categories, including other funding with residual maturity of less than six months from central banks and financial institutions;
  2. ii.other liabilities without a stated maturity. Two exceptions can be recognised for liabilities without a stated maturity:
    1. a.first, deferred tax liabilities, which must be treated according to the nearest possible date on which such liabilities could be realised; and
    2. b.second, minority interest, which must be treated according to the term of the instrument, usually in perpetuity.
    These liabilities would then be assigned either a 100% ASF factor if the effective maturity is one year or greater, or 50% if the effective maturity is between six months and less than one year
  3. iii.net NSFR Shari’ah-compliant hedging liabilities, and
  4. iv.“trade date” payables arising from purchases of financial instruments, foreign currencies and commodities that
    1. a.are expected to settle within the standard settlement cycle or period that is customary for the relevant exchange or type of transaction, or
    2. b.have failed to, but are still expected to, settle.
9. m.Calculation of Shari’ah-compliant Hedging Liability Amounts
  Shari’ah-compliant hedging liabilities (e.g. Islamic swaps) are calculated first based on the replacement cost for the Shari’ah-compliant hedging contracts (obtained by marking to market), where the contract has a negative value. When an eligible bilateral netting contract is in place, the replacement cost for the set of Shari’ah-compliant hedging exposures covered by the contract will be the net replacement cost.
10. n.In calculating NSFR Shari’ah-compliant hedging liabilities, collateral posted in the form of variation margin that follows Shari’ah principles in connection with Shari’ah-compliant hedging contracts as in the TMA contract, regardless of the asset type, must be deducted from the negative replacement cost amount
11. o.Required Stable Funding
  The amount of required stable funding (RSF) is calculated by multiplying the carrying values of assets and OBS exposures by the applicable RSF factors which are based on the broad characteristics of liquidity risk profile of an IB’s assets and OBS exposures. Eight categories are mentioned in this standard, IBs must first assign the carrying values of an IB’s assets to one of eight categories as presented below. The amount assigned to each category is then multiplied by an RSF factor. The total RSF is the sum of the weighted amounts of each asset category and the amount of OBS activity (or potential liquidity exposure) multiplied by its associated RSF factor.
12. p.The RSF factors assigned to various types of assets are intended to approximate the amount of a particular asset that would have to be funded, either because it will be rolled over, or because it could not be monetized through sale or used as collateral in a secured financing transaction over the course of one year without significant expense.
13. q.Asset categorisation to the various types of RSF is based on their residual maturity or liquidity value. When determining the maturity of an instrument, investors must be assumed to exercise any option to extend maturity. For assets with options exercisable at the IB’s discretion, reputational factors that may limit IB’s ability not to exercise the option must be taken into account. In particular, where the market expects certain assets to be extended in their maturity, IBs must assume such behaviour for the purpose of the NSFR and include these assets in the corresponding RSF category.
14. r.For purposes of determining its RSF, an IB must: (a) include financial instruments, foreign currencies and commodities for which a purchase order has been executed; and (b) exclude financial instruments, foreign currencies and commodities for which a sales order has been executed, even if such transactions have not been reflected in the balance sheet under a settlement-date accounting model, provided that (i) such transactions are not reflected as Shari’ah-compliant hedging contracts or secured financing transactions in the IB’s balance sheet, and (ii) the effects of such transactions will be reflected in the IB’s balance sheet when settled.
15. s.The first category is the assets assigned a 0% RSF factor and comprises:
  1. i.coins and banknotes immediately available to meet obligations;
  2. ii.all central bank reserves (including required reserves and excess reserves);
  3. iii.all claims on central banks with residual maturities of less than six months; and
  4. iv.“trade date” receivables arising from sales of Shari’ah-compliant financial instruments, foreign currencies and commodities that (i) are expected to settle within the standard settlement cycle or period that is customary for the relevant exchange or type of transaction, or (ii) have failed to, but are still expected to, settle.
16. t.The second category is the assets assigned a 5% RSF factor and comprises unencumbered Level 1 assets, excluding assets receiving a 0% RSF as specified above, and including: Sukuk and other Shari’ah-compliant marketable securities issued or guaranteed by sovereigns, central banks, public sector entities (PSEs), multilateral development banks (MDBs) or relevant international organisations which are assigned a 0% risk weight.
17. u.The third category is the assets assigned a 10% RSF factor which consist of the unencumbered financings to financial institutions with residual maturities of less than six months, where the financing is secured against Level 1 assets.
18. v.The fourth category is the assets assigned a 15% RSF factor which comprise:
  1. i.unencumbered Level 2A assets, including: (i) Sukuk and other Shari’ah-compliant marketable securities issued or guaranteed by sovereigns, central banks, PSEs, MDBs or relevant international organisations, which are assigned a 20% risk weight based on standardized approach as implemented in the UAE; and (ii) corporate Sukuk with a credit rating equal or equivalent to at least AA–; and
  2. ii.all other unencumbered financings to financial institutions with residual maturities of less than six months not included in the second category.
19. w.The fifth category is the assets assigned a 50% RSF factor which comprise:
  1. i.unencumbered Level 2B assets as defined and subject to the conditions set forth in paragraph 31, including: (i) Sukuk and other Shari’ah-compliant securities backed by commodity(ies) and other real asset(s) with a credit rating of at least AA; (ii) corporate Sukuk and other Shari’ah-compliant securities with a credit rating of between A+ and BBB–; and (iii) Shari’ah-compliant equity shares not issued by financial institutions or their affiliates;
  2. ii.any HQLA as defined in the LCR that are uncumbered for a period of between six months and less than one year;
  3. iii.all financings to financial institutions and central banks with a residual maturity of between six months and less than one year; and
  4. iv.deposits or UIA held at other financial institutions for operational purposes that are subject to the 50% ASF factor;
  5. v.all other non-HQLA not included in the above categories that have a residual maturity of less than one year, including financing to non-financial corporate clients, financings to retail customers (ie natural persons) and small business customers, and financings to sovereigns and PSEs.
20. x.The sixth category is the assets assigned a 65% RSF factor which comprise:
  1. i.unencumbered residential real estate financing with a residual maturity of one year or more that would qualify for a 35% or lower risk weight based on standardized approach as implemented in the UAE; and
  2. ii.other unencumbered financing not included in the above categories, excluding financing to financial institutions, with a residual maturity of one year or more that would qualify for a 35% or lower risk weight based on standardized approach as implemented in the UAE.
21. y.The seventh category is the assets assigned an 85% RSF factor which comprise:
  1. i.cash, securities or other assets posted as initial margin for Shari’ah-compliant hedging contracts and cash or other assets provided to contribute to the default fund of a central counterparty;
  2. ii.other unencumbered Sukuk and other Shari’ah-compliant securities with a remaining maturity of one year or more and Shari’ah-compliant equity shares, that are not in default and do not qualify as HQLA according to the LCR;
  3. iii.other unencumbered performing financing assets that do not qualify for the 35% or lower risk weight based on standardized approach as implemented in the UAE and have residual maturities of one year or more, excluding financing to financial institutions;
  4. iv.physical traded commodities
22. z.The last category is the assets assigned a 100% RSF factor, which comprise:
  1. i.all assets that are encumbered for a period of one year or more;
  2. ii.net NSFR Shari’ah-compliant hedging assets as calculated according to this standard
  3. iii.all other assets not included in the above categories, including non-performing financing, financing to financial institutions with a residual maturity of one year or more, non-exchange-traded Shari’ah-compliant equities, fixed assets, items deducted from regulatory capital, insurance assets, and defaulted Shari’ah-compliant securities; and
  4. ii.20% of Shari’ah-compliant hedging liabilities (i.e. negative replacement cost amounts) as calculated according to this standard (before deducting variation margin posted).
1. aa.Encumbered Assets
  Assets on the balance sheet that are encumbered for one year or more receive a 100% RSF factor. Assets encumbered for a period of between six months and less than one year that would, if unencumbered, receive an RSF factor lower than or equal to 50% receive a 50% RSF factor. Assets encumbered for between six months and less than one year that would, if unencumbered, receive an RSF factor higher than 50% retain that higher RSF factor. Where assets have less than six months remaining in the encumbrance period, those assets may receive the same RSF factor as an equivalent asset that is unencumbered.
2. bb.Secured Financing Transactions
  For secured funding arrangements, use of balance sheet and accounting treatments must generally result in IBs excluding, from their assets, Shari’ah-compliant securities which they have used in securities financing transactions where they do not have beneficial ownership. Where IBs have encumbered securities in Shari’ah-compliant repos or other securities financing transactions, but have retained beneficial ownership and those assets remain on the IBs’ balance sheet, the IB must allocate such securities to the appropriate RSF category.
3. cc.Securities financing transactions with a single counterparty may be measured net when calculating the NSFR only where a valid netting agreement exists or when the inflow and outflow occurs within the same business day.
4. dd.Calculation of Shari’ah-compliant Hedging Asset Amounts
  Shari’ah-compliant hedging assets (e.g. Islamic swaps) are calculated first based on the replacement cost for the Shari’ah-compliant hedging contracts (obtained by marking to market), where the contract has a positive value. When an eligible bilateral netting contract is in place, the replacement cost for the set of Shari’ah-compliant hedging exposures covered by the contract will be the net replacement cost.
5. ee.In calculating NSFR Shari’ah-compliant hedging assets, collateral received in connection with Shari’ah-compliant hedging contracts may not offset the positive replacement cost amount, regardless of whether or not netting is permitted under the IB’s operative accounting or risk-based framework, unless it is received in the form of cash variation margin. Any remaining balance sheet liability associated with initial margin received may not offset Shari’ah-compliant hedging assets and must be assigned a 0% ASF factor.
6. ff.Interdependent Assets and Liabilities
  Central Bank in limited circumstances may determine whether certain asset and liability items, on the basis of contractual arrangements, are interdependent such that the liability cannot fall due while the asset remains on the balance sheet, the principal payment flows from the asset cannot be used for something other than repaying the liability, and the liability cannot be used to fund other assets. For interdependent items, supervisors may adjust RSF and ASF factors so that they are both 0%, subject to the following criteria:
  a) The individual interdependent asset and liability items must be clearly identifiable.
  b) The maturity and principal amount of both the liability and its interdependent asset must be the same.
  c) The bank is acting solely as a pass-through unit to channel the funding received (the interdependent liability) into the corresponding interdependent asset.
  d) The counterparties for each pair of interdependent liabilities and assets must not be the same.
7. gg.Off-balance Sheet Exposures (OBS)
  Off-balance sheet exposures also attract RSF factors. Many potential OBS liquidity exposures require little direct or immediate funding but can lead to significant liquidity drains over a longer time horizon. The NSFR assigns an RSF factor to various OBS activities in order to ensure that Islamic Bank hold stable funding for the portion of OBS exposures that may be expected to require funding within a one-year horizon.
8. hh.Consistent with the LCR, the NSFR identified OBS exposure categories based broadly on whether the commitment is a credit or liquidity facility or some other contingent funding obligation.

Article (7) Reporting Requirements
1. a.All IBs are required to report their liquidity position to the Central Bank in accordance with ELAR and ASRR reporting requirements as issued by the Central Bank.
2. b.Those IBs approved to move to LCR and NSFR will be required to report their liquidity position to the Central Bank in a form and manner prescribed by the Central Bank.
3. c.Banks may also be required to provide the Central Bank with ad hoc reports on liquidity, as and when requested to do so.

Article (8) Compliance with the Standard
1. 8.1 IBs must comply with the requirements stated in this Standard as per the Article No. 5 and 6. During the transition, IBs must comply with the existing and enforced Central Bank’s requirements.
2. 8.2 The Regulatory Development Division of the Central bank shall be the reference for interpretation of the provisions of this Standard.

Advances to Deposits Ratio
It has been decided to amend the advances to deposits ratio regulation introduced by the then Currency Board in 1977. The purpose of this is to late the said ratio more specifically to the measurement of liquidity.
Accordingly, all banks in the U.A.E. will have to maintain a ratio not higher than 1:1 between :-
– On one hand, the amount of loans and advances together with the amount of interbank placements with a remaining life of more than 3 months and,
– on the other hand, the amount of stable resources comprising of : free own funds, interbank deposits received with a remaining life of more than six months and stable customer deposits.
Local and foreign banks have to abide by the above ratio for their operations in the U.A.E. However, those local banks with branches abroad should also comply with the same rule on a worldwide consolidated basis.*
Local banks may also be requested to include banking subsidiaries and affiliates abroad in their worldwide consolidated position. This will be determined on a case-by-case basis after consultation with the concerned banks.

For the purpose of calculating the ratio the following will apply :-
– Loans and Advances:
Loans and advances include all kinds of outstanding advances to government, public sector, corporate and individual borrowers; the figure is taken into account net of provisions for bad and doubtful debts and interest in suspense.
– Interbank placements:
Interbank placements include any amount, in whatever currency, with a remaining life of more than 3 months due from other banks in the U.A.E. or abroad, from branches abroad or from head office; placements that are regularly rolled over are included if the final maturity leaves a remaining life of more than 3 months.
However, placements having a remaining life of between 3 and 6 months are not included if they are matched in maturity by an interbank deposit; CDs issued by the UAE Central Bank are not included either, whatever be their remaining life.
– Free own funds consist of total own funds as defined by circular no.202 dated 7.6.1983, including the total amount of subordinated loan and, in case of foreign banks, the total amount of funds deposited by head office that cannot be withdrawn without Central Bank authorization.
Less:
– fixed assets,

– funds allocated to branches abroad, when looking at the UAE position of a local bank,

– investments in subsidiaries and affiliates,

– non-marketable securities (BSD-3 item 8.3.1 to 8.3.4),

– goodwill,

– own shares held by the bank,
if the free own funds, as defined above, show a negative figure, this will be deducted from the stable resources.

– Interbank deposits:
Interbank deposits received include any amount, in whatever currency, due to other banks in the U.A.E. or abroad, to head office or to branches abroad, with a remaining life of more than six months.

Customer deposits:
Customer deposits include all kinds of deposits from government, public sector, corporate and individual depositors, in whatever currency. They also include :-
– CDs issued by the bank itself,
– refinancing of real estate loans in the U.A.E.,
– refinancing of loans and advances obtained abroad from the concerned Central Bank or official refinancing authority by foreign branches of U.A.E. incorporated banks, under the condition that such refinancing can be considered renewable and stable.
The estimated stable portion of customer deposits as defined above includes :-
1) 100% of refinancing obtained in the U.A.E. and abroad;
2) 100% of all deposits with a remaining life of more than six months;
3) 85% of all other deposits.
However, the Central Bank reserves the right to fix lower percentages in the case of banks the deposits of which appear particularly volatile, especially where concentration is abnormally high. Such lower percentages would be determined on a case-by-case basis after consultation with the concerned banks.
Banks are expected to comply with the ratio at all times. In addition to random checkings, compliance will be verified on a quarterly basis from the various forms that are already regularly supplied to the Central Bank (BRF-1, BSD-3, MA-1). However, those local banks with branches abroad are requested to fill in a new Maturity Analysis Form 2 (MA-2), to be sent shortly, regarding their worldwide consolidated position as at the end of March, June, September and December.*
Banks that would not fall within the maximum authorized limit are requested to work towards a reduction of their loans and advances and interbank placements and/or towards an increase of their stable resources. The Central Bank may impose on those banks that would still be above the limit after the 31st December 1986 an interest free reserve requirement of 2% of the shortfall in stable resources.
Please note that compliance with the above ratio will be verified for the first time from Banking Return Forms as at 30th September, 1986.
Yours faithfully,
(*)Excess of stable resources available in countries from which funds cannot be transferred because of exchange control regulation will not be taken into account for the purpose of computing the worldwide consolidated ratio.

BSD: FM

Risk Management

Risk Management Regulation and Standards

Risk Management Regulation
C 153/2018 Effective from 27/6/2018

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, banks are required to have a comprehensive approach to risk management, including Board and Senior Management oversight, to ensure their resiliency and enhance overall financial stability.
Risk management, together with internal audit and compliance, comprise key control functions in a bank. The control functions have a responsibility, independent of the management of the bank’s business lines, to provide objective assessment, reporting and/or assurance. The control functions are an essential foundation for effective corporate governance, which is the set of relationships between the bank’s management, board, shareholders and other stakeholders. Collectively these comprise the structure through which the objectives of the bank are set, the means of attaining those established objectives and the monitoring of performance against the established objectives.
In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that banks’ approaches to risk management are in line with leading international practices.
This Regulation and the accompanying Standards establish an overarching prudential framework for risk management. Standards and supervisory expectations for selected specific risks are, or will be, established in other Central Bank regulations.
This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where this Regulation, or the accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements, which are additional to the list provided in the relevant article.

Objective
The objective of this Regulation is to establish the minimum acceptable standards for Banks’ comprehensive approach to risk management with a view to:
i. Ensuring the soundness of banks; and
ii. Contributing to financial stability.
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to risk management.

Scope of Application
This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with significant group relationships, including subsidiaries, affiliates, or international branches, must ensure that the Regulation and Standards are adhered to on a solo and group-wide basis.

Article 1: Definitions
1. Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
2. Bank: A financial entity that is authorized by the Central Bank to accept deposits as a bank.
3. Board: The Bank’s board of directors.
4. Central Bank: The Central Bank of the United Arab Emirates.
5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
6. Central Bank regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
7. Group: A group of entities that includes an entity (the 'first entity') and:
  1. any Parent of the first entity;
  2. any Subsidiary of the first entity or of any Parent of the first entity; and
  3. any Affiliate.
8. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
9. Parent: An entity (the 'first entity') which:
  1. holds a majority of the voting rights in another entity (the 'second entity');
  2. is a shareholder of the second entity and has the right to appoint or remove a majority of the board of directors or managers of the second entity; or
  3. is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity.
    
    Or;
  4. if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
10. Risk appetite: The aggregate level and types of risk a bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
11. Risk limits: Specific quantitative measures that must not be exceeded based on, for example, forward looking assumptions that allocate the bank’s aggregate risk appetite to business lines, legal entities or management units within the bank or group in the form of specific risk categories, concentrations or other measures as appropriate.
12. Risk profile: Point in time assessment of the bank’s gross (before the application of any mitigants) or net (after taking into account mitigants) risk exposures aggregated within and across each relevant risk category based on current or forward-looking assumptions.
13. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risk limits relative to the bank’s strategy; and identify, measure, manage and control risks.
14. Risk management function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on a bank-wide and, if applicable, group-wide basis.
15. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
16. Subsidiary: An entity (the 'first entity') is a subsidiary of another entity (the 'second entity') if the second entity:
  1. holds a majority of the voting rights in the first entity;
  2. is a shareholder of the first entity and has the right to appoint or remove a majority of the board of directors or managers of the first entity; or
  3. is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity.
    
    Or;
  4. if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.

Article 2: Risk Governance Framework
1. A Bank must have an appropriate risk governance framework that provides a bank-wide and, if applicable, group-wide view of all material risks. This includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report and control or mitigate material sources of risk on a timely basis. A bank’s definition and assessment of material risks must take into account its risk profile, nature, size and complexity of its business and structure.
2. The Board is in ultimate control of the Bank and bears ultimate responsibility for ensuring that there is a comprehensive risk governance framework appropriate to the risk profile, nature, size and complexity of the Bank’s business and structure.
3. The risk governance framework must, at a minimum, provide for the following items:
  1. A board-approved risk appetite statement including limits for all relevant risk categories and risk concentrations;
  2. Documentation of the roles and responsibilities of the different parts of the Bank involved in managing risk;
  3. Policies and procedures to ensure that all material risks are identified, measured, managed, mitigated and reported upon in a timely and comprehensive manner; and
  4. Contingency arrangements such as business continuity plans and contingency funding plans for risks that may materialize in stress situations.
4. The risk-governance framework, in addition to the risk management function, must include adequately resourced compliance and internal audit functions to assess bank-wide, or if applicable, group–wide adherence, to relevant legislation, policies and procedures and to provide independent assurance regarding the implementation and effectiveness of risk management policies, procedures, systems and controls.
5. Senior Management is responsible for the implementation of sound policies, effective procedures and robust systems consistent with the board-approved risk governance framework. The Board remains ultimately accountable, notwithstanding specific responsibilities delegated to Senior Management.

Article 3: Risk Management Function
1. A Bank must have an adequately resourced Risk Management Function headed by a chief risk officer or equivalent. The function must be independent of the management and decision-making of the Bank’s risk-taking functions and have a direct reporting line to the Board or a board risk committee.
2. The Risk Management Function must include policies, procedures, systems and controls for monitoring and reporting risk and to ensure that risk exposures are aligned with the Bank’s strategy and business plan and consistent with the board-approved risk appetite statement and individual risk limits.
3. Exceptions to the Bank’s risk management policies, procedures or limits must be immediately addressed by the appropriate level of management or the Board.
4. A Bank must immediately notify the Central Bank when it becomes aware of a significant deviation from its board-approved risk appetite statement, risk management policies or procedures, or that a material risk has not been adequately addressed.

Article 4: Risk Measurement & Use of Models
1. A Bank must have systems to measure and monitor risk which are commensurate with the risk profile, nature, size and complexity of its business and structure.
2. The Board must have sufficient expertise to understand and oversee the risk measurement systems including any use of models.
3. Where a Bank uses models to measure components of risk, it must have appropriate internal processes for the development and approval for use of such models and must perform regular and independent validation and testing of the models. The Board remains ultimately accountable whether the approval for use of models is provided by the Board or through authority delegated to management.

Article 5: Stress Testing of Material
1. 1. A Bank must implement a forward-looking stress-testing program as part of its comprehensive approach to risk management. Extreme, but plausible, adverse scenarios for a range of material risks must be included in the stress-testing program, commensurate with the size of the Bank’s risk exposures. The results of the stress-testing program must be reflected on an ongoing basis in the Bank’s risk management, including contingency planning and the Bank’s internal assessment of its capital and liquidity.
2. A Bank’s internal process for assessing capital and liquidity requirements must take into account the nature and level of risks taken by the Bank. In addition to the specific risks identified in the Central Bank Capital Adequacy and Liquidity Regulations and Standards, a Bank must consider all other material risks.

Article 6: Information Systems and Internal Reporting
A Bank must have information systems that enable it to measure, assess and report on the size, composition and quality of risk exposures on a bank-wide and where applicable group-wide, basis across all risk types, products and counterparties. Reports must be provided on a timely basis to the Board and Senior Management, in formats suitable for their use and understanding.

Article 7: Strategic & Operational Decisions
1. A Bank must have adequate policies and procedures to ensure that the risks inherent in strategic or major operational initiatives such as changes in systems, business models, or acquisitions are identified, understood and mitigated to the extent possible. At a minimum, policies and procedures must require:
  1. Approval by the Board, or a board committee, of strategic and major operational decisions; and
  2. Reporting that enables the Board and Senior Management to monitor and manage these risks on an ongoing basis.
2. Policies and procedures must establish appropriate levels of approval authority for introducing new products and material modifications to existing products. The Board remains ultimately accountable notwithstanding any delegation of approval authority to Senior Management. At a minimum, policies and procedures must ensure:
  1. Assessment of the risks and determination that the Bank’s control functions and systems are adequate to measure and mitigate the risks; and
  2. Reporting that enables the Board and Senior Management to monitor and manage these risks on an ongoing basis.
3. A Bank must appropriately account for risks in its internal pricing, performance measurement and new product approval process, for all significant business activities.

Article 8: Group Risk Management
1. Banks, for which the Central Bank is the primary regulator, who have significant group relationships including subsidiaries, affiliates, or international branches, must develop and maintain processes to coordinate the identification, measurement, evaluation, monitoring, reporting and control or mitigation of all internal and external sources of material risk across the group. The process must provide the Board with a solo and group-wide view of all material risks including the roles and relationships of other group entities to one another and to the Bank.
  
  The methods and procedures applied by subsidiaries, affiliates and international branches must support risk management on a group-wide basis. Banks must conduct group-wide risk management and prescribe group policies and procedures, while the boards and Senior Management of subsidiaries and affiliates must have input with respect to the local or regional application of these policies and procedures and the assessment of local or regional risks.
2. Where the Central Bank is not the primary regulator of a bank that is part of a Group and any element of its comprehensive approach to risk management is controlled or influenced by another entity in the group, the bank’s risk governance framework must specifically take into account risks arising from the Group relationship and clearly identify:
  1. Linkages and any significant differences between the Bank’s and the Group’s risk governance framework;
  2. Whether the bank’s risk management function is derived wholly or partially from Group risk management functions; and
  3. The process for monitoring by, or reporting to, the Group on risk management.

Article 9: Disclosure
1. A Bank must make publicly available, including through publication in its annual report and on its website, information on its Risk Governance Framework and the nature and extent of its risk exposures.

Article 10: Islamic Banking
1. A bank offering Islamic financial services must ensure that its approach to risk management incorporates appropriate measures to comply with Sharī’ah provisions.
2. A bank offering Islamic financial services must ensure that its risk governance framework addresses the potential risk exposures arising from Islamic financing instruments with respect to credit, market and liquidity risks as well as equity investment risk and rate of return risk and the operational and reputational risks from failure to adhere to Sharī’ah provisions.

Article 11: Enforcement
1. Violation of any provision of this Regulation and the accompanying Standards may be subject to supervisory action as deemed appropriate by the Central Bank.

Article 12: Interpretation of Regulation
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article 13: Cancellation of Previous Notices
1. This Regulation and the accompanying Standards replace all previous Central Bank regulations with respect to risk management.

Article 14: Publication and Application
1. This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English and must come into effect one month from the date of publication.

Risk Management Standards
C 153-2018 STA Effective from 27/6/2018

Introduction
1. 1. These Standards form part of the Risk Management Regulation. All banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.
2. 2. A bank's board of directors is in ultimate control of the bank and accordingly, ultimately responsible for the bank’s comprehensive approach to risk management. There is no one-size-fits-all or single best solution. Accordingly, each bank could meet the minimum requirements of the Regulation and Standards in a different way and thus may adopt an organisational framework appropriate to the risk profile, nature, size and complexity of its business and structure. The onus is on the Board to demonstrate that it has implemented a comprehensive approach to risk management. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards¹.
3. 3. The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.
¹ The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited in the Standards.

Article 1: Definitions
1. 1. Affiliate: An entity that, directly or indirectly, controls, is controlled by or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity or of the power to direct or cause the direction of the management of another entity.
2. 2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.
3. 3. Board: The Bank’s board of directors.
4. 4. Central Bank: The Central Bank of the United Arab Emirates.
5. 5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
6. 6. Central Bank regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
7. 7. Group: A group of entities that includes an entity (the 'first entity') and:
  1. a. any Parent of the first entity;
  2. b. any Subsidiary of the first entity or of any Parent of the first entity; and
  3. c. any Affiliate.
8. 8. Parent: An entity (the 'first entity') which:
  1. a. holds a majority of the voting rights in another entity (the 'second entity');
  2. b. is a shareholder of the second entity and has the right to appoint or remove a majority of the Board or managers of the second entity; or
  3. c. is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity;
    Or;
  4. d. if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
9. 9. Risk appetite: The aggregate level and types of risk a bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
10. 10. Risk capacity: The maximum amount of risk a bank is able to assume given its capital base, risk management and control measures, as well as its regulatory constraints.
11. 11. Risk culture: A bank’s norms, attitudes and behaviors related to risk awareness, risk taking and risk management and controls that shape decisions on risks, influence the decisions of management and employees during day-to-day activities and is reflected in the risks they assume.
12. 12. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the board and management establish and make decisions about the bank’s strategy and approach to risk management; articulate and monitor adherence to the risk appetite and risks limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
13. 13. Risk limits: Specific quantitative measures that must not be exceeded based on, for example, forward looking assumptions that allocate the bank’s aggregate risk appetite to business lines, legal entities or management units within the bank or group in the form of specific risk categories, concentrations or other measures as appropriate.
14. 14. Risk management function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on a bank and, if applicable, group-wide basis.
15. 15. Risk profile: Point in time assessment of the bank’s gross (before the application of any mitigants) or net (after taking into account mitigants) risk exposures aggregated within and across each relevant risk category based on current or forward-looking assumptions.
16. 16. Senior management: The executive management of the bank responsible and accountable to the board for the sound and prudent day-to-day management of the bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
17. 17. Subsidiary: An entity (the 'first entity') is a subsidiary of another entity (the 'second entity') if the second entity:
  1. a. holds a majority of the voting rights in the first entity;
  2. b. is a shareholder of the first entity and has the right to appoint or remove a majority of the board or managers of the first entity; or
  3. c. is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity;
    Or;
  4. d. if the first entity is a subsidiary of another entity that is itself a subsidiary of the second entity.

Article 2: Risk Governance Framework
1. 1. A bank must establish, implement and maintain a risk governance framework that enables it to identify, assess, monitor, mitigate and control risk. The risk governance framework consists of policies, processes, procedures, systems and controls.
2. 2. The risk governance framework must be documented and approved by the Board and must provide for a sound and well-defined framework to address the bank's risks.
3. 3. The risk governance framework will vary with the specific circumstances of the bank, particularly the risk profile, nature, size and complexity of its business and structure. A bank must incorporate the following minimum elements into its risk governance framework or demonstrate to the Central Bank that its framework meets the requirements for a comprehensive approach to risk management without the presence of all of the elements set out below:
  1. a. Board: the board must approve, maintain and oversee the bank’s risk governance framework, including the risk appetite statement, risk limits by legal entity, business line or management units consistent with the risk appetite statement and policies and procedures to implement a comprehensive approach to risk management.
  2. b. Board risk committee: pursuant to a charter or terms of reference approved by the board, the board risk committee must (a) review and recommend the establishment of and revisions to the bank’s risk governance framework and (b) oversee its implementation by senior management.
  3. c. Board audit committee: pursuant to a charter or terms of reference approved by the Board, the board audit committee must oversee the independent assessment of the risk governance framework by the internal audit function and the internal audit function’s independent assessment of implementation of the bank’s comprehensive approach to risk management.
  4. d. Management risk committee: the management risk committee must develop and recommend the overall risk strategy, the risk governance framework and the risk appetite statement to the board or to the board risk committee and must be accountable for an effective bank-wide approach to risk management and for the communication of the comprehensive approach to risk management across the bank.
  5. e. Risk management function: headed by the chief risk officer (CRO) or equivalent, the risk management function must develop metrics relevant to the risk appetite statement, monitor and report on the risk metrics, escalate breaches and conduct stress tests.
  6. f. Compliance function: the compliance function must verify that compliance policies are observed and must report to senior management or the board, as appropriate, on how the bank is managing its compliance risk.
  7. g. Internal audit function: the internal audit function must provide independent assurance to the board and senior management on the quality and effectiveness of a bank’s internal control and risk management policies, procedures and systems, including measurement methodologies and assumptions. It reports directly to the board audit committee.
  8. h. Business line management: must receive and operationalize risk limits, establish procedures to identify and control risks including monitoring and escalation of breaches and report on risk metrics.
4. 4. In defining and assessing risks, a bank must consider both the probability of the risk materializing and its potential impact on the bank. In assessing the potential impact of a risk, a bank must assess factors including but not limited to: (a) potential disruption of the bank’s business operations; (b) effect on profitability, liquidity, capital adequacy and regulatory compliance; and (c) ability of the bank to meet its obligations to its customers or other counterparties.
5. 5. A Bank’s risk governance framework must address all material risks, which, at a minimum, must include the following items:
  1. a. Credit risk;
  2. b. Market risk;
  3. c. Liquidity risk
  4. d. Operational risk;
  5. e. Risks arising from its strategic objectives and business plans; and
  6. f. Other risks that singly, or in combination with different risks, may have a material impact on the bank.
6. 6. A Board is responsible for the implementation of an effective risk culture and internal controls across the bank and its subsidiaries, affiliates and international branches. The board approved risk governance framework must incorporate a “three lines of defense” approach including senior management of the business lines, the control functions of risk management and compliance and an independent and effective internal audit function:
  1. a. Business line management - identification and control of risks
    1. i. Manage and identify risks in the activities of the business line;
    2. ii. Ensure activities are within the bank’s risk appetite, risk management policies and limits;
    3. iii. Design, implement and maintain effective internal controls; and
    4. iv. Monitor and report on business line risks.
  2. b. Risk management function - sets standards and challenges business lines
    1. i. Headed by the CRO or equivalent;
    2. ii. Establish bank-wide or, if applicable, group-wide risk and control strategies and policies;
    3. iii. Provide oversight and independent challenge of business line accountabilities;
    4. iv. Develop and communicate risk and control procedures; and
    5. v. Monitor and report on compliance with risk appetite, policies and limits.
  3. c. Compliance function - assess bank-wide adherence to requirements
    1. i. Develop and communicate compliance policies and procedures; and
    2. ii. Monitor and report on compliance with laws, corporate governance rules, regulations, regulatory codes and policies to which the bank is subject.
  4. d. Internal audit function - independent assurance
    1. i. Independently assess the effectiveness and efficiency of the internal control, risk management and governance systems and processes; and
    2. ii. Independently assess the effectiveness of business line management in fulfilling their mandates and managing risk.
7. 7. The Board must ensure that the risk management, compliance and internal audit functions are properly staffed and resourced and carry out their responsibilities independently and effectively. This includes unrestrained access to all kinds of information needed for the risk management, compliance and internal audit functions to fulfil their tasks.
8. 8. The Board must review policies annually and controls on a regular basis with senior management and with the heads of the risk management, compliance and internal audit functions to identify and address significant risks and issues, as well as determine areas that need improvement.
9. 9. The Board must provide oversight of senior management. It must hold members of senior management accountable for their actions and enumerate the consequences if those actions are not aligned with the board’s expectations. This includes adhering to the bank’s values, risk appetite and risk culture, regardless of financial gain or loss to the bank.
10. 10. Senior management must implement, consistent with the direction given by the board, policies, procedures, systems and controls for managing the risks to which the bank is exposed and for complying with laws, Central Bank regulations and internal policies. This includes comprehensive and independent risk management, compliance and audit functions, as well as an effective overall system of internal controls.
11. 11. Senior management must provide the board with the information it needs to carry out its responsibilities, including the supervision of senior management and assessment of the quality of senior management’s performance.

Risk Appetite Statement
1. 12. The risk appetite statement is a written articulation of the aggregate level and types of risk that a bank will accept or avoid in order to achieve its business objectives. At a minimum, it must include the following items:
  1. a. For each material risk, the maximum level of risk that the bank is willing to operate within, expressed as a limit in terms of:
    1. i. Quantitative measures expressed relative to earnings, capital, liquidity or other relevant measures as appropriate; and
    2. ii. Qualitative statements or limits as appropriate, particularly for reputation, compliance and legal risks.
  2. b. Delineation of any categories of risk the bank is not prepared to assume;
  3. c. The process for ensuring that risk limits are set at an appropriate level for each risk, considering both the probability of loss and the magnitude of loss in the event that each material risk is realized;
  4. d. The process for monitoring compliance with each risk limit and for taking appropriate action in the event that it is breached; and
  5. e. The timing and process for review of the risk appetite and risk limits.
2. 13. Quantitative risk limits and metrics may include, but are not limited to:
  1. a. Capital targets beyond regulatory requirements, such as economic capital or capital-at-risk;
  2. b. Various liquidity ratios and survival horizons;
  3. c. Net interest income volatility;
  4. d. Earnings-at-risk;
  5. e. Value at risk (VaR);
  6. f. Risk concentrations by internal or external rating;
  7. g. Expected loss ratios;
  8. h. Growth ceilings by asset type, business line or type of exposure;
  9. i. Economic value added; and
  10. j. Stressed targets for capital, liquidity and earnings.

Policies and Procedures
1. 14. A bank must have a board approved risk management policy, which includes identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating all internal and external sources of material risk. The overarching risk management policy document must reflect an understanding of the risks arising from the bank’s business activities and the relationships among those risks.
2. 15. A bank’s documented policies and procedures for risk management must, at a minimum, address the following:
  1. a. Details of board oversight of risk management, including regular review of risk management policies, review and approval of the risk appetite statement and regular and ad hoc reporting on risk management by senior management, the risk management function, compliance function and internal audit to the Board or committee of the board;
  2. b. The role and responsibilities of the board risk committee, documented through an appropriate charter or terms of reference;
  3. c. A process for the identification of material risks, which is likely to be undertaken by a senior management committee overseen by the Board or board risk committee;
  4. d. A process for ensuring there is a bank-wide or, if applicable, group-wide view that includes identifying, measuring, evaluating, monitoring and controlling risks and that the risk culture is disseminated throughout the bank or, if applicable group, which will involve senior executives, often through a management risk committee or other senior executive committee, as well as the risk management function;
  5. e. Establishment of an effective control environment including measures embedded in the business lines such as delegated levels of authority, segregation of duties and physical controls such as dual custody, as well as the role of the risk management function in setting standards and challenging the business lines, an independent compliance function to monitor adherence to legal and regulatory requirements as well as internal compliance policies and internal audit to provide independent assurance; and
  6. f. Ensuring that the bank’s data architecture and information technology systems adequately support the bank’s comprehensive approach to risk management with timely and accurate reporting in readily usable formats.
3. 16. A bank must have an appropriate level of granularity in its policies and procedures. Smaller banks with minimal trading activities may address market risks in a single set of policies and procedures, while larger and more complex banks must address market risks in detailed policies and procedures for individual types of market risk. A bank that outsources functions must have specific risk management policies and procedures related to the outsourcing.

Internal Capital Adequacy Assessment Process (ICAAP)
1. 17. A bank must have a formal documented process for assessing its overall capital adequacy in relation to its risk profile and a strategy for maintaining its capital levels above regulatory minimum requirements. The assessment must be documented and submitted annually to the Central Bank for review (ICAAP Report).
2. 18. A bank must demonstrate the following in its documented ICAAP:
  1. a. Board and senior management oversight;
  2. b. Elements of a sound capital assessment process. This includes policies and procedures designed to ensure that the bank identifies, measures and reports all material risks, policies and procedures relating to capital and capital adequacy goals to the level of risk and policies and procedures for internal control to ensure the integrity of the overall management process;
  3. c. Comprehensive assessment of risks; notably credit, market, operational, interest rate, concentration, liquidity and other;
  4. d. Monitoring and reporting of risk exposure and related capital needs; and
  5. e. Internal control review, including the role of internal and external audit where appropriate.

Article 3: Risk Management Function
1. 1. The head of the risk management function, the CRO or equivalent, must be of sufficient seniority and stature within the bank, to credibly challenge the heads of business lines and functions. The risk management function is responsible for assisting the Board, board committees, executive committee (including the credit committee) and senior management to develop and maintain the risk governance framework.
2. 2. Appointment or dismissal of the CRO must be approved by the Board or board risk committee. If the CRO is removed, the bank must immediately advise the Central Bank of the reasons for such a removal.
3. 3. The CRO, or equivalent, must:
  1. a. Not have a decision-making role in the bank’s risk-taking functions, including credit underwriting, or the finance function;
  2. b. Have no revenue-generating responsibilities;
  3. c. Not have remuneration based on the performance of any of the bank’s risk-taking functions;
  4. d. Not be the chief executive of the bank, or head of the finance, compliance or internal audit function;
  5. e. Have a direct reporting line to the Board or board risk committee and appropriate reporting lines to senior management; and
  6. f. Have unfettered access directly to the board risk committee, including the ability to meet without other senior executives present.
4. 4. Key activities of the risk management function must include, but are not limited to:
  1. a. Identifying material individual, aggregate and emerging risks;
  2. b. Assessing these risks and measuring the bank’s exposure to them;
  3. c. Supporting the Board in its implementation, review and approval of the bank-wide or if applicable, group-wide risk governance framework;
  4. d. Ongoing monitoring to ensure risk-taking activities and risk exposures are in line with the board-approved risk appetite, risk limits and corresponding capital or liquidity needs;
  5. e. Establishing an early warning or trigger system as part of ongoing monitoring to ensure that breaches of the board-approved risk appetite and risk limits are reported on a timely basis to senior management, the Board or board risk-committee as required by board-approved policies;
  6. f. Influencing and, when necessary, challenging material risk decisions; and
  7. g. Reporting to senior management and the Board or board risk committee in accordance with the risk governance framework.

Article 4: Risk Measurement and Use of Models
1. 1. A bank must use risk measurement methodologies commensurate with the risk profile, nature, size and complexity of the business and the structure of the bank. These could include VaR analysis, scenario analysis and stress testing and single counterparty and concentration limits. Common metrics must be employed on a bank (or group)-wide basis to foster a bank (or group)-wide approach and effective identification and monitoring of risks across the Bank (or Group).
2. 2. Risk measurement and modeling techniques must be used in addition to qualitative risk analysis and monitoring. The comprehensive approach to risk management must include policies and procedures for the development and internal approval for use of models or other risk measurement methodologies. Where the models, or data for the models, are supplied by a third party, there must be a process for validation of the model and data relative to the specific circumstances of the bank.
3. 3. A bank must perform regular validation and testing of models. This must include evaluation of conceptual soundness, ongoing monitoring including process verification and benchmarking and outcomes analysis, including back-testing. Stress-testing and scenario analysis must be used to take into account the risk of model error and the uncertainties associated with valuations and concentration risks. Widely recognized weaknesses in VaR such as dependence on historical data and inadequate volatility estimates must be explicitly addressed by banks in developing and implementing VaR methodologies. Banks employing VaR or other model methodologies must regularly back-test actual performance against model predictions and adjust their methodologies in light of experience.
4. 4. Model-based approaches must be supplemented by other measures. These include qualitative assessment of the logic, judgment and types of information used in models as well as assessments of policies, procedures, risk limits and exposures, especially with respect to difficult to quantify risks such as operational, compliance and reputational.

Article 5: Stress-Testing of Material Risks
1. 1. A bank must have a forward looking stress testing program that addresses credit, market and operational risk with the bank taking into account that its risk profile is likely to require capital in excess of the minimum capital requirements. The stress testing program must also include any risk that is material for the bank given the nature of its business. These may include but are not limited to: concentration risk; interest rate risk in the banking book; liquidity risk; currency risk; reputation and compliance risks; contagion risk; country and transfer risks; legal risk; and strategic risk.
2. 2. The requirement for a bank to use stress tests and scenario analysis to better understand potential risk exposures under a variety of adverse circumstances is common to both the risk governance framework and ICAAP. A bank must have a comprehensive approach to stress-testing that meets its ICAAP and other risk management requirements. Stress-testing within business lines can be a useful part of the program, however, there must be a means to capture correlations across business lines and obtain a bank-wide or, if applicable, a group-wide overview of performance in stress scenarios.
3. 3. A bank’s stress-testing program must be undertaken on a regular basis to facilitate the tracking of trends over time and developments in key risk factors and exposure amounts, in addition to ad hoc stress tests as required. The program must cover a range of scenarios based on reasonable assumptions regarding dependencies and correlations. Senior management and, as applicable, the Board or board risk committee must review and approve the scenarios. The specifics of the program must be tailored to the risk exposures of the bank and, at a minimum, must take into account the following factors:
  1. a. Bank and Group-specific and system-wide events;
  2. b. Extreme but plausible shocks as well more gradual changes in key risk parameters such as interest and exchange rates;
  3. c. Potential reputational risk implications of the bank’s actions in a stress scenario;
  4. d. Potential for loss of key sources of funding; and
  5. e. Potential outflows related to customer activity.
4. 4. Stress test program results must be periodically reviewed by the Board or the board risk committee. Results must be incorporated into reviews of the risk appetite, the bank’s ICAAP and capital and liquidity planning processes. The risk management function is responsible for recommending any action required, for example adjustments to risk limits or contingency arrangements, based on stress test results. The results of stress tests and scenario analysis must be communicated to the relevant business line management and functional heads within the bank to assist them in understanding and mitigating the risks inherent in their activities. Stress test program results must factor in the bank’s contingency planning, particularly liquidity risk management and contingency funding.
5. 5. The identification and management of all material risks must be consistent on a bank-wide and if applicable, group-wide basis. This is of particular importance with respect to a bank’s and, if applicable, a group’s ICAAP, given the significant intersection and mutual reinforcement of risk management and capital adequacy. For example, capital and liquidity implications need to be considered in the determination of risks the bank is prepared to assume and the limits for those risks established in the risk appetite statement. Similarly, the impact on capital and liquidity is an important element of a bank’s procedures for review of new products or business lines or acquisitions.
6. 6. From the perspective of capital planning, the ICAAP must explicitly incorporate all material risks, which a bank identifies through its comprehensive approach to risk management. Stress test results must be considered in developing liquidity plans, particularly contingency funding arrangements.

Article 6: Information Systems and Internal Reporting
1. 1. A bank’s comprehensive approach to risk management must include policies and procedures designed to provide risk data aggregation and reporting capabilities appropriate for the risk profile, nature, size and complexity of the bank's business and structure. The policies and procedures for risk data aggregation and reporting must provide for the design, implementation and maintenance of a data architecture and information technology infrastructure that supports the bank’s monitoring and reporting needs in normal times and periods of stress.
2. 2. A bank’s systems must support supervisory reporting requirements and provision of risk reports to all relevant parties within the bank on a timely basis and in a format commensurate with their needs. The scope of reporting must be proportionate to the business activities and complexity of the bank. Ideally, banks will have a highly automated process, however, certain circumstances may mean that manual intervention is required to aggregate risk data and produce supervisory and internal risk management reports.
3. 3. The processes for aggregating the necessary data and producing supervisory and internal risk management reports must be fully documented and establish standards, cutoff times and schedules for report production. The aggregation and reporting process must be subject to high standards of validation through periodic review by the internal audit function using staff with specific systems, data and reporting expertise, particularly where the process requires substantial manual intervention.
4. 4. Banks are encouraged to adopt centralized databases with single identifiers and/or uniform naming conventions for legal entities, counterparties, customers and accounts to facilitate accessing multiple records of risk data across the bank or group in a timely manner. Bank systems must be adequate to compile gross and net exposures to institutional counterparties (i.e. interbank, central counterparties) and to capture credit risk concentrations on a bank-wide or, if applicable, group-wide basis, including on and off-balance sheet exposures, for individual counterparties, groups of related counterparties and other concentrations relevant to the bank’s business such as by currency, industry sector or geographic region. Banks are encouraged to have this information available on a daily basis.

Article 7: Strategic and Operational Decisions
1. l. A bank must have approval procedures for new products, material modification to existing products and strategic or major operational initiatives such as changes in systems, business models or acquisitions. The procedures must ensure that strategic and major operational decisions require approval by the board or a committee of the board. Approval authority for new products or material changes to existing projects may be delegated by the Board to the appropriate level of management, although the Board remains ultimately responsible.
2. 2. In addition to providing for reporting that enables the Board and senior management to monitor the associated risks on an ongoing basis, the procedures must include at a minimum:
  1. a. An assessment of risks under a variety of scenarios, particularly with more pessimistic assumptions than the base-line case;
  2. b. An assessment of the extent to which the bank’s risk management, legal and regulatory compliance, information technology, business line and internal control functions have the necessary expertise, systems and other tools to measure and manage the associated risks, if necessary withholding approval if the required measures are not in place; and
  3. c. An ongoing assessment of risk and performance relative to initial projections and if necessary adapting the risk management treatment in light of experience.
3. 3. Mergers and acquisitions, disposals and other changes to bank or group structure can pose special risk management challenges. Risks can arise from conducting insufficient due diligence that fails to identity post-transaction risks or activities conflicting with the bank’s strategic objectives or Risk Appetite. The risk management function must be actively involved in assessing the risks of such transactions and must report its findings directly to the Board or a committee of the board.

Article 8: Group Risk Management
1. 1. A bank for which the Central Bank is the primary regulator is required to meet the objectives of the Regulation and Standards on a solo and group-wide basis. Subsidiaries and affiliates, including non-bank entities, must be captured by the bank’s comprehensive approach to risk management and must be part of the overall risk governance framework to ensure that the policies, business strategies, procedures and controls of the subsidiaries and affiliates are aligned with those of the group.
2. 2. The boards and senior management of subsidiaries and affiliates remain responsible for their entities’ risk management. The methods and procedures applied by subsidiaries and affiliates must support risk management on a group-wide basis. Parent banks must conduct group-wide risk management and prescribe group policies and procedures, while the boards and senior management of subsidiaries and affiliates must have input with respect to the local or regional application of these policies and procedures and the assessment of local or regional risks.
3. 3. Parent banks are responsible for ensuring that the risk management function in subsidiaries and affiliates is adequately resourced and that group reporting lines support the independence of the risk management, compliance and internal audit functions from the risk-taking business lines throughout the group. Parent banks are responsible for ensuring that reporting to the group by subsidiaries and affiliates is sufficiently detailed and timely to support effective group-wide risk management.
4. 4. Where the Central Bank is not the primary regulator of a bank that operates a branch in the U.A.E., the branch must have a risk governance framework and risk management function that meets the requirements of the Regulation and Standards. The “three lines of defense” approach must be incorporated within the branch. This will require a senior risk officer, compliance officer and senior internal audit officer with stature within the branch comparable to the business line managers².
5. 5. Reporting relationships between officers of the branch and group business lines and functions must support the independence of the risk management, compliance and internal audit functions from the risk-taking business lines. These branches must provide the Central Bank with unfettered access to any staff of the group involved in the risk management of the branch and any group reports or data that the Central Bank may request.
² Considering the principle of proportionality and the role of group functions in overseeing the branch, a bank may demonstrate to the Central Bank that it meets the requirements of the Regulation and Standards in some other way.

Article 9: Disclosures
1. 1. A Bank must comply with the disclosure requirements. A bank must have a board-approved disclosure policy. A bank must describe in its disclosures its risk management objectives and policies including the following items:
  1. a. Strategies and processes (for each material risk);
  2. b. Structure and organization of its risk governance;
  3. c. Scope and nature of risk reporting and/or measurement systems;
  4. d. Policies for hedging and/or mitigating risk; and
  5. e. Strategies and processes for monitoring the continuing effectiveness of hedges/mitigants.

Article 10: Islamic Banking
1. 1. The Board offering Islamic financial services must ensure that the comprehensive approach to risk management ensures compliance with Sharī’ah provisions in addition to meeting the other requirements of the Regulation and Standards. The risk governance framework must specifically identify and address for each relevant risk any elements arising from the use of Islamic financial instruments, as well as risks specific to Islamic instruments and agreements. At a minimum, the risk governance framework of a bank offering Islamic financial services must address:
  1. a. Identifying, monitoring and mitigating potential credit risk exposures that may arise at different stages of the various financing agreements;
  2. b. Requiring a due diligence review in respect of counterparties prior to deciding on the choice of an appropriate Islamic financing instrument;
  3. c. Considering separately and on an overall basis liquidity exposures with respect to each category of current account, unrestricted and restricted investment accounts;
  4. d. Ensuring adequate recourse to Sharī’ah-compliant funds to mitigate liquidity risk;
  5. e. Identifying and managing equity investment risk including appropriate and consistent valuation methodologies agreed between the bank and its equity investment partners and exit strategies with respect to equity investment activities;
  6. f. Ensuring compliance with Sharī’ah provisions to mitigate the risk of income having to be donated to charity rather than recognized;
  7. g. Implementing a comprehensive approach to assessing and reporting on the potential impacts of market factors affecting rates of returns on assets relative to the expected rates of return to investment account holders (rate of return risk);
  8. h. Using appropriate measures to safeguard the interests of all fund providers which will include but is not limited to ensuring that when investor funds are comingled with the bank’s funds, the basis for asset, revenue, expense and profit allocations are established, applied and reported in a manner consistent with the bank’s fiduciary responsibilities; and
  9. i. Ensuring that risks arising from the provision of Islamic financial services are appropriately captured in the bank's forward-looking stress-testing program.

Standard re Risk Management Requirements for Islamic Banks
CBUAE/BSD N 1198/2021 Effective from 25/2/2021

Article (1) Introduction
1. 1.1This Standard re risk management requirements for Islamic banks (“the Standard”) forms part of the Risk Management Regulation (Circular 153/2018) issued by the Central Bank on 27^th May 2018. Licensed banks that conduct all or part of their activities in accordance with the provisions of Islamic Shari’ah (“Islamic Banks and Banks Housing an Islamic Window” both referred to hereafter as “IBs”) must comply with this Standard. This Standard is mandatory and enforceable in the same manner as the Regulation.
2. 1.2Banks housing an Islamic Window should comply with the provisions of this Standard in relation to the Shari’ah compliant businesses and activities. Banks housing an Islamic Window must integrate the risk management requirements stated in this Standard within the existing risk management framework and apply these requirements to the existing modes and contracts within the Islamic Window.
3. 1.3This Standard should be read in conjunction with the other risk management standards issued by the Central Bank. The Standard elaborates on risk management aspects pertaining to IBs that have not been specifically addressed in other regulations or standards issued by the Central Bank. IBs should comply with the requirements of this Standard in addition to the requirements stated in the other risk management regulations and standards.
4. 1.4It is crucial for IBs to recognize and evaluate the overlapping nature and transformation of risks that exist between and among the categories of the above-mentioned risks. IBs may also face consequential business risks relating to developments in the external marketplace. Adverse changes in IB’ markets, counterparties, or products as well as changes in the economic and political environments in which IBs operate and the effects of different Shari’ah standards are examples of business risk. These changes may affect IBs’ business plans, supporting systems and financial position. In this regard, IBs are expected to view the management of these risks from a holistic perspective.
5. 1.5IBs are exposed to reputational risk arising from failures in governance, business strategy and process. Negative publicity about the IBs business practices, particularly relating to Shari’ah non-compliance in their products and services, could have negative impact on their market position, profitability and liquidity.
6. 1.6This Standard is issued pursuant to the powers vested in the Central Bank under the provisions of the Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities and its amendments (“Central Bank Law”).
7. 1.7Where this Standard stipulates to provide information, undertake certain measures, or address certain terms listed as a minimum, the Central Bank may impose requirements, which are additional to those outlined in the relevant article of the Standard.
8. 1.8This Standard elaborates on the supervisory expectations of the Central Bank with respect to risk management for Shari’ah compliant businesses and activities.

Article (2) Scope of Application
1. 2.1This Standard applies to all IBs. IBs established in the UAE with Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Standard is adhered to on a solo and Group-wide basis.
2. 2.3An IB which sets up special purpose vehicles with the objective of conducting specific Shari’ah compliant activity must ensure that the risks arising in the special purpose vehicle are monitored and reported at the group level (risk management on a consolidated basis).
3. 2.4This Standard must also be read in conjunction with the Standards and Resolutions issued by the Higher Shari’ah Authority (HSA).

Article (3) Definitions
1. a.Affiliate: An entity that, directly or indirectly, controls, or is controlled by, or is under common control with another entity. The term control as used herein to mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direct of the management of another entity.
2. b.Board: The Islamic Bank’s board of directors.
3. c.Central Bank: The Central Bank of the United Arab Emirates.
4. d.Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities and its amendments.
5. e.Central Bank Regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
6. f.Credit Risk: The potential that a counterparty fails to meet its obligations in accordance with agreed terms. Credit risk includes the risk arising in the settlement and clearing transactions.
7. g.Compliance with Islamic Shari’ah refers to compliance with Shari’ah in accordance with:
  a.resolutions, fatwas, regulations, and standards issued by the Higher Shari’ah Authority in relation to licensed activities and businesses of IBs (“HSA’s Resolutions”), and
  b.resolutions and fatwas issued by Internal Shari’ah Supervision Committee (“ISSC”) of the respective IB, in relation to licensed activities and businesses of such institution (“the ISSC’s Resolutions”), provided they do not contradict HSA’s Resolutions.
8. h.Displaced Commercial Risk: Risk where the IB may be under market pressure to voluntarily pay a return that exceeds the rate that has been earned on assets financed by Investment Account Holder when the return on assets is under-performing as compared with competitors’ rates.
9. i.Equity Investment Risk: Risk arising from entering into a partnership for the purpose of undertaking or participating in a particular financing or general business activity as described in the contract, and in which the provider of finance shares in the business risk.
10. j.Fiduciary responsibilities and duties refers to the responsibilities of IB to treat all their fund providers appropriately and in accordance with the terms and conditions of their investment agreements.
11. k.Fiduciary Risk: Risk that arises from IBs’ failure to perform in accordance with explicit and implicit Standards applicable to their fiduciary responsibilities.
12. l.Fund Providers: Refers to the deposits received by IB and that includes (a) current account holders; and (b) Investment Account Holders.
13. m.Group: A group of entities which includes an entity (the ‘first entity’) and:
  a.any Controlling Shareholder of the first entity;
  b.any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
  c.any Affiliate, joint venture, sister company and other member of the Group.
14. n.Internal Shari’ah Audit: Regular process to inspect and assess the IB’s compliance with Islamic Shari’ah and the level of effectiveness of the IB’s Shari’ah governance systems.
15. o.Internal Shari’ah Supervision Committee (ISSC): A body appointed by the IB, comprised of scholars specialized in Islamic financial transactions, which independently supervises the transactions, activities, and products of the IB and ensures they compliance with Islamic Shari’ah in all its objectives, activities, operations, and code of conduct.
16. p.Internal Shari’ah Control Division (or Section): Technical division (or section) in the IBs with a mandate to support the ISSC its mandate.
17. q.Investment Risk Reserve: Investment risk reserve is the amount appropriated by the IBs out of the income of Investment Account Holder (IAH), after allocating the Mudarib’s share, in order to cushion against future investment losses for IAH.
18. r.Investment Account: Refers to the deposits accepted by IBs on the basis of Mudarabah or Wakalah contract or any other profit generating contract.
19. s.Islamic Window: Refers to the licensed activities that are conducted in accordance with the Islamic Shari’ah that are carried by financial institutions for their account or for the account of or in partnership with third parties which comply with the regulatory requirements stated in this Standard and other regulations issued by the Central Bank.
20. t.Market Risk: Refers to the potential impact of adverse price movements such as benchmark rates, foreign exchange (FX) rates, equity prices and commodity prices, on the economic value of an asset.
21. u.Parent: An entity (the ‘first entity’) which:
  1. a.Holds a majority of the voting rights in another entity (‘the second entity’);
  2. b.Is a shareholder of the second entity and has the right to appoint or remove the majority of the board of directors or managers of the second entity; or
  3. c.Is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity; or
  4. d.If the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
22. v.Profit Equalization Reserve: The amount appropriated out of the Mudaraba profits, in order to maintain a certain level of return on investment for the Mudarib and unrestricted investment account holders and mitigate displaced commercial risk.
23. w.Rate of Return Risk: Overall balance sheet exposures where mismatches arise between assets and balances from fund providers.
24. x.Restricted Investment Accounts: The account holders authorize the IBs to invest their funds based on Mudaraba or Wakala contracts with certain restrictions as to where, how and for what purpose these funds are to be invested.
25. y.Risk Appetite: The aggregate level and types of risk an IB is willing to assume, decided in advance and approved by the Board and within its risk capacity, to achieve its strategic objectives and business plan.
26. z.Risk Limits: Specific quantitative measures that must not be exceeded based on, for example, forward-looking assumptions that allocate the bank’s aggregate risk appetite to business lines, legal entities or management units within the bank or group in the form of specific risk categories, concentrations or other measures as appropriate.
27. aa.Risk Profile: Point in time assessment of the bank’s gross (before the application of any risk mitigants) or net (after taking into account risk mitigants) risk exposures aggregated within and across each relevant risk category based on current or forward-looking assumptions.
28. bb.Risk Governance Framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risk limits relative to the bank’s strategy; and identify, measure, manage and control risks.
29. cc.Risk Management Function: Collectively, the systems, structures, policies, procedures and people that measure, report and monitor risk on a bank-wide and, if applicable, group-wide basis.
30. dd.Senior Management: The executive management of the Bank responsible and accountable to the Board for sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
31. ee.Shari’ah Non-Compliance Risk: Probability of financial loss or reputational damage that IB might incur or suffer due to not complying with Islamic Shari’ah.
32. ff.Subsidiary: An entity (the ‘first entity’) is a subsidiary of another entity (the ‘second entity’) if the second entity:
  1. a.Holds a majority of the voting rights in the first entity;
  2. b.Is a shareholder of the first entity and has the right to appoint or remove the majority of the board of directors or managers of the first entity; or
  3. c.Is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity; or
  4. d.If the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.
33. gg.Unrestricted Investment Accounts: The account where the holders authorize the IBs to invest their funds based on Mudaraba or Wakala (agency) contracts without laying any restriction on how the investment is to be managed. The IBs can commingle these funds with their own funds and invest them in pooled portfolio.

Article (4) Risk Governance Framework for IB
1. 4.1An IB must establish, implement and maintain a risk governance framework that enables it to identify, assess, monitor, mitigate and control risks. The risk governance framework consists of policies, procedures processes, systems, controls and limits. The risk governance framework must be comprehensive and address the specific risks associated with Shari’ah compliant businesses and activities.
2. 4.2IBs that are branches of foreign licensed financial institutions must adhere to this Standard or establish equivalent arrangements to ensure regulatory comparability and consistency. The equivalent arrangement, if applicable, should include the matters related to general assembly, the Board and its Committees without contradicting the prevailing laws in the UAE. The equivalent arrangements must be submitted to the Central Bank for approval.
3. 4.3IBs must ensure an adequate system of controls with appropriate checks and balances are in place. The controls must (a) comply with the Islamic Shari’ah, (b) comply with applicable regulatory and internal policies and procedures; and (c) take into account the integrity of risk management processes.
4. 4.4In addition to the minimum elements of the risk governance framework stated in the Central Bank’s Risk Management Standards (153/2018), IBs must incorporate the following minimum elements into the risk governance framework:
  1. a.Internal Shari’ah Supervisory Committee,
  2. b.Internal Shari’ah Compliance, and
  3. c.Internal Shari’ah Audit.
5. 4.5In defining and assessing risks, IBs must consider both the probability of the risk materializing and its potential impact on the IB. In addition to the factors to be assessed in the context of the potential risk impact as stated within Central Bank’s Risk Management Standards (153/2018) the IB must also assess the ability to meet its fiduciary responsibility to Investment Account Holders (IAH), both restricted and unrestricted investment accounts.
6. 4.6IBs risk governance framework must address all material risks which at a minimum must include the following items:
  1. a.Credit Risk;
  2. b.Market Risk;
  3. c.Liquidity Risk;
  4. d.Operational Risk and Shari’ah Non-compliance Risk;
  5. e.Displaced Commercial Risk;
  6. f.Equity Investment Risk;
  7. g.Rate of Return Risk;
  8. h.Risks arising from its strategic objectives and business plans; and
  9. i.Other risks that singly, or in combination with different risks, may have a material impact on the IB.
7. 4.7The Board is ultimately responsible for developing the IB’s Shari’ah compliant risk governance framework. The framework must incorporate a “three lines of defense” approach. In addition to the stated requirements within the Central Bank’s Risk Management Standards (153/2018) the IB’s approach should also include provisions relating to:
  - -Internal Shari’ah Supervision Committee (ISSC);
  - -Internal Shari’ah compliance, and
  - -Internal Shari’ah Audit.
8. 4.8The risk appetite statement must reflect a written articulation of the aggregate level and types of risk that an IB is willing to accept, or avoid, in order to achieve its business objectives. However, an IB should have no tolerance toward Shari’ah non-compliance risk. In addition to the minimum items set-out within Central Bank’s Risk Management Standards (153/2018), an IB’s risk appetite statement must also cover the following risks:
  - -Shari’ah Non-Compliance Risk,
  - -Displaced Commercial Risk,
  - -Rate of Return Risk and
  - -Equity Investment Risk.
9. 4.9IBs must define and document roles and responsibilities towards IBs’ risk governance framework.
10. 4.10The Board’s Risk Committee (“Risk Committee”) is responsible to review and approve the establishment of framework for managing all material risks as part of the overall risk management framework of the IB and must oversee its implementation by the Senior Management.
11. 4.11The Risk Committee must supervise and monitor the management of Shari’ah non-compliance risk and set controls in relation to this type of risk, in consultation with the ISSC and through the internal Shari’ah control division, or section.
12. 4.12The Risk Committee must ensure there is an information system that enables the IB to measure, assess and report all risks including but not limited to Shari’ah Non-Compliance Risk, Equity Investment Risk and Displaced Commercial Risk. Reports must be provided on a timely manner to the Board and Senior Management, in formats suitable for their use and understanding.
13. 4.13In addition to the minimum items set-out within Central Bank’s Risk Management Regulation, IBs must include in its documented ICAAP, within the Internal Control review, provisions relating to the Internal Shari’ah Audit function.
14. 4.14IBs should manage risks in accordance with the Shari’ah rules and the scope determined by the contracts IBs use as basis for their financial transactions. IBs may not transfer risks to counterparties, or avoid responsibilities and ownership risks, which result from using specific contracts. IBs may manage these risks by other means that do not conflict with the provisions of Islamic Shari’ah.

Article (5) Risk Management Function of IBs
1. 5.1The head of the risk management function, the Chief Risk Officer (CRO) or equivalent is responsible for assisting the Board, board committees, executive committee (including the Internal Shari’ah Supervision Committee), senior management (including Internal Shari’ah Control Division or Section and Internal Shari’ah Audit) to develop and maintain the risk governance framework applicable to its IB.
2. 5.2In addition to the key activities set out within the Central Bank’s Risk Management Standards (153/2018), IBs must include identifying, assessing, monitoring and reporting risks associated specifically to Shari’ah compliant business and activities.

Article (6) Risk Measurement and Use of Models for IBs
1. 6.1The risk assessment and measurement processes undertaken by IBs must specifically address the risk of loss arising from Mudaraba, Musharaka and Wakala contracts, where applicable. Rigorous risk evaluation (including due diligence) must be adequately conducted in view of the exposure to capital impairment.

Article (7) Stress Testing of Material Risks for IBs
1. 7.1IBs must ensure that risks arising from the provision of Shari’ah Compliant business and activities are appropriately captured in the IBs’ forward-looking stress-testing program.

Article (8) Information Systems and Internal Reporting for IBs
1. 8.1IBs must ensure that an adequate system of controls with appropriate checks and balances are in place. The controls must:
  1. a.Ensure compliance with the provisions of Islamic Shari’ah, and
  2. b.Take into account the integrity of risk management processes.

Article (9) Strategic and Operational Decisions
1. 9.1As part of the IBs’ overarching approval process, the following at a minimum must be undertaken by IBs:
  1. a.New Product Approvals must include a risk assessment with a variety of scenarios, particularly with more pessimistic assumptions than the base-line case. The assessment should take into consideration the legal consequences of the underlying Shari’ah structure/contract throughout the life span of the products and services e.g. event of default, restructuring and rescheduling scenarios.
  2. b.Mergers and acquisitions, disposal and other changes must include adequate due diligence that identifies post-transaction risks or activities conflicting with the IBs’ Governance Framework and other specifities relating to IBs. An IB must have a strategy towards alleviating over-dependence on few types of underlying structures/contracts that may present limitations in terms of tradability and flexibility in the events where risk emerges (e.g. dependence on monetization products).

Article (10) Disclosures of IBs
1. 10.1In addition to the requirements set out within Central Bank’s Risk Management Standards (153/2018) regarding disclosures, IBs must make appropriate and timely disclosure of information to Investment Account Holders. The disclosure should include information related to Profit Equalization Reserves and Investment Risk Reserves, if applicable, so that the investors are able to assess the potential risks and rewards of their investments and to protect their own interests in their decision-making process. Applicable international financial reporting standards must be used for this purpose.

Article (11) Credit Risk
1. 11.1IBs must have in place:
  - -an appropriate credit strategy, including pricing and tolerance for undertaking credit risks exposures;
  - -a risk management structure with effective oversight of credit risk management; credit policies and operational procedures including credit criteria and credit review processes, acceptable forms of risk mitigation, and limit setting;
  - -an appropriate measurement and careful analysis of exposures, including market and liquidity-sensitive exposures; and
  - -a system (a) to monitor the condition of ongoing individual credits to ensure the financings are made in accordance with the IBs’ policies and procedures, (b) to manage credit challenges according to an established remedial process; and (c) to ensure adequate provisions are allocated.
2. 11.2IBs must have in place an appropriate framework for credit risk management and reporting in respect to all assets. This includes credit risk related to different stages of the Shari’ah compliant products and investments. IBs must apply the credit risk principles to credit risks associated with securitization and investment activities.
3. 11.3The risk assessment and measurement processes undertaken by IBs must also be applicable to profit sharing assets (Mudaraba and Musharaka) which are classified under equity investments. Rigorous risk evaluation (including due diligence) and controls of these investments are necessary in view of their exposure to capital impairment. This must not contradict the risk sharing nature in these instruments as prescribed by Islamic Shari’ah.
4. 11.4IBs must have in place a strategy for financing, using various instruments in compliance with Shari’ah, whereby the strategy recognizes the potential credit exposures that may arise at different stages of the various financing agreements.
5. 11.5IBs must manage and account for the credit risk arising from Shari’ah compliant instruments where:
  - -no Shari’ah compliant compensation can be imposed, and/or
  - -the profit cannot be increased/continued.
6. 11.6IBs must have a policy for carrying out a due diligence review in respect of counterparties prior to deciding on the choice of an appropriate Shari’ah compliant financing instrument.
  This has to be carried in particular, for transactions involving:
  - New ventures with multiple financing modes: IBs should carry out due diligence processes on customers using multiple financing modes to meet specific financial objectives designed to address Shari’ah, legal or tax issues of customers.
  - Creditworthiness that may be influenced by external factors: Where significant investment risks are present in participatory instruments, especially in the case of Mudarabah financings, additional counterparty reviews and evaluations will focus on the business purpose, operational capability, enforcement and economic substance of the proposed project including the assessment of realistic forecasts of estimated future cash flows. IBs should put in place risk mitigating structures in place to the extent possible.
7. 11.7IBs must have in place Shari’ah compliant credit risk mitigating techniques appropriate for each Islamic financing instrument. IBs must be aware of the commencement of exposure to credit risk inherent in different financing instruments such as the non-binding nature of certain contracts. Risk management techniques should not change the nature or the Shari’ah aspects of the contract in order to mitigate the risk.
8. 11.8IBs should clearly define their credit risk-mitigating techniques including, but not limited to, having in place:
  - -a methodology for setting mark-up rates according to the risk rating of the counterparties, where expected risks should be taken into account in the pricing decisions;
  - -permissible and enforceable collateral and guarantees;
  - -stipulating the counter party’s commitment to donate in case of default in the legal documentations in accordance with the applicable Shari’ah resolutions and standards;
  - -clear documentation as to whether or not purchase orders are cancellable; and
  - -clear procedures for taking account of governing laws for contracts relating to financing transactions.
9. 11.9In a financing involving several related agreements, IBs must be aware of the binding obligations arising in connection with credit risks associated with the underlying assets for each agreement. IBs must ensure that all components of a financial structure comply with the Shari’ah parameters applicable to combination of contracts.
10. 11.10IBs must establish limits on the degree of reliance and the enforceability of collateral and guarantees subject to the provisions set-out within the relevant rules of Islamic Shari’ah.
11. 11.11IBs must have appropriate credit management systems and administrative procedures in place to undertake early remedial action in the case of financial distress of a counterparty or, in particular, for managing bad credits, potential and defaulting counterparties. This system should be reviewed on a regular basis. Remedial actions will include both administrative and financial measures.
  Administrative measures may inter alia include:
  - -negotiating and following-up pro-actively with the counterparty through maintaining frequent contact with the counterparty;
  - -setting an allowable timeframe for payment or to offer rescheduling (without an increase in the amount of the debt in debt based instruments) or Shari’ah compliant restructuring arrangements;
  - -using a debt-collection agency;
  - -resorting to legal action, including the attachment of any credit balance belonging to defaulters according to the agreement between them; and
  - -making a claim under Shari’ah-compliant insurance as applicable.
  Financial measures may include, among others:
  - -invoking commitment to donate clauses, where applicable, in accordance with the relevant Shari’ah parameters,; and
  - -establishing the enforceability of collateral or third party guarantees.
12. 11.12IBs must set appropriate measures for early settlements.
13. 11.13IBs must have policies to define adequately the action to be taken by the IB when a customer cancels a non-binding purchase order.
14. 11.14IBs should assess and establish appropriate policies and procedures pertaining to the risks associated with their own exposures in parallel transactions.
15. 11.15IBs must ensure, whenever possible or applicable, that there is sufficient Shari’ah-compliant insurance coverage of the value of the assets.
16. 11.16IBs must have in place an appropriate policy for determining and allocating provisions for (a) non-performing debt categories, including counterparty exposures; and (b) estimated impairment in value of assets.

Article (12) Market Risk
1. 12.1Requirements on market risk must be read in conjunction with the Market Risk Regulation and accompanying Standards (Circular 164/2018).
  IBs must have in place an appropriate framework for market risk management in each stage of the contract, including reporting in respect of all assets held, particularly those that do not have a ready market and/or are exposed to high price volatility.
2. 12.2IBs must establish a sound and comprehensive market risk management process and information system, which (among others) comprises:
  - -a conceptual framework to assist in identifying underlying market risks;
  - -guidelines governing risk taking activities in different portfolios of restricted IAH and their market risk limits;
  - -appropriate frameworks for pricing, valuation and income recognition; and
  - -a strong management information system for controlling, monitoring and reporting market risk exposure and performance to appropriate levels of senior management.
  Given that all the required measures are in place (e.g. pricing, valuation and income recognition frameworks, strong MIS for managing exposures, etc.), the applicability of any market risk management framework that has been developed should be assessed taking into account consequential business and reputation risks.
3. 12.3IBs must adhere to the fiduciary duty to apply the same risk management policies and procedures to assets held on behalf of restricted Investment Account Holders as they do for assets held on behalf of shareholders and unrestricted Investment Account Holders.
4. 12.4IBs must be able to quantify market risk exposures and assess exposure to the probability of future losses in their net open asset positions.
5. 12.5IBs must take into consideration the specifics of each Shari’ah compliant instrument in the following manner:
  1. a.In operating Ijarah contracts, a lessor is exposed to market risk on the residual value of the leased asset at the term of the lease or if the lessee terminates the lease earlier (by defaulting), during the contract
  2. b.In Salam, an IB as a buyer is exposed to commodity price fluctuations on a long position after entering into a contract and while holding the subject matter until it is disposed of. In the case of parallel Salam, there is also the risk that a failure of delivery of the subject matter by the counterparty which exposes the IBs to commodity price risk as a result of the need to purchase a similar asset in the market in order to honor the parallel Salam contract.
  3. c.Before acquisition of financial assets not actively traded with the intention of selling them, an IB must analyze and assess the factors attributable to changes in liquidity of the markets in which the assets are traded and which give rise to greater market risk.
  IBs may hedge foreign exchange fluctuations arising from general FX spot rate changes in both cross-border transactions and the resultant foreign currency receivables and payables using Shari’ah compliant methods.
6. 12.6In the valuation of assets where no direct market prices are available, IBs must incorporate in their own product program a detailed approach to valuing their market risk positions. IBs may employ appropriate forecasting techniques to assess the potential value of these assets.
  Where available valuation methodologies are deficient, IBs must assess the need (a) to allocate funds to cover risks resulting from illiquidity and uncertainty in assumptions underlying valuation and realization; and (b) to establish a contractual agreement with the counterparty specifying the methods to be used in valuing the assets

Article (13) Equity Investment Risk
1. 13.1IBs must establish an adequate framework towards the management of market risks inherent in the holding of Mudaraba, Musharaka, and Wakala instruments for investment purposes. This includes consideration of quality of the partner, underlying business activities and ongoing operational matters.
2. 13.2IBs must have in place appropriate mechanisms to safeguard the interests of all fund providers. Where IAH funds are commingled with the IBs’ own funds, the IBs must ensure that the bases for asset, revenue, expense and profit allocations are established, applied and reported in a manner consistent with the IB’s fiduciary responsibilities.
3. 13.3In performing the due diligence review, IBs must consider in evaluating the risk in Mudarabah, Musharakah, and Wakala instruments and the capabilities and risk profiles of potential partners (Mudarib or Musharakah partner). Such due diligence is essential to an IBs’ fiduciary responsibilities as an investor of IAH funds in profit sharing and loss-bearing instruments (such as Mudarabah, Musharkah and Wakala).
4. 13.4IBs must consider factors relating to the legal and regulatory environment affecting the equity investment performance during risk evaluation. These factors include policies pertaining to tariffs, quotas, taxation or subsidies and any sudden policy changes affecting the quality and viability of an investment.
5. 13.5IBs risk mitigation techniques attaching to lack of reliable information must require its investor to take an active role in monitoring the investment, or the use of specific risk mitigating structures.
6. 13.6IBs must define and set the objectives of, and criteria for, investments before using profit-sharing and loss-bearing instruments (such as Mudarabah, Musharkah and Wakala), including the types of investment, tolerance for risk, expected returns and desired holding periods.
7. 13.7IBs must have, and keep under review, policies, procedures and an appropriate management structure for evaluating and managing the risks involved in the acquisition of, holding and exiting from loss bearing investments. IBs must ensure proper infrastructure and capacity are in place to monitor continuously the performance and operations of the entity in which IB invest as partners. These should include evaluation of Shari’ah compliance, adequate financial reporting by, and periodical meetings with, partners and proper recordkeeping of these meetings.
8. 13.8IBs must identify and monitor the transformation of risks at various stages of investment lifecycles, for example, where the investee’s business involves innovative or new products and services in the marketplace.
9. 13.9IBs must analyze and determine possible factors affecting the expected volume and timing of cash flows for both returns and capital gains arising from equity investments.
10. 13.10IBs must use Shari’ah compliant risk-mitigating techniques, which reduce the impact of possible capital impairment of an investment. This may include the use of Shari’ah permissible security from the partner.
11. 13.11IBs must ensure that their valuation methodologies are appropriate and consistent and must assess the potential impacts of their methods on profit calculations and allocations. The methods must be mutually agreed between the IB and the Mudarib and/or Musharaka partners.
12. 13.12IBs must assess and take measures to deal with the risks associated with potential manipulation of reported results leading to overstatements or understatements of partnership earnings.
13. 13.13IBs must define and establish exit strategies in respect of their equity investment activities, including extension and redemption conditions for Mudaraba, Musharaka and Wakala investments, subject to the approval of the institution’s Internal Shari’ah Supervision Committee.
14. 13.14IBs must be aware that the risks arising from the use of profit-sharing instruments for financing purposes do not include credit risk in the conventional sense but share a crucial characteristic of credit risk because of the risk of capital impairment.

Article (14) Rate of Return Risk
1. 14.1Requirements in this area must be read in conjunction with the Interest Rate and Rate of Return Risk in the Banking Book Regulation and accompanying Standards (Circular No. 165/2018). IBs must establish a comprehensive risk management and reporting process to assess the potential impacts of market factors affecting rates of return on assets in comparison with the expected rates of return for IAH.
2. 14.2IBs must take necessary steps to ensure that the management processes relating to the identification, measurement, monitoring, reporting and control of the rate of return risk (including appropriate structure) are in place.
3. 14.3IBs must be aware of the factors that give rise to rate of return risk. The primary form of rate of return risk to which IBs are exposed comprises increasing long-term fixed rates in the market. IBs must have in place appropriate systems for identifying and measuring the factors, which give rise to rate of return risk.
4. 14.4IBs must employ a gapping method for allocating positions into time bands with remaining maturities or repricing dates, whichever is earlier.
5. 14.5IBs’ rate of risk return measurement must highlight the importance of cash flow forecasting for instruments and contracts where IBs are required to simulate and assess their behavioral maturity, underlying assumptions and parameters, which must be reviewed periodically for reliability. The materiality of potential threats to future earnings and the usefulness of the resulting information must be considered in determining the type and extent of forecasted behavior for IBs.
6. 14.6IBs are encouraged to employ balance sheet techniques to minimize their exposures using the following strategies, among others:
  1. a.determining and varying future profit ratios according to expectations of market conditions;
  2. b.developing new Shari’ah-compliant instruments; and
  3. c.issuing securitization tranches of Shari’ah permissible assets.

Article (15) Displaced Commercial Risk
1. 15.1IBs must have in place an appropriate framework for managing displaced commercial risk, where applicable.
2. 15.2IBs must have in place a policy and framework for managing the expectations of their shareholders and IAH.
3. 15.3IBs must develop and maintain an informed judgement about an appropriate level of the balances of Profit Equalization Reserve, bearing in mind that its essential function is to provide mitigation of displaced commercial risk.

Article (16) Operational and Shari’ah Non-Compliance Risk
1. 16.1IBs must have in place an appropriate framework, adequate systems, controls and limits for Operational and Shari’ah Non-Compliance Risk management.
2. 16.2IBs must consider the full range of material operational risks affecting their operations, including the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. IBs must also incorporate possible causes of loss resulting from Shari’ah non-compliance and the failure in their fiduciary responsibilities.
3. 16.3IBs must be aware of being exposed to risks relating to Shari’ah non-compliance and risks associated with the IBs’ fiduciary responsibilities towards different fund providers. These risks expose IBs to fund providers’ withdrawals, loss of income or voiding of contracts leading to a diminished reputation or the limitation of business opportunities.
4. 16.4IBs’ must be prudent towards Shari’ah compliance and such compliance requirements must permeate throughout the organization and their products and activities. The perception regarding IBs’ compliance with Shari’ah rules and principles is of great importance to their sustainability.
  In this regard, Shari’ah compliance is considered as falling within a higher priority category in relation to other identified risks. If IBs do not comply with Shari’ah rules and principles, the impacted transactions should be referred to the ISSC to decide on the appropriate treatment (remedy of contracts, derecognition of profit, etc.) and if needed such incidents may be escalated to the HSA.
5. 16.5IBs must ensure that their contract documentation complies with Shari’ah with regard to formation, termination and elements possibly affecting contract performance such as fraud, misrepresentation, duress or any other rights and obligations.
6. 16.6IBs must keep track of income not recognized due to Shari’ah non-compliance and assess the probability of similar cases arising in the future and ensure that appropriate controls are in place to avoid recurrences. This may include monitoring of income not recognized due to origination from Shari’ah non-compliant activities.
7. 16.7IBs must establish and implement a clear and formal policy for undertaking their different and potentially conflicting roles in respect of managing different types of investment accounts. The policy relating to safeguarding the interests of their IAH may include the following:
  - -identification of investing activities that contribute to investment returns and taking reasonable steps to carry on those activities in accordance with the IB’s fiduciary and agency duties and to treat all their fund providers appropriately and in accordance with the terms and conditions of their investment agreements;
  - -allocation of assets and profits between the IB and their IAH will be managed and applied appropriately to IAH having funds invested over different investment periods;
  - -determination of appropriate reserves at levels that do not discriminate against the right for better returns of existing IAH; and
  - -limiting the risk transmission between current and investment accounts.
8. 16.8IBs must adequately disclose information on a timely basis to their IAH and the markets in order to provide a reliable basis for assessing their risk profiles and investment performance.

Article (17) Compliance with the Standard
1. 17.1The IBs should comply fully with these standard requirements within 180 days from publishing this Standard.
2. 17.2The Regulatory Development Division of the Central bank shall be the reference for interpretation of the provisions of this Standard.

Standard Regarding Profit Equalization for Islamic Banks
N 1382/2022

Article (1)

Introduction
1.1 This Standard Regarding Profit Equalization for Islamic Banks (“the Standard”) constitutes additional requirements to the Standards Re Risk Management Requirements for Islamic Banks issued by the Central Bank. This Standard is mandatory and enforceable.
1.2 This Standard is issued by virtue of the powers conferred by the Central Bank under the provisions of Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities and its amendments (“the Central Bank Law”).
1.3 This Standard elaborates on the supervisory expectations of the Central Bank with respect to profit equalization in Islamic Banks and it must be read in conjunction with the regulations, standards and resolutions issued by the Central Bank and the Higher Shari’ah Authority (“HSA”).
1.4 For the Shari’ah aspects related to profit equalization, all Islamic Banks and banks housing an Islamic Window operating in the UAE (“Islamic Banks or “IBs”) are required to comply with the Shari’ah requirements issued by the HSA.

Article (2)

Scope of Application
2.1 This Standard applies to all IBs. Islamic Banks established in the UAE with Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Standard is adhered to on a solo and group-wide basis.
2.2 Islamic Banks may maintain more than one investment pool for different Investment Account Holders (“IAHs”). Each investment pool may earn a different return depending on the yield of the allocated and/or tagged portfolio of assets. The IBs must maintain the separation of accounts for each investment pool.

Article (3)

Profit Equalization Techniques
3.1 The preponderant portion of the profit-generating funds raised by IBs is based on Mudaraba and Wakala contracts. The funds raised are further deployed into the pool that the IB manages in its capacity as Mudarib or Wakil (“Fund Manager”), for both of which the IB enjoys certain rights and undertakes certain responsibilities. IAHs bear the commercial risk associated with the underlying investments made using their funds unless there is negligence, misconduct or breach of contract from the IB. Nevertheless, the return to be distributed to the IAHs can only be ascertained at the end of the investment period. Contractually, IAHs are only entitled to profits or returns if the pool’s underlying assets perform. The profit sharing and loss bearing contracts expose IBs to different risks, which require adherence to strong risk management governance and a high degree of transparency.
3.2 Therefore, one of the key risks IBs are exposed to is Displaced Commercial Risk (“DCR”) whereby the IB may be under market pressure to voluntarily pay a return that exceeds the rate that has been earned on the assets financed by IAHs’ funds, when the return on assets is underperforming when compared with competitors’ returns.
3.3 IBs are expected to develop and implement a sound methodology to identify, monitor, measure and report the impact of DCR and the amount needed to mitigate the exposure. The methodology must be applied systematically and reviewed regularly. Any changes to the adopted methodology must be justified and approved at the appropriate management level and the Board, if applicable.
3.4 In managing this risk, IBs may adopt the following profit equalization techniques:
1. Establish an Investment Risk Reserve (“IRR”). This reserve represents the amount appropriated by the IBs out of the income of IAHs, after allocating the Mudarib’s profit, in order to cushion IAHs against future investment losses. IBs must develop models to determine the size of the IRR and the periodic contributions to be made to build up the IRR over time.
2. Establish a Profit Equalization Reserve (PER) by setting aside amounts from the profits before allocation between the IAH and IB. IBs may fully or partly utilize the amount of the PER to improve the returns for IAHs during periods when the investment pool’s profits are below market expectations.
3. Unconditionally, and based on the IB’s absolute discretion:
  1. Forgo part of or its entire profit as the Mudarib, in favor of the IAH in order to increase the profit attributed to the IAH; and/or
  2. Transfer the IB’s current profits or retained earnings to the IAH on the basis of Hibah / gift.
3.5 IBs may combine more than one technique in order to equalize the profit payout to IAH so as to match the current market returns. The techniques applied must be duly disclosed and compliant with the applicable laws and regulations, including HSA resolutions.
3.6 Subject to 3.1, the IRR and PER must be reflected in the audited financial statements in accordance with the appropriate accounting treatment and must be invested in Shari’ah compliant activities only. Any return from such investment must be credited back to the IRR and PER as applicable.
3.7 IBs must set limits for the amounts transferred to the IRR and PER and must distribute the rest to the IAHs.
3.8 If the IB has various Investment Accounts (“IA”) (with different categories/types/tiers), the IB must ensure that any accumulated reserve (appropriated from a specific category/type/tier) will benefit only the respective IAs, avoiding, in the process, any cross funding.

Article (4)

Governance Requirements
4.1 The Board is responsible for providing robust oversight and a sound monitoring function to ensure that IAs are managed in the best interests of IAH.
4.2 The Board must ensure that profit equalization internal policies, procedures and controls are developed and periodically updated in order to ensure adequate and prudent profit equalization. The Board must ensure that the internal policies, procedures and controls are adequate and duly approved by the Internal Shari’ah Supervision Committee (“ISSC”).
4.3 The Board must review and approve the policies and strategies of the investments, and strategies for the management of DCR, and conduct regular reviews of the investment policies and the performance of the asset portfolio in which IAHs funds are invested.
The broad policies and strategies must address, inter alia, the following areas:
1. The management of DCR, including the limits to and tolerance level of DCR;
2. the policies and mechanisms used in respect of the IB forgoing its share of profits in favor of the IAH; and
3. appropriations to reserves and provisioning, in accordance with the agreed contractual terms and conditions for IAH.
4.4 In order to ensure that profit equalization, including utilization of reserves such as PER and IRR, are appropriately checked and monitored, the Board must form an independent committee (“the Committee”) mandated to scrutinize the utilization of such reserves and to make appropriate recommendations to the Board. The Committee shall coordinate and integrate the implementation of the governance policy framework, with the primary objective of protecting the interests of stakeholders, other than the shareholders, in line with the HSA and ISSC resolutions.
4.5 The Committee shall comprise of at least three members:
1. an independent non-executive director (preferably chairing the Committee);
2. a member of the Board; and
3. a member of the ISSC.
Any increase of membership in the Committee must be filled by independent non-executive directors.
4.6 The Board or its committees must ensure rigorous and diligent oversight policy, process and procedures over the following:
1. the financing and investment activities undertaken by the IB using IAH’s funds;
2. the fiduciary duties performed by the IB, which must be in accordance with the terms and conditions of the Mudarabah and Wakala contracts between the IB and its IAH; and
3. the level of reserve allocation, ensuring that it is appropriate and fair to both existing and new IAHs.
Further, as a part of systems and controls, compliance, internal Shari’ah compliance, internal audit and internal Shari’ah audit functions of the IB must verify the compliance of the IB to approved policies and procedures relating to profit calculation and equalization.
4.7 The Committee shall also evaluate the disclosures made by the IB regarding its asset allocation and investment strategies in respect of IA, in order to monitor closely the performance of IB as managers of such accounts.
4.8 The ISSC must ensure that all IB’s practices related to profit equalization are Shari’ah compliant. This includes reviewing and approving the establishment and any changes to:
1. the internal policies and procedures related to profit equalization,
2. the contractual arrangements between IAHs and the IB, including terms and conditions and the profit equalization arrangements,
3. the profit distribution mechanisms as well as the profit distributed, including appropriation to the PER and IRR,
4. the maintenance of the PER and IRR and their deployment, and
5. the policy regarding liquidation of PER and IRR.

Article (5)

Disclosure Requirements
5.1 IBs must clearly demonstrate, in IA related contracts and agreements to IAH, any equalization practices that are employed by the IB, including the approach towards allocating a portion of income which is appropriated for building up reserves such as PER and IRR.
5.2 IBs must explicitly disclose the following requirements within IA contracts entered with IAH:
- the rights and liabilities of both parties - in particular, with respect to the circumstances where losses are to be borne by the IAH and the implications on contractual rights of the IAHs with regard to early withdrawal and early redemption;
- the extent of management’s right to appropriate IAH’s share of investment profits in order to build up PER and/or IRR, to use these reserves to equalize profit payouts to IAH, and the deployment of unused balances on these accounts when the relevant Mudarabah contract matures;
- the accountability and responsibility of the IB to disclose accurate, relevant and timely information to the IAH on the investment of their funds, including its performance, investment policies, valuation, and frequency of valuation of the IAH funded assets; and
- the rights of IAH in the event that the IB fails to perform its fiduciary obligations in accordance with the applicable IA contract, that is, in the event of proven negligence or misconduct or breach of contract by the IBs whereby the IBs will have to compensate the IAH for any loss.
5.3 IBs must make adequate and timely public disclosures in their annual report, website and any other means used by the IBs, of any material changes to their policies regarding profit calculation, asset allocation, investment strategies and mechanics of equalization of the returns (if any) in respect of the IAs that they manage. The IB must allocate appropriate time between the announcement and the changes being effective.
5.4 The utilization of PER for equalizing the returns to IAH and shareholders, as well as the use of IRR for covering losses (if any), is an issue of public interest and must be publicized via the usual means used by the IB as well as in the annual report of the IB.
5.5 IBs must disclose information on policies, procedures, product design/type, profit allocation basis and differences between restricted and unrestricted IAH in addition to the clarity and transparency regarding the rates of return and associated risks that are applicable to IA.
5.6 Disclosures on the IBs’ websites and notice boards in branches / client-facing offices must include:
1. Percentage of Mudarib Share for the concerned period and at least two previous financial periods in each category of IA.
2. Weightages assigned to each category of IAs for the concerned period and at least two previous financial periods.
3. The actual monthly/periodic profit/loss distributed to each category of IA during the last 2 years.
4. Key highlights of PER and IRR policies.
5.7 IAH disclosures must contain information to reflect, with the appropriate level of detail, the direct and indirect fees, expenses, taxes deducted and the net amount received by the IAH based on the profit calculation and allocation methods adopted by the IB.
5.8 The IB shall be encouraged to provide simplified disclosures, using simple language, and easy- to-understand measures of risk and risk-sharing.

Article (6)

Liquidation Requirements
6.1 In the event of voluntary liquidation, the IBs must dispose the outstanding IRR and PER in accordance with the agreed terms and conditions at the time of establishing the reserves.
6.2 The ownership over the profit equalization reserves, including the IAHs’, must be clearly stated and publicized.

Article (7)

Reporting
Periodic reports must be shared by the Board with the Board committees, ISSC and the Central Bank, stating the current state of the reserve, amount used for the equalization of the profit, and the amount allocated for investment.

Article (8)

Compliance with the Standard
8.1 The IBs must comply fully with the requirements stated in this Standard within 180 days from publishing this Standard.
8.2 The Regulatory Development Division of the Central Bank shall be the reference for the interpretation of the provisions of this Standard.

Appendix: List of disclosures

The disclosures indicated may be made as part of the periodic financial reporting (marked “F” in Tables 1, and 2), or as part of product information published in connection with new products or changes in existing products - for example, prospectuses and offer documents (marked “P” in Tables 1, and 2). Some disclosures may be made under both headings.

Table 1: Investment Accounts (both Unrestricted and Restricted IAH)

			F	P
General Qualitative Disclosures	1.	Written procedures and policies applicable to the IAs, including a synopsis of the following: range of investment products available from the IB; characteristics of investors for whom various investment accounts may be appropriate; purchase, redemption and distribution procedures; experience of portfolio managers, investment advisors and trustees; governance arrangements for the IAH funds; and procedures for trading and origination of assets.		√
	2.	Disclosure that IAH funds are invested and managed in accordance with Shari’ah requirements.	√	√
	3.	Product information and the manner in which the products are made available to investors.		√
	4.	Bases of allocation of assets, expenses and profit in relation to IAH funds.	√
	5.	Disclosure on the policies governing the management of both unrestricted and restricted IAH funds, which covers the approaches to the management of the investment portfolio, establishment of reserves, and the calculation, allocation and distribution of profits.	√	√
General Quantitative Disclosures	6.	PER-to-IA ratio - that is: Amount of total PER / Amount of Aby type of IAH.	√
	7.	IRR-to-IA ratio - that is: Amount of total IRR / Amount of IA by type of IAH.	√
	8.	Return on Assets (ROA) - that is: Amount of total net income (before distribution of profit to unrestricted IAH) / Total amount of assets financed by shareholders’ equity and minority interests, unrestricted IAH, and current accounts and other liabilities.	√
	9.	Return on Equity (ROE) - that is, Amount of total net income (after distribution of profit to IAH) / Amount of shareholders ’ equity.	√
	10.	Ratios of profit distributed to IA by type of IAH.	√	√
	11.	Ratios of financing to IA by type of IAH.	√

Table 2: Unrestricted Investment Accounts

			F	P
Additional Qualitative Disclosures	1.	General investment objectives and policies that are offered to the unrestricted IAH based on the general business strategy and risk-sharing policies of the IB (including commingling of funds).		√
	2.	Disclosure on the major changes in the investment strategies that affect the investment accounts (including commingling of funds).	√	√
	3.	Method for calculation and distribution of profits.		√
	4.	Rules governing the transfer of funds to or from PER andIRR.	√	√
	5.	Bases applied for charging expenses to unrestricted IAH.	√	√
	6.	Description of total administrative expenses charged to unrestricted IAH.		√
Additional Quantitative Disclosures	7.	Total amount of unrestricted IAH funds, and sub-totals by asset category.	√
	8.	Share of profits earned by unrestricted IAH, before transfers to or from reserves (amount and as a percentage of funds invested).	√
	9.	Share of profits paid out to unrestricted IAH, after transfers to or from reserves (amount and as a percentage of fundsinvested).	√
	10.	Changes on PER during the year.	√
	11.	Changes on IRR during the year.	√
	12.	Disclosure of the utilization of PER and/or IRR during theperiod.	√
	13.	Profits earned and profits paid out over the past three to fiveyears (amounts and as a percentage of funds invested).	√
	14.	Amount of total administrative expenses charged to unrestricted IAH.	√
	15.	Average declared rate of return or profit rate on unrestricted IA by maturity (3-month, 6-month, 12-month, 36-month).		√
	16.	Changes in asset allocation in the last six months.	√
	17.	Off-balance sheet exposures arising from investment decisions, such as commitments and contingencies.	√
	18.	Disclosure of limits imposed on the amount that can be invested in any one type of asset.	√	√

Credit Risk

Credit Risk Management
- Credit Risk Management Regulation
- Credit Risk Management Standards

Large Exposures Regulation
C 1/2023 Effective from 26/7/2023

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, the Central Bank is issuing this regulation setting large exposure limits for Banks.
The regulation is aimed at banks' management of risk concentrations, and in particular the risk that the default of a single counterparty or Group Of Connected Counterparties would endanger the solvency of the Bank.

Scope
This regulation applies to all Banks, including branches of foreign banks, operating in the UAE.
The requirements apply at every tier within a banking group, meaning at solo and consolidated level, and all levels of sub-consolidation.

Objective
This regulation is seeking to manage concentrations and limit the maximum possible loss a Bank could incur due to the failure of a single counterparty or Group Of Connected Counterparties.

Article (1): Definitions
1.1 Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
1.2 Branch Capital: shall mean the fully paid-up capital at branch level as defined in the Minimum Capital for Banks Regulation.
1.3 Central Bank: The Central Bank of the United Arab Emirates.
1.4 Central Bank Law: Decretal Federal Law No. (14) of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities as amended.
1.5 ECAI: External Credit Assessment Institution.
1.6 Intraday: funds which can be accessed during the business day, usually to enable financial institutions to make payments in real time.
1.7 Group Of Connected Counterparties: a group of connected counterparties as defined in Article 4 of this regulation.
1.8 Qualifying Central Counterparty: A qualifying central counterparty as defined in the Capital Adequacy Standards.
1.9 Related Parties: the Group and its Controlling Shareholders, members of the board and senior management (and their Relatives) and persons with control, joint control or significant influence over the Bank (and their Relatives).
1.10 Relatives: The individual's parents, siblings and children.
1.11 Sovereign: for the purpose of this regulation, sovereign refers to the UAE Federal Government and any other foreign sovereign with a long term credit rating of at least AA- (or its equivalent) issued by an ECAI recognized by the Central Bank.
1.12 The Unknown Client: where the counterparty of an exposure is unknown to the Bank, for example because a structure does not disclose exposures below a certain threshold, the exposure should be assigned to “the unknown client', to which the large exposure limit applies. For the avoidance of doubt, the exposure to the unknown client is the aggregate of all exposures across all such transactions, regardless of whether they are related in any way.

Article (2): Definition of a Large Exposure
2.1 The sum of all exposure values of a Bank to a counterparty or to a Group Of Connected Counterparties is considered a large exposure if it is equal to or exceeds 10% of the Bank's Tier 1 capital.
2.2 The exposure value must be calculated in accordance with the provisions of this regulation.

Article (3): Large Exposure Limits
3.1 The sum of all the exposure values of a Bank to a single counterparty or to a Group Of Connected Counterparties must not be higher than 25% of the Bank's Tier 1 capital at all times.
3.2 For a global systemically important Bank's exposures to another global systemically important bank, the large exposure limit is 15%. When a bank is identified by the Financial Stability Board as a global systemically important bank, Banks must apply the 15% limit within 12 months of publication of the list by the Financial Stability Board.
3.3 For exposures to the UAE local governments and their public sector entities, the large exposure limits as set out in Article 12 of this regulation apply.
3.4 Additional restrictions apply to exposures to Related Parties as set out in Article 18 of this regulation.
3.5 Breaches of the limits described in Article 3.1 to 3.4 must be communicated immediately to the Central Bank and must be rapidly rectified.
3.6 For any breaches of the limits described in Article 3.1 to 3.4, the Tier 1 capital will be reduced by the amount by which the limit is breached.
3.7 The Central Bank may in exceptional cases, if it deems the risk to be low, waive the application of Article 3.6 for exposures to a particular counterparty or Group of Connected Counterparties, and determine a risk-weight to be applied to the amount by which the limit is breached instead.

Article (4): Connected Counterparties
4.1 Two or more counterparties shall be considered a Group Of Connected Counterparties if at least one of the following criteria is satisfied:
4.1.1 Control relationship: one of the counterparties, directly or indirectly, has control over the other(s).
4.1.2 Economic interdependence: if one of the counterparties were to experience financial problems, in particular funding or repayment difficulties, the other(s), as a result, would also be likely to encounter funding or repayment difficulties.
4.2 Banks must assess the relationship amongst counterparties against the criteria listed in Article 4.1 and take into account at least the criteria listed below in Article 4.3 and 4.4.
4.3 The following criteria must be considered to assess the control relationship between counterparties:
4.3.1 If one counterparty owns more than 50% of the voting rights of the other counterparty, Banks must consider the control relationship established;
4.3.2 Voting agreements whereby a majority of voting rights in one counterparty are controlled by another counterparty pursuant to an agreement with other shareholders;
4.3.3 Significant influence on the appointment or dismissal of an entity's board or senior management, such as the right to appoint or remove a majority of members in those bodies, or the fact that a majority of members have been appointed solely as a result of exercising an individual entity's voting rights;
4.3.4 Significant influence on senior management, such as where a counterparty has the power, through a contract or otherwise, to exercise a controlling influence over the management or policies of another counterparty, for example through consent rights over key decisions.
4.3.5 Control relationships as established by the applicable accounting standards.
4.4 The following criteria must be considered to assess the economic interdependence between counterparties:
4.4.1 Where at least half of one counterparty's annual gross receipts or gross expenditures is derived from transactions with the other counterparty. For example, the owner of a real estate portfolio rented out for the most part to a single tenant;
4.4.2 Where one counterparty has guaranteed an exposure of the other counterparty, or is liable by other means, and the exposure is so significant that the guarantor is likely to default if a claim occurs;
4.4.3 Where a significant part of one counterparty's output is sold to another counterparty, and that counterparty cannot easily be replaced by other customers;
4.4.4 When the expected source of funds to repay the loans of both counterparties is the same and neither counterparty has another independent source of income from which the loan may be serviced and fully repaid;
4.4.5 Where it is likely that the financial problems of one counterparty would cause difficulties for another counterparty in terms of full and timely repayment of liabilities;
4.4.6 Where the insolvency or default of one counterparty is likely to be associated with the insolvency or default of another counterparty;
4.4.7 When two or more counterparties rely on the same source for the majority of their funding and, in the event of the common provider's default, an alternative provider cannot be found and funding problems of one counterparty are likely to spread to another counterparty due to one-way or twoway dependence on the same main funding source.
4.5 Where a control relationship has been established based on the criteria set out in Article 4.3 above, a Bank may still approach the Central Bank to demonstrate and seek agreement that such control does not result in the entities concerned constituting a Group Of Connected Counterparties, for example due to specific circumstances and corporate governance safeguards.
4.6 Where economic interdependence has been established based on the criteria in Article 4.4 above, a Bank may still approach the Central Bank to demonstrate and seek agreement that a counterparty, while economically closely related to another counterparty, may still overcome financial difficulties, including the other counterparty's default.
4.7 Banks may apply proportionality and apply a risk-based approach when assessing economic interdependence. However, Banks must identify the Group Of Connected Counterparties on the basis of economic interdependence in all cases where the sum of all exposures to one individual counterparty exceeds 5% of Tier 1 capital.
4.8 The Central Bank may at its own discretion determine that certain exposures must be considered a Group Of Connected Counterparties.

Article (5): Reporting Requirements
Banks must report the following to the Central Bank in the manner established by the Central Bank:
5.1 All exposures measured in accordance with the provisions of this regulation, taking into account the effects of credit risk mitigation, equal to or above 10% of the Bank's Tier 1 capital;
5.2 All exposures measured in accordance with the provisions of this regulation without the effects of credit risk mitigation taken into account equal to or above 10% of the Banks' Tier 1 capital;
5.3 All the exempted exposures with values equal to or above 10% of the Bank's Tier 1 capital;
5.4 The largest 20 exposures to counterparties measured in accordance with Article 6 of this regulation and included in the scope of application, irrespective of the values of these exposures to the Bank's Tier 1 capital;
5.5 All exposures subject to additional restrictions as set out in Article 18 of this regulation, regardless of their size; and
5.6 Exposures by sector, country, and currency.

Article (6): Measurement of Exposures
6.1 As a general principle, the exposure values that must be considered to identify large exposures are the exposures defined under the risk-based capital framework, including both on- and off- balance sheet exposures, both in the banking and the trading book, and including instruments with counterparty credit risk.
6.2 Exposure amounts that are deducted from Tier 1 capital must not be added to the exposures to that counterparty for the purpose of the large exposure framework. This exclusion does not apply to 1,250% risk-weighted exposures.
6.3 As a general principle, the exposure value is the accounting value of the exposure, i.e. reduced by the specific provisions and value adjustments.
6.4 For instruments that give rise to counterparty credit risk, but are not securities financing transactions, the exposure value must be the exposure at default in accordance with the standardized approach for counterparty credit risk.
6.5 The exposure value for securities financing transactions must be calculated using the comprehensive approach with standard supervisory haircuts for credit risk mitigation as set out in the capital adequacy regulation.
6.6 The exposure amount for off-balance sheet exposures is calculated by converting the off- balance sheet items into credit exposure equivalents through the use of credit conversion factors as set out in the standardized approach for credit risk. For the purpose of the large exposures framework, the minimum credit conversion factor applied for off-balance sheet items is 10%.

Article (7): Credit Risk Mitigation Techniques
7.1 Only the following credit risk mitigation techniques are considered eligible for the purposes of the large exposure framework:
7.1.1 Unfunded credit protection meeting the minimum requirements and eligibility criteria for the recognition of unfunded credit protection under the standardized approach; and
7.1.2 Financial collateral qualifying as eligible financial collateral under the standardized approach.
7.2 Other forms of collateral that are only eligible under the internal-ratings based approach are not eligible to reduce exposure values for the purposes of the large exposure framework.
7.3 A Bank must recognize eligible credit risk mitigation techniques in the calculation of an exposure whenever it has used this technique to calculate the risk-based capital requirements, provided the technique also meets the conditions for recognition under the large exposures framework.
7.4 Hedges with maturity mismatches are recognized in accordance with the risk-based capital framework.
7.5 In case of a maturity mismatch in respect of credit risk mitigants that are recognised in the risk-based capital requirements, the adjustment of the credit protection to calculate the large exposure is determined using the same approach as in the risk-based capital requirements.
7.6 Where legally enforceable netting arrangements are in place for loans and deposits, the exposure values for large exposures purposes may be calculated according to the same calculation the Bank uses for capital requirements purposes.

Article (8): Credit risk mitigation techniques that reduce the original exposure
8.1 A Bank must reduce the value of the exposure to the original counterparty by the amount of the eligible credit risk mitigation technique recognised for risk-based capital requirements purposes.
8.2 The recognised amount mentioned in Article 8.1 is:
8.2.1 The value of the protected portion in the case of unfunded credit protection;
8.2.2 The value of the portion of claim collateralised by the market value of the recognised financial collateral when the Bank uses the simple approach for risk-based capital requirements purposes;
8.2.3 The value of the collateral as recognised in the calculation of the counterparty credit risk exposure value for any instruments with counterparty credit risk, such as over-the-counter derivatives;
8.2.4 The value of collateral adjusted after applying the required haircuts, in the case of financial collateral when the Bank applies the comprehensive approach. The haircuts used to reduce the collateral amount are the supervisory haircuts under the comprehensive approach - internally modelled haircuts must not be used.

Article (9): Recognition of Exposures to Credit Risk Mitigation Providers
9.1 Whenever a Bank recognises a reduction of the exposure to the original counterparty due to an eligible credit risk mitigation technique, it must also recognise an exposure to the credit risk mitigation providers. The amount assigned to the CRM provider is the amount by which the exposure to the original counterparty is reduced.

Article (10): Calculation of Exposure Value for Trading Book Positions
10.1 A Bank must add any exposures to a single counterparty arising in the trading book to any other exposures to that counterparty in the banking book to calculate its total exposure to that counterparty.
10.2 Trading book positions not corresponding to concentration risk associated with the default of a single counterparty are out of the scope of the large exposure framework. As such, concentrations in commodities or currencies are not subject to the large exposures limit. Banks must nevertheless appropriately evaluate and manage concentrations in exposures to commodities and currencies.
10.3 The exposure value of straight debt instruments and equities is defined as the accounting value of the exposure.
10.4 Instruments such as swaps, futures, forwards and credit derivatives must be converted into positions following the risk-based capital requirements. Such instruments are decomposed into their individual legs; and only the legs representing exposures in scope of the large exposures framework must be considered. This implies that legs that do not entail any risk due to the default of the counterparty are not considered.
10.5 In the case of credit derivatives that represent sold protection, the exposure to the referenced name must be the amount due in case the respective referenced name triggers the instrument, minus the absolute value of the credit protection. In the case of credit-linked notes, the protection seller needs to consider positions both in the bond of the note issuer and in the underlying referenced by the note. For positions hedged by credit derivatives, see Articles 11.3 to 11.6 of this regulation.
10.6 The exposure value for options is the change in option price that would result from a default of the underlying instrument.
Hence, the exposure value of a long call option is its market value.
The exposure value of a short put option is equal to its strike price minus its market value.
The exposure value of a short call option equals a negative exposure equal to the market value.
The exposure value of a long put option equals a negative exposure equal to the strike price of the option reduced by its market value.
The resulting positions are aggregated with those from other exposures. After this aggregation, negative net exposures are set to zero.
10.7 Exposure values of a Bank's investments in transactions, such as index positions, securitisations, hedge funds or investment funds, must be calculated in accordance with the same rules as for similar instruments in the banking book. This implies that the amounts invested in such a structure may be assigned to the structure itself, defined as a counterparty distinct from the counterparties corresponding to the underlying assets or to the unknown client, following the rules described in Articles 15.1 to 15.6 of this regulation.
10.8 Covered bonds held in the trading book are subject to the general treatment for covered bonds described in Article 14 of this regulation.

Article (11): Offsetting Long and Short Positions in the Trading Book
11.1 Banks may offset long and short positions in the same issue and consider only the net position in that issue for the purpose of calculating a Bank's exposure to that particular counterparty.
Two issues are defined as the same if the issuer, coupon, currency and maturity are all identical.
11.2 Positions in different issues from the same counterparty may be offset only when the long position is senior to the short position, or if the positions are of the same seniority.
11.3 For positions hedged by credit derivatives, the hedge may be recognised provided the underlying of the hedge and the position hedged fulfil the requirements of Article 11.2, i.e. that the long position is senior or of equivalent seniority to the short position.
11.4 To determine the relative seniority of positions, securities may be allocated into broad buckets of degrees of seniority, such as for example “equity”, “subordinated debt”, and “senior debt”.
11.5 Offsetting of long and short positions in different issues relating to the same counterparty is not allowed in case the Bank chooses not to allocate securities to seniority buckets as described in Article 11.4.
11.6 For positions hedged by credit derivatives, the provisions of Article 9.1 of this regulation apply and a new exposure to the credit protection provider must be recognised.
11.7 In case the credit protection takes the form of a credit default swap, and either the provider of the credit default swap or the referenced entity is not a financial entity, the amount to be assigned to the credit protection provider is the counterparty credit risk exposure value as calculated under the standardized approach for counterparty credit risk.
11.8 Financial entities, for this purpose, includes regulated financial institutions, including nonbank financial institutions and foreign financial institutions, as well as unregulated financial institutions whose main business includes the management of financial assets, lending, factoring, leasing, provision of credit enhancements, securitisation, investments, financial custody, central counterparty services, proprietary trading and other financial services activities identified by supervisors.
11.9 Netting across the banking and trading books is not permitted.
11.10 When the result of offsetting is a net short position with a single counterparty, this net exposure need not be considered as an exposure for the purposes of the large exposure framework.

Article (12): Sovereign Exposures and Public Sector Entities
12.1 Banks' exposures to the UAE Federal Government, the Central Bank of the UAE, and exposures to other foreign sovereigns rated at least AA- and their central banks are exempted from the large exposure limit.
12.2 A Banks' aggregate exposure to the Emirates Governments, meaning the exposure to all of the Emirates Governments combined and inclusive of exposures to their non-commercial public sector entities, is subject to an aggregate limit of 150% of Tier 1 capital. Exposures directly to the Emirates Governments are not restricted at individual level, but exposures to their non-commercial entities are restricted at individual level to 25% of Tier 1 capital.
12.3 Exposures to the commercial entities of UAE Federal and Emirates Governments are subject to an individual limit of 25% and an aggregate limit of 100% of Tier 1 capital.
12.4 A commercial public sector entity that is selfsustainable, meaning, at a minimum, that it is profitable and can service its debt from its own resources without a need for any implicit or explicit government support, can be considered as a counterparty separate from its government parent subject to Central Bank approval. This public sector entity, and the Group Of Connected Counterparties it belongs to, is then subject to the general large exposure limit, but not to the aggregate limits described in Article 12.2 and 12.3.
12.5 Exposures or parts thereof guaranteed by, or secured by instruments issued by, the counterparties listed in Article 12.1 are exempted from the large exposure limit to the extent that the eligibility criteria for the recognition of credit risk mitigation are met.
12.6 Where two or more entities that are outside the scope of the exemption described in Article 12.1 are controlled by or economically dependent on an entity that falls within the scope of Article 12.1, but are otherwise not connected, those entities need not be deemed to constitute a Group Of Connected Counterparties.
12.7 While the exposures described in Article 12.1 are exempted from the large exposure limit, these exposures must nevertheless be reported if these exposures meet the criteria for definition as a large exposure.
12.8 Where an exposure to an exempted entity is hedged by a credit derivative, an exposure to the provider of the credit protection must nevertheless be recognised in accordance with Articles 9.1 and 11.7 of this regulation.
12.9 Non-commercial public sector entities of the UAE Federal Government are subject to the general large exposure limit as set out in Article 3.1 of this regulation, with the exception of those ‘treated as sovereign' under the credit risk standards.
12.10 The Central Bank may, on an exceptional, temporary and case-by-case basis, increase the aggregate limit set out in Article 12.2. Such an exception will detail the new maximum permissible limits, and the risk-weight add-on applicable to the amounts by which the normal limits as set out in Article 12.2 are exceeded.
12.11 The exemption set out in Article 12.1 also applies to multilateral development banks for which a 0% risk weight applies under the Central Bank's credit risk standards.

Article (13): Interbank Exposures
13.1 Intraday interbank exposures are exempted from the large exposure framework.
13.2 Any other interbank exposures are subject to the large exposure limit set out in Article 3 of this regulation.
13.3 Banks incorporated in the UAE must limit the aggregate exposure to their foreign branches to 30% of Tier 1 capital, where those branches are located in a jurisdiction which requires them to hold capital in that jurisdiction. The exposure value is equal to the sum of all of the branch's liabilities where the head office is the counterparty, including the dotation capital. The denominator is the entity's Tier 1 capital.

Article (14): Covered Bonds
14.1 For covered bonds, an exposure to the issuing Bank must be assigned equal to 100% of the nominal value of the Bank's covered bond holding, or, where the covered bond satisfies the conditions set out in Article 14.2 below, an exposure to the issuing Bank of at least 20% of the nominal value of the Bank's covered bond holding.
14.2 To be eligible to be assigned an exposure of less than 100%, a covered bond must satisfy all of the following conditions:
14.2.1 It must meet the definition of a covered bond: Covered bonds are bonds issued by a bank or mortgage institution and are subject by law to specific supervision designed to protect bond holders. Proceeds deriving from the issue of these bonds must be invested in conformity with the law in assets which, during the whole period of the validity of the bonds, are capable of covering claims attached to the bonds and which, in the event of the failure of the issuer, would be used on a priority basis for the reimbursement of the principal and payment of the accrued interest.
14.2.2 The pool of underlying assets must consist exclusively of:
14.2.2.1 Claims on, or guaranteed by, sovereigns, their central banks, public sector entities or multilateral development banks;
14.2.2.2 Claims secured by mortgages on residential real estate that would qualify for a 35% or lower risk weight under the standardized approach for credit risk and having a loan-to-value ratio of 80% or lower; and/or
14.2.2.3 Claims secured by commercial real estate that would qualify for the 100% or lower risk-weight under the standardized approach for credit risk and with a loan-to-value of 60% or lower.
14.2.3 The nominal value of the pool of assets assigned to the covered bond by its issuer should exceed its nominal outstanding value by at least 10%. This requirement can be met also in jurisdictions where the former 10% is not required by law, however in that case the issuing bank needs to regularly publicly disclose that their covered pool meets the 10% requirement in practice.
This 10% additional collateral may also include substitution assets, such as cash or short term secure assets, and derivatives entered into to hedge risks arising in the covered bond programme.
14.2.4 The requirements regarding maximum loan-to-value ratio for residential and commercial real estate referred to in Article 14.2.2 must be met following an objective market value of the collateral and frequent revaluation of the collateral.

Article (15): Collective Investment Undertakings, Securitisation Vehicles, and other Structures
15.1 Banks must consider exposures even when a structure lies between the Bank and the exposures, that is, even when the Bank invests in structures through an entity which itself has exposures to assets (hereafter referred to as the "underlying assets"). Banks must assign the exposure amount, i.e. the amount invested in a particular structure, to specific counterparties following the approach described below. Such structures include funds, securitisations and other structures with underlying assets.
15.2 A Bank may assign the exposure amount to the structure itself, defined as a distinct counterparty, if it can demonstrate that the Bank's exposure amount to each underlying asset of the structure is smaller than 0.25% of its Tier 1 capital, considering only those exposures to underlying assets that result from the investment in the structure itself and using the exposure value calculated according to Article 15.8 and 15.9. This condition is always considered fulfilled whenever a Bank's whole investment in a structure is less than 0.25% of the Bank's Tier 1 capital. In this case, a Bank is not required to look through the structure to identify the underlying assets.
15.3 A Bank must look through the structure to identify those underlying assets for which the underlying exposure value is equal to or above 0.25% of its Tier 1 capital. In this case, the counterparty corresponding to each of the underlying assets must be identified so that these underlying exposures can be added to any other direct or indirect exposure to the same counterparty. The Bank's exposure amount to the underlying assets that are below 0.25% of the Bank's Tier 1 capital may be assigned to the structure itself (ie partial look- through is permitted).
15.4 If a Bank is unable to identify the underlying assets of a structure:
15.4.1 Where the total amount of its exposure is less than 0.25% of its Tier 1 capital, the total exposure amount of the Bank's investment must be assigned to the structure;
15.4.2 In other cases, the total exposure amount of the Bank's investment must be assigned to “The Unknown Client”.
15.5 The Bank must aggregate all unknown exposures as if they related to a single counterparty, referred to as “The Unknown Client”, to which the large exposure limit applies.
15.6 Banks must not circumvent the large exposure limit by investing in multiple structures with identical underlying assets that represent individually immaterial transactions.
15.7 If the look-through approach does not need to be applied, a Bank's exposure to the structure must be the nominal amount invested in the structure.
15.8 When the look-through approach is required in accordance with this Article, the exposure value assigned to the counterparty is equal to the pro rata share that the Bank holds in the structure multiplied by the value of the underlying asset in the structure. Thus, a Bank holding a 1% share of a structure that invests in 20 assets each with a value of 5 must assign an exposure of 0.05 to each of the counterparties. These exposures to these counterparties must be added to any other direct or indirect exposures the Bank has to these counterparties.
15.9 When the look-through approach is required in accordance with this Article, the exposure value to a counterparty is measured for each tranche within the structure, assuming a pro rata distribution of losses amongst investors in a single tranche. To compute the exposure value to the underlying asset, a Bank must:
(1) First, consider the lower of (a) the value of the tranche in which the Bank invests, and, (b) the nominal value of each underlying asset included in the underlying portfolio of assets
(2) Second, apply the pro rata share of the Bank's investment in the tranche to the value determined in the first step above.
15.10 Banks must identify third parties that may constitute an additional risk factor inherent in a structure itself rather than in the underlying assets. Such a third party could be a risk factor for more than one structure that a Bank invests in. Examples of such third parties include the originator, fund manager, liquidity provider, and protection provider. There may be multiple such common risk factors, all of which must be recognised separately.
15.11 Based on the common risk factor identified in accordance with Article 15.10, a Bank must form a distinct Group Of Connected Counterparties that is subject to the large exposure limit.
15.12 Banks must assess whether the exposure to the common risk factor is also an exposure to the entity representing that common risk factor. In the case of a credit protection provider, this will be the case, however it may not be the case for the originator or fund manager where the structures can operate independently. If the latter can be demonstrated by the Bank, the exposure to the common risk factor need not be added to the exposure to the entity representing that common risk factor.

Article (16): Exposures to Central Counterparties
16.1 Banks' exposures to Qualifying Central Counterparties related to clearing activities are exempted from the large exposures limit, however, these exposures are subject to the reporting requirements as defined in Article 5 of this regulation.
16.2 Banks' exposures to non-Qualifying Central Counterparties must be measured as the sum of the clearing exposures described in Article 16.4 and the non-clearing exposures described in Article 16.6, and is subject to the large exposure limit set out in Article 3 of this regulation.
16.3 The requirement related to connected counterparties set out in Article 4 of this regulation does not apply to exposures to central counterparties specifically related to clearing activities. For non-clearing exposures, the provisions related to connected counterparties fully apply.
16.4 Banks must calculate the following types of exposure as set out below:
16.4.1 Trade exposures: the exposure value of trade exposures must be calculated following the relevant provisions of this regulation (as for any other counterparty).
16.4.2 Segregated initial margin: the exposure value is zero.
16.4.3 Non-segregated initial margin: the exposure value is the nominal amount of the initial margin posted.
16.4.4 Pre-funded default fund contributions: the exposure value is the nominal amount of the funded contribution.
16.4.5 Unfunded default fund contributions: the exposure value is zero.
16.4.6 Equity stakes: the exposure value is the nominal amount.
16.5 For exposures where the Bank acts as a clearing member or where the Bank acts as client of a clearing member, the Bank must determine the counterparty to which the exposures must be assigned in accordance with the capital adequacy standards.
16.6 Any other exposure types not directly related to clearing services provided by the central counterparty must be measured according to the rules set out in this regulation, as for any other counterparty, and are subject to the large exposure limit.

Article (17): Risk Management and Governance
17.1 A Bank must have policies and processes that provide a comprehensive, Bank-wide view of significant sources of concentration risk, including also sources of concentration risk not captured by the large exposure limit as described in this regulation, such as exposures to a single industry, economic sector, geographic region, as well as exposures to a particular asset class, product, collateral or currency.
17.2 A Bank's information systems must be able to identify and aggregate risk concentrations in a timely manner, and facilitate the active monitoring and management of all risk concentrations as described in Article 17.1.
17.3 A Bank's risk appetite statement must include thresholds for acceptable concentrations of risk reflecting the Bank's risk appetite. These thresholds must be appropriately integrated into a Bank's processes and procedures, and well understood by any relevant staff.
17.4 All material risk concentrations must be regularly reviewed and reported to the Board. Such reports must highlight any current, near or expected breaches of the risk appetite and of the regulatory requirements.
17.5 Senior management must monitor the large exposure limits described in this regulation for the purposes of risk management and to detect any breaches. In the case of breaches, senior management must comply with Article 3.5 of this regulation immediately. Immediate communication means that this communication cannot be subject to Board approval, review, or any other form of confirmation by the Board.
17.6 A Bank must include in its stress testing programmes the impact of significant risk concentrations.
17.7 A Bank must cover in its Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment Process (ILAAP) all forms of concentration risk.
17.8 New or additional exposures resulting in a large exposure may only be granted following approval by the Board of the Bank, or following approval by a designated Board committee.
17.9 Where an existing exposure becomes a large exposure for any reason other than the Bank granting an additional exposure, the Board must be informed immediately. Such a large exposure must also be approved by the Board or a designated Board committee, but it may be done ex-post within a reasonable timeframe.
17.10 A large exposure must be subject to increased monitoring, proportional to its size and risks, in terms of all associated risks, including also risks other than credit risk such as legal, compliance, market and interest rate risk. This should also be reflected in the frequency, detail, and the granularity of reporting to the Board.

Article (18): Exposures to Related Parties

18.1 In addition to the large exposure limits, additional limits apply to the Related Parties as set out below:

		Aggregate	Individual
18.1.1	Shareholders who own 5% or more of a Bank’s capital, the Group Of Connected Counterparties they belong to, and their Related Parties	50%	20%
18.1.2	Bank’s non-bank subsidiaries and affiliates	25%	10%
18.1.3	Bank’s Board Members	25%	5%
18.1.4	Bank’s external auditors	Prohibited

18.2 In Article 18.1.1 above, the individual limit for shareholders applies to an independent shareholder, the Group Of Connected Counterparties they belong to, and their Related Parties. The aggregate limit applies to multiple such Groups of Connected Counterparties and Related Parties, which are otherwise not identified as a Group Of Connected Counterparties.

18.3 Where a Board Member constitutes a Group Of Connected Counterparties with a shareholder who owns 5% or more of the Bank's capital, the lower limits applicable to Board Members apply to that Group Of Connected Counterparties. However, a natural person nominated by a shareholder need not be considered a Group Of Connected Counterparties with that shareholder based on his nomination alone.

Article (19): Application to Branches of Foreign
19.1 The general large exposure limit applicable to branches of foreign banks is equal to the lower of 250% of the Branch Capital and 25% of the entity level capital. This is instead of the limit set in Article 3.1 of this regulation.
19.2 A branch's head office and its head office's branches are always considered a single counterparty, and, based on the criteria set out in Article 4 of this regulation, will normally constitute a Group Of Connected Counterparties with its group, including all subsidiaries of the ultimate parent, to which the large exposure limits apply.
19.3 A branch of a foreign bank must limit its exposures to its head office, which includes exposures to other branches of the head office, to maximum 30% of the Branch Capital for funded exposures and 300% of the Branch Capital for unfunded exposures.
19.4 For the large exposure limits for which the application to branches is not specified, the same limits apply as for Banks incorporated in the UAE, and the limits are applied to the Branch Capital.

Article (20): Enforcement & Sanctions
20.1 Violation of any provision of this regulation and any accompanying Standards may be subject to supervisory action and administrative and financial sanctions as deemed appropriate by the Central Bank.
20.2 Supervisory action and administrative and financial sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, imposition of fines or barring individuals from the UAE banking sector.

Article (21): Interpretation of Regulation
The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this regulation.

Article (22): Cancellation of Previous Circulars and Notices
This regulation repeals and replaces the following Central Bank Circulars and Notices:
22.1 Circular No. 32 of 2013 regarding “Monitoring of Large Exposure Limits” and its annexes (including the “Guidelines to Monitoring of Large Exposures”);
22.2 Notice No. 300/2013 dated 17/11/2013 regarding “Regulations Re Monitoring of Large Exposure Limits”; and,
22.3 Notice No. 226/2018 dated 1/10/2018 regarding “Large Exposures - Credit Concentrations Above Limits”.

Article (23): Publication & Effective Date
23.1 This regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect (1) one month from the date of publication.
23.2 A grandfathering scheme will apply to any breaches that are due to the change in regulation, as set out in this Article.
23.3 The ‘grandfathered basis' is equal to the breach recorded as of 31 December 2022 when applying the requirements of this regulation, deducted by the breach recorded as of the same date when applying the requirements of Circular No. 32/2013 regarding “Monitoring of Large Exposure Limits” and its annexes (including the “Guidelines to Monitoring of Large Exposures”). The aforementioned requirements include the change in capital base, large exposure limits, and calculation methods.
The grandfathered basis is tied to a specific exposure and counterparty, which will be referred to as the ‘grandfathered exposure', and cannot be used to apply grandfathering to any other exposures or counterparties. For the avoidance of doubt, where the aggregate of multiple exposures to the same counterparty (or Group Of Connected Counterparties) leads to a breach, the grandfathering applies to that specific group of exposures only.
The grandfathered basis is fixed and does not change over time.
23.4 The grandfathering basis will determine the ‘grandfathered amount', which is the amount by which a grandfathered exposure may be reduced when applying the requirements of this regulation. The grandfathered amount is determined by multiplying the grandfathered basis with the following percentage:
23.4.1 100%, upon this regulation coming into force until 30 December 2023;
23.4.2 75%, from 31 December 2023 until 30 December 2024;
23.4.3 50%, from 31 December 2024 until 30 December 2025;
23.4.4 25%, from 31 December 2025 until 30 December 2026;
23.4.5 0%, from 31 December 2026 and onwards.
On 31 December 2026, the grandfathering scheme will cease having any effect.
23.5 Article 3.5 and 3.6 of this regulation do not apply to the grandfathered amount; but apply fully to the exposures in breach after applying the grandfathering scheme.
23.6 The reporting requirements set out in Article 5 of this regulation fully apply to any grandfathered exposures. Banks that have grandfathered exposures will however be required to attach additional information to their regular reporting to the Central Bank providing an overview of:
23.6.1 The grandfathering basis as per Article 23.3;
23.6.2 The percentage applied for the current period as per Article 23.4;
23.6.3 The grandfathered amount as per Article 23.4;
23.6.4 The current exposure amount without deduction of the grandfathered amount;
23.6.5 The amount by which the above (Article 24.6.4) breaches the applicable limits;
23.6.6 The current exposure amount after deduction of the grandfathered amount;
23.6.7 The amount by which the above (Article 24.6.6) breaches the applicable limits.
The Central Bank may issue further instructions on how the above should be reported, including both in terms of content and in terms of format.
23.7 For interbank exposures, the grandfathering scheme set out above does not apply, and Banks must comply fully by 31 December 2023.

Annex 1

Large Exposures Regulation 1 Annex 1 Summary of regulatory large exposure limits
Exposure type	Aggregate limit	Individual limit
General large exposure limit Applies to any exposure unless specifically stated otherwise.
1.1 A single borrower or group of related borrowers	n/a	25%

Exposures with specific limits Limits overriding the general large exposure limit.
Sovereign and UAE public sector entity exposures
1.2 UAE federal government and their non-comm. PSEs treated as sovereign	n/a
1.3 Foreign sovereigns rated at least AA-	n/a
1.4 UAE local governments	150%	n/a
1.5 Non-commercial entities of UAE local governments	150%	25%
1.6 Commercial entities of UAE federal and local governments	100%	25%
1.7 Self-sustainable commercial entities of UAE federal and local governments	n/a	25%

Interbank exposures
1.8 Intraday interbank exposures	n/a
1.9 UAE incorporated bank's exposure to its foreign branches (Art. 13.3)	30%	n/a
1.10 G-SIB's exposure to another G-SIB	n/a	15%

Transactions with related parties
1.11 Shareholders who own 5% or more of a Bank's capital, the Group of Connected Counterparties they belong to, and their Related Parties	50%	20%
1.12 Bank's non-bank subsidiaries and affiliates	25%	10%
1.13 Bank's board members	25%	5%
1.14 Bank's external auditors	Prohibited

Application to branches of foreign banks *(lower of branch capital limit and entity Tier 1 capital limit)*	Entity Tier 1 capital	Branch capital
1.15 General large exposure limit	25%	250%
1.16 Funded exposures to own head office, its subsidiaries, affiliates and branches	n/a	30%
1.17 Unfunded exposures to own head office and its branches	n/a	300%

Operational Risk

Operational Risk Regulation
C 163/2018 Effective from 29/8/2018

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, Banks must have appropriate policies, processes, procedures, systems and controls to identify, monitor and mitigate operational risks.
In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approaches to operational risk are in line with leading international practices.
This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where this Regulation or its accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements, which are additional to the list provided in the relevant article.

Objective
The objective of this Regulation is to establish minimum acceptable standards for Banks’ approach to managing operational risks, with a view to:
i Ensuring the soundness of Banks; and
ii Enhancing financial stability
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to operational risk management.

Application
This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with significant Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation and Standards are adhered to on a solo and Group-wide basis.
This Regulation and Standards must be read in conjunction with the Risk Management Regulation and Standards, which establish the requirements for Banks’ overarching approach to risk management.

Article 1: Definitions
1. Affiliate: An entity that, directly or indirectly, controls, is controlled by or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a Bank.
3. Board: The Bank’s Board of Directors.
4. Central Bank: The Central Bank of the United Arab Emirates.
5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
6. Central Bank regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
7. Group: A group of entities that includes an entity (the 'first entity') and:
  1. a) any Parent of the first entity;
  2. b) any Subsidiary of the first entity or of any Parent of the first entity; and
  3. c) any Affiliate.
8. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
9. Operational risk: The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk but excludes strategic and reputational risk.
10. Parent: An entity (the 'first entity') which:
  1. a) holds a majority of the voting rights in another entity (the 'second entity');
  2. b) is a shareholder of the second entity and has the right to appoint or remove a majority of the Board of directors or managers of the second entity; or
  3. c) is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity.
    
    Or;
  4. d) if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
11. Risk appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
12. Risk limits: Specific quantitative measures that must not be exceeded based on, for example, forward looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations or other measures as appropriate.
13. Risk profile: Point in time assessment of the Bank’s gross (before the application of any mitigants) or net (after taking into account mitigants) risk exposures aggregated within and across each relevant risk category based on current or forward-looking assumptions.
14. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risk limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
15. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
16. Subsidiary: An entity (the 'first entity') is a subsidiary of another entity (the 'second entity') if the second entity:
  1. a) holds a majority of the voting rights in the first entity;
  2. b) is a shareholder of the first entity and has the right to appoint or remove a majority of the Board of directors or managers of the first entity; or
  3. c) is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity.
    
    Or;
  4. d) if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.

Article 2: Operational Risk Governance Framework
1. A Bank must have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk on a timely basis.
2. The members of the Board bear ultimate responsibility for ensuring that a Bank has an adequate operational risk governance framework, which must be fully integrated into the Bank’s overall risk governance framework.
3. A Bank must ensure that its operational risk strategy, policies and processes are consistent with its risk profile, systemic importance, risk appetite and capital strength and take account of market and macroeconomic conditions.
4. A Bank must address all major aspects of operational risk prevalent in the business of the Bank on a bank-wide and if applicable Group-wide basis.

Article 3: Board of Directors
1. The Board must approve and thereafter review at least annually, the Bank’s operational risk strategies, policies and processes, including disaster recovery and business continuity plans.
2. The Board must establish a formal process to oversee Senior Management and ensure that the strategies, policies and processes are implemented effectively at all decision levels.

Article 4: Senior Management
1. Senior Management must ensure that the Board-approved operational risk management strategy and significant policies and processes are implemented effectively and fully integrated into the Bank’s overall risk management process.

Article 5: Identification and Assessment
1. The Board-approved operational risk management strategy must provide for the identification and assessment of the operational risks inherent in all material products, activities, processes and systems.

Article 6: Control and Mitigation
1. The Board-approved operational risk management strategy must foster a strong control environment that utilizes policies, processes and systems, appropriate internal controls and appropriate risk mitigation and transfer.

Article 7: Disaster Recovery and Business Continuity Management
1. A Bank must have disaster recovery and business continuity plans in place to ensure its ability to operate on an ongoing basis and limit losses in the event of a severe business disruption. Such plans must be commensurate with the risk profile, nature, size and complexity of the Bank’s business and structure and take into account different scenarios to which the Bank may be vulnerable.
2. Disaster recovery and business continuity plans must ensure that critical business functions can be maintained or recovered in a timely manner to minimize the financial, legal, regulatory, reputational and other risks that may arise from a disruption.
3. The Board must ensure there is a periodic independent review of the Bank’s disaster recovery and business continuity plans to ensure adequacy and consistency with current operations, risks and threats, recovery levels and priorities.

Article 8: Information Technology
1. A Bank must establish appropriate information technology policies and processes to identify, assess, monitor and manage technology risks.
2. A Bank must have appropriate information technology infrastructure to meet its current and projected business requirements under normal circumstances and in periods of stress. This infrastructure must ensure data and system integrity, security and availability and support integrated and comprehensive risk management.

Article 9: Systems and Internal Reporting
1. A Bank must have appropriate and effective information systems to:
  1. a) Monitor operational risk;
  2. b) Compile and analyze operational risk data; and
  3. c) Facilitate appropriate reporting mechanisms at the Bank’s Board, Senior Management and business line levels that support proactive management of operational risk.

Article 10: Reporting Requirements and Disclosure
1. A Bank must promptly notify the Central Bank when it becomes aware of a significant deviation from its Board-approved operational risk appetite statement, policies or procedures, or becomes aware that a material operational risk has not been adequately addressed.
2. A Bank must provide, upon request, any specific information with respect to operational risk that the Central Bank may require.
3. A Bank’s publicly disclosed information must be appropriate to permit stakeholders to assess the Bank’s approach to operational risk management in the context of the Bank’s size, risk profile, complexity of operations and evolving industry practice.
4. A Bank must promptly notify the Central Bank of any operational risk event that triggers, or is likely to trigger disaster recovery or business continuity plans, or has, or is likely to have, a material impact on the Bank’s operations, profitability or capital.

Article 11: New Businesses, Products and Systems
1. The approval procedures for new businesses, products or systems or material modification of existing businesses, products or systems required by the Risk Management Regulation and Standards must explicitly address operational risk.

Article 12: Islamic Banking
1. A Bank offering Islamic financial services must ensure that its operational risk management framework addresses any operational risks arising from potential non-compliance with Shari’a rules and principles.

Article 13: Enforcement
1. Violation of any provision of this Regulation and the accompanying Standards shall be subject to supervisory action as deemed appropriate by the Central Bank.

Article 14: Interpretation of Regulations
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article 15: Cancellation of Previous Notices
1. This Regulation and the accompanying Standards replace all previous Central Bank regulations with respect to operational risk.

Article 16: Publication and Application
1. This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.

Operational Risk Standards
C 163/2019 STA

Introduction
1. 1.These Standards form part of the Operational Risk Regulation. All Banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.
2. 2.Operational risk is inherent in all dimensions of a Bank, including all banking products, activities, processes and systems. Accordingly, the effective management of operational risk is a fundamental element of a Bank’s risk management program. Banks with a sound operational risk management framework, a strong risk management culture and ethical business practices, are less likely to experience potentially damaging operational risk events and better placed to deal effectively with those events that do occur.
3. 3.A Bank’s Board is in ultimate control of the Bank and accordingly ultimately responsible for operational risk management. There is no one-size-fits-all or single best solution. Accordingly, each Bank could meet the minimum requirements of the Regulation and Standards in a different way and thus may adopt an organizational framework appropriate to the risk profile, nature, size and complexity of its business and structure. The onus is on the Board to demonstrate that it has implemented an appropriate approach to operational risk management. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards.¹
4. 4.The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.
¹ The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited in the Standards.

Article 1: Definitions
1. 1. Affiliate: An entity that, directly or indirectly, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
2. 2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a Bank.
3. 3. Board: The Bank’s Board of Directors.
4. 4. Central Bank: The Central Bank of the United Arab Emirates.
5. 5. Central Bank Law: Federal Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
6. 6. Central Bank regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
7. 7. Group: A group of entities that includes an entity (the 'first entity') and:
  1. a.any Parent of the first entity;
  2. b.any Subsidiary of the first entity or of any Parent of the first entity; and
  3. c.any Affiliate.
8. 8. Higher Shari’a Authority: The Higher Shari’a Authority for Islamic banking and financial activities that was established by the Cabinet Resolution no. 2016 (1/و5/102) at the Central Bank.
9. 9. Inherent risk: The risk existing if no controls or other mitigating factors are in place.
10. 10. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
11. 11. Operational risk: The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk but excludes strategic and reputational risk.
12. 12. Parent: An entity (the 'first entity') which:
  1. a.holds a majority of the voting rights in another entity (the 'second entity');
  2. b.is a shareholder of the second entity and has the right to appoint or remove a majority of the Board or managers of the second entity; or
  3. c.is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity;
    Or;
  4. d.If the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
13. 13. Residual risk: The risk exposure after controls are considered.
14. 14. Risk appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within it risk capacity, to achieve its strategic objectives and business plan.
15. 15. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and approach to risk management; articulate and monitor adherence to the risk appetite and risks limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
16. 16. Risk limits: Specific quantitative measures that may not be exceeded, based on, for example, forward looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations or other measures, as appropriate.
17. 17. Risk Management function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on a Bank-wide and, if applicable, Group-wide basis.
18. 18. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
19. 19. Subsidiary: An entity (the 'first entity') is a subsidiary of another entity (the 'second entity') if the second entity:
  1. a.holds a majority of the voting rights in the first entity;
  2. b.is a shareholder of the first entity and has the right to appoint or remove a majority of the Board or managers of the first entity; or
  3. c.is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity;
    Or;
  4. d.If the first entity is a subsidiary of another entity that is itself a subsidiary of the second entity.

Article 2: Operational Risk Governance Framework
1. 1.The fundamental premise of sound risk management is that the Board and the management of a Bank understand the nature and complexity of the risks inherent in the portfolio of the Bank’s products, services and activities. This is particularly important for operational risk.
2. 2.A Bank must establish, implement and maintain an operational risk governance framework, which enables it to identify, assess, evaluate, monitor, mitigate and control operational risk. The operational risk governance framework consists of policies, processes, procedures, systems and controls.
3. 3.The operational risk governance framework must be documented and approved by the Board of the Bank, must provide for a sound and well-defined framework to address the Bank's operational risk and must include definitions of operational risk and material operational loss.
4. 4.A Board is responsible for establishing, maintaining and overseeing a robust operational risk governance framework that must take into account the risk profile, nature, size and complexity of the Bank's business and structure.
5. 5.A Board must approve and subsequently review, at least annually, a risk appetite statement for operational risk that articulates the nature, types and levels of operational risk that the Bank is willing to assume and that sets appropriate limits and thresholds.
6. 6.The operational risk governance framework must be fully integrated into the Bank’s overall risk governance framework and risk management processes. This applies to all levels and areas of the Bank including to business lines and, if applicable, to Group levels, as well as new business initiatives, products, activities, processes and systems.
7. 7.The operational risk governance framework must clearly:
  1. a.Identify the governance structures used to manage operational risk, including reporting lines, responsibilities and accountabilities;
  2. b.Establish operational risk reporting and management information systems;
  3. c.Provide for periodic independent review and assessment of operational risk; and
  4. d.Require policies to be reviewed and revised as appropriate, whenever a material change in the operational risk profile of the Bank occurs.
8. 8.Larger or more complex Banks must have an Operational Risk Committee or other designated committee that addresses operational risk.
9. 9.A Bank must measure operational risks for capital purposes using the approach most appropriate to the risk profile, nature, size and complexity of the Bank's business and structure. Holding capital against operational risks, however, is not a substitute for effective operational risk management.
10. 10. A Bank must meet the following minimum criteria or demonstrate to the Central Bank that its framework meets the requirements for a comprehensive approach to operational risk management without the presence of all of the criteria enumerated below.
  1. a.A Bank must have an operational risk management system with clear responsibilities assigned to an operational risk management function. These responsibilities must include, but not be limited to, developing strategies to identify, assess, monitor and control or mitigate operational risk; codifying bank-level policies and procedures concerning operational risk management and controls; the design and implementation of the Bank’s operational risk assessment methodology; and the design and implementation of a risk-reporting system for operational risk.
  2. b.A Bank must systematically track relevant operational risk data including material losses by business line. Its operational risk assessment system must be closely integrated into the risk management processes and procedures of the Bank. Its output must be an integral part of the process of and procedures for monitoring and controlling the Banks operational risk profile. For instance, this information must play a prominent role in risk reporting, management reporting and risk analysis. The Bank must have techniques for creating incentives to improve the management of operational risk throughout the Bank.
  3. c.There must be regular reporting of operational risk exposures, including material operational losses, to business unit management, Senior Management and to the Board. The Bank must have procedures for taking appropriate action according to the information within the management reports.
  4. d.A Bank’s operational risk management system must be well documented. A Bank must have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operational risk management system, which must include policies for the treatment of non-compliance issues.
  5. e.A Bank’s operational risk management processes and assessment system must be subject to regular internal audit review. These reviews must include both the activities of the business units and of the operational risk management function.

Article 3: Board of Directors
1. 1.The Board must establish and maintain a strong operational risk management culture, which has to be guided by strong operational risk management that supports and provides appropriate standards and incentives for professional and responsible behaviour. The Board must ensure that a strong control environment is established and maintained.
2. 2.The Board must establish and maintain a code of conduct or an ethics policy that sets clear expectations for integrity and ethical values of the highest standard and identifies acceptable business practices and prohibits conflicts of interest.

Article 4: Senior Management
1. 1.Senior Management must consistently implement and maintain throughout the Bank (and, if applicable, Group) policies, processes and systems for managing operational risk in all material products, activities, processes and systems, consistent with the risk appetite statement.
2. 2.Senior Management must clearly assign authority, responsibility and reporting relationships to encourage and maintain accountability and to ensure that the necessary resources are available to manage operational risk in line with the Bank’s risk appetite statement. The management oversight process for operational risk must be appropriate to the risks inherent in a business unit’s activities.
3. 3.Senior Management must ensure that the control environment provides for appropriate independence and segregation of duties. The approach to operational risk management must incorporate the “three lines of defence” approach:
  1. a.Business line management responsible for identification and control of risks;
  2. b.Control functions of risk management and compliance; and
  3. c.Internal audit to provide independent assurance.
4. 4.Senior Management must implement a process to regularly monitor operational risk profiles and material exposures to losses. Appropriate reporting mechanisms must be in place at the Board, senior management and business line levels that support proactive management of operational risk.
5. 5.Senior Management must ensure that an appropriate level of operational risk training is available at all levels throughout the Bank. Training that is provided must reflect the seniority, role and responsibilities of the individuals for whom it is intended.

Article 5: Identification and Assessment
1. 1.A Bank must identify and assess the operational risk inherent in all material products, activities, processes and systems. Effective identification and assessment considers both internal and external factors. This must include any operational risk arising from common points of exposure, such as a single external service provider serving the Bank.²
2. 2.A Bank’s approach to assessment of operational risk at a minimum must address the following items:
  1. a.Determining which operational risk assessment tools will be employed by the Bank and how they are to be used;
  2. b.Establishing and monitoring thresholds or limits for inherent and residual risk exposure;
  3. c.Calibration of identified risks against operational risk appetite limits, as well as thresholds or limits for inherent and residual risk and approved risk mitigation strategies and instruments; and
  4. d.Providing for common operational risk terminology to ensure consistency of risk identification and assessment on a bank-wide or, if applicable, Group-wide basis.
3. 3.A Bank must take into account its assessment of operational risk in its internal pricing and performance monitoring mechanisms.
² Appendix 1 provides examples of tools that may be used for identifying and assessing operational risk.

Article 6: Control and Mitigation
1. 1.A Bank must have a strong control environment, including but not limited to, appropriate segregation of duties and dual control. Areas of potential conflicts of interest must be identified, minimized and be subject to careful independent monitoring³ and review.
2. 2.A Bank, in addition to segregation of duties and dual control, must ensure that other traditional internal controls are in place. Such controls include but are not limited to:
  1. a.Clearly established authorities and/or processes for approval;
  2. b.Close monitoring of adherence to assigned risk thresholds or limits;
  3. c.Safeguards for access to and use of, Bank assets and records;
  4. d.Appropriate staffing level and training to maintain expertise;
  5. e.Ongoing processes to identify business lines or products where returns appear to be out of line with reasonable expectations;
  6. f.Regular verification and reconciliation of transactions and accounts; and
  7. g.A vacation policy that requires officers and employees to take a minimum leave of absence as determined by the Bank.
3. 3.Risk transfer and mitigation tools such as insurance are imperfect substitutes for sound controls and risk management so Banks must utilize risk transfer tools as complementary to, rather than a replacement for, internal operational risk control.
³ Independent monitoring may be done by the internal audit function or an external consultant, subject to the party having the appropriate skills to do so. The Central Bank will expect the Bank to explain and evidence its decision of how it chose an independent party and how their skills were assessed.

Article 7: Disaster Recovery and Business Continuity Management
1. 1.Disaster recovery and business continuity planning must consider the whole of the Bank or Group, if applicable, to identify, assess and mitigate potential business continuity risks and ensure that the Bank is able to meet its financial and service obligations in the event of business disruptions.
2. 2.A Bank’s business continuity management (BCM) policy must be documented, set out its objectives and approach to BCM and be up-to-date. The BCM policy must clearly state the roles, responsibilities and authorities to act in relation to the BCM policy.
3. 3.A Bank must conduct business impact analysis (BIA) and risk assessment on an ongoing basis. A BIA involves identifying all critical business functions and assessing the impact of a disruption on these.
4. 4.Critical business functions are the business operations, resources and infrastructure that may, if disrupted, have a material impact on the Bank’s business functions, reputation, profitability or customers.
5. 5.When conducting the BIA, a Bank must consider at a minimum:
  1. a.Disruption scenarios over varying periods of time;
  2. b.The period of time for which the Bank could not operate without each of its critical business operations;
  3. c.The extent to which a disruption to the critical business operations might have a material impact on customers of the Bank; and
  4. d.The financial, legal, regulatory and reputational impact of a disruption to a Bank’s critical business operations over varying periods.
6. 6.A Bank must identify and document appropriate recovery objectives and implementation strategies based on the results of the BIA, taking into account the risk profile, nature, size and complexity of the Bank's business and structure. Recovery objectives are pre-defined goals for restoring critical business operations to a specified level of service (recovery level) within a defined period (recovery time) following a disruption.
7. 7.A Bank must maintain at all times a documented business continuity plan (BCP) that meets the objectives of the BCM policy. The BCP must reflect the specific requirements of the Bank and must identify:
  1. a.Critical business operations;
  2. b.Recovery levels and time targets for each critical business operation;
  3. c.Recovery strategies for each critical business operation;
  4. d.Infrastructure and resources required to implement the BCP;
  5. e.Roles, responsibilities and authorities to act in relation to the BCP; and
  6. f.Communication plans with staff and external stakeholders.
8. 8.A Bank must review and test its BCP at least annually or more frequently if there are material changes to business operations, to ensure that staff can effectively execute contingency plans and that recovery and resumption objectives and timeframes can be met. The results of the testing must be reported formally to the Board or to designated Senior Management in line with the BCM policy. The BCP must be updated if shortcomings are identified as a result of the review and testing.

Article 8: Information Technology
1. 1.A Bank’s effective use and sound implementation of technology can contribute to the control environment. However, use of technology-related products, activities, processes and delivery channels exposes a Bank to strategic, operational and reputational risks and the possibility of material financial loss. Automated processes introduce risks that must be addressed through technology governance and infrastructure risk management programmes, including an information security management system.
2. 2.A Bank must have an integrated approach to identifying, measuring, monitoring and managing technology risk. Technology risk management includes but is not limited to:
  1. a.Governance and oversight controls that ensure technology, including outsourcing arrangements, are aligned with and supportive of the Bank’s business objectives;
  2. b.Establishment and maintenance of appropriate information technology policies, procedures and processes to identify, assess, monitor and manage technology risks;
  3. c.Establishment of a risk appetite statement and limits as well as performance expectations to assist in controlling and managing risk;
  4. d.Implementation of an effective control environment;
  5. e.Monitoring processes that test for compliance with policy thresholds or limits; and
  6. f.Establishment and maintenance of appropriate and sound information technology infrastructure to meet the current and projected business requirements of the Bank under normal circumstances and in periods of stress and which ensures data and system integrity, security and availability.

Article 9: Systems and Internal Reporting
1. 1.A Bank must have information systems that enable accurate and timely monitoring of and reporting on operational risk. The level of sophistication of a Bank’s operational risk information system must be calibrated to the risk profile, complexity and systemic importance of the Bank.
2. 2.The processes for aggregating the necessary data and producing operational risk management reports must be fully documented. These must include standards, cut-off times and schedules for report production. The aggregation and reporting process must be subject to high standards of validation through periodic review by the internal audit function using staff with specific systems, data and reporting expertise, particularly where the process requires substantial manual intervention.
3. 3.Operational risk reports to Senior Management and the Board must provide aggregate information as well as sufficient supporting detail to enable Senior Management and the Board to understand and assess the Bank’s operational risk exposures.

Article 10: Reporting Requirements and Disclosure
1. 1.A Bank must notify the Central Bank promptly and no later than 24 hours after experiencing an operational risk event that triggers, or is likely to trigger, disaster recovery or business continuity plans, or has, or is likely to have, a significant impact on the Bank’s operations, profitability or capital. The Bank must explain to the Central Bank the nature of the event, actions being taken, the likely effect and the timeframe for returning to normal operations, where applicable. The Bank must notify the Central Bank when normal operations resume.
2. 2.A Board-approved disclosure policy must provide for the Bank’s publication of sufficient information on operational risk and controls to allow stakeholders to assess its approach to operational risk management and to determine whether the Bank identifies, assesses, evaluates, monitors and controls and mitigates operational risk effectively. In addition, a Bank must implement a process for assessing the appropriateness of its operational risk disclosures.
3. 3.Branches and Subsidiaries of foreign Banks operating in the UAE may largely rely on the Group’s disclosures, supplemented by disclosure, at least annually through their websites that are dedicated to their activities in the UAE, of a summary of the local branch or Subsidiary’s operational risk management framework.
4. 4.A Bank’s public disclosures must be commensurate with the size, risk profile and complexity of a Bank’s operations and evolving industry practice. A Bank’s disclosures must be consistent with how Senior Management and the Board assess and manage the operational risk of the Bank.

Article 11: New Businesses, Products and Systems
1. 1.In general, a Bank’s operational risk exposure is increased when a Bank engages in new activities, develops new products, enters unfamiliar markets, implements new business processes or technology systems and/or engages in businesses that are geographically distant from its head office. A Bank must ensure that its risk management control infrastructure is appropriate and that it keeps pace with the development of or changes to its products, activities, processes and systems.
2. 2.A Bank must have policies and procedures that address the process for review and approval of new products, activities, processes and systems. The review and approval process must consider at a minimum:
  1. a.Inherent risks, including but not limited to legal risks, in the new product, service or activity;
  2. b.Changes to the Bank’s risk profile and operational risk appetite, including the risk of existing products or activities;
  3. c.The necessary controls, risk management processes and risk mitigation strategies;
  4. d.Residual risk;
  5. e.Changes to relevant risk thresholds or limits;
  6. f.Procedures and metrics to measure, monitor and manage the risk of the new product or activity; and
  7. g.Whether appropriate investment has been made for human resources and technology infrastructure before new products are introduced.
3. 3.A Bank must ensure that the implementation of new products, activities, processes and systems is monitored in order to identify any material differences to the expected operational risk profile and to manage any unexpected risks.

Article 12: Islamic Banking
1. 1.A Bank offering Islamic financial services must have in place adequate systems and controls, including a Shari’a Control Committee, to ensure compliance with Shari’a provisions. This includes policies and procedures for the approval of Islamic products, contracts and activities.
2. 2.A Bank offering Islamic financial services must keep track of income not recognized arising from Shari’a non-compliance and assess the probability of similar cases arising in the future. Based on historical reviews and potential areas of Shari’a non-compliance, the Bank must assess potential profits that cannot be recognized as eligible Islamic Banking profits.
3. 3.A Bank offering Islamic financial services must undertake a Shari’a compliance review at least annually, performed either by a separate Shari’a Audit function or as part of the existing internal and external audit function by persons having the required knowledge and expertise. The objective must be to ensure that the nature of the Bank’s financing and equity investment and its operations are executed in adherence to the applicable Shari’a rules and principles as per the fatwa, policies and procedures approved by the Shari’a Control Committee in accordance with the requirements set by the Central Bank and the Higher Shari’a Authority.
4. 4.A Bank offering Islamic financial services must establish and implement a clear and formal policy for undertaking its different and potentially conflicting roles in respect of managing different types of investment accounts. The policy relating to safeguarding the interests of its investment account holders may include but is not limited to:
  1. a.Identification of investing activities that contribute to investment returns and taking reasonable steps to carry on those activities in accordance with the Bank’s fiduciary and agency duties and to treat all its fund providers appropriately and in accordance with the terms and conditions of its investment agreements;
  2. b.Allocation of assets and profits between the Bank and its investment account holders must be managed and applied appropriately to investment account holders having funds invested over different investment periods;
  3. c.Determination of appropriate reserves at levels that do not discriminate against the right for better returns of existing investment account holders; and
  4. d.Limiting the risk transmission between current and investment accounts.
5. 5.A Bank offering Islamic financial services must adequately disclose information on a timely basis to its investment account holders and the markets in order to provide a reliable basis for assessing its risk profile and investment performance.
6. 6.A Bank offering Islamic financial services must maintain separate accounts in respect of the Bank’s operations undertaken for restricted investment account holders and ensure proper maintenance of records for all transactions in investments.

Appendix 1: Tools for Identifying and Assessing Operational Risk
Examples of tools⁴ that may be used for identifying and assessing operational risk include:
- Internal loss data collection and analysis: Internal operational loss data provides meaningful information for assessing a Bank’s exposure to operational risk and the effectiveness of internal controls. Analysis of loss events can provide insight into the causes of large losses and information on whether control failures are isolated or systematic. Banks may also find it useful to capture and monitor operational risk contributions to credit and market risk related losses in order to obtain a more complete view of their operational risk exposure.
- External data collection and analysis: External data elements consist of gross operational loss amounts, dates, recoveries and relevant causal information for operational loss events occurring at organizations other than the Bank. External loss data can be compared with internal loss data, or used to explore possible weaknesses in the control environment or consider previously unidentified risk exposures.
- Risk assessments: In a risk assessment, often referred to as a risk self-assessment, a Bank assesses the processes underlying its operations against a library of potential threats and vulnerabilities and considers their potential impact. A similar approach, risk control self-assessments (RCSA), typically evaluates inherent risk (the risk before controls are considered), the effectiveness of the control environment and residual risk (the risk exposure after controls) are considered. Scorecards built on RCSAs by weighting residual risks provide a means of translating the RCSA output into metrics that give a relative ranking of the control environment.
- Business process mapping: Business process mappings identify the key steps in business processes, activities and organizational functions. They also identify the key risk points in the overall business process. Process maps can reveal individual risks, risk interdependencies and areas of control or risk management weakness. They also can help prioritize subsequent management action.
- Risk and performance indicators: Risk and performance indicators are risk metrics and/or statistics that provide insight into a Bank’s risk exposure. Risk indicators, often referred to as Key Risk Indictors (KRIs), provide insight into the status of operational processes, which in turn may provide insight into operational weaknesses, failures and potential loss. Risk and performance indicators are often paired with escalation triggers to warn when risk levels approach or exceed thresholds or limits and prompt mitigation plans.
- Scenario analysis: Scenario analysis is a process of obtaining expert opinion of business line and risk managers to identify potential operational risk events and assess their potential outcome. Scenario analysis is an effective tool to consider potential sources of significant operational risk and the need for additional risk management controls or mitigation solutions. Given the subjectivity of the scenario process, a robust governance framework is essential to ensure the integrity and consistency of the process.
- Models: Larger Banks may find it useful to quantify their exposure to operational risk by using the output of the risk assessment tools as inputs into a model that estimates operational risk exposure. The results of the model can be used in an economic capital process and can be allocated to business lines to link risk and return.
- Comparative analysis: Comparative analysis consists of comparing the results of the various assessment tools to provide a more comprehensive view of the Bank’s operational risk profile. For example, comparison of the frequency and severity of internal data with RCSAs can help the Bank determine whether self-assessment processes are functioning effectively. Scenario data can be compared to internal and external data to gain a better understanding of the severity of the Bank’s exposure to potential risk events.
- Audit findings: While audit findings primarily focus on control weaknesses and vulnerabilities, they can also provide insight into inherent risk due to internal or external factors. Banks must not solely rely on internal audit to identify operational risks.
⁴ Banks are encouraged to use a range of tools to gain an understanding of their operational risks, in a manner consistent and proportional with the size and complexity of the bank and the operational risks it faces.

IRRBB

Interest Rate and Rate Of Return Risk in the Banking Book Regulation
C 165/2018 Effective from 29/8/2018

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, Banks exposed to interest rate and rate of return risk in the banking book (IRRBB) must have appropriate policies, processes, procedures, systems and controls to identify, measure, monitor, report on, control and mitigate such risks.
In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approaches to the management of (IRRBB) are in line with leading international practices.
This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where this Regulation or its accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements, which are additional to the list provided in the relevant article.

Objective
The objective of these Regulations is to establish minimum requirements for (IRRBB) management for Banks, with a view to:
i. Ensuring the soundness of Banks; and
ii. Enhancing financial stability.
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to the management of (IRRBB).

Scope of Application
This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with significant Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation and Standards are adhered to on a solo and Group-wide basis.
This Regulation and Standards must be read in conjunction with the Risk Management Regulation and Standards, which establish the requirements for a Bank’s overarching approach to risk management.

Article 1: Definitions
1. Affiliate: An entity that, directly or indirectly, controls is controlled by or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity or of the power to direct or cause the direction of the management of another entity.
2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a Bank.
3. Board: The Bank’s Board of Directors.
4. Banking Book: Positions in financial instruments that are expected to be held to maturity.
5. Central Bank: The Central Bank of the United Arab Emirates.
6. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of
7. Central Bank regulations: any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
8. Group: a group of entities which includes an entity (the ‘first entity’) and:
  1. a) any Parent of the first entity;
  2. b) any Subsidiary of the first entity or of any Parent of the first entity; and
  3. c) any Affiliate.
9. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
10. Parent: an entity (the ‘first entity’) which:
  1. a) holds a majority of the voting rights in another entity (the ‘second entity’);
  2. b) is a shareholder of the second entity and has the right to appoint or remove a majority of the board or managers of the second entity; or
  3. c) is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity.
    
    Or;
    d) if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
11. Risk appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
12. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risk limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
13. Risk limits: Specific quantitative measures that must not be exceeded based on, for example, forward looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations or other measures as appropriate.
14. Risk profile: Point in time assessment of the Bank’s gross (before the application of any mitigants) or net (after taking into account mitigants) risk exposures aggregated within and across each relevant risk category based on current or forward-looking assumptions.
15. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including but not limited to the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
16. Subsidiary: an entity (the ‘first entity’) is a subsidiary of another entity (the ‘second entity’) if the second entity:
  1. a) holds a majority of the voting rights in the first entity;
  2. b) is a shareholder of the first entity and has the right to appoint or remove a majority of the board or managers of the first entity; or
  3. c) is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity.
    
    Or;
    d) if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.
17. Trading Book: Positions in financial instruments and commodities held either with trading intent or in order to hedge other elements of the trading book.

Article 2: Risk Governance Framework
1. A Bank must have an appropriate IRRBB strategy and risk governance framework that provides a bank-wide and if applicable Group-wide view of IRRBB. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of IRRBB on a timely basis.
2. A Bank’s IRRBB strategy, policies and processes must be consistent with the risk appetite statement, risk profile and systemic importance of the Bank, taking into account market and macroeconomic conditions.
3. A Bank’s IRRBB strategy, policies, and processes must be reviewed at least annually and appropriately adjusted, where necessary, in line with the Bank’s changing risk profile and market developments.
4. A Bank’s strategy, policies and processes for IRRBB must be approved and reviewed at least annually by the Board.
5. The Senior Management must ensure that the strategy, policies and processes are developed and implemented effectively.
6. A Bank’s policies and processes must establish an appropriate and properly controlled IRRBB environment, including, at a minimum, the following items:
  1. Comprehensive and appropriate interest rate risk measurement systems;
  2. Regular review and independent (internal or external) validation of any models used by the functions tasked with managing IRRBB, including review of key model assumptions;
  3. Appropriate limits that are approved by the Board and Senior Management and that reflect the Bank’s risk appetite, risk profile and capital strength, and are understood by and regularly communicated to, relevant staff;
  4. Effective processes for exception tracking and reporting which ensure prompt action at the appropriate level of the Senior Management or Board, where necessary; and
  5. Effective information systems for accurate identification, aggregation, monitoring and timely reporting of IRRBB exposure to the Board and Senior Management.

Article 3: Risk Management Function
1. A Bank’s risk management function must include policies, procedures and systems for monitoring and reporting to ensure that IRRBB exposures are aligned with the Bank’s strategy and business plan and consistent with the Board approved risk appetite statement and individual risk limits, as well as the systemic importance of the Bank, taking into account market and macroeconomic conditions.

Article 4: Risk Measurement and Use Of Models
1. A Bank must have comprehensive and appropriate interest rate risk measurement systems, which generate a quantification of the threat to earnings and economic value from IRRBB.
2. A Bank must ensure that there is a regular review and independent (internal or external) validation of any models used by the functions tasked with managing interest rate risk (including review of key model assumptions).

Article 5: Stress Testing
1. A Bank must include appropriate scenarios in its stress testing programs to measure its vulnerability to loss under adverse interest rate movements, including but not limited to the impact on the banking book of a standardized interest rate shock as prescribed by the Central Bank.
2. A Bank must ensure that its internal capital measurement systems adequately capture IRRBB.

Article 6: Information Systems and Internal Reporting
1. A Bank must have information systems that enable it to identify, accurately aggregate, monitor and report IRRBB to the Board and Senior Management on a timely basis, in formats suitable for their use.

Article 7: Reporting Requirements
1. Banks must report to the Central Bank on their IRRBB exposure in the format and frequency prescribed in the Standards.
2. A Bank must provide upon request any specific information with respect to IRRBB that the Central Bank may require.
3. A Bank must promptly notify the Central Bank when it becomes aware of a significant deviation from the Board-approved IRRBB risk limits, policies or procedures or becomes aware that a material interest rate risk has not been adequately addressed.

Article 8: Islamic Banking
1. A Bank offering Islamic financial services must apply the provisions of this Regulation, subject to such adjustments as are necessary, in relation to its RoRR (rate of return risk).
2. A Bank offering Islamic financial services must establish a comprehensive risk management and reporting process to assess the potential impacts of market factors affecting rates of return on assets in comparison to rates paid on its liabilities.
3. A Bank offering Islamic financial services must have in place an appropriate framework for managing displaced commercial risk, where applicable.

Article 9: Enforcement
1. Violation of any provision of this Regulation and the accompanying Standards shall be subject to supervisory action as deemed appropriate by the Central Bank.

Article 10: Interpretation of Regulations
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article 11: Cancellation of Previous Notices
1. These Regulation and the accompanying Standards replace all previous Central Bank Regulations and Notices with respect to IRRBB.

Article 12: Publication and Application
1. This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.

Interest Rate and Rate of Return Risk in the Banking Book Standards
C 165/2019 STA

Introduction
1. 1.These Standards form part of the Interest Rate and Rate of Return Risk in the Banking Book (IRRBB) Regulation. All Banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.
2. 2.Banks offering Islamic financial services must apply the same principles to address rate of return risk.
3. 3.IRRBB is a normal part of banking and can be an important source of profitability and shareholder value to a bank. However, excessive IRRBB can pose a significant threat to a Bank’s earnings and capital base. Changes in interest rates affect a Bank’s earnings by changing its net interest income and the level of other interest-sensitive income and operating expenses. Changes in interest rates also affect the underlying value of a Bank’s assets, liabilities and off-balance sheet items, as the present value of future cash flows change. Accordingly, an effective risk management process that maintains IRRBB within prudent levels is essential to the safety and soundness of a Bank.
4. 4.A Bank’s Board is in ultimate control of the bank and accordingly ultimately responsible for the bank’s approach to IRRBB. There is no one-size-fits-all or single best solution. Accordingly, each bank could meet the minimum requirements of the Regulation and Standards in different ways and thus may adopt an organizational framework appropriate to the risk profile, nature, size and complexity of its business and structure. The onus is on the Bank’s Board to demonstrate that it has implemented an approach that adequately addresses IRRBB. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards.¹
5. 5.The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.
¹ The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited in the Standards.

Article 1: Definitions
1. 1.Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
2. 2.Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.
3. 3.Basis risk: The risk of loss arising from imperfect correlation in changes of the rates earned and paid on different instruments with otherwise similar re-pricing characteristics.
4. 4.Board: The Bank’s Board of Directors.
5. 5.Central Bank: The Central Bank of the United Arab Emirates.
6. 6.Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
7. 7.Central Bank regulation: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
8. 8.Displaced commercial risk: Market pressure to pay a return that exceeds the rate earned on assets financed by the investment account holders of a Bank offering Islamic financial services in order to attract or retain funds provided by investment account holders.
9. 9.Group: a group of entities that includes an entity (the ‘first entity’) and:
  1. a.any Parent of the first entity;
  2. b.any Subsidiary of the first entity or of any Parent of the first entity; and
  3. c.any Affiliate.
10. 10.Interest rate risk (IRR): The risk of loss arising from changes in interest rates. Interest rate risk has a number of manifestations, including basis risk, optionality, re-pricing risk and yield curve risk and can present itself in a Bank’s banking book and in its trading book.
11. 11.Interest rate risk in the banking book (IRRBB): The risk of loss in the banking book caused by changes in interest rates.
12. 12.Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
13. 13.Option risk: The risk of loss arising from the exercise by a counterparty of an option to re-price, redeem or change maturity of bank assets, liabilities or off balance sheet items.
14. 14.Parent: an entity (the ‘first entity’) which:
  1. a.holds a majority of the voting rights in another entity (the ‘second entity’);
  2. b.is a shareholder of the second entity and has the right to appoint or remove a majority of the Board or managers of the second entity; or
  3. c.is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity;
    
    Or;
  4. d.If the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
15. 15.Rate of return risk: The risk that unexpected changes in market rates of return adversely affect the earnings of a Bank offering Islamic financial services.
16. 16.Re-pricing risk: The risk of loss arising from timing differences in the maturity (for fixed-rate) and re-pricing (for floating-rate) of Bank assets, liabilities and off-balance sheet positions.
17. 17.Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and approach to risk management; articulate and monitor adherence to the risk appetite and risks limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
18. 18.Risk limits: Specific quantitative measures, which may not be exceeded, based on, for example, forward looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations or other measures as appropriate.
19. 19.Risk Management function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on a Bank and if applicable Group-wide basis.
20. 20.Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including but not limited to the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
21. 21.Subsidiary: an entity (the ‘first entity’) is a subsidiary of another entity (the ‘second entity’) if the second entity:
  1. a.holds a majority of the voting rights in the first entity;
  2. b.is a shareholder of the first entity and has the right to appoint or remove a majority of the Board or managers of the first entity; or
  3. c.is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity;
    
    Or;
  4. d.If the first entity is a subsidiary of another entity that is itself a subsidiary of the second entity.
22. 22.Yield curve risk: The risk of loss arising from unanticipated shifts of the yield curve adversely effecting a Bank’s earnings or economic value.

Article 2: Risk Governance Framework
1. 1.A Bank must establish, implement and maintain an interest rate and rate of return risk governance framework, which enables it to identify, assess, monitor, mitigate and control interest rate risk. The interest rate and rate of return risk governance framework consists of policies, processes, procedures, systems and controls.
2. 2.The interest rate and rate of return risk governance framework must be documented and approved by the Board of the Bank and must provide for a sound and well-defined framework to address the Bank’s interest rate and rate of return risk.
3. 3.A Bank’s Board is responsible for establishing, maintaining and overseeing a robust interest rate and rate of return risk governance framework which must take into account the risk profile, nature, size and complexity of the Bank’s business and structure.
4. 4.A Bank’s interest rate and rate of return risk governance framework must address the following with respect to IRRBB:
  1. a.Effective oversight by the Board;
  2. b.Adequate risk management policies and procedures;
  3. c.Larger and more complex Banks must address IRRBB as part of the asset and liability management process, which must include an Assets and Liability Management Committee (ALCO) or other designated committee;
  4. d.Capturing all material sources and accurately measuring IRRBB;
  5. e.Effective processes for analyzing and assessing IRRBB;
  6. f.Regular monitoring of the IRRBB profile;
  7. g.Monitoring and enforcement of IRRBB limits;
  8. h.Stress-testing of IRRBB and use of results in decision-making;
  9. i.Oversight by the risk management function;
  10. j.Independent assurance by the internal audit function; and
  11. k.Regular reporting to Senior Management and the Board.
5. 5.The Board-approved risk appetite statement must specify authorized activities, investments and instruments and specify any activities, investments and instruments, which are not consistent with the Bank’s risk appetite.
6. 6.A Bank must clearly define the individuals, functions and/or committees responsible for managing interest rate risk and must ensure that there is adequate separation of duties in the risk management process to avoid conflicts of interest.
7. 7.A Bank must have risk measurement, monitoring and control functions with clearly defined duties that are sufficiently independent from position-taking functions and the finance function and which report interest rate risk exposures directly to Senior Management and the Board.

Article 3: Risk Management Function
1. 1.Larger or more complex banks must have an ALCO or other designated committee, which addresses IRRBB. The control functions carried out by the ALCO or other designated committee, such as administering the risk limits are part of the overall risk management and internal control system.
2. 2.The personnel charged with measuring, monitoring and controlling interest rate risk must have a well-founded understanding of all types of interest rate risk faced throughout the Bank.
3. 3.The goal of a Bank’s interest rate risk management must be to maintain a Bank’s interest rate risk exposure within self-imposed parameters over a range of possible changes in interest rates. The limits must be appropriate to the size, complexity and capital adequacy of the Bank, as well as its ability to measure and manage its risk.

Article 4: Interest Rate Risk Measurement and Use of Models
1. 1.A Bank must have an interest rate risk measurement systems that assesses the effects of rate changes on both earnings and economic value. These systems must provide meaningful measures of a Bank’s current levels of interest rate risk exposure and must be capable of identifying any excessive exposures that might arise.
2. 2.As a general rule, a Bank’s measurement systems must incorporate interest rate risk exposures arising from the full scope of a Bank’s activities, including both trading and non-trading sources, to enable management to have an integrated view of interest rate risk across products and business lines. This does not preclude different measurement systems and risk management approaches being used for different activities.
3. 3.A Bank’s interest rate risk measurement system must address all material sources of interest rate risk, including re-pricing, yield curve, basis and options risk exposures. While all of a Bank’s holdings must receive appropriate treatment, concentrations and instruments which might significantly affect a Bank’s aggregate position, must receive rigorous treatment. Instruments with significant embedded or explicit option characteristics must receive special attention.
4. 4.At a minimum on a monthly basis, a Bank must prepare a maturity/re-pricing schedule with indicators of the interest rate risk sensitivity of both earnings and economic value, based on both a contractual and behavioral basis. Systemically important Banks must employ more sophisticated interest rate risk measurement systems, including simulation techniques.
5. 5.In designing interest rate risk measurement systems, a Bank must ensure that the degree of detail about the nature of their interest-sensitive positions is commensurate with the complexity and risk inherent in these positions.
6. 6.A Bank must also consider its dependency on various funding sources since a sudden withdrawal of these funds can have an adverse effect on earnings and economic value through basis risk, re-pricing risk and yield curve risk.

Article 5: Stress Testing
1. 1.A Bank must, at a minimum, include in its stress test scenarios the impact of a 200 basis point upward and downward parallel change in interest rates in addition to other scenarios which the Bank determines are appropriate considering the risk profile, nature, size and complexity of its business and structure. A Bank, which is exposed to an economic value decline exceeding 20 percent of total capital from this standardized 200 basis point interest rate shock (or some other level determined by the Central Bank) will be required by the Central Bank to reduce its risk and/or hold additional capital.
2. 2.Other stress scenarios which a Bank may use include, but are not limited to, more severe changes in the general level of interest rates, changes in the relationships among key market rates (basis risk), changes in the slope and shape of the yield curve (yield curve risk), changes in the liquidity of key financial markets or changes in the volatility of market rates. In addition, stress scenarios must include conditions under which key business assumptions and parameters break down. A Bank’s Internal Capital Assessment Process must address IRRBB exposures as part of Pillar 2.

Article 6: Information Systems and Internal Reporting
1. 1.A Bank’s systems must support supervisory reporting requirements for IRRBB as provided in these Standards as well as provision of IRRBB reports to all relevant parties within the Bank on a timely basis and in a format commensurate with their needs.
2. 2.The processes for aggregating the necessary data and producing supervisory and internal IRRBB management reports must be fully documented. These must include standards, cut-off times and schedules for report production. The aggregation and reporting process must be subject to high standards of validation through periodic review by the internal audit function using staff with specific systems, data and reporting expertise, particularly where the process requires substantial manual intervention.
3. 3.Interest rate risk reports to Senior Management and the Board must provide aggregate information as well as sufficient supporting detail to enable Senior Management and the Board to assess the sensitivity of the Bank to changes in market conditions and other important risk factors.

Article 7: Reporting Requirements
1. 1.A Bank must submit to the Central Bank the Report on Interest Rate in the Banking Book’ on a quarterly basis.
2. 2.A bank offering Islamic financial services must submit to the Central Bank the Report on Rate of Return Risk on a quarterly basis.

Article 8: Islamic Banking
1. 1.A Bank providing Islamic financial services must be aware of the factors that give rise to rate of return risk (RoRR), primarily increasing long-term fixed profit rates. (RoRR) is generally associated with overall balance sheet exposures of Banks offering Islamic financial services where mismatches arise between assets and balances from fund providers.
2. 2.Cash flow forecasting is central to the measurement and management of RoRR. Banks offering Islamic financial services must consider behavioural maturity in addition to contractual maturity and re-pricing dates for instruments and contracts, and other relevant parameters. Depending on the size and complexity of the Bank, measurement techniques may include simple gap analysis, more advanced simulations or dynamic approaches to assess future cash flow variability and the impact on economic value and income.
3. 3.A Bank offering Islamic financial services must assess, monitor and manage its dependency on current account holders funds, as a sudden withdrawal of these funds can have an adverse impact on the overall potential rate of return for the holders of the Bank.
4. 4.A consequence of RoRR may be displaced commercial risk. As part of an appropriate framework for the management of displaced commercial risk, a Bank offering Islamic financial services must have in place a policy and framework for managing the expectations of its shareholders and investment account holders and monitoring the market rates of returns of competitors.

Country and Transfer Risk

Country and Transfer Risk Regulation
C 154/2018 Effective from 27/5/2018

Article 1: Definitions
1. Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or the power to direct or cause the direction of the management of another entity.
2. Bank: A financial entity which is authorized by the Central Bank to accept deposits as a bank.
3. Board: The Bank’s board of directors.
4. Central Bank: The Central Bank of the United Arab Emirates.
5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of banking as amended or replaced from time to time.
6. Central Bank regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
7. Country risk: The risk of loss caused by events in a foreign country, which may include changes in economic, social, political or regulatory conditions that affect obligors in that country and, potentially, obligations denominated in that country’s currency.
8. Group: A group of entities that includes an entity (the ‘first entity’) and:
  1. any Parent of the first entity;
  2. any Subsidiary of the first entity or of any Parent of the first entity; and
  3. any Affiliate.
9. Parent: An entity (the ‘first entity’) which:
  1. holds a majority of the voting rights in another entity (the ‘second entity’);
  2. is a shareholder of the second entity and has the right to appoint or remove a majority of the board or managers of the second entity; or
  3. is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity;
    
    Or;
  4. if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
10. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the bank’s strategy and risk approach, articulate and monitor adherence to the risk appetite and risk limits relative to the bank’s strategy; and identify, measure, manage and control risks.
11. Risk limits: Specific quantitative measures that may not be exceeded, based on, for example, forward-looking assumptions that allocate the bank’s aggregate risk appetite to business lines, legal entities or management units within the bank or group in the form of specific risk categories, concentrations, or other measures, as appropriate.
12. Risk management function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on a bank-wide and, if applicable, group-wide basis.
13. Senior management: The executive management of the bank responsible and accountable to the Board for the sound and prudent day-to-day management of the bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
14. Subsidiary: An entity (the ‘first entity’) is a subsidiary of another entity (the ‘second entity’) if the second entity:
  1. holds a majority of the voting rights in the first entity;
  2. is a shareholder of the first entity and has the right to appoint or remove a majority of the board or managers of the first entity; or
  3. is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity.
    
    Or;
  4. if the first entity is a subsidiary of another entity, which is itself a subsidiary of the second entity.
15. Transfer risk: The risk that a borrower will not be able to convert local currency into foreign exchange and so be unable to make debt service payments in foreign currency.

Objective
The objective of the Regulation is to establish the minimum acceptable standards for banks’ approach to managing country and transfer risks with a view to:
1. Ensuring the soundness of banks; and
2. Contributing to financial stability.
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to the management of country and transfer risks.

Scope of Application
The Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with significant Group relationships, including subsidiaries, affiliates, or international branches, must ensure that the Regulation and Standards are adhered to on a solo and group-wide basis.
The Regulation and Standards must be read in conjunction with the Risk Management Regulation and Standards, which establish the requirements for Banks’ overarching approach to risk management.

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, banks exposed to country and transfer risks are required to have appropriate policies, processes, procedures, systems and controls to identify, monitor and mitigate such risks.
In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approach to managing country and transfer risks are in line with leading international practices.
The Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where the Regulation, or their accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements that are additional to the list provided in the relevant Article.

Article 2: Risk Governance Framework
1. A Bank’s risk governance framework must include policies and procedures for the identification, measurement, monitoring and reporting on country and transfer risk in the Bank’s international funding, lending and investments on a timely basis.
2. The risk governance framework must provide a bank-wide, or if applicable, group-wide view of country and transfer risks, including, where relevant, intra-group exposures.
3. For Banks with material exposure to country and transfer risks, the risk governance framework must, at minimum, provide for the following items:
  1. Country and transfer risk limits established in the board-approved risk appetite statement;
  2. Documentation of the roles and responsibilities of the different parts of the Bank involved in managing country and transfer risk;
  3. Definition of material country and transfer risks taking into account the size and nature of cross-border exposures relative to the total business of the Bank;
  4. Policies and procedures to ensure that all material country and transfer risks are identified, measured, managed, mitigated and reported upon in a timely and comprehensive manner;
  5. Policies and procedures to ensure that developments affecting country and transfer risks are monitored, and where required, appropriate countermeasures such as reducing exposure limits or other techniques are employed; and
  6. Policies and procedures to ensure that provisioning reflects prudent minimums based on internal standards for exposure to each relevant country or through explicit consideration of country and transfer risk in the provisioning for individual exposures.

Article 3: Risk Management Function
1. The risk management function must include policies, procedures, systems and controls for monitoring and reporting to ensure that country and transfer risk exposures are aligned with the Bank’s strategy and business plan and consistent with the board-approved risk appetite and individual risk limits.

Article 4: Stress Testing
1. A Bank with material country and transfer risks exposure must include in its stress testing program appropriate scenarios reflecting potential shocks such as introduction of capital and exchange controls in relevant foreign jurisdictions, taking into account the impact on all exposures, domestic or cross-border, affected by such shocks.

Article 5: Information Systems and Internal Reporting
1. A Bank must have information systems that enable it to accurately aggregate, monitor and report country exposures. Reports must be provided on a timely basis to the Board and Senior Management, in formats suitable for their use.

Article 6: Reporting Requirements
1. Banks must report to the Central Bank on their country and transfer risks exposure in the format and frequency prescribed by the Central Bank.
2. A Bank must provide upon request any specific information with respect to country and transfer risks that the Central Bank may require.
3. A Bank must immediately notify the Central Bank when it becomes aware of a significant deviation from the country and transfer risk limits established in its board-approved policies, or becomes aware that a material country or transfer risk has not been adequately addressed.

Article 7: Enforcement
1. Violation of any provision of this Regulation and the accompanying Standards may be subject to supervisory action as deemed appropriate by the Central Bank.

Article 8: Interpretation of Regulation
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article 9: Cancellation of Previous Notices
1. This Regulation and the accompanying Standards replace all previous Central Bank Regulations with respect to country and transfer risks.

Article 10: Publication and Application
1. This Regulation and the accompanying Standards shall be published in the Official Gazette, in both Arabic and English, and shall come into effect one month from the date of publication.

Country and Transfer Risk Standards
C 154/2018 STA

Introduction
1. 1.These Standards form part of the Country and Transfer Risks Regulation. All Banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.
2. 2.Banks engaged in international activities are exposed to the risk that conditions and events in a foreign country will adversely affect their financial performance. They are further exposed to the risk that capital controls or foreign exchange restrictions may limit the ability of a foreign counterparty, branch or subsidiary to make contractual payments. These country and transfer risks could threaten the soundness of a bank if not monitored and controlled.
3. 3.A Bank’s board of directors is in ultimate control of the bank and accordingly, ultimately responsible for the bank’s approach to country and transfer risk. Country and transfer risks may not be material for all banks. The Board is responsible for ensuring that country and transfer risks exposures are identified and if required, that appropriate policies and procedures are in place to manage those risks. There is no one-size-fits-all or single best solution. Accordingly, each Bank could meet the minimum requirements of the Country and Transfer Risks Regulation and Standards in a different way and thus may adopt a country and transfer risk framework appropriate to the risk profile, nature, size and complexity of its business and structure. The onus is on the bank’s board to demonstrate that it has implemented an approach that adequately addresses country and transfer risks. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards¹.
4. 4.The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.
¹ The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited in the Standards.

Article 1: Definitions
1. 1.Affiliate: An entity that, directly or indirectly, controls, is controlled by or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity or of the power to direct or cause the direction of the management of another entity.
2. 2.Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.
3. 3.Central Bank: The Central Bank of the United Arab Emirates.
4. 4.Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
5. 5.Central Bank regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
6. 6.Country risk: The risk of loss caused by events in a foreign country that may include changes in economic, social, political or regulatory conditions that affect obligors in that country and obligations denominated in that country’s currency.
7. 7.Group: A group of entities that includes an entity (the ‘first entity’) and:
  1. a.any Parent of the first entity;
  2. b.any Subsidiary of the first entity or of any Parent of the first entity; and
  3. c.any Affiliate.
8. 8.Parent: An entity (the ‘first entity’) which:
  1. a.holds a majority of the voting rights in another entity (the ‘second entity’);
  2. b.is a shareholder of the second entity and has the right to appoint or remove a majority of the board of directors or managers of the second entity; or
  3. c.is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity;
    Or;
  4. d.if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
9. 9.Risk governance framework: As part of the overall approach to corporate governance, the framework through which the board and management establish and make decisions about the bank’s strategy and approach to risk management; articulate and monitor adherence to the risk appetite and risks limits relative to the bank’s strategy; and identify, measure, manage and control risks.
10. 10.Risk limits: Specific quantitative measures which may not be exceeded, based on, for example, forward looking assumptions that allocate the bank’s aggregate risk appetite to business lines, legal entities or management units within the bank or group in the form of specific risk categories, concentrations or other measures as appropriate.
11. 11.Risk management function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on a bank and, if applicable, group-wide basis.
12. 12.Senior management: The executive management of the bank responsible and accountable to the board for the sound and prudent day-to-day management of the bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
13. 13.Subsidiary: An entity (the ‘first entity’) is a subsidiary of another entity (the ‘second entity’) if the second entity:
  1. a.holds a majority of the voting rights in the first entity;
  2. b.is a shareholder of the first entity and has the right to appoint or remove a majority of the board of directors or managers of the first entity; or
  3. c.is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity;
    Or;
  4. d.if the first entity is a subsidiary of another entity that is itself a subsidiary of the second entity.
14. 14.Transfer risk: The risk that a borrower will not be able to convert local currency into foreign exchange and so be unable to make debt service payments in foreign currency.

Article 2: Risk Governance Framework
1. 1.The risk governance framework varies with the specific circumstances of each bank, particularly the risk profile, nature, size and complexity of its business and structure. For a bank with material country and transfer risk exposures, its risk governance framework must address the following:
  1. a.Effective oversight by the board of directors;
  2. b.Adequate risk management policies and procedures;
  3. c.An accurate system for reporting country exposures;
  4. d.An effective process for analyzing country risk;
  5. e.A country risk-rating system;
  6. f.Country risk exposure limits;
  7. g.Regular monitoring of country conditions;
  8. h.Provisioning policies that explicitly consider country and transfer risks;
  9. i.Periodic stress-testing of foreign exposures;
  10. j.Oversight by the risk management function; and
  11. k.Independent assurance by the internal audit function.
2. 2.A bank’s definition and identification of material country and transfer risks must take into account the risk profile, nature, size and complexity of its business and structure. The Central Bank will generally consider as material an aggregate exposure to any single foreign jurisdiction exceeding five percent, or an aggregate exposure to all foreign jurisdictions exceeding 10 percent, of any relevant metric which may include but is not limited to total loans, total liabilities, interest income, interest expense and non-interest income. Banks are encouraged to establish lower thresholds for materiality if required for consistency with the board-approved risk appetite statement.
3. 3.A bank must establish and maintain a board-approved risk appetite statement that specifies the types of country risk the bank is prepared to assume in pursuit of its business strategy and objectives and limits for those risks. For banks with moderate country risk exposure it may be appropriate to address these risks under a single grouping of cross-border exposures, but depending on the business of the bank, it may be appropriate to specifically address some or all of the below:
  1. a.Sovereign risk — a foreign government’s capacity and willingness to repay its direct and indirect foreign currency obligations;
  2. b.Contagion risk — adverse developments in one country lead to a downgrade and/or difficulty accessing international markets not only for that country but for others in a region or investment class, notwithstanding that the other countries may be more credit worthy;
  3. c.Currency risk — a borrower’s domestic currency holdings and cash flow become inadequate to service its foreign currency denominated debt due to changes in exchange rates²;
  4. d.Indirect country risk — the repayment ability of a domestic borrower is affected by adverse developments in a country where the borrower has significant business interests;
  5. e.Liquidity risk — developments in a country where the bank raises a significant portion of its deposits or other funding may adversely affect the bank’s liquidity and funding profile; and
  6. f.Macroeconomic risks — a foreign counterparty may be adversely affected by high interest rates, currency depreciation or broader macroeconomic instability, affecting its repayment capacity.
4. 4.The board-approved risk appetite statement must specify authorized activities, investments and instruments and delineate any types of country and transfer risk that the bank is not prepared to assume and, where appropriate, specify any activities, investments and instruments that are not consistent with the bank’s risk appetite. Risk limits are typically established on a country basis, but banks must also consider whether regional or other limits such as aggregate exposures to lesser developed countries are appropriate.
5. 5.A bank must also consider whether different limits may be established for different types of exposure in a specific country.
6. 6.Country exposure limits, sub-limits and regional or other limits with respect to country and transfer risk as established in the board-approved risk appetite statement must take into account the following:
  1. a.The bank’s overall strategy guiding its international activities;
  2. b.Country risk ratings and the bank’s risk tolerance;
  3. c.Perceived business opportunities in the country (or region); and
  4. d.Support for the international business needs of domestic customers.
7. 7.A bank’s provisioning policies must expressly consider country and transfer risks. Provisions for country and transfer risks may be made on an aggregate basis by country in addition to specific provisions against individual exposures, or by factoring an element of provision for each country risk into the specific provisioning for each individual exposure. Regardless of the approach, banks must ensure adequate provisioning for country and transfer risks based on their assessment of the probability of losses on their cross-border exposures.
² Note that this is in addition to transfer risk — the risk that official restrictions on currency conversion and/or cross-border remittances may affect the counterparty’s ability to make payments.

Article 3: Risk Management Function
1. 1.The specific requirements for the risk management function will vary with the specific circumstances of each bank, particularly the risk profile, nature, size and complexity of its business and structure. For banks with material country and transfer risks exposure, the risk management function must address the following:
  1. a.Quantitative and qualitative ongoing assessment of the risks associated with each country in which the institution has or is planning to have exposure;
  2. b.Formal analysis of country risk completed at least annually, with an effective system for monitoring developments in the interim;
  3. c.Conclusions reported to Senior Management and the board in a manner that provides a bank-wide and, if applicable, group-wide view of country and transfer risks exposures; and
  4. d.Verification that individual and aggregate country and transfer risks exposure limits are adhered to, with a process for escalating breaches to senior management, the board or the board risk committee, as appropriate.
2. 2.A bank with material country and transfer risks exposures must have a country risk rating system reflecting a structured approach to assessing country and transfer risk. Banks may use external country ratings as part of their internal approach. A bank’s country risk-rating system must be linked to its country and transfer risk provisioning methodology. A bank is encouraged to compare for reasonableness the results of their internal country risk-rating process to one or more external rating systems, such as export credit agencies classifications, OECD country risk assessments³, or ratings agencies sovereign ratings.
³ Country risk classifications of the OECD Participants to the Arrangement on Officially Supported Export Credits are available at http://www.oecd.org/tad/xcred/crc.htm.

Article 4: Stress-Testing
1. 1.A bank with material country and transfer risks exposure must include in its stress testing program appropriate scenarios for country and transfer risk. This does not necessarily require sophisticated modelling tools, but does require the bank to evaluate the potential impact of various scenarios affecting countries, regions or types of foreign exposures, as appropriate considering the bank’s business. Scenarios may include, but are not limited to, macro-economic shocks such as interest rate and exchange rate movements, GDP contraction and the introduction of exchange or capital controls.

Article 5: Information Systems and Internal Reporting
1. 1.A bank’s systems must support supervisory reporting requirements for country and transfer risks as provided in this Regulation and Standards as well as provision of country and transfer risks reports to all relevant parties within the bank on a timely basis and in a format commensurate with their needs.
2. 2.The processes for aggregating the necessary data and producing supervisory and internal country and transfer risks management reports must be fully documented and must establish standards, cut-off times and schedules for report production. The aggregation and reporting process must be subject to high standards of validation through periodic review by members of the internal audit function with specific systems, data and reporting expertise, particularly where the process requires substantial manual intervention.

Article 6: Reporting Requirements
1. 1.A bank must submit to the Central Bank on a quarterly basis the Report on Country and Transfer Risks in a format specified by the Central Bank.

Market Risk

Market Risk Regulation
C 164/2018 Effective from 29/8/2018

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, Banks must have a comprehensive approach to market risk management, including Board and Senior Management oversight, to ensure their resiliency and enhance overall financial stability.
In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approaches to the management of market risk are in line with leading international practices.
This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where this Regulation, or its accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements, which are additional to the list provided in the relevant article.

Objective
The objective of this Regulation is to establish the minimum acceptable standards for Banks’ approach to market risk management, with a view to:
i. Ensuring the soundness of Banks; and
ii. Enhancing financial stability.
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to market risk management.

Scope of Application
This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with significant Group relationships, including Subsidiaries, Affiliates or international branches must ensure that the Regulation and Standards are adhered to on a solo and group-wide basis.
This Regulation and the accompanying Standards must be read in conjunction with the Risk Management Regulation and Standards issued by the Central Bank, which establish the requirements for a Bank’s overarching approach to risk management.

Article 1: Definitions
1. Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a Bank.
3. Board: The Bank’s Board of Directors.
4. Banking Book: Positions in financial instruments that are expected to be held to maturity.
5. Central Bank: The Central Bank of the United Arab Emirates.
6. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
7. Central Bank regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
8. Group: A group of entities that includes an entity (the 'first entity') and:
  1. any Parent of the first entity;
  2. any Subsidiary of the first entity or of any Parent of the first entity; and
  3. any Affiliate.
1. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
2. Market risk: The risk of losses in on and off-balance sheet positions arising from movements in market prices.
3. Parent: An entity (the 'first entity') which:
  1. holds a majority of the voting rights in another entity (the 'second entity');
  2. is a shareholder of the second entity and has the right to appoint or remove a majority of the board of directors or managers of the second entity; or
  3. is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity.
    
    Or;
  4. if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
1. Risk appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
2. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risk limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
3. Risk limits: Specific quantitative measures that must not be exceeded, based on, for example, forward looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations or other measures, as appropriate.
4. Risk profile: Point in time assessment of the Bank’s gross (before the application of any mitigants) or net (after taking into account mitigants) risk exposures aggregated within and across each relevant risk category based on current or forward-looking assumptions.
5. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
6. Subsidiary: An entity (the 'first entity') is a subsidiary of another entity (the 'second entity') if the second entity:
  1. holds a majority of the voting rights in the first entity;
  2. is a shareholder of the first entity and has the right to appoint or remove a majority of the board of directors or managers of the first entity; or
  3. is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity.
    
    Or;
    if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.
1. Trading Book: Positions in financial instruments and commodities held either with trading intent or in order to hedge other elements of the trading book.

Article 2: Risk Governance Framework
1. A Bank must have an appropriate market risk strategy and market risk governance framework that provides a Bank-wide and, if applicable, Group-wide view of market risk. This includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report and control or mitigate material sources of market risk on a timely basis.
2. The Board must approve the Bank’s strategies, policies and processes for the management of market risk, which must be reviewed annually.
3. The Board must ensure that the Bank has in place adequate systems to identify, measure and manage market risk. Roles and responsibilities must be clearly articulated and provisions must be made for adequate separation of duties and avoiding conflicts of interest.
4. The Board must ensure that the Bank has appropriate market risk management processes that provide a bank-wide and, if applicable, Group-wide view of market risk exposure. These must be consistent with the risk appetite statement, risk profile, systemic importance and capital strength of the Bank, take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity.
5. Senior Management must ensure that the strategy, policies and procedures are developed and implemented effectively. The Board must oversee the Senior Management to ensure that the strategies, policies and processes are implemented effectively and fully integrated into the Bank’s overall risk management process.
6. A Bank’s policies and processes must establish an appropriate and properly controlled market risk environment, including, at a minimum, the following items:
  1. Effective information systems for accurate and timely identification, aggregation, monitoring and reporting of market risk exposure to the Board and Senior Management;
  2. Appropriate market risk limits consistent with the Bank’s risk appetite, risk profile and capital strength and with the management’s ability to manage market risk and which are understood by and regularly communicated to, relevant staff;
  3. Exception tracking and reporting processes that ensure prompt action at the appropriate level of the Senior Management or Board, where necessary;
  4. Effective controls around the use of models to identify and measure market risk and set limits; and
  5. Sound policies and processes for allocation of exposures to the trading book.
1. A Bank must ensure that intra-day exposures are managed within limits established by the Board-approved market risk policies.
2. A Bank wishing to establish a trading book must submit for the Central Bank’s review a trading book policy statement that specifies those activities that belong in the trading book. Any significant change in a Bank’s existing trading book policy must be promptly submitted to the Central Bank for review.

Article 3: Systems and Controls
1. A Bank’s market risk measurement systems, monitoring and controls must enable it to maintain capital adequacy on a continuous basis and remain within its intra-day and other market risk limits.
2. An independent review of a Bank’s market risk measurement system and the overall market risk management process must be earned out at least annually, as part of the Bank’s own internal auditing process, by functionally independent, appropriately trained and competent personnel.
3. A Bank must capture all transactions on a timely basis.
4. A Bank’s internal models must be validated internally by suitably qualified parties independent of the model development process, to ensure that they are conceptually sound and adequately capture all material market risks.
5. A Bank must have its internal models validated externally by an independent and suitably qualified party on a regular basis and, in addition, on an as-needed basis.
6. A Bank’s back-testing program must consist of periodic comparisons of its model results with the realized profit or loss (trading income) relating to corresponding periods.

Article 4: Valuation
1. A Bank must have systems and controls to ensure that the Bank’s mark-to-market positions, whether in the banking book or trading book, are revalued frequently.
2. A Bank’s valuation process must use consistent and prudent practices and reliable market data, or, in the absence of market prices, internal or industry-accepted models, verified by a function independent of the relevant risk-taking business units.
3. A Bank that relies on modelling for the purposes of valuation must ensure that the model is validated by a function independent of the relevant risk-taking business units.
4. A Bank must establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid and stale positions.
5. A Bank must make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities.
6. A Bank operating a trading book must establish an appropriate valuation methodology and measurement model.

Article 5: Capital
1. A Bank must at all times hold appropriate levels of capital against unexpected losses, which may arise from its market risk exposures.
2. A Bank must ensure that market risk capital requirements are met on a continuous basis.

Article 6: Stress Testing
1. A Bank must include market risk exposure in its forward-looking stress-testing programs as part of its comprehensive approach to risk management.

Article 7: Reporting Requirements
1. A Bank must inform the Central Bank of all significant changes in its market risk measurement systems and in its market risk profile.
2. A Bank must promptly notify the Central Bank when it becomes aware of a significant deviation from its Board-approved market risk limits, policies or procedures, or becomes aware that material market risks have not been adequately addressed.
3. Banks must report to the Central Bank on market risk in the format and frequency prescribed in the Standards.

Article 8: Islamic Banking
1. A Bank offering Islamic financial services must ensure that its comprehensive approach to market risk management incorporates appropriate measures to comply with Shari’a rules and principles and related Shari’a control functions.

Article 9: Enforcement
1. Violation of any provision of this Regulation and the accompanying Standards shall be subject to supervisory action as deemed appropriate by the Central Bank.

Article 10: Interpretation of Regulations
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article 11: Cancellation of Previous Notices
1. This Regulation and the accompanying Standards replace all previous Central Bank regulations with respect to market risk.

Article 12: Publication and Application
1. This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.

Market Risk Standards
C 164/2018 Effective from 29/9/2018

Introduction
1. 1. These Standards form part of the Market Risk Regulation. All Banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as Regulation.
2. 2. A Bank’s Board is in ultimate control of the Bank and accordingly ultimately responsible for market risk management. There is no one-size-fits-all or single best solution. Accordingly, each Bank could meet the minimum requirements of the Regulation and Standards in different ways and thus may adopt an organizational framework appropriate to the risk profile, nature, size and complexity of its business and structure. The onus is on the Board to demonstrate that it has implemented an approach that adequately addresses market risk. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards.¹
3. 3. The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.
¹ The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller Banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited in the Standards.

Article 1: Definitions
1. 1. Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.
2. 2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a Bank.
3. 3. Banking book: Positions in financial instruments that are available for sale or expected to be held to maturity. The following instruments must be assigned to the banking book:
  1. a. Unlisted equities;
  2. b. Instruments designated for securities warehousing;
  3. c. Real estate holdings;
  4. d. Retail and small and medium-sized enterprise credit;
  5. e. Equity instruments in a fund in which the Bank cannot look through the fund daily or obtain daily prices for its investment in that fund;
  6. f. Derivative instruments that have instruments of the type specified in 1.3.a through 1.3.e above as underlying assets;
  7. g. Instruments held for the purpose of hedging a particular risk of a position in the types of instruments of the type specified in 1.3.a through 1.3.e above; and
  8. h. Any other instrument as may be determined by the Central Bank.
4. 4. Board: The Bank’s Board of Directors.
5. 5. Central Bank: The Central Bank of the United Arab Emirates.
6. 6. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
7. 7. Central Bank regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
8. 8. Financial instrument: Any contract that gives rise to both a financial asset of one entity and a financial liability of another entity. Financial instruments include primary financial instruments (or cash instruments) and derivative financial instruments. A financial asset is any asset that is cash and or, the right to receive cash or another financial instrument. A financial liability is a contractual obligation to deliver cash or another financial asset or to exchange financial liabilities under conditions that are potentially unfavourable.
9. 9. Group: A group of entities that includes an entity (the ‘first entity’) and:
  1. a. any Parent of the first entity;
  2. b. any Subsidiary of the first entity or of any Parent of the first entity; and
  3. c. any Affiliate.
10. 10. Independent price verification: The process by which market prices or model inputs are regularly verified for accuracy. Independent price verification is distinct from daily marking-to-market. Independent price verification entails a higher standard of accuracy in which the market prices or model inputs are used to determine profit and loss figures, whereas daily marks are collected primarily for management reporting in between reporting dates.
11. 11. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
12. 12. Market risk: The risk of losses in on- and off-balance sheet positions arising from movements in market prices. For the purposes of these Standards, these risks are,
  1. a. In the trading book of the bank, the risks pertaining to interest rate related instruments and equities, and
  2. b. Throughout the bank, the risks pertaining to foreign exchange and commodities.
13. 13. Marking-to-market: Valuation of positions at readily available close-out prices in orderly transactions that are sourced independently. Examples of readily available close-out prices include exchange prices, screen prices, or quotes from several independent reputable brokers. Marking-to-market may be performed by dealers. Daily marking-to-market is distinct from independent price verification.
14. 14. Marking-to-model: Any valuation, which has to be benchmarked, extrapolated or otherwise calculated from a market input.
15. 15. Parent: An entity (the ‘first entity’) which:
  1. a. holds a majority of the voting rights in another entity (the ‘second entity’);
  2. b. is a shareholder of the second entity and has the right to appoint or remove a majority of the Board of directors or managers of the second entity; or
  3. c. is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity;
    Or;
  4. d. If the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
16. 16. Residual risk: The risk exposure after controls are considered.
17. 17. Risk appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within it risk capacity, to achieve its strategic objectives and business plan.
18. 18. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and approach to risk management; articulate and monitor adherence to the risk appetite and risks limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
19. 19. Risk limits: Specific quantitative measures that may not be exceeded, based on, for example, forward-looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations, or other measures, as appropriate.
20. 20. Risk Management function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on a Bank-wide and, if applicable, Group-wide basis.
21. 21. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions.
22. 22. Subsidiary: An entity (the ‘first entity’) is a subsidiary of another entity (the ‘second entity’) if the second entity:
  1. a. holds a majority of the voting rights in the first entity;
  2. b. is a shareholder of the first entity and has the right to appoint or remove a majority of the board of directors or managers of the first entity; or
  3. c. is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity;
    Or;
  4. d. If the first entity is a subsidiary of another entity that is itself a subsidiary of the second entity.
23. 23. Trading book: Positions in financial instruments and commodities held either with trading intent or in order to hedge other elements of the trading book. Any instrument held for one or more of the following purposes must be assigned to the trading book:
  1. a. Short-term resale;
  2. b. Profiting from short-term price movements;
  3. c. Locking in arbitrage profits;
  4. d. Hedging risks that arise from instruments meeting criteria 3.16.a through 3.16.c above; and
  5. e. Any other instrument as may be determined by the Central Bank.

Article 2: Risk Governance Framework
1. 1. A Bank must establish, implement and maintain a market risk governance framework, which enables it to identify, assess, monitor, mitigate and control market risk. The market risk framework consists of policies, processes, procedures, systems and controls.
2. 2. The market risk governance framework must be documented and approved, maintained and overseen by the Board and must provide for a sound and well-defined framework to address the Bank’s market risks.
3. 3. A Bank’s market risk management processes must be integrated with the Bank’s overall risk management processes. Banks that have trading books must develop separate and specific trading book policy statements and risk frameworks.
4. 4. The Board and Senior Management must be actively involved in the market risk control process and must regard risk control as an essential aspect of the business to which significant resources need to be devoted. In this regard, the daily reports prepared by the market risk management function must be reviewed by a level of management with sufficient seniority and authority to enforce both reductions of positions taken by individual traders and reductions in the Bank’s overall risk exposure.

Article 3: Systems & Controls

General
1. 1. The Board must ensure compliance with a documented set of internal policies, controls and procedures concerning the operation of the market risk measurement system. Documentation in the form of a market risk manual or policy must provide a useable and understandable overview of the basic principles of the market risk management system and an explanation of the empirical techniques used to measure market risk.

Risk Factors
1. 2. A Bank must specify in its market risk measurement system an appropriate set of market risk factors (market rates and prices that affect the value of the Bank’s market-related positions) that are sufficient to capture the risk inherent in the Bank’s portfolio of on- and off-balance sheet trading positions.

Interest Rates
1. 3. A Bank must specify a set of risk factors corresponding to interest rates in each currency in which the Bank has interest-rate-sensitive on- or off-balance sheet positions. The number of risk factors used must be driven by the nature of the Bank’s trading strategies and must include, at a minimum, the following:
  1. a. Modelling of the yield curve using one of a number of generally accepted approaches, for example, by estimating forward rates of zero coupon yields.
  2. b. Dividing the yield curve into various maturity segments in order to capture variation in the volatility of rates along the yield curve. There typically will be one risk factor corresponding to each maturity segment.
  3. c. For material exposures to interest rate movements in the major currencies and markets, modelling the yield curve using a minimum of six risk factors. The number of risk factors used ultimately must be driven by the nature of the Bank’s trading strategies. For instance, a Bank with a portfolio of various types of securities across many points of the yield curve and that engages in complex arbitrage strategies would require a greater number of risk factors to capture interest rate risk accurately.
2. 4. The risk measurement system must incorporate separate risk factors to capture spread risk (e.g. between bonds and swaps). These include but are not limited to specifying a completely separate yield curve for non-government fixed-income instruments (for instance, swaps or municipal securities) and estimating the spread over government rates at various points along the yield curve.

Exchange Rates
1. 5. A Bank must specify risk factors corresponding to the exchange rate between the domestic currency and individual foreign currencies in which its positions are denominated.

Equities
1. 6. For equity prices, there must be risk factors corresponding to each of the equity markets in which the Bank holds significant positions. The sophistication and nature of the modelling technique for a given market must correspond to the Bank’s exposure to the overall market as well as its concentration in individual equity issues in that market.
2. 7. At a minimum, there must be a risk factor that is designed to capture market-wide movements in equity prices (e.g. a market index). Positions in individual securities or in sector indices could be expressed in “beta-equivalents”² relative to this market-wide index. Alternatively, a Bank may identify risk factors corresponding to various sectors of the overall equity market (for instance, industry sectors or cyclical and non-cyclical sectors), or specify risk factors corresponding to the volatility of individual equity issues.
² A “beta-equivalent” position would be calculated from a market model of equity price returns (such as the Capital Asset Pricing Model) by regressing the return on the individual stock or sector index on the risk-free rate of return and the return on the market index.

Commodities
1. 8. A Bank must specify risk factors corresponding to each of the commodity markets in which it holds significant positions. A Bank’s commodity risk factors must, at a minimum, include the following:
  1. a. Directional risk, to capture the exposure from changes in spot prices arising from net open positions;
  2. b. Forward gap and interest rate risks, to capture the exposure to changes in forward prices; and
  3. c. Basis risk, to capture the exposure to changes in the price relationships between two similar, but not identical, commodities.
2. 9. For a Bank with relatively limited positions in commodity-based instruments, a less complex specification of risk factors would be acceptable. Such a specification would likely entail one risk factor for each commodity price to which the Bank is exposed. In cases where the aggregate positions are quite small, it might be acceptable to use a single risk factor for a relatively broad sub-category of commodities (for instance, a single risk factor for all types of oil.) For more active trading, the model must also take account of variation in the “convenience yield” between derivatives positions such as forwards and swaps and cash positions in the commodity.

Options
1. 10. If a Bank’s risk appetite statement includes taking option positions, the market risk measurement system must specify risk factors corresponding to the implied volatilities of those options, to capture the risk of gain or loss resulting from changes in volatility of those positions.
2. 11. The following criteria apply to the measurement of options risk:
  1. a. Bank’s models must capture the non-linear price characteristics of options positions; and
  2. b. Each Bank’s risk measurement system must have a set of risk factors that captures the volatilities of the rates and prices underlying option positions, including Vega risk. Banks with relatively large and/or complex options portfolios must have detailed specifications of the relevant volatilities.

Internal Review
1. 12. The Board-approved policies must provide for an independent review by the internal audit function of the market risk measurement system at least annually. The review must include both the activities of the business trading units and of the independent risk management function. At a minimum, a review must specifically address the following:
  1. a. The organization of the market risk management function, adequacy of the documentation of the market risk management system and process and the approval process for risk pricing models and valuation systems used by front-and back-office personnel;
  2. b. The scope of the market risks captured by the market risk measurement system’s models; the accuracy and appropriateness of the risk measurement system (including any significant changes); the accuracy and completeness of position data; the accuracy of calculation and risk transformation calculations; integration of market risk measures into daily risk management; accuracy and appropriateness of volatility and correlation assumptions and (if using the historical simulation approach) calculations of historical rate movements; and the integrity of the management information system with respect to market risk;
  3. c. The verification of the consistency, timeliness and reliability of the data sources used to run internal models, including the independence of such data sources;
  4. d. The validation of any significant change in the market risk measurement process, including the evaluation of conceptual/methodological soundness, as well as developmental evidence;
  5. e. Evidence of ongoing model monitoring, including process verification and benchmarking;
  6. f. The verification of the model’s accuracy through frequent back-testing of outcomes analysis, including key internal parameters; and
  7. g. The process used to produce the calculation of market risk capital.

Models
1. 13. The Board must ensure that Board-approved policies adequately provide for market risk measurement methodologies commensurate with the risk profile, nature, size and complexity of the Bank’s business and structure. A Bank that has a trading book must have a robust modelling framework. Development, internal approval and ongoing use of models and other market risk management methodologies must be governed by Board-approved policies and procedures, which at a minimum must address initial and ongoing validation, valuation and independent review by the internal audit function.
2. 14. The risk management function must produce and analyse daily reports on the output of the Bank’s market risk measurement models, including an evaluation of the relationship between measures of risk exposure and trading limits. This function must be independent from business trading units and must report directly to Senior Management.
3. 15. A Bank’s internal risk measurement models must be closely integrated into the day-to-day risk management process of the Bank. Model output must be an integral part of the process of planning monitoring and controlling the Bank’s Market Risk profile.
4. 16. The Market Risk measurement system must be used in conjunction with internal trading and exposure limits. In this regard, trading limits must be related to the Bank’s risk measurement model in a manner that is consistent over time and that it is well understood by both traders and Senior Management.
5. 17. A Bank must include in its internal models risk factors deemed relevant for pricing. Any proxies used must show a good track record of the actual position held; for example, an equity index for a position in an individual stock.

Internal Validation
1. 18. A Bank using models must provide for initial and on-going validation by a risk management function independent of the risk-taking functions of the internal model and when any significant changes are made to the model. More frequent validation is required where there have been significant structural changes in the market or changes to the composition of the portfolio which might lead to the model no longer being adequate.
2. 19. A Bank’s model validation must not be limited to profit or loss attribution and back-testing, but, at a minimum, also must include tests to demonstrate that any assumptions made within the internal model are appropriate and do not underestimate risk. This may include normal distribution assumption, the use of the square root of time to scale from a one day holding period to a 10 day holding period or where extrapolation or interpolation techniques are used, or pricing models.
3. 20. Testing for model validation must use hypothetical changes in portfolio value that would occur were end-of-day positions to remain unchanged. It therefore excludes fees, commissions, bid-ask spreads, net interest income and intra-day trading.
4. 21. Additional tests are required, which may include but are not limited to:
  1. a. Testing carried out for longer than required for the regular back-testing program (for instance 3 years). The longer period generally improves the power of the back-testing. A longer time period may not be desirable if the model or market conditions have changed to the extent that historical data is no longer relevant;
  2. b. Testing carried out using confidence intervals in addition to the 97.5 percent and 99 percent interval required under the Basel quantitative standards;
  3. c. Testing of portfolios below the overall Bank level;
  4. d. The use of hypothetical portfolios to ensure that the model is able to account for particular structural features that may arise, for example, where data histories for a particular instrument do not meet the quantitative standards and where the Bank has to map these positions to proxies;
  5. e. Ensuring that material basis risks are adequately captured. This may include mismatches between long and short positions by maturity or by issuer; and
  6. f. Ensuring that the model captures concentration risk that may arise in an undiversified portfolio.

External Validation
1. 22. The validation of the accuracy of a Bank’s models by an independent appropriately qualified specialist at a minimum (e.g. an external auditor) must include the following steps:
  1. a. Verifying that the internal validation processes are operating in a satisfactory manner;
  2. b. Ensuring that the formulae used in the calculation process as well as for the pricing of options and other complex instruments are validated by a qualified unit, which in all cases must be independent from the trading area;
  3. c. Checking that the structure of internal models is adequate with respect to the Bank’s activities and geographical coverage;
  4. d. Checking the results of the Bank’s back testing of its internal measurement system (for example, comparing model estimates with actual profits and losses) to ensure that the model provides a reliable measure of potential losses over time. A Bank must make the results as well as the underlying inputs to its model calculations available to the independent specialist; and
  5. e. Making sure that data flows and processes associated with the risk measurement system are transparent and accessible. In particular, it is necessary that the independent specialist has access as required to the model’s specifications and parameters.

Article 4: Valuation
1. 1. A Bank must mark-to-market at least on a daily basis its market risk positions. The more prudent side of bid/offer must be used, unless the Bank is a significant market maker in a particular position type and it can close-out at mid-market. A Bank must maximize the use of relevant observable inputs and minimize the use of unobservable inputs when estimating fair value using a valuation technique. However, observable inputs or transactions may not be relevant, such as in a forced liquidation or distressed sale, or transactions may not be observable, such as when markets are inactive. In such cases, the observable data must be considered, but may not be determinative.
2. 2. A Bank may use mark-to-model only where marking-to-market is not possible, but it must be able to demonstrate to the Central Bank that this approach is prudent. When marking-to-model, an extra degree of conservatism is appropriate. The Central Bank will consider the following in assessing whether a mark-to-model valuation is prudent:
  1. a. Senior Management must be aware of the elements of the trading book or of other fair-valued positions which are subject to mark-to-model and must understand the materiality of the uncertainty this creates in the reporting of the risk/performance of the business;
  2. b. Market inputs must be sourced, to the extent possible, which show satisfactory track record of the actual position held. The appropriateness of the market inputs for the particular position being valued must be reviewed regularly;
  3. c. Where available, generally accepted valuation methodologies for particular products must be used as far as possible;
  4. d. A Bank’s model must be based on appropriate assumptions which have been assessed and challenged by suitably qualified parties independent of the development process. This can take the form of a Technical Committee. The model must be developed or approved independently of the risk-taking functions and must be independently tested;
  5. e. There must be formal change control procedures in place and a secure copy of the model must be held and periodically used to check valuations;
  6. f. The independent risk management function must be aware of the weaknesses of the models used and how best to reflect those in the valuation output;
  7. g. The model must be subject to periodic review to determine the accuracy of its performance (e.g. assessing continued appropriateness of the assumptions, analysis of profit and loss versus risk factors, comparison of actual close out values to model outputs); and
  8. h. Valuation adjustments must be made as appropriate (for example, to cover the uncertainty of the model valuation).
3. 3. As part of its procedures for marking-to-market, a Bank must establish and maintain procedures for considering valuation adjustments. A Bank using third-party valuations must consider whether valuation adjustments are necessary. Such considerations are also necessary when marking-to-model.
4. 4. A Bank must, at a minimum, formally consider credit valuation adjustments, unearned credit spreads, close-out costs, operational risks, early termination, investing and funding costs, future administrative costs and, where appropriate, model risk.
5. 5. The Board-approved polices must provide for independent verification of market prices or model inputs by a unit independent of the risk taking functions, at least monthly and depending on the nature of the market/trading activity, more frequently. Senior Management must take appropriate action to ensure the elimination of inaccurate daily marks.
6. 6. Where pricing sources are more subjective, such as when only one available broker quote is provided, prudent measures, such as valuation adjustments must be taken as appropriate.

Back-Testing
1. 7. The independent risk management function must conduct a regular back-testing program and profit and loss attribution program including but not limited to comparison of the risk measure and profit or loss values generated by the model against actual daily changes in portfolio value, as well as hypothetical changes based on static positions.
2. 8. A Bank’s back-testing program must cover a minimum period of 250 business days.
3. 9. A Bank’s back-testing program must include a formal evaluation of instances where trading outcomes are not covered by the risk measures (termed ‘exceptions’) on at least a quarterly basis, using the most recent twelve months modelled results and profit data. The Bank must document all exceptions generated from its ongoing back-testing program, including an explanation for the exceptions. A Bank must have the capacity to perform back-testing analysis both at the level of the whole portfolio and at the level of sub-portfolios or books that contain material risk.
4. 10. A Bank must perform back-tests using both actual trading outcomes and hypothetical trading outcomes. Hypothetical trading outcomes are calculated by applying the day’s price movements to the previous day’s end-of-day portfolio. When performing back-tests using actual trading outcomes, a Bank must use clean trading outcomes, i.e. actual trading outcomes adjusted to remove the impact of income arising from factors other than market movements alone, such as fees and commissions, brokerage, additions to and releases from reserves which are not directly related to market risk (such as administration reserves).

Article 5: Capital
1. 1. A Bank must calculate a capital charge for interest rate risk, options risk and equity positions in the trading book. Equity exposure, foreign exchange risk and commodity risk and options risk must be calculated on the Bank’s entire positions. Options risk must also be calculated for options on foreign exchange or commodities positions not belonging to the trading book. In addition, a Bank must take into account other relevant market risk exposures, including but not limited to interest rate risk in the Banking book, as part of the Internal Capital Adequacy Assessment Process to ensure that it holds adequate capital against all market risks.

Article 6: Stress Testing
1. 1. A Bank must have a forward-looking stress-testing program that addresses market risks as well as other Pillar 1 risks and any relevant Pillar 2 risks. Consideration of market risks must include liquidity implications as well as impacts on earnings and capital.
2. 2. A Bank’s stress scenarios must cover a range of market risk factors that can create extraordinary losses or gains in trading portfolios, or make the control of risk in those portfolios very difficult. Stress scenarios need to shed light on the impact of such events on positions that display both linear and nonlinear price characteristics (for instance options and instruments that have options-like characteristics).
3. 3. A Bank’s stress tests must be both of a quantitative and qualitative nature, incorporating both market risk and liquidity aspects of market disturbances. Quantitative criteria must identify plausible stress scenarios to which a Bank could be exposed. Qualitative criteria must emphasize that the two major goals of stress testing are to evaluate the capacity of the Bank’s capital to absorb potential large losses and to identity steps the Bank can take to reduce its risk and conserve capital. This assessment is integral to setting and evaluating the Bank’s management strategy and the results of stress testing routinely must be communicated to Senior Management and periodically to the Board.
4. 4. From time to time, the Central Bank may require Banks to carry out stress tests based on Central Bank prescribed scenarios. A Bank must combine the use of stress scenarios as prescribed by the Central Bank with internally developed stress tests to reflect the specific risk characteristics of its portfolio. A Bank must submit the following information on stress testing to the Central Bank:
  1. a. Supervisory scenarios requiring no simulations by a Bank: A Bank must make information on the largest losses experienced during the reporting period available to the Central Bank. This loss information must be compared to the level of capital that results from a Bank’s internal measurement system. For example, it could provide the Central Bank with a picture of how many days of peak day losses would have been covered by a given value-at-risk or expected shortfall estimate;
  2. b. Supervisory scenarios requiring simulations by a Bank: A Bank must subject its portfolios to a series of simulated stress scenarios and provide the Central Bank with the results. These scenarios could include testing the current portfolio against past periods of significant disturbance. A second type of scenario would evaluate the sensitivity of the Bank’s market risk exposure to changes in the assumptions about volatilities and correlations. Applying this test would require an evaluation of the historical range of variation for volatilities and correlations and evaluation of the Bank’s current positions against the extreme values of the historical range. Due consideration must be given to the sharp variation that at times has occurred in a matter of days in periods of significant market disturbance. (for example, the global financial crisis and earlier major market disturbances involved correlations within risk factors approaching the extreme values of 1 or −1 for several days at the height of the disturbance); and
  3. c. Scenarios developed by the Bank itself to capture the specific characteristics of its portfolio: A Bank must develop its own stress tests which it identifies as most adverse based on the characteristics of its portfolio (such as adverse regional developments combined with a sharp move in oil prices). The market shocks applied in the tests must reflect the nature of portfolios and the time it could take to hedge or manage risks under severe market conditions. The Bank must provide the Central Bank with a description of the methodology used to select and carry out the scenarios as well as with a description of the results derived from these scenarios. The stress tests must also address:
    1. i. Illiquidity/gapping of prices;
    2. ii. Concentrated positions (in relation to market turnover);
    3. iii. One-way markets;
    4. iv. Non-linear products/deep out-of-the-money positions;
    5. v. Events and jumps-to-defaults; and
    6. vi. Other risks that may not be captured appropriately in the models (in the case of VaR models for example, these may include but are not limited to: recovery rate uncertainty, implied correlations, skew risk, default risk, migration risks and shocks to the exchange rate regime).
5. 5. Senior Management must review the stress test results periodically, but at least monthly and such results must be reflected in the policies and limits set by management and the Board. Stress test results must be used in the internal assessment of capital adequacy. The Bank must take prompt steps to manage vulnerabilities identified in stress testing, which can include but are not limited to hedging against identified outcomes, reducing the size of exposures or increasing capital.

Article 7: Reporting
1. 1. A Bank must submit to the Central Bank on a quarterly basis the Report on Market Risk Exposures. A Bank must calculate the number of exceptions in back-tests using trading outcomes and provide this information to the Central Bank in such form and frequency as the Central Bank may specify.

Article 8: Islamic Banking
1. 1. A Bank offering Islamic financial services must have in place an appropriate framework for market risk management, including reporting, in respect of all assets held, particularly those that do not have a ready market and/or are exposed to high price volatility.
2. 2. A Bank offering Islamic financial services must develop a market risk strategy including the level of acceptable market risk appetite taking into account contractual agreements with fund providers, types of risk-taking activities and target markets in order to maximize returns while keeping exposures at or below the pre-determined levels. The strategy must be reviewed at least annually, communicated to relevant staff and disclosed to fund providers. The strategy must provide for guidelines governing risk-taking activities in different portfolios of restricted investment account holders and applicable market risk limits.
3. 3. A Bank offering Islamic financial services must ensure that its strategy includes a definition of its risk appetite for tradable assets and that its risk appetite is adequately supported by capital held for that purpose.
4. 4. A Bank offering Islamic financial services must be able to quantify market risk exposures and assess exposure to the probability of future losses in its net open asset positions. The Bank must incorporate a detailed approach to valuing its market risk positions where no direct market prices are available. This may include appropriate forecasting techniques to assess the potential value of these assets.
5. 5. Where available valuation methodologies are deficient, a Bank offering Islamic financial services must assess the need to:
  1. a. allocate funds to cover risks resulting from illiquidity, new assets and uncertainty in assumptions underlying valuation and realization; and
  2. b. establish a contractual agreement with the counterparty specifying the methods to be used in valuing the assets.
6. 6. A Bank offering Islamic financial services must apply the same risk management policies and procedures to assets held on behalf of restricted investment account holders as it does to assets held on behalf of shareholders and unrestricted investment account holders.
7. 7. Where a Bank offering Islamic financial services plays the role of market maker to restricted investment account holders, the resultant liquidity risk must be managed appropriately.

Model Management Standards

Definitions and Interpretations

The following terms shall have the meaning assigned to them for the purpose of interpreting these Standards and the related Guidance:
1.	Board: As defined in the CBUAE’s Corporate Governance Regulation for Banks.
2.	Causality (written in lower case as “causality”): Relationship between cause and effect. It is the influence of one event on the occurrence of another event.
3.	CBUAE: Central Bank of the United Arab Emirates.
4.	Correlation (written in lower case as “correlation”): Any statistical relationship between two variables, without explicit causality explaining the observed joint behaviours. Several metrics exist to capture this relationship. Amongst others, linear correlations are often captured by the Pearson coefficient. Linear or non-linear correlation are often captured by the Spearman’s rank correlation coefficient.
5.	Correlation Analysis (written in lower case as “correlation analysis”): Correlation analysis refers to a process by which the relationships between variables are explored. For a given set of data and variables, observe (i) the statistical properties of each variable independently, (ii) the relationship between the dependent variable and each of the independent variables on a bilateral basis, and (iii) the relationship between the independent variables with each other.
6.	CI (Credit Index): In the context of credit modelling, a credit index is a quantity defined over (-∞,+∞) derived from observable default rates, for instance through probit transformation. CI represents a systemic driver of creditworthiness. While this index is synthetic, (an abstract driver), it is often assimilated to the creditworthiness of specific industry or geography.
7.	Default (written in lower case as “default”): The definition of default depends on the modelling context, either for the development of rating models or for the calibration and probabilities of default. For a comprehensive definition, refer to the section on rating models in the MMG.
8.	Deterministic Model (written in lower case as “deterministic model”): A deterministic model is a mathematical construction linking, with certainty, one or several dependent variables, to one or several independent variables. Deterministic models are different from statistical models. The concept of confidence interval does not apply to deterministic models. Examples of deterministic models include NPV models, financial cash flow models or exposure models for amortizing facilities.
9.	DMF (Data Management Framework): Set of policies, procedures and systems designed to organise and structure the management of data employed for modelling.
10.	DPD (Days-Past-Due): A payment is considered past due if it has not been made by its contractual due date. The days-past-due is the number of days that a payment is past its due date, i.e. the number of days for which a payment is late.
11.	DSIB (Domestic Systemically Important Banks): These are UAE banks deemed sufficiently large and interconnected to warrant the application of additional regulatory requirements. The identification of the institutions is based upon a framework defined by the CBUAE.
12.	EAD (Exposure At Default): Expected exposure of an institution towards an obligor (or a facility) upon a future default of this obligor (or its facility). It also refers to the observed exposure upon the realised default of an obligor (or a facility). This amount materialises at the default date and can be uncertain at reporting dates prior to the default date. The uncertainty surrounding EAD depends on the type of exposure and the possibility of future drawings. In the case of a lending facility with a pre-agreed amortisation schedule, the EAD is known. In the case of off-balance sheet exposures such as credit cards, guarantees, working capital facilities or derivatives, the EAD is not certain on the date of measurement and should be estimated with statistical models.
13.	EAR (Earning At Risk): Refer to NII.
14.	ECL (Expected Credit Loss): Metric supporting the estimation of provisions under IFRS9 to cover credit risk arising from facilities and bonds in the banking book. It is designed as a probability-weighted expected loss.
15.	Economic Intuition (written in lower case as “economic intuition”): Also referred to as economic intuition and business sense. Property of a model and its output to be interpreted in terms and metrics that are commonly employed for business and risk decisions. It also refers to the property of the model variables and the model outputs to meet the intuition of experts and practitioners, in such a way that the model can be explained and used to support decision-making.
16.	Effective Challenge: Characteristic of a validation process. An effective model validation ensures that model defects are suitably identified, discussed and addressed in a timely fashion. Effectiveness is achieved via certain key features of the validation process such as independence, expertise, clear reporting and prompt action from the development team.
17.	EVE (Economic Value of Equity): It is defined as the difference between the present value of the institution’s assets minus the present value of liabilities. The EVE is sensitive to changes in interest rates. It is used in the measurement of interest rate risk in the banking book.
18.	Expert-Based Models (written in lower case as “expert-based models”): Also referred to as judgemental models, these models rely on the subjective judgement of expert individuals rather than on quantitative data. In particular, this type of model is used to issue subjective scores in order to rank corporate clients.
19.	Institutions (written in lower case as “institution(s)”): All banks licenced by the CBUAE. Entities that take deposits from individuals and/or corporations, while simultaneously issuing loans or capital market securities.
20.	LGD (Loss Given Default): Estimation of the potential loss incurred by a lending institution upon the default of an obligor (or a facility), measured as a percentage of the EAD. It also refers to the actual loss incurred upon past defaults also expressed as a percentage of EAD. The observed LGD levels tend to be related to PD levels with various strength of correlation.
21.	Limits and limitations (written in lower case as “limits” and “limitations”): Model limits are thresholds applied to a model’s outputs and/or its parameters in order to control its performance. Model limitations are boundary conditions beyond which the model ceases to be accurate.
22.	LSI (Large and/or Sophisticated Institutions): This group comprises DSIBs and any other institutions that are deemed large and/or with mature processes and skills. This categorisation is defined dynamically based on the outcome of regular banking supervision.
23.	Macroeconomic Model (written in lower case as “macroeconomic model” or “macro model”): Refers to two types of models. (i) A model that links a set of independent macro variables to another single dependent macro variable or to several other dependent macro variables or (ii) a model that links a set of independent macro variables to a risk metric (or a set of risk metrics) such as probabilities of default or any other business metric such as revenues.
24.	Market Data: Refers to the various data attributes of a traded financial instrument reported by a trading exchange. It includes the quoted value of the instrument and/or the quoted parameters of that instrument that allow the derivation of its value. It also includes transaction information including the volume exchanged and the bid-ask spread.
25.	Materiality: The materiality of a model represents the financial scope covered by the model in the context of a given institution. It can be used to estimate the potential loss arising from model uncertainty (see Model Risk). Model materiality can be captured by various metrics depending on model types. Typically, total exposure can be used as a metric for credit models.
26.	MMG: CBUAE’s Model Management Guidance.
27.	MMS: CBUAE’s Model Management Standards.
28.	Model (written in lower case as “model”): A quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates. For the purpose of the MMS and MSG, models are categorised in to three distinct groups: statistical models, deterministic models and expert-based models.
29.	Model Calibration (written in lower case as “model calibration”): Key step of the model development process. Model calibration means changing the values of the parameters and/or the weights of a model, without changing the structure of the model, i.e. without changing the nature of the variables and their transformations.
30.	Model Complexity (written in lower case as “model complexity”): Overall characteristic of a model reflecting the degree of ease (versus difficulty) with which one can understand the model conceptual framework, its practical design, calibration and usage. Amongst other things, such complexity is driven by, the number of inputs, the interactions between variables, the dependency with other models, the model mathematical concepts and their implementation.
31.	Model Construction (written in lower case as “model construction”): Key step of the model development process. The construction of a model depends on its nature, i.e. statistical or deterministic. For the purpose of the MMS and the MMG, model construction means the following: for statistical models, for a given methodology and a set of data and transformed variables, it means estimating and choosing, with a degree of confidence, the number and nature of the dependent variables along with their associated weights or coefficients. For deterministic models, for a given methodology, it means establishing the relationship between a set of input variables and an output variable, without statistical confidence intervals.
32.	Model Development (written in lower case as “model development”): Means creating a model by making a set of sequential and recursive decisions according to the steps outlined in the dedicated sections of the MMS. Model re-development means conducting the model development steps again with the intention to replace an existing model. The replacement may, or may not, occur upon re-development.
33.	Modelling Decision (written in lower case as “modelling decision”): A modelling decision is a deliberate choice that determines the core functionality and output of a model. Modelling decisions relate to each of the steps of the data acquisition, the development and the implementation phase. In particular, modelling decisions relate to (i) the choice of data, (ii) the analysis of data and sampling techniques, (iii) the methodology, (iv) the calibration and (v) the implementation of models. Some modelling decisions are more material than others. Key modelling decisions refer to decisions with strategic implications and/or with material consequences on the model outputs.
34.	Model Risk: Potential loss faced by institutions from making decisions based on inaccurate or erroneous outputs of models due to errors in the development, the implementation or the inappropriate usage of such models. Losses incurred from Model Risk should be understood in the broad sense as Model Risk has multiple sources. This definition includes direct quantifiable financial loss but also any adverse consequences on the ability of the institution to conduct its activities as originally intended, such as reputational damage, opportunity costs or underestimation of capital. In the context of the MMS and the MMG, Model Risk for a given model should be regarded as the combination of its materiality and the uncertainty surrounding its results.
35.	Model Selection (written in lower case as “model selection”): This step is part of the development process. This means choosing a specific model amongst a pool of available models, each with a different set of variables and parameters.
36.	Model Uncertainty (written in lower case as “model uncertainty”): This refers to the uncertainty surrounding the results generated by a model. Such uncertainty can be quantified as a confidence interval around the model output values. It is used as a component to estimate Model Risk.
37.	Multivariate Analysis (written in lower case as “multivariate analysis”): For a given set of data and variables, this is a process of observing the joint distribution of the dependent and independent variables together and drawing conclusions regarding their degree of correlation and causality.
38.	NII (Net Interest Income): To simplify notations, both Net Interest Income (for conventional products) and/or Net Profit Income (for Islamic Products) are referred to as “NII”. In this context, ‘profit’ is assimilated as interest. It is defined as the difference between total interest income and total interest expense, over a specific time horizon and taking into account hedging. The change in NII (“?NII”) is defined as the difference between the NII estimated with stressed interest rates under various scenarios, minus the NII estimated with the interest rates as of the portfolio reporting date. ?NII is also referred to as earnings at risk (“EAR”).
39.	NPV (Net Present Value): Present value of future cash flows minus the initial investment, i.e. the amount that a rational investor is willing to pay today in exchange for receiving these cash flows in the future. NPV is estimated through a discounting method. It is commonly used to estimate various metrics for the purpose of financial accounting, risk management and business decisions.
40.	PD (Probability of Default): Probability that an obligor fails to meet its contractual obligation under the terms of an agreed financing contract. Such probability is computed over a given horizon, typically 12 months, in which case it is referred to as a 1-year PD. It can also be computed over longer horizons. This probability can also be defined at several levels of granularity, including, but not limited to, single facility, pool of facilities, obligor, or consolidated group level.
41.	PD Model (written as “PD model”): This terminology refers to a wide variety of models with several objectives. Amongst other things, these models include mapping methods from scores generated by rating models onto probability of defaults. They also include models employed to estimate the PD or the PD term structure of facilities, clients or pool of clients.
42.	PD Term Structure (written as “PD term structure”): Refers to the probability of default over several time horizons, for instance 2 years, 5 years or 10 years. A distinction is made between the cumulative PD and the marginal PD. The cumulative PD is the total probability of default of the obligor over a given horizon. The marginal PD is the probability of default between two dates in the future, provided that the obligor has survived until the first date.
43.	PIT (Point-In-Time) and TTC (Through-The-Cycle): A point-in-time assessment refers to the value of a metric (typically PD or LGD) that incorporates the current economic conditions. This contrasts with a through-the-cycle assessment that refers to the value of the same metric across a period covering one or several economic cycles.
44.	Qualitative validation: A review of model conceptual soundness, design, documentation, and development and implementation process.
45.	Quantitative validation: A review of model numerical output, covering at least its accuracy, degree of conservatism, stability, robustness and sensitivity.
46.	Rating / Scoring (written in lower case “rating or scoring”): For the purpose of the MMS and the MMG, a rating and a score are considered as the same concept, i.e. an ordinal quantity representing the relative creditworthiness of an obligor (or a facility) on a predefined scale. ‘Ratings’ are commonly used in the context of corporate assessments whilst ‘scores’ are used for retail client assessments.
47.	Restructuring (written in lower case “restructuring”): The definition of restructuring / rescheduling used for modelling in the context of the MMS and MMG should be understood as the definition provided in the dedicated CBUAE regulation and, in particular, in the Circular 28/2010 on the classification of loans, with subsequent amendments to this Circular and any new CBUAE regulation on this topic.
48.	Rating Model (written in lower case “rating model”): The objective of such model is to discriminate ex-ante between performing clients and potentially non-performing clients. Such models generally produce a score along an arbitrary scale reflecting client creditworthiness. This score can subsequently mapped to a probability of default. However, rating models should not be confused with PD models.
49.	Retail Clients (written in lower case as “retail clients”): Retail clients refer to individuals to whom credit facilities are granted for the following purpose: personal consumer credit facilities, auto credit facilities, overdraft and credit cards, refinanced government housing credit facilities, other housing credit facilities, credit facilities against shares to individuals. It also includes small business credit facilities for which the credit risk is managed using similar methods as applied for personal credit facilities.
50.	Segment (written in lower case as “segment”): Subsets of an institution’s portfolio obtained by splitting the portfolio by the most relevant dimensions which explain its risk profile. Typical dimensions include obligor size, industries, geographies, ratings, product types, tenor and currency of exposure. Segmentation choices are key drivers of modelling accuracy and robustness.
51.	Senior Management: As defined in the CBUAE’s Corporate Governance Regulation for Banks.
52.	Statistical Model (written in lower case as “statistical model”): A statistical model is a mathematical construction achieved by the application of statistical techniques to samples of data. The model links one or several dependent variables to one or several independent variables. The objective of such a model is to predict, with a confidence interval, the values of the dependent variables given certain values of the independent variables. Examples of statistical models include rating models or value-at-risk (VaR) models. Statistical models are different from deterministic models. By construction, statistical models always include a degree of Model Risk.
53.	Tiers: Models are allocated to different groups, or Tiers, depending on their associated Model Risk.
54.	Time series analysis (written in lower case as “time series analysis”): For a given set of data and variables, this is a process of observing the behaviour of these variables through time. This can be done by considering each variable individually or by considering the joint pattern of the variables together.
55.	UAT (User Acceptance Testing): Phase of the implementation process during which users rigorously test the functionalities, robustness, accuracy and reliability of a system containing a new model before releasing it into production.
56.	Variable Transformation (written in lower case as “variable transformation”): Step of the modelling process involving a transformation of the model inputs before developing a model. Amongst others, common transformations include (i) relative or absolute differencing between variables, (ii) logarithmic scaling, (iii) relative or absolute time change, (iv) ranking, (v) lagging, and (vi) logistic or probit transformation.
57.	Wholesale Clients (written in lower case as “wholesale clients”): Wholesale clients refer to any client that is not considered as a retail client as per the definition of these Standards.

Introduction

1 Context and Objectives

1.1 Regulatory Context

1.1.1	The Risk Management Regulation (Circular No. 153/2018) issued by the Central Bank of the UAE (“CBUAE”) on 27^th May 2018, states that banks must have robust systems and tools to assess and measure risks. In particular, when models are used, they must be managed appropriately to support decision-making.
	(i)	Article 2.1: “A bank must have an appropriate risk governance framework that provides a bank-wide view of all material risks. This includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report and control or mitigate material sources of risk on a timely basis (…).”
	(ii)	Article 4.1: “A bank must have systems to measure and monitor risks which are commensurate with the risk profile, nature, size and complexity of its business and structure.”
	(iii)	Article 4.3: “Where a Bank uses models to measure components of risks, it must have appropriate internal processes for the development and approval for use of such models and must perform regular and independent validation and testing of the models (…).”
1.1.2	Consequently, the Model Management Standards (“MMS”) present modelling practices that must be implemented by banks in the UAE, if they decide to employ models for decision-making. These standards are based upon practices deemed appropriate within the financial industry internationally with consideration of local circumstances. The MMS therefore represent the minimum requirements to be met within the UAE.

1.2 Objectives

1.2.1	Models are an integral part of decision-making within UAE banks for risk management, business decisions and accounting. Banks employ models to comply with several regulatory and accounting requirements, including, but not limited to: (i) IFRS9 accounting requirements, (ii) capital forecasting, (iii) Pillar II capital assessment, (iv) regulatory stress testing requirements, (v) risk management of capital market activities and (vi) valuation adjustments. In addition, banks employ models to manage their business effectively, for instance with pricing models, portfolio management models and budgeting models.
1.2.2	When using models to support decisions, banks are exposed to potential losses occurring from making decisions based on inappropriate models or the incorrect usage of models. This potential loss and the associated adverse consequences are referred to as Model Risk. Further details are provided in the definition section.
1.2.3	In light of this large and complex landscape, the MMS has three key objectives. The first objective is to ensure that models employed by UAE banks meet quality standards to adequately support decision-making and reduce Model Risk. The second objective is to improve the homogeneity of model management across UAE banks. The third objective is to mitigate the risk of potential underestimation of provisions and capital across UAE banks.

1.3 Document Structure

1.3.1	The MMS are accompanied by the Model Management Guidance (“MMG”), which expands on technical aspects by model type. Both the MMS and MMG should be read jointly as they constitute a consistent set of requirements and guidance, as follows:
	(i)	Part I of the MMS outlines general standards applicable to all models. They represent the key components of the Model Management Standards.
	(ii)	Part II of the MMS outlines specific requirements for the application of the standards. Both Part I and Part II constitute the minimum requirements to be met by a model and its management process so that the model can be used effectively for decision-making.
	(iii)	The MMG expands on technical aspects that are expected to be implemented by UAE banks for certain types of models. Given the wide range of models and the complexity of some models, the CBUAE recognises that alternative approaches can be envisaged on specific technical points. However, deviations from the MMG should be clearly justified and will be subject to CBUAE supervisory review.
1.3.2	The MMS is constructed in such a way that all points are mentioned sequentially and each point is a unique reference across the entire MMS. Throughout the document, the requirements associated with ‘must’ are mandatory, while those associated with ‘should’ are strongly recommended as they are regarded as robust modelling practice. The articles of the MMG are all articulated with ‘should’.
1.3.3	Both the MMS and the MMG contain an appendix summarising the main numerical limits included throughout each document, respectively. The summary is expected to ease the implementation and monitoring of these limits by institutions and the CBUAE.

2 Implementation

2.1 Scope of Application

2.1.1	The MMS and the MMG apply to all licensed banks in the UAE, which are referred to herein as “institutions”. This scope covers Islamic institutions.
2.1.2	All institutions must ensure that their models meet minimum quality standards. Simple models must not be confused with poorly designed models. Poorly designed models can be misleading and interfere with sound decision-making. Consequently, the MMS and the MMG apply to all institutions irrespective of their size or sophistication. Small and/or unsophisticated institutions can employ simple models that are properly designed.
2.1.3	At a minimum, UAE branches or subsidiaries of foreign institutions must apply the MMS and the MMG. Where certain elements of the requirements of the parent company’s regulator are more stringent, then these requirements should be implemented. The degree of conservatism must be assessed for each model individually and the associated calibration. The compliance of the UAE branch or subsidiary with the MMS / MSG may require the operational support of their parent company.
2.1.4	An institution that is a parent company incorporated in the UAE must ensure that all its branches and subsidiaries, that are also institutions, comply with the MMS and the MMG.

2.2 Requirements and Implementation Timeframe

2.2.1	The MMS and the MMG will be effective one day after their publication date.
2.2.2	All institutions are expected to identify gaps between their practice and the MMS and MMG and, if necessary, establish a remediation plan to reach compliance. The outcome of this self-assessment and the plan to meet the requirements of the MMS and the MMG must be submitted to the CBUAE no later than six (6) months from the effective date of the MMS.
2.2.3	Institutions must work towards compliance in a proactive manner. They must demonstrate continuous improvements towards meeting these requirements within a reasonable timeframe. This timeframe will be approved by the CBUAE following a review of the self-assessments. The CBUAE will take a proportionate view in its assessment of the proposed time to reach compliance, taking into consideration the size and complexity of each institution. The remediation plan and the associated timing must be detailed, transparent, and justified. The plan must address each gap at a suitable level of granularity.
2.2.4	Institutions, which repeatedly fall short of the requirements and/or do not demonstrate continuous improvement, will face greater scrutiny and could be subject to formal enforcement action by the CBUAE. In particular, continuously structurally deficient models must be replaced and must not be used for decision-making and reporting.
2.2.5	The path to remediation may involve reducing the number and/or complexity of models in order to improve the quality of the remaining models. Subsequently, and subject to remediation needs, the institution could increase the number of models and/or their complexity while maintaining their quality.
2.2.6	Institutions must achieve and maintain full compliance with respect to the general principles described in Part I and Part II of the MMS. For the MMG, whilst alternative approaches can be considered, the focus is on the rationale and the thought process behind modelling choices. Institutions must avoid material inconsistencies, cherry-picking, reverse-engineering and positive bias, i.e. modelling approaches that deliberately favour a desired outcome. Evidence of an institution defying the general principles in this way will warrant a supervisory response ranging from in-depth scrutiny to formal enforcement action.
2.2.7	For statistical models in particular, institutions must focus on the suitability of their calibration, whether these models are relying on internal data or external data. Lack of data will not be an acceptable reason for material models to fall short of these requirements. Instead, institutions must implement temporary solutions to mitigate Model Risk until models based on more robust data sets are implemented. Institutions must avoid excessive and unreasonable generalisations to compensate for lack of data.

2.3 Reporting to the CBUAE

2.3.1	Once a plan to reach full compliance is decided and approved, institutions must report their remediation progress to the CBUAE at regular intervals, as agreed upon with the CBUAE. The CBUAE expects continued and iterative dialogue on this matter during the implementation of the plan and thereafter as modelling requirements evolve.
2.3.2	From the effective date of the MMS, institutions must comply with all CBUAE reporting requirements related to model management. The nature, depth and scope of this reporting may evolve with modelling techniques and economic conditions.

2.4 Scope of Models

2.4.1	The MMS applies to all types of models employed by institutions to support decision-making. Therefore it covers, amongst others, risk models, pricing models and valuation models. The scope of the MMS includes, at a minimum, the non-exhaustive list in Table 1 below, that represents the most commonly employed model types in UAE institutions.
Table 1: List of most commonly employed model types in UAE institutions

Field	Model Type	Field	Model Type
Credit risk	Rating and scorecard models	Stress Testing (ST)	Credit risk ST
	Score-to-PD models		Market risk ST
	LGD models		Counterparty risk ST
Provision computation for credit ris	PIT PD term structure models		Liquidity risk ST
	PIT LGD models		Other types of ST models
	PIT EAD models	Operational risk	Ops risk scorecards
	ECL models	Operational risk	Ops risk capital models
	Macro models	Pricing and finance	Derivative pricing models
Market risk	VaR and related models		Bond pricing models
Market risk	Valuation models		RAROC models
Counterparty risk	Exposure models		NPV models
Counterparty risk	xVA models	Asset and Liability Management	EVE models
Capital management	Capital forecasting models		EAR and NII models
	Concentration models		Liquidity risk models
	Funding cost models	Business management	Artificial Intelligence
	Economic capital models		Budgeting, forecasting
AML	Fraud alert and other models		Marketing models

Part I – General Standards

The MMS is constructed in such a way that the numbering of each article is sequential and each article is a unique reference across the entire MMS. Therefore the numbering continues from the previous Part.

3 General Standards

This Part outlines the general principles of the MMS, that is, the key components of the Standards. Part I must be read in conjunction with Part II, which explains how these principles must be applied. Both Part I and Part II must be regarded as minimum requirements. The key components of model management are as follows: (i) model governance, (ii) data management, (iii) model development, (iv) model implementation, (v) model usage, (vi) performance monitoring and (vii) independent validation. The timeframes and minimum frequencies of model review are addressed in Part II.

3.1 Model Governance

3.1.1	Model governance must reinforce the continuous improvement of modelling practices in order for institutions to comply with the requirements of the MMS. Institutions must establish a clear plan to comply.
3.1.2	Institutions must define a comprehensive model management framework to ensure that models are used effectively for decision-making and that Model Risk is appropriately understood and mitigated. The scope of the model governance must cover all models used to make decisions within the institution.
3.1.3	Model Risk must be incorporated in institutions’ risk framework alongside other key risks faced by institutions, as inherent consequences of conducting their activities. Consequently, Model Risk must be managed through a formal process incorporating the institution’s appetite for model uncertainty. The framework must be designed to identify, measure, monitor, report and mitigate this risk. A large appetite for Model Risk should be mitigated by counter-measures such as conservative buffers on model results, additional provisions and/or potentially a Pillar II capital add-on.
3.1.4	The model management framework must be structured around key components to be effective. First, the responsibilities of the stakeholders must be clearly defined with a transparent process for modelling decisions, oversight, escalation and for managing relationships with third parties. Second, a limit framework must be established to control and mitigate Model Risk. Third, the nature, objective and priorities of the modelling tasks must be defined. Fourth, appropriate systems, tools and data must be established to support model management. Fifth, the framework must include a granular reporting process to support pro-active management of Model Risk.
3.1.5	Institutions must manage each model according to a defined life-cycle composed of specific steps, from model design to re-development. The roles and responsibilities of stakeholders must be defined for each step of the life cycle. To facilitate model management and prioritisation, models must be grouped according to their associated Model Risk, or at least based on their associated materiality, as defined in the MMS.
3.1.6	Institutions must establish a Model Oversight Committee which must be accountable for all significant modelling decisions related to each step of the model life-cycle. The committee must ensure that these decisions are transparent, justified and documented. The committee’s main objective is to optimise the ability of models to support decision-making throughout the institution, covering all model types. The Model Oversight Committee is accountable to Senior Management and to the Board, who must ensure that the Model Oversight Committee manages Model Risk appropriately and meets the requirements articulated in the MMS.
3.1.7	The Chief Risk Officer (“CRO”) must ensure that the design and usage of models is appropriate to support decision-making throughout the institution, in order to minimise Model Risk. Therefore, the scope of the CRO’s responsibility in this matter must cover the whole institution and must not be limited to the risk function. The CRO must ensure that Model Risk is fully managed with suitable identification, measurement, monitoring, reporting and mitigation.
3.1.8	In accordance with Article 2.2 of the Risk Management Regulation 153/2018, the Board bears the responsibility for the suitability of the risk management framework. In addition, Article 4.3 states that the Board is ultimately accountable for the appropriate usage and management of models, whether the approval for the use of models is provided directly by the Board or through authorities delegated to Senior Management. Consequently:
	(i)	The Board bears the responsibility of all modelling decisions with material implications for the institution and it must define the appetite of the institution for Model Risk. Consequently, the Model Oversight Committee must refer decisions with material consequences to the Board (or the Board Risk Committee). If a Board decision is not deemed necessary, the Board (or the Board Risk Committee) must nonetheless be informed of key decisions taken by the Model Oversight Committee, with appropriate rationale.
	(ii)	To support the appropriate management of models, the Board must ensure that institutions have a sufficient number of internal employees with robust technical expertise. The Board must also ensure that Senior Management possess an adequate level of technical knowledge to form a judgement on the suitability of material modelling decisions.
3.1.9	The internal audit function is also a stakeholder in model governance. It must assess the regulatory compliance and the overall effectiveness of the model management framework as part of its regular auditing process. For this purpose, the internal audit function must be familiar with the requirements articulated in the MMS and review the model management framework against these requirements. The internal audit function must not be involved in the validation of specific models.
3.1.10	Institutions can use third parties to support the design, implementation and management of models. However, institutions must take responsibility for all modelling decisions, model outputs and related financial consequences, even if third parties are involved.
3.1.11	To achieve and maintain the quality of models, institutions must ensure that a sufficient number of internal technical resources are hired, trained and retained. Each institutions’ designated human resource function is responsible for supporting this requirement, operationally and strategically.
3.1.12	One of the key elements to manage Model Risk is a robust process for model review and challenge. Such review must be independent to be effective. Consequently, institutions must clearly define the roles and responsibilities of the development and the validation teams to ensure this independence. The validation team must communicate its findings to Senior Management and the Board on a yearly basis. The management and reporting of Model Risk must also be independent from the development teams.
3.1.13	Dedicated and consistent documentation must be produced for each step of the model life-cycle. Institutions must therefore develop model documentation standards. The documentation must be sufficiently comprehensive to ensure that any independent party has all the necessary information to assess the suitability of the modelling decisions.
3.1.14	The management of models must be supported by a comprehensive reporting framework reviewed and analysed at several levels of the organisation, from the development and validation teams, up to the Board. This reporting must be designed to support the management of Model Risk, covering the identification, measurement, monitoring and mitigation of this risk. Reporting must be clear, comprehensive, specific and actionable.

3.2 Data Management

3.2.1	Accurate and representative historical data is the backbone of financial models. Institutions must implement a rigorous and formal data management framework (“DMF”) to support the development and validation of accurate models.
3.2.2	The management of data sets used for modelling should not be confused with the management of data used for the production of regular risk analysis and reporting. While these two data sets may overlap, they are governed by two different processes and priorities. The construction of data for modelling focuses on consistency through long time periods, while risk analysis and reporting relies more on point-in-time data. In addition, numerous data points needed for modelling are often not included in the scope of reporting.
3.2.3	The DMF must be constructed to fully support each step of the model life-cycle process. The DMF must not be the responsibility of the model development or validation teams. The DMF must be organised by a separate dedicated function / team within the institution, with its dedicated set of policies and procedures.
3.2.4	The DMF must be comprehensive to adequately support the scope of models employed by the institution. It must be coherent with the breadth and depth of models used in production. In particular, sophisticated models with numerous parameters and complex calibration requirements must be supported by an equally sophisticated DMF.
3.2.5	At a minimum, the DMF must include the following components: (i) systematic identification of sources, (ii) regular and frequent collection, (iii) rigorous data quality review and control, (iv) secure storage and controlled access and (v) robust system infrastructure.
3.2.6	The data quality review is a key component of the DMF. It must incorporate standard checks to assess the data completeness, accuracy, timeliness, uniqueness and traceability.

3.3 Model Development

3.3.1	The development process must support the construction of the most appropriate models in order to meet the objectives assigned to these models.
3.3.2	The development process must be structured with sequential logical steps that take into consideration multiple factors, including but not limited to, the business and economic context, the data available, the development techniques, the implementation options and the future usage. Consequently, institutions are expected to employ judgement and critical thinking in the execution of this process, rather than run it in a mechanistic fashion.
3.3.3	Model development requires human judgement at each step of the process to ensure that the assumptions, design and data meet the objective of the model. Judgement is also required to ensure that development methodology is adequate, given the data available. Therefore, institutions must identify where judgment is needed in the development process. Suitable governance must be implemented to support a balanced and controlled usage of human judgement.
3.3.4	Each of these components must be regarded as an essential part to complete the whole process because each step involves key modelling decisions that can materially impact the model outcome and the financial decisions that follow. The process must be iterative. This means that if one step is not satisfactory, some prior steps must be repeated.
3.3.5	The development process must incorporate a degree of conservatism to mitigate Model Risk. Any material degree of uncertainty associated with the development steps, in particular related to data, must be compensated by conservative choices. For instance, conservatism can be reflected during the model selection process or by the usage of buffers at any point during the development process. However, conservatism should not be employed to hide defects and deprioritise remediation. When conservatism is applied, institutions must justify the reasons for it, identify the uncertainty being addressed and define the conditions for model improvement.
3.3.6	The choice of methodology for model development must be the result of a concerted structured process. This choice should be made upon comparing several options derived from common industry practice and/or relevant academic literature. Methodologies must be consistent across the organisation, transparent and manageable.
3.3.7	Institutions must pay particular attention to the model selection process for all types of models. When several models are available, institutions must put in place a documented process to select a model amongst several available options.
3.3.8	The pre-implementation validation must be considered an integral part of the development process. This step must ensure that the model is consistent, fit for purpose and generates results that can be explained and support decision-making appropriately. The depth of the pre-implementation validation should be defined based on model materiality.

3.4 Model Implementation

3.4.1	Institutions must consider model implementation as a separate phase of the model life-cycle process, with its own set of principles.
3.4.2	The implementation of a model must be treated as a project with clear governance, planning, funding and timing. It must include comprehensive user acceptance testing with record keeping and associated documentation. Upon request, these records shall be made available to the CBUAE, other regulators and auditors to assess whether a particular model has been implemented successfully.
3.4.3	The system infrastructure supporting the ongoing usage of models must be carefully designed and assessed before the model implementation phase, to adequately address the needs of model usage. It must cope with the demand of the model sophistication and the volume of regular production.
3.4.4	After the model implementation, institutions must regularly assess the suitability of their system infrastructure for their current and future usage of models. This assessment must be made in light of (i) evolving model design and methodologies, (ii) rapid technology developments and (iii) growing volume of transactions to be processed.
3.4.5	Institutions should avoid spreadsheets for the implementation of large and complex models. Where this is unavoidable, and preferably on a temporary basis, institutions must implement rules and rigorous validation to mitigate the risks posed by spreadsheet tools which are highly susceptible to operational errors. Institutions must implement internal policies and guidelines for the development of spreadsheet tools used in production.

3.5 Model Usage

3.5.1	The conditions for using models must be defined, monitored and managed. Model usage must be treated as an integral part of model management because the appropriate usage of a model is independent from the quality of such model.
3.5.2	Institutions must develop policies to manage model usage. At a minimum, the following must be included: (i) the definition of the expected usage, (ii) the process to control this usage, (iii) the governance surrounding the override of model inputs and outputs, and (iv) the management of user feedback.
3.5.3	Institutions must pay particular attention to circumstances under which model results are overridden. They must establish a clear, approved and controlled policy to govern overrides. This requirement is applicable to all models.

3.6 Model Performance Monitoring

3.6.1	Institutions must implement a process to and monitor the performance of their models on a regular basis, as part of their model life-cycle management. The monitoring frequency must depend on model types. The required minimum frequencies are set in Part II of the MMS.
3.6.2	Prior to engaging in performance monitoring, institutions must ensure that models are used appropriately. This means that the analysis of model usage must have been completed successfully.
3.6.3	The objective of performance monitoring is to assess whether exogenous changes in the economic and business environment have impacted the assumptions of the model and therefore its performance. The monitoring process must be organised with specific responsibilities, monitoring metrics, limits associated with these metrics and required reporting for each model and/or model type. The process must incorporate a clear decision-making and escalation mechanism.
3.6.4	The responsibility for the execution of model monitoring must be clearly defined. This can be assigned to the development team, the validation team or any independent third party. If model monitoring is not performed by the validation team, then the validation team must review the quality and relevance of the monitoring reports during the validation cycle. Monitoring reports must be presented to the Model Oversight Committee on a regular basis, at least every quarter.
3.6.5	Metrics and limits must be designed to appropriately track the performance of each model based on its specific characteristics and its implementation.
3.6.6	Monitoring reports must be comprehensive, transparent and contain explanations regarding the nature of metrics, their acceptable range and respective interpretation. These reports must be designed in such way that non-technical readers can understand the implications of the observations. Each monitoring report must contain an explicit conclusion on the model performance. The report should also include suggestions for defect remediation, when deemed appropriate.
3.6.7	Upon the production of monitoring reports, a clear process must be followed to decide whether to either continue using a model (with further monitoring) or suspend it and work on remediation. This decision must be made by the Model Oversight Committee.
3.6.8	The monitoring process is a key preceding step towards the validation process. The results of the monitoring process must be used as inputs to the validation process (when available), if the monitoring reports are deemed of sufficient quality and relevance by the validator.

3.7 Independent Validation

3.7.1	The independent validation must be established as a key step of the model lifecycle management and is the basis upon which Model Risk can be assessed and managed. Institutions must implement a process to validate independently all their models on a regular basis based on model types, as part of their model life-cycle management. Minimum frequencies are mentioned in Part II of the MMS.
3.7.2	In the context of model management, the model owner acts as the first line of defence, the independent validator acts as a the second line of defence and the internal audit function acts as the third line of defence.
3.7.3	The validation process must be organised with specific responsibilities, metrics, limits and reporting requirements for each model type. The validation process must be constructed to ensure an effective identification and remediation of model defects to manage Model Risk appropriately. This is referred to as the Effective Challenge principle.
3.7.4	Model validation can be performed either by an internal independent team or by a third party. In all cases, the validation process must remain independent from the development process. If model validation is assigned to a third party, institutions remain the owners of validation reports and remain responsible for taking appropriate actions upon the issuance of these reports. If the institution has an internal validation team and also uses third party validators, the internal validation team must maintain oversight of all validation exercises conducted by third parties. If the institution does not have an internal validation team, all validation reports produced by third parties should be owned by an appropriate internal control function separate from the model owner.
3.7.5	The validation must be independent by virtue of excluding the development team from involvement in the assessment of the model. The development team may be involved in the validation process once a set of observations has been produced, in particular for the remediation of these observations. Institutions must be able to demonstrate to the Central Bank, the appropriate arm’s length independence of the validator. Consequently, if a third party provides a methodology to develop a model for an institution, any subsequent validation exercise must be performed by a party different from the original provider. Validation teams must not report to the business lines.
3.7.6	The validation team must possess sufficient technical skills and maturity to formally express its opinion without the interference of the development team or from the business lines. The business lines may be consulted during the validation process, but the conclusion of such process must be formed independently from business line interests.
3.7.7	The validation scope must cover both a qualitative validation and a quantitative validation. A qualitative validation alone is not sufficient to be considered as a complete validation. If insufficient data is available to perform the quantitative validation of a model, the validation process must be flagged as incomplete and the institution must recognise and account for the uncertainty and thus the Model Risk related to such model.
3.7.8	A validation exercise must result in a full articulated judgement regarding the suitability of the model to support decision-making. The analyses and tests performed during the validation of a model must be rigorously documented in a validation report, such that (i) management is able to form a view on the performance of the model, and (ii) an independent party is able to repeat the process on the basis of the report.
3.7.9	Institutions must put in place an effective process to manage and remedy findings arising from validation exercises. Observations and findings across all models must be documented, recorded, tracked and reported to Senior Management and the Board at least once a year. Findings must be classified into groups based on their associated severity, in order to drive the prioritisation of remediation.
3.7.10	Institutions must ensure that model defects are understood and remedied within an appropriate time-frame. They must implement an effective process to prioritise and address model defects based on their materiality and/or associated Model Risk. High severity findings must be remedied promptly. If necessary, such remediation may rely on temporary adjustments and/or manual override. Such adjustments and overrides must not become regular practice, in that they must have an expiry horizon and must be coupled with a plan to implement more robust remediation. Further requirements and minimum remediation timings are mentioned in Part II.
3.7.11	Models employed by institutions must be fit for purpose to support decision-making. Therefore, institutions must aim to resolve all model defects associated with high and medium severity and aim to minimise the number of defects with low severity. If an institution decides not to address some model defects, it must identify, assess and report the associated Model Risk to Senior Management and the Board. Such decision may result in additional provisions and/or capital buffers and will be subject to review by the CBUAE.
3.7.12	The internal audit function is responsible for verifying that the model validation process is performed appropriately and meets the MMS requirements. This review must be planned as part of regular audit cycles. The audit team must comment on the degree of independence of the internal validation process. For technical matters, the audit team may decide to be assisted by third party experts. Where third party assistance is utilised, the internal audit function remains the sole owner of the conclusions of the audit report.

Part II – Application of the Standards

4 Model Governance

4.1 Overview

4.1.1	Institutions must develop and maintain policies and procedures that support their model management framework. In addition, they must regularly ensure that these policies and procedures are correctly implemented.
4.1.2	In addition to the elements mentioned in Part I, institutions must include the following components in their model governance framework, at a minimum: (i) the definition of model objectives, (ii) steps of model life-cycle, (iii) model inventory, (iv) model ownership, (v) identification of key stakeholders involved in decision-making, (vi) relations with third parties, (vii) adequacy of internal skills, (viii) comprehensive model documentation, and (ix) reporting.

4.2 Model Objectives and Strategy

4.2.1	Institutions must assign a clearly defined objective to each model and include it in the model development documentation.
4.2.2	If stakeholders disagree on the objective of a model, the model must remain under development or be removed from production until the disagreement is resolved.
4.2.3	Institutions must have a defined strategy to meet the objectives of their models. Institutions must distinguish between short term tactical solutions from longer term solutions. Such strategies must be documented and approved by the stakeholders involved in model management, including Senior Management and the Board.
4.2.4	The modelling strategy must clearly articulate the potential contribution of third party consultants to the development, management and validation of models. The outsourcing strategy must be defined and justified, in particular regarding data, systems, calibration and methodology design. If a quantity of portion of modelling work is outsourced, institutions must implement mechanisms to retain controls control over the key elements of modelling.

4.3 Model Life-Cycle

4.3.1	Institutions must manage each model according to a cycle that includes, at a minimum, the following steps.
	(i)	Development,
	(ii)	Pre-implementation validation,
	(iii)	Implementation,
	(iv)	Usage and monitoring,
	(v)	Independent validation, and
	(vi)	Recalibration, redevelopment or retirement, if deemed necessary.
4.3.2	The duration and frequency of each step must be specified in advance for each model and documented accordingly.
4.3.3	Upon independent validation and the response from the development team, the following decisions must be considered by the Model Oversight Committee, which must all be thoroughly justified:
	(i)	Leave the model unchanged,
	(ii)	Use a temporary adjustment while establishing a remediation plan,
	(iii)	Recalibrate the model,
	(iv)	Redevelop or acquire a new model, or
	(v)	Withdraw the model without further redevelopment.

4.4 Model Inventory and Grouping

4.4.1	Institutions must maintain a comprehensive inventory of all their models employed in production to support decision-making. The inventory must cover internal models and models provided by third parties. It must contain sufficient relevant information to support model management and mitigate Model Risk.
4.4.2	The inventory must cover models both currently in use and employed in the past for production (starting from the implementation of this MMS). Institutions must ensure that they can refer and/or roll back to previously employed models, if necessary. Consequently, institutions must have a model archiving mechanism in place supported by appropriate documentation and IT system infrastructure.
4.4.3	Each model must have a unique nomenclature and identification number that must be explicitly mentioned in any related model documentation. A model with a new calibration must carry a different identification number. Any variation of a model requiring a separate validation or approval should be identified as a separate model.
4.4.4	The model inventory must include, for each model, all the references and documents pertaining to each step of the life-cycle. Amongst others: (i) the dates of each step, including past and planned steps, (ii) the internal party responsible for each step, and (iii) previous validation exercises and audit reviews plus any reference to their respective outcome. Third-party consultants must not be considered as responsible for any step but only considered as supporting their execution. Where consultants have been involved, the details of the consultants must be recorded.
4.4.5	Models must be grouped based on their associated Model Risk.
	(i)	At a minimum, institutions must create two groups referred to as Tier 1 and Tier 2 models, with Tier 1 models being more critical than Tier 2 models. If institutions already employ more than two groups, those can be retained for internal purpose. In the context of the MMS and for regulatory purpose, the models deemed less material than Tier 2, must be regarded Tier 2.
	(ii)	Whilst the grouping decisions are left to the discretion of each institution, they will be reviewed by the CBUAE as part of its supervisory duty. At a minimum, IFRS9 models for large portfolios (measured by exposure) and capital forecasting models must be classified as Tier 1.
	(iii)	Institutions may prioritise model management by tier once they have established a clear grouping framework based on Model Risk. In the MMS, in the absence of specific reference to model tiers, the requirements apply to all models irrespective of their materiality, as these requirements must be regarded as fundamental building blocks of model management. Where needed, the MMS explicitly refers to model Tier 1 and Tier 2.

4.5 Model Ownership

4.5.1	The concept of model ownership is fundamental to model management. Institutions must ensure that an internal owner with a sufficient level of seniority is assigned to each model at all times.
4.5.2	The owner of a model is accountable for all modelling decisions and for ensuring that the model goes through all the steps of its life-cycle in a timely fashion. In other words, a model owner is not responsible for executing all the steps; however, a model owner must ensure that the steps are performed.
4.5.3	Risk models involving statistical calibration must be owned by the risk department and must not be owned by the business lines to avoid conflicts of interest. Pricing and valuation models used for commercial decisions can be owned by the business lines. Other financial models with no statistical calibration can be owned by the finance department, at the discretion of each institution.

4.6 Stakeholders and Decision Process

4.6.1	A modelling decision is defined as a deliberate choice that relates to each step of the model life-cycle. In particular, key modelling decisions relate to (i) the model strategy, (ii) the choice of data, (iii) the analysis of data, (iv) the methodology and the development process, (v) the calibration, and (vi) the implementation of models. Such decision have material impacts on model outcomes and have financial implications. Consequently, institutions must implement a clear governance process around these decisions.
4.6.2	All parties involved in making decisions required at any step of the model life-cycle must be identified and recorded in the model documentation. Within an institution, individuals may hold several of these roles (i.e. several responsibilities), with the exception of model validation which must remain independent from the other roles. At a minimum, the following roles must be identified for each model:
	(i)	Model owner,
	(ii)	Model developer,
	(iii)	Model validator,
	(iv)	Model user,
	(v)	Modelling data owner, and
	(vi)	Model Oversight Committee members.
4.6.3	Institutions must establish a Model Oversight Committee, to whom the stakeholders mentioned at 4.6.2 are accountable. This committee must be established separately from existing risk management committees. Its scope must cover all models across the institution, with the view to manage Model Risk in its entirety. The committee must convene regularly and at a minimum every quarter.
4.6.4	The Model Oversight Committee must provide substantiated decisions related to each step of the model life-cycle and in particular, strategic modelling options. Consequently, the committee members must have a minimum level of technical understanding to be able to contribute to those decisions.
4.6.5	The Model Oversight Committee must be accountable to Senior Management and the Board. The committee must provide an impartial view of the best modelling approach for the institution. It must remain independent from actual, potential or perceived interests of business lines. Therefore, the majority of the Committee members must not be from the business lines. If business views and risk management views related to modelling choices are irreconcilable, Senior Management must make a decision, be accountable for it and provide a clear rationale for it. The final decision must be in compliance with the requirements outlined in the MMS.
4.6.6	At a minimum, the Model Oversight Committee must hold the following responsibilities.
	(i)	Design the institution’s appetite for Model Risk to be approved by the Board,
	(ii)	Ensure that Model Risk is managed appropriately across the institution,
	(iii)	Escalate modelling decisions when necessary,
	(iv)	Oversee the objective and strategy of each model,
	(v)	Approve the development of new models,
	(vi)	Request the development of new models when necessary,
	(vii)	Approve material modelling decisions throughout the model life-cycle,
	(viii)	At the end of each cycle, review the validation results and make a choice amongst the options presented in the section 4.3 on model life-cycle.
	Whilst some technical aspects of these responsibilities can be delegated to subcommittees, working groups and/or individuals, the Model Oversight Committee must remain the centralised forum where modelling decisions for the whole institution are discussed, made or proposed for escalation. Material modelling decisions must be ultimately approved by the Board.
4.6.7	Other subject matter experts across the institution and third party experts can contribute to each step of the model life-cycle depending on their field of expertise. They can be involved in model design, development and testing. However, their involvement must be viewed as consultative only.
4.6.8	The CRO is responsible for ensuring that Model Risk is managed appropriately. Consequently, as part of his/her duty, the CRO must ensure that:
	(i)	Model Risk is appropriately identified, understood, estimated, reported and mitigated across the institution.
	(ii)	The governance for model management is efficient and appropriate to the size and complexity of the institution.
	(iii)	The Model Oversight Committee is functioning appropriately and meets the responsibilities outlined in article 4.6.6.
	(iv)	Material modelling decisions are approved by the Board (or the Board Risk Committee). The Board is adequately informed of Model Risk, the status of model management and the performance of models.
	(v)	A suitable escalation process is in place through the institution and up to the Board.
	(vi)	The institution employs adequate resources to meet the demands of model management and, where required, escalate identified gaps to Senior Management and/or the Board.
	(vii)	He/she is fully familiar with the requirements articulated in the MMS.
	(viii)	He/she has sufficient technical understanding to form an opinion about the modelling decisions with material financial implications.
	(ix)	He/she is sufficiently informed of material modelling decisions, in such a way that he/she can articulate a view about the suitability of these decisions.
	(x)	Particular attention is given to the quality, completeness and accuracy of the data used to make decisions based on models.

4.7 Third Party Provider

4.7.1	Institutions must remain the owners of their models at all times, under all circumstances. They must remain accountable for all modelling choices, even in the case of support from a third party consultant for any of the steps in the life-cycle.
4.7.2	If modelling support is provided by a third party, institutions must take the necessary steps to transfer knowledge from that third party to internal employees within a given time frame. This requirement applies to any of the steps of the model life-cycle.
4.7.3	Third party providers may offer a range of modelling contributions covering, amongst others, methodological support, system infrastructure, validation services and ready-made calibrations based on external data. Institutions must take the necessary action to fully understand the contributions provided by third parties. This requirement applies to all models and to all risk types.
4.7.4	In the case of methodological support, whilst institutions must operate within the constraints of the acquired model, they must demonstrate that the method is adequate to their portfolios. If a methodology acquired from a third party is not fully understood by the institution, then it must not be considered fit for purpose. If a third party provides a methodology to an institution, any subsequent validation exercise must be performed by an internal or external party independent from the original provider.
4.7.5	If a third party provides a ready-made calibrated model based on external data, such a solution must be justified, based on the following specific circumstances:
	(i)	For portfolios and metrics for which an institution is not able to collect sufficient internal data, then externally calibrated models are acceptable. For instance, this applies in the case of low default portfolios or small portfolios for which data collection may not lead to statistically representative samples.
	(ii)	For portfolios and metrics for which an institution is in a position to collect internal data, then externally calibrated models must not be used. Externally calibrated models are acceptable, only temporarily over the short term until sufficient data is collected. In this case, immediately after the model implementation, institutions must take the necessary actions to (i) collect historical internal data from internal systems and (ii) collect future internal data in order to develop a model internally.

4.8 Internal Skills

4.8.1	Institutions must ensure that they acquire and retain adequate internal knowledge and core competences about modelling techniques. Full model ownership requires that institutions must have an appropriate number of internal employees with technical skills to understand and own models, even with the contribution of third parties. The contribution of external consultants cannot justify a lack of internal technical employees.
4.8.2	All institutions must ensure that they have a minimum number of technical employees to manage models independently of third parties. The skills of these employees must sufficient to cope with the complexity of the models implemented at the institution. If an institution does not have the required internal skills to manage complex models, these models should be simplified or replaced.
4.8.3	For branches or subsidiaries of foreign institutions, the internal technical expertise may reside at the parent group level, which are responsible for the oversight of the local implementation and/or usage of models. The technical experts from the parent entity must also oversee any third parties employed to deliver models for the local entity. The local branches or subsidiaries must nonetheless have employees with sufficient skills to ensure that models are suitably calibrated to the UAE context and meet the CBUAE requirements in this regard.
4.8.4	Knowledge about a model must not be restricted to a single individual in the organisation. Instead, knowledge must be shared amongst several staff members. This is necessary for the purpose of sound decision-making related to modelling choices and to minimise the impact of staff departure on the smooth continuation of model life-cycle execution.
4.8.5	Institutions are expected to recognise the scarcity of technical staff able to genuinely understand and own models. Therefore, they must put in place development plans and initiatives to retain and manage their technical employees appropriately. The strategic management of technical resources must include full and adequate cooperation of the institutions’ human resources function.

4.9 Model Documentation

4.9.1	Dedicated and consistent documentation must be produced for each step of the model life-cycle. The documentation must be sufficiently comprehensive to ensure that an independent party has all the necessary information to assess the suitability of the modelling decisions. In particular, the documentation must make a clear distinction between theoretical considerations, calibration choices and practical implementation considerations.
4.9.2	All model documentation, model management policies and procedures must be an accurate reflection of the institution’s practice and usage. In other words, institutions must ensure that the model attributes described in a modelling document are actually implemented. Any gaps and partial implementation must be recorded, tracked and reported to Senior Management and the Board by the modelling stakeholders. Institutions must have a remediation plan in place to address each of these gaps within an appropriate timeframe.
4.9.3	Institutions must develop internal standards for model documentation across all model types, with rigorous document control. This requirement is particularly relevant for the development and the validation steps. The documentation must be adapted to the type of model, the business context and the step of the life-cycle. At a minimum, all model development documentation must include the following information:
	(i)	Document control including the model reference, owners, contributors and key dates of each life-cycle step,
	(ii)	Model materiality in relation to the institution’s risk profile,
	(iii)	Overview of the model strategy, structure and expected usage,
	(iv)	Data set description, when applicable,
	(v)	Methodology and modelling choices related to all the key modelling decisions,
	(vi)	Modelling assumptions, weaknesses and limitations,
	(vii)	Expert judgement inputs if any,
	(viii)	Impact analysis of the new modelling decisions, and
	(ix)	Implementation process and timing of the new modelling decisions.

4.10 Performance Reporting

4.10.1	Institutions must implement a comprehensive reporting framework to ensure that Model Risk is analysed and assessed for the purpose of implementing risk mitigating measures.
4.10.2	Reporting must be implemented at several levels of the organisation, including to the Model Oversight Committee, the institution’s Risk Committee and the Board. Reporting must be specific and adapted to the nature of the stakeholders. The status of model management and Model Risk across the entire organisation must be presented to the Model Oversight Committee and the institution’s Risk Committee at a minimum on a quarterly basis, and to the Board or a specialised sub-committee of the Board at least on a yearly basis.
4.10.3	Reporting must be designed to support Model Risk management covering the identification, measurement, monitoring and mitigation of these risks. In particular, reporting must cover (i) the status of the model lifecycle for each model, (ii) the results of model performance assessment, (iii) the risks arising from the uncertainty surrounding certain modelling decisions, and (iv) the status and estimation of Model Risk throughout the organisation.
4.10.4	Institutions must comply with model reporting requirements from the CBUAE, as they evolve through time.

4.11 Mergers, Acquisitions and Disposals

4.11.1	If an institution merges with or acquires another institution, it must re-visit all the elements of the model management framework, as part of the integration process. The modelling framework and all the principles of model life-cycle management must be applied consistently across the newly formed institution. In particular, model ownership must be clearly defined. The newly formed institution must have sufficient resources to fully manage the new scope of models.
4.11.2	The scope of models must be re-visited to assess whether there is a degree of overlap between models. Depending on circumstances, models may need to be recalibrated or redeveloped. Models must be representative of the risk profile of the newly formed institution. In the case of overlap between two similar models, a new single model must be developed based on a larger data sample. This new development must occur promptly after the completion of the merger or the acquisition.
4.11.3	Institutions must pay particular attention to the integration of historical data, and future data collection, subsequent to the merger or the acquisition. This requirement applies to all data fields used as inputs to the existing models and to the future models to be developed, in particular, default rates and recovery information. Historical data time series must be reconstructed to reflect the characteristics and risk profile of the newly formed institution. Upon the implementation of the MMS, this requirement applies retroactively to cover, at a minimum, a full economic cycle in the UAE, and where possible covering the 2008 global financial crisis. Future data collection must be performed for the entire scope of the newly formed institution.
4.11.4	In the case of the disposal of an entity, a subsidiary, a branch and/or a large portfolio, institutions must ensure that the modelling framework and all the principles of model life-cycle management are adjusted to fit the needs of the reduced scope of portfolios, products, obligors and/or exposures.

5 Data Management

5.1 Data Governance

5.1.1	For the avoidance of doubt, the scope under consideration in this section includes the data employed for modelling and validation purposes, not the data employed for regular risk analysis and reporting. This section focuses on the construction of historical data sets for the purpose of modelling.
5.1.2	Accurate and representative historical data is the backbone of financial models. Institutions must implement rigorous and a comprehensive formal data management framework (“DMF”) to ensure the development of accurate models. Institutions must consider DMF as a structured process within the institution, with dedicated policies and procedures, and with the adequate amount of resources and funding. The DMF core principles are as follows:
	(i)	It must be approved by Senior Management and the Board,
	(ii)	It must be thoroughly documented with indication of limitations and assumptions,
	(iii)	Its coverage must include the whole institution and all material risk types, and
	(iv)	It must be independently validated.
5.1.3	The DMF must include, at a minimum, the following steps:
	(i)	Identification of sources,
	(ii)	Regular and frequent collection,
	(iii)	Rigorous data quality review and control,
	(iv)	Secure storage and controlled access, and
	(v)	Robust system infrastructure.
5.1.4	The roles and responsibilities of the parties involved or contributing to the DMF must be defined and documented. Each data set or data type must have an identified owner. The owner is accountable for the timely and effective execution of the DMF steps for its data set or data type. The owner may not be responsible for performing each of the DMF steps, but she/he must remain accountable for ensuring that those are performed by other parties with high quality standards.

5.2 Identification of Data Sources

5.2.1	The DMF must include a process to identify and select relevant data sources within the institution for each type of data and model. If an institution recently merged or acquired another entity, it must carry out the necessary steps to retrieve historical data from these entities.
5.2.2	If internal sources are lacking in data quality or quantity, institutions may rely on external sources. However, if an institution decides to rely on external data for modelling, it must demonstrate that the data is relevant and suitably representative of its risk profile and its business model. External data sources must be subject to an identification and selection process. The DMF governance and quality control also apply to external data employed for modelling.
5.2.3	Once a source has been selected, institutions are expected to retain this source long enough to build consistent time series. Any change of data source for the construction of a given data set must be rigorously documented.

5.3 Data Collection

5.3.1	Each institution must collect data for the estimation of all risks arising from instruments and portfolios where it has material exposures. The data collection must be sufficiently granular to support adequate modelling. This means that data collection must be (i) sufficiently specific to be attributed to risk types and instrument types, and (ii) sufficiently frequent to allow the construction of historical time series.
5.3.2	The data collection process must cover, amongst others, credit risk, market risk (in both the trading and banking books), concentration risk, liquidity risk, operational risk, fraud risk and financial data for capital modelling. A justifiable and appropriate collection frequency must be defined for each risk type.
5.3.3	The data must be organised such that the drivers and dimensions of these risks can be fully analysed. Typical dimensions include obligor size, industries, geographies, ratings, product types, tenor and currency of exposure. For credit risk in particular, the data set must include default events and recovery events by obligor segments on a monthly basis.
5.3.4	The data collection must be documented. The data collection procedure must include clear roles and responsibilities with a maker-checker review process, when appropriate.
5.3.5	Institutions must seek to maximise automated collections and reduce manual interventions. Manual interventions must be avoided as much as possible and rigorously documented to avoid operational errors.
5.3.6	The data collection process must ensure the accuracy of metadata such as units, currencies, and date/time-stamping.

5.4 Data Quality Review

5.4.1	Prior to being used for modelling purposes, the extracted data must go through a cleaning process to ensure that data meets a required quality standard. This process must consider, at a minimum, the following data characteristics:
	(i)	Completeness: values are available, where needed,
	(ii)	Accuracy: values are correct and error-free,
	(iii)	Consistency: several sources across the institution lead to matching data,
	(iv)	Timeliness: values are accurate as of the reporting date,
	(v)	Uniqueness: values are not incorrectly duplicated in the same data set, and
	(vi)	Traceability: the origin of the data can be traced.
5.4.2	Institutions must put in place process to accomplish a comprehensive data quality review. In particular, the quality of data can be improved by, amongst others, replacing missing data points, removing errors, correcting the unit basis (thousands vs. millions, wrong currency, etc.) and reconciling against several sources.
5.4.3	Institutions must put in place tolerance levels and indicators of data quality. These indicators must be mentioned in all model documentation. Data quality reports must be prepared regularly and presented to Senior Management and the Board as part of the DMF governance, with the objective to monitor and continuously improve the quality of data over time. Considering the essential role of data quality in supporting risk management and business decisions, institutions must also consider including data quality measures in their risk appetite framework.

5.5 Data Storage and Access

5.5.1	Once a data set has been reviewed and is deemed fit for usage, it must be stored in a defined and shared location. Final data sets must not be solely stored on the computers of individual employees.
5.5.2	The access to a final data set must be controlled and restricted to avoid unwarranted modifications.
5.5.3	Appropriate measures must be taken to ensure that data is stored securely to mitigate operational risks such as cyber-attacks and physical damage.

5.6 System Infrastructure

5.6.1	Institutions must ensure that an appropriate IT system infrastructure is in place to support all the steps required by the DMF.
5.6.2	The system infrastructure must be sufficiently scalable to support the DMF requirements.
5.6.3	The system infrastructure must be in the form of strategic long-term solutions, not tactical solutions. Spreadsheet solutions must be not considered as acceptable long term solutions for data storage.
5.6.4	Employment of staff with data science knowledge and expertise is encouraged in order to undertake appropriate data management oversight.
5.6.5	Institutions must minimise key person risk related to the management of modelling data. They must ensure that several members of staff have the suitable technical expertise to fully manage data for modelling purposes.

6 Model Development

6.1.1	The development of internal models must follow a documented and structured process with sequential and logical steps, supporting the construction of the most appropriate models to meet the objectives assigned to these models. At a minimum, institutions must consider the following components. More components can be added depending on the type of model. If a component is not addressed, then clear justification must be provided.
	(i)	Data preparation,
	(ii)	Data exploration (for statistical models),
	(iii)	Data transformation,
	(iv)	Sampling (for statistical models),
	(v)	Choice of methodology,
	(vi)	Model construction,
	(vii)	Model selection,
	(viii)	Model calibration (for statistical models),
	(ix)	Pre-implementation validation, and
	(x)	Impact analysis.
6.1.2	This process must be iterative, in that, if one step is not satisfactory, some prior steps must be repeated. For instance, if no model can be successfully constructed, additional data may be needed or another methodology should be explored.
6.1.3	Each of these steps must be fully documented to enable an independent assessment of the modelling choices and their execution. This requirement is essential to support an adequate, independent model validation. Mathematical expressions must be documented rigorously to enable replication if needed.
6.1.4	For the purpose of risk models, a sufficient degree of conservatism must be incorporated in each of the development step to compensate for uncertainties. This is particularly relevant in the choice of data and the choice of methodology.

6.2 Data Preparation and Representativeness

6.2.1	Institutions must demonstrate that the data chosen for modelling is representative of the key attributes of the variables to be modelled. In particular, the time period, product types, obligor segments and geographies must be carefully chosen. The development should not proceed further if the data is deemed not representative of the variable being modelled. The institution should use a conservative buffer instead of a model, until a robust model can be built.
6.2.2	For the purpose of preparation and accurate representation, the data may need to be filtered. For instance, specific obligors, portfolios, products or time periods could be excluded in order to focus on the relevant data. Such filtering must be supported by robust documentation and governance, such that the institution is in a position to measure the impact of data filtering on model outputs. The tools and codes employed to apply filters must be fully transparent and replicable by an independent party.

6.3 Data Exploration

6.3.1	The data exploration phase must be used to confirm whether the data set is suitable for modelling purposes. The objective is to understand the nature and composition of the data set at hand and to identify expected or unusual patterns in the data. In this process, critical thinking and judgement is expected from the modelling team.
6.3.2	Descriptive statistics should be produced across both the dependent and independent variables. For instance, for credit risk modelling, such exploration is relevant to identify whether obligors have homogeneous features per segment and or market risk modelling, such exploration is relevant to assess whether the market liquidity of the underlying product is sufficient to ensure a minimum reliability of the market factor time series.
6.3.3	Institutions must clearly state the outcome of the data exploration step, that is, whether the data is fit for modelling or not. In the latter case, the development process must stop and additional suitable data must be sourced. Consequently, data unavailability must not excuse unreliable and inaccurate model output.
6.3.4	The exploration of data can lead to unusual, counterintuitive or even illogical patterns. Such features should not be immediately accepted as a mere consequence of the data. Instead, the modelling team is expected to analyse further these patterns at a lower level of granularity to understand their origin. Subsequently, either (i) the pattern should be accepted as a matter of fact, or (ii) the data should be adjusted, or (iii) the data set should be replaced. This investigation must be fully documented because it has material consequences on model calibration.

6.4 Data Transformation

6.4.1	Institutions must search for the most appropriate transformation of the dependent and the independent variables, in order to maximise the explanatory power of models. If some variables do not need to be transformed, such conclusion must be clearly stated and justified in the model development documentation.
6.4.2	The choice of variable transformation must neither be random nor coincidental. Transformations must be justified by an economic rationale. Amongst others, common transformations include (i) relative or absolute differencing between variables, (ii) logarithmic scaling, (iii) relative or absolute time change, (iv) ranking and binning, (v) lagging, and (vi) logistic or probit transformation. Quadratic and cubic transformations are possible but should be used with caution, backed by robust economic rationale, and should be used with a clear purpose in mind.

6.5 Sampling

6.5.1	For all types of statistical models, institutions must ensure that samples used for modelling are representative of the target variable to be modelled. Samples must meet minimum statistical properties to be eligible for modelling including, amongst others, a minimum size and a minimum number of data points.
6.5.2	Once a modelling data set has been identified, institutions should use sampling techniques to increase the likelihood of model stability, when possible. The sampling technique must be appropriate to the data set and a justification must be provided. Amongst others, common techniques include dividing data sets into a development sample and a validation sample.

6.6 Choice of Methodology

6.6.1	Each methodology employed for modelling must be based upon a conscious, rigorous and documented choice made under the model governance framework, and guided by the model objective. Methodology options can be suggested by third parties, however, the choice of a specific methodology remains a decision made within each institution. The ownership of a methodology must be assigned to a specific team or function within the institution, with sufficient level of seniority. The choice of methodology must be clearly stated and justified in the model development documentation.
6.6.2	The choice of methodology must be made upon comparing several options derived from common industry practice and/or relevant academic literature. Institutions must explicitly list and document the benefits and limitations of each methodology.
6.6.3	The choice of methodology must follow the following principles, which must be included in the model documentation:
	(i)	Consistency: Methodologies must be consistent and comparable across the institution, across risk metrics and risk types. For instance, two similar portfolios should be subject to similar modelling approaches, unless properly justified.
	(ii)	Transparency: Methodologies must be clear and well-articulated to all stakeholders, including management, internal audit and the CBUAE. Mathematical formulation must be documented with all parameters clearly mentioned.
	(iii)	Manageability: A methodology must be chosen only if all the steps of the model life-cycle can support it. Complex methodologies must be avoided if any step of the model life-cycle cannot be performed. The choice of methodology must be based upon its ability to be implemented and successfully maintained.
6.6.4	When choosing the most suitable methodology, institutions must avoid excessive and unreasonable generalisations to compensate for a lack of data.

6.7 Model Construction

6.7.1	Statistical models:
	(i)	The construction of statistical models must be based upon robust statistical techniques to reach a robust assessment of the coefficients. The statistical techniques should be chosen amongst those commonly employed in the industry for financial modelling and/or those supported by academic scientific literature.
	(ii)	Institutions must demonstrate that they have undertaken best efforts to understand the characteristics of the data and the nature of the relationships between the dependent and independent variables. In particular, institutions should analyse and discuss the observed correlations between variables and expected economic causations between them. Institutions should discuss the possibility of non-linear relationships and second order effects. Upon this set of analysis, a clear conclusion must be drawn in order to choose the best-suited approach for the model at hand. The analyses, reasoning and conclusions must be all documented.
	(iii)	Statistical indicators must be computed and reported in order to support the choice of a model. Thresholds should be explicitly chosen upfront for each statistical indicator. The indicators and associated thresholds should be justified and documented.
	(iv)	The implementation of statistical techniques is expected to lead to several potential candidate models. Consequently, institutions should identify candidates and rank them by their statistical performance as shown by the performance indicators. The pool of candidate models should form part of the modelling documentation. All model parameters must be clearly documented.
6.7.2	Deterministic models:
	(i)	Deterministic models, such as financial forecasting models or valuation models, do not have statistical confidence intervals. Instead, the quality of their construction should be tested through (a) a set of internal consistency and logical checks and (b) comparison of the model outputs against analytically derived values.
	(ii)	Amongst other checks, one form of verification consists of computing the same quantity by different approaches. For instance, cash flows can be computed with a financial model through the direct or the indirect methods, which should both lead to the same results. Institutions must demonstrate and document that they have put in place a set of consistency checks as part of the development process of deterministic models.
	(iii)	Several deterministic models can be constructed based on a different set of assumptions. These models should constitute the pool of candidate models to be considered as part of the selection process.
6.7.3	Expert-based models:
	(i)	Expert-based models, also referred to as ‘judgemental models’, must be managed according to a comprehensive life-cycle as for any other model. The construction of such models must follow a structured process, irrespective of the subjective nature of their inputs. The documentation must be sufficiently comprehensive to enable subsequent independent validations. In particular, the relationship between variables, the model logic and the rationale for modelling choices should all be documented and approved by the Model Oversight Committee.
	(ii)	The collection of subjective inputs must be treated as a formal data collection process. This means that the input data must be part of the DMF, with suitable quality control. Expert-based models provided by third parties must be supported by an appropriate involvement of internal subject matter experts.
	(iii)	Institutions are expected to develop several candidate models based on different assumptions. For all candidates, they should assess the uncertainty of the outputs, which will be a key driver of the model selection.
	(iv)	Institutions must be mindful of the high Model Risk associated with expert-based models. They must be in a position to justify that appropriate actions have been taken to manage such Model Risk. An additional degree of conservatism should be employed for the design, calibration and usage of expert-based models. The usage of such models for material portfolios could result into additional provisions and/or capital upon reviews from the CBAUE.

6.8 Model Selection

6.8.1	For statistical models, institutions must choose a final model amongst a pool of constructed models. Institutions must implement an explicit mechanism to filter out models and select a final model amongst several available options. It is recommended to select a main model and a challenger model up to the pre-implementation validation step. The selection of a model should include, at a minimum, the criteria outlined below. Institutions should consider all criteria together. Statistical performance should not be the only decisive factor to choose a model.
	(i)	The chosen model must demonstrate adequate performance, statistical stability and robustness as shown by the statistical indicators and their thresholds.
	(ii)	The chosen model must be based on appropriate causal relationships, i.e. it should be constructed with variables and relationships that meet economic intuition and make logical business sense, as per the definition section of the MMS. For that purpose, causal diagrams are encouraged.
	(iii)	The chosen model must also lead to outcomes that meet economic intuition, can be explained easily and can support decision-making appropriately.
	(iv)	The chosen model must be implementable.
6.8.2	For deterministic and expert-based models, institutions must choose a final model amongst the pool of constructed models based on various assumptions. Institutions must put in place an explicit mechanism to prioritise certain assumptions and therefore choose a model amongst several candidates. In particular, the selection process should incorporate the following criteria:
	(i)	The relationships between variables should be based on established causal links. The assumptions and limitations of these links should be assessed thoroughly.
	(ii)	The chosen model should lead to outcomes that make meet economic intuition as defined in the MMS, can be explained easily and can support decision-making appropriately.
	(iii)	The chosen model should be implementable.

6.9 Model Calibration

6.9.1	Model calibration is necessary to ensure that models are suitable to support business and risk decisions. Institutions must ensure that model calibration is based on relevant data that represents appropriately the characteristics and the drivers of the portfolio subject to modelling. This also applies to decisions to override or adjust inputs, coefficients and/or variables. Calibration choices must be fully documented and their assessment must also form part of the validation process. Models should be re-calibrated when deemed necessary, based on explicit numerical indicators and pre-established limits.
6.9.2	The choice of calibration requires judgement and must be closely linked to the objective of each model. In particular, the time period employed for calibration must be carefully justified depending on model types. Pricing models should be accurate. Provision models should be accurate with a degree of conservatism and should reflect the current and future economic conditions. Capital models should be conservative and reflect long term trends. Stress testing models should focus on extreme economic conditions.

6.10 Pre-implementation Validation

6.10.1	The pre-implementation validation of a model is the first independent validation that takes place after the model development. The objective of such validation must ensure that the model is fit for purpose, meets economic intuition as defined in the MMS and generates results that are assessed as reasonable by expert judgement. The depth of such validation must be defined based on model materiality and follow the institution’s model management framework. Tier 1 models must be subject to comprehensive pre-implementation validation.
6.10.2	For the qualitative review, the pre-implementation validation must cover the elements presented in Article 10.3 pertaining to the scope of the independent post-implementation validation. For the quantitative review, the pre-implementation validation must assess the model accuracy, stability and sensitivity as explained in Article 10.4.3 also pertaining to the scope of the independent post-implementation validation.
6.10.3	Institutions must document the scope, limitations and assumptions of models as part of the pre-implementation validation.

6.11 Impact Analysis

6.11.1

The objective of the impact analysis is to quantify the impact of using a newly-developed model or a newly-recalibrated model on the production of financial estimates. Where applicable, the impact analysis should be documented as part of the model development phase and reported to the Model Oversight Committee.

7 Model Implementation

7.1.1

Institutions must consider model implementation as a separate phase within the model life-cycle process. The model development phase must take into account the potential constraints of model implementation. However, successful model development does not guarantee a successful implementation. Consequently, the implementation phase must have its own set of documented and approved principles.

7.2 Project Governance

7.2.1	The implementation of a model must be treated as a project with clear governance, planning, funding, resources, reporting and accountabilities.
7.2.2	The implementation of a model must be approved by Senior Management and must only occur after the model development phase is complete and the model is fully approved.
7.2.3	The implementation project must be fully documented and, at a minimum, must include the following components:
	(i)	Implementation scope,
	(ii)	Implementation plan,
	(iii)	Roles and responsibilities of each party,
	(iv)	Roll-back plan, and
	(v)	User Acceptance Testing with test cases.
7.2.4	The roles and responsibilities of the parties involved in the model implementation must be defined and documented. At a minimum, the following parties must be identified: (i) the system owner, (ii) the system users, and (iii) the project manager. All parties must be jointly responsible for the timely and effective implementation.
7.2.5	For model implementation, institutions should produce the following key documents, at a minimum:
	(i)	User specification documentation: this document should specify requirements regarding the system functionalities from the perspective of users.
	(ii)	Functional and technical specification documentation: this document should specify the technological requirements based on the user specifications.
	(iii)	A roll back plan: this document should specify the process by which the implementation can be reversed, if necessary, so that the institution can rely on its previous model.

7.3 Implementation Timing

7.3.1

Institutions must be conscious that models are valid for a limited period of time. Any material delay in implementation diminishes the period during which the model can be used. Newly developed models must be implemented within a reasonable timeframe after the completion of the development phase. This timeframe must be decided upfront and fully documented in the implementation plan.

7.4 System Infrastructure

7.4.1	The IT system infrastructure must be designed to cope with the demand of the model sophistication and the volume of regular production. Institutions must assess that demand during the planning phase. Institutions should be in a position to demonstrate that the technological constraints have been assessed.
7.4.2	The IT system infrastructure should include, at a minimum, three environments: (i) development, (ii) testing, and (iii) production.
7.4.3	Institutions must have a management plan for systems failure. A system that does not comply with the business requirements must be replaced.
7.4.4	In the case of systems provided by a third party, institutions must have a contingency plan to address the risks that may arise if the third party is no longer available to support the institution.
7.4.5	If a system is designed to produce a given set of metrics, then institutions must use that system for the production and reporting of those metrics. If a system is not fit for purpose despite being implemented, institutions must not use a shadow system or a parallel system to produce the metrics that the original system was meant to produce, while maintaining the deficient original system. Instead, institutions must decommission any deficient system and fully replace it by a functioning system.

7.5 User Acceptance Testing

7.5.1	Institutions must ensure that a User Acceptance Testing (“UAT”) phase is performed as part of the system implementation plan. The objective of this phase is to ensure that the models are suitably implemented according to the agreed specifications.
7.5.2	The model implementation team must define a test plan and test cases to assess the full scope of the system functionalities, both from a technical perspective and modelling perspective. The test cases should be constructed with gradually increasing complexity. In particular, the test cases should be designed in order to assess each functionality, first independently and then jointly. The test cases should also capture extreme and erroneous inputs. Partial model replication must be used as much as possible.
7.5.3	There must be at least two (2) rounds of UAT to guarantee the correct implementation of the model. Generally, the first round is used to identify issues, while the second round is used to verify that the issues have been remediated.
7.5.4	The UAT test cases and results must be fully documented as part of the model implementation documentation. The test case inputs, results and computation replications must be stored and must be available for as long as the model is used in production.
7.5.5	Institutions must ensure that UAT tests and results are recorded and can be presented to the CBUAE, other regulators and/or auditors to assess whether a model has been implemented successfully. In particular, all rounds of UAT test cases and results must be available upon request from the CBUAE, as long as a model is used in production.
7.5.6	The UAT must be considered successful only upon the sign-off from all identified stakeholders on the UAT results. The UAT plan and results must be approved by the Model Oversight Committee.
7.5.7	Institutions must ensure that the model being implemented remains unchanged during the testing phase.

7.6 Production Testing

7.6.1	Institutions must ensure that a production testing phase is performed as part of the system implementation plan. The objective of this phase is to guarantee the robustness of the system from a technology perspective according to the functional and technical specification documentation.
7.6.2	In particular, the production testing phase must ensure that systems can cope with the volume of data in production and can run within an appropriate execution time.

7.7 Spreadsheet Implementation

7.7.1	It is not recommended that institutions use spreadsheet tools for the usage of material models and the production of metrics used for regular decision-making. More robust systems are preferred. Nevertheless, if spreadsheets are the only possible modelling environment available initially, the standards in 7.7.2 must apply, at a minimum.
7.7.2	Spreadsheet implementation should follow a quality standard as follows:
	(i)	The spreadsheet should be constructed with a logical flow,
	(ii)	Formulae should be easily traceable,
	(iii)	Formulae should be short and constructed in a way that they are easily interpreted. It is recommended to split long formula into separate components,
	(iv)	Tables should include titles, units and comments,
	(v)	Inputs should not be scattered across the sheets but they should be grouped in one worksheet/table,
	(vi)	Hardcoded entries (i.e. fixed inputs) should be clearly identified,
	(vii)	Tabs should be clean, i.e. when the implementation is completed, all work in progress should be removed,
	(viii)	Instructions should be included in one or several tabs, and
	(ix)	Wherever suitable, cells should be locked and worksheets protected, preferably by password.
7.7.3	Models implemented in spreadsheets that deviate from the above criteria must not be employed for regular production.
7.7.4	To ensure their robust implementation, spreadsheet tools must include consistency checks. Common consistency checks include: (i) computing the same results through different methods, (ii) ensuring that a specific set of inputs leads to the correct expected output values, and (iii) ensuring that the sensitivities of outputs to changes in inputs are matching expected values.
7.7.5	If an institution employ spreadsheets for regular production, a rigorous maker-checker process must be implemented and documented. The review of spreadsheet tools must be included in the scope of the independent validation process. In addition, a clear version control should be implemented.

8 Model Usage
8.1.1
Model usage is an integral part of model management. Model usage must be defined, documented, monitored and managed according to the following principles.

8.2 Usage Definition and Control

8.2.1	As part of the definition of model strategy and objectives, institutions must articulate and document upfront the expected usage of each model. Model usage must cover, at a minimum, the following components:
	(i)	The users identified either as individuals or teams,
	(ii)	The expected frequency of model utilisation,
	(iii)	The specific source and nature of the inputs in the production environment,
	(iv)	The destination of the outputs in terms of IT system and operational processes,
	(v)	The interpretation of the outputs, that is a clear guidance on how the outputs should be used, their meaning and the decisions that they can support,
	(vi)	The limits of the outputs, associated uncertainty and the decisions that can be supported by the model versus those that should be supported, and
	(vii)	The governance of output overrides.
8.2.2	Institutions must produce indicators to actively monitor the realisation of the components in 8.2.1 and compare them against initial expectations. These must be documented and reported as part of the monitoring and validation steps of the model life-cycle.
8.2.3	Any deviation between the real usage of a model and the expected usage of a model must be documented in the monitoring and validation phases and remedied promptly, by reverting to the intended usage of the model.

8.3 Responsibilities

8.3.1	The management of model usage is shared between several parties. The model owner is responsible to define the usage of his/her models. The usage of each model should then be approved by the Model Oversight Committee. If the model owner and model user are different parties, the owner is responsible to provide documentation and training to the user. The model user must therefore follow appropriately the guidance provided by the owner.
8.3.2	The monitoring of model usage can be performed by the model owner, by the validator, or both, depending on the institution’s circumstances. Irrespective of the party performing the monitoring process, the validator must conduct an independent assessment of the appropriate usage of models as part of the validation process. For this purpose, the validator should refer to the monitoring reports, when available.
8.3.3	It may happen that the model owner has limited control over the usage of a model by other parties. In this case, the model owner is responsible to report to the Model Oversight Committee any model misuse or usage without his consent.

8.4 Input and Output Overrides

8.4.1	This section refers to all model types including, but not limited to, rating models. Manual overrides of model inputs and outputs are possible and permitted but within limits. For this purpose, institutions must put in place robust governance to manage these overrides. Such governance must be reviewed by the internal audit function. Institutions must implement limits and controls on the frequency and magnitude of overrides. Models whose input and/or outputs that are frequently and materially overridden must not be considered fit for purpose and must be recalibrated or replaced.
8.4.2	During the execution phase, input and/or output overrides must be documented, justified and approved at the appropriate authority level. When necessary, an opinion from technical subject matter experts should be produced. Overrides used by the business lines must be subject of review by the risk management function before being implemented.
8.4.3	The development and validation teams must analyse and understand the reasons for input and/or output overrides and assess whether they are caused by model weaknesses. Overrides must be tracked and reported to the Model Oversight Committee, Senior Management and the Board as part of the monitoring and validation processes.
8.4.4	If a model has been approved and is deemed suitable for production, its outputs must not be ignored. This also applies when model outputs are not meeting commercial expectations. Model outputs must be considered objectively and independently from actual, potential or perceived business line interests.

8.5 User Feedback

8.5.1	Institutions must have a process in place to ensure that model functionalities are working as expected during ongoing utilisation. The objective is to ensure that models have been designed, calibrated and implemented successfully.
8.5.2	The user feedback must cover the model functionalities, stability and consistency of output against economic and business expectations. The user feedback must be documented and reported as part of the monitoring and validation steps of the model life-cycle. If model users are different from model developers, institutions must have a process in place to collect feedback from the identified model users.

8.6 Usage of Rating Models

8.6.1	Institutions must pay particular attention to the usage of rating models due to their material impacts on financial reporting, provisions, risk decisions and business decisions. Specific policies and procedures must be designed to govern overrides, including the scope of usage, the responsibilities and the conditions of output overrides.
8.6.2	At a minimum, a rating must be assigned to each obligor on a yearly cycle. In the case of exceptional circumstances related to the obligor, the industry or the wider economy, ratings may need to be assigned more frequently.
8.6.3	Consistently with Article 8.6.2, upon the roll-out of a new rating model and/or a newly recalibrated (optimised) rating model, institutions must update client ratings as soon as possible and within a period no longer than twelve (12) months. Further details are provided in the MMG on this matter.

9 Model Performance Monitoring

9.1 Objective

9.1.1	Institutions must implement a process to monitor the performance of their models on a regular basis, as part of their model life-cycle management. The relationship between model performance and usage is asymmetric. A robust model does not guarantee relevant usage. However, an improper usage is likely to impact the model performance. Consequently, institutions must ensure that models are used appropriately prior to engaging in performance monitoring.
9.1.2	The objective of the monitoring process is to assess whether changes in the economic environment, market conditions and/or business environment have impacted the performance, stability, key assumptions and/or reliability of models.
9.1.3	Institutions must implement a documented process with defined responsibilities, metrics, limits and reports in order to assess whether models are fit for purpose, on an ongoing basis. Upon this assessment, there must be a clear decision-making process to either (i) continue monitoring or (ii) escalate for further actions.

9.2 Responsibility

9.2.1	The responsibility for the execution of model monitoring must be clearly defined. Institutions have the flexibility to assign this task to the development team, the validation team or to a third party. If model monitoring is assigned to the development team, the monitoring reports must be included in the scope of review of the independent validation process. If model monitoring is assigned to a third party, institutions remain the owners of monitoring reports and remain responsible to take appropriate actions upon the issuance of these reports. Institutions are expected to fully understand and control the content of monitoring reports produced by third party providers.
9.2.2	Monitoring reports must be presented regularly to the Model Oversight Committee. All reports containing limit breaches of monitoring metrics must be discussed by the committee.
9.2.3	The internal audit function must verify that model monitoring is performed appropriately by the assigned party. In particular, the internal audit function must review the relevance, frequency and usability of the monitoring reports.

9.3 Frequency

9.3.1

Model monitoring must be undertaken on a frequent basis and documented as part of the model life-cycle management. Institutions must demonstrate that the monitoring frequency is appropriate for each model. The minimum frequency is indicated in the Article (10) of the MMS, which covers the independent validation process.

9.4 Metrics and Limits

9.4.1

Institutions must develop metrics and limits to appropriately track model performance. The metrics must be carefully designed to capture the model performance based on its specific characteristics and its implementation. At a minimum, the monitoring metrics must capture the model accuracy and stability as explained in Article 10.4.3 pertaining to the scope of the post-implementation validation. In addition, the monitoring metrics must track the model usage to assess whether the model is used as intended.

9.5 Reporting and Decision-Making

9.5.1	Institutions must implement a regular process to report the results of model monitoring to the Model Oversight Committee, the CRO and to the model users.
9.5.2	Reports must be clear and consistent through time. For each model, monitoring metrics must be included along with their respective limits. Times series of the metrics should be provided in order to appreciate their volatility and/or stability through time and therefore help make a view on the severity of limit breaches. Explanations on the nature and meaning of each metric must be provided, in such a way that the report can be understood by the members of the Model Oversight Committee and by auditors.
9.5.3	Regardless of the party responsible for model monitoring, all reports must be circulated to both the development team and the independent validation team, as soon as they are produced. For some models, monitoring reports can also be shared with the model users.
9.5.4	In each report, explanations on the significance of limit breaches must be provided. Sudden material deterioration of model performance must be discussed promptly between the development team and the validation team. If necessary, such deterioration must be escalated to the Model Oversight Committee and the CRO outside of the scheduled steps of the model life-cycle. The Committee and/or the CRO may decide to suspend the usage of a model or accelerate the model review upon the results of the monitoring process.
9.5.5	Institutions must define the boundaries of model usage. These are the limits and conditions upon which a model is immediately subject to adjustments, increased margins of conservatism, exceptional validation and/or suspension. Specific triggers must be clearly employed to identify abnormalities in model outputs.

10 Independent Validation

10.1 Objective and Scope

10.1.1	The independent validation of models is a key step of their life-cycle management. The objective is to undertake a comprehensive review of models in order to assess whether they are performing as expected and in line with their designed objective. While monitoring and validation are different processes run at different frequencies, the content of the monitoring process forms a subset of the broader scope covered by the validation process. Therefore, when available, the results of the monitoring process must be used as inputs into the validation process.
10.1.2	Institutions must put in place a rigorous process with defined responsibilities, metrics, limits and reporting in order to meet the requirements of independent model validation. Part of the metrics must be common between the monitoring process and the validation process. Independent validation must be applied to all models including statistical models, deterministic models and expert-based models whether they have been developed internally or acquired from a third party provider.
10.1.3	The validation scope must cover both a qualitative validation and a quantitative validation. Both validation approaches complement each other and must not be considered separately. A qualitative validation alone is not sufficient to be considered as a complete validation since it does not constitute an appropriate basis on which modelling decisions can be made. If insufficient data is available to perform the quantitative validation, the validation process should be flagged as incomplete to the Model Oversight Committee, which should then make a decision regarding the usage of the model in light of the uncertainty and the Model Risk associated with such partially validated model.
10.1.4	The scope of the validation must be comprehensive and clearly stated. The scope must include all relevant model features that are necessary to assess whether the model produces reliable outputs to meet its objectives. If a validation is performed by a third party, institutions must ensure that the validation scope is comprehensive. It may happen that an external validator cannot fully assess all relevant aspects of a model for valid reasons. In this case, institutions are responsible to perform the rest of the validation and to ensure that the scope is complete.
10.1.5	A validation exercise must result in an independent judgement with a clear conclusion regarding the suitability of the model. A mere description of the model features and performance does not constitute a validation. Observations must be graded according to an explicit scale including, but not limited to, ‘high severity’, ‘medium severity’ and ‘low severity’. The severity of model findings must reflect the degree of uncertainty surrounding the model outputs, independently of the model materiality, size or scope. As a second step, this degree of uncertainty should be used to estimate Model Risk, since the latter is defined as the combination of model uncertainty and materiality.
10.1.6	In addition to the finding severity, institutions must create internal rating scales to assess the overall performance of each model. This performance rating should be a key input in the decision process in each model step of the model life-cycle.

10.2 Responsibilities

10.2.1	Institutions must put in place a rigorous process to ensure that models are independently validated either by an internal dedicated team or by a third party provider, or both. If model validation is assigned to a third party, institutions remain the owners of validation reports and must take appropriate action upon the issuance of these reports.
10.2.2	In order to ensure its independence and efficiency, the party responsible for model validation (“validator”) must be able to demonstrate all the following characteristics. If the validator does not possess all of those, the validation reports must not be considered independent and/or robust enough and therefore must not be used for decision-making.
	(i)	Advanced understanding of model methodologies and validation techniques, that is sufficiently mature to allow the formulation of independent judgement.
	(ii)	The expertise and freedom to express, hold and defend views that are different from the development team and from management. The ability to present those views to the Model Oversight Committee, Senior Management and the Board.
	(iii)	The ability to perform independent research and articulate alternative proposals.
10.2.3	The internal audit function is responsible to verify that model validation is performed appropriately by the assigned party, following a regular audit cycle. At a minimum, the audit function must cover the following scope:
	(i)	Review the governance surrounding the internal validation process and assess its independence in light of the MMS.
	(ii)	Form a view regarding the suitability of the depth and scope of the work performed by the validation team, also in light of the MMS.
	(iii)	Review the relevance, frequency and effectiveness of the validation process. At a minimum, the auditor must review the list of findings issued by the validator and assess if the timing necessary for remediation is appropriate.
10.2.4	The internal audit function should employ third party experts to assist on technical matters until it can demonstrate that it can perform an adequate review of the model validation process without technical support. If the audit team employs supporting experts, it remains the sole owner of the conclusions of the audit report.

10.3 Qualitative Validation

10.3.1	The independent validation process must include a review of the model conceptual soundness, design and suitability of the development process. The scope of the qualitative validation varies depending on the statistical or deterministic nature of the model. This must include, at a minimum, a review of the following elements:
	(i)	The model governance and decision process,
	(ii)	The model conceptual soundness, purpose and scope,
	(iii)	The methodology including the mathematical construction,
	(iv)	The suitability of the output in terms of economic intuition and business sense as defined in the MMS, and
	(v)	The suitability of the implementation (when the model is implemented)
	In addition, for statistical models:
	(vi)	The choice of variables and their respective transformation,
	(vii)	The suitability of the data in terms of sources, filters and time period, and
	(viii)	The suitability of the sampling techniques, if any.

10.4 Quantitative Validation

10.4.1	The quantitative validation must assess the suitability of the model output with respect to the objective initially assigned to the model. This process must rely on numerical analyses to derive its conclusions. Such validation should include a set of dedicated research to arrive at an independent judgement. Under certain circumstances, partial model replication and/or a challenger model may be necessary to form a judgement.
10.4.2	The set of metrics employed for model validation must at least include those employed for monitoring. As a first step, the validator must make a review of the monitoring reports and their observations. In addition, institutions should employ a broader spectrum of performance metrics to fully assess model performance, since the scope of the validation process is larger than that of monitoring.
10.4.3	The assessment of model performance must cover, at a minimum, the following components, applicable to both statistical and deterministic models:
	(i)	Accuracy and conservatism: The ability of a model to generate predictions that are close to the realised values, observed before and after the model development phase. For models whose results are subject to material uncertainty, the validator should assess if sufficient conservatism included in the model calibration.
	(ii)	Stability and robustness: Whilst there are theoretical differences between stability and robustness, for the purpose of this MMS, this refers to the ability of a model to withstand perturbations, i.e. maintain its accuracy despite variability in its inputs or when the modelling assumptions are not fully satisfied. In particular, this means the ability of a model to generate consistent and comparable results through time.
	(iii)	Controlled sensitivity: This relates to the model construction. Model sensitivity refers to the relationship between a change in the model inputs and the observed change in the model results. The sensitivity of the output to a change in inputs must be logical, fully understood and controlled.
10.4.4	The quantitative validation process should include a review of the suitability, relevance and accuracy of following components.
	For both statistical and deterministic models:
	(i)	The implementation,
	(ii)	The adjustments and scaling factors, if any,
	(iii)	The ‘hard-coded’ rules and mappings,
	(iv)	The extrapolations and interpolations, if any, and
	(v)	The sensitivities to changes in inputs,
	In addition for statistical models only:
	(vi)	The model coefficients,
	(vii)	The statistical accuracy of the outputs,
	(viii)	The raw data as per the DMF requirements, and
	(ix)	The historical time series,
	In addition, for deterministic models only:
	(x)	A decomposition of the model drivers and their associated sensitivity, and
	(xi)	A partial replication, when possible.

10.5 Review Frequency

10.5.1	All models must be validated at regular frequencies appropriate to model types and tiers. The review periods should not be longer than the ones presented in Table 2 below. More frequent reviews can be implemented at the discretion of institutions, depending on model types and complexity. More frequent reviews may also be necessary in the case of unforeseen circumstances, for instance related to changes in model usage and/or changes in the economic environment. Less frequent reviews are possible in certain circumstances, but they should be justified and will be subject to assessment from the CBUAE.
10.5.2	The dates corresponding to the last monitoring and validation exercises must be tracked rigorously, included in the model inventory and reported to the Model Oversight Committee at least every quarter. The internal audit function must ensure that this process is implemented effectively by the model owner and the validator.
	Table 2: Minimum monitoring and validation frequencies for most common models

		Tier 1 models		Tier 2 models
Portfolio	Model Type	Monitoring	Validation	Monitoring	Validation
Wholesale	Rating	1 year	3 years	2 years	5 years
Wholesale	PD term structure	1 year	3 years	2 years	5 years
Wholesale	Macro-PD	1 year	2 years	2 years	3 years
Wholesale	LGD	1 year	3 years	2 years	5 years
Wholesale	Macro-LGD	1 year	2 years	2 years	3 years
Retail	Scorecard	3 months	1 year	6 months	3 years
Retail	PD term structure	1 year	2 years	2 years	3 years
Retail	Macro-PD	1 year	2 years	2 years	3 years
Retail	LGD	1 year	2 years	2 years	3 years
Retail	Macro-LGD	1 year	2 years	2 years	3 years
EAD	EAD	1 month	3 years	2 years	5 years
Trading Book	VaR and related models	3 months	3 years*	6 months	4 years*
Trading Book	Exposure and xVA	1 year	3 years*	6 months	4 years*
Multiple	Valuation	1 year	3 years*	n/a	4 years*
Multiple	Concentration	1 year	3 year**	n/a	n/a
Multiple	IRRBB	1 year	3 year**	n/a	n/a
Multiple	Other Pillar II models	1 year	3 year**	n/a	n/a
Multiple	Capital forecasting	1 year	3 year**	n/a	n/a
Multiple	Liquidity	1 year	3 year**	n/a	n/a

10.5.3	Where [*] is indicated in table 2 above: For pricing and traded risk models such as VaR, exposure and xVA models, a distinction should be made between (i) the model mechanics, (ii) the calibration and (iii) the associated market data. The mechanics should be reviewed at least every 3 to 4 years ; however the suitability of the calibration and the market data should be reviewed more frequently as part of the model monitoring process. In addition to these frequencies, any exceptional market volatility should trigger a revision of all model decisions.
10.5.4	Where [] is indicated in table 2 above: For deterministic models such as capital forecasting, concentration and IRRBB models, a distinction should also be made between (i) the model mechanics and (ii) the input data. Whilst the mechanics (methodology and system) can be assessed every 3 years, the calibration must be reviewed yearly** in order to assess the appropriate usage of the model with a new set of inputs. This yearly frequency is motivated by the strategic usage of such models in the ICAAP.
10.5.5	For models other than those mentioned in table 2 above, institutions must establish a schedule for monitoring and validation that is coherent with their nature and their associated Model Risk.

10.6 Reporting of Findings

10.6.1	The analyses and tests performed during the validation of a model must be rigorously documented in a validation report. Validation reports must be practical, action orientated, focused on findings and avoid unnecessary theoretical digressions. A validation report should include, at a minimum, the following components:
	(i)	The model reference number, nomenclature, materiality and classification,
	(ii)	The implementation date, the monitoring dates and the last validation date, if any,
	(iii)	A clear list of findings with their associated severity,
	(iv)	Suggestions for remediation, when appropriate,
	(v)	The value of each performance indicator with its associated limit,
	(vi)	The results of the qualitative review as explained above,
	(vii)	The results of the quantitative review as explained above,
	(viii)	The model risk rating, and
	(ix)	A conclusion regarding the overall performance.
10.6.2	The model validation report must refer to the steps of the model life-cycle. Its conclusion should be one of the following possible outcomes, as mentioned in the model governance section:
	(i)	Leave the model unchanged,
	(ii)	Use a temporary adjustment while establishing a remediation plan,
	(iii)	Recalibrate the model,
	(iv)	Redevelop a new model, or
	(v)	Withdraw the model without further redevelopment.

10.7 Remediation Process

10.7.1	Institutions must put in place effective processes to manage observations and findings arising from independent validation exercises. The remediation process must be structured and fully documented in the institution’s policy. The findings need to be clearly recorded and communicated to all model stakeholders including, at least, the development team, the members of the Model Oversight Committee and Senior Management. The members of the committee must agree on a plan to translate the findings into actionable items which must be addressed in a timely fashion.
10.7.2	If an institution decides not to address some model defects, it must identify, assess and report the associated Model Risk. It must also consider retiring and/or replacing the model or implement some other remediation plan. Such decision may result in additional provisions and/or capital buffers and will be subject to review by the CBUAE.
10.7.3	Upon completion, the validation report must be discussed between the validator and the development team, with the objective to reach a common understanding of the model weaknesses and their associated remediation. Both parties are expected to reach a conclusion on the validation exercise, its outcomes and its remediation plan. The following must be considered:
	(i)	The views expressed by both parties must be technical, substantiated and documented. The development team and/or the model owner should provide a response to all the observations and findings raised by the validator.
	(ii)	The views expressed by both parties must aim towards a practical resolution, with the right balance between theoretical requirements vs. practical constraints.
	(iii)	The resolution of modelling defects must be based on minimising the estimated Model Risk implicit in each remediation option.
	(iv)	Outstanding divergent views between both parties should be resolved by the Model Oversight Committee.
10.7.4	For each finding raised by the validator, the following must be submitted to the Model Oversight Committee for consideration: (i) substantiated evidence from the validator, (ii) the opinion of the development team, (iii) a suggested remediation, if deemed necessary, and (iv) a remediation date, if applicable. The Model Oversight Committee must decide to proceed with one of the options listed in the Article 10.6.2 above. When making a choice amongst the various options, the Committee must consider their respective Model Risk and associated financial implications.
10.7.5	The validator must keep track of the findings and remediating actions and report them to the Model Oversight Committee and Senior Management on a quarterly basis, and to the Board (or to a specialised body of the Board) on a yearly basis. Such status reports must cover all models and present the outstanding Model Risk. The reports must be reviewed by the internal audit function as part of their audit review. Particular attention should be given to repeated findings from one validation to the next.
10.7.6	If the institution does not have an internal validation team, then reporting of model findings and remediation can be performed by another function within the institution. However, the internal audit function must regularly review the reporting process to ensure that such reporting is an accurate representation of the status of model performance.
10.7.7	Institutions must aim to resolve model findings promptly in order to mitigate Model Risk. For that purpose, institutions must develop a process to manage defect remediation effectively. This process must include the following principles:
	(i)	High severity findings must be addressed immediately with tactical solutions, irrespective of the model Tier. Such solutions can take the form of temporary adjustment, overlay and/or scaling in order to reduce the risk of inaccurate model outputs and introduce a degree of conservatism. Tactical solutions must not become permanent, must be associated with an expiration date and must cease after the implementation of permanent remediation.
	(ii)	Institutions must establish maximum remediation periods per finding severity, per model Tier and per model type. The remediation period must start from the date at which the Model Oversight Committee reaches an agreement on the nature and severity of the finding. For findings requiring urgent attention, an accelerated approval process must be put in place to start remediation work.
	(iii)	Tactical solutions must only be temporary in nature and institutions should aim to fully resolve high severity findings within six (6) months. At a maximum, high severity findings must be resolved no later than twelve (12) months after their identification. High severity findings, not resolved within 6 months must be reported to the Board and to the CBUAE.
	(iv)	When establishing maximum remediation periods, institutions must take into account model types in order to mitigate Model Risk appropriately. For instance, defects related to market risk / pricing models should be remedied within weeks, while defect remediation for rating models could take longer.
	(v)	For each defect, a clear plan must be produced in order to reach timely remediation. Priority should be given to models with greater financial impacts. The validator should express its view on the timing and content of the plan, and the remediation plan should be approved by the Model Oversight Committee.
10.7.8	At the level of the institution, the timing for finding resolution is a reflection of the effectiveness of the validation process and the ability of the institution to manage Model Risk. This will be subject to particular attention from the CBUAE. Exceptions to the time frame defined by institutions must be formally approved by Senior Management upon robust justification and will be reviewed by the CBUAE as part of regular supervision.

Appendix

NUMERICAL THRESHOLDS INCLUDED IN THE MMS
The MMS contains several numerical thresholds.
The following table indicates the relevant Articles to facilitate their implementation.
Table 3: Numerical thresholds included in the MMS

Article	Topic	Threshold	Threshold
2.2.2	Self-assessment and plan to meet the MMS and MMG requirements	6 months from the effective date of the MMS	Mandatory
4.6.3	Model Oversight Committee meeting	Quarterly	Mandatory
4.10.2	Reporting model life-cycle and associated Model Risk to the Model Oversight Committee and to the Board	Quarterly and yearly, respectively	Mandatory
8.6.2 and 8.6.3	Rating frequency	Annually	Mandatory
10.5.2	Reporting of monitoring & validation results to the Model Oversight Committee	Quarterly	Mandatory
10.5.2	Maximum periods of model validation and monitoring	See table in the corresponding section	Strongly recommended
10.7.5	Reporting of findings and remediation to Senior Management	Quarterly and yearly, respectively	Mandatory
10.7.7	Maximum remediation period for high severity findings	12 months	Mandatory

Model Management Guidance

Definitions and Interpretations

The following terms shall have the meaning assigned to them for the purpose of interpreting these Standards and the related Guidance:
1.	Board: As defined in the CBUAE’s Corporate Governance Regulation for Banks.
2.	Causality (written in lower case as “causality”): Relationship between cause and effect. It is the influence of one event on the occurrence of another event.
3.	CBUAE: Central Bank of the United Arab Emirates.
4.	Correlation (written in lower case as “correlation”): Any statistical relationship between two variables, without explicit causality explaining the observed joint behaviours. Several metrics exist to capture this relationship. Amongst others, linear correlations are often captured by the Pearson coefficient. Linear or non-linear correlation are often captured by the Spearman’s rank correlation coefficient.
5.	Correlation Analysis (written in lower case as “correlation analysis”): Correlation analysis refers to a process by which the relationships between variables are explored. For a given set of data and variables, observe (i) the statistical properties of each variable independently, (ii) the relationship between the dependent variable and each of the independent variables on a bilateral basis, and (iii) the relationship between the independent variables with each other.
6.	CI (Credit Index): In the context of credit modelling, a credit index is a quantity defined over (-∞,+∞) derived from observable default rates, for instance through probit transformation. CI represents a systemic driver of creditworthiness. While this index is synthetic, (an abstract driver), it is often assimilated to the creditworthiness of specific industry or geography.
7.	Default (written in lower case as “default”): The definition of default depends on the modelling context, either for the development of rating models or for the calibration and probabilities of default. For a comprehensive definition, refer to the section on rating models in the MMG.
8.	Deterministic Model (written in lower case as “deterministic model”): A deterministic model is a mathematical construction linking, with certainty, one or several dependent variables, to one or several independent variables. Deterministic models are different from statistical models. The concept of confidence interval does not apply to deterministic models. Examples of deterministic models include NPV models, financial cash flow models or exposure models for amortizing facilities.
9.	DMF (Data Management Framework): Set of policies, procedures and systems designed to organise and structure the management of data employed for modelling.
10.	DPD (Days-Past-Due): A payment is considered past due if it has not been made by its contractual due date. The days-past-due is the number of days that a payment is past its due date, i.e. the number of days for which a payment is late.
11.	DSIB (Domestic Systemically Important Banks): These are UAE banks deemed sufficiently large and interconnected to warrant the application of additional regulatory requirements. The identification of the institutions is based upon a framework defined by the CBUAE.
12.	EAD (Exposure At Default): Expected exposure of an institution towards an obligor (or a facility) upon a future default of this obligor (or its facility). It also refers to the observed exposure upon the realised default of an obligor (or a facility). This amount materialises at the default date and can be uncertain at reporting dates prior to the default date. The uncertainty surrounding EAD depends on the type of exposure and the possibility of future drawings. In the case of a lending facility with a pre-agreed amortisation schedule, the EAD is known. In the case of off-balance sheet exposures such as credit cards, guarantees, working capital facilities or derivatives, the EAD is not certain on the date of measurement and should be estimated with statistical models.
13.	EAR (Earning At Risk): Refer to NII.
14.	ECL (Expected Credit Loss): Metric supporting the estimation of provisions under IFRS9 to cover credit risk arising from facilities and bonds in the banking book. It is designed as a probability-weighted expected loss.
15.	Economic Intuition (written in lower case as “economic intuition”): Also referred to as economic intuition and business sense. Property of a model and its output to be interpreted in terms and metrics that are commonly employed for business and risk decisions. It also refers to the property of the model variables and the model outputs to meet the intuition of experts and practitioners, in such a way that the model can be explained and used to support decision-making.
16.	Effective Challenge: Characteristic of a validation process. An effective model validation ensures that model defects are suitably identified, discussed and addressed in a timely fashion. Effectiveness is achieved via certain key features of the validation process such as independence, expertise, clear reporting and prompt action from the development team.
17.	EVE (Economic Value of Equity): It is defined as the difference between the present value of the institution’s assets minus the present value of liabilities. The EVE is sensitive to changes in interest rates. It is used in the measurement of interest rate risk in the banking book.
18.	Expert-Based Models (written in lower case as “expert-based models”): Also referred to as judgemental models, these models rely on the subjective judgement of expert individuals rather than on quantitative data. In particular, this type of model is used to issue subjective scores in order to rank corporate clients.
19.	Institutions (written in lower case as “institution(s)”): All banks licenced by the CBUAE. Entities that take deposits from individuals and/or corporations, while simultaneously issuing loans or capital market securities.
20.	LGD (Loss Given Default): Estimation of the potential loss incurred by a lending institution upon the default of an obligor (or a facility), measured as a percentage of the EAD. It also refers to the actual loss incurred upon past defaults also expressed as a percentage of EAD. The observed LGD levels tend to be related to PD levels with various strength of correlation.
21.	Limits and limitations (written in lower case as “limits” and “limitations”): Model limits are thresholds applied to a model’s outputs and/or its parameters in order to control its performance. Model limitations are boundary conditions beyond which the model ceases to be accurate.
22.	LSI (Large and/or Sophisticated Institutions): This group comprises DSIBs and any other institutions that are deemed large and/or with mature processes and skills. This categorisation is defined dynamically based on the outcome of regular banking supervision.
23.	Macroeconomic Model (written in lower case as “macroeconomic model” or “macro model”): Refers to two types of models. (i) A model that links a set of independent macro variables to another single dependent macro variable or to several other dependent macro variables or (ii) a model that links a set of independent macro variables to a risk metric (or a set of risk metrics) such as probabilities of default or any other business metric such as revenues.
24.	Market Data: Refers to the various data attributes of a traded financial instrument reported by a trading exchange. It includes the quoted value of the instrument and/or the quoted parameters of that instrument that allow the derivation of its value. It also includes transaction information including the volume exchanged and the bid-ask spread.
25.	Materiality: The materiality of a model represents the financial scope covered by the model in the context of a given institution. It can be used to estimate the potential loss arising from model uncertainty (see Model Risk). Model materiality can be captured by various metrics depending on model types. Typically, total exposure can be used as a metric for credit models.
26.	MMG: CBUAE’s Model Management Guidance.
27.	MMS: CBUAE’s Model Management Standards.
28.	Model (written in lower case as “model”): A quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates. For the purpose of the MMS and MSG, models are categorised in to three distinct groups: statistical models, deterministic models and expert-based models.
29.	Model Calibration (written in lower case as “model calibration”): Key step of the model development process. Model calibration means changing the values of the parameters and/or the weights of a model, without changing the structure of the model, i.e. without changing the nature of the variables and their transformations.
30.	Model Complexity (written in lower case as “model complexity”): Overall characteristic of a model reflecting the degree of ease (versus difficulty) with which one can understand the model conceptual framework, its practical design, calibration and usage. Amongst other things, such complexity is driven by, the number of inputs, the interactions between variables, the dependency with other models, the model mathematical concepts and their implementation.
31.	Model Construction (written in lower case as “model construction”): Key step of the model development process. The construction of a model depends on its nature, i.e. statistical or deterministic. For the purpose of the MMS and the MMG, model construction means the following: for statistical models, for a given methodology and a set of data and transformed variables, it means estimating and choosing, with a degree of confidence, the number and nature of the dependent variables along with their associated weights or coefficients. For deterministic models, for a given methodology, it means establishing the relationship between a set of input variables and an output variable, without statistical confidence intervals.
32.	Model Development (written in lower case as “model development”): Means creating a model by making a set of sequential and recursive decisions according to the steps outlined in the dedicated sections of the MMS. Model re-development means conducting the model development steps again with the intention to replace an existing model. The replacement may, or may not, occur upon re-development.
33.	Modelling Decision (written in lower case as “modelling decision”): A modelling decision is a deliberate choice that determines the core functionality and output of a model. Modelling decisions relate to each of the steps of the data acquisition, the development and the implementation phase. In particular, modelling decisions relate to (i) the choice of data, (ii) the analysis of data and sampling techniques, (iii) the methodology, (iv) the calibration and (v) the implementation of models. Some modelling decisions are more material than others. Key modelling decisions refer to decisions with strategic implications and/or with material consequences on the model outputs.
34.	Model Risk: Potential loss faced by institutions from making decisions based on inaccurate or erroneous outputs of models due to errors in the development, the implementation or the inappropriate usage of such models. Losses incurred from Model Risk should be understood in the broad sense as Model Risk has multiple sources. This definition includes direct quantifiable financial loss but also any adverse consequences on the ability of the institution to conduct its activities as originally intended, such as reputational damage, opportunity costs or underestimation of capital. In the context of the MMS and the MMG, Model Risk for a given model should be regarded as the combination of its materiality and the uncertainty surrounding its results.
35.	Model Selection (written in lower case as “model selection”): This step is part of the development process. This means choosing a specific model amongst a pool of available models, each with a different set of variables and parameters.
36.	Model Uncertainty (written in lower case as “model uncertainty”): This refers to the uncertainty surrounding the results generated by a model. Such uncertainty can be quantified as a confidence interval around the model output values. It is used as a component to estimate Model Risk.
37.	Multivariate Analysis (written in lower case as “multivariate analysis”): For a given set of data and variables, this is a process of observing the joint distribution of the dependent and independent variables together and drawing conclusions regarding their degree of correlation and causality.
38.	NII (Net Interest Income): To simplify notations, both Net Interest Income (for conventional products) and/or Net Profit Income (for Islamic Products) are referred to as “NII”. In this context, ‘profit’ is assimilated as interest. It is defined as the difference between total interest income and total interest expense, over a specific time horizon and taking into account hedging. The change in NII (“∆NII”) is defined as the difference between the NII estimated with stressed interest rates under various scenarios, minus the NII estimated with the interest rates as of the portfolio reporting date. ∆NII is also referred to as earnings at risk (“EAR”).
39.	NPV (Net Present Value): Present value of future cash flows minus the initial investment, i.e. the amount that a rational investor is willing to pay today in exchange for receiving these cash flows in the future. NPV is estimated through a discounting method. It is commonly used to estimate various metrics for the purpose of financial accounting, risk management and business decisions.
40.	PD (Probability of Default): Probability that an obligor fails to meet its contractual obligation under the terms of an agreed financing contract. Such probability is computed over a given horizon, typically 12 months, in which case it is referred to as a 1-year PD. It can also be computed over longer horizons. This probability can also be defined at several levels of granularity, including, but not limited to, single facility, pool of facilities, obligor, or consolidated group level.
41.	PD Model (written as “PD model”): This terminology refers to a wide variety of models with several objectives. Amongst other things, these models include mapping methods from scores generated by rating models onto probability of defaults. They also include models employed to estimate the PD or the PD term structure of facilities, clients or pool of clients.
42.	PD Term Structure (written as “PD term structure”): Refers to the probability of default over several time horizons, for instance 2 years, 5 years or 10 years. A distinction is made between the cumulative PD and the marginal PD. The cumulative PD is the total probability of default of the obligor over a given horizon. The marginal PD is the probability of default between two dates in the future, provided that the obligor has survived until the first date.
43.	PIT (Point-In-Time) and TTC (Through-The-Cycle): A point-in-time assessment refers to the value of a metric (typically PD or LGD) that incorporates the current economic conditions. This contrasts with a through-the-cycle assessment that refers to the value of the same metric across a period covering one or several economic cycles.
44.	Qualitative validation: A review of model conceptual soundness, design, documentation, and development and implementation process.
45.	Quantitative validation: A review of model numerical output, covering at least its accuracy, degree of conservatism, stability, robustness and sensitivity.
46.	Rating/Scoring (written in lower case “rating or scoring”): For the purpose of the MMS and the MMG, a rating and a score are considered as the same concept, i.e. an ordinal quantity representing the relative creditworthiness of an obligor (or a facility) on a predefined scale. ‘Ratings’ are commonly used in the context of corporate assessments whilst ‘scores’ are used for retail client assessments.
47.	Restructuring (written in lower case “restructuring”): The definition of restructuring / rescheduling used for modelling in the context of the MMS and MMG should be understood as the definition provided in the dedicated CBUAE regulation and, in particular, in the Circular 28/2010 on the classification of loans, with subsequent amendments to this Circular and any new CBUAE regulation on this topic.
48.	Rating Model (written in lower case “rating model”): The objective of such model is to discriminate ex-ante between performing clients and potentially non-performing clients. Such models generally produce a score along an arbitrary scale reflecting client creditworthiness. This score can subsequently mapped to a probability of default. However, rating models should not be confused with PD models.
49.	Retail Clients (written in lower case as “retail clients”): Retail clients refer to individuals to whom credit facilities are granted for the following purpose: personal consumer credit facilities, auto credit facilities, overdraft and credit cards, refinanced government housing credit facilities, other housing credit facilities, credit facilities against shares to individuals. It also includes small business credit facilities for which the credit risk is managed using similar methods as applied for personal credit facilities.
50.	Segment (written in lower case as “segment”): Subsets of an institution’s portfolio obtained by splitting the portfolio by the most relevant dimensions which explain its risk profile. Typical dimensions include obligor size, industries, geographies, ratings, product types, tenor and currency of exposure. Segmentation choices are key drivers of modelling accuracy and robustness.
51.	Senior Management: As defined in the CBUAE’s Corporate Governance Regulation for Banks.
52.	Statistical Model (written in lower case as “statistical model”): A statistical model is a mathematical construction achieved by the application of statistical techniques to samples of data. The model links one or several dependent variables to one or several independent variables. The objective of such a model is to predict, with a confidence interval, the values of the dependent variables given certain values of the independent variables. Examples of statistical models include rating models or value-at-risk (VaR) models. Statistical models are different from deterministic models. By construction, statistical models always include a degree of Model Risk.
53.	Tiers: Models are allocated to different groups, or Tiers, depending on their associated Model Risk.
54.	Time series analysis (written in lower case as “time series analysis”): For a given set of data and variables, this is a process of observing the behaviour of these variables through time. This can be done by considering each variable individually or by considering the joint pattern of the variables together.
55.	UAT (User Acceptance Testing): Phase of the implementation process during which users rigorously test the functionalities, robustness, accuracy and reliability of a system containing a new model before releasing it into production.
56.	Variable Transformation (written in lower case as “variable transformation”): Step of the modelling process involving a transformation of the model inputs before developing a model. Amongst others, common transformations include (i) relative or absolute differencing between variables, (ii) logarithmic scaling, (iii) relative or absolute time change, (iv) ranking, (v) lagging, and (vi) logistic or probit transformation.
57.	Wholesale Clients (written in lower case as “wholesale clients”): Wholesale clients refer to any client that is not considered as a retail client as per the definition of these Standards.

1 Context and Objective

1.1 Regulatory Context

1.1.1	The Risk Management Regulation (Circular No. 153/2018) issued by the Central Bank of the UAE (“CBUAE”) on 27^th May 2018 states that banks must have robust systems and tools to assess and measure risks.
1.1.2	To set out modelling requirements for licenced banks, the CBUAE has issued Model Management Standards (“MMS”) and Model Management Guidance (“MMG”). Both MMS and MMG should be read jointly as they constitute a consistent set of requirements and guidance, as follows:
	(i)	The MMS outline general standards applicable to all models and constitute minimum requirements that must be met by UAE banks.
	(ii)	The MMG expands on technical aspects that are expected to be implemented by UAE banks for certain types of models. Given the wide range of models and the complexity of some, the CBUAE recognises that alternative approaches can be envisaged on specific technical points. Whilst this MMG neither constitutes additional legislation or regulation nor replaces or supersedes any legal or regulatory requirements or statutory obligations, deviations from the MMG should be clearly justified and will be subject to CBUAE supervisory review.

1.2 Objectives

1.2.1	Both the MMS and MMG share three key objectives. The first objective is to ensure that models employed by UAE banks meet quality standards to adequately support decision-making and reduce Model Risk. The second objective is to improve the homogeneity of model management across UAE banks. The third objective is to mitigate the risk of potential underestimation of provisions and capital across UAE banks.
1.2.2	The MMG outlines techniques based on commonly accepted practices by practitioners and academics, internationally. The majority of its content has been subject to consultation with numerous subject matter experts in the UAE and therefore it also reflects expected practices amongst UAE institutions.

1.3 Document Structure

1.3.1	Each section of the MMG addresses a different type of model. The MMG is constructed in such a way that the numbering of each article is sequentially and each article is a unique reference across the entire MMG.
1.3.2	Both the MMS and the MMG contain an appendix summarising the main numerical limits included throughout each document respectively. Such summary is expected to ease the implementation and monitoring of these limits by both institution and the CBUAE.

1.4 Scope of Application

1.4.1	The MMG applies to all licensed banks in the UAE, which are referred to herein as “institutions”.
1.4.2	The scope of institutions is consistent across the MMS and the MMG. Details about the scope of institutions are available in the MMS.
1.4.3	Branches or subsidiaries of foreign institutions should apply the most conservative practices between the MMG and the expectations from their parent company’s regulator.
1.4.4	Institutions with a parent company incorporated in the UAE should ensure that all their branches and subsidiaries comply with the MMG.

1.5 Requirements and Timeframe
1.5.1
The implementation timeframe is consistent across the MMS and the MMG. Further details are available in the MMS.

1.6 Scope of Models

1.6.1	The MMG focuses on the main credit risk models entering the computation of the Expected Credit Loss in the context of the current accounting requirements, due to their materiality and their relevance across the vast majority of institutions. The MMG also provides guidance on other models used for the assessment of interest rate risk in the banking book and net present values.
1.6.2	The MMG does not impose the use of these models. The MMG outlines minimum expected practices if institutions decide to use such models, in order to manage Model Risk appropriately.
1.6.3	As model management matures across UAE institutions, additional model types may be included in the scope of the MMG in subsequent publications.
Table 1: List of model types covered in the MMG

Model type covered in the MMG

Rating Models

PD Models

LGD Models

Macro Models

Interest Rate Risk In the Banking Book Models

Net Present Value Models

2 Rating Models

2.1 Scope

2.1.1	The vast majority of institutions employ rating models to assess the credit worthiness of their obligors. Rating models provide essential metrics used as foundations to multiple core processes within institutions. Ratings have implications for key decisions, including but not limited to, risk management, provisioning, pricing, capital allocation and Pillar II capital assessment. Institutions should pay particular attention to the quality of their rating models and subsequent PD models, presented in the next section.
2.1.2	Inadequate rating models can result in material financial impacts due to a potentially incorrect estimation of credit risk. The CBUAE will pay particular attention to suitability of the design and calibration of rating and PD models. Rating models that are continuously underperforming even after several recalibrations should be replaced. These models should no longer be used for decision making and reporting.
2.1.3	For the purpose of the MMG, a rating and a score should be considered as identical concepts, that is a numerical quantity without units representing the relative creditworthiness of an obligor or a facility on predefined scale. The main objective of rating models is to segregate obligors (or facilities) that are likely to perform under their current contractual obligations from the ones that are unlikely to perform, given a set of information available at the rating assessment date.
2.1.4	The construction of rating models is well documented by practitioners and in academic literature. Therefore, it is not the objective of this section to elaborate on the details of modelling techniques. Rather, this section focuses on minimum expected practices and the challenging points that should attract institutions’ attention.

2.2 Governance and Strategy

2.2.1	The management of rating models should follow all the steps of the model life-cycle articulated in the MMS. The concept of model ownership and independent validation is particularly relevant to rating models due to their direct business implications.
2.2.2	It is highly recommended that institutions develop rating models internally based on their own data. However, in certain circumstances such as for low default portfolios, institutions may rely on the support from third party providers. This support can take several forms that are presented below through simplified categorisation. In all cases, the management and calibration of models should remain the responsibility of institutions. Consequently, institutions should define, articulate and justify their preferred type of modelling strategy surrounding rating models. This strategy will have material implications on the quality, accuracy and reliability of the outputs.
2.2.3	The choice of strategy has a material impact on the methodology employed. Under all circumstances, institutions remain accountable for the modelling choices embedded in their rating models and their respective calibrations.
2.2.4	Various combinations of third party contributions exist. These can be articulated around the supplier’s contribution to the model development, the IT system solution and/or the data for the purpose of calibration. Simplified categories are presented hereby, for the purpose of establishing minimum expected practices:
	(i)	Type 1 – Support for modelling: A third party consultant is employed to build a rating model based on the institution’s own data. The IT infrastructure is fully developed internally. In this case, institutions should work in conjunction with consultants to ensure that sufficient modelling knowledge is retained internally. Institutions should ensure that the modelling process and the documentation are compliant with the principles articulated in the MMS.
	(ii)	Type 2 – Support for modelling and infrastructure: A third party consultant provides a model embedded in a software that is calibrated based on the institution’s data. In this case, the institution has less control over the design of the rating model. The constraints of such approach are as follows:
		a.	Institutions should ensure that they understand the modelling approach being provided to them.
		b.	Institutions should fully assess the risks related to using a system solution provided by external parties. At a minimum, this assessment should be made in terms of performance, system security and stability.
		c.	Institutions should ensure that a comprehensive set of data is archived in order to perform validations once the model is implemented. This data should cover both the financial and non-financial characteristics of obligors and the performance data generated by the model. The data should be stored at a granular level, i.e. at a factor level, in order to fully assess the performance of the model.
	(iii)	Type 3 – Support of modelling, infrastructure and data: In addition to Type 2 support, a third party consultant provides data and/or a ready-made calibration. This is the weakest form of control by institutions. For such models, the institution should demonstrate that additional control and validation are implemented in order to reduce Model Risk. Immediately after the model implementation, the institution should start collecting internal data (where possible) to support the validation process. Such validation could result in a material shift in obligors’ rating and lead to financial implications.
	(iv)	Type 4 – Various supports: In the case of various supports, the minimum expected practices are as follows:
		a.	If a third party provides modelling services, institutions should ensure that sufficient knowledge is retained internally.
		b.	If a third party provides software solutions, institutions should ensure that they have sufficient controls over parameters and that they archive data appropriately.
		c.	If a third party provides data for calibration, institutions should take the necessary steps to collect internal data in accordance with the data management framework articulated in the MMS.
2.2.5	In conjunction with the choice of modelling strategy, institutions should also articulate their modelling method of rating models. A range of possible approaches can be envisaged between two distinct categories: (i) data-driven statistical models that can rely on both quantitative and qualitative (subjective) factors, or (ii) expert-based models that rely only on views from experienced individuals without the use of statistical data. Between these two categories, a range of options exist. Institutions should consciously articulate the rationale for their modelling approach.
2.2.6	Institutions should aim to avoid purely expert based models, i.e. models with no data inputs. Purely expert-based models should be regarded as the weakest form of models and therefore should be seen as the least preferable option. If the portfolio rated by such a model represents more than 10% of the institution’s loan book (other than facilities granted to governments and financial institutions), then the institution should demonstrate that additional control and validation are implemented in order to reduce Model Risk. It should also ensure that Senior Management and the Board are aware of the uncertainty arising from such model. Immediately after the model implementation, the institution should start collecting internal data to support the validation process.

2.3 Data Collection and Analysis

2.3.1	Institutions should manage and collect data for rating models, in compliance with the MMS. The data collection, cleaning and filtering should be fully documented in such way that it can be traced by any third party.
2.3.2	A rigorous process for data collection is expected. The type of support strategy presented in earlier sections has no implications on the need to collect data for modelling and validation.
2.3.3	For the development of rating models, the data set should include, at a minimum, (i) the characteristics of the obligors and (ii) their performance, i.e. whether they were flagged as default. For each rating model, the number of default events included in the data sample should be sufficiently large to permit the development of a robust model. This minimum number of defaults will depend on business segments and institutions should demonstrate that this minimum number is adequate. If the number of defaults is too small, alternative approaches should be considered.
2.3.4	At a minimum, institutions should ensure that the following components of the data management process are documented. These components should be included in the scope of validation of rating models.
	(i)	Analysis of data sources,
	(ii)	Time period covered,
	(iii)	Descriptive statistics about the extracted data,
	(iv)	Performing and non-performing exposures,
	(v)	Quality of the financial statements collected,
	(vi)	Lag of financial statements,
	(vii)	Exclusions and filters, and
	(viii)	Final number of performing and defaulted obligors by period.

2.4 Segmentation

2.4.1	Segmentation means splitting a statistical sample into several groups in order to improve the accuracy of modelling. This concept applies to any population of products or customers. The choice of portfolio, customer and/or product segmentation has a material impact on the quality of rating models. Generally, the behavioural characteristics of obligors and associated default rates depend on their industry and size (for wholesale portfolios) and on product types (for retail portfolios). Consequently, institutions should thoroughly justify the segmentation of their rating models as part of the development process.
2.4.2	The characteristics of obligors and/or products should be homogeneous within each segment in order to build appropriate models. First, institutions should analyse the representativeness of the data and pay particular attention to the consistency of obligor characteristics, industry, size and lending standards. The existence of material industry bias in data samples should result in the creation of a rating model specific to that industry. Second, the obligor sample size should be sufficient to meet minimum statistical performance. Third, definition of default employed to identify default events should also be homogeneous across the data sample.

2.5 Default Definition

2.5.1	Institutions should define and document two definitions of default, employed in two different contexts: (i) for the purpose of rating model development and (ii) for the purpose of estimating and calibrating probabilities of defaults. These two definitions of default can be identical or different, if necessary. The scope of these definitions should cover all credit facilities and all business segments of the institution. In this process, institutions should apply the following principles.
2.5.2	For rating models: The definition of default in the context of a rating model is a choice made to achieve a meaningful discrimination between performing and non-performing obligors (or facilities). The terminology ‘good’ and ‘bad’ obligors is sometimes employed by practitioners in the context of this discrimination. Institutions should define explicitly the definition of default used as the dependent variable when building their rating models.
	(i)	This choice should be guided by modelling considerations, not by accounting considerations. The level of conservatism embedded in the definition of default used to develop rating models has no direct impact on the institution’s P&L. It simply supports a better identification of customers unlikely to perform.
	(ii)	Consequently, institutions can choose amongst several criteria to identify default events in order to maximise the discriminatory power of their rating models. This choice should be made within boundaries. At a minimum, they should rely on the concept of days-past-due (“DPD”). An obligor should be considered in default if its DPD since the last payment due is greater or equal to 90 or if it is identified as defaulted by the risk management function of the institution.
	(iii)	If deemed necessary, institutions can use more conservative DPD thresholds in order to increase the predictive power of rating models. For low default portfolios, institutions are encouraged to use lower thresholds, such as 60 days in order to capture more default events. In certain circumstances, restructuring events can also be included to test the power of the model to identify early credit events.
2.5.3	For PD estimation: The definition of default in the context of PD estimation has direct financial implications through provisions, capital assessment and pricing.
	(i)	This choice should be guided by accounting and regulatory principles. The objective is to define this event in such a way that it reflects the cost borne by institutions upon the default of an obligor.
	(ii)	For that purpose, institutions should employ the definition of default articulated in the CBUAE credit risk regulation, separately from the MMS and MMG. As the regulation evolves, institutions should update the definition employed for modelling and recalibrate their models.

2.6 Rating Scale

2.6.1	Rating models generally produce an ordinal indicator on a predefined scale representing creditworthiness. The scores produced by each models should be mapped to a fixed internal rating scale employed across all aspects of credit risk management, in particular for portfolio management, provision estimation and capital assessment. The rating scale should be the result of explicit choices that should be made as part of the model governance framework outlined in the MMS. At a minimum, the institution’s master rating scale should comply with the below principles:
	(i)	The granularity of the scale should be carefully defined in order to support credit risk management appropriately. An appropriate balance should be found regarding the number of grades. A number of buckets that is too small will reduce the accuracy of decision making. A number of buckets that is too large will provide a false sense of accuracy and could be difficult to use for modelling.
	(ii)	Institutions should ensure that the distribution of obligors (or exposures) spans across most rating buckets. High concentration in specific grades should be avoided, or conversely the usage of too many grades with no obligors should also be avoided. Consequently, institution may need to redefine their rating grades differently from rating agencies’ grades, by expanding or grouping certain grades.
	(iii)	The number of buckets should be chosen in such a way that the obligors’ probability of default in each grade can be robustly estimated (as per the next section on PD models).
	(iv)	The rating scale from external rating agencies may be used as a benchmark, however their granularity may not be the most appropriate for a given institution. Institutions with a large proportion of their portfolio in non-investment grade rating buckets should pay particular attention to bucketing choices. They are likely to require more granular buckets in this portion of the scale to assess their risk more precisely than with standard scales from rating agencies.
	(v)	The choice of an institution’s rating scale should be substantiated and documented. The suitability of rating scale should be assessed on a regular basis as part of model validation.

2.7 Model Construction

2.7.1	The objective of this section is to draw attention to the key challenges and minimum expected practices to ensure that institutions develop effective rating models. The development of retail scorecards is a standardised process that all institutions are expected to understand and implement appropriately on large amounts of data. Wholesale rating models tend to be more challenging due to smaller population sizes and the complexity of the factors driving defaults. Consequently, this section related to model construction focuses on wholesale rating models.
2.7.2	Wholesale rating models should incorporate, at a minimum, financial information and qualitative inputs. The development process should include a univariate analysis and a multivariate analysis, both fully documented. All models should be constructed based on a development sample and tested on a separate validation sample. If this is not possible in the case of data scarcity, the approach should be justified and approved by the validator.
2.7.3	Quantitative factors: These are characteristics of the obligors that can be assessed quantitatively, most of which are financial variables. For wholesale rating models, institutions should ensure that the creation of financial ratios and subsequent variable transformations are rigorously performed and clearly documented. The financial variables should be designed to capture the risk profile of obligors and their associated financing. For instance, the following categories of financial ratios are commonly used to assess the risk of corporate lending: operating performance, operating efficiency, liquidity, capital structure, and debt service.
2.7.4	Qualitative subjective factors: These are characteristics of the obligor that are not easily assessed quantitatively, for instance the experience of management or the dependency of the obligors on its suppliers. The following categories of subjective factors are commonly used to assess the risk of corporate lending: industry performance, business characteristics and performance, management character and experience, and quality of financial reporting and reliability of auditors. The assessment of these factors is generally achieved via bucketing that relies on experts’ judgement. When using such qualitative factors, the following principles should apply:
	(i)	Institutions should ensure that this assessment is based upon a rigorous governance process. The collection of opinions and views from experienced credit officers should be treated as a formal data collection process. The data should be subject to quality control. Erroneous data points should also be removed.
	(ii)	If the qualitative subjective factors are employed to adjust the outcome of the quantitative factors, institutions should control and limit this adjustment. Institutions should demonstrate that the weights given to the expert-judgement section of the model is appropriate. Institutions should not perform undue rating overrides with expert judgement.
2.7.5	Univariate analysis: In the context of rating model development, this step involves assessing the discriminatory power of each quantitative factor independently and assessing the degree of correlation between these quantitative factors.
	(i)	The assessment of the discriminatory power should rely on clearly defined metrics, such as the accuracy ratio (or Gini coefficient). Variables that display no relationship or counterintuitive relationships with default rates should preferably be excluded. They can be included in the model only after a rigorous documentation of the rationale supporting their inclusion.
	(ii)	Univariate analysis should also involve an estimation of the correlations between the quantitative factors with the aim to avoid multicolinearity in the next step of the development.
	(iii)	The factors should be ranked according to their discriminatory power. The development team should comment on whether the observed relationship is meeting economic and business expectations.
2.7.6	Multivariate analysis: This step involves establishing a link between observed defaults and the most powerful factors identified during the univariate analysis.
	(i)	Common modelling techniques include, amongst others, logistic regressions and neural networks. Institutions can chose amongst several methodologies, provided that the approach is fully understood and documented internally. This is particularly relevant if third party consultants are involved.
	(ii)	Institutions should articulate clearly the modelling technique employed and the process of model selection. When constructing and choosing the most appropriate model, institutions should pay attention to the following:
		(a)	The number of variables in the model should be chosen to ensure a right balance. An insufficient number of variables can lead to a sub-optimal model with a weak discriminatory power. An excessive number of variables can lead to overfitting during the development phase, which will result in weak performance subsequently.
		(b)	The variables should not be too correlated. Each financial ratio should preferably be different in substance. If similar ratios are included, a justification should be provided and overfitting should be avoided.
		(c)	In the case of bucketing of financial ratios, the defined cut-offs should be based on relevant peer comparisons supported by data analysis, not arbitrarily decided.

2.8 Model Documentation

2.8.1	Rigorous documentation should be produced for each rating model as explained in the MMS. The documentation should be sufficiently detailed to ensure that the model can be fully understood and validated by any independent party.
2.8.2	In addition to the elements articulated in the MMS, the following components should be included:
	(i)	Dates: The model development date and implementation date should be explicitly mentioned in all rating model documentation.
	(ii)	Materiality: The model materiality should be quantified, for instance as the number of rated customers and their total corresponding gross exposure.
	(iii)	Overview: An executive summary with the model rating strategy, the expected usage, an overview of the model structure and the data set employed to develop and test the model.
	(iv)	Key modelling choices: The default definition, the rating scale and a justification of the chosen segmentation as explained in earlier sections.
	(v)	Data: A description of the data employed for development and testing, covering the data sources and the time span covered. The cleaning process should be explained including the filter waterfall and/or any other adjustments used.
	(vi)	Methodology: The development approach covering the modelling choices, the assumptions, limits, the parameter estimation technique. Univariate and multivariate analyses discussing in detail the construction of factors, their transformation and their selection.
	(vii)	Expert judgement inputs: All choices supporting the qualitative factors. Any adjustments made to the variables or the model based on expert opinions. Any contributions from consulted parties.
	(viii)	Validation: Details of testing and validation performed during the development phase or immediately after.

2.9 Usage of Rating Models

2.9.1	Upon the roll-out of a new rating model and/or a newly recalibrated (optimised) rating model, institutions should update client ratings as soon as possible. Institutions should assign new ratings with the new model to 70% of the existing obligors (entering the model scope) within six (6) months and to 95% of the existing obligors within nine (9) months. The assignment of new ratings should be based on financials that have been updated since the issuance of the previous rating, if they exist. Otherwise prior financials should be used. This expectation applies to wholesale and retail models.
2.9.2	In order to achieve this client re-rating exercise in a short timeframe, institutions are expected to rate clients in batches, performed by a team of rating experts, independently from actual, potential or perceived business line interests.
2.9.3	Institutions should put in place a process to monitor the usage of rating models. At a minimum, they should demonstrate that the following principles are met:
	(i)	All ratings should be archived with a date that reflects the last rating update. This data should be stored in a secure database destined to be employed on a regular basis to manage the usage of rating models.
	(ii)	The frequency of rating assignment should be tracked and reported to ensure that all obligors are rated appropriately in a timely fashion.
	(iii)	Each rating model should be employed on the appropriate type of obligor defined in the model documentation. For instance, a model designed to assess large corporates should not be used to assess small enterprises.
	(iv)	Institutions should ensure that the individuals assigning and reviewing ratings are suitably trained and can demonstrate a robust understanding of the rating models.
	(v)	If the ratings are assigned by the business lines, these should be reviewed and independently signed-off by the credit department to ensure that the estimation of ratings is unbiased from short term potential or perceived business line interests.

2.10 Rating Override

2.10.1	In the context of the MMG, rating override means rating upgrade or rating downgrade. Overrides are permitted; however, they should follow a rigorously documented process. This process should include a clear governance mirroring the credit approval process based on obligor type and exposure materiality. The decision to override should be controlled by limits expressed in terms of number of notches and number of times a rating can be overridden. Eligibility criteria and the causes for override should be clearly documented. Causes may include, amongst others: (i) events specific to an obligor, (ii) systemic events in a given industry or region, and/or (iii) changes of a variable that is not included in the model.
2.10.2	Rating overrides should be monitored and be included in the model validation process. The validator should estimate the frequency of overrides and the number of notches between the modelled rating and the new rating. A convenient approach to monitor overrides is to produce an override matrix.
2.10.3	In some circumstances, the rating of a foreign obligor should not be better than the rating of its country of incorporation. Such override decision should be justified and documented.
2.10.4	A contractual guarantee of a parent company can potentially result in the rating enhancement of an obligor, but conditions apply:
	(i)	The treatment of parental support for a rating enhancement should be recognised only based on the production of an independent legal opinion confirming the enforceability of the guarantee upon default. The rating enhancement should only apply to the specific facility benefiting from the guarantee. The process for rating enhancement should be clearly documented. For the avoidance of doubt, a sole letter of intent from the parent company should not be considered as a guarantee for enforceability purpose. A formal legal guarantee is the only acceptable documentation.
	(ii)	For modelling purpose, an eligible parent guarantee can be reflected in the PD or the LGD of the facility benefiting from this guarantee. If the rating of the facility is enhanced, then the guarantee will logically be reflected in the PD parameter. If the rating of the obligor is not enhanced but the guarantee is deed eligible, then the guarantee can be reflected in the LGD parameter. The rationale behind such choice should be fully documented.

2.11 Monitoring and Validation

2.11.1	Institutions should demonstrate that their rating models are performing over time. All rating models should be monitored on a regular basis and independently validated according to all the principles articulated in the MMS. For that purpose, institutions should establish a list of metrics to estimate the performance and stability of models and compare these metrics against pre-defined limits.
2.11.2	The choice of metrics to validate rating models should be made carefully. These metrics should be sufficiently granular and capture performance through time. It is highly recommended to estimate the change in the model discriminatory power through time, for instance by considering a maximum acceptable drop in accuracy ratio.
2.11.3	In addition to the requirement articulated in the MMS related to the validation step, for rating models in particular, institutions should ensure that validation exercises include the following components:
	(i)	Development data: A review of the data collection and filtering process performed during the development phase and/or the last recalibration. In particular, this should cover the definition of default and data quality.
	(ii)	Model usage: A review of the governance surrounding model usage. In particular, the validator should comment on (a) the frequency of rating issuance, (b) the governance of rating production, and (c) the variability of ratings produced by the model. The validator should also liaise with the credit department to form a view on (d) the quality of financial inputs and (e) the consistency of the subjective inputs and the presence of potential bias.
	(iii)	Rating override: A review of rating overrides. This point does not apply to newly developed models.
	(iv)	Model design: A description of the model design and its mathematical formulation. A view on the appropriateness of the design, the choice of factors and their transformations.
	(v)	Key assumptions: A review of the appropriateness of the key assumptions, including the default definition, the segmentation and the rating scale employed when developing the model.
	(vi)	Validation data: The description of the data set employed for validation.
	(vii)	Quantitative review: An analysis of the key quantitative indicators covering, at a minimum, the model stability, discriminatory power, sensitivity and calibration. This analysis should cover the predictive power of each quantitative and subjective factor driving the rating.
	(viii)	Documentation: A review on the quality of the documentation surrounding the development phase and the modelling decisions.
	(ix)	Suggestions: When deemed appropriate, the validator can make suggestions for defect remediation to be considered by the development team.

3 PD Models

3.1 Scope

3.1.1	The majority of institutions employ models to estimate the probability of default of their obligors (or facilities), for risk management purpose and to comply with accounting and regulatory requirements. These models are generally referred to as ‘PD models’, although this broad definition covers several types of models. For the purpose of the MMG, and to ensure appropriate model management, the following components should be considered as separate models:
	(i)	Rating-to-PD mapping models, and
	(ii)	Point-in-Time PD Term Structure models.
3.1.2	These models have implications for key decisions including, but not limited to, risk management, provisioning, pricing, capital allocation and Pillar II capital assessment. Institutions should manage these models through a complete life-cycle process in line with the requirements articulated in the MMS. In particular, the development, ownership and validation process should be clearly organised and documented.

3.2 Key Definitions and Interpretations

3.2.1	The following definitions are complementing the definitions provided at the beginning of the MMG. The probability of default of a borrower or of a facility is noted “PD”. The loss proportion of exposure arising after default, or “loss given default” is noted “LGD”.
3.2.2	A point-in-time assessment (“PIT”) refers to the value of a metric (typically PD or LGD) that incorporates the current economic conditions. This contrasts with a through-the-cycle assessment (“TTC”) that refers to the value of the same metric across a period covering one or several economic cycles.
3.2.3	A PD is associated with a specific time horizon, which means that the probability of default is computed over a given period. A 1-year PD refers to the PD over a one year period, starting today or at any point in the future. A PD Term Structure refers to a cumulative PD over several years (generally starting at the portfolio estimation date). This contrasts with a marginal forward 1-year PD, which refers to a PD starting at some point in the future and covering a one year period, provided that the obligor has survived until that point.
3.2.4	A rating transition matrix is a square matrix that gives the probabilities to migrate from a rating to another rating. This probability is expressed over a specific time horizon, typically one year, in which case we refer to a ‘one-year transition matrix’. Transitions can also be expressed over several years.

3.3 Default Rate Estimation

3.3.1	Prior to engaging in modelling, institutions should implement a robust process to compute time series of historical default rates, for all portfolios where data is available. The results should be transparent and documented. This process should be governed and approved by the Model Oversight Committee. Once estimated, historical default rates time series should only be subject to minimal changes. Any retroactive updates should be approved by the Model Oversight Committee and by the bank’s risk management committee.
3.3.2	Institutions should estimate default rates at several levels of granularity: (i) for each portfolio, defined by obligor type or product, and (ii) for each rating grade within each portfolio, where possible. In certain circumstances, default rate estimation at rating grade level may not be possible and institutions may only rely on pool level estimation. In this case, institutions should justify their approach by demonstrating clear evidence based on data, that grade level estimation is not deemed sufficiently robust.
3.3.3	Institutions should compute the following default ratio, based on the default definition described in the previous section. This ratio should be computed with an observation window of 12 months to ensure comparability across portfolios and institutions. In addition, institutions are free estimate this ratio for other windows (e.g. quarterly) for specific modelling purposes.
	(i)	The denominator is composed of performing obligors with any credit obligation, including off and on balance sheet facilities, at the start of the observation window.
	(ii)	The numerator is composed of obligors that defaulted at least once during the observation window, on the same scope of facilities.
	Formally the default rate can be expressed as shown by the formula below, where t represented the date of estimation. Notice that if the ratio is reported at time t, then the ratio is expressed as a backward looking metrics. This concept is particularly relevant for the construction of macro models as presented in subsequent sections. The frequency of computation should be at least quarterly and possibly monthly for some portfolios.
3.3.4	When the default rate is computed by rating grade, the denominator should refer to all performing obligors assigned to a rating grade at the beginning of the observation window. When the default rate is computed at segment level, the denominator should refer to all performing obligors assigned to that segment at the beginning of the observation window.
3.3.5	For wholesale portfolios, this ratio should be computed in order to obtain quarterly observations over long time periods covering one or several economic cycles. For wholesale portfolios, institutions should aim to gather at least 5 years of data, and preferably longer. For retail portfolios or for portfolios with frequent changes in product offerings, the period covered may be shorter, but justification should be provided.
3.3.6	Institutions should ensure that default time series are homogeneous and consistent through time, i.e. relate to a portfolio with similar characteristics, consistent lending standards and consistent definition of default. Adjustments may be necessary to build time series representative of the institution current portfolios. Particular attention should be given to changes in the institution’s business model through time. This is relevant is the case of rapidly growing portfolios or, conversely, in the case of portfolio run-off strategies. This point is further explained in the MMG section focusing on macro models.
3.3.7	If an obligor migrates between ratings or between segments during the observation period, the obligor should be included in the original rating bucket and/or original segment for the purpose of estimating a default rate. Institutions should document any changes in portfolio segmentation that occurred during the period of observation.
3.3.8	When the default rate is computed by rating grade, the ratings at the beginning of the observation window should not reflect risk transfers or any form of parent guaranties, in order to capture the default rates pertaining to the original creditworthiness of the obligors. The ratings at the start of the observation window can reflect rating overrides if these overrides relate to the obligors themselves, independently of guarantees.
3.3.9	When default rate series are computed over long time periods, it could happen that obligors come out of their default status after a recovery and a cure period. In subsequent observation windows, such obligors could be performing again and default again, in which case another default event should be recorded. For that purpose, institutions should define minimum cure periods per product and/or portfolio type. If a second default occurs after the end of the cure period, it should be recorded as an addition default event. These cure periods should be based on patterns observed in data sets.
3.3.10	Provided that institutions follow the above practices, the following aspects remain subject to the discretion of each institution. First, they may choose to exclude obligors with only undrawn facilities from the numerator and denominator to avoid lowering unduly the default rate of obligors with drawn credit lines. Second, institutions may also choose to estimate default rates based on exposures rather than on counts of obligors; such estimation provides additional statistical information on expected exposures at default.

3.4 Rating-to-PD

3.4.1	For the purpose of risk management, the majority of institutions employ a dedicated methodology to estimate a TTC PD associated with each portfolio and, where possible, associated with each rating grade (or score) generated by their rating models. This estimation is based on the historical default rates previously computed, such that the TTC PD reflects the institution’s experience.
3.4.2	This process results in the construction of a PD scale, whereby the rating grades (or scores) are mapped to a single PD master scale, often common across several portfolios. This mapping exercise is referred to as ‘PD calibration’. It relies on assumptions and methodological choices separate from the rating model, therefore it is recommended to considered such mapping as a standalone model. This choice is left to each institution and should be justified. The approach should be tested, documented and validated.
3.4.3	Institutions should demonstrate that the granularity of segmentation employed for PD modelling is an appropriate reflection of the risk profile of their current loan book. The segmentation granularity of PD models should be based on the segmentation of rating models. In other words, the segmentation of rating models should be used as a starting point, from which segments can be grouped or split further depending on portfolio features, provided it is fully justified. This modelling choice has material consequences on the quality of PD models; therefore, it should be documented and approved by the Model Oversight Committee. Finally, the choice of PD model granularity should be formally reviewed as part of the validation process.
3.4.4	The rating-to-PD mapping should be understood as a relationship in either direction since no causal relationship is involved. The volatility of the grade PD through time depends on the sensitivity of the rating model and on the rating methodology employed. Such volatility will arise from a combination of migrations across rating grades and changes in the DR observed for each grade. Two situations can arise:
	(i)	If rating models are sensitive to economic conditions, ratings will change and the exposures will migrate across grades, while the DR will remain stable within each grade. In this case, client ratings will change and the TTC PD assigned to each rating bucket will remain stable.
	(ii)	If rating models are not sensitive to economic conditions, then the exposures will not migrate much through grades but the DR of each grade will change. In this case, client ratings will remain stable but the observed DR will deviate from the TTC PD assigned to each rating bucket.
3.4.5	Institutions should estimate the degree to which they are exposed to each of the situations above. Institutions are encouraged to favour the first situation, i.e. implement rating models that are sensitive to economic conditions, favour rating migrations and keep the 1-year TTC PD assigned to each rating relatively stable. For the purpose of provisioning, economic conditions should be reflected in the PIT PD in subsequent modelling. Deviation from this practice is possible but should be justified and documented.
3.4.6	The estimation of TTC PD relies on a set of principles that have been long established in the financial industry. At a minimum, institutions should ensure that they cover the following aspects:
	(i)	The TTC PD associated with each portfolio or grade should be the long-run average estimation of the 1-year default rates for each corresponding portfolio or grade.
	(ii)	The DR time series should be homogeneous and consistent through time, i.e. relate to a portfolio with similar characteristics and grading method.
	(iii)	TTC PDs should incorporate an appropriate margin of conservatism depending on the time span covered and the population size.
	(iv)	TTC PDs should be estimated over a minimum of five (5) years and preferably longer for wholesale portfolios. For retail portfolios, changes in product offerings should be taken into account when computing TTC PD.
	(v)	The period employed for this estimation should cover at least one of the recent economic cycles in the UAE: (i) the aftermath of the 2008 financial crisis, (ii) the 2015-2016 economic slowdown after a sharp drop in oil price, and/or (iii) the Covid-19 crisis.
	(vi)	If the estimation period includes too many years of economic expansion or economic downturn, the TTD PD should be adjusted accordingly.
3.4.7	For low default portfolios, institutions should employ a separate approach to estimate PDs. They should identify an appropriate methodology suitable to the risk profile of their portfolio. It is recommended to refer to common methods proposed by practitioners and academics to address this question. Amongst others, the Pluto & Tasche method or the Benjamin, Cathcart and Ryan method (BCR) are suitable candidates.
3.4.8	For portfolios that are externally rated by rating agencies, institutions can use the associated TTC PDs provided by rating agencies. However, institutions should demonstrate that (i) they do not have sufficient observed DR internally to estimate TTC PDs, (ii) each TTC PD is based on a blended estimation across the data provided by several rating agencies, (iii) the external data is regularly updated to include new publications from rating agencies, and (iv) the decision to use external ratings and PDs is reconsidered by the Model Oversight Committee on a regular basis.

3.5 PIT PD and PD Terms Structure

3.5.1	Modelling choices surrounding PIT PD and PD term structure have material consequences on the estimation of provisions and subsequent management decisions. Several methodologies exist with benefits and drawbacks. The choice of methodology is often the result of a compromise between several dimensions, including but not limited to: (i) rating granularity, (ii) time step granularity and (iii) obligor segmentation granularity. It is generally challenging to produce PD term structures with full granularity in all dimensions. Often, one or two dimensions have to be reduced, i.e. simplified.
3.5.2	Institutions should be aware of this trade-off and should choose the most appropriate method according to the size and risk profile of their books. The suitability of a methodology should be reviewed as part of the validation process. The methodology employed can change with evolving portfolios, risk drivers and modelling techniques. This modelling choice should be substantiated, documented and approved by the Model Oversight Committee. Modelling suggestions made by third party consultants should also be reviewed through a robust governance process.
3.5.3	For the purpose of the MMG, minimum expected practices are articulated for the following common methods. Other methodologies exist and are employed by practitioners. Institutions are encouraged to make research and consider several approaches.
	(i)	The transition matrix approach,
	(ii)	The portfolio average approach, and
	(iii)	The Vasicek credit framework.
3.5.4	Irrespective of the modelling approach, institutions should ensure that the results produced by models meet business sense and economic intuition. This is particularly true when using sophisticated modelling techniques. Ultimately, the transformation and the adjustment of data should lead to forecasted PDs that are coherent with the historical default rates experienced by the institution. Deviations should be clearly explained.

3.6 PIT PD with Transition Matrices

3.6.1	This section applies to institutions choosing to use transition matrices as a methodology to model PD term structures.
3.6.2	Transition matrices are convenient tools; however, institutions should be aware of their theoretical limitations and practical challenges. Their design and estimation should follow the decision process outlined in the MMS. Institutions should assess the suitability of this methodology vs. other possible options as part of the model development process. If a third party consultant suggests using transition matrices as a modelling option, institutions should ensure that sufficient analysis is performed, documented and communicated to the Model Oversight Committee prior to choosing such modelling path.
3.6.3	One of the downsides of using transition matrices is the excessive generalization and the lack of industry granularity. To obtain robust matrices, pools of data are often created with obligors from various background (industry, geography and size). This reduces the accuracy of the PD prediction across these dimensions. Consequently, institutions should analyse and document the implications of this dimensionality reduction.
3.6.4	The construction of the TTC matrix should meet a set of properties, that should be clearly defined in advance by the institution. The matrix should be based on the institution’s internal data as it is not recommended to use external data for this purpose. If an institution does not have sufficient internal data to construct a transition matrix, or if the matrix does not meet the following properties, then other methodologies should be considered to develop PD term structures.
3.6.5	At a minimum, the following properties should be analysed, understood and documented:
	(i)	Matrix robustness: Enough data should be available to ensure a robust estimation of each rating transition point. Large confidence intervals around each transition probabilities should be avoided. Consequently, institutions should estimate and document these confidence intervals as part of the model development phase. These should be reviewed as part of the model validation phase.
	(ii)	Matrix size: The size of the transition matrix should be chosen carefully as for the size of a rating scale. A number of buckets that is too small will reduce the accuracy of decision making. A number of buckets that is too large will lead to an unstable matrix and provide a false sense of accuracy. Generally, it is recommended to reduce the size of the transition matrix compared to the full rating scale of the institution. In this case, a suitable interpolation method should be created as a bridge from the reduced matrix size, back to the full rating scale.
	(iii)	Matrix estimation method: Amongst others, two estimation methods are commonly employed; the cohort approach and the generator approach. The method of choice should be tested, documented and reviewed as part of the model validation process.
	(iv)	Matrix smoothing: Several inconsistencies often occur in transition matrices, for instance (a) transition probabilities can be zero in some rating buckets, and/or (b) the transition distributions for a given origination rating can be bi-modal. Institutions should ensure that the transition matrix respect Markovian properties.
3.6.6	If the institution decides to proceed with the transition matrix appraoch, the modelling approach should be clearly articulated as a clear sequence of steps to ensure transparency in the decision process. At a minimum, the following sequence should be present in the modelling documentation. The MMG does not intend to elaborate on the exact methodology of each step. Rather, the MMG intends to draw attention to modelling challenges and set minimum expected practices as follows:
	(i)	TTC transition matrix: The first step is the estimation of a TTC matrix that meets the properties detailed in the previous article.
	(ii)	Credit Index: The second step is the construction a Credit Index (“CI”) reflecting appropriately the difference between the observed PIT DR and TTC DR (after probit or logit transformation). The CI should be coherent with the TTC transition matrix. This means that the volatility of the CI should reflect the volatility of the transition matrix through time. For that purpose the CI and the TTC transition matrix should be based on the same data. If not, justification should be provided.
	(iii)	Forecasted CI: The third step involves forecasting the CI with a macroeconomic model. However, a segmentation issue often arises. If the matrix was created by pooling obligors from several segments, then only one blended CI will be estimated. This may be insufficient to capture the relationship between macroeconomic variables and the creditworthiness of obligors at segment level for the purpose of PIT modelling. Institutions should be cognisant of such limitation and provide solutions to overcome it. An option is to adjust the blended forecasted CI to create several granular CIs that would reflect the behaviour of each segment.
	(iv)	Adjusted transition matrix: The fourth step is the development of a mechanism to adjust the TTC transition matrix with the forecasted CI or the adjusted CIs. Several forward PIT transition matrices should be obtained at several points in the future.
	(v)	PD term structure: Finally, a PD term structure should be created based on the forward PIT transition matrices. Methodologies based on matrix multiplication techniques should be robust and consistently applied.
3.6.7	As part of the development process, several pre-implementation validation checks should be performed on the TTC transition matrix in order to verify that the above properties are met. In addition, for each segment being modelled, the matrix should be constructed such that two logical properties are met by the PD outputs:
	(i)	The weighted average TTC PD based on the default column of the TTC transition matrix should be reasonably close to the long term default rate of the obligors from the same segment(s) employed to build the matrix.
	(ii)	The weighted average PIT PD based on the default column of the PIT transition matrix for the next few time steps, should be coherent with the current default rate of the obligors from the same segment(s) employed to build the matrix or the segment(s) employed to derived the adjusted CIs.

3.7 Portfolio Scaling Approach

3.7.1	This section applies to institutions using a portfolio-level scaling approach to model the term structure of PIT PD. This approach is simpler to implement than transition matrices and is suitable for portfolios with smaller data sets. In this method, average PD across ratings are being modelled, instead of all transition points between ratings. This approach tends to be preferred for smaller segments. The obligor segmentation granularity is preserved at the expense of a simplification of the rating granularity.
3.7.2	In order to ensure transparency in the decision process, the modelling approach should be clearly articulated as a clear sequence of steps. It is not the object of the MMG to elaborate on the exact methodology of each step. Rather, the MMG intends to draw attention to modelling challenges and set minimum expected practices. At a minimum, the following sequence should be present in the modelling documentation:
	(i)	Forecast portfolio average PIT PD per segment based on macro-PD models.
	(ii)	Estimate the deviation of the portfolio PIT PD from its long term average PD.
	(iii)	Apply this deviation to PDs at lower granularity levels, for instance pools or rating grades. This can be achieved by scaling in logit or probit space.
	(iv)	Construct a PIT PD term structure. It is highly recommended to compare several methods and test their impacts on PD outcomes and risk metrics.
3.7.3	The drawback of this method is the generalisation of the PD volatility across grades (or pools) with the use of scalers. Certain rating grades are more prone to volatility than others, which is not reflected in this type of model. Therefore this method could result in an underestimation of the PIT PD of the lowest rating grades. Consequently, institutions should demonstrate that they assess and understand this effect.
3.7.4	Institutions should ensure that scalers lead to explainable shifts of the PD curve across rating grades and across time steps. The scalers will not be static. They will change through the forecasted time steps, since they follow the path of the PD forecasts.
3.7.5	Institutions should be aware of the theoretical and practical limitations of this approach. Its design and estimation should follow the decision process outlined in the MMS. As for any other models, institutions should assess the suitability of this methodology vs. other possible options as part of the model development process.

3.8 The Vasicek Credit Framework

3.8.1	The Vasicek credit framework is sometimes used to model PIT PD term structures. Institutions should be cognisant of the material challenges arising from using the Vasicek one-factor credit model (or similar derivations) for the purpose of ECL estimation, for the following reasons:
	(i)	This model has been originally designed to model economic capital and extreme losses at portfolio level. It is designed to replicate the behaviour of credit risk for a granular and homogeneous portfolio. Whilst it is an elegant modelling construction, it might not be the most suitable approach to model expected loss behaviours at the level of individual obligors.
	(ii)	It relies on parameters that are challenging to calibrate, in particular the asset correlation representing the correlation between (a) obligors’ asset value and (b) a non-observable systemic factor - generally assimilated to an industry factor for practical reasons. The model results are highly sensitive to the choice of this parameter. When modelling PIT PD, the introduction of this correlation parameter tends to reduce the impact of macroeconomic factors.
	(iii)	When it is used for ECL, the Vasicek model is often combined with a macroeconomic regression model. In this case, the non-observable systemic factor is not a given input. Rather, it is partially driven by macro variables. Consequently, the commonly used one- factor model should be adjusted to account for the variance of the residuals, i.e. the part of the systemic factor that is not explained by the macro variables.
3.8.2	If an institution decides to use this methodology, this choice should be approved by the Model Oversight Committee, with a clearly documented rationale. The asset correlation parameters should be chosen carefully, bearing in mind the following principle: the lower the PD, the higher the asset correlation because the obligor’s performance is expected to be mostly driven by systemic factors rather than by idiosyncratic factors.
3.8.3	It is common practice to calibrate the asset correlation based on the values suggested by the Basel Framework employed for capital calculation. However, institutions should consider the possibility that the interconnectedness of corporates in the UAE could lead to higher systemic correlations for some industries. Consequently, institutions should, at a minimum, perform sensitivity analysis to assess the implications of this calibration uncertainty on PDs.

3.9 Validation of PD Models

3.9.1	Irrespective of their choice of methods, institutions should validate PD models according to the principles articulated in the MMS. In particular for PD models, both qualitative and quantitative assessments are required.
3.9.2	Institutions should ensure that the following metrics represent accurately the risk profile of their books at segment-level: TTC 1y PD, PIT 1y PD and PD term structure. For that purpose, these metrics should be validated at several granularity levels (e.g. rating grades, segments, industries). Statistical tests alone are generally not sufficient to conduct appropriate validation of PD at segment level. Consequently, institutions should combine statistical tests, judgement and checks across several metrics to ensure that the calibration of these metrics are meaningful and accurate.
3.9.3	Comprehensive techniques should be developed in order to validate PIT PDs. At a minimum, institutions and their supporting third parties should cover the comparisons articulated in the following table. This logical cross-check approach involves comparing variables estimated via several methods. In addition to these comparisons, institutions should design and compute other metrics to suit their specific PD methodology.
3.9.4	If insufficient data is available to estimate some of the metrics in the below table, institutions should demonstrate that actions are taken to collect data to produce these metrics. Given the lack of data, they should also explain their approach to assess the suitability of the PIT PD calibration currently used in production.
	Table 2: Metrics used to validate PD models

Segment level metrics	Point-in-Time metrics (PIT)	Through-the-Cycle metrics (TTC)
1-year Default Rate (“1y DR”)	PIT 1y DR are historically observed default rates per segment. Should be in a form a rolling time series, preferably with monthly intervals.	TTC 1y DR are computed as the average of PIT 1y DR through time. They can be weighted by the number of performing obligors in each time step.
Cumulative Default Rate (“CDR”)	PIT CDR are historically observed default rates over several performance windows, covering for instance 2, 3 and 4 years. The result should be several term-structures of defaults, observed at several points in time. Also computed per segment.	TTC CDR is the average of the CDR through time, per performance window, covering for instance 2, 3 and 4 years. The result should be a single PD term structure of default per segment.
1-year Probability of Default (“1y PD”)	PIT 1y PD estimated based on score-to-PD calibration and macro models. Estimated at segment level as the average across rating grades (exposure-weighted or count-weighted).	TTC 1y PD can be computed with several methods. For instance as: (i) weighted average PD based on the bank’s master scale, or (ii) if transition matrices are used, weighted average across the default column of the TTC matrix.
Cumulative Probability of Default (“CPD”)	Terms structure of PIT PD per segment and rating grades produced by models. Estimated per segment as the average across rating grades (exposure-weighted or count-weighted).	Not always available, depending on the methodology. In the case of transition matrices, it should be based on the TTC matrix computed over several time horizons.

3.9.5	Upon the estimation of the above metrics, institutions should perform the following comparisons at segment level. Institutions should implement acceptable limits to monitor each of the following comparison, i.e. the difference between each two quantities. These limits should be included in the model validation framework and agreed by the Model Oversight Committee. Frequent and material breaches should trigger actions as articulated in the governance section of the MMS.
	(i)	TTC 1y DR vs. TTC 1y PD per segment: The objective is to verify that the central tendency observed historically is in line with the PD estimated based on the institution’s master-scale.
	(ii)	PIT 1y DR vs. PIT 1y PD estimated over the same historical period, per segment: This is a back testing exercise. The objective is to verify that the default rates observed historically are falling within a reasonable confidence interval around the PD forecasted over the same period.
	(iii)	PIT 1y DR recently computed vs. PIT 1y PD estimated over the next 12 months: The objective is to verify that the default rate recently observed is coherent with the PD forecasted from the reporting date over the next 12 months. These two quantities can diverge due to the effect of economic forecasts. There should be a logical and intuitive link between the two and material differences should be explained.
	(iv)	TTC CDR vs. PIT CPD per segment: The objective is to verify that the shape of the cumulative default rates observed historically is similar with the shape of the cumulative default rate forecasted by the model from the portfolio reporting date. The shape can be expressed as a multiplier of the 1-year PD.
	(v)	TTC CDR vs. PIT PD derived analytically: A PD term structures can be estimated simply by using survival probabilities derived from the institution’s PD mater scale. This is referred as the analytical PD term structure, that serves as a theoretical benchmark. The objective is to compare this analytical benchmark vs. (a) observed CDR and (b) the PD term structure generated by the model. Material deviations should be understood and documented. If CDR and CPD are materially lower than the analytical approach, adjustments should be considered.
3.9.6	In addition to segment level validation, institutions should ensure that the PIT PD profile across rating grades is logical and consistent. This is particularly relevant in the case of transition matrices. PIT adjustments should be coherent across different ratings. Technically, for a given segment and a given horizon forecast, the log-odd ratio of the PIT PD for a given rating over the TTC PD for the same rating, should be of similar magnitude between ratings.
3.9.7	Finally, economic consistency between segments is also part of the validation process of PD models. Institutions should ensure that such considerations are included in the scope of model validation. PIT PDs generated by models should be coherent between industries and between segments. For instance, if a given portfolio displayed high historical PD volatility, then such volatility is expected to be reflected in the forecasted PIT PD. Material deviations from coherent expectations should be explained and documented.

4 LGD Models

4.1 Scope

4.1.1	For risk management purpose and to comply with accounting and regulatory requirements, the majority of institutions develop models to estimate the potential loss arising in the event of the default of a facility or obligor. These are referred to as Loss Given Default models (“LGD”). These models serve several purposes including, but not limited to provision estimation, credit portfolio management, the economic capital estimation and capital allocation. For the purpose of the MMG, and to ensure appropriate model management, the following components are considered as separate models:
	(i)	TTC LGD models, and
	(ii)	PIT LGD models.
	The definitions of through-the-cycle (“TTC”) and point-in-time (“PIT”) are similar to those used under the section on PD models.
4.1.2	Institutions should develop and manage these models through a complete life-cycle process in line with the requirements articulated in the MMS. In particular, the development, ownership and validation process should be clearly managed and documented.
4.1.3	Institutions are expected to meet minimum expected practices for the development of LGD models. For that purpose, the construction of LGD models should include, at a minimum, the following steps:
	(i)	Regular and comprehensive collection of data,
	(ii)	Accurate computation of realised historical LGD,
	(iii)	Analysis of the LGD drivers and identification of the most relevant segmentation,
	(iv)	Development of TTC LGD model(s), and
	(v)	Development of PIT LGD model(s).
4.1.4	This section elaborates on the concepts and methods that institutions should incorporate in their modelling practice. In particular, institutions should pay attention to the appropriate estimation of recovery and losses arising from restructured facilities. Restructuring should not always be considered as a zero-sum game leading to no financial impact. In some cases the present value (“PV”) mechanics can lead to limited impact; however, restructuring events generate execution costs, delays and uncertainty that should be fully identified and incorporated into LGD modelling.
4.1.5	Institutions are strongly recommended to apply floors on TTC LGD and PIT LGD across all portfolios for several reasons. There is limited evidence that default events lead to zero realised losses. An LGD of zero leads to zero expected loss and zero capital consumption, thereby creating a biased perception of risk and misguided portfolio allocation. LGD floors contribute to sound decision making for risk management and lead to more realistic provisioning. The value of the floor should be five percent (5%) for all facilities, except in the following circumstances:
	(i)	The facility is fully secured by cash collateral, bank guarantees or government guarantees, and/or
	(ii)	The institution provides robust evidence that historical LGDs are lower than 5%.
	In all circumstances, LGD should not be lower than one percent (1%).

4.2 Data Collection

4.2.1	A robust data collection process should be put in place in order to support the estimation of LGD parameters. This process should follow the requirements pertaining to the Data Management Framework articulated in the MMS. If the data listed below is not currently available in the institution’s data bases, a formal project should be put in place in order to collect and store this data from the date of the MMG issuance.
4.2.2	Governance: The data types to be collected for the estimation of LGD are often spread across several teams and departments within institution. Consequently, close collaboration is expected between departments to (i) fully retrieve historical default cases, (ii) understand the reasons and the context for default and (iii) reconstruct long recovery processes that can last several years. In particular, close collaboration is expected between the risk analytics department in charge of model development and the department in charge of managing non-performing credit facilities.
4.2.3	Default definition: Institutions should ensure consistency between (i) the default definition used to collect data for LGD estimation and (ii) the default definition used to estimate PD for the same segment. PD and LGD are necessarily linked to each other and their estimation should be coherent. This is particularly relevant in the context of facility restructuring. If restructured facilities are included in the estimation of LGD, they should also be included in the estimation of PD.
4.2.4	Data types: The collection of data should cover all the elements necessary to estimate recoveries and historical LGDs, following each default event. At a minimum, the data collection process should include the following elements:
	(i)	Default events: An exhaustive list of default events should be collected to support a robust estimation of LGD. They should be consistent with the default events employed for PD modelling. Institutions are expected to collect as many default events as possible covering at least one economic cycle.
	(ii)	Exposure At Default: As per the definition section. For non-contingent facilities, the EAD should be the outstanding amount at the date of default. For contingent facilities, the EAD should be the outstanding amount at the date of default plus any other amounts that become due during the recovery process. This should include any additional drawings that occurred after default and before foreclosure or cure. It should also include any part of the original exposure that had been written-off before the default event was recorded.
	(iii)	Outcome categorisation: Each default event should be linked to the categories presented in the next article, depending on the outcome of the recovery process, namely (i) cured & not restructured, (ii) cured & restructured, (iii) not cured & secured, and (iv) not cured & not secured.
	(iv)	Obligor information: For each default event, client related information should be collected including, at a minimum, client segment, industry and geography.
	(v)	Facility details: This should include the type of facility and the key elements of the facility terms such as the tenor, the seniority ranking and the effective interest rate.
	(vi)	Restructuring: Each restructuring and rescheduling event should be identified and used in the categorisation of outcomes presented in the next articles.
	(vii)	Collateral: For each default event related to collateralised facilities, institutions should collect all relevant collateral information, including, but not limited to, the type of collateral, the last valuation prior to the default event and the associated valuation date, the liquidation value after default and the associated liquidation date, the currencies of collateral values and unfunded credit protections. If several valuations are available, institutions have a method to estimate a single value.
	(viii)	Historical asset prices: In order to estimate collateral haircut, historical time series should be collected, including amongst others, real estate prices, traded securities and commodity prices.
	(ix)	Collected cash flows: For each default event, the data set should include the cash flow profile received through time, related to this specific default event. Provided that collected cash inflows are related to the specific default event, they can arise from any party, including the obligor itself, any guarantor or government entities.
	(x)	Direct costs: These costs are directly linked to the collection of the recovery cash flows. They should include outsourced collection costs, legal fees and any other fees charged by third parties. If the facility is secured, the data set should include costs associated with the sale of collateral, including auction proceedings and any other fees charges by third party during the collateral recovery process.
	(xi)	Indirect costs: Institutions are encourage to collect internal and external costs that cannot be directly attributed to the recovery process of a specific facility. Internal costs relate to the institution’s recovery process, i.e. mostly the team that manages non-performing credit facilities and obligors. External costs relate mostly to overall costs of outsourced collection services.
4.2.5	Categorisation: The outcome of default events should be clearly categorised. Institutions are free to define these categories, provided that these include, at a minimum, the below concepts.

Table 3: Typical outcomes of default events

Outcome	Description	Detailed outcome	Category
Cured	The obligor has returned to a performing situation after a cure period-as defined in the CBUAE Credit Risk regulation.	No restructuring / rescheduling	Cured & not restructured
Cured		Restructuring / rescheduling	Cured & restructured
Not cured	The obligor has not returned to a performing status after defaulting.	The facility is secured by collateral	Not cured & secured
Not cured		The facility is not secured	Not cured & unsecured
Unresolved	The outcome remains uncertain until a maximum recovery period beyond which all cases should be considered closed for LGD estimation.		Unresolved

4.3 Historical Realised LGD

4.3.1	The next step in the modelling process involves the computation of historical realised LGD based on the data previously collected. The objective is to estimate the recovery and loss through a ‘workout’ approach for each of the identified default event.
4.3.2	The computation of LGD relies on the appropriate identification and quantification of the total recoveries and expenses linked to each default event. Institutions should implement a robust process to perform the necessary computation to estimate LGD at the lowest possible granularity level.
4.3.3	Institutions can develop their own methodologies for the estimation of historical realised LGD. However, their approach should incorporate, at a minimum, the components listed in this section and the corresponding categories of workout outcomes.
4.3.4	Institutions are expected to compute LGD at the time default (t) as the ratio of the total loss incurred divided by the Exposure At Default. When modelling LGD time series, the time of reference should be the date of default. We note LGD as a function of time t, as LGD_t, then t is the date of default, which is different from the time at which the recovery cash flows where collected. The total recovery is noted Recovery_t and the total loss is noted Loss_t. Institutions should therefore estimate realised LGD for each default event with the following formula:
4.3.5	The recovery is derived from all cash inflows and expenses occurring at future times after the default event and discounted back to the default date. The recovery cash flows should not be higher than the amount of recoveries that can legally be obtained by the institution. The discount rates should reflect the time-value of money plus the uncertainty surrounding the cash flows. Additional considerations for restructured facilities are presented at the end of this section. If several facilities are secured by one or several collaterals, institutions should implement a clear collateral allocation mechanism from the obligor level to each facility. The computations of Recovery_t and Loss_t depend on the workout outcome. The estimation method should incorporate the following components.
	Table 4: Recovery and costs per type of outcome

Outcome

Components of recovery and costs

(1) Cured & not restructured

(a)

Indirect costs, as defined in the data collection section.

(2) Cured & restructured

(a)	Potential reduction in present value upon restructuring the facility.
(b)	Direct costs, as defined in the data collection section.
(c)	Indirect costs, as defined in the data collection section.

(3) Not cured & secured

(a)	When applicable, present value of discounted collateral proceedings back to the default date
(b)	Direct costs, as defined in the data collection section.
(c)	Indirect costs, as defined in the data collection section.
(d)	Cash flows received but not associated with collateral liquidation.

(4) Not cured & unsecured

(a)	Recovered cash flows. Effect of discounting these cash flows back to the default date, function of the time to recovery.
(b)	Indirect costs, as defined in the data collection section.

(5) Unresolved

These should be treated as per the following article.

4.3.6	The treatment of unresolved default cases (incomplete workouts) creates a material bias in the estimation of LGD. Consequently, institutions should establish a clear process for the treatment of these cases and understand their impact on the estimation of historical realised LGD.
	(i)	Institutions should define criteria to decide on whether the recovery process of a default case should be considered closed. A degree of conservativeness should be included in this estimation to reflect the uncertainty of the recovery process. This means that if doubts persist regarding the possibility of future cash inflows, the recovery process should be considered closed.
	(ii)	Institutions should put in place clear criteria to include or exclude unresolved cases in their estimation samples. For that purpose, a maximum length of resolution period (from the date of default) should be established by obligor segment. The objective is to choose a duration that is sufficiently short to maximise the number of recovery cases flagged as ‘closed’ and sufficiently long to capture a fair recovery period.
	(iii)	It is recommended that open default cases with a recovery period longer than four (4) years should be included in the LGD estimation process, irrespective of whether they are considered closed. For the avoidance of doubt, all closed cases with a shorter recovery period should, of course, be included. Banks are free to use a shorter maximum duration. Longer maximum duration, however, should be avoided and can only be used upon robust evidence provided by the institution.
	(iv)	Default cases that are still unresolved within the maximum length of the recovery process (i.e. shorter than 4 years) should preferably be excluded for the purpose of estimating historical LGDs. Institutions have the option to consider adjustments by extrapolating the remaining completion of the workout process up to the maximum resolution period. Such extrapolation should be based on documented analysis of the recovery pattern by obligor segment and/or product type observed for closed cases. This extrapolation should be conservative and incorporate the possibility of lower recovered cash-flows.
		Table 5: Treatment of unresolved default cases

Recovery status	Shorter recovery than the maximum recovery period	Longer recovery than the maximum recovery period
Closed cases	Included. All discounted cash-flows taken into account.	Included. All discounted cash-flows taken into account.
Open cases	Excluded. Possible inclusion if cash-flows are extrapolated.	Included. All discounted cash-flows taken into account.

4.3.7	Institutions should not assume that restructuring and rescheduling events necessarily lead to zero economic loss. For restructuring associated with material exposures, an estimation of their associated present value impact should be performed. If no PV impact is readily available, then the terms of the new and old facilities should be collected in order to estimate a PV impact, according to the methodology outlined in the dedicated section of the MMG. In particular, if the PV impact of the cash flow adjustment is compensated for by a capitalisation of interest, institutions should include an incremental credit spread in discounting to reflect the uncertainty arising from postponing principal repayments at future dates. Such credit spread should then lead to a negative PV impact.
4.3.8	For low default portfolios, institutions may not have enough data to estimate robust historical recovery patterns. In this case, institutions should be in a position to demonstrate that data collection efforts have taken place. They should also justify subsequent modelling choices based on alternative data sources and/or comparables. Furthermore, portfolios with high frequency of cure via restructuring should not be considered as portfolios with low default frequency. Restructured facilities could be recognised as defaults depending on circumstances and in compliance with the CBUAE credit risk regulation.

4.4 Analysis of Realised LGD

4.4.1	Once institutions have estimated and categorised realised LGD, they should analyse and understand the drivers of realised LGD in order to inform modelling choices in the subsequent step.
4.4.2	At a minimum, institutions should analyse and understand the impact of the following drivers on LGD:
	(i)	The time at which LGD was observed in the economic cycle. The profile of the recovery pattern and the effect of the economic cycle on this pattern.
	(ii)	The effect of collateral on the final LGD including the time to realise the collateral, the impact of the type of collateral, the difference between the last valuation and the liquidation value.
	(iii)	The link between LGD and the obligor’s credit worthiness at the time of default captured by its rating or its PD.
	(iv)	The type of facility and its seniority ranking, where applicable.
	(v)	The obligor segments expressed by size, industry, and/or geography.
	(vi)	Any change in the bankruptcy legal framework of the jurisdiction of exposure.
4.4.3	Institutions should identify the most appropriate segmentation of historical realised LGD, because this choice will subsequently inform model segmentation. Portfolio segmentation should be based upon the characteristics of the obligors, its facilities and its collateral types, if any.
4.4.4	Institutions should be cautious when using ‘Secured LGD’ and ‘Unsecured LGDs’ as portfolio segments. A secured LGD is a loss obtained from a facility secured by a collateral. It is based upon the estimation of a collateral coverage (defined as the ratio of the collateral value to the exposure). The loss resulting from such coverage can spread across a large range: from low values in the case of over-collateralization, up to high values in the case of small collateral amounts. An average (referred as Secured LGD) across such large range of values is likely to suffer from a lack of accuracy. Thus, it is preferable to employ collateral as a direct continuous driver of LGD, rather than use it to split a population of obligors.
4.4.5	Once segments have been identified, institutions should produce three types of LGD per segment to support the estimation of ECL as per accounting principles. These estimates should be used to calibrate the TTC LGD and PIT LGD models in subsequent modelling steps. The estimation of averages can be exposure-weighted or count-weighted. This choice depends on each portfolio and thus each institution.
	(i)	The long run average by segment, through time across business cycles, estimated as the average of realised LGDs over the observation period.
	(ii)	The LGD during economic downturns.
	(iii)	The LGD during periods of economic growth.
4.4.6	When analysing the effect of collateral on LGD outcomes, institutions should consider, at a minimum, the following collateral types. Note that personal guarantees should not be considered as eligible collateral for the purpose of modelling LGD. This list may evolve with the CBUAE regulation.
	Table 6: Types of eligible collateral

Collateral types

Cash (or cash equivalent)

Federal Government (security or guarantee)

Local Government (security or guarantee)

Foreign sovereign government bonds rated BBB- or above

UAE licensed Bank (security or guarantee)

Foreign bank rated AA- or above (security or guarantee)

Foreign bank rated BBB- but below AA- (security or guarantee)

Listed Shares on a recognized stock exchange

Bonds or guarantees from corporations rated above BBB-

Residential Real Estate

Commercial Real Estate

All other banks bonds or guarantees

Cars, Boats, Machinery and other movables

All other corporate bonds or guarantees (not including cross or personal guarantees)

4.5 TTC LGD Modelling

4.5.1	The objective of TTC LGD models is to estimate LGD, independently of the macroeconomic circumstances at the time of default. Therefore, these models should not depend on macroeconomic variables. These models can take several forms depending on the data available and the type of portfolio. Institutions are free to choose the most suitable approach, provided that it meets the minimum expectations articulated in this section.
4.5.2	Defaulted vs. non-defaulted cases: LGD should be modelled and estimated separately between defaulted obligors (or facilities) and non-defaulted obligors. Whilst the methodology should be similar between these two cases, several differences exist:
	(i)	Upon a default event, the estimation of recovery relies on assumptions and on a live process with regular information updates. Therefore, for defaulted obligors (or facilities), as the recovery process unfolds, institutions should collect additional information to estimate recovery rates with further accuracy and thus obtain more specific LGD estimation.
	(ii)	For defaulted obligors (or facilities), particular attention should be given to PV modelling as per the dedicated section of the MMG. Discount factors should reflect the circumstances of default and the uncertainty surrounding the recovery process.
	(iii)	One of the major differences between LGD from defaulted vs. non-default exposures is that the former is estimated only as of the date of default, while the latter is estimated at several point in time, depending on the needs of risk management and financial reporting.
4.5.3	Properties: At a minimum, LGD models should meet the following properties.
	(i)	The modelled LGD should be based upon the historical realised LGD observations previously estimated.
	(ii)	The methodology should avoid excessive and unreasonable generalisations to compensate for a lack of data.
	(iii)	The model performance should be validated based on clear performance measurement criteria. For instance, model predictions should be compared against individual observations and also against segment average.
	(iv)	There should be enough evidence to demonstrate that in-sample fit and out-of-sample performance are reasonable.
	(v)	The choice of parameters should be justified and documented.
	(vi)	The model inputs should be granular and specify enough to generate a LGD distribution that is a fair and accurate reflection of the observed LGDs.
4.5.4	Functional form: Institutions are free to use LGD models with any functional form provided that the model output is an accurate reflection of the observed LGD. Institutions should aim to build LGD models that incorporate the suitable drivers enabling the model to reflect the main possible outcomes of the workout process.
4.5.5	Parameters: Institutions should aim to incorporate the following drivers in their LGD models. This means that any model using less granular inputs should be considered as a first generation model that requires improvement as further data becomes available.
	(i)	The probability of cure without restructuring,
	(ii)	The probability of cure through restructuring,
	(iii)	The collateral coverage,
	(iv)	Direct and indirect recovery costs,
	(v)	Collateral liquidation values including haircuts, and
	(vi)	Recovered cash flows
	The quantitative drivers above should be analysed (segmented) by qualitative drivers, including but not limited to:
	(vii)	Industry or obligor type,
	(viii)	Facility type, and
	(ix)	Seniority ranking.
4.5.6	The parameters listed above should drive the estimation of LGD. The mathematical construction of the LGD model can take several forms, that institutions are free to choose. The form presented below serves as illustration. Institutions are not expected to use this expression literally; rather, they should ensure that their final LGD model respects the principles of this expression with a suitable estimation of each component. If institutions employ a different functional form, they are encouraged to use the following expression as a challenger model.
	Table 7: Typical components of LGD models

Component	Definition
P₁	Probability of cure without restructuring
P₂	Probability of cure through restructuring
S	Collateral coverage defined as 𝐶𝑜𝑙𝑙𝑎𝑡𝑒𝑟𝑎𝑙 𝑉𝑎𝑙𝑢𝑒 ⁄𝐸𝐴D
L₁	Loss (cost) from managing delinquent clients that were cured without restructuring
L₂	Loss from managing delinquent clients through restructuring or rescheduling, including direct and indirect costs plus NPV impacts.
L₃	Loss from the realisation of collateral including haircuts, direct and indirect costs plus NPV impact. Estimated across all collateral types.
L₄	Loss arising from the incomplete recovery of the portion of exposure not covered by collateral, also including indirect management costs and NPV impacts. (Referred to as unsecured LGD.)

	The loss arising from the unsecured portion (L₄) is often called "unsecured LGD". The final LGD after taking collateral into accounts is often referred to as the "secured LGD". Irrespective of the semantic employed, LGD models should reconcile conceptually against the expression above.
4.5.7	Granularity: Institutions should aim to develop TTC LGD models to estimate LGD at a low level of granularity. The following minimum expected practices apply:
	(i)	Institutions should aim to model LGD at facility level, i.e. the LGD should incorporate facility characteristics. If this is not possible for practical reasons, LGD should be computed at obligor level. This means that LGD should be driven by parameters specific to each obligor and the associated collaterals if any.
	(ii)	If several facilities are secured by one or several collaterals, institutions should implement a clear collateral allocation mechanism from the obligor to each facility.
	(iii)	If institutions do not have the required data to build such granular models, they should put in place a formal project in order to collect the necessary data as a stepping stone towards accurate LGD modelling.
4.5.8	Segmentation: The portfolio segmentation employed to estimate LGDs should be justified and documented. In theory, LGD segments do not have to be identical to those employed for PD modelling. However, in practice, it is recommended to use similar portfolio segmentation across PD and LGD models, where possible, in order to ease the interpretation of LGD and subsequent usage in provision and capital estimation.
4.5.9	Collateral haircuts: The last valuation of an asset is unlikely to reflect the resale value of a repossessed asset. Consequently, institutions should estimate appropriate haircuts based on the assumption that they intend to sell the repossessed asset as soon as reasonably possible. Haircuts should be estimated based on historical data by type of collateral.
4.5.10	Bimodal distribution: Institutions should identify whether the distribution of observed LGD is bimodal, i.e. a distribution with two peaks of high frequency. In this case, specific modelling constraints apply. Institutions should be cautious when using an average value between these two peaks. Such average can be misleading and should not be employed to assign LGD at facility level since it does not correspond to an observable LGD at facility level.
4.5.11	Logical features: Following on from the conceptual framework presented above, some logical characteristics should be respected: (i) the final LGD should be equal or smaller than the unsecured LGD, (ii) the LGD should decrease with the presence of collateral, all other parameters being kept constant, and (iii) the longer the recovery period, the higher the recovery, the lower the LGD. The logical features should be tested as part of the model validation process.

4.6 PIT LGD Modelling

4.6.1	There is general evidence that LGD levels tend to be higher during economic downturns. This intuitive relationship is supported by numerous publications from academics and practitioners based on data from the US and European markets. In the UAE, whilst this relationship is more difficult to prove, there are objective reasons to believe it exists. In any case, this should be investigated as part of current accounting requirements. Consequently, institutions should implement a process to analyse the relationship between LGD and macro factors. This should be done at a relevant level of granularity.
4.6.2	This analysis should drive the modelling strategy of PIT LGD. Several modelling options can be envisaged and institutions should articulate explicitly their approach based on their preliminary analysis. While making a strategic decision, institutions should remain conservative. A portfolio may not be large enough to capture this relationship despite the existence of such relationship at larger scale. In doubt, it is preferable to include some degree of correlation between LGD and macro factors for the estimation of ECL. Once a mechanism is in place, the strength of the relationship can be adjusted in calibration exercises, upon further evidence proving or refuting it.
4.6.3	The objective of PIT LGD models is to estimate LGD as a function of the economic circumstances at the time of default and during the recovery process. Therefore, these models should depend on macroeconomic variables. Institutions are free to choose the most suitable methodology, provided that it meets the minimum expected practices articulated in this section.
4.6.4	PIT LGD models can be constructed by (i) adjusting TTC LGD or (ii) developing models independently from TTC LGD. For consistency purpose, the former is recommended over the latter. If institutions chose the second approach, they should ensure that both PIT LGD output and TTC LGD outputs are coherent.
4.6.5	The properties of the PIT LGD models should be similar to that of TTC LGD models. At a minimum, these models should meet the following:.
	(i)	The modelled LGD should be based upon the historical realised LGD observations previously estimated.
	(ii)	The methodology should avoid excessive and unreasonable generalisations to compensate for a lack of data.
	(iii)	The model performance should be validated based on clear performance measurement criteria. For instance, model predictions should be compared against individual observations (or relevant groups) and also against segment average.
	(iv)	The choice of parameters should be justified and documented.
	(v)	There should be enough evidence to demonstrate that in-sample fit and out-of-sample performance are reasonable.
	(vi)	The model inputs should be granular and specify enough to generate a PIT LGD distribution that is a fair and accurate reflection of the observed LGDs.
4.6.6	PIT LGD models can take several forms depending on the data available and the type of portfolio. Several broad categories of models can be defined as follows, ranked by increasing granularity and accuracy:
	(i)	Option 1: Most granular approach. The LGD parameters are directly linked to the macro forecasts and used as inputs to compute the losses (L₁,L₂,L₃,L₄). The final LGD is subsequently computed based on these losses, as defined in the TTC LGD section. For instance, collateral values at facility level can be directly linked to the macro forecasts, then secured LGDs are derived.
	(ii)	Option 2: Intermediate granular approach. The losses (L₁,L₂,L₃,L₄) are linked to the macro forecasts and used as input to estimate the final LGD, as defined in the TTC LGD section. For instance, the segment level secured and unsecured LGDs can be linked to the macro forecasts.
	(iii)	Option 3: Non-granular approach. The final LGD is directly linked to the macro forecasts. In this case the PIT LGD models does not use the LGD parameters.
	(iv)	Option 4: Alternative approach. The final LGD is linked to the obligor's PD, itself linked to macro forecasts. In this case, the LGD response to macroeconomic shocks is constructed as a second order effect through correlation rather than structural causation.
4.6.7	Institutions should articulate and document explicitly their preferred modelling option. All these options are acceptable; however institutions should be aware of their theoretical and practical limitations, in particular the potential accuracy issues arising from options 3 and 4. Institutions should aim to model PIT LGD via option 1. Consequently, institutions should understand and assess the financial implications of their modelling choice. This choice should be approved by the Model Oversight Committee.
4.6.8	If the PIT LGD model uses PIT PD as a sole driver of macro adjustment, then the model segmentation should be identical between PIT LGD and PIT PD. If institutions decide to develop dedicated PIT LGD-macro models, those should follow the minimum expectations articulated in the section of the MMG dedicated to macro models.

4.7 Validation of LGD Models

4.7.1	Institutions should validate all LGD models according to the validation principles articulated in the MMS. Both qualitative and quantitative assessments should be conducted for an appropriate validation.
4.7.2	Institutions should ensure that segment-level LGD values represent the risk profile of their books. Statistical tests alone are not sufficient to conduct appropriate validation of LGD at segment level. Consequently, institutions should combine statistical tests, judgement and checks across comparable metrics to ensure that the calibration of these metrics are meaningful and accurate.
4.7.3	The scope of the validation should be comprehensive. If the validation is performed by a third party consultant, institutions should ensure that the validation effort is comprehensive in scope and substance.
4.7.4	The validation scope should include, at a minimum, the following components:
	(i)	The data quality, comprehensiveness and collection process. This should cover the analysis of unusual features observed in historical data and their subsequent treatment for modelling.
	(ii)	The definition of default. This should cover the treatment of technical defaults and restructured accounts.
	(iii)	The methodology employed to compute historical LGD. This should cover in particular the possible outcomes as described earlier in this section. Partial replication of the historical LGD for a sample of facilities should be performed.
	(iv)	The methodology employed to estimate TTC LGD and subsequent PIT adjustments. This should cover the model fit, functional form, robustness, properties and sensitivities.
	(v)	The treatment of collateral. The treatment of LGD segmentation granularity. The quality of the model output in terms of economic and business meaning. This can rely on comparables based on data available outside of the institution.
	(vi)	The existence of spurious accuracy and excessive generalisation. In particular, the validation process should report the excessive usage of average LGD employed across a large population of heterogeneous obligors.
	(vii)	Back-testing of modelled LGD, estimated separately for defaulted and non-defaulted obligors.

5 Macroeconomic Models

5.1 Scope

5.1.1	Macroeconomic models (“macro models”) are primarily employed by UAE institutions for the estimation of Expected Credit Loss (“ECL”) and for internal and regulatory stress testing purpose. The objective of this section is to provide guidance and set the Central Bank’s expectation applicable to all macroeconomic models used by institutions. The practices described in this section are in compliance with current accounting principles.
5.1.2	In this context, macro models are defined as statistical constructions linking macro variables (“independent variables”) to an observed risk or business metrics, typically PD, Credit Index, LGD, cost of funds, or revenues (“dependent variables”). Several types of macro models exist. A common approach relies on time series regression techniques, which is the main focus of this section on macro models. Other approaches include (i) for retail clients, vintage-level logistic regression models using directly macroeconomic drivers as inputs and (ii) for corporate clients, structural models using macro variables as inputs.
5.1.3	Irrespective of the methodology employed, institutions should use judgement and critical thinking, where statistical techniques are coupled with causality analysis. Institutions should justify and balance (i) statistical performance, (ii) business intuition, (iii) economic meaning, and (iv) implementation constraints. Statistical methods and procedures will only provide part of the solution. Therefore, rigorous modelling techniques should be coupled with sound economic and business judgement in order to build and choose the most appropriate models. The key modelling choices and the thought process for model selection should be rigorously documented and presented to the Model Oversight Committee.
5.1.4	The modelling decision process should be driven by explorations, investigations, and comparisons between several possible methods. Note that time series regression models have been proven to yield the most intuitive results over other techniques.
5.1.5	When developing macro models, institutions should follow a clear sequential approach with a waterfall of steps. Depending on the outcome, some steps may need to be repeated. Each step should be documented and subsequently independently validated. In particular, for time series regression models, the process should include, at a minimum, the steps presented in the table below.
Table 8: Sequential steps for the development of macro models

#	Step
1	Data collection
2	Analysis of the dependent variables
3	Analysis of the macro variables
4	Variable transformations
5	Correlation analysis
6	Model construction
7	Statistical tests
8	Model selection
9	Monitoring and validation
10	Scenario forecasting

5.2 Data Collection

5.2.1	In order to proceed with macroeconomic modelling, institutions should collect several types of time series. This data collection process should follow the requirements articulated in the MMS.
5.2.2	At a minimum, these time series should be built with monthly or quarterly time steps over an overall period of five (5) years covering, at least, one economic cycle. Institutions should aim to build longer data series. The following data should be collected.
5.2.3	Macro variables: Institutions should obtain macro variables from one or several external reliable sources.
	(i)	The scope of variables should be broad and capture appropriately the evolution of the economic environment. They will typically include national accounts (overall and non-oil, nominal and real), oil production, real estate sector variables, CPI, crude oil price and stock price indexes.
	(ii)	Institutions should collect macro data pertaining to all jurisdictions where they have material exposures (at least greater than ten percent (10%) of the total lending book, excluding governments and financial institutions).
	(iii)	Institutions should document the nature of the collected variables, covering at a minimum, for each variable, a clear definition, its unit, currency, source, frequency, and extraction date.
	(iv)	Institutions should ensure that all variables employed for modelling will also be available for forecasting.
5.2.4	Historical default rates: Macro-PD models (or macro-to-credit index models) stand at the end of a chain of models. They are employed to make adjustments to the output of TTC PD models, themselves linked to rating models. Therefore the default data used for macro-PD modelling should reflect the institution’s own experience. If external default data points are used, justification should be provided. Finally, institutions are encouraged to also include restructuring and/or rescheduling events in their data to better capture the relationship between obligor creditworthiness and the economic environment.
5.2.5	Historical recovery rates: Macro-LGD models are designed to adjust the output of TTC LGD models. Consequently, the recovery data employed for macro-LGD modelling should reflect the institution’s own experience. If external recovery data points are used, justification should be provided.
5.2.6	Macro data series are mostly available with quarterly or even annual data points and rarely with monthly time intervals. Consequently, interpolation techniques may need to be developed. Institution should include interpolation methodology as part of the data transformation step. Such interpolation should be documented and included in the validation process.

5.3 Analysis of the Dependent Variables

5.3.1	Institutions should demonstrate that default series are suitable for modelling and are representative of their current portfolio. For that purpose, they should employ judgement and critical thinking when analysing the data. At a minimum, they should perform an analysis of the dependent variables through descriptive statistics, covering the distribution followed by each dependent variable and the identification of outliers, if any. Upon this analysis, a clear statement should be made regarding the suitability of the data for macro modelling. Consideration should be given to (i) the data quality, (ii) length, and (iii) representativeness. This analysis should be fully described in the model development documentation.
	Business consistency: Institutions should pay attention to the business significance of the historical data related to the dependent variable. One possible conclusion is that historical data of a given variable is no longer an appropriate representation of the current institution’s portfolio because the segment business strategy has changed materially. In the case of default and recovery rates, conservatism prevails.
	(i)	The institution may believe that its current portfolio is less risky than its historical portfolio and that it expects to experience lower default rates and/or losses in the future. In that case, the existing historical default series should be used for a reasonable period until there is enough evidence supporting the new risk profile. Subsequently, adjustments are permitted on the forecasted values, for instance in the form of scalers.
	(ii)	The institutions may believe that its current portfolio is more risky than its historical portfolios and that it will consequently experience higher default rates in the future. In that case, forecasts should be immediately adjusted, i.e. forecasted PDs and LGDs should be shifted upward.
5.3.2	Regime shifts: Institutions should identify the presence of regime shifts in all times series. These can be clearly identified by the presence of sudden permanent jumps in the data. Regime shifts tend to occur in default and recovery series due to changes in the data collection process, definition of default, recovery process or business strategies. For modelling, it is strongly recommended to avoid using time series with regime shifts as direct model inputs. Instead, adjustments should be implemented such as a truncation of the series or the use of specific econometrics techniques (the introduction of a dummy variable in the model).
5.3.3	Segmentation consistency: Segmentation means splitting a statistical sample into several groups in order to improve the accuracy of modelling. This concept applies to any population of products or customers. In particular, for the construction of PD and LGD macro models, the choice of portfolio, customer and/or product segmentation has a material impact of the quality of macro models. The economic behaviours of obligors and/or products should be homogeneous within each segment in order to build appropriate models. As mentioned in the data collection section, a degree of consistency is required between macro models and other models. For macro-PD models in particular, such consistency should be analysed and documented as follows:
	(i)	The granularity of segments for macro modelling should be equal or greater than the granularity of segments employed for (i) rating models, and (ii) PD term structures models. If this alignment is not possible, institutions should provide robust justifications and document them accordingly.
	(ii)	Institutions may decide to increase the segmentation granularity of macro models. An increase in the number of segments will lead to a reduction in segment size and in the number of observed defaults, could, in turn, reduce the statistical significance of the default rate. Therefore, increasing the segmentation granularity is permitted, provided that there is no material loss in the representativeness of the default rates.
5.3.4	Institutions should analyse and assess the impact of segmentation choices as part of the development of macro models. Several segmentation options should be considered and subject to the entire model development process described hereby. Institutions should then choose the best segmentation by assessing the quality and robustness of the macro models across several segmentation options.

5.4 Analysis of the Macro Variables

5.4.1	Institutions should perform a robust analysis of the macro variables through descriptive statistics. At minimum, this analysis should examine, amongst others, the shape of distribution to identify outliers, shape of tails, multimodality. Upon this analysis, a clear statement should be made regarding the suitability of the data for macro modelling. In particular, the analysis should consider the data quality, length and representativeness. This analysis should be fully described in the model development documentation.
5.4.2	Regime shift: Institutions should identify the presence of regime shifts in all macro time series. Regime shifts can occur in macro time series due to economic decisions such as the introduction of VAT or a large shift in interest rates. Similarly to the dependent variables, macro time series with regime shifts should be avoided or adjusted accordingly.
5.4.3	Economic consistency: Institutions should pay attention to the economic significance of the macro variables. Some macro variables provide consistently better explanatory power of risk metrics in the banking book. Conversely some variables are more challenging to interpret, consequently institutions should be cautious when using those variables for PD and LGD macro models. Particular attention is needed for the following:
	(i)	Employment rate: A large proportion of employees leave the UAE upon losing their employment. Consequently, the UAE employment rate incorporates a material bias, hence it is preferable to avoid this variable to model business or risk metrics.
	(ii)	Interest rates: The relationship between interest rates and default rates is ambiguous. Institutions should ensure that an appropriate interpretation of the estimates is provided upon modelling PDs and LGDs.
	(iii)	Abu Dhabi and Dubai stock indices: These indices can suffer from a lack of liquidity therefore institutions should ensure that an appropriate interpretation of the estimates is provided upon modelling PDs and LGDs.
	(iv)	UAE account balances (e.g. fiscal balance, current account): By construction these variables can oscillate between positive and negative values. Consequently, a relative time differencing can lead to very high returns and uncontrollable spikes. Instead, it is recommended to normalise these variables by nominal GDP prior to using them for modelling.

5.5 Variable Transformations

5.5.1	The principles of variable transformation articulated in the MMS also apply to macro models. Variable transformations have a material impact on macro models and on ECL. Therefore, institutions should test, choose and document the most appropriate transformations applied to both the macro variables and to the dependent variable.
5.5.2	Stationarity: Modelled economic relationship should be stable over time. In the context of time series regression model, variables should be stationary in order to construct robust and meaningful econometric models. Stochastic trends, seasonality and structural breaks are most common sources of non-stationarity. This property should be tested for both the dependent and independent variables, according to the following principles:
	(i)	Macroeconomic variables should meet stationarity criteria prior to be used for modelling. The absence of stationarity has adverse material consequences on macro models because it often leads to spurious correlations. Macro variables that are not stationary should either be transformed to obtain stationary series or should be excluded from the modelling process.
	(ii)	Even after transformations, in some circumstances full stationarity is challenging to obtain if series are short and data is scarce. In this case, institutions should use judgement and critical thinking to balance economic significance and stationarity requirement in order to assess if modelling can proceed. In this assessment, institutions should pay particular attention to the presence of trends, that often leads to spurious correlations.
	(iii)	To test for stationarity, standard unit root test may be used, including the Augmented Dickey-Fuller test, the Phillips-Perron test, the Kwiatkowski-Phillips-Schmidt-Shin (KPSS test). In case there is evidence of the presence of stochastic trend, standard transformations can be applied such as quarter-on-quarter or year-on-year log differencing.
	(iv)	Seasonality may be checked using X12 or X13 seasonal adjustment algorithms. Year-on-year differencing could also be used to remove stable seasonal patterns. Formal structural breaks tests (e.g. Chow test) may be employed if there is visual evidence of break in the series.
	(v)	Common stochastic trends between two variables may be explicitly modelled using the rigorous application of standard co-integration models (e.g. Engle-Granger two step method or Johansen approach).
	(vi)	The absence of stationarity of the dependent variable can also be addressed by a first order time differencing or by autoregressive models. However, this can potentially lead to further complexity in implementation. Institutions should use judgement in this choice provided that it is justified and clearly documented.
5.5.3	Differencing: Time differencing should be based upon the following principle. Let X_t be a time series of the macroeconomic variable X at regular time steps t. Formally we can define two types of changes: (i) backward looking returns that estimate the change of the variable over a previous horizon h and (ii) forward looking returns that estimate the change of the variable over a coming horizon h. Formally:
	It is recommended to build macro models based on backward looking returns as these are more intuitive to interpret and easier to implement. It is also recommended to compute backward looking default rates in order to ensure that both the dependent and independent variables are homogeneous.
5.5.4	Horizon of differencing: Institutions should choose carefully the horizon of return applied to macro variables, i.e. the period used to compute the change of a variable through time. Institutions should take notes of the following principles:
	(i)	For macroeconomic models, common return horizons include quarterly, half-yearly and yearly. The most appropriate return horizon should be chosen to maximize the explanatory power of the macro variables.
	(ii)	Note that the return horizon is not necessarily equal to the granularity of the time series. For instance, rolling yearly returns can be computed on quarterly time steps.
	(iii)	Institutions should be aware of the degree of noise in high frequency data. Consequently judgement should be used when using high frequency returns.
5.5.5	Lags: Variable lags should be considered in the modelling process to capture delayed effects of macro drivers. The use of large lags (more than 6 quarters) should be justified since long lags delay the impact of macro shocks on the dependent variable. For each macro variable, the choice of the most appropriate lag should be based on its statistical performance and economic meaning.
5.5.6	Smoothing: This means reducing the presence of spikes and outliers in times series. This is commonly addressed by the usage of moving average. Such practice is permitted but should be employed with caution and documented. The right balance of smoothing needs to be found. No smoothing (too much noise) in time series can lead to weak models. Alternatively, too much smoothing can dilute the strength of correlations. Smoothing techniques should be documented when applied.
5.5.7	Standard and intuitive transformations should be used. For example, the growth rate of a variable that can be zero or negative is not a meaningful measure.

5.6 Correlation Analysis

5.6.1	The objective of the correlation analysis is to assess the strength of the relationship between (i) each of the transformed dependent variable (e.g. PD) and (ii) each of the transformed macro variables, on a bilateral basis. Consequently such univariate analysis should be performed for each obligor segment. This analysis should include both statistical and causality perspectives. Relationships should make economic sense and meet business intuitions.
5.6.2	Institutions should pay attention to the strength and sign of correlations (positive vs. negative relationships) and assess whether they meet business intuitions. At a minimum, the following components should be documented: (i) the top macro variables ranked by correlation strength and (ii) comments and analysis on the observed statistical relationships vs. expected business intuitions.
5.6.3	A cut-off should be establish to eliminate the transformed macro variables that display weak and/or incoherent correlations with the independent variables. This reduced population of transformed macro variables should be used to perform multivariate analysis.

5.7 Model Construction

5.7.1	The objective of this step is to construct relevant and robust relationships between a single transformed dependent variable (e.g. PD) and several macro variables. The choice of the macro variables entering each model should be based upon the results of the correlation analysis. This process results in the construction of a range of multifactor models for each dependent variable.
5.7.2	In the context of time series regressions, institutions should choose the most appropriate methodology to perform multifactor regressions. Amongst others, it is recommended to perform multifactor regressions with or without autoregressive terms. It is recommended that institutions include several modelling forms as part the pool of possible model candidates.
5.7.3	The estimation of model coefficients should be performed with recognised professional statistical software and packages. The entire process should be fully documented and replicable by an independent party.
5.7.4	Several performance metrics should be used to rank and choose models. As these metrics depend on the type of models, institutions should use judgements to employ the most appropriate performance metrics per model type. At a minimum, the adjusted R-square should be used for multifactor regression models. For models based on the ARIMA form, a pseudo R-square should be employed as the square of the correlation between the fitted variable and the original dependent variable.

5.8 Statistical Tests

5.8.1	Standard post-estimation tests should be used to check that the underlying assumptions are appropriate for all types of macro models. The set of appropriate tests should be based on best practices in the relevant field / literature. The model development documentation should clearly indicate (i) the chosen test for each property, (ii) the nature of the H₀ hypothesis, (iii) the cut-off values chosen upfront to determine the rejection or non-rejection.
5.8.2	In the context of time series regression, regression coefficients should be significant and residuals should be tested for autocorrelation and normality. The table below indicates properties that should be tested, at a minimum. Other tests may be considered, if necessary.
	Table 9: Typical statistical tests for models based on time series regression

Property to be tested	Description of the property to be rejected	Suggested test (others may exist)
Stationarity	Absence of stationarity in each time series	Augmented Dickey-Fuller (ADF)
Co-integration	Absence of stationarity in a linear combination of the dependent variable and each independent variable	Engle-granger two-step method
Multicolinearity	High correlation between the independent variables	Variance Inflation Factor
Coefficient significance	The coefficients are not statistically significantly different from zero	Coefficient p-value on a t-distribution
Autocorrelation	High correlation between the error terms of the model	Ljung-Box test
Heteroscedasticity	Absence of relationship between independent variables and residuals	Breusch-Pagan or White test
Normality	Normal distribution of the residuals	Shapiro Wilk

5.9 Model Selection

5.9.1	The model and macroeconomic variable selection should be based on clearly defined performance criteria using a transparent selection algorithm. The final model should be able to (i) generate values that fit the historical values of the dependent variable and (ii) generate accurate predictions.
5.9.2	For each segment, institutions should choose a final model from the list of candidate models generated from the model construction step. Statistical performance should not be the only decisive factor to choose a model. Instead, the choice of the final model should be based upon the combination of various factors. At a minimum, institutions should use the criteria outlined below. It is essential that institutions include all these criteria in the selection process. The absence of one criteria could be materially detrimental to the choice of the most relevant model.
	(i)	Statistical performance:
		a.	The chosen model should meet minimum requirements of performance, statistical stability and robustness as shown by the statistical indicators and their associated thresholds. Model parameters and forecasts should remain stable over time.
		b.	In addition, at the model development stage, it is important to examine the stability of models: out-of-sample performance and in-sample fit should be tested and compared across candidate models. A common metric employed to express model performance is the root mean square error, for which limits should be established.
	(ii)	Model sensitivity: Quantitative response of the dependent variable to independent variables should be meaningful and statistically significant - both quantitatively and qualitatively. This can be examined through simulating one standard deviation change in individual dependent variables or by considering the forecast differences across alternative scenarios.
	(iii)	Business intuition: The chosen model should be constructed with variables and relationships that meet logical business and economic intuitions. This means that the model should be explained by causal relationships.
	(iv)	Realistic outcomes: Projected values should be consistent with historical observations and meet economic intuition. Any material jump and/or disconnect between historical values and forecasted should be explained.
	(v)	Implementation: When choosing a model, institutions should be mindful of the implementation and maintenance constraints, which should form part of the choice of the most appropriate models. For instance, some variables may not be available as frequently as expected for forecasting. Also, some model formulations may require autoregressive terms that need specific treatment during implementation.
5.9.3	In order to test the business intuition, for each candidate model, institutions should forecast the dependent variables (e.g. PD, Credit Index) under a severe downside scenario. The outcome will therefore be a range of projected dependent variables (one for each model) under the same scenario. It may become apparent that some candidate models should be excluded as they generate outputs that deviate too much from economic and business expectations.
5.9.4	Forecast Uncertainty: Projected forecast are based on mean or median values, around which uncertainty (i.e. confidence interval) inherently exists. Institutions should ensure that the model forecast uncertainty are clearly estimated, documented and reported to the Model Oversight Committee. In the context of time series regression, the confidence interval around the mean can be estimated empirically or based on the standard deviation of the residuals under the assumption of normally distributed residuals.

5.10 Validation of Macro Models

5.10.1	The validation of macro models should be performed by a different and independent party from the development team, according to the validation principles articulated in the MMS. If macro models are developed by a third party consultant, then a team within the institution or another consultant should therefore perform these independent validations.
5.10.2	Monitoring macro models may be challenging due to the low frequency of macroeconomic data. Institutions are expected to monitor the performance of macro models once a year. However, exceptional monitoring is required in the case of exceptional macroeconomic events.
5.10.3	Pre-implementation validation: This step involves the validation of the chosen macro models immediately after their development, prior to using them in production. The objective is to ensure that macro models meet a minimum level of quality and that they are fit for purpose. At a minimum, the following validation steps should be performed.
	(i)	Development process: The validator should review the development process as per the principles articulated in the MMS.
	(ii)	Replication: The validator should replicate the final chosen model per segment and ensure that the coefficients are correctly estimated.
	(iii)	Statistical tests: The validator should ensure that statistical tests are correct, that cut-offs are reasonable and that statistical assumptions are correctly interpreted. This may necessitate partial replication. Additional statistical tests may be needed.
	(iv)	Model sensitivity: The validator should measure the elasticity of the model output to changes in each input variable. The model user and validator should be aware of the presence of independent variables that dominates other variables in a given model.
	(v)	Model stability: The validator should test the model stability, for instance by removing data points from the original time series (at the start or the end), re-run the regressions and re-project the dependent variable. The validator should also examine the stability of the model coefficients.
	(vi)	Conclusion: When deemed appropriate, the validator can make suggestions for defect remediation to be considered by the development team.
5.10.4	Post-usage validation: This is otherwise referred to as back-testing, whereby the validator should compare the realized values of the dependent variable (e.g. PD, LGD, Credit Index) against the forecasted values based on the macroeconomic scenarios employed at the time of the forecast. A conclusion should be made based pre-defined confidence intervals.
5.10.5	Upon the post-usage validation, the validator should make a clear statement regarding the suitability of the model to be used for another cycle. When deemed appropriate, the validator can make suggestions for defect remediation to be considered by the development team.

5.11 Scenario Forecasting

5.11.1	The expected practices articulated in this section relate to the regular estimation of ECL. As per current accounting requirements, institutions should estimate an unbiased and probability weighted ECL by evaluating a range of possible outcomes. Consequently, institutions should forecast economic conditions over the lifetime of their portfolio. All the macroeconomic variables employed as input in macro models should be forecasted until the longest maturity date of the institutions’ portfolio.
5.11.2	Institutions are encouraged to disclose macroeconomic scenarios in their annual reports. For this information to be meaningful, institutions should provide the values of the main economic drivers over the next three (3) years with the weight of each scenario.
5.11.3	Institutions should use the most recent set of models to forecast PD and LGD. If the most recent models are not used in the computation of ECL, this should be mentioned in monitoring and validation reports and reported to internal and external auditors because it has direct impacts on financial reporting.
5.11.4	Governance: Institutions can either develop macroeconomic forecasts internally or rely on third party providers. In both cases, a governance process should be put in place to guarantee the quality of forecasts.
	(i)	If scenarios are developed internally, they should be constructed by subject matter experts with robust economic knowledge, within the institution. The scenarios should be reviewed by the Model Oversight Committee and the committee in charge of ECL oversight.
	(ii)	If scenarios are developed externally, institutions should put in place an internal validation process, by which the forecasts are checked, errors are adjusted and economic consistency is ensured. Even if scenarios are provided by an external party, each institution remains the owner of the economic forecasts and therefore remains accountable for inconsistencies present in those scenarios.
	(iii)	To support the adequate estimation of ECL, institutions should produce regular reports to present the aspects of macro scenario calibration discussed in this section. The report should address the source of scenarios, their economic consistency, their severity, weights and potential adjustments.
5.11.5	Weights and severity: As per current accounting requirements, institutions should use several weighed scenarios. At a minimum, institutions should employ one base, one upside and one downside scenario for each macro variable. In order to obtain an unbiased estimation of ECL, both the scenario weights and their associated severity should be jointly calibrated. For each variable, institutions should pay attention to the relative weight and severity of the downside scenario vs. the weight and severity of the upside scenario. Finally, it is recommended to estimate the ECL under each scenario in order to convey possible ECL volatility and support appropriate risk management.
5.11.6	Forward looking information: As per current accounting requirements, ECL should be based on forward looking information that is relevant reasonable and supportable. This should be understood as follows:
	(i)	The economic information should be based on consensus, when possible, rather than a single source.
	(ii)	The economic forecasts should be realistic in terms of trend, level and volatility. For instance, economic forecasts assuming a constant positive inflation should not push asset prices to excessive and unrealistic levels in the long term. This feature is particularly relevant for real estate collaterals.
	(iii)	The divergence between the scenarios (base, upside, downside) should meet economic intuition and business sense. Such divergence should follow a logical economic narrative.
5.11.7	Benchmarks: Aside from ECL measurement, institutions employ existing scenarios for planning purposes, with varying severity and probability of occurrence. Amongst others, dedicated scenarios are used for the ICAAP, the recovery and resolution plan, and for stress testing purpose. These scenarios should not be employed as input for ECL computation because they do not represent an unbiased probability-weighted set of scenarios. Similarly, the macroeconomic scenarios provided by the CBUAE as part of regulatory enterprise-wide stress testing exercises should not be used as input for ECL computation. All these alternative scenarios can only be used as distant comparables for the ECL scenarios. However, this comparison should be made with caution because the calibration (severity, likelihood) of the ECL scenarios is likely to be different.
5.11.8	The construction of the scenarios should be economically coherent and therefore should follow a set of rules to be consistent. Let X_t be a time series of the macroeconomic variable X at regular time steps t. For the purpose of articulating this point, we will use three scenarios. The time series of X corresponding to each scenario are noted X_t^base, X_t^Up and X_t^Down .
	(i)	Scenarios should be constructed in such way that their values diverge after a given date, called the forecasting date, noted ?. The time series for the three scenarios should be identical prior to the date of forecast and diverge after the date of forecast. Formally:
	(ii)	The portfolio date noted K employed in loss computation should be close to the forecasting date. Therefore, institutions should keep updating the macroeconomic forecasts along with the portfolio date, in order to minimize the time difference between T and K. It may happen that ECL reporting is done at a higher frequency than the update of macroeconomic forecasts. In this case, the time step at which scenarios start diverging occurs before the portfolio date K. Formally, for T＜K:
		This misalignment is likely to create unwarranted effects in particular if scalers are used in PD modelling. Therefore, the maximum delay between the two dates should be no more than three months: K - T ≤ 3 months. If this difference is greater than three (3) months, the impact on the forecasted PD and LGD should be analysed and documented by the independent model validation team.
	(iii)	Beyond the forecasting start date, the upside and downside scenarios should not be constructed by a constant parallel shift (or scaling) of the base scenarios. Rather, the upside and downside scenarios should be constructed such that they display a gradual divergence from the base scenario through time (in growth rate terms if growth rates are applied). This property should apply to the stationary transformed macroeconomic variable. Consequently, the forecasted PD and LGD should follow the same pattern. Formally:
	(iv)	Any scaler subsequently constructed based on these scenarios should follow the same pattern: a gradual divergence from the base scenario.
5.11.9	The principles articulated in this section about scenario forecast should also be included in the scope of review of the validation process. The validation process should test, assess and document practices for scenarios forecasts, including the governance, scenario construction and calibration.

6 Interest Rate Risk in the Banking Book

6.1 Scope

6.1.1	For the purpose of this section, and in order to simplify technical considerations, both interest rate risk (for conventional products) and profit rate risk (for Islamic products) will be referred to as Interest Rate Risk in the Banking Book (“IRRBB”). Both lead to a similar structural risk on institutions’ balance sheet.
6.1.2	Institutions should implement models to address the requirements articulated in “Interest rate and rate of return risk in the banking book Standards” issued by the CBUAE in 2018 (notice 165/2018), hereby referred to as the “CBUAE Standards on IRRBB”. In addition to the CBUAE Standards, institutions should refer to the Standards articulated by the Basel Committee on Banking Supervision in April 2016: “Interest rate risk in the banking book”, hereby referred as the “Basel Standards on IRRBB”.
6.1.3	According to the CBUAE Standards on IRRBB, interest rate risk should be captured through changes in both (i) expected earnings and (ii) the economic value of the balance sheet. In order to ensure more homogeneity in the methodology employed by institutions across the UAE, the MMG hereby presents some guidance on IRRBB modelling. The IRRBB requirements related to governance, management, hedging and reporting are covered in a separate CBUAE Standards on IRRBB.

6.2 Metrics

6.2.1	Institutions should identify all positions in interest sensitive instruments including:
	(i)	All assets, which are not deducted from Common Equity Tier 1 (“CET1”) capital, and which exclude (a) fixed assets such as real estate or intangible assets and (b) equity exposures in the banking book.
	(ii)	All liabilities, including all non-remunerated deposits, other than CE1 capital ; and
	(iii)	Off-balance sheet items.
6.2.2	Institutions should reconcile their exposures against their general ledger and their published financials. Differences may arise for valid reasons, which should be documented. This reconciliation process should be included in the model documentation and should be verified by the finance team on a yearly basis.
6.2.3	Changes in expected earnings and economic value can be captured through several possible metrics. At a minimum, the following metrics should be computed. These are referred as “IRRBB metrics”:
	(i)	Gap risk: It is defined as the difference between future cash in-flows and cash-outflows generated by both assets and liabilities. The cash in-flows and out-flows are derived from the allocation of all relevant interest rate sensitive instruments into predefined time buckets according to their repricing or their maturity dates. These dates are either contractually fixed or based upon behavioural assumptions. The resulting metrics is the net position (gap) of the bank per future time bucket.
	(ii)	Gap risk duration: Also referred to as partial duration or partial “PV01”. It is defined as the modified duration of the gap per maturity bucket. The modified duration is the relative change in the present value of the position caused by a 1 basis point change in the discount factor in a specific maturity bucket. The resulting metrics is a term structure of PV01 per maturity bucket.
	(iii)	Economic value of equity: Also referred to as “EVE”. It is defined as the difference between the present value of the institution’s assets minus the present value of liabilities. The change in EVE (“∆EVE”) is defined as the difference between the EVE estimated with stressed discount factors under various scenarios, minus the EVE estimated with the discount factors as of the portfolio reporting date.
	(iv)	Net interest income: For the purpose of the MMG, and in order to simplify notations, both Net Interest Income (for conventional products) and/or Net Profit Income (for Islamic Products) are referred to as “NII”, defined as the difference between total interest (profit) income and total interest (profit) expense, over a specific time horizon and taking into account hedging. The change in NII (“∆NII”) is defined as the difference between the NII estimated with stressed interest rates under various scenarios, minus the NII estimated with the interest rates as of the portfolio reporting date. ∆NII is also referred to as earning at risk (“EAR”).

6.3 Modelling Requirements

6.3.1	The models employed to compute the metrics above should follow the principles articulated in the MMS. In particular all IRRBB models should follow the steps in the model life-cycle. The assumptions and modelling choices surrounding IRRBB models should not be the sole responsibility of the ALM function nor the market risk function. Rather, these assumptions should be presented to and discussed at the appropriate governance forum reporting to the Model Oversight Committee.
6.3.2	The modelling sophistication of the EVE should depend upon the size and complexity of institutions. For that purpose, different requirements are defined in function of their systemically important nature. The modelling requirements presented hereby should be regarded as minimum standards. To remain coherent with Basel principles, higher standards apply to large and/or sophisticated institutions (“LSI”). However, the other institutions may choose to implement models with higher standards than the one prescribed for them. This proportionality is an exception to the MMG due to the prescriptive nature of the Basel methodology surrounding IRRBB.
6.3.3	The requirements below refer to the methodology articulated in section IV (“The standardised framework”) of the Basel Standards on IRRBB. All institutions are requirements to fully understand this framework.
	Table 10: Components of IRRBB models

Component	LSIs	Other institutions
Computation granularity	Facility level or facility type if groups of facilities are homogeneous	Summation of facilities within buckets, according to the Basel Standards
Time buckets	Granular bucketing depending on the composition of the books	Standardised bucketing according to the Basel Standards on IRRBB
Option risk	Included in both EVE and NII	Included in EVE Optional from NII
Commercial margins	Optional from EVE Included in NII	Optional from EVE Included in NII
Basis risk	Included	Optional
Currency	Estimation for each material currency	Estimation for each material currency
Scenarios	Standard plus other scenarios defined by institutions	Standard six scenarios
IT-system	Dedicated system	Spreadsheets can be used if the model and its implementation are independently validated

6.3.4	The estimation of EVE should be based upon the following principles: (a) it includes all banking book assets, liabilities and off-balance sheet exposures that are sensitive to interest rate movements, (b) it is based on the assumption that positions roll off, and (c) it excludes the institution’s own equity. The approach subsequently depends on the type of institutions.
	(i)	LSIs should compute EVE as the difference between discounted assets and liabilities at a granular level. Institutions should aim to perform this computation at a facility level. For practical reasons, some facilities could be aggregated, provided that they are homogeneous and share the same drivers and features. All inputs including, but not limited to, cash-flows, time buckets, risk-free rates, option risk and basis risk should also be estimated at a granular level.
	(ii)	It should be noted that the Gap risk and the Gap risk duration are not directly used to estimate EVE in the context of a granular full revaluation. However, the Gap risk and Gap risk duration should be estimated and reported in order to manage IRRBB.
	(iii)	Non-LSI can compute EVE at a higher level of granularity, according to the principles outlined in the Basel Standards on IRRBB and in particular according to article 132. The methodology is based upon the summation of discounted Gap risk across time buckets, rather than a granular NPV estimation at facility level. Institutions should pay particular attention to the cash flow allocation logic in each time bucket.
	(iv)	Irrespective of their size, all institutions should compute ?EVE as the difference between EVE estimated under interest rate scenarios and the EVE under the current risk-free rates. The final EVE loss and the standardised risk measure employed in Pillar II capital should be computed according to the method explain in the article 132 (point 4) of the Basel Standards on IRRBB, whereby EVE loss should be aggregated across currencies and scenarios in a conservative fashion.
6.3.5	The estimation of NII should be based upon the following principles: (a) it includes all assets and liabilities generating interest rate revenue or expenses, (b) it includes commercial margins and (c) no discounting should be used when summing NII across time buckets. The approach subsequently depends on the type of institutions.
	(i)	LSIs should compute NII at a granular level, both for facilities and maturity time steps. NII should be based on expected repricing dates upon institutions’ business plan of future volume and pricing. Therefore LSIs should estimate ∆NII as the difference in NII under the base and the stress scenarios. Such granular computation should include option risk and basis risk.
	(ii)	Non-LSIs can compute ?NII by allocating interest revenue and interest expenses in the standardised time buckets used for EVE. Non-LSI institutions can compute ?NII by estimating directly their earning at risk on each expected repricing date.
	(iii)	For the purpose of risk management, institutions are free to model NII based on static or dynamic balance sheet assumptions (although LSIs are recommended to employ the latter). Institutions can also choose the NII forecasting horizon. However, for Pillar II assessment as part of the ICAAP and for reporting to the CBAUE, the following, institutions should compute NII over 1 year; in addition LSIs should also compute NII over 3 years.
6.3.6	Institution’s own equity: For NII estimation, institutions should include interest-bearing equity instruments. For EVE, in the context of the MMG, institutions should compute two sets of metrics by first including and then excluding instruments related their own equity. These two types of EVE will be used for different purposes.
	(i)	CET1 instruments should be excluded at all times to avoid unnecessary discrepancies related to the choice of behavioural maturity associate to this component.
	(ii)	Some institutions have a large proportion of interest-sensitive instruments, in particular in the AT1 components. Consequently, these institutions should estimate and report a first set of EVE sensitivities by including these instruments. This type of EVE is useful for proactive management of IRRBB.
	(iii)	Conversely, one of the objectives of assessing IRRBB is to ensure that institutions hold enough capital to cover such risk, which is articulated through the ICAAP. Institutions should not use part of their capital to cover a risk that is itself generated from capital. Therefore, institutions should also compute and report EVE by excluding their own equity entirely. This type of EVE is useful to estimate the Pillar II capital charge arising from IRRBB.
6.3.7	Commercial margins: The treatment of commercial margins is different between NII and EVE. However, the recommendation is similar for both LSIs and non-LSIs.
	(i)	All institutions should include commercial margins in NII estimation. Margins should be adjusted based on business plans and expected customer behaviour in a given interest rate environment. For instance, it might be assumed that margins will be increased to retain depositors in a falling interest rate environment.
	(ii)	All institutions have the option to include or exclude commercial margins in EVE estimation. However, institutions should also aim to estimate the impact of commercial margins on EVE. For consistency, if margins are included in the cash flows (numerator), then discount factors should also reflect the corresponding credit spread of the obligors (denominator). Such estimation should be done at homogeneous pools obligors with similar credit risk profiles.
6.3.8	Basis risk: This risk arises when assets and liabilities with the same tenor are discounted with different ‘risk-free’ interest rates. Potential credit risk embedded in these rates makes them not entirely risk-free, hence the existence of bases. A typical example is an asset priced with the US LIBOR curve but funded by a liability priced with the US Overnight Index Swap (“OIS”) curve, thereby creating an LIBOR-OIS basis leading to different NPV and NII from both the asset and the liability. Another example is the recent introduction of USD Secured Overnight Financing Rate (“SOFR”) creating a LIBOR-SOFR basis. LSIs are required to fully identify and assess basis risk. They should employ the appropriate risk-free rate for each instrument type, thereby capturing basis risk in all the IRRBB metrics. While non-LSIs are not expected to fully quantify basis risk on a regular basis, they should perform an approximation of this risk to assess whether further detailed quantification is necessary.
6.3.9	Currency risk: The currencies of assets and liabilities have a material impact on the resulting IRRBB, therefore this dimension should be fully addressed by institutions’ modelling practice.
	(i)	All the IRRBB metrics should be estimated for each currency in which the institution has material exposures, i.e. when the gross exposure accounts for more than five percent (5%) of either the gross banking book assets or gross liabilities. For those, the interest rate shocks should be currency-specific.
	(ii)	For the estimation of the capital charge, the Basel Standards on IRRBB suggests to sum the maximum change in EVE across currencies without offsetting. While the CBUAE recognises that no offsetting is conservative for pegged currencies, (typically USD/AED), institutions should manage basis risk appropriately since material bases have been observed between USD rates and AED rates. Consequently, each institution has the option to offset ?EVE between pegged currencies, only if it can demonstrate that it does capture the basis risk between these currencies with dedicated stress scenarios.
6.3.10	Non-performing assets (“NPA”): Institutions should define clearly the treatment of non-performing assets in their modelling practice, according to the following principles.
	(i)	NPA (net of provisions) should be included in the estimation of EVE. In most default cases, LGD>0% therefore a recovery is estimated at some point in the future. The LGD is estimated by discounting expected recoveries with a discount rate generally based on the effective interest rate of the facility. In the context of IRRBB, a change in the interest rate environment should have an impact the present value of discounted recoveries and therefore on LGD. This effect could likely impact EVE. Finally, consideration should also be given to rescheduled facilities and/or forbearance with payment holidays where interests are accrued. The postponement could results in lower PV under scenarios with increasing rates.
	(ii)	The treatment of NPA (net of provisions) for NII computation is left to the discretion of banks. Under a static balance sheet assumption, non-performing assets will not generate cash inflows. A change in rates would have no impact the NII from such assets. However, under dynamic a balance sheet assumption, some NPA could return to a performing status and therefore impact NII.

6.4 Option Risk

6.4.1	Option risk constitutes a fundamental building block of IRRBB. Option risk is defined as the potential change of the future flows of assets and liabilities caused by interest rate movements. In the context of the MMG, option risk refers to deviations from either contractual maturity or expected behavioural maturity. Consequently, these options can be explicit or implicit. The exercise of these options are a function of the contractual features of the product, the behaviour of the parties, the current interest rate environment and/or the potential interest shocks. All institutions should capture option risks, irrespective of their size and sophistication.
	Table 11: Categories of option risk

Financial product	Risk	Behavioural trigger	Automatic trigger
Non-maturing deposits	Early redemption risk	Yes	No
Fixed rate loans	Prepayment risk and restructuring risk	Yes	No
Term deposits	Early redemption risk	Yes	No
Automatic interest rate options	Early redemption risk and prepayment risk	No	Yes

6.4.2	In order to model option risk appropriately, all institutions should, at a minimum, undertake the following steps:
	(i)	Identify all material products subject to embedded options,
	(ii)	Ensure that assumptions employed in modelling are justified by historical data,
	(iii)	Understand the sensitivity of the IRRBB metrics to change in the assumptions related to option risk, and (iv) Fully document the method and assumptions used to model option risk.
6.4.3	LSIs should incorporate option risks at a granular level and undertake the necessary analysis to substantiate their assumptions. Option risk can be modelled and estimated at an aggregated level that displays similar behavioural characteristics, but the model results should be applied as a granular level. For that purpose, LSIs can use the standardised approach as a starting point and elaborate on it, in such a way that the approach meets the size and complexity of the institution. Ultimately, cash flows from assets and liabilities should be conditional upon the level of interest rates in each scenario. The methodology and assumptions employed to model optionality should be fully documented.
6.4.4	Non-LSIs should use the EVE approach articulated in the Basel Standards on IRRBB, whereby option risk is incorporated via the dependency of cash flows on interest rate levels by using conditional scalers. Subsequently, under each stress scenario with specific interest rate shocks, institutions should employ a different set of netted cash flows per bucket to compute EVE. In other words and using the Basel formulation, the cash flow CF_i,c(t_k) should vary for each interest rate scenario, where i, c and t_k are respectively the interest rate scenario, the currency and the time bucket. The below steps explain further the standardised approach.
6.4.5	Non-maturity Deposits (“NMD”): All institutions should model option risk for NMD, as described in the Basel Standards on IRRBB, from article 110 to 115. The objective is to assess the behavioural repricing dates and cash flow profiles of NMD. In particular, institutions should undertake the following steps:
	(i)	Segregate NMD into categories of depositors, considering at a minimum, retail clients, wholesale clients and Islamic products.
	(ii)	Identify stable and core deposits, defined as those that are unlikely to be repriced, even under significant changes in the interest rate environment. For that purpose, institutions should analyse historical patterns and observe the change in volume of deposits over long periods. Institutions should describe the data sample and the statistical methodology used for this analysis.
	(iii)	For each segment, apply the caps mentioned in Table 2 of the Basel Standards on IRRBB and allocate the cash flows in the appropriate time bucket based on their estimated maturity.
	(iv)	Construct assumptions regarding the proportion of core deposits and their associated maturity under each interest rate scenario and in particular the potential migrations between NMD and other types of deposit. These assumptions should reflect the most likely client behaviour but with a degree of conservatism. Institutions should bear in mind the importance of portfolio segmentation on behavioural modelling.
6.4.6	Fixed rate loans: Such instruments are subject to prepayment risk because a drop in interest rates is susceptible to accelerate their early prepayment. In addition, restructuring events can also change their expected cash flow profiles. Consequently, all institutions should implement the approach mentioned in articles 120 to 124 of the Basel Standards on IRRBB. In particular, institutions should proceed as follows.
	(i)	Business-as-usual prepayment ratios should be estimated per product type and per currency.
	(ii)	These ratios should be multiplied by the scalers in Table 3 of the Basel Standards on IRRBB, that depend on the interest rate shock scenarios, in order to derive adjusted prepayment rates. If the institution has already defined prepayment rates under each scenario based on its own internal historical data, then it can use these rates, provided that they are fully documented and justified. Portfolio concentration and segmentation should be taken into account when performing such behavioural modelling.
	(iii)	The adjusted prepayment rates should be employed to construct the repayment schedule under a given scenario. The choice of the time buckets where the prepayments are made, should also be justified and documented.
6.4.7	Term deposits: Such instruments are subject to redemption risk because an increase in interest rates is susceptible to accelerate their early withdrawal. Consequently, all institutions should implement the approach mentioned in the articles 125 to 129 of the Basel Standards on IRRBB. In particular, institutions should proceed as follows:
	(i)	Business-as-usual redemption ratios should be estimated per product type and per currency.
	(ii)	These ratios should be multiplied by the scalers in Table 4 of the Basel Standards on IRRBB, that depend on the interest rate shock scenarios, in order to derive adjusted redemption rates.
	(iv)	The adjusted redemption rates should be used to derive the proportion of outstanding amount of term deposits that will be withdrawn early under a given scenario. If the institution has already defined redemption rates under each scenario based on its own internal historical data, then it can use these rates, provided that they are fully documented and justified. Portfolio concentration and segmentation should be taken into account when performing such behavioural modelling.
	(iii)	That proportion is finally allocated to the overnight time bucket, per product type and per currency, as per article 127 of the Basel Standards on IRRBB.
	(iv)	Finally, institutions should take into consideration off-balance sheet exposures in the form of future loans and expected drawings on committed facilities.
6.4.8	Automatic interest rate options: All institutions should follow the methodology articulated in the Basel Standards on IRRBB in articles 130 to 131. Automatic interest rate options should be fully taken into account in the estimation of both EVE and NII.

6.5 Interest Rate Scenarios

6.5.1	All institutions should compute ∆EVE and ∆NII under the six scenarios prescribed in Annex 2 of the Basel Standards on IRRBB and pasted in the following table. The interest rate shocks for AED can be directly derived from those corresponding to USD. For convenience, the AED shocks have been computed and provided below. For other currencies, all institutions should compute themselves the corresponding interest shocks based on the methodology outlined in the Basel Standards on IRRBB. The six interest rate shocks are as follows:
	(i)	Parallel shock up,
	(ii)	Parallel shock down,
	(iii)	Steepener shock (short rates down and long rates up),
	(iv)	Flattener shock (short rates up and long rates down),
	(v)	Short rates shock up, and
	(vi)	Short rates shock down.
6.5.2	In addition to the standard shocks prescribed by the Basel Standards on IRRBB, LSIs should define other scenarios combining shift of yield curves with changes in basis and commercial margins in order to comprehensively capture the risk profile of their balance sheet structure. These institutions should ensure that scenarios are commensurate with the nature, and complexity of their activities.
	The choice of scenarios should be supported by an appropriate governance and fully documented. All institutions should integrate the IRRBB scenarios and results in their stress testing framework and in enterprise-wide stress testing exercises.
	Table 12: Standard shocks per scenario (bp) for AED prescribed by the BIS method

Time Buckets (M: months ; Y: Years)		Tenors (years)	(i)	(ii)	(iii)	(iv)	(v)	(vi)
Short-Term	t = Overnight (O/N)	0.0028	200	-200	-195	240	300	-300
	O/N < t <= 1M	0.0417	200	-200	-192	237	297	-297
	1M < t <= 3M	0.1667	200	-200	-182	227	288	-288
	3M < t <= 6M	0.375	200	-200	-165	210	273	-273
	6M < t <= 9M	0.625	200	-200	-147	192	257	-257
	9M < t <= 1Y	0.875	200	-200	-130	175	241	-241
	1Y < t <= 1.5Y	1.25	200	-200	-106	151	219	-219
	1.5Y < t <= 2Y	1.75	200	-200	-78	123	194	-194
Medium-Term	2Y < t <= 3Y	2.5	200	-200	-42	87	161	-161
	3Y < t <= 4Y	3.5	200	-200	-3	48	125	-125
	4Y < t <= 5Y	4.5	200	-200	28	17	97	-97
	5Y < t <= 6Y	5.5	200	-200	52	-7	76	-76
	6Y < t <= 7Y	6.5	200	-200	70	-25	59	-59
Long-Term	7Y < t <= 8Y	7.5	200	-200	84	-39	46	-46
	8Y < t <= 9Y	8.5	200	-200	96	-51	36	-36
	9Y < t <= 10Y	9.5	200	-200	104	-59	28	-28
	10Y < t <= 15Y	12.5	200	-200	121	-76	13	-13
	15Y < t <= 20Y	17.5	200	-200	131	-86	4	-4
	t > 20Y	25	200	-200	134	-89	1	-1

6.5.3

Institutions should consider the possibility of negative interest rates and understand the impact on their balance sheet and business models. For each asset and liability, if the legal documentation of the contract stipulates a certain treatment of negative rates, then this treatment should be used. If the legal documentation is silent on the treatment of negative rates, then such negative rates should be used to price assets, but they should be floored at 0% for deposits (liabilities) because there is little evidence supporting the assumption that both retail and corporate clients would accept being charged for depositing their funds in UAE banks.

6.6 Validation of EVE and NII Models

6.6.1	Institutions should validate all EVE and NII models according to the principles articulated in the MMS and in particular related to model life cycle management.
6.6.2	The validation of EVE and NII models should be based upon the principles articulated for both deterministic and statistical models. The validation exercise should ensure that modelling decisions are justified and documented and cover all the model components presented in the previous sections. In particular, the appropriate use of data input should also be reviewed by the validator.
	(i)	The validator should ensure that the mechanistic construction of these models is sound. This should be tested with partial replication and internal consistency checks.
	(ii)	The validator should ensure that the financial inputs are correctly flowing into these models. This step may require the join work between several teams including the risk and finance teams.
	(iii)	The validator should ensure that the results produced by these models are coherent. For that purpose sensitivity analysis can be performed.
	(iv)	Finally, some of the inputs are derived from statistical models, including the behavioural patterns observed for non-maturity deposits, fixed rate loans and term deposits. Consequently, the validation should consider the robustness, stability and accuracy of the ancillary statistical models employed to derived inputs to EVE and NII models.
6.6.3	Overall, the validation process of EVE and NII models should focus on the economic meaning and business intuition of the model outputs. The development and validation processes should not be dominated by the mechanistic aspect of these models, but also ensure that those are suitably designed to support robust decision making and the appropriate management of interest rate risk in the banking book.

7 NET Present Value Models

7.1 Scope

7.1.1

The concept of Net Present Value (“NPV”) is commonly used to estimate various metrics for the purpose of financial accounting, risk management and business decisions. This section focuses on standalone NPV models employed for the purpose of general asset valuation, covering, amongst others, investment valuation, collateral valuation and financial modelling to estimate the cost of facility rescheduling (or restructuring). The discounting component embedded in ECL, LGD and CVA models is discussed in other sections.

7.2 Governance

7.2.1	Standalone NPV models should be included in the scope of models managed by institutions. These models should be included in the model inventory and subject to the life-cycle management articulated in the MMS. The management of these models should be governed by the Model Oversight Committee.
7.2.2	These models are deterministic in substance as they do not need statistical calibrations. Therefore the recalibration step of the life-cycle does not apply to them. However, the suitability of inputs and the assumptions embedded in the model construction should be reviewed on a regular basis, or whenever there is a significant change in assumptions.
7.2.3	Institutions should establish a general consistent methodology for standalone NPV computation that follows the entire model life-cycle management, including the validation step. Independent model validation should follow the principles articulated in the MMS.
7.2.4	In addition to the regular generic validation of the approach and usage, institutions should define materiality thresholds, beyond which the valuation of specific transactions should be subject to modelling review by an independent model validator. The threshold of materiality should be clearly documented.
7.2.5	For NPV computation in the context of facility rescheduling (restructuring), the choice of methodology, inputs and assumptions should follow accounting principles.

7.3 Methodology

7.3.1	The methodology surrounding NPV computation can be split into two parts: (i) the mathematical mechanistic considerations and (ii) the choice of inputs. The mathematical considerations surrounding NPV computation are well documented in accounting rulebooks, practitioner guidelines and academic literature. Consequently, institutions have limited room to deviate from these rules and are expected to apply rigorously these principles in a transparent fashion. Institutions can exercise some judgement regarding the choice of inputs, although a tight framework is generally provided by accounting standards.
7.3.2	Mechanics: In addition to generally accepted principles, institutions should pay attention to the following:
	(i)	The cash-flows from the facility or asset to be valued should reflect the contractual obligations of all parties.
	(ii)	Contractual mechanical optionality should be reflected in the cash flow structure.
	(iii)	Behavioural optionality should be tested.
	(iv)	The granularity of the time buckets should closely reflect the granularity of the cash flows. This is particularly relevant for large facility restructuring, for which cash-flows occurring at different dates cannot be grouped in the same time bucket.
	(v)	For the purpose of estimating the present cost of rescheduling a facility, institutions should compute the difference between the NPV of the original and the newly issued facility. The modelling mechanics described above should be identical for both the original facility and the new facility.
7.3.3	Inputs: For a given set of mechanistic rules in place, the choice of inputs has a materia impact on the NPV values produced by the model. In particular:
	(i)	The discount factor should be chosen to reflect the opportunity cost of lending or investing the same notional elsewhere at a similar level of risk. It should reflect the contractual obligations of all parties involved in the transaction.
	(ii)	In the context of facility rescheduling (or restructuring), the discount factor employed to compute the NPV of the original and the new facilities should be based on the same effective interest rate as the contractual obligations of the original facility.
	(iii)	In addition, if there is evidence that the creditworthiness of the obligor has deteriorated, a credit premium should be added to the discount factor of the newly rescheduled facility. The calibration of this credit premium should be substantiated by market analysis and comparables. If no credit premium is added, justification should be provided.
	(iv)	In the context of facility rescheduling (or restructuring), the cash-flows of the original and new facilities should reflect the original and the new contractual obligations, respectively. This is applicable to the principal repayment flows and interest rate payments. In particular, if the interest of a restructured facility has been dropped, the received cash-flows should include lower interest payments.
	(v)	In the case of assets and facilities with floating interest rates or resetting rates, the source of the input rates should be clearly identified. Assumptions regarding forward rates should be based upon the term structure or interest rate at the date of valuation.
	(vi)	In the context of facility restructuring (or rescheduling) with floating rates or resetting rates, the reference interest rates should be identical for both the original facility and the new facility.
	(vii)	If several choices of inputs are envisaged for the same asset, institutions should perform several valuations under a different set of inputs and choose the most appropriate one. This choice should be clearly justified, documented and validated. The chosen set of assumptions are not necessarily those leading to the lower P&L impact.

7.4 Documentation

7.4.1	All standalone NPV models should be fully documented. The documentation should address the methodology, the assumptions and the principles behind the choice of inputs.
7.4.2	For each valuation exercise deemed material, institutions should produce dedicated documentation at the time of the exercise in order to justify the model inputs. Institutions should provide the business rationale, the economic context and the background for such valuations in order to justify the choice of inputs. This is particularly relevant for facility rescheduling (or restructuring).

7.5 Validation of NPV Models

7.5.1	All NPV models should be included in the scope of the validation exercise undertaken by the institution and in line with the principles articulated in the MMS and, in particular, the validation checks related to deterministic models.
7.5.2	The validation process should cover, at a minimum, the assumptions, inputs and usage of the general NPV methodology. In addition, the review should cover specific valuations deemed material on a sample basis to ensure that the choice of inputs are coherent with the principles articulated in the general NPV methodology documentation.
7.5.3	The general principles of the NPV computation methodology should be reviewed on a regular basis. The choice of inputs and assumptions in the context of material valuations should be reviewed for each material restructuring events.
7.5.4	The validation exercise should ensure that the model inputs reflect accurately the legal terms of both the original agreement and the new agreement. It should also ensure that the model outputs meet economic and business intuitions. This is particularly relevant for restructurings over a long time horizon where material uncertainty arises. Finally, the validation exercise should pay particular attention to the calibration of the credit spread premium in the context of a deterioration in the obligor’s creditworthiness.

Appendix

NUMERICAL THRESHOLDS INCLUDED IN THE MMG
The MMG contains several numerical thresholds that institutions should follow.
The following table indicates the relevant Articles to facilitate their implementation.
Table 13: Strongly recommended practices

Section	Topic	Threshold	Strength
2.5.2	Number of days past due used for default definition used in rating models	90 days	Strongly recommended
2.9.1	Re-rating of customers upon the roll-out of a new and/or recalibrated rating model	70% within 6 months 95% within 9 months	Strongly recommended
3.4.6	Minimum time period for the estimation of TTC PDs	5 years	Strongly recommended
4.1.5	LGD floor	5% for all collaterals, unless demonstrated otherwise. 1% for cash collateral, bank guarantees and government guarantees.	Strongly recommended
5.2.2	Minimum period of time series used for macro modelling	5 years	Strongly recommended
6.5.2	IRRBB standard shocks	See table in the corresponding section	Strongly recommended

Table 14: Recommended and suggested practices

Section	Topic	Threshold	Strength
2.5.2	Number of days-past-due for default definition of low default portfolios used in rating models	60 days	Suggested
4.3.6	Maximum period of recovery for incomplete default cases to be included in LGD estimation	4 years	Recommended
5.2.3	Minimum size of the exposure (to total exposure) in jurisdictions where macro data should be collected.	10%	Recommended
5.11.2	Period of macro-economic scenarios disclosed in annual reports	3 years	Suggested
5.11.8	Maximum misalignment between the date of the portfolio and the date of the start of the macro scenarios (in ECL)	3 months	Recommended
6.3.9	Minimum exposure (to total exposure) in a given currency, for which IRRBB metrics should be computed	5% of gross banking book assets or liabilities	Recommended

Internal Audit

Internal Controls, Compliance and Internal Audit Regulation
C 161/2018 Effective from 29/8/2018

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, Banks must have strong internal control frameworks and establish permanent, independent and effective compliance and internal audit functions.
In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approaches to internal controls, compliance and internal audit are in line with leading international practices.
This Regulation and the accompanying Standards must be read in conjunction with the Central Bank Regulation and Standards on Corporate Governance in Banks, which establish the overarching prudential framework.
This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where this Regulation, or its accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements that are additional to the listing provided in the relevant Article.

Objective
The objective of this Regulation is to establish the minimum acceptable standards for Banks’ approach to internal controls, compliance and internal audit, with a view to:
1. Ensuring the soundness of Banks; and
2. Contributing to financial stability.
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to internal controls, compliance and internal audit.

Scope of Application
This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with significant Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation and the Standards are adhered to on a solo and Group-wide basis.

Article (1): Definitions
1. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.
3. Board: The Bank’s board of directors.
4. Central Bank: The Central Bank of the United Arab Emirates.
5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
6. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the board of directors, or the decisions made by the board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence.
7. Compliance function: An independent function that identifies, assesses, advises on, monitors and reports on the Bank’s compliance risk.
8. Compliance risk: The risk of legal or regulatory sanctions, loss to reputation or material financial loss a Bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and codes of conduct applicable to its banking activities.
9. Group: A group of entities which includes an entity (the 'first entity') and:
  1. a) any Controlling Shareholder of the first entity;
  2. b) any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
  3. c) any Affiliate.
10. Internal Audit function: An independent function that provides independent assurance to the Board of directors and Senior Management on the quality and effectiveness of a Bank’s internal control, risk management and governance systems and processes, thereby helping the Board and Senior Management protect their organization and its reputation.
11. Internal Control: Consists of five interrelated elements, whose effective functioning is essential to achieving a Bank’s performance, information, and compliance objectives:
  1. management oversight and the control culture;
  2. risk recognition and assessment;
  3. control activities and segregation of duties;
  4. information and communication; and
  5. monitoring activities and correcting deficiencies.
12. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
13. Matter of Significance: A matter, or group of matters, that would have a significant impact on the activities or financial position of the Bank. Examples include failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the Bank’s operations or financial reporting process or other matters that are likely to be of significance to the function of the Central Bank as regulator.
14. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
15. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or is under full control of that entity regarding the appointment of the board of directors.

Article (2): Internal Control Framework
1. The Board and Senior Management are responsible for ensuring that the Bank, and if applicable, Group, has an internal control framework that is adequate to establish a properly controlled operating environment for the conduct of its business, taking into account its risk profile.
2. Senior Management is responsible for developing an internal control framework that identifies, measures, monitors and controls all risks faced by the Bank. Specific internal controls must deal with organizational structure, accounting and financial reporting policies and processes, checks and balances, and the safeguarding of assets and investments. It must also include measures against unauthorized trading and computer intrusion.
3. Banks’ organizational structures should incorporate a “three lines of defence” approach comprising the business lines, the support and control functions and an independent internal audit function.
4. Banks’ internal control frameworks must provide for a balance of the skills and resources of the back office, control functions and operational management relative to the business origination units. This includes, but is not limited to, ensuring that the staff of the back office and control functions have sufficient expertise and authority within the Bank, and in the case of control functions sufficient access to the Board, to be an effective check and balance to the business origination units.

Article (3): Compliance Function
1. The Board is responsible for ensuring that the Bank, and if applicable, Group, has an independent, permanent and effective compliance function to monitor and report on observance of all applicable laws, regulations and standards and on adherence by staff and members of the Board to legal requirements, proper codes of conduct and policy on conflicts of interest.
2. Banks must have a Board-approved compliance policy that is communicated to all members of staff specifying the purpose, standing and authority of the compliance function within the Bank, and if applicable Group.
3. The staff within the compliance function must be sufficient, competent and collectively have the appropriate experience within the Bank to ensure that compliance risk within the Bank is managed effectively.
4. The compliance function must have primary reporting obligations to the chief executive officer and a right of direct access to the Board or the Board audit committee and/or Board risk committee.
5. The compliance function must prepare and regularly update a risk-based compliance programme that sets out its planned activities, subject to oversight by the head of compliance. The activities of the compliance function must be subject to periodic and independent review by the internal audit function.
6. Banks, for which the Central Bank is the primary regulator, having significant Group relationships including Subsidiaries, Affiliates, or international branches must ensure a consistent compliance policy across the Group.

Article (4): Internal Audit Function
1. The Board is responsible for ensuring that the Bank, and if applicable, Group, must have an independent, permanent and effective internal audit function commensurate with the size, nature of operations and complexity of its organization.
2. The internal audit function must provide independent assurance to the Board and Senior Management on the quality and effectiveness of the Bank’s internal controls, risk management, compliance, corporate governance, and the systems and processes created by the business units, support and control functions.
3. The internal audit function must report to the Board or the Board audit committee.
4. The internal audit function must be independent of the audited activities and have a sufficient standing and authority within the Bank, thereby enabling the internal auditors to carry out their assignments with objectivity.
5. The internal audit function must have full access to and communication with any member of staff as well as full access to records, files or data of the Bank, and if applicable Group and Affiliates, whenever relevant to the performance of its duties.
6. The staff within the internal audit function must be sufficient, competent and collectively have the appropriate experience to understand and evaluate all of the business activities, support and control functions of the Bank, and if applicable, Group.
7. The head of internal audit must ensure that the function complies with the Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing.
8. Banks must have an internal audit charter approved by the Board audit committee, that articulates the purpose, standing and authority of the internal audit function within the Bank, and if applicable, Group.
9. The internal audit function must have an annual internal audit plan approved by the Board audit committee that allocates resources based on its own risk-based assessment employing a methodology that identifies the material risks run by the Bank, and if applicable Group.
10. Senior Management must inform the internal audit function on a timely basis of any changes to the Bank’s, or if applicable, Group’s, risk governance framework.
11. Senior Management must ensure that timely and appropriate actions be taken on all internal audit findings and recommendations.
12. Banks, for which the Central Bank is the primary regulator, having significant Group relationships including Subsidiaries, Affiliates, or international branches, must ensure a consistent approach to internal audit across the Group.

Article (5): Compensation
1. Compensation of employees in the compliance and internal audit functions must be determined independently of the performance of the Bank.

Article (6): Duty to Report to the Central Bank
1. Heads of compliance and/or internal audit functions must promptly report to the Central Bank violations of the Central Bank Law, regulations, instructions and any Matters of Significance. Heads of compliance and internal audit making such reports in good faith shall not be considered to have breached any of their obligations.
2. Banks must promptly notify the Central Bank in case of resignation of their heads of compliance or internal audit and the reasons thereof, as well as obtain the no-objection of the Central Bank before their replacement or dismissal.
3. Banks must also promptly notify the Central Bank when they become aware of a significant deviation from their Board-approved compliance policies and internal audit charters.

Article (7): Islamic Banking
1. Banks offering Islamic financial services must have compliance and internal audit functions that ensure Shari’a compliance.

Article (8): Enforcement and Sanctions
1. Violation of any provision of this Regulation and the accompanying Standards may be subject to regulatory action and sanctions as deemed appropriate by the Central Bank. These may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, or barring individuals from the UAE banking sector.

Article (9): Interpretation of Regulation
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article (10): Cancellation of Previous Notices
1. This Regulation replaces Article A3 of the previous Central Bank Circular No 23/00 dated 22 July 2000, Required Administrative Structure in Banks.

Article (11): Publication and Application
1. This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.

Internal Controls, Compliance and Internal Audit Standards
C 161/2018 STA

Introduction
1. These Standards form part of the Internal Controls, Compliance and Internal Audit Regulation. All Banks are required to comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.
2. The Board is in ultimate control of the Bank and accordingly ultimately responsible for the Bank’s approach to internal controls, compliance and internal audit. There is no one-size-fits-all or single best solution. Accordingly, each bank could meet the minimum requirements of the Regulation and Standards in a different way and thus may adopt an organizational framework appropriate to the risk profile, nature, size and complexity of its business and structure. The onus is on the Board to demonstrate that it has implemented a comprehensive approach to internal controls, compliance and internal audit. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards.¹
3. The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.
¹ The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller Banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited in the Standards.

Article (1): Definitions
1. 1.Affiliate: an entity owned by another entity by more than 25% and less than 50% of its capital.
2. 2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.
3. 3. Board: The Bank’s board of directors.
4. 4. Central Bank: The Central Bank of the United Arab Emirates.
5. 5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
6. 6. Conflict of interest: A situation of actual or perceived conflict between the duty and private or other interests of a person, which could improperly influence the performance of his or her duties and responsibilities.
7. 7. Control Functions: Those functions that have a responsibility independent from management to provide objective assessment, reporting and/or assurance; this includes the risk management function, the compliance function and the internal audit function.
8. 8. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the board of directors, or the decisions made by the board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence.
9. 9. Compliance function: An independent function that identifies, assesses, advises on, monitors and reports on the Bank’s compliance risk.
10. 10.Compliance risk: The risk of legal or regulatory sanctions, material financial loss, or loss to reputation a Bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and codes of conduct applicable to its banking activities.
11. 11.Group: A group of entities which includes an entity (the ‘first entity’) and:
  1. a.any Controlling Shareholder of the first entity;
  2. b.any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
  3. c.any Affiliate.
12. 12.Internal Audit function: An independent function that provides independent assurance to the Board of directors and Senior Management on the quality and effectiveness of a Bank’s internal control, risk management and governance systems and processes, thereby helping the Board and Senior Management protect their organization and its reputation.
13. 13.Internal Control: Consists of five interrelated elements, whose effective functioning is essential to achieving a Bank’s performance, information, and compliance objectives:
  1. a.management oversight and the control culture;
  2. b.risk recognition and assessment;
  3. c.control activities and segregation of duties;
  4. d.information and communication; and
  5. e.monitoring activities and correcting deficiencies.
14. 14.Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
15. 15.Risk Management function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on a Bank-wide, or if applicable, Group-wide basis.
16. 16.Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
17. 17.Subsidiary: An entity, owned by another entity by more than 50% of its capital, or is under full control of that entity regarding the appointment of the board of directors.

Article (2): Internal Control Framework

1. The Board or the Board audit committee must review, at least annually, the effectiveness of the Bank’s internal control system and processes by means of:

a.periodic discussions with Senior Management concerning the effectiveness of the internal control system;
b.a timely review of evaluations of internal controls made by Senior Management, internal auditors, and external auditors;
c.periodic efforts to ensure that Senior Management has promptly followed up on recommendations and concerns expressed by internal auditors and external auditors and the Central Bank on internal control weaknesses, and
d.a periodic review of the appropriateness of the Bank’s strategy and risk limits.

2. Banks’ internal controls must, at a minimum, address:

a.Organizational structure: definitions of duties and responsibilities including clear delegation of authority, such as loan approval limits, decision-making policies and processes and separation of critical functions, including but not limited to business origination, payments, reconciliation, risk management, accounting, audit and compliance;
b.Accounting and financial reporting policies and processes: reconciliation of accounts, control lists, information for management;
c.Checks and balances (or “four-eyes” principle): segregation of duties, cross-checking, dual control of assets, double signatures; and
d.Safeguarding assets and investments: physical control and computer access, measures for the prevention and early detection and reporting of misuse, such as fraud, embezzlement, unauthorized trading and computer intrusion.

3. The relationship between a Bank’s business units, the support and control functions and the internal audit function comprises the three lines of defence model:

a.The business units are the first line of defence. They undertake risks within assigned limits of risk exposure and are responsible and accountable for identifying, assessing and controlling the risks of their business.
b.The second line of defence includes the support and control functions, such as risk management, compliance, legal, human resources, finance, operations, and technology. Each of these functions, in close relationship with the business units, ensures that risks in the business units have been appropriately identified and managed. The business support and control functions work closely to help define strategy, implement Bank policies and procedures, and collect information to create a Bank-wide view of risks.
c.The third line of defence is the internal audit function that independently assesses the effectiveness of the processes created in the first and second lines of defence, and provides assurance on these processes.

4. The responsibility for internal control does not transfer from one line of defence to the next line.

Line of defence	Examples	Approach
First line	Front Office, any client-facing activity	Transaction-based, ongoing
Second line	Risk Management, Compliance, Legal, Human Resources, Finance, Operations, and Technology	Risk-based, ongoing or periodic
Third line	Internal Audit	Risk-based, periodic

Article (3): Compliance Function
1. Compliance must be part of the culture of the Bank, not just the responsibility of staff in the Bank’s compliance function.
2. A Bank’s Board-approved compliance policy must at a minimum address the following issues with respect to the compliance function:
1. a.The compliance function’s standing within the Bank, its authority, its responsibilities and its relations with other control functions;
2. b.The purpose and scope of the compliance function and a description of its reporting lines to the chief executive officer, the Board and the Board risk committee/Board audit committee;
3. c.Its right to obtain access to information necessary to carry out its responsibilities, and the corresponding duty of Bank staff to co-operate in supplying this information;
4. d.Its right to conduct investigations of possible breaches of the compliance policy and to appoint external experts to perform this task if appropriate;
5. e.Its right to influence, and when necessary, challenge Senior Management decisions if compliance risks are identified;
6. f.The measures to ensure its independence; and
7. g.The process for timely escalation of breaches of the policy.
3. The compliance function must, at a minimum, undertake the following responsibilities and tasks in relation to anti-money laundering and countering the financing of terrorism:
1. a.Detection of money laundering/terrorist financing operations/organizations;
2. b.Examination of suspicious transactions and identification of those to be reported to the Central Bank’s Financial Intelligence Department (FID);
3. c.Bi- annual assessment of the Banks’ anti-money laundering & countering the financing of terrorism compliance framework and transmission of the assessment report to FID. Copies of such reports, along with Senior Management comments and decisions, must be sent to FID bi-annually;
4. d.Implementation, in coordination with FID as needed, of an on-going training programme on money laundering and terrorist financing; and
5. e.Any other cooperation with FID upon its request.
4. Compliance function staff must have a sound understanding of laws, regulations, rules and standards relevant to the Bank’s business and keep abreast with their developments. The professional skills of compliance function staff must be maintained through regular and systematic education and training, including courses on real cases relating to money laundering and financing of terrorism.
5. The compliance function must have access to any member of staff and all records and data of the Bank, and if applicable the Bank’s Subsidiaries and Affiliates, which is required to fulfil the mandate established by the Bank’s compliance policy.
6. A consistent approach to compliance across the Group may be achieved through the establishment of a Group compliance function accountable to the Board of the Controlling Shareholder, or through compliance functions established in each entity (or branch) and accountable to those entities’ Boards and also reporting to the Group’s head of compliance.
7. In cases where compliance function staff are embedded in independent support or control units (e.g. legal, finance, financial crime or control, risk management), a separate reporting line from staff in these units to the head of compliance is necessary. These units must co-operate closely with the head of compliance to ensure that the head of compliance can perform his or her responsibilities effectively.
8. The head of compliance must not have direct business line responsibilities in the Bank. Compliance function staff must perform only compliance responsibilities. A close and co-operative working relationship between the compliance function and business units must be in place in order to identify and manage compliance risks at an early stage.
9. Banks must have processes for reporting, at least quarterly, on compliance risk to Senior Management and the Board. The compliance function’s reports must at a minimum:
1. a.address compliance risk assessments that have taken place during the reporting period, including any changes in the compliance risk profile based on relevant measurements such as performance indicators;
2. b.summarize any identified breaches and/or deficiencies and the corrective measures recommended to address them; and
3. c.report on corrective measures already taken.
10. The Board, the Board audit committee or the Board risk committee must assess, at least annually, the performance of the compliance function. This must include an independent external quality assurance review of the compliance function at least once every five years.
11. Banks must ensure that any outsourcing arrangements do not impede effective supervision by the Central Bank. Specific tasks of the compliance function may be outsourced, but they must remain subject to appropriate oversight by the head of compliance. Regardless of the extent to which specific tasks of the compliance function are outsourced, the Board and Senior Management remain responsible for compliance by the Bank with all applicable laws, regulations, standards and the instructions of the Central Bank.

Article (4): Internal Audit Function
1. The internal audit function must be accountable to the Board or the Board audit committee on all matters related to the performance of its mandate as described in the internal audit charter.
2. The internal audit function must independently evaluate the:
1. a.Effectiveness and efficiency of internal control, risk management, and compliance systems;
2. b.Reliability and integrity of management information systems and processes;
3. c.Compliance with laws, regulations, standards and the instructions of the Central Bank; and
4. d.Safeguarding of assets.
3. The Board and Senior Management must respect and promote the independence of the internal audit function by ensuring that internal audit reports are provided to the Board or the Board audit committee without management filtering, and that the internal audit function staff have direct access to the Board or the Board audit committee. The Central Bank may request to receive internal audit reports.
4. The internal audit reports must contain the auditee’s response, clearly indicating the auditee’s acceptance or non-acceptance of the internal audit finding. If accepted by the auditee, a justifiable reason for non-performance and the corresponding action plan must be provided, stating the completion time frame and responsible body for implementation. If not accepted by the auditee, a justifiable reason with supporting evidence must be provided for the finding’s re-consideration during an escalation procedure.
5. The Board audit committee must ensure that the head of internal audit is a person of integrity and seniority in the Bank to credibly challenge the business units, support and other control functions of the Bank and, if applicable, Group. He/she must be a very well qualified person, academically or through a professional qualification, with a working experience of not less than 5 years in auditing of banking or financial business.
6. The head of internal audit and all internal audit function staff must avoid conflicts of interest. Internally recruited internal audit function staff must not engage in auditing activities for which they have had previous responsibility before a “cooling off” period of at least one full financial year has elapsed. Staff rotations within the internal audit function as well as to and from the internal audit function must be governed by and conducted in accordance with a written policy. The policy should be designed to avoid conflicts of interest, including the observance of an appropriate “cooling-off” period following an individual's return to the internal audit staff, before that individual audits activities in the functional area of the bank where his/her rotation had been served.
7. The head of internal audit is responsible for acquiring human resources with sufficient qualifications and skills to effectively deliver on the mandate for professional competence, and to audit to the required level. The head of internal audit must ensure that the internal audit function staff acquires appropriate ongoing training in order to meet the growing technical complexity of Banks’ activities, and the increasing diversity of tasks that need to be undertaken as a result of the introduction of new products and processes within Banks and other developments in the financial sector.
8. The internal audit function staff collectively must be competent to examine all areas in which the Bank operates. The competencies and expertise of the overall internal audit function staff (skill mix) must include accounting, compliance checking, treasury management, information technology and strategic thinking. The internal audit function staff must apply the care and skills expected of a reasonably prudent and competent professional and, in case of limited competence and experience in a particular area, must be supervised by more experienced internal audit function staff.
9. The internal audit function staff must respect the confidentiality of information acquired in the course of their duties.
10. Senior Management must inform the internal audit function of new developments, initiatives, projects, products and operational changes, and ensure that all associated risks, known and anticipated, are identified and communicated at an early stage.
11. On the basis of the audit plan, the internal audit function must be able to perform its assignments on its own initiative in all areas and functions of the Bank. The internal audit function must not be involved in designing, selecting, implementing or operating specific internal control measures. Senior Management may request advice from internal audit on matters related to risk and internal controls, nevertheless, the development and implementation of internal controls remains the responsibility of Senior Management.
12. The oversight function of the Board audit committee includes reviewing and approving the internal audit plan, its scope and the budget for the internal audit function. The plan must be based on a robust risk assessment (including input from Senior Management and the Board) and updated at least annually (or more frequently to enable an ongoing real-time assessment of where significant risks lie).
13. The Board or the Board audit committee must assess, at least annually, the performance of the internal audit function. This must include an independent external quality assurance review of the internal audit function at least once every five years.
14. The Bank’s internal audit charter must be drawn up and reviewed at least every 3 years by the head of internal audit, and approved by the Board audit committee. The charter must be available both internally and publicly on the Bank’s internet website.
15. Topics which must be addressed in the internal audit charter include, but are not limited to:
1. a.The internal audit function’s standing within the Bank, its authority, its responsibilities and its relations with other control functions;
2. b.The purpose and scope of the internal audit function;
3. c.The responsibility and accountability of the head of internal audit;
4. d.The obligation to communicate the results of the internal audit functions’ engagements and a description of its reporting line to the Board;
5. e.The terms and conditions under which the internal audit function can be called upon to provide consulting or advisory services, or carry out other special tasks;
6. f.The requirement to comply with the Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, including the IIA’s Code of Ethics; and
7. g.Procedures for the coordination of the internal audit function with the external auditor.
16. The scope of internal audit activities must include the evaluation of the effectiveness and efficiency of the internal control system, risk management and compliance functions, and governance systems and processes of the entire Bank, including the Bank’s Subsidiaries and branches. In particular, the annual audit plan must adequately cover risk measurement and management processes and methodologies, including risk appetite framework elements such as risk limit breaches and internal models.
17. Every activity, including outsourced activities, and every entity controlled by the Bank, or if applicable Group, must fall within the scope of the internal audit function.
18. The scope must also ensure adequate coverage of matters of regulatory interest. Matters of regulatory interest that must receive particular attention in the internal audit plan include, but are not limited to, the internal capital and liquidity adequacy assessment processes, quality of risk reporting to the Board and Senior Management, regulatory compliance and reporting to the Central Bank. Within a banking Group, the annual audit plan must include the assessment of the alignment between the organization of control functions at Group level and the way that control functions operate at entity level.
19. Senior Management is responsible for implementing and maintaining an adequate and effective internal control system and processes. Therefore the internal audit function must inform Senior Management promptly of all significant findings so that timely corrective actions can be taken. Subsequently, the internal audit function must follow up with Senior Management on the outcome of these corrective actions. The head of internal audit must report to the Board audit committee the status of findings that have not (yet) been rectified by Senior Management.
20. The Board audit committee must review internal audit reports, including the response and follow-up by Senior Management, to ensure that timely and effective actions are taken to address internal audit findings, particularly control weaknesses or deficiencies in risk management and compliance.
21. A consistent approach to internal audit across the Group may be achieved through the establishment of a Group internal audit function accountable to the board of the Controlling Shareholder, or through internal audit functions established in each entity (or branch) and accountable to those entities’ boards of directors, and also reporting to the Group Head of Internal Audit.
22. It is recommended that Banks perform internal audit activities using their own staff. However, outsourcing of internal audit activities, but not the function, on a limited and targeted basis can be used to provide access to specialized expertise and knowledge for an internal audit engagement where the expertise is not available in house, or to resource constraints. The Board remains ultimate responsible for the internal audit function regardless of whether internal audit activities are outsourced.
23. The head of internal audit must preserve independence by ensuring that the supplier has not been previously engaged in a consulting engagement in the same area within the Bank, unless a reasonably long “cooling-off” period has elapsed (e.g. of at least one full financial year). In addition, Banks must not outsource internal audit activities to their external audit firm.
24. The head of internal audit at the level of the Controlling Shareholder must define the Group’s internal audit strategy, determine the organization of the internal audit function both at the Controlling Shareholder and Subsidiary levels (in consultation with these entities’ respective Boards and in accordance with local laws), and formulate the internal audit principles that include the audit methodology and quality assurance measures. The Group’s internal audit function must determine the audit scope for the Bank. In doing so, it must comply with local legal and regulatory provisions, and incorporate local knowledge and experience.

Article (5): Compensation
1. Staff in the compliance and internal audit functions must be compensated in a way that makes their incentives independent of the lines of business whose risk taking and incentive compensation they monitor and control. Instead, their performance measures and incentives must be based on achievement of their own objectives (e.g. adherence to internal controls) so as not to compromise their independence. This must apply also to the compliance function staff embedded in independent support or control units.
2. Staff in the compliance and internal audit functions must not be placed in a position where, for example, approving a transaction, making decisions or giving advice on risk and financial control matters could be directly linked to an increase or decrease in their performance-based compensation.
3. If staff in the compliance and internal audit functions receives variable compensation, its total compensation must be made up of a higher proportion of fixed relative to variable compensation.

Article (6): Islamic Banking
1. A Bank offering Islamic financial services must undertake a Shari’a compliance review at least annually, performed either by a separate internal Shari’a control department or as part of the existing internal and external audit functions, by persons having the required knowledge and expertise. The objective must be to ensure that the nature of the Bank’s financing and equity investment and its operations are executed in adherence to the applicable Shari’a provisions as per the fatwa, policies and procedures approved by the Bank’s Shari’a control committee.
2. Tasks of the compliance function requiring specific expertise with respect to Islamic financial services may be outsourced, but they must remain subject to appropriate oversight by the head of compliance.
3. The Bank’s internal Shari’a control committee is responsible for ensuring that the internal audit function provides independent assurance with respect to specific types of risk applicable to Islamic financial services.
4. The staff within the internal audit function must be competent and collectively have the relevant experience and sufficient authority within the Bank to assess whether Shari’a compliance processes are effective and appropriate, taking into account the business of the Bank, and to determine if the relevant policies and procedures are complied with.

Financial Reporting and External Audit

Financial Reporting & External Audit Regulation
C 162/2018 Effective from 29/8/2018

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, Banks must maintain appropriate records, prepare financial statements in accordance with the International Financial Reporting Standards (IFRS) and the instructions of the Central Bank, and publish annual financial statements bearing the opinion of an External Auditor approved by the Central Bank.
In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approaches to financial reporting and external audit are in line with leading international practices.
This Regulation and the accompanying Standards must be read in conjunction with the Central Bank Regulation and Standards on Corporate Governance in Banks, which establish the overarching prudential framework.
This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where this Regulation, or its accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements that are additional to the listing provided in the relevant Article.

Objective
The objective of this Regulation is to establish the minimum acceptable standards for Banks’ approach to financial reporting and external audit, with a view to:
1. Ensuring the soundness of Banks; and
2. Contributing to financial stability.
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to financial reporting and external audit.

Scope of Application
This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with significant Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation and Standards are adhered to on a solo and Group-wide basis.

Article (1): Definitions
1. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.
3. Board: The Bank’s board of directors
4. Central Bank: The Central Bank of the United Arab Emirates.
5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
6. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the board of directors, or the decisions made by the board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence.
7. External Auditor: The audit firm and the individual audit engagement team members conducting the audit. Where relevant, specific references are made to the audit firm only in certain paragraphs.
8. Group: A group of entities which includes an entity (the 'first entity') and:
  1. a) any Controlling Shareholder of the first entity;
  2. b) any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
  3. c) any Affiliate.
9. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
10. Matter of Significance: A matter, or group of matters, that would have a significant impact on the activities or financial position of the Bank. Examples include failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the Bank’s operations or financial reporting process or other matters that are likely to be of significance to the function of the Central Bank as regulator.
11. Pillar 3: Pillar 3 disclosure requirements - consolidated and enhanced framework issued by the Basel Committee on Banking Supervision in March 2017 and any subsequent revisions.
12. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
13. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or is under full control of that entity regarding the appointment of the board of directors.

Article (2): Financial Reporting
1. The Board and Senior Management are responsible for ensuring that financial statements are:
  1. prepared in accordance with accounting policies and practices that are widely accepted internationally;
  2. supported by record keeping systems; and
  3. issued annually to the public together with an independent External Auditor’s opinion.
2. The Board audit committee must oversee the financial reporting process and the establishment or amendment of significant accounting policies and practices.
3. Banks must prepare their financial statements in accordance with the IFRS and the instructions of the Central Bank.
4. Banks must use valuation practices consistent with IFRS and subject the fair value estimation framework, structure and processes to independent verification and validation.
5. The Board must ensure adequate governance structures and control processes for all financial instruments that are measured at fair value for risk management and financial reporting purposes.
6. Banks must avoid taking any action in whatever form, which may disclose or reveal their intentions regarding distribution or repatriation of profits, retained earnings, reserves, or other component of regulatory capital, unless they have obtained the prior written no-objection from the Central Bank.
7. Banks must submit their audited financial statements together with the independent External Auditor’s opinion to the Central Bank no less than three weeks prior to the meeting of the general assembly and no more than three months after the financial year-end.
8. Banks must not make any distribution or repatriation of profits, retained earnings, reserves, or other component of regulatory capital, unless they have obtained the prior written no-objection from the Central Bank.
9. Banks must not present their audited financial statements at the meeting of the general assembly, or otherwise make public such statements, unless they have obtained the prior written no-objection from the Central Bank.
10. Banks must publish on their website their audited financial statements together with the independent External Auditor’s opinion no more than four months after the financial year-end. They must also be published in the Banks’ annual report.
11. Banks must make available upon request a printed or electronic copy of their most recent published audited financial statements together with the independent External Auditor’s opinion to any shareholder or customer of the Bank.

Article (3): External Audit
1. Banks must, every year, appoint an External Auditor or more, approved by the Central Bank, for auditing their accounts.
2. The Board audit committee must recommend the appointment, reappointment, dismissal and compensation of the External Auditor.
3. Banks must rotate their external audit firm at least every 6 years, subject to the conduct of a procurement procedure. In addition, Banks must rotate their external audit firm’s partner in charge of the audit every 3 years.
4. The Board audit committee must oversee the External Auditor’s effectiveness and independence.
5. The external audit firm engaged by the Bank, including its Affiliates or Subsidiaries, must not provide any non-audit services to the Bank during the financial years of its external audit mandate, which could impair its objectivity and independence.
6. The External Auditor must conduct audits in accordance with the International Standards on Auditing (ISA) that require the use of a risk and materiality based approach in planning and performing the audit.
7. The scope of the external audits must include areas such as the loan portfolio and loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles, the Pillar 3 reporting and the adequacy of internal controls over financial reporting.
8. The External Auditor must comply with the independence provisions laid down in the Central Bank Law, this Regulation and the accompanying Standards. In case of violation of these provisions or failure in the performance of duties, the Central Bank may take any measures against the violating or negligent External Auditor, including rejection by the Central Bank to carry out audits in Banks.
9. The Central Bank may require a Bank to rescind the appointment of an External Auditor it determines has not adhered to established professional standards or has inadequate expertise or independence.
10. The External Auditor must meet with the Central Bank as deemed necessary for supervisory purposes. The Central Bank will access the External Auditor’s working papers, when necessary.
11. The Central Bank may require a Bank to appoint an auditor at the Bank’s expense, who may be the existing External Auditor or another auditor specified by the Central Bank, to provide a report on a particular aspect of the Bank’s business operations, prudential requirements, risk governance framework or such other matters as the Central Bank may specify.

Article (4): Duty to Report to the Central Bank
1. External Auditors must promptly report to the Central Bank violations of the Central Bank Law, regulations, instructions and any Matters of Significance arising from their audit of the Bank. External Auditors making such reports in good faith shall not be considered to have breached any of their obligations.
2. Banks must promptly notify the Central Bank in case of resignation of their External Auditor and the reasons thereof, as well as obtain the no-objection from the Central Bank in case of their dismissal or change. Divergence of opinions between the Bank and its External Auditor cannot be ground for dismissal.

Article (5): Islamic Banking
1. Banks offering Islamic Financial Services must prepare their financial statements in accordance with the IFRS and the instructions of the Central Bank.

Article (6): Enforcement and Sanctions
1. Violation of any provision of this Regulation and the accompanying Standards may be subject to regulatory action and sanctions as deemed appropriate by the Central Bank. These may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, or barring individuals from the UAE banking sector.

Article (7): Interpretation of Regulation
1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article (8): Cancellation of Previous Notices
1. This Regulation and Standards replace all Articles of the following previous Central Bank Circulars and Notices with respect to financial reporting and external audit:
  1. Circular No 74 dated November 17 1981, External Auditors of Banks;
  2. Circular No 321 dated 24 January 1985, Name of the External Auditor to be provided to Central Bank before holding of AGM by the Local Banks;
  3. Circular No 348 dated 14 August 1985, Cooperation between the Bank's External Auditors and Central Bank;
  4. Circular Letter No BSD/908/85 dated 29 October 1985, External Auditors of Banks - Further clarifications to Circular No. 321 of 24/01/1985 and Circular No. 74 of 17/11/1981;
  5. Circular No 375 dated 13 February 1986, To provide the names of at least three Audit firms;
  6. Circular No 445 dated 15 June 1987, Annual accounts - Approval for Publication, Profit distribution/repatriation - No national Banks to distribute profits and No Foreign Banks to repatriate their profits without prior approval of the Central Bank;
  7. Circular No 466 dated 29 October 1987, External Auditors Report;
  8. Circular No 20/99 dated 25 January 1999, Adoption of International Accounting Standards (IAS);
  9. Notice No 1312/2008 dated 10 March 2008, Islamic Products/Investments - Accounting Treatment; and
  10. Notice No 9278/2011 dated 22 December 2011, Provisioning and Preparation of Annual Accounts.

Article (9): Publication and Application
1. This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English, and shall come into effect one month from the date of publication.
2. Banks that will have the same external audit firm engaged cumulatively for 6 years or more as at the end of 2018 must rotate the external audit firm subject to the timely conduct of a procurement procedure.

Financial Reporting and External Audit Standards
C 162/2018 STA

Introduction
1. These Standards form part of the Financial Reporting and External Audit Regulation. All Banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.
2. The Board is in the ultimate control of the Bank and accordingly ultimately responsible for the Bank’s approach to financial reporting and external audit. There is no one-size-fits-all or single best solution. Accordingly, each Bank could meet the minimum requirements of the Regulation and Standards in a different way and thus may adopt an organizational framework appropriate to the risk profile, nature, size and complexity of its business and structure. The onus is on the Board to demonstrate that it has implemented a comprehensive approach to financial reporting and external audit. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards.¹
3. The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.
¹ The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller Banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited in the Standards.

Article (1): Definitions
1. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.
3. Board: The Bank’s board of directors.
4. Central Bank: The Central Bank of the United Arab Emirates.
5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
6. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the board of directors, or the decisions made by the board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence.
7. External Auditor: The audit firm and the individual audit engagement team members conducting the audit. Where relevant, specific references are made to the audit firm only in certain paragraphs.
8. Group: A group of entities which includes an entity (the ‘first entity’) and:
1. a.any Controlling Shareholder of the first entity;
2. b.any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
3. c.any Affiliate.
9. Internal Control: Consists of five interrelated elements, whose effective functioning is essential to achieving a Bank’s performance, information, and compliance objectives:
1. a.management oversight and the control culture;
2. b.risk recognition and assessment;
3. c.control activities and segregation of duties;
4. d.information and communication; and
5. e.monitoring activities and correcting deficiencies.
10. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
11. Pillar 3: Pillar 3 disclosure requirements – consolidated and enhanced framework issued by the Basel Committee on Banking Supervision in March 2017 and any subsequent revisions.
12. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risk limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
13. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
14. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or is under full control of that entity regarding the appointment of the board of directors.

Article (2): Financial Reporting
1. The Board is responsible for ensuring that the risk governance framework of the Bank, and if applicable, Group, provides for appropriate oversight of financial reporting and external audit. The framework must, at a minimum, provide for:
1. a.Documentation in an appropriate mandate or terms of reference of the role and responsibility of the Board audit committee, including with respect to financial reporting; and
2. b.Board-approved policies, procedures, systems, internal controls and independent assurance by the internal and/or external audit functions of the Bank on the preparation of financial statements and prudential reporting to the Central Bank.
2. Banks must prepare their financial statements in accordance with the International Financial Reporting Standards (IFRS) and the instructions of the Central Bank. Such instructions may include, but are not limited to, the submission and publication of financial statements, classification and provisioning of financial items or guidance on the application of specific IFRS in the UAE banking sector.
3. The Board’s responsibilities for governance structures applicable to all financial instruments measured at fair value must include:
1. a.Reviewing and approving written policies related to fair valuations;
2. b.Ongoing review of significant valuation model performance for issues escalated for resolution and all significant changes to valuation policies;
3. c.Ensuring adequate resources are devoted to the valuation process;
4. d.Articulating the Bank’s tolerance for exposures subject to valuation uncertainty and monitoring compliance with the Board’s overall policy settings at an aggregate Bank-wide level;
5. e.Ensuring independence in the valuation process between risk taking and control units;
6. f.Ensuring the appropriate internal and external audit coverage of fair valuations and related processes and controls;
7. g.Ensuring the consistent application of accounting and disclosures; and
8. h.Ensuring the identification of significant differences, if any, between accounting and risk management measurements, and that these are well documented and monitored.

Article (3): External Audit
1. The external audit in Banks must be fully compliant with the provisions laid down in the Central Bank Law. Where more than one External Auditor is appointed, the External Auditors must distribute duties amongst themselves and issue a common external audit opinion.
2. The Board audit committee must approve a policy for the tendering of the audit engagement. This must include requirements for knowledge and competence, objectivity, independence, professional skepticism and quality control. The Board audit committee must review and agree to the terms of the engagement prior to the signing of the written contract. Where relevant, the Board audit committee must ensure that the work plan of the engagement has been updated to reflect changes in the size, business mix or complexity of the Bank or in the instructions of the Central Bank.
3. The Bank must carry out a procurement procedure to select the external audit firm at least once every 6 years, which coincides with the period of the rotation of the firm. Following rotation, a cooling off period of 3 years must be observed before the same firm may be re-selected. In addition, the Bank must rotate the external audit partner in charge of the audit every 3 years.
4. The Board audit committee must assess the overall quality of the External Auditor at least annually. The External Auditor must provide the Board audit committee on an annual basis with a report on the audit firm’s internal quality control procedures, including the audit firm’s engagement quality control process, and any significant matters of concern arising from these procedures.
5. In monitoring and assessing the work of the External Auditor, the Board audit committee must obtain an understanding of the auditor’s view on any significant matters arising during the audit, including both those subsequently resolved and those that remain outstanding. The Board audit committee must review with the External Auditor the statements provided by the Board and Senior Management in the representation letter to the External Auditor, considering whether, based on the knowledge of the members of the Board audit committee, the information provided for each item is complete and appropriate.
6. Following completion of the fieldwork for the audit, and prior to issuance of the audit opinion, the Board audit committee must consider whether the External Auditor followed the audit plan and understand any reasons for changes in the plan. The Board audit committee must obtain feedback from Senior Management on the conduct of the audit. The Board audit committee’s assessment of the effectiveness of the external audit process must be reported to the Board for discussion of findings and any recommendations.
7. The Board audit committee must have the right and authority to meet regularly – in the absence of Senior Management – with the External Auditor to understand and discuss all issues that may have arisen between the External Auditor and Senior Management in the course of the external audit and how these issues have been resolved. These meetings must also address any other matters that the External Auditor believes the Board audit committee should be aware of in order to exercise its responsibilities.
8. The Board audit committee must discuss with the External Auditor any matters arising from the audit that may have an impact on regulatory capital or regulatory disclosures. This may include, but is not limited to, the discussion of accounting impairment charges versus regulatory expected losses and the consistency of the Bank’s prudential information, including the Pillar 3 reporting, with its annual report.
9. The External Auditor must provide the Board audit committee with timely observations arising from the audit that are relevant to the committee’s oversight responsibility for the financial reporting process. These include, but not limited to:
1. a.Significant difficulties encountered during the audit;
2. b.Key areas of significant risk of material misstatement in the financial statements, in particular areas of estimates or measurement uncertainty such as loan loss provisioning and consequential effects on earnings, capital and other regulatory ratios;
3. c.Areas of significant management judgement;
4. d.The extent of requests made by the Group auditor to another audit firm or member firms with respect to performance of a Group audit;
5. e.The use of external experts to assist with the audit;
6. f.The External Auditor’s approach to internal control and significant internal control deficiencies noted;
7. g.The extent to which the External Auditor has used the work of the internal audit function;
8. h.Matters relating to accountability, including significant decisions or actions by Senior Management that lack appropriate authorization;
9. i.Significant qualitative aspects of financial statement disclosures; and
10. j.Feedback on the External Auditor’s relationship with Senior Management.
10. The Board audit committee must approve a policy governing the provision of non-audit services by the External Auditor. This policy must specify the types of non-audit services the External Auditor may provide, or is prohibited from providing, and establish a requirement for approval of any such arrangement by the Board audit committee or by an appropriate level of Senior Management in accordance with authority delegated by the Board audit committee.
11. The prohibited non-audit services are listed below; they must include further any prohibited services under Article (20) of Federal Law no. 12 of 2014 concerning Auditing Profession as well as under the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants, which are not specifically listed below:
1. a.Bookkeeping and preparing accounting records and financial statements;
2. b.Designing and implementing internal control or risk management procedures related to the preparation and/or control of financial information or designing and implementing financial information technology systems;
3. c.services related to the Bank’s internal audit function;
4. d.valuation services, including valuations performed in connection with actuarial services or litigation support services;
5. e.human resources services, with respect to:
  1. i.management in a position to exert significant influence over the preparation of the accounting records or financial statements which are the subject of the external audit, where such services involve searching for or seeking out candidates for such position or undertaking reference checks of candidates for such positions;
  2. ii.structuring the organisation design; and
  3. iii.cost control;
6. f.brokerage services in securities services or works;
7. g.services linked to the financing, capital structure and allocation, and investment strategy of the Bank, except providing assurance services in relation to the financial statements, such as the issuing of comfort letters in connection with prospectuses issued by the Bank;
8. h.promoting, dealing in, or underwriting shares in the Bank;
9. i.legal services, with respect to:
  1. i.the provision of general counsel;
  2. ii.negotiating on behalf of the Bank; and
  3. iii.acting in an advocacy role in the resolution of litigation;
10. j.services that involve playing any part in the management or decision-making of the Bank; and
11. k.tax services and provision of tax advice.
12. Where non-audit services are provided by the External Auditor, the Board audit committee must monitor the provision of such services to ensure that their performance does not impair the External Auditor’s objectivity and independence. This must take into consideration various factors including the skills and experience of the External Auditor, safeguards in place to mitigate any threat to objectivity and independence, and the nature of and arrangements for non-audit fees. The Bank’s annual report must explain to shareholders the nature of and the fee arrangements for the non-audit services received, and how the External Auditor’s independence is safeguarded.
13. The External Auditor must meet the following expectations:
1. a.have banking industry knowledge and competence sufficient to respond appropriately to the risks of material misstatement in the Bank’s financial statements and to properly meet any additional regulatory requirements that may be part of the external audit;
2. b.be objective and independent in both fact and appearance with respect to the Bank;
3. c.exercise professional skepticism when planning and performing the audit of Banks, having due regard to the specific challenges in auditing a Bank;
4. d.comply with the applicable standards on quality control;
5. e.identify and assess the risks of material misstatement in the Bank’s financial statements, taking into consideration the complexities of the Bank’s activities and the effectiveness of its internal control environment; and
6. f.have professional indemnity insurance in the UAE.
14. The External Auditor must furnish the Board audit committee at least annually with information about the firm’s policies and processes for maintaining independence and monitoring compliance with independence requirements. This includes, but is not limited to, assurance that the audit engagement team members have no personal, family, business, financial or other relationships with the Bank which could adversely affect the External Auditor’s actual or perceived independence and objectivity.
15. The External Auditor may not purchase the securities of the Bank whose accounts are audited by them or sell such securities directly or indirectly or provide any consultancies to any person in connection with such securities during the blackout period.
16. The External Auditor may not serve on the Board or hold a position in Senior Management before two years have lapsed from the time of involvement in the Bank’s audit.
17. The External Auditor’s terms of engagement must be established in a written contract which, at a minimum, provides that:
1. a.The External Auditor must meet with the Central Bank as deemed necessary for supervisory purposes. The Central Bank will determine whether the Bank will participate in such meetings;
2. b.The External Auditor bears no duty of confidentiality to the Bank with respect to any notification to or meeting with the Central Bank required by this Regulation, or the provision of any document or information required to be submitted to, or requested by, the Central Bank for supervisory purposes; and
3. c.The External Auditor must provide, upon request by the Central Bank, access to working papers and other documents that support conclusions made in the audit opinion.

Article (4): Duty to Report to the Central Bank
1. The contract between the Bank and its External Auditor must specifically include all the requirements of Article 4 of the Regulation with regard to its duty to report to the Central Bank.

Article (5): Islamic Banking
1. The terms of the engagement of the External Auditor of Banks offering Islamic Financial Services must ensure adequate coverage of the financing portfolio, financing loss provisions, non-performing assets, asset valuations, trading and other securities transactions, Shari’a-compliant hedging instruments, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting.

Transparency and Disclosures

Enforcement

Other Regulations

Outsourcing Regulation for Banks
C 14/2021 Effective from 31/5/2021

Banks’ Acquisition of Own Shares Regulation
C 20/2021 Effective from 14/2/2022

The Central Bank is pleased to announce the issuance of the “Banks’ Acquisition of Own Shares Regulation” (Circular 20/2021 - dated 21/12/2021).
Article 93 (3) of the Decretal Federal Law No. (14) of 2018, as amended (the ‘Central Bank Law’) prohibits a bank from purchasing, acquiring, or dealing in their own shares, in excess of any ratios set by the Central Bank .
In issuing this Regulation, the Central Bank is setting the relevant regulatory ratio to apply under Article 93(3) of the Central Bank Law.
In accordance with the Regulation, a bank is not permitted to directly, or indirectly, purchase, acquire, buy back or hold any amount of its own shares exceeding 10% of the bank’s paid-up capital. In addition, prior approval of the Central Bank is required, except for where shares have been acquired by a bank in settlement of a debt.
This Regulation was published in the Official Gazette on 14 January 2022 and will come into effect one month after the date of publication.
Please bring this Regulation to the attention of the board of directors of your bank at the next board meeting.

Introduction
The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, any Outsourcing arrangements entered into by a Bank must be subject to appropriate due diligence, approval and ongoing monitoring, in order to identify and mitigate risks inherent in Outsourcing.
In introducing this Regulation and the accompanying Standards, the Central Bank wishes to ensure that Banks’ approaches to managing the risks inherent in Outsourcing arrangements are in line with leading international and prudent practices.
This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.
Where this Regulation, or the accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements which are additional to the listing provided in the relevant article.

Introduction
In accordance with Article 93(3) of the Central Bank Law, the Central Bank can set a limit on the amount of own shares a Bank can buy back or acquire.
Through this Regulation, the Central Bank is now confirming its requirements for Article 93(3) of the Central Bank Law.

Objective
The objective of this Regulation is to establish the minimum acceptable standards for Banks’ approach to managing the risks related to Outsourcing arrangements with a view to:
1. Ensuring the soundness of Banks; and
2. Contributing to financial stability.
The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to Outsourcing arrangements.
As one of the principles underpinning this Regulation, a Bank must ensure that its Outsourcing arrangements, neither diminish its ability to fulfill its obligations to customers and the Central Bank, nor impede effective supervision by the Central Bank.

Scope
This Regulation applies to all Banks.

Scope and Application
This Regulation and the accompanying Standards apply to all Banks operating in the UAE. Banks established in the UAE with Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation and the Standards are adhered to on a solo and Group-wide basis.
This Regulation and Standards must be read in conjunction with the Risk Management Regulation and Standards which establish the requirements for Banks’ overarching approach to risk management, and the Central Bank’s Operational Risk Management Regulation and Standards, which establish a number of requirements particularly relevant to Outsourcing, including business continuity planning and disaster recovery.

Objective
The objective of this Regulation is to define the regulatory obligations that apply to Banks, relating to acquisitions or buy backs of their own shares.

Article (1): Definitions
1. 1.1 Affiliate: an entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct, or cause the direction of the management of another entity.
2. 1.2 Bank: any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits and any other Licensed Financial Activities.
3. 1.3 Board: The Bank’s board of directors.
4. 1.4 Central Bank: The Central Bank of the United Arab Emirates.
5. 1.5 Central Bank Law: Decretal Federal Law No. (14) of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities and its amendments.
6. 1.6 Confidential Data: Account or other data relating to a Bank customer, who is or can be identified, either from the confidential data, or from the confidential data in conjunction with other information that is in, or is likely to come into, the possession of a person or organization that is granted access to the confidential data.
7. 1.7 Group: a group of entities which includes an entity (the 'first entity') and:
  1. 1.7.1 any Parent of the first entity;
  2. 1.7.2 any Subsidiary of the first entity or of any Parent of the first entity; and
  3. 1.7.3 any Affiliate.
8. 1.8 Master System of Record: the collection of all data, including Confidential Data, required to conduct all core activities of a Bank, including the provision of services to clients, managing all risks, and complying with all legal and regulatory requirements.
9. 1.9 Material Business Activity: An activity of the Bank that has the potential, if disrupted, to have a significant impact on the Bank’s business operations or its ability to manage risks effectively.
10. 1.10 Outsourcing: An agreement with another party either within or outside the UAE, including a party related to the Bank, to perform on a continuing basis an activity which currently is, or could be, undertaken by the Bank itself.
11. 1.11 Parent: an entity (the 'first entity') which:
  1. 1.11.1 holds a majority of the voting rights in another entity (the 'second entity');
  2. 1.11.2 is a shareholder of the second entity and has the right to appoint or remove a majority of the board of directors or managers of the second entity; or
  3. 1.11.3 is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity.
    
    Or;
    1.11.4 if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
12. 1.12 Person: natural or juridical person.
13. 1.13 Regulation: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
14. 1.14 Risk Governance Framework: the risk governance framework as defined under the Risk Management Regulation and Standards.
15. 1.15 Senior Management: the senior management as defined under the Corporate Governance Regulation and Standards.
16. 1.16 Subsidiary: an entity (the 'first entity') is a subsidiary of another entity (the 'second entity') if the second entity:
  1. 1.16.1 holds a majority of the voting rights in the first entity;
  2. 1.16.2 is a shareholder of the first entity and has the right to appoint, or remove, a majority of the board of directors or managers of the first entity;
  3. 1.16.3 is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity.
    
    Or;
    1.16.4 if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.

Article (1): Definitions
1.1 Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities, as defined in the Central Bank Law.
1.2 Central Bank: The Central Bank of the United Arab Emirates.
1.3 Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organisation of Financial Institutions and Activities, as amended from time to time.
1.4 Paid Up Share Capital: The share capital of a company which is fully paid.

Article 2: Governance and Risk Management
1. 2.1 Banks are fully responsible for the risks arising from any process or activity they outsource.
2. 2.2 Banks must have a process for determining the materiality of outsourced activities. This process should consider the potential of the outsourced activity to adversely affect the Bank’s operations and its ability to manage risks, if disrupted or performed poorly.
3. 2.3 Banks’ Risk Governance Framework must include policies and procedures for the assessment of any proposed Outsourcing and the identification, measurement, monitoring and reporting of any risks associated with existing and proposed Outsourcing arrangements.
4. 2.4 The Risk Governance Framework must provide a Bank-wide or, if applicable, Group-wide view of the risks associated with Outsourcing, including any services the Bank provides to, or receives from, other Group members.
5. 2.5 The Risk Governance Framework must, at a minimum, provide for the following with respect to Outsourcing:
  1. 2.5.1 A Board-approved policy that sets out how the materiality of a proposed Outsourcing arrangement is assessed and requiring any material Outsourcing arrangements to be approved by the Board, or a committee of the Board;
  2. 2.5.2 Policies and procedures to ensure that potential conflicts of interest are identified, managed and appropriately mitigated, or avoided;
  3. 2.5.3 Policies and procedures that clearly identify and assign to the Bank’s departments, committees, internal control functions, or other individuals, the roles and responsibilities with regard to Outsourcing and determine in which cases and at which stage, they should be involved;
  4. 2.5.4 Policies and procedures to ensure all material risks related to Outsourcing are identified, measured, managed or mitigated, and reported to the Board in a timely and comprehensive manner;
  5. 2.5.5 Ensure that any outsourced critical business functions are covered in their disaster recovery and business continuity plans, that Outsourcing service providers are fully prepared to implement them and that Outsourcing service providers have their own disaster recovery and business continuity plans to resolve disruptions at their end.
  2.6 Banks must ensure that Outsourcing service providers maintain an appropriate level of information security, risk management, and service delivery.
6. 2.7 Banks are responsible for the compliance with all relevant laws and regulations applicable to their outsourced activities.

Article (2): Central Bank prior approval required for banks' acquisition of own shares
2.1 A Bank shall not directly or indirectly acquire, purchase, buy-back or deal in its own shares without prior written approval of the Central Bank, unless shares have devolved to it in accordance with Article 2.2 of this Regulation.
2.2 In accordance with Article 93(3) of the Central Bank Law, where shares have devolved to a Bank in settlement of a debt, and the Bank is therefore holding its own shares exceeding the maximum limit prescribed in Article (3) of this Regulation, the Bank must sell the excess shares, within a period of two (2) years from date of acquisition.
2.3 The Central Bank, in granting any approval under Article 2.1 of this Regulation, may request any information it requires in order to make an appropriate decision. The Central Bank, in granting any approval under Article 2.1 of this Regulation, may impose any limitations or conditions on the Bank that it considers appropriate.
2.4 The Central Bank may, on application by a Bank in writing, extend the period referred to in Article 2.2 of this Regulation for such period and on such conditions as the Central Bank considers appropriate.

Article 3: Outsourcing Register
1. 3.1 Banks must maintain a comprehensive and updated register of all Outsourcing arrangements, including both material and non-material Outsourcing arrangements, on a solo and group wide basis.
2. 3.2 This register must contain key information for each Outsourcing arrangement, and at a minimum:
  1. 3.2.1 Key non-risk related data, such as the details of the Outsourcing service provider, start and end date of the arrangement, and a brief description of the service delivered;
  2. 3.2.2 Whether the Outsourcing arrangement involves any Confidential Data; and
  3. 3.2.3 Whether the Outsourcing arrangement is considered material.

Article (3): Maximum limit
3.1 A Bank shall not be permitted to directly or indirectly purchase, acquire, buy-back or hold any amount of its own shares exceeding ten percent (10%) of the Bank’s Paid Up Share Capital.

Article 4: Data Protection
1. 4.1 Banks must ensure compliance with all the applicable UAE legislation and regulations in managing and processing data, when Outsourcing.
2. 4.2 Banks must ensure that they retain ownership of all data provided to an Outsourcing service provider, and that their customers retain ownership of their data, including but not limited to Confidential Data, and can effectively exercise their rights and duties in this regard.
3. 4.3 Where the Outsourcing service provider subcontracts elements of the service which involve Confidential Data, Banks must ensure that the subcontractor fully complies with the applicable requirements as established by law and under this regulation.
4. 4.4 Banks must ensure their data is secured from unauthorized access, including unauthorized access by the Outsourcing service provider or its staff.

Article (4): Obligation to notify the Central Bank of breach of regulatory obligations
4.1 Banks which breach or are likely to breach any provision as per this Regulation must immediately notify the Central Bank in writing.

Article 5: Outsourcing Agreements
1. 5.1 Outsourcing agreements must ensure that the Bank retains full ownership of the data it shares with the Outsourcing service provider, and that their customers retain full ownership over their data, and that the Central Bank of the UAE can access this data upon request.
2. 5.2 Outsourcing agreements must ensure that the Bank has unfettered access to all of its data for the duration of the agreement, including upon termination of the agreement.
3. 5.3 Outsourcing agreements must include appropriate provisions to protect a Bank’s data, including non-disclosure agreements and provisions related to the destruction of the data after termination of the agreement.
4. 5.4 Outsourcing agreements must specifically establish standards for data protection, including any nationally recognised information assurance standards in the UAE.
5. 5.5 Outsourcing agreements must specifically establish that the Outsourcing service provider, or any of its subcontractors must not provide any other party with access to Confidential Data without first obtaining the specific authorization of the Bank, or the customer, as the case may be.
6. 5.6 Outsourcing agreements must specify to what extent subcontracting is allowed and under which conditions.
7. 5.7 Outsourcing agreements must include an explicit provision giving the Central Bank, and any agent appointed by the Central Bank, access to the Outsourcing service provider.
  
  This provision must include the right to conduct on-site visits at the Outsourcing service provider if deemed necessary by the Central Bank and require the Outsourcing service provider to provide the Central Bank, or its appointed agent, any data or information required for supervisory purposes.
8. 5.8 Outsourcing agreements must include an obligation for the Outsourcing service provider to notify the Bank without undue delay of any breach of the Bank’s data and in particular, breaches of Confidential Data.
9. 5.9 All Outsourcing must be governed by formal Outsourcing contracts between the Bank and the Outsourcing service provider.

Article (5): Enforcement & Sanctions
5.1 Violation of any provision of this Regulation and any accompanying Standards may be subject to supervisory action and sanctions as deemed appropriate by the Central Bank including the measures stated in Article 44 (1) of the Central Bank Law “Protection of Licensed Financial Institutions”

Article 6: Outsourcing Outside the UAE
1. 6.1 Banks must ensure that the Master System of Record, which includes all Confidential Data, is continuously maintained and stored within the UAE.
2. 6.2 As an exception to paragraph (6.1) above and subject to Central Bank approval, branches of foreign banks may comply with this requirement by retaining a copy of the Master System of Record, updated on at least a daily basis, within the UAE.
3. 6.3 Banks customer’s Confidential Data must not be shared outside the UAE without Central Bank approval and obtaining prior written consent from the customer. Banks must also obtain written acknowledgement from the customer that his/her Confidential Data may be accessed under legal proceedings outside the UAE in such circumstances.
4. 6.4 Banks must not enter into an Outsourcing agreement that involves sharing Confidential Data with a service provider domiciled in a jurisdiction that cannot provide the same level of safeguarding of Confidential Data that would apply if the data was kept in the UAE.
  
  This applies to all jurisdictions relevant to the agreement.
5. 6.5 Any Outsourcing agreement with a party located outside the UAE, must ensure that the Bank and the customer retain ownership of the data at all times, and that the Central Bank can access the Bank’s data upon request.
6. 6.6 Banks are not permitted to enter into an Outsourcing agreement that proposes the storage of data in any jurisdiction where bank secrecy, or other laws, restrict or limit access to data necessary for supervisory purposes.
7. 6.7 Banks must explicitly consider the possibility that changes in economic, political, social, legal or regulatory conditions may affect the ability of a service provider outside the UAE to fulfil the terms of the agreement.
  
  This risk must be managed by a careful selection of service providers and jurisdictions, adequate contractual and practical arrangements, and appropriate business continuity planning.
8. 6.8 Banks must explicitly consider any other relevant risks arising when the service provider is located outside the UAE. These may include but are not limited to:
  1. 6.8.1 Higher levels of operational risk due to poor infrastructure in another jurisdiction;
  2. 6.8.2 Legal risk due to differing laws and possible shortcomings in the legal system in the countries where the service is provided; and
  3. 6.8.3 Reputation risk.
9. 6.9 A Bank must ensure compliance with all relevant personal data protection legislations and regulations prior to entering into an Outsourcing agreement with an Outsourcing service provider or third party outside the UAE.
10. 6.10 A Bank must establish policies and processes regarding controls and monitoring activities specifically addressing the business relationship of the Bank with an Outsourcing service provider, which includes the sharing of Confidential Data outside the UAE.
11. 6.11 For each of its business relationships a Bank holds with an Outsourcing service provider, which includes the sharing of Confidential Data outside the UAE, the Bank must define concrete security requirements and must ensure that its staff is sufficiently trained in respect of these requirements.
12. 6.12 Where the Outsourcing service provider subcontracts elements of the service to other providers, which entail Confidential Data, the Bank must ensure that the subcontractor fully complies with the obligations contained in this Regulation related to the sharing of Confidential Data outside the UAE.
13. 6.13 Banks must ensure third parties implement and maintain the appropriate level of information security and service delivery.
14. 6.14 With regard to Outsourcing service providers located outside the UAE, the Central Bank may exercise its powers through collaboration with the relevant authorities of any relevant jurisdiction.

Article (6): Interpretation of Regulation
6.1 The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article 7: Internal Audit and Compliance
1. 7.1 Outsourced activities remain fully in scope of the Bank’s internal audit and compliance responsibilities.
2. 7.2 The internal audit function must regularly review and report to the Board, or the Board audit committee, on compliance with and the effectiveness of the Bank’s Outsourcing policies and procedures.
3. 7.3 The compliance function must regularly review and report to Senior Management, or to the Board as necessary, on the compliance of Outsourcing service providers with the legislations, regulations and policies applicable to the Bank.

Article (7): Publication & Effective Date
7.1 This Regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.

Article 8: Non-Objection by the Central Bank
1. 8.1 Prior to Outsourcing any material activity, including to any related party, Banks must obtain a prior notice of non-objection from the Central Bank.
2. 8.2 Although all requests for non-objection will be considered on their individual merits, the Central Bank will, in general, not permit the Outsourcing of core banking activities, and key management and control functions, including:
  1. 8.2.1 Senior Management oversight;
  2. 8.2.2 Risk management;
  3. 8.2.3 Compliance;
  4. 8.2.4 Internal audit; and
  5. 8.2.5 Management of risk-taking functions including credit, investment and treasury management.

Article 9: Reporting Requirements
1. 9.1 Banks must regularly report to the Central Bank on their Outsourcing arrangements in the format and frequency prescribed by the Central Bank.
2. 9.2 Banks must provide upon request any specific information with respect to Outsourcing arrangements that the Central Bank may require.
3. 9.3 Banks must provide the Central Bank with their Outsourcing register as required under Article 4 of this regulation upon the Central Bank’s request.
4. 9.4 Banks must immediately notify the Central Bank when they become aware of a material breach of the terms of an Outsourcing agreement, or other development with respect to an outsourced Material Business Activity, that has, or is likely to have, a significant impact on the Bank’s operations, reputation or financial condition.

Article 10: Islamic Banking
1. 10.1 A Bank offering Islamic financial services must ensure that its Outsourcing policies and arrangements, insofar as they relate to the offering of Islamic financial services, are consistent with Shari’ah rules and principles that would apply if the activity were undertaken by the bank itself.
2. 10.2 A bank offering Islamic financial services must ensure that its policies and procedures for the assessment of any proposed Outsourcing arrangement specifically consider operational and reputational risks from failure by the Outsourcing service provider to adhere to Shari’ah rules and principles.

Article 11: Enforcement
1. 11.1 Violation of any provision of this Regulation and Standards may be subject to supervisory action as deemed appropriate by the Central Bank.
2. 11.2 Supervisory action and administrative & financial sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, imposition of fines or barring individuals from the UAE banking sector.
3. 11.3 The Central Bank may require a Bank to terminate an Outsourcing arrangement when the arrangement is not or no longer compliant with this Regulation or where the Outsourcing presents undue risks to the soundness of the Bank, the security of Confidential Data, or to the financial system.

Article 12: Interpretation of Regulation
The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article 13: Publication and Application
1. 13.1 This Regulation and accompanying Standards shall be published in the Official Gazette and shall come into effect one (1) month from the date of publication.
2. 13.2 All Outsourcing arrangements concluded or renewed after this regulation coming into force must fully comply with the requirements of this regulation.
3. 13.3 In any case, all Outsourcing agreements, including those concluded prior to the coming into force of this Regulation, must fully comply with this Regulation by no later than 31 December 2023.

Outsourcing Standards for Banks
C 14/2021 STA

1 Introduction
These Standards form part of the Outsourcing Regulation for Banks (Circular No. 14/2021). All Banks are required to comply with these Standards, which expand on the Regulation and will be enforced by the Central Bank.
Banks outsource activities for a variety of business reasons. However, there are risks associated with outsourcing and these risks must be appropriately managed to ensure that the Bank is able to meet its financial and service obligations, regardless of whether a business activity is undertaken by the Bank itself or outsourced.
A Bank’s Board is in ultimate control of the Bank and accordingly, remains responsible for any business activities which have been outsourced. The Board is responsible for ensuring that all risks related to outsourcing are identified and that appropriate policies and procedures are in place to manage those risks.
The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.

2 Governance and Risk Management

2.1 Risk Governance Framework
Banks must have an appropriate risk governance framework in place in accordance with the Central Bank’s risk management Regulations and Standards. This risk governance framework must be comprehensive and include within its scope any outsourced business activities and specifically address the additional risks that arise when a business activity is outsourced, including but not limited to:
1. 1.Operational risk arising from inadequate processes or systems, insufficient or inadequately trained or supervised staff, fraud or error on the part of the outsourcing service provider;
2. 2.Compliance risk arising from failure by the Outsourcing Service Provider to adhere to laws and regulations or the Bank’s policies, standards or codes of conduct;
3. 3.Vendor lock-in and business continuity risk, arising from inadequate contractual and practical arrangements to ensure an outsourced business activity can be either transferred to another service provider or the Bank itself without undue delay, or discontinued without significantly disrupting the Bank’s operations, or its ability to manage risks;
4. 4.Concentration risk arising from relying on the same outsourcing service provider for multiple outsourcing arrangements, or from reliance by different outsourcing providers on the same subcontractor;
5. 5.Governance and internal control risk arising from excessive outsourcing as a whole, in a specific domain or department, or overreliance on third parties in the operation of the business;
6. 6.The aggregate risk from all outsourcing arrangements and the marginal risk of any proposed outsourcing arrangement.

2.2 Policies and Procedures for the Assessment and Approval of Outsourcing Material Business Activities
Banks must have policies and procedures to ensure compliance with the applicable regulations and standards and to ensure the following has been achieved prior to outsourcing a business activity:
1. 1.The Board or a committee of the Board has been adequately informed and has approved the outsourcing arrangement, as required;
2. 2.An appropriate due diligence review has been undertaken of the selected outsourcing service provider addressing factors including, but not limited to:
  1. a.Ability, including financial capacity, to meet the requirements of the arrangement and deliver the service reliably;
  2. b.Experience with similar agreements and services;
  3. c.Governance, internal control, internal audit, reporting and monitoring capabilities;
  4. d.Security, including cyber security;
  5. e.Staffing, including employee qualifications and expertise; and
  6. f.Country risk factors and legal environment where applicable.
3. 3.Procedures are implemented to monitor performance under the outsourcing agreement;
4. 4.Appropriate provisions for business continuity and disaster recovery are in place, including contingency plans to bring the outsourced function back in-house should the need arise, or the identification of alternative outsourcing service providers.

2.3 Materiality of Outsourcing Arrangements
Banks must consider at least the following when determining the materiality of an outsourcing agreement:
1. 1.The impact on the Bank’s ability to manage and control its risks;
2. 2.The impact on the Bank’s performance and control over its performance;
3. 3.The impact of an outsourcing service provider’s failure to deliver the service as per the agreement, including failures to mitigate risks or to operate in a safe and prudent manner;
4. 4.The impact on the Bank’s ability to comply with its legal and regulatory requirements;
5. 5.The nature of the data shared as part of the outsourcing agreement.

3 Outsourcing Register
The aim of the outsourcing register is to provide both internal parties as well as external parties, such as external auditors or the Central Bank, with a comprehensive overview of a Bank’s outsourcing. In order to meet these objectives, an outsourcing register should be established and maintained that is:
1. 1.Comprehensive;
2. 2.Up to date;
3. 3.Allows to distinguish between material and non-material outsourcing;
4. 4.Allows to distinguish between varying levels of risk;
5. 5.Specifies whether data is being shared and if so, what type of data.

4 Data Protection
Banks must ensure that outsourcing agreements provide for at least the same degree of data protection that would apply if they performed the outsourced activity themselves. Banks must therefore establish adequate policies and procedures, and make all necessary steps to ensure data integrity, confidentiality, and accessibility. At a minimum, these policies and measures must address, both for digital and physical access, the following:
1. 1.Access rights management, including but not limited to policies for granting and revoking access rights and a periodic review of user privileges;
2. 2.Protection against digital and physical attacks;
3. 3.Protection of the integrity of data;
4. 4.Audit trails;
5. 5.Measures to detect, react to, and recover from data security incidents.

5 Outsourcing Agreements

5.1 Required Minimum Content
Outsourcing agreements should establish a degree of certainty with regard to at least the following:
1. 1.Scope of the arrangement, the services to be supplied, and the rights and responsibilities of all parties involved;
2. 2.Pricing and fee structure;
3. 3.Service level and performance requirements;
4. 4.Governance, security, audit, reporting and monitoring procedures;
5. 5.Business continuity and disaster recovery management;
6. 6.Confidentiality, privacy and security of information;
7. 7.Default arrangements and termination provisions, addressing also premature termination for any reason;
8. 8.Liability, indemnity and insurance;
9. 9.Compliance with anti-money laundering and combatting the financing of terrorism laws and regulations;
10. 10.Start and end date of the agreement, and provisions for reviewing, renewing or terminating the agreement;
11. 11.Dispute resolution arrangements, including designation of the legal jurisdictions that will apply;
12. 12.Whether subcontracting is allowed and under which conditions;
13. 13.Protection of Bank’s and its customers’ data handled as part of the agreement;
14. 14.Requirements for the outsourcing service provider to notify the Bank without undue delay of any breach of the Bank’s data, in particular breaches of Confidential Data; and
15. 15.Right of the Central Bank, and any agent appointed by the Central Bank, to conduct on-site visits at the outsourcing service provider and obtain any data or information from the outsourcing service provider required for supervisory purposes.

5.2 Access to the Outsourcing Service Provider by the Central Bank
The Central Bank requires the same access for supervisory purposes to business activities that have been outsourced as it would have if the business activity were undertaken by the Bank itself.
Normally, the Central Bank will obtain any information it requires from the Bank. However, each outsourcing agreement must include explicit provisions requiring the outsourcing service provider to provide directly to the Central Bank, upon request, any data or information the Central Bank deems necessary for supervisory purposes.
In addition, outsourcing agreements must provide that the Central Bank and any agent appointed by the Central Bank, may, if deemed necessary, conduct on-site visits at the outsourcing service provider with right of access to data and staff as if the activity were undertaken by the Bank.

6 Outsourcing Outside the UAE
Banks must consider the risks associated with outsourcing business activities to outsourcing service providers who are themselves or whose subcontractors are located in other jurisdictions, and manage or mitigate these risks.

7 Internal Audit and Compliance
Outsourced activities must remain fully in scope of the internal audit and compliance responsibilities and should follow the same risk-based approach as for activities performed by the Bank itself, while taking into account the additional risks arising from outsourcing these activities.
The internal audit function of the Bank must be able to obtain all information necessary to provide assurance to the Board, and must be able to demand an extension of the scope of audits performed by third parties where necessary.

8 Non-Objection by the Central Bank
Prior to entering into an agreement to outsource a material business activity, Banks must obtain the non-objection of the Central Bank. When requesting the non-objection, Banks must provide the Central Bank with the following at a minimum:
1. 1.A brief explanation of the business activity to be outsourced;
2. 2.A summary of the materiality assessment;
3. 3.A summary of the risk assessment;
4. 4.A summary of the due diligence performed and its outcome;
5. 5.A confirmation of the agreement of the internal audit function and the compliance function;
6. 6.An overview of any closely related outsourcing agreements;
7. 7.Confirmation of compliance with the requirements of the Outsourcing for Banks Regulation;
8. 8.Evidence of the approval of the proposed outsourcing by the Board or Board committee.
The Central Bank will either grant the non-objection or request further information. Banks are encouraged to discuss their material outsourcing plans early on and coordinate with the Central Bank to avoid the non-objection process delaying the outsourcing.

9 Reporting Requirements
Banks must regularly report to the Central Bank on their outsourcing arrangements in the format and frequency prescribed by the Central Bank.

10 Islamic Banking
A bank offering Islamic financial services must ensure that its Sharī’ah governance system explicitly considers Sharī’ah rules and principles with respect to any outsourced activities. The rules and principles are those that would apply if the bank itself performed the activity. A bank offering Islamic financial services must also ensure that its policies and procedures for the review and approval of any proposed outsourcing arrangements explicitly address the risk that Outsourcing Service Providers may be unfamiliar with requirements relating to Sharī’ah rules and principles.
Ensuring Shari’ah compliance for individual products requires that the entire product cycle takes into account Shari’ah rules and principles, even if some activities related to specific products are outsourced, so a bank offering Islamic financial services must include in its outsourcing agreements any necessary measures to mitigate the operational and reputational risks of Shari’ah non-compliance.

Special licenses

Specialized Banks with Low Risk Regulation
C 21/2022 Effective from 1/10/2022

Introduction
The Central Bank is seeking to enhance the organization, development and regulation of the banking sector in the United Arab Emirates (UAE) in the context of the overall organization of the financial sector.
This Regulation introduces a licensing and supervision framework for ‘Specialized Banks with Low Risk’ (herein after referred to as Specialized Banks).
This Regulation is issued pursuant to the powers vested in the Central Bank under the Central Bank Law (Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities and its amendments).

Objective
The objective of this Regulation is to provide a regulatory framework in which Specialized Banks can operate and develop within the overall UAE financial sector in a robust and prudent manner. The framework in this Regulation is aimed at:
1. Protecting the depositors of Specialized Banks;
2. Protecting Specialized Bank consumers; and
3. Maintaining the overall stability of the financial sector.

Scope of Application
This Regulation applies to all Specialized Banks. All branches of a Specialized Bank operating in the UAE shall be regarded together as one Specialized Bank and as one legal entity.
Where this Regulation includes a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements that are additional to the listing provided in the relevant article.

Article (1): Definitions
The following terms and phrases shall have the meaning assigned to them below for the purposes of the Regulation:
1. 1.1 Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
2. 1.2 Board: the Specialized Bank’s board of directors.
3. 1.3 Central Bank: The Central Bank of the United Arab Emirates.
4. 1.4 Central Bank Law: Decretal Federal Law No. (14) of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities as amended or replaced from time to time.
5. 1.5 Person: natural or juridical person.
6. 1.6 Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
7. 1.7 Specialized Bank: any Person licensed in accordance with the provisions of this Regulation.
8. 1.8 UAE Residents: all Persons who are resident of the UAE according to the applicable UAE Laws.

Article 2: Licensing
1. 2.1 Any Person intending to operate a Specialized Bank must first obtain a license from the Central Bank.
2. 2.2 Licenses and license applications will be subject to the Central Bank Law’s related provisions and follow the process as determined by the Central Bank.
3. 2.3 The license shall contain the terms and conditions deemed appropriate by the Central Bank.
4. 2.4 The license shall be granted for an initial period of three years and shall be renewable for same periods unless otherwise required by the Central Bank. A Specialized Bank must apply to the Central Bank for License renewal no later than two months before the expiry date of the existing License.
5. 2.5 The licensee must commence licensed activities, specified in its license according to Article 3 of this Regulation, within a maximum of 6 months from the date of notification of approval of the license.
6. 2.6 A Specialized Bank wishing to cease or suspend any of its licensed activities must apply to the Central Bank at least six months in advance providing the reasons for such a cessation or suspension.
7. 2.7 Any changes to the Specialized Bank’s name, legal form, memorandum and articles of association, or to the activities conducted in addition to those specified in article 3, require prior approval by the Central Bank.
8. 2.8 The commercial name of a Specialized Bank may include the term “specialized bank”, but not the term “bank” alone.
9. 2.9 The applicants may apply for either a conventional Specialized Bank license or an Islamic Specialized Bank license. Islamic windows in conventional Specialized Banks are prohibited.

Article 3: Permitted Activities
1. 3.1 Specialized Banks may only provide the services listed in Article 3.3 to UAE Residents.
2. 3.2 Specialized Banks may only conduct the activities mentioned in Article 3.3 in UAE Dirham.
3. 3.3 Specialized Banks are only permitted to perform the following Licensed Financial Activities:
  1. 3.3.1 Retail finance, including personal loans and vehicle loans;
  2. 3.3.2 Mortgage finance, including residential and commercial mortgages;
  3. 3.3.3 Wholesale finance, including loans to large corporates, small and medium-sized enterprises, microfinancing, finance and operating leasing and wage protection schemes;
  4. 3.3.4 Issue debit, credit and pre-paid cards, provided they are operated under schemes licensed in the UAE;
  5. 3.3.5 Providing stored value services, electronic retail payment and digital money services; and
  6. 3.3.6 Distribution of third party products as an agent; provided that the Specialized Bank received approval from the relevant competent authority for the distribution of the third party products concerned.
4. 3.4 Wholesale lending must not exceed 50% of the Specialized Bank’s total lending.
5. 3.5 Immovable property taken as collateral when lending must be located in the UAE.
6. 3.6 Specialized Banks may only accept deposits subject to the following conditions:
  1. 3.6.1 The aggregate amount of a natural person’s accounts with the Specialized Bank is limited to 5,000,000 UAE Dirham. The Central Bank reserves the right to amend this limit as appropriate;
  2. 3.6.2 The aggregate amount of a juridical person’s accounts with the Specialized Bank does not exceed 10% of the total amount of all accepted deposits and certificates of deposit of the Specialized Bank;
  3. 3.6.3 The deposit accounts are in UAE Dirham only;
  4. 3.6.4 The deposit accounts can only be opened for UAE Residents; and
  5. 3.6.5 The deposits may only be used for lending purposes or reinvested in deposits with other UAE licensed banks.
7. 3.7 Wholesale funding must not exceed 40% of the Specialized Bank’s total funding.
8. 3.8 Specialized Banks are allowed to issue debt securities in UAE Dirham only and must obtain prior approval from the Central Bank. Foreign funding must not exceed 25% of the sum of Aggregate Funding of a Specialized Bank.
9. 3.9 Specialized Banks are allowed to borrow from UAE Banks.
10. 3.10 The aggregate of all participations in the share capital of other companies must not exceed 25% of the Aggregate Capital Funds of the Specialized Bank.
11. 3.11 Any single participation in the share capital of other companies must not exceed 10% of the Aggregate Capital Funds of the Specialized Bank.
12. 3.12 Any single participation in the share capital of any finance sector company must not exceed 25% of the share capital of the investee. This restriction does not apply to companies supporting operational activities of the investing Specialized Bank.
13. 3.13 A Specialized Bank may place deposits in and obtain certificates of deposit from UAE Banks only, provided that:
  1. 3.13.1 The total of deposits and certificates of deposit placed at any one Bank does not exceed 30% of the Specialized Bank’s total deposits placed; and
  2. 3.13.2 Any such deposit or certificate of deposit placed in any UAE Bank does not exceed 10% of the Aggregate Capital Funds of the Specialized Banks.
14. 3.14 A Specialized Bank must not purchase or acquire any immovable property, except for immovable property that is used as premises for its operations.
15. 3.15 Article 3.14 of this Regulation shall not prevent a Specialized Bank from securing a debt on any immovable property and in the event of default in payment of the debt, from entering into a settlement agreement with the relevant borrower and as a result holding that immovable property for realization by sale or auction within three years from the date such ownership was established. The said period could be extended by the Central Bank based on justification acceptable to the Central Bank.
16. 3.16 Islamic Specialized Banks may, as an exemption to article 3.14, own property including immovable property and goods only as part of an underlying financing contract with a borrower.
17. 3.17 Specialized Banks must operate a low credit risk model.
18. 3.18 The total consolidated assets of a Specialized Bank cannot exceed twenty-five (25) billion Dirham.
19. 3.19 The total off-balance sheet exposures of a Specialized Bank cannot exceed more than 15 percent of total consolidated assets.
20. 3.20 Specialized Banks are subject to Central Bank Reserve Requirements.

Article 4: Minimum Capital Requirements
1. 4.1 Aggregate Capital Funds consist of the following items:
  1. 4.1.1 Paid-up capital;
  2. 4.1.2 Reserves, excluding revaluation reserve; and
  3. 4.1.3 Retained earnings.
2. 4.2 The following items must be deducted from Aggregate Capital Funds:
  1. 4.2.1 Accumulated losses; and
  2. 4.2.2 Goodwill.
3. 4.3 The minimum required paid-up capital for a Specialized Bank is set out in the Minimum Capital for Banks Regulation.
4. 4.4 UAE national ownership of a Specialized Bank must comprise at least 60% of total paid-up capital.
5. 4.5 Specialized Banks must maintain Aggregate Capital Funds of at least 12.5% of its total assets at all times, and at least 17% during its first three years of operation. A Specialised Bank may, for the purposes of this calculation, reduce the total assets by the following items:
  1. 4.5.1 Cash collaterals; and
  2. 4.5.2 Sovereign guarantees.
  The items listed above in this Article must be legally enforceable.
6. 4.6 A Specialized Bank must obtain approval from the Central Bank for any proposed distribution of profits or reduction in capital, including dividend distributions, and they must do so before announcing the proposed distribution publicly in a press announcement or by other means of communication and prior to submitting a proposal for a distribution for shareholder approval.
7. 4.7 Any changes in the paid-up capital are subject to prior approval by the Central Bank.
8. 4.8 No single shareholding in a Specialized Bank can exceed 20% of the total shareholding. This limit may be increased by decision of the Board of Directors of Central Bank, on a case by case basis.

Article 5: Liquidity Requirements
Specialized Banks must apply the liquidity Regulation for Banks as issued by the Central Bank.

Article 6: Credit Exposure Restrictions

6.1 A Specialized Bank’s Credit Exposure to a single borrower or group of Related Entities is considered as a Large Credit Exposure, where its value is equal to or exceeds 5% of the Specialized Bank’s Aggregate Capital Funds. For the purpose of calculating the value of a Large Credit Exposure, a Specialized Bank may consider whether to deduct any of the following items:
1. 6.1.1 Provisions;
2. 6.1.2 Cash collaterals;
3. 6.1.3 Bank guarantees from UAE Banks; and
4. 6.1.4 Sovereign guarantees.
Items 2, 3, and 4 listed above must be legally enforceable.
6.2 The aggregate amount of Large Credit Exposures must not exceed 100% of the Aggregate Capital Funds of a Specialized Bank.

6.3 In addition to Article 6.2, the Central Bank has defined maximum permissible Credit Exposure limits, as shown in Table 1 below.

Borrower	Aggregate percentage of Aggregate Capital Funds	Individual percentage of Aggregated Capital Funds
A single borrower	Not applicable	10%
A group of Related Entities	Not applicable	15%
Principal Shareholders and their Related Entities	Not allowed	Not allowed
Subsidiaries and Affiliates	20%	10%
Board members	Not allowed	Not allowed
Employees	2%	20 times salary
External auditors, consultants and lawyers	Not allowed	Not allowed

Article 7: Application of Bank Regulations to Specialized Banks
1. 7.1 Specialized Banks must comply with all Regulations and Standards issued by the Central Bank that are applicable to Banks, with the exception of the Regulations and Standards related to capital requirements and those related to large exposures, the requirements of which are already contained in this Regulation.
2. 7.2 The Central Bank places high importance on ensuring good corporate governance in licensed financial institutions. Specialized Banks must ensure full implementation of the requirements of the corporate governance Regulation and Standards issued by the Central Bank.
3. 7.3 All Specialized Banks must comply with the existing legal obligations and regulatory requirements for AML/CFT of the Central Bank and address money laundering and terrorist financing risks through appropriate preventive measures to deter abuse of the sector as a conduit for illicit funds, and detect money laundering and terrorist financing activities and report any suspicious transactions to the Financial Intelligence Unit at the Central Bank.
4. 7.4 Specialized Banks must be operated prudently and with competence in a manner that will not adversely affect the interests of its customers or potential customers. All Specialized Banks must also comply with the existing regulatory requirements for consumer protection of the Central Bank.

Article 8: Credit Reports
1. 8.1 A Specialized Bank must strictly adhere to the following credit reporting requirements:
  1. 8.1.1 Provide credit information of borrowers to the Al Etihad Credit Bureau and any future credit information agencies established for this purpose in U.A.E. on at least a monthly basis unless otherwise required by the law or the Central Bank; and
  2. 8.1.2 Request credit information of borrowers from the Al Etihad Credit Bureau and any future credit information agencies established for this purpose in U.A.E. before extending credit to an individual borrower or a company.

Article 9: Regulatory Reporting
1. 9.1 The financial year of the Specialized Bank must commence on the 1st of January and end on the 31st of December (except in the year of formation, which commences on the date of registration of the Specialized Bank in the commercial registry and ends on the 31st of December of the next year, provided it does not exceed eighteen months).
2. 9.2 Specialized Banks must regularly report to the Central Bank on their Outsourcing arrangements in the format and frequency prescribed by the Central Bank.

Article 10: Islamic Specialized Banks
1. 10.1 The Central Bank may issue Standards that form an integral part of this Regulation, including standards for Islamic Specialized Banks.

Article 11: Enforcement
1. 11.1 Violation of any provision of this Regulation and any accompanying Standards may be subject to supervisory action and administrative & financial sanctions as deemed appropriate by the Central Bank.
2. 11.2 Supervisory action and administrative & financial sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, imposition of fines or barring individuals from working in the UAE banking sector.

Article (12): Repeal of Circular No. 13/2021
This Regulation cancels and replaces the “Specialized Banks with Low Risk Regulation” issued on 31 March 2021 (the Central Bank’s Circular No. 13/2021 – dated 14/2/2021).

Article 13: Interpretation of Regulation
The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article 14: Publication and Application
This Regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect (1) one month from the date of publication.

Restricted Licence Banks Regulation
C 23/2022 Effective from 15/5/2022

Introduction
The Central Bank is seeking to enhance the regulatory framework for Banks, and cater for banking institutions that carry on restricted Licensed Financial Activities.
The Restricted Licence Banks Regulation (the Regulation) sets out the specific regulatory requirements, which apply to Restricted Licence Banks only.
Apart from the specific regulatory requirements contained in this Regulation, the requirements of all other Regulations, Standards, Guidelines and regulatory instructions issued by the Central Bank, which include All Banks within their scope of application, remain fully applicable and enforceable for Restricted Licence Banks.
Banks licensed under this Regulation, which carry on activities, which are supervised by another regulator, must ensure that the applicable license/s are obtained from the relevant regulator/s to conduct such activities.
This Regulation is issued pursuant to the powers vested to the Central Bank under the Central Bank Law.

Scope
This Regulation applies to all Banks, including branches of foreign banks, licensed by the Central Bank to operate as Restricted Licence Banks in the United Arab Emirates.
Restricted Licence Bank is defined in Article (1) of this Regulation and refers to Banks, which by virtue of the restrictions placed on their licences, are not permitted to on-board natural persons as customers for the purpose of conducting Licensed Financial Activities; and/or to conduct any Licensed Financial Activities with or on behalf of natural persons. Additionally, when establishing a banking relationship with a customer Restricted Licence Banks are prohibited from opening accounts, or providing facilities, of any kind, in any amount less than one million Dirham (AED 1,000,000) or equivalent.
The branches of a Restricted Licence Bank operating in the United Arab Emirates shall be considered as a single Restricted Licence Bank for the purposes of application of the provisions hereof.

Objective
The objective of the Regulation is to enhance the Central Bank’s regulatory framework for Banks and to accommodate for Banks to operate as Restricted Licence Banks in the United Arab Emirates.

Article (1): Definitions
The following terms shall have the meaning assigned to them below for the purposes of this Regulation:
1.1 Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily, carry on the activity of taking deposits, and any other Licensed Financial Activities.
1.2 Board: The Board of Directors of the Restricted Licence Bank.
1.3 Central Bank: The Central Bank of the United Arab Emirates.
1.4 Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities, as amended from time to time.
1.5 High-Net-Worth Customer: A natural person:
1.5.1 whose net worth¹ is more than four million Dirham (AED 4,000,000) or equivalent, the calculation of which does not include the value of any property which is a primary residence, or any money raised through a loan secured on that property; and
1.5.2 whose liquid financial assets² total at least one million Dirham (AED 1,000,000) or equivalent.
1.6 Juridical Person: Any person who is not a natural person.
1.7 Licensed Financial Activities: The financial activities subject to Central Bank licensing and supervision, which are specified in Article (65) of the Central Bank Law.
1.8 Person: A natural or juridical person, as the case may be.
1.9 Regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
1.10 Restricted Licence Bank: Any Bank, which is licensed by the Central Bank in accordance with the provisions of the Central Bank Law, and subject to restrictions on its permitted Licensed Financial Activities as specified in this Regulation.
1.11 Retail Banking: the conduct of Licensed Financial Activities with natural persons.
1.12 Senior Management: Management of the Bank responsible and accountable to the Board for the sound and prudent day- to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
¹ Calculated using standard definition, that is, total assets minus total liabilities.
² Refers to cash or cash equivalents.

Article (2): Licensing
2.1 Any Person who intends to operate a Bank as a Restricted Licence Bank must obtain a licence to do so from the Central Bank.
2.2 Licences and licence applications will be subject to the Central Bank Law’s relevant provisions and follow the process as determined by the Central Bank.
2.3 The licence shall contain the terms and conditions deemed appropriate by the Central Bank.
2.4 As part of the licensing process, an applicant for a licence to operate as a Restricted Licence Bank is required to submit a three (3) year business plan to the Central Bank. The proposed level of paid-up capital must be sufficient to cover the expected regulatory capital requirements over the three (3) year period, based on the projected Licensed Financial Activities.
2.5 The holder of a restricted bank licence must commence Licensed Financial Activities, as specified in its licence according to Article (3) of this Regulation, within a maximum of six (6) months from the date of notification of approval of the licence.
2.6 A Restricted Licence Bank wishing to cease, or suspend, any of its Licensed Financial Activities must apply to the Central Bank at least six months in advance providing the reasons for such a cessation or suspension.
2.7 Ownership of a Restricted Licence Bank must comply with the requirements set out in the Central Bank Law and relevant Regulations.
2.8 Any changes to the Restricted Licence Bank’s name, legal form, memorandum and articles of association, require prior approval by the Central Bank.
2.9 The commercial or trade name of a Restricted Licence Bank must include either of the following terms: “wholesale bank”; or “investment bank”; or another term which conveys the restricted nature of the Bank’s Licensed Financial Activities, and is approved by the Central Bank. The Central Bank may, in certain circumstances and at its sole discretion, approve the use of a name, which does not meet the aforementioned naming requirements. The commercial and trade name shall not include any term that may indicate any activity other than the Licensed Financial Activities of the Bank in accordance with this Regulation.
2.10 Any holder of a licence, issued under the Central Bank’s Wholesale Commercial Banking Regulation issued by Board of Directors’ Resolution No. 41/4/2007, is deemed licensed under this Regulation on its effective date. On the effective date of this Regulation, any applicable Bank which is not compliant with the Regulation must, within ninety (90) days, provide the Central Bank with a detailed plan for coming into compliance with the requirements herein.

Article (3): Permitted Activities
3.1 A Restricted Licence Bank may carry on all Licensed Financial Activities, subject to the restrictions specified in Articles (3.2), (3.3) and (3.4) of this Regulation.
3.2 Restricted Licence Banks are not permitted to carry on Retail Banking activities, that is, they are not permitted to undertake any Licensed Financial Activities with or on behalf of natural persons.
3.3 A Restricted Licence Bank is not permitted to establish a banking relationship with a customer in any amount less than one million Dirham (AED 1,000,000), or equivalent. That is, a Restricted Licence Bank cannot accept an initial deposit of any type or provide an initial credit or funding facility to a customer in any amount less than one million Dirham (AED 1,000,000) or equivalent.
3.4 In certain circumstances, the Central Bank may, in its sole discretion, grant approval to a Restricted Licence Bank to conduct Licenced Financial Activities with a category of natural persons, subject to the imposition of certain controls and conditions on its licence. In all cases, these natural persons must be assessed by the Bank as High Net Worth Customers, that is, at a minimum, in compliance with the criteria stipulated in the definition per Article (1.6) of this Regulation.

Article (4): Requirement to Maintain a Minimum Level of Capital
4.1 Restricted Licence Banks must, at all times, maintain a minimum level of paid- up capital. The level of this requirement is set in Article (5) of this Regulation.
4.2 The minimum level of capital must be held by a Restricted Licence Bank on an ongoing basis and is a prerequisite for licensing.
4.3 A Restricted Licence Bank may not decrease its paid-up capital without the prior approval of the Central Bank.

Article (5): Minimum Level of Paid-Up Capital Required to be Held
5.1 Restricted Licence Banks operating in the United Arab Emirates must maintain fully paid-up capital of at least one billion Dirham (AED 1,000,000,000), except in the case of foreign branch banks.
5.2 Foreign bank branches licensed to operate as Restricted Licence Banks must maintain capital as prescribed in the Central Bank’s Minimum Capital for Banks Regulation³.
5.3 As part of the licensing process, the Central Bank may impose a higher minimum capital requirement and define the quality of capital eligible to meet this requirement. This higher minimum capital requirement will remain applicable until such time that the Central Bank, at its sole discretion, revises the requirement and a new capital decision is taken.
³ Issued via Central Bank Circular No. 12/2021 on 14/2/2021

Article (6): Quality of the Capital to be Held
6.1 The minimum capital requirement, as per Article 5.1 of this Regulation, of a Restricted Licence Bank must be met with fully paid-up capital.

Article (7): Interaction with other Capital Requirements
7.1 The minimum capital requirements as defined by this Regulation must be calculated on a standalone basis.

Article (8): Breaches of the Minimum Capital Requirement
8.1 A Restricted Licence Bank, which is in breach of or is likely to be in breach of the minimum capital requirements, must immediately inform the Central Bank.
8.2 A Restricted Licence Bank, which is in breach of or is likely to be in breach of the minimum capital requirements must submit to the Central Bank for approval, a remediation plan for restoring capital to the minimum required level.
8.3 A Restricted Licence Bank must obtain approval from the Central Bank for any proposed distribution of profits, including dividend distribution, which will result in a breach of the capital requirement as specified in Article (5) of this Regulation. The Restricted Licence Bank must obtain such approval before announcing the proposed distribution publicly in a press announcement, or by other means of communication and prior to submitting a proposal for a distribution for shareholder approval.

Article (9): Application of Bank Regulations to Restricted Licence Banks
9.1 A Restricted Licence Bank must comply with all Regulations issued by the Central Bank that are applicable to Banks. The requirements of the Central Bank’s Minium Capital Banks Regulation4 are not applicable to locally incorporated Restricted Licence Banks, as the minimum capital requirements are established within this Regulation.

4 Issued via Central Bank Circular No. 12/2021 on 14/2/2021

Article (10): Enforcement and Sanctions
10.1 Violation of any provision of this Regulation and any accompanying Standards may be subject to supervisory action, administrative action and financial sanctions as deemed appropriate by the Central Bank.
10.2 Supervisory action and administrative and financial sanctions imposed by the Central Bank may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, imposition of fines or barring individuals from working in the United Arab Emirates’ banking sector.

Article (11): Interpretation of Regulation
11.1 The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article (12): Cancellation of Previous Resolution and Circulars
12.1 This Regulation repeals and replaces the following Resolution and Circulars:
1. 12.1.1 UAE Central Bank Board of Directors Resolution No. 41/4/2007 dated 16/9/2007.
2. 12.1.2 UAE Central Bank Board of Directors Resolution No. 21/2/88 dated 14/6/1988.
3. 12.1.3 Board Circular No. 495 dated 4 December 1979.
4. 12.1.4 Board Circular No. 282 dated 15 May 1976.5
5. 12.1.5 Board Circular No. 276 date 20 April 1976.6
5 As referenced in the Board Circular No. 495 dated 4 December 1979
6 As referenced in the Board Circular No. 495 dated 4 December 1979

Article (13): Publication and Effective Date
13.1 This Regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.
13.2 The Central Bank may apply transitional arrangements, on a case by case basis, to facilitate full compliance by Banks, which at the time of publication of this Regulation, carry on restricted activities in line with this Regulation.

Year	End of 2017	1^st Jan 2018	1^st Jan 2019	1^st Jan 2020 onwards
Risk weights	100%	115%	130%	150%

Year	End of 2017	1^st Jan 2018	1^st Jan 2019	1^st Jan 2020 onwards
Risk weights	100%	115%	130%	150%

Credit assessment of MDBs	AAA to AA-	A+ to A-	BBB+ to BBB-	BB+ to B-	Below B-	Unrated
Risk weight	20%	50%	50%	100%	150%	50%

Credit assessment	AAA to AA-	A+ to A-	BBB+ to BB-	Below BB-	Unrated
Risk Weight	20%	50%	100%	150%	100%

Banking

Capital Adequacy

Regulations Re Capital Adequacy

Introduction

Objective

Scope of Application

Article (1): Definitions

Article (2): Quantitative Requirements

Article (3): Capital Components

Article (4): Regulatory Adjustments

Article (5): Capital Conservation Buffer

Article (6): Countercyclical Buffer

Article (7): Domestic Systemically Important Banks

Article (8): Disclosure Requirements

Article (9): Transitional Arrangements

Article (10): Reporting

Article (11): Interpretation

Article (12): Publication and Application

Standards for Capital Adequacy of Banks in the UAE

I. Introduction and Scope

I. Introduction

II. Scope of Application

III. Domestic Systemically Important Banks (D-SIBs)

IV. Reporting

V. Independent Review

VI. Interpretation

VII. Application

Pillar 1

II. Tier Capital Supply

1. Scope of Application

1.1 Investments in the Capital of Banking Subsidiaries

1.2 Investments in the Capital of Banking, Securities, Financial and Insurance Entities

1.3 Investments in Commercial Entities

2. Eligible Capital

2.1 Component of Capital

2.2 Capital Buffers:

2.3 Common Equity Tier 1

2.4 Additional Tier 1 Capital

2.5 Tier 2 Capital

2.6 Additional Criteria for AT1 and Tier 2 Instruments: Minimum Requirements to Ensure Loss Absorbency at the Point of Non-Vability.

2.7 Minority Interest (i.e. Non-Controlling Interest) and Other Capital Issued Out of Consolidated Subsidiaries

3. Regulatory Adjustments

3.1 Goodwill and Other Intangibles

3.2 Deferred Tax Assets

3.3 Cash Flow Hedge Reserve

3.4 Gain on Sale Related to Securitization Transactions

3.5 Cumulative Gains and Losses Due to Changes in Own Credit Risk on Fair Valued Financial Liabilities

3.6 Defined Benefit Pension Fund Assets and Liabilities

3.7 Investments in Own Shares (Treasury Stock)

3.8 Reciprocal Cross Holdings in the Capital of Banking, Financial and Insurance Entities

3.9 Investments in the Capital of Banking, Securities, Financial and Insurance Entities Where the Bank Owns up to 10% of the Issued Common Share Capital of the Entity

3.10 Significant Investments in the Capital of Banking, Securities, Financial and Insurance Entities That are Outside the Scope of Regulatory Consolidation

4. Threshold Deductions

5. Significant Investments in Commercial Entities

6. Transitional Arrangements

III. Tier Capital Instruments

1. Introduction

2. Capital Approval

3. Scope of Application

4. Definitions and Interpretations

5. General Requirements for Tier Capital Instruments

Specific Requirements for Additional Tier 1

Transition Period

Appendix A: Application Process:

Appendix B: Central Bank of UAE – Processes and Requirements Form for Financial Institutions Operating in UAE

Appendix C: Process of the Eligibility of Capital Instruments

IV. Credit Risk

I. Introduction and Scope

II. Definitions

III. Individual Exposures

A. Sovereigns and Central Banks

B. Public Sector Entities (PSEs)

C. Multilateral Development Banks (MDBs)

D. Banks

E. Securities Firms

F. Corporates

G. Regulatory Retail Portfolios

H. Claims Secured by Residential Property

I. Claims Secured by Commercial Real Estate

J. Past Due Loans