Skip to main content
Entire section Custom print Text Only Rich Text Print

Article 3: Credit Risk Management Framework

C 3/2024-STD Effective from 30/11/2024
3.1
The Credit Risk management framework must be designed to support effectively the acquisition and mitigation of Credit Risk. It must be consistent with the Risk Appetite, Risk Profile, systemic importance and capital strength of the LFI. It must take into consideration the current and forward-looking market factors and macroeconomic environment, with the objective to ensure prudent standards of underwriting, evaluation, administration, monitoring, measurement and control of Credit Risk.
 
3.2
The framework must include key components to be effective including, but not be limited to: the scope of instruments and geographies, Risk Appetite, controls, limits, underwriting process, credit administration process, monitoring, management of Past Due Facilities, remediation, provisioning methods, collateral management, system, models and exception management.
 
3.3
The Credit Risk management framework must enable the LFI to obtain a comprehensive group-wide view of Credit Risk exposures. and significant sources of concentration risk, it must cover the entire organisation and must be comprehensive in terms of products, activities and geographies, as well as including a robust methodology for the early identification and appropriate measurement of credit losses.
 
3.4
Scope: The Credit Risk management framework must enable the LFI to obtain a comprehensive group-wide view of Credit Risk exposures and significant sources of concentration risk, it must cover the entire organisation and must be comprehensive in terms of products, activities and geographies. The Credit Risk management framework must cover all financial instruments generating Credit Risk, including on- and off- balance sheet Facilities, receivables, capital market instruments and derivatives. LFIs must ensure that the risks arising from products or activities new to them are subject to adequate controls before being undertaken, and approved in advance by the Board of directors or its appropriate committee.
 
3.5
Risk Appetite: The Credit Risk management framework must be consistent with the Risk Appetite, Risk Profile, and systemic importance of the LFI. It must take into account market and macroeconomic conditions and result in prudent standards of credit underwriting, evaluation, administration and monitoring. This includes risk management policies and processes that establish thresholds for acceptable concentrations of risk and requirements related to Credit Facility structuring, legal due diligence, product-specific controls and underwriting standards.
 
3.6
Climate-related Credit Risk: The Credit Risk management framework must include prudent policies and processes to identify, measure, monitor, report and mitigate the impacts of material climate- related risk drivers on their Credit Risk exposures (including Counterparty Credit Risk) on a timely basis. LFIs should consider a range of risk mitigation options to control or minimise material climate-related Credit Risks. These options may include adjusting credit underwriting criteria, deploying targeted client engagement, or imposing limitations or restrictions such as shorter-tenor Lending, lower loan-to-value limits or discounted asset valuations. LFIs could also consider setting limits on or applying appropriate alternative risk mitigation techniques to their exposures to companies, economic sectors, geographical regions, or segments of products and services that do not align with their business strategy or Risk Appetite.
 
3.7
Country Risk: LFIs that provide Credit Facilities susceptible to Country Risk must implement adequate policies and processes for the appropriate identification, measurement, evaluation, monitoring, reporting and mitigation of Country Risk, comprehensively addressing the implications on Credit Risk. Exposures to Country Risk must be consistent with the Risk Appetite and risk profile of the LFI. The management and control of Country Risk must be incorporated into the key steps of Credit Risk management, covering the origination, underwriting, monitoring and provisioning processes. Relative to the magnitude of foreign Lending, an LFI must review and establish additional provisioning percentage ranges for each country, considering prevailing conditions that may be applicable to its individual exposures.
 
3.8
At a minimum, the Credit Risk management framework must include the following components: Risk Limits, underwriting process, credit administration, monitoring, measurement of Past Due Facilities including problem assets, remediation process, Counterparty Credit Risk, provisioning methodology, collateral management, information systems, analytical tools, provisioning methodologies as well as exception management. The corresponding minimum requirements are articulated below.
 
Risk Acquisition
 
3.9
Risk Limits: LFIs must implement prudent and appropriate credit limits based on adequate metrics and at a suitable level of segmentation granularity. These limits must be consistent with the Board-approved Risk Appetite statement, Risk Profile and capital strength. Risk Limits should be understood by, and regularly communicated to, relevant staff.
 
3.10
Underwriting process: LFIs must implement a clear credit underwriting framework commensurate with their Risk Appetite and Lending strategy. LFIs must follow the minimum requirements presented in the dedicated section of these standards.
 
Risk Management
 
3.11
Credit administration: LFIs must establish effective credit administration policies and processes to address the operational requirements of Credit Facilities throughout their lifetime. These must support the monitoring process of Credit Risk and mitigate operational risks linked to Credit Risk management and must include at a minimum: continued and forward-looking analysis of a Obligor’s (and potentially, a wider borrowing group’s) ability and willingness to repay under the terms of the financial obligation including but not limited to evaluation of underlying assets, robust data gathering, monitoring of documentation, financing covenants, contractual requirements, collateral and other forms of CRM and an archiving mechanism.
 
3.12
Monitoring: LFIs must have policies and processes to continuously monitor the total indebtedness of Obligors, their financial performance and any risk factors that may result in the increased risk of Default, including significant unhedged foreign exchange risk. The above must incorporate the continuous and forward-looking analysis of each portfolio/Obligor’s ability and willingness to meet its obligations under the terms of its contracts, while taking into account the current and future economic environment. This should include regular reviews of credit exposures (at an individual level or at a portfolio level for credit exposures with homogeneous characteristics) to ensure appropriate classification, detection of deteriorating exposures and early identification of problem exposures. This process must be established at several levels of granularity.
 
a.
For each level, suitable metrics and early warning indicators must be put in place. At a minimum, for Wholesale Obligors the monitoring process must be implemented at the following levels of granularity (a) Credit Facility level and Obligor level, (b) consolidated group level for large conglomerate, and (c) segment, portfolio level.
 
b.
The monitoring process must analyse, understand and document the links between Obligors. This must include economic connectivity and correlated factors such as suppliers and/or customers of the Obligor. This must also capture the common sensitivity to the business cycle, the industry risk and any other systemic risks.
 
c.
For Retail Obligors, monitoring should be performed at portfolio levels or at a more granular level, determined by the LFI.
 
d.
The monitoring process must include a regular review and assessment of the impact of Country Risk. In the case of exceptional Country Risk events, dedicated analysis must be performed and reported to Senior Management and the Board. Pro-active mitigating actions must be identified to respond promptly to such events.
 
3.13
Days-Past-Due: Each LFI must have a clearly documented policy compliant with these standards, addressing the method to count Days-Past-Due. Particular attention must be given to the re-ageing of Facilities, whereby the Days-Past-Due counter is reset at zero. This applies only to non-distressed restructuring as defined in these standards. At a minimum, the re- ageing policy must include:
 
a.
The internal approval process and subsequent reporting requirements;
 
b.
Eligibility criteria including minimum performance and a minimum age of a Facility to be eligible for re-ageing;
 
c.
A maximum number of re-ageing occurrence per Facility; and
 
d.
A process to reassess the Obligor’s capacity meet the new terms of its Credit Facility.
 
3.14
Remediation: Any Obligor that has triggered the definition of Default must be managed by individuals not involved in the origination of that Credit Facility, including both relationship management and credit approver for that Credit Facility. The provisions related to distressed assets must be decided independently from the underwriting process. Consequently, each LFI must be in a position to demonstrate that (i) it complies with such independence, irrespective of its specific organization circumstances and (ii) management of provisions on distressed assets are determined according to the LFIs delegated authorities with the oversight of the appropriate committee, or for branches of foreign banks the delegated authority from the head office.
 
3.15
Counterparty Credit Risk: The Credit Risk framework must be adequately designed to manage Counterparty Credit Risk (“CCR”) arising from all derivative transactions. At a minimum the following requirements apply.
 
a.
Each LFI must have a centralised management and Risk Appetite pertaining to CCR across the entire LFI in order to manage the identification, measurement, monitoring, reporting and mitigation of such risk. At a minimum, limits must be established at Obligor level against potential future exposures arising from derivatives.
 
b.
Reporting should include a consolidated view at Obligor level of exposures arising from derivatives and from other financial instruments such as Credit Facilities, bonds and/or Sukuks.
 
c.
The framework must capture all the key drivers of CCR including, but not limited to: (i) current and future exposures, (ii) market risk drivers, (iii) client ratings, (iv) potential netting and collateral agreement, and (v) potential wrong-way risk. All these drivers should be included in the reporting framework.
 
d.
The CCR framework must ensure that adequate legal documentation is place to manage and mitigate derivative exposures. Such documentation should be reviewed and approved by qualified internal or external legal teams.
 
e.
The management of CCR must be supported by adequate documented methodology and analytical tools. Each LFI should identify, analyse and report the market risk factors driving the potential exposure and hence responsible for potential limit breach in the case of market volatility.
 
f.
Finally, as CCR is driven by both Credit Risk and market risk factors, it is essential that the CCR management framework relies on appropriate collaboration and allocation of responsibilities between the Market Risk function, the Credit Risk function and the business lines.
 
Risk Mitigation
 
3.16
Provisioning methodologies: LFIs must establish robust governance and control framework for the estimation and reporting of provisions, consistent with actual recovery of collateral if any, and must be able to substantiate the recoveries with documented evidence. This framework must include the minimum requirements of these standards and ensure that the LFI can demonstrate prudent and effective estimation and reporting of provisions.
 
3.17
Collateral management: Policies must be in place to determine the preferred type of collateral (at a level of specification relevant to the nature of the collateral) and legal charge.
 
a.
There must be robust processes and procedures relating to collateral management, which should be managed by a specialist team. These policies and procedure should include, where relevant, but not be limited to, filing of legal charges, ensuring legal enforceability in a timely manner, collateral valuation methodology and value monitoring, collateral insurance, possible assignment of income derived from any collateral and the ability to inspect the asset. For Wholesale exposures, the credit review function must approve changes in collateral valuation or legal enforceability.
 
b.
The process must also include regular reviews of the performance of underlying assets in the case of securitization and asset-backed Lending/financing.
 
Risk Analytics
 
3.18
Information systems: LFIs must implement effective information systems for the accurate and timely identification, aggregation, data storage and reporting of Credit Risk exposures to Senior Management and the Board on an ongoing basis. Such systems must cover exception tracking, limit breaches and early warning measures to ensure prompt action at the appropriate level of the organisation, when necessary. Processes must be in place to ensure the collection of adequate information on the composition of the credit portfolio, including key financial information, financing metrics and the Repayment history of each Credit Facility and facilitate active management of exposures creating risk concentrations and large exposures to single counterparties or groups of connected counterparties. Credit management systems must be of appropriate sophistication in order to facilitate this data collection and enable appropriate portfolio-level analysis across key risk drivers.
 
3.19
Analytical tools: LFIs must implement analytical tools commensurate with the size and complexity of the organisation to support the measurement and reporting of Credit Risk and provisions. The design, management and validation of these tools must comply with Article 13 on Credit Risk models.
 
Exceptions
 
3.20
Exceptions management: LFIs must implement a clear process to adequately identify and manage exceptions from credit policies and underwriting standards. All exceptions must be reviewed and documented by the CRO. Conclusions and analyses must be supported by clear rationales, prior to submission for approval by the appropriate level of authority within the LFI. Such review and approval must be achieved at Credit Facility level for Wholesale Obligors and at portfolio level for Retail Obligors.
 
a.
LFIs must define materiality criteria for each level of approval of exceptions to credit related policies. Depending on these criteria, exceptions must be approved by either Senior Management, the Credit Risk committee and/or the Board Risk Committee. These criteria must be documented and substantiated by a thorough analysis. Exceptions must represent only a small portion of the credit portfolio.
 
b.
Any Credit Facility granted with deviations from either the credit policy, underwriting standards or Risk Appetite, must be subject to active monitoring and consolidated reporting to Senior Management and the Board on a regular basis. The CRO is responsible for the review, identification and escalation of exceptions to credit policy.
 
c.
Any issuance or the acquisition of credit exposures in breach of the LFI’s Board approved Risk Appetite must always be formally approved by the Board and each approval must contain the written signature of every Board member involved in the approval process.