Book traversal links for D. Comprehensive Assessment of Risks
D. Comprehensive Assessment of Risks
C 52/2017 STA Effective from 1/12/202222.All material risks faced by the bank must be addressed in the capital assessment process. While the Central Bank recognises that not all risks can be measured precisely, a process must be developed to estimate risks. Therefore, the following risk exposures, which by no means constitute a comprehensive list of all risks, must be considered:
23.Credit risk: Banks must have methodologies that enable them to assess the credit risk involved in exposures to individual borrowers or counterparties as well as at the portfolio level. For banks, the credit review assessment of capital adequacy, at a minimum, must cover four areas: risk rating systems, portfolio analysis/aggregation, securitisation/complex credit derivatives, and large exposures and risk concentrations.
24.Internal risk ratings are an important tool in monitoring credit risk. Internal risk ratings must be adequate to support the identification and measurement of risk from all credit exposures, and must be integrated into a banks’ overall analysis of credit risk and capital adequacy. The ratings system must provide detailed ratings for all assets, not only for watch list or for problem assets. Appropriateness of loan loss reserves must be included in the credit risk assessment for capital adequacy.
25.The analysis of credit risk must adequately identify any weaknesses at the portfolio level, including any concentrations of risk. It must also adequately take into consideration the risks involved in managing credit concentrations and other portfolio issues through such mechanisms as securitisation programmes and complex credit derivatives.
26.Operational risk: The failure to properly manage operational risk can result in a misstatement of a bank’s risk/return profile and expose the bank to significant losses.
27.A bank must develop a framework for managing operational risk (including cyber risk) and evaluate the adequacy of capital given this framework. The framework must cover the bank’s appetite and tolerance for operational risk, as specified through the policies for managing this risk, including the extent and manner in which operational risk is transferred outside the bank. It must also include policies outlining the bank’s approach to identifying, assessing, monitoring and controlling/mitigating the risk.
28.Market risk: Banks must have methodologies that enable them to assess and actively manage all market risks, wherever they arise, at position, desk, business line and firm-wide level. For banks, their assessment of internal capital adequacy for market risk, at a minimum, must be based on stress testing, including an assessment of concentration risk and the assessment of illiquidity under stressful market scenarios, although all firms’ assessments must include stress testing appropriate to their trading activity.
29.A bank must demonstrate that it has enough capital to not only meet the minimum capital requirements but also to withstand a range of severe but plausible market shocks. In particular, it must factor in, where appropriate:
- i.Illiquidity of prices;
- ii.Concentrated positions (in relation to market turnover);
- iii.One-way markets;
- iv.Non-linear products/deep out-of-the money positions;
- v.Events and jumps-to-defaults;
- vi.Significant shifts in correlations;
30.The stress tests applied by a bank for market risk and, in particular, the calibration of those tests (e.g. the parameters of the shocks or types of events considered) must be reconciled back to a clear statement setting out the premise upon which the bank’s internal capital assessment is based (e.g. ensuring there is adequate capital to manage the traded portfolios within stated limits through what may be a prolonged period of market stress and illiquidity, or that there is adequate capital to ensure that, over a given time horizon to a specified confidence level, all positions can be liquidated or the risk hedged in an orderly fashion). The market shocks applied in the tests must reflect the nature of portfolios and the time it could take to hedge out or manage risks under severe market conditions.
31.Concentration risk must be pro-actively managed and assessed by firms and concentrated positions must be routinely reported to senior management.
32.Banks must demonstrate how they combine their risk measurement approaches to arrive at the overall internal capital for market risk.
33.Interest rate risk in the banking book: The measurement process must include all material interest rate positions of the bank and consider all relevant repricing and maturity data, including modelling maturity assumptions. Such information will generally include current balance and contractual rate of interest associated with the instruments and portfolios, principal payments, interest reset dates, maturities, the rate index used for repricing, and contractual interest rate ceilings or floors for adjustable-rate items. The system must also have well-documented assumptions and techniques.
34.Regardless of the type and level of complexity of the measurement system used, bank management must ensure the adequacy and completeness of the system. Because the quality and reliability of the measurement system is largely dependent on the various assumptions used in the model which will be checked by the Central Bank for reasonability, management must give particular attention to these items.
35.Liquidity risk: Liquidity is crucial to the ongoing viability of any banking organisation. Banks’ capital positions can have an effect on their ability to obtain liquidity, especially in a crisis. Each bank must have adequate systems for measuring, monitoring and controlling liquidity risk. Banks must evaluate the adequacy of capital given their own liquidity profile and the liquidity of the markets in which they operate. Please refer to the Regulation regarding Liquidity Risk Circular No: 33/2015
36.Other risks: Although the Central Bank recognises that ‘other’ risks, such as reputational, strategic and anti-money laundering, are not easily measurable, it expects banks to further develop techniques for managing all aspects of these risks.