(7) | When a bank wishes to adopt the IRB approach for the measurement of the bank's exposure to credit risk as envisaged in regulation 23(10), the board of directors or a designated committee thereof, that is, a subcommittee of the board of directors, and the relevant senior management of the bank, shall approve all material aspects of the bank's rating and risk estimation processes, provided that— |
(a) | the board of directors and any board-appointed committee— |
(A) | a general understanding of the bank's risk rating system; |
(B) | a detailed comprehension of the relevant risk-management reports submitted to the board or board-appointed committee; |
(ii) | shall ensure that the bank establishes and maintains an independent credit risk control unit, which credit risk control unit— |
(A) | shall be responsible for— |
(i) | the design or selection, implementation and performance of the bank's internal rating systems; |
(ii) | the testing and monitoring of internal risk grades; |
(iii) | the production and analysis of summary reports from the bank's rating system, which reports shall include— |
(aa) | historical data in respect of exposures that defaulted, sorted according to the rating of the exposure at the time of default and one year prior to default; |
(bb) | migration analyses in respect of risk grades; |
(cc) | trends in respect of key rating criteria; |
(iv) | the implementation of procedures to verify that rating definitions are consistently applied across all relevant departments and geographical areas; |
(v) | the review and documentation of any changes to the rating process, criteria or rating parameters, including the reasons for such changes; |
(vi) | the review of the rating criteria in order to ensure that the criteria remain predictive of risk. |
(B) | shall be functionally independent from the personnel and management functions or business units or lines responsible for the origination of credit exposures; |
(C) | shall be headed by a person who reports directly to the chief executive officer and the bank's board of directors, provided that, subject to the prior written approval of and such conditions as may be specified in writing by the Registrar, when a bank has appointed an independent Chief Risk Officer (CRO), as part of the bank's governance structure, who reports directly to the chief executive officer of the bank and the bank's board of directors, the head of the credit risk control unit may report directly to the said CRO; |
(D) | shall bring to the attention of the senior management and the board of directors of the bank matters such as credit risk concentrations or any violations of specified risk or appetite limits; |
(E) | shall actively participate in the development, selection, implementation and validation of the bank's rating models. |
(iii) | shall ensure that the bank's rating systems and processes are subject to regular review, but no less frequently than once a year, by the internal audit department or an equally independent function, which independent review— |
(i) | the operations of the credit function; |
(ii) | the estimates of all relevant risk components such as PD ratios, LGD ratios and EAD amounts; |
(iii) | the bank's compliance with all relevant minimum requirements; |
(B) | shall be duly documented. |
(b) | the relevant senior management of the bank— |
(A) | a detailed understanding of the rating system's design and operation; |
(B) | a detailed comprehension of the risk reports generated by the risk system, including information relating to— |
(i) | the relevant internal ratings; |
(ii) | the bank's risk profile based on risk grades; |
(iii) | risk migration across risk grades; |
(iv) | the relevant risk estimates of the relevant parameters per risk grade; |
(v) | a comparison between realised and expected PD ratios, LGD ratios and EAD amounts, |
provided that the frequency of reporting may vary based on the significance and type of information and the level of the recipient.
(ii) | shall provide notice to the board of directors or a committee appointed by the board of material changes or exceptions from the established policies; |
(iii) | shall approve material differences between established procedure and actual practice; |
(iv) | shall, on an ongoing basis, ensure that the rating system operates in an effective manner; |
(v) | shall meet regularly with the relevant staff in the credit risk control unit in order to discuss— |
(A) | the performance of the rating process; |
(B) | areas that may need improvement; |
(C) | the status of previously identified deficiencies. |