Proposed Supervisory Guidance for Internal Ratings-Based Systems for Credit Risk, Advanced Measurement Approaches for Operational Risk, and the Supervisory Review Process (Pillar 2) Related to Basel II Implementation, 9084-9193 [07-811]
Download as PDF
<![CDATA[
9084
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
[Docket No. OCC–2007–0004]
FEDERAL RESERVE SYSTEM
[Docket No. OP–1277]
FEDERAL DEPOSIT INSURANCE
CORPORATION
DEPARTMENT OF THE TREASURY
Office of Thrift Supervision
[No. 2007–06]
Proposed Supervisory Guidance for
Internal Ratings-Based Systems for
Credit Risk, Advanced Measurement
Approaches for Operational Risk, and
the Supervisory Review Process (Pillar
2) Related to Basel II Implementation
Office of the Comptroller of
the Currency, Treasury (OCC); Board of
Governors of the Federal Reserve
System (Board); Federal Deposit
Insurance Corporation (FDIC); and
Office of Thrift Supervision, Treasury
(OTS) (collectively, the Agencies).
ACTION: Proposed supervisory guidance
with request for public comment.
sroberts on PROD1PC70 with NOTICES
AGENCIES:
SUMMARY: The Agencies are publishing
for comment three documents that set
forth proposed supervisory guidance for
implementing proposed revisions to the
risk-based capital standards in the
United States (New Advanced Capital
Adequacy Framework or proposed
framework). These proposed revisions,
which would implement the
‘‘International Convergence of Capital
Measurement and Capital Standards: A
Revised Framework,’’ published in June
2004 by the Basel Committee on
Banking Supervision (Basel II), in the
United States, were published in the
Federal Register on September 25, 2006
as a notice of proposed rulemaking
(NPR or proposed rule). The proposed
framework outlined in the NPR would
require some and permit other
qualifying banks to calculate their
regulatory risk-based capital
requirements using an internal ratingsbased (IRB) approach for credit risk and
the advanced measurement approaches
(AMA) for operational risk (together, the
advanced approaches); it also provides
guidelines for the supervisory review
process (Pillar 2). The proposed
supervisory guidance documents
provide additional detail for the
advanced approaches and the
supervisory review process that should
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
help banks satisfy the qualification
requirements in the NPR.
DATES: Comments on the three proposed
supervisory guidance documents must
be submitted on or before May 29, 2007.
ADDRESSES:
OCC: You must include OCC and
Docket Number OCC–2007–0004 in
your comment. You may submit
comments by any of the following
methods:
• Agency Web site: https://
www.occ.treas.gov. Click on ‘‘Contact
the OCC,’’ scroll down and click on
‘‘Comments on Proposed Regulations.’’
• E-mail address:
regs.comments@occ.treas.gov.
• Fax: (202) 874–4448.
• Mail: Office of the Comptroller of
the Currency, 250 E Street, SW., Mail
Stop 1–5, Washington, DC 20219.
• Hand Delivery/Courier: 250 E
Street, SW., Attn: Public Information
Room, Maila Stop 1–5, Washington, DC
20219.
Instructions: All submissions received
must include the agency name (OCC)
and docket number for this proposed
notice. In general, OCC will enter all
comments received into the docket
without change, including any business
or personal information that you
provide.
You may review comments and other
related materials by any of the following
methods:
• Viewing Comments Personally: You
may personally inspect and photocopy
comments at the OCC’s Public
Information Room, 250 E Street, SW.,
Washington, DC. You can make an
appointment to inspect comments by
calling (202) 874–5043.
• Viewing Comments Electronically:
You may request e-mail or CD–ROM
copies of comments that the OCC has
received by contacting the OCC’s Public
Information Room at:
regs.comments@occ.treas.gov.
• Docket: You may also request
available background documents and
project summaries using the methods
described above.
Board: You may submit comments,
identified by Docket No. OP–1277, by
any of the following methods:
• Agency Web site: https://
www.federalreserve.gov. Follow the
instructions for submitting comments at
https://www.federalreserve.gov/
generalinfo/foia/ProposedRegs.cfm.
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• E-mail: regs.comments@
federalreserve.gov. Include the docket
number in the subject line of the
message.
PO 00000
Frm 00002
Fmt 4701
Sfmt 4703
• Fax: (202) 452–3819 or (202) 452–
3102.
• Mail: Jennifer J. Johnson, Secretary,
Board of Governors of the Federal
Reserve System, 20th Street and
Constitution Avenue, NW., Washington,
DC 20551.
All public comments are available
from the Board’s Web site at https://
www.federalreserve.gov/generalinfo/
foia/ProposedRegs.cfm as submitted,
unless modified for technical reasons.
Accordingly, your comments will not be
edited to remove any identifying or
contact information. Public comments
also may be viewed electronically or in
paper form in Room MP–500 of the
Board’s Martin Building (20th and C
Streets, NW.) between 9 a.m. and 5 p.m.
on weekdays.
FDIC: You may submit comments by
any of the following methods:
• Agency Web Site: https://
www.fdic.gov/regulations/laws/federal.
Follow instructions for submitting
comments on the Agency Web Site.
• E-mail: Comments@FDIC.gov.
Include ‘‘Basel II Supervisory
Guidance’’ in the subject line of the
message.
• Mail: Robert E. Feldman, Executive
Secretary, Attention: Comments, Federal
Deposit Insurance Corporation, 550 17th
Street, NW., Washington, DC 20429.
• Hand Delivery/Courier: Guard
station at the rear of the 550 17th Street
Building (located on F Street) on
business days between 7 a.m. and 5 p.m.
(EST).
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
Public Inspection: All comments
received will be posted without change
to https://www.fdic.gov/regulations/laws/
federal including any personal
information provided. Comments may
be inspected and photocopied in the
FDIC Public Information Center, 3501
North Fairfax Drive, Room E–1002,
Arlington, VA 22226, between 9 a.m.
and 5 p.m. (EST) on business days.
Paper copies of public comments may
be ordered from the Public Information
Center by telephone at (877) 275–3342
or (703) 562–2200.
OTS: You may submit comments,
identified by No. 2007–06 by any of the
following methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• E-mail: regs.comments@
ots.treas.gov. Please include No. 2007–
06 in the subject line of the message,
and include your name and telephone
number in the message.
• Fax: (202) 906–6518.
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
• Mail: Regulation Comments, Chief
Counsel’s Office, Office of Thrift
Supervision, 1700 G Street, NW.,
Washington, DC 20552, Attention: No.
2007–06.
• Hand Delivery/Courier: Guard’s
Desk, East Lobby Entrance, 1700 G
Street, NW., from 9 a.m. to 4 p.m. on
business days, Attention: Regulation
Comments, Chief Counsel’s Office,
Attention: No. 2007–06.
Instructions: All submissions received
must include the agency name and
document number. All comments
received will be posted without change
to https://www.ots.treas.gov/
pagehtml.cfm?catNumber=67&an=1,
including any personal information
provided.
Docket: For access to the docket to
read background documents or
comments received, go to https://
www.ots.treas.gov/
pagehtml.cfm?catNumber=67&an=1. In
addition, you may inspect comments at
the Public Reading Room, 1700 G Street,
NW., by appointment. To make an
appointment for access, call (202) 906–
5922, send an e-mail to
public.info@ots.treas.gov, or send a
facsimile transmission to (202) 906–
7755. (Prior notice identifying the
materials you will be requesting will
assist us in serving you.) We schedule
appointments on business days between
10 a.m. and 4 p.m. In most cases,
appointments will be available the next
business day following the date we
receive a request.
FOR FURTHER INFORMATION CONTACT:
OCC: IRB guidance: Fred Finke,
Senior Basel Policy Liaison (202–874–
4468 or fred.finke@occ.treas.gov); AMA
guidance: Mark O’Dell, Deputy
Comptroller for Operational Risk (202–
874–4316 or mark.odell@occ.treas.gov);
or guidance on supervisory review:
Akhtarur Siddique, Lead Expert (202–
874–4665 or
akhtarur.siddique@occ.treas.gov); Office
of the Comptroller of the Currency, 250
E Street, SW., Washington, DC 20219.
Board: IRB guidance: Sabeth
Siddique, Assistant Director, Credit Risk
Section (202–452–3861); AMA
guidance: Stacy Coleman, Assistant
Director, Operational Risk Section (202–
452–2934) or Connie Horsley, Senior
Supervisory Financial Analyst,
Operational Risk Section (202–452–
5239); or guidance on supervisory
review: David Palmer, Senior
Supervisory Financial Analyst, Credit
Risk Section (202–452–2904); Board of
Governors of the Federal Reserve
System, 20th Street and Constitution
Avenue, NW., Washington, DC 20551.
Users of Telecommunication Device for
Deaf (TTD) only, call (202) 263–4869.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
FDIC: IRB guidance: Pete Hirsch,
Chief, Large Bank Supervision (202–
898–6751 or phirsch@fdic.gov), Curtis
Wong, Senior Examination Specialist,
Planning and Program Development
Section (202–898–7327 or
cwong@fdic.gov); AMA guidance: Mark
S. Schmidt, Regional Director (678–916–
2189 or maschmidt@fdic.gov), Alfred
Seivold, Senior Examination Specialist,
Large Bank Supervision (415–808–8248
or aseivold@fdic.gov); or guidance on
supervisory review: Bobby Bean, Chief,
Capital Markets Policy Section (202–
898–3575 or bbean@fdic.gov), Gloria
Ikosi, Senior Quantitative Risk Analyst,
Capital Markets Policy Section (202–
898–3997 or gikosi@fdic.gov); Federal
Deposit Insurance Corporation, 550 17th
Street, NW., Washington, DC 20429.
OTS: IRB guidance: David Tate,
Manager, Examination Quality Review
(202–906–5717); AMA guidance: Eric
Hirschhorn, Senior Financial
Economist, Credit Policy (202–906–
7350); or guidance on supervisory
review: Sonja White, Senior Project
Manager, Capital Policy (202–906–
7857); Office of Thrift Supervision, 1700
G Street, NW., Washington, DC 20552.
SUPPLEMENTARY INFORMATION: The
Agencies issued an NPR on September
25, 2006, 1 which seeks comment on
the New Advanced Capital Adequacy
Framework that revises the existing
general risk-based capital standards as
applied to large, internationally active
U.S. banks.2 The public comment
period on the NPR closes on March 26,
2007.3 The proposed framework would
implement Basel II in the United States.
As described in the NPR, Basel II sets
forth a three-pillar framework
encompassing regulatory risk-based
capital requirements (Pillar 1);
supervisory review of capital adequacy
(Pillar 2); and market discipline through
enhanced public disclosures (Pillar 3).
The proposed framework outlined in the
NPR for Pillar 1 would require some and
permit other qualifying banks to
calculate their regulatory risk-based
capital requirements using the IRB
approach for credit risk and the AMA
for operational risk.4 The NPR also
1 See
71 FR 55830 (Sept. 25, 2006).
simplicity, and unless otherwise noted, the
term ‘‘banks’’ is used here to refer to banks, savings
associations, and bank holding companies. The
terms ‘‘bank holding company’’ and ‘‘BHC’’ refer
only to bank holding companies regulated by the
Board and do not include savings and loan holding
companies regulated by the OTS. For a detailed
description of the institutions covered by this
notice, refer to part I, section 1, of the NPR.
3 See 71 FR 77518 (Dec. 26, 2006).
4 While Basel II provides several approaches for
calculating regulatory risk-based capital
requirements under Pillara1, only the advanced
2 For
PO 00000
Frm 00003
Fmt 4701
Sfmt 4703
9085
requires a process for the supervisory
review of capital adequacy under Pillar
2, and outlines requirements for
enhanced public disclosures under
Pillar 3.5 The NPR describes the
qualification process and provides
qualification requirements for obtaining
supervisory approval for use of the
advanced approaches.6 The
qualification requirements are written
broadly to accommodate the many ways
a bank may design and implement
robust credit and operational risk
measurement and management systems,
and to permit industry practice to
evolve.
The proposed supervisory guidance
documents are companion guidance to
the September 2006 NPR and, as such,
are designed to be consistent with the
proposed rule and do not address any
public comments since the NPR was
issued. They provide additional detail
that should help banks satisfy the
qualification requirements in the NPR.
However, the publication of these
guidance documents for comment does
not imply that the outcome of the NPR
has already been determined. As part of
the regulatory rulemaking process, the
proposed guidance documents are
subject to change as needed based on,
among other things, the public
comments on the guidance and the
Agencies’ decisions regarding any final
rule.
The Agencies believe that the
proposed supervisory guidance
documents are necessary to supplement
the proposed framework with standards
to promote safety and soundness and
encourage comparability across banks.
A bank’s primary Federal supervisor
will review the bank’s framework
relative to the qualification
requirements in the NPR to determine
whether the bank may apply the
advanced approaches and has complied
with the proposed rule in determining
its regulatory capital requirements.
In August 2003, the Agencies issued
an advance notice of proposed
rulemaking (ANPR), which described
the proposed revisions to the existing
risk-based capital framework in general
terms and sought public comment.7 The
content of the ANPR was based, in large
part, on the April 2003 version of the
Basel II framework.8
Contemporaneously with the ANPR, the
Agencies also issued for public
approaches are proposed for implementation in the
United States.
5 Supervisory expectations pertaining to a bank’s
public disclosures are not part of this notice.
6 See part III, section 22 of the NPR.
7 See 68 FR 45900 (Aug. 4, 2003).
8 See The New Basel Capital Accord (April 2003)
(available at https://www.bis.org).
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9086
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
comment two proposed supervisory
guidance documents relating to the
proposed framework.9 The first
proposed 2003 guidance document
described supervisory views on the
credit risk measurement and
management systems that should be
implemented by banks that adopt the
IRB approach for computing risk-based
capital requirements for corporate credit
risk exposures. The second proposed
2003 guidance document provided
supervisory views on the operational
risk measurement and management
systems that should be implemented by
banks that adopt the AMA for
computing risk-based capital
requirements for operational risk,
including their operational risk
management, data elements, and
quantification processes. In October
2004, the Agencies also issued for
public comment proposed supervisory
guidance on IRB systems for retail credit
risk exposures.10
The first guidance document
presented in this notice sets forth
proposed supervisory guidance on IRB
systems for credit risk covering the
wholesale and retail exposure
categories, as well as guidance on the
equity and securitization exposure
categories (IRB Guidance). Under the
IRB framework, banks would use
internal estimates of certain risk
components as key inputs in the
determination of their regulatory riskbased capital requirement for credit risk.
As mentioned above, the Agencies
previously published proposed
supervisory guidance on a bank’s IRB
systems for corporate and retail
exposures in 2003 and 2004,
respectively. Since the release of those
documents, the Agencies have
continued to refine the proposals based
on insights gained from public comment
and the collective efforts of the
interagency IRB working groups. The
IRB Guidance updates and consolidates
the previously proposed supervisory
guidance on corporate and retail
exposures. It also provides new
guidance on systems a bank may need
to differentiate the risk of other credit
exposure types, such as equity and
securitization exposures, as well as to
recognize the benefits of financial
collateral in mitigating counterparty
credit risk in certain transactions or to
use the double default treatment for
certain wholesale exposures.
The IRB Guidance is structured
somewhat differently from the proposed
supervisory guidance issued in 2003
9 See
68 FR 45949 (Aug. 4, 2003).
69 FR 62748 (Oct. 27, 2004), and 70 FR 423
(Jan. 4, 2005) (correction).
10 See
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
and 2004. Those guidance documents
contained four chapters covering
corporate ratings and retail
segmentation systems, quantification,
data management and maintenance, and
controls, with discussion of validation
and stress testing contained within the
rating and segmentation and
quantification chapters. The structure of
the IRB Guidance generally follows the
key components of a bank’s advanced
systems for credit risk outlined in the
NPR. Chapter 1 provides guidance on
governance of a bank’s overall advanced
systems for credit risk. Chapters 2
through 5 cover the components of a
bank’s IRB systems for wholesale and
retail exposures. Chapters 6 and 7
provide guidance on data management
and maintenance and the control and
validation framework. Chapter 8
provides guidance on stress testing.
Chapters 9 through 11 provide guidance
on the other systems a bank may need
to differentiate risk in certain
transactions subject to counterparty
credit risk, equity exposures, and
securitization exposures.
The IRB Guidance supplements the
NPR and provides additional context
and detail to help banks meet the
qualification requirements in the NPR
relevant to a bank’s systems and
processes for credit risk. Thus, the
guidance should be read alongside the
NPR to obtain a full perspective of the
underlying requirements in the
proposed rule. The guidance does not
contain additional proposed
requirements that are not in the NPR.
Chapters 5, 9, 10, and 11, are being
issued for the first time and supplement
the detailed discussion of those topics
in the NPR. Similar to the previously
proposed corporate and retail guidance,
the IRB Guidance contains supervisory
standards (designated with an ‘‘S’’) that
highlight important elements of a bank’s
advanced systems for credit risk. The
supervisory standards contained in the
previously proposed corporate and
retail guidance documents have been
consolidated and updated and new
supervisory standards are proposed.
The second guidance document in
this notice sets forth proposed
supervisory guidance on the AMA for
operational risk (AMA Guidance),
updating the proposed AMA Guidance
published in 2003. Since the issuance of
that proposed AMA Guidance, the
Agencies have revised the guidance to
clarify issues and simplify, wherever
possible, supervisory standards. The
revisions are based on insights gained
from public comment and the collective
efforts of the interagency AMA working
group. Under the AMA framework, a
bank would rely on internal estimates of
PO 00000
Frm 00004
Fmt 4701
Sfmt 4703
its operational risk exposure to generate
its regulatory risk-based capital
requirement for operational risk. The
AMA Guidance provides additional
context and detail to help a bank meet
the qualification requirements outlined
in the NPR relevant to operational risk.
Some of the specific revisions to the
AMA Guidance include: (1) Clarifying
the roles of a bank’s board of directors
and management in developing and
overseeing the implementation of the
bank’s AMA framework; (2) expanding
standard 5 to address the integration of
the bank’s operational risk management,
data and assessment, and quantification
processes into the bank’s existing risk
management decision-making processes;
(3) expanding and clarifying operational
risk quantification standards both to
reflect the evolution of industry
practices, as well as to address
supervisory concerns; (4) clarifying
supervisory expectations regarding the
use of scenario analysis, the key
elements used to support operational
risk management and measurement, and
eligible operational risk offsets (see
standards 20, 24, and 26, respectively);
(5) adding standard 25 that discusses
how frequently a bank must recalculate
its estimate of operational risk exposure
and its risk-based capital requirement
for operational risk; (6) adding standard
27 that a bank must employ a unit of
measure that is appropriate for its range
of business activities and the variety of
operational loss events to which it is
exposed; (7) expanding the discussion
on dependence modeling in standard
28; and (8) adding a section that
discusses a bank’s use, in certain
limited circumstances, of an alternative
quantification system to estimate its
operational risk exposure.
The Agencies recognize that a bank
required to adopt an AMA framework
may have developed an implementation
plan using the proposed supervisory
standards in the 2003 proposed AMA
Guidance to assess its status in meeting
the requirements proposed in the ANPR
and to determine additional work
needed to comply with those
requirements. The table below maps the
current proposed supervisory standards
to those in the 2003 proposed AMA
Guidance.
COMPARISON OF CURRENT PROPOSED
AMA SUPERVISORY STANDARDS TO
THE 2003 PROPOSED AMA SUPERVISORY STANDARDS
Current Proposed Standard
Number
1 ............................................
E:\FR\FM\28FEN2.SGM
28FEN2
2003 Proposed Standard Number
1
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
COMPARISON OF CURRENT PROPOSED
AMA SUPERVISORY STANDARDS TO
THE 2003 PROPOSED AMA SUPERVISORY STANDARDS—Continued
Current Proposed Standard
Number
sroberts on PROD1PC70 with NOTICES
2 ............................................
3 ............................................
4 ............................................
5 ............................................
6 ............................................
7 ............................................
8 ............................................
9 ............................................
10 ..........................................
11 ..........................................
12 ..........................................
13 ..........................................
14 ..........................................
15 ..........................................
16 ..........................................
17 ..........................................
18 ..........................................
19 ..........................................
20 ..........................................
21 ..........................................
22 ..........................................
23 ..........................................
24 ..........................................
25 ..........................................
26 ..........................................
27 ..........................................
28 ..........................................
29 ..........................................
30 ..........................................
31 ..........................................
32 ..........................................
2003 Proposed Standard Number
8
11
2
3
4
5
6
7
9, 10
12
13, 14
15
16
17
18
19
20
21
24
22
23
25
27
New
28
New
29
30
26
31
32, 33
The third document sets forth
proposed supervisory guidance on the
supervisory review process (Pillar 2) in
the New Advanced Capital Adequacy
Framework. The process of supervisory
review described in this proposed
guidance document reflects a
continuation of the longstanding
approach employed by the Agencies in
their supervision of banks. However,
new methods for calculating regulatory
risk-based capital requirements—such
as those in the proposed framework—
and development of improved risk
monitoring and management tools
within the industry often bring changes
in the relative emphasis placed on the
various aspects of supervisory review.
This proposed guidance document
highlights aspects of existing
supervisory review that are being
augmented or more clearly defined to
support the proposed framework. Under
the framework, in determining the
extent to which banks should hold
capital in excess of regulatory
minimums, supervisors would consider
the combined implications of a bank’s
compliance with qualification
requirements for regulatory risk-based
capital standards, the quality and results
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
of its internal capital adequacy
assessment process (ICAAP), and
supervisory assessment of its risk
management processes, control
structure, and other relevant
information relating to its risk profile
and capital position. The ICAAP (while
not mandating the determination of
economic capital) should, to the extent
possible, identify and measure material
risks, which may include (but should
not necessarily be limited to) credit risk,
market risk, operational risk, interest
rate risk, and liquidity risk, and account
for concentrations within and among
risk types.
The Agencies solicit comment on all
aspects of the supervisory guidance
documents. In addition, the Agencies
believe an important goal for any
regulatory capital system is to achieve a
measure of consistency in the capital
requirements assigned to exposures
with similar risk profiles held by
different banks. The Agencies seek
comment on the extent to which this
proposed supervisory guidance will
promote that objective.
Paperwork Reduction Act
A. Request for Comment on Proposed
Information Collection
In accordance with the requirements
of the Paperwork Reduction Act of 1995,
the Agencies may not conduct or
sponsor, and the respondent is not
required to respond to, an information
collection unless it displays a currently
valid Office of Management and Budget
(OMB) control number. The Agencies
are requesting comment on a proposed
information collection. The Agencies
are also giving notice that the proposed
collection of information has been
submitted to OMB for review and
approval.
Comments are invited on:
(a) Whether the collection of
information is necessary for the proper
performance of the Agencies’ functions,
including whether the information has
practical utility;
(b) The accuracy of the estimates of
the burden of the information
collection, including the validity of the
methodology and assumptions used;
(c) Ways to enhance the quality,
utility, and clarity of the information to
be collected;
(d) Ways to minimize the burden of
the information collection on
respondents, including through the use
of automated collection techniques or
other forms of information technology;
and
(e) Estimates of capital or start up
costs and costs of operation,
maintenance, and purchase of services
to provide information.
PO 00000
Frm 00005
Fmt 4701
Sfmt 4703
9087
Comments should be addressed to:
OCC: Communications Division,
Office of the Comptroller of the
Currency, Public Information Room,
Mail stop 1–5, Attention: 1557–NEW,
250 E Street, SW., Washington, DC
20219. In addition, comments may be
sent by fax to (202) 874–4448, or by
electronic mail to
regs.comments@occ.treas.gov. You can
inspect and photocopy the comments at
the OCC’s Public Information Room, 250
E Street, SW., Washington, DC 20219.
You can make an appointment to
inspect the comments by calling (202)
874–5043.
Board: You may submit comments,
identified by FR 4199, by any of the
following methods:
• Agency Web Site: https://
www.federalreserve.gov. Follow the
instructions for submitting comments at
https://www.federalreserve.gov/
generalinfo/foia/ProposedRegs.cfm.
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• E-mail:
regs.comments@ federalreserve.gov.
• Fax: (202) 452–3819 or (202) 452–
3102.
• Mail: Jennifer J. Johnson, Secretary,
Board of Governors of the Federal
Reserve System, 20th Street and
Constitution Avenue, NW., Washington,
DC 20551.
All public comments are available
from the Board’s Web site at https://
www.federalreserve.gov/generalinfo/
foia/ProposedRegs.cfm as submitted,
except as necessary for technical
reasons. Accordingly, your comments
will not be edited to remove any
identifying or contact information.
Public comments may also be viewed
electronically or in paper form in Room
MP–500 of the Board’s Martin Building
(20th and C Streets, NW.) between 9
a.m. and 5 p.m. on weekdays.
FDIC: You may submit comments by
any of the following methods:
• Agency Web Site: https://
www.fdic.gov/regulations/laws/federal.
Follow instructions for submitting
comments on the Agency Web Site.
• E-mail: Comments@FDIC.gov.
Include ‘‘Basel II Supervisory
Guidance’’ in the subject line of the
message.
• Mail: Robert E. Feldman, Executive
Secretary, Attention: Comments, Federal
Deposit Insurance Corporation, 550 17th
Street, NW., Washington, DC 20429.
• Hand Delivery/Courier: Guard
station at the rear of the 550 17th Street
Building (located on F Street) on
business days between 7 a.m. and 5 p.m.
(EST).
E:\FR\FM\28FEN2.SGM
28FEN2
9088
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
Public Inspection: All comments
received will be posted without change
to https://www.fdic.gov/regulations/laws/
federal including any personal
information provided. Comments may
be inspected and photocopied in the
FDIC Public Information Center, 3501
North Fairfax Drive, Room E–1002,
Arlington, VA 22226, between 9 a.m.
and 5 p.m. (EST) on business days.
Paper copies of public comments may
be ordered from the Public Information
Center by telephone at (877) 275–3342
or (703) 562–2200.
A copy of the comments may also be
submitted to the OMB desk officer for
the Agencies: By mail to U.S. Office of
Management and Budget, 725 17th
Street, NW., #10235, Washington, DC
20503 or by facsimile to 202–395–6974,
Attention: Federal Banking Agency Desk
Officer.
OTS: Information Collection
Comments, Chief Counsel’s Office,
Office of Thrift Supervision, 1700 G
Street, NW., Washington, DC 20552;
send a facsimile transmission to (202)
906–6518; or send an e-mail to
infocollection.comments@ots.treas.gov.
OTS will post comments and the related
index on the OTS Internet site at
https://www.ots.treas.gov. In addition,
interested persons may inspect the
comments at the Public Reading Room,
1700 G Street, NW., by appointment. To
make an appointment, call (202) 906–
5922, send an e-mail to
public.info@ots.treas.gov, or send a
facsimile transmission to (202) 906–
7755.
B. Proposed Information Collection
Title of Information Collection:
Proposed Basel II Interagency
Supervisory Guidance for IRB, AMA,
and the Supervisory Review Process.
Frequency of Response: Eventgenerated.
Affected Public:
OCC: National banks.
Board: State member banks, bank
holding companies, affiliates and
certain non-bank subsidiaries of bank
holding companies, commercial lending
companies owned or controlled by
foreign banks, and Edge and agreement
corporations.
FDIC: Insured nonmember banks and
certain subsidiaries of these entities.
OTS: Savings associations and certain
of their subsidiaries.
Abstract: The notice sets forth three
proposed supervisory guidance
documents for implementing proposed
revisions to the risk-based capital
standards in the United States (New
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
Advanced Capital Adequacy
Framework). The proposed guidance
documents concern (1) the internal
ratings-based systems for credit risk
(IRB), (2) the advanced measurement
approaches for operational risk (AMA),
and (3) the supervisory review process
(Pillar II).
The Agencies believe that the
documentation, prior approvals, and
disclosures included in the proposed
IRB and AMA guidance are directly
related to the information collection
requirements found in the Basel II
notice of proposed rulemaking (NPR)
published in the Federal Register on
September 25, 2006 (71 FR 55830). More
specifically, the information collection
aspects of the proposed IRB and AMA
guidance tie to the following sections of
the NPR: 21, 22, 44, 53, and 71. The
Agencies believe that the burden
estimates developed for the NPR
adequately cover the additional
specificity contained in the proposed
IRB and AMA guidance.
For the proposed Pillar II portion of
the guidance, the Agencies believe that
paragraphs 25, 31, 35, 37, and 42
impose new information collection
requirements that were beyond the
scope of the burden estimates developed
for the NPR. The agencies burden
estimates for these additional
information collection requirements are
summarized below. Note that the
estimated number of respondents listed
below include both institutions for
which the Basel II risk-based capital
requirements are mandatory and
institutions that may be considering
opting-in to Basel II (despite the lack of
any formal commitment by most of
these latter institutions).
Estimated Burden:
OCC
Number of Respondents: 52.
Estimated Burden per Respondent:
140 hours.
Total Estimated Annual Burden:
7,280 hours.
Board
Number of Respondents: 15.
Estimated Burden per Respondent:
420 hours.
Total Estimated Annual Burden:
6,300 hours.
FDIC
Number of Respondents: 19.
Estimated Burden per Respondent:
420 hours.
Total Estimated Annual Burden:
7,980 hours.
OTS
Number of Respondents: 4.
PO 00000
Frm 00006
Fmt 4701
Sfmt 4703
Estimated Burden per Respondent:
420 hours.
Total Estimated Annual Burden:
1,680 hours.
The proposed supervisory guidance
documents follow:
Proposed Supervisory Guidance on
Internal Ratings-Based Systems for
Credit Risk
Table of Contents
Introduction
I. Purpose
II. Scope of Guidance
Chapter 1: Advanced Systems for Credit
Risk
Rule Requirements
I. Overview
II. Governance of Advanced Systems
Chapter 2: Wholesale Risk Rating Systems
Rule Requirements
I. Overview
II. Credit Rating Assignment Techniques
A. Expert Judgment
B. Models
C. Constrained Judgment
D. Rating Overrides
III. Definition of Default
IV. Independence of the Wholesale Risk
Rating Process
V. IRB Risk Rating System Architecture
A. Two-Dimensional Risk-Rating System
B. Other Considerations
Chapter 3: Retail Segmentation Systems
Rule Requirements
I. Overview
II. Definition of Default
III. Retail Segmentation Architecture
A. Criteria for Retail Segmentation
B. Assignment of Exposures to Retail
Segments
Chapter 4: Quantification
Rule Requirements
I. Overview
A. Stages of the Quantification Process
B. General Standards for Sound
Quantification
II. Probability of Default (PD)
A. Data
B. Estimation
C. Mapping
D. Application
III. Expected Loss Given Default (ELGD) and
Loss Given Default (LGD)
A. Data
B. Estimation
C. Mapping
D. Application
IV. Exposure at Default (EAD)
A. Data
B. Estimation
C. Mapping
D. Application
V. Maturity (M)
VI. Special Cases and Applications
A. Loan Sales
B. Multiple Legal Entities
Appendix A: Illustrations of the
Quantification Process for Wholesale
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Portfolios
Appendix B: Illustrations of the
Quantification Process for Retail
Portfolios
Chapter 5: Wholesale Credit Risk Protection
Rule Requirements
Chapter 6: Data Management and
Maintenance
Rule Requirements
I. Overview
II. General Data Requirements
A. Life Cycle Tracking for Wholesale
Exposures
B. Rating Assignment Data for Wholesale
Exposures
C. Segmentation Data for Retail Exposures
D. Outsourced Activities
E. Asset Sales
III. Data Applications
A. Validation and Refinement
B. Applying IRB System Improvements
Historically
C. Calculating Risk-Based Capital Ratios
and Reporting to the Public
D. Supporting Risk Management
IV. Managing Data Quality and Integrity
A. Documentation and Definitions
B. Electronic Storage and Access
Appendix A: Data Elements for Wholesale
and Retail Exposures
A. Examples of Data Elements for
Wholesale Exposures
B. Examples of Data Elements for Retail
Exposures
Appendix B: Applying Risk Rating System
Improvements Historically
Chapter 7: Controls and Validation
Rule Requirements
I. Overview
II. Reviews of the IRB System
III. Consistency Between IRB Systems and
Risk Management Processes
IV. Internal Audit
V. Validation Activities
A. General Validation Requirements
B. Validation Activities
C. Minimum Frequency of Validation
sroberts on PROD1PC70 with NOTICES
Chapter 9: Counterparty Credit Risk
Exposure
Rule Requirements
I. Overview
II. Transactions with Counterparty Credit
Risk
III. Definitions
IV. Netting
V. Determination of Eligibility for EAD
Adjustment
VI. Methods for Determining EAD
A. Methodologies for Repo-style
Transactions and Eligible Margin Loans
B. EAD for OTC Derivative Contracts
C. Internal Models Methodology
VII. Defaulted Counterparties
Chapter 10: Risk-Weighted Assets for Equity
Exposures
Rule Requirements
I. Overview
16:25 Feb 27, 2007
Jkt 211001
Chapter 11: Securitizations
Rule Requirements
I. Overview
II. Scope of Application
III. General Principles of the Securitization
Framework
A. Risk Transference
B. Implicit Support
C. Servicer Cash Advances
D. Clean-up Calls
E. Maximum Capital Requirements for
Securitization Exposures
IV. Hierarchy of Approaches
V. IRB Approaches for Securitization
Exposures
A. Ratings-Based Approach
B. Internal Assessment Approach
VI. Internal Credit Assessment Process in the
IAA
VII. Validation of IAA
A. Supervisory Formula Approach
VIII. Early Amortization Provisions
IX. Data Management Requirements
A. Data Elements
Appendix A: Description of the Supervisory
Formula Approach (SFA).
Appendix B: Examples of Data Elements for
Securitization Exposures
Attachment A: The NPR Qualification
Requirements Related to the IRB
Framework
Attachment B: Supervisory Standards
Attachment C: Acronym List
Introduction
Chapter 8: Stress Testing of Risk-Based
Capital Requirements
Rule Requirements
VerDate Aug<31>2005
II. Definition of Banking Book Equities
III. Applying the Framework
IV. Using Internal Models for Equity
Exposures
V. Quantification of Equity Exposures
A. Reference Data
B. External Data
C. Estimation
VI. Validation of Internal Models for Equity
Exposures
VII. Consistency Between Internal Models
Used for Equity Exposures and Risk
Management Processes
I. Purpose
1. This proposed guidance
(‘‘guidance’’), published jointly by the
U.S. Federal banking agencies 1 provides
supervisory guidance for U.S. banks,
thrifts, and bank holding companies
(‘‘banks’’) that adopt the Advanced
Internal Ratings-Based Approach (‘‘IRB’’
or ‘‘IRB framework’’) for calculating
minimum regulatory risk-based capital
(‘‘risk-based capital’’) requirements for
credit risk under the Basel II capital
regulation.
2. This guidance supplements the
notice of proposed rulemaking (‘‘NPR’’
or ‘‘proposed rule’’) published in the
Federal Register on September 25,
1 The Federal banking agencies are: The Board of
Governors of the Federal Reserve System; the
Federal Deposit Insurance Corporation; the Office of
the Comptroller of the Currency; and the Office of
Thrift Supervision; and will collectively be referred
to as ‘‘the Agencies,’’ ‘‘supervisors,’’ or ‘‘regulators’’
in this guidance.
PO 00000
Frm 00007
Fmt 4701
Sfmt 4703
9089
2006.2 The NPR proposes a regulatory
framework within which all banks
subject to the proposed rule must
develop their IRB systems. The NPR
contains qualification requirements that
each bank subject to the proposed rule
must meet to the satisfaction of its
primary Federal supervisor before using
its IRB systems to calculate risk-based
capital requirements. As stated in the
preamble to the NPR, the qualification
requirements for these systems are
written in broad terms to accommodate
the many ways a bank may design and
implement a robust internal risk
measurement and management system
and to permit industry practice to
evolve. As a supplement to the NPR,
this guidance provides supervisory
standards and additional detail on
credit risk measurement and
management systems that will assist
banks in satisfying the requirements in
the NPR.
II. Scope of Guidance
3. The focus of this guidance is on
wholesale, retail, equity, and
securitization exposures. A bank subject
to the IRB framework for credit risk in
the NPR is required to have systems for
determining risk-based capital
requirements for its wholesale and retail
exposures. The wholesale category
includes corporate exposures (for
example, exposures to companies and
banks, as well as commercial real estate
exposures and other types of specialized
lending), sovereign exposures, and other
non-retail exposures. The retail category
includes residential mortgage
exposures, qualifying revolving
exposures (QRE), and other retail
exposures.
4. A bank may also need systems to
differentiate the risk of other exposure
types, such as equity and securitization
exposures, as well as to recognize the
benefits of financial collateral in
mitigating counterparty credit risk in
certain transactions or to use double
default treatment for certain wholesale
exposures.
5. In aggregation, the IRB systems and
other systems for differentiating credit
risk are defined in the NPR and in this
guidance as a bank’s ‘‘advanced
systems.’’ This guidance covers
advanced systems for all of a bank’s
credit-related exposure types. A bank’s
advanced systems also include its
systems for determining risk-based
capital requirements for its operational
risk exposures under the proposed
Advanced Measurement Approaches
(‘‘AMA’’) framework, which is the
subject of a separate supervisory
2 71
E:\FR\FM\28FEN2.SGM
FR 55830 (Sept. 25, 2006).
28FEN2
sroberts on PROD1PC70 with NOTICES
9090
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
guidance document. Certain banks
subject to the proposed rule may also be
required to calculate risk-based capital
requirements for their market risk
exposures.
6. As described in separate guidance
relating to supervisory review (Pillar 2),
in addition to meeting qualification
requirements for regulatory risk-based
capital standards, a bank must have a
rigorous process for assessing its overall
capital adequacy in relation to its risk
profile and a comprehensive strategy for
maintaining an appropriate level of
capital. This process (while not
mandating the determination of
economic capital) should, to the extent
possible, identify and measure material
risks, which may include (but should
not necessarily be limited to) credit risk,
market risk, operational risk, interest
rate risk, and liquidity risk, and account
for concentrations within and among
risk types. One of the main objectives of
the internal capital adequacy
assessment process is to identify the
extent to which banks need to hold
capital above regulatory minimums, in
order to address risks not adequately
captured by minimum regulatory capital
requirements.
7. A primary objective of the IRB
framework is to make the risk-based
capital requirements more sensitive to
credit risk. In general, the IRB
framework incorporates recent
developments in risk management and
banking supervision. Under this
framework, banks use their own internal
risk rating and segmentation systems, as
well as their quantification processes, to
generate estimates of risk parameters
that are inputs to the calculation of the
risk-based capital requirements. Data
that support accurate and reliable credit
risk measurements, as well as rigorous
management oversight and controls,
including continuous monitoring and
validation, are crucial to the prudent
application of the IRB framework.
8. This guidance, which is written for
supervisors and bankers, describes the
important elements and characteristics
of a bank’s advanced systems for credit
risk. Toward this end, this guidance
designates certain of those elements as
supervisory standards denoted by the
prefix ‘‘S.’’ These supervisory standards
generally implement or clarify the
requirements in the NPR and, whenever
possible, are principle-based to provide
banks with flexibility in implementing
the framework. However, when
prudential concerns or the need for
standardization outweigh the benefits of
flexibility, the supervisory standards are
specified in greater detail. Furthermore,
nothing in this guidance should be
interpreted as weakening, modifying, or
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
superseding the safety and soundness
principles articulated in the Agencies’’
existing statutes, regulations, or
guidance. The standards are contained
within each chapter with a full
compilation of the standards provided
in Attachment B.
9. Supervisors will consider this
guidance in evaluating banks’ advanced
systems for credit risk. This guidance
assumes that readers are familiar with
the proposed framework for calculating
risk-based capital requirements for
credit risk articulated in the NPR.
10. The conceptual framework
outlined in this guidance is not
intended to dictate the precise manner
by which banks should meet the
qualification and other requirements in
the NPR. Supervisors will determine
compliance with the qualification
requirements by evaluating, on an
individual bank basis, the extent to
which banks meet the substance and
spirit of those requirements as they
relate to each of the components of a
bank’s advanced systems for credit risk.
However, evaluating each qualification
requirement individually is not
sufficient to determine a bank’s overall
compliance. The components of a
bank’s advanced systems for credit risk
should complement and reinforce one
another to ensure the accuracy of risk
measurements. As part of the
supervisory review of a bank’s advanced
systems, supervisors will analyze the
extent to which a bank’s advanced
systems incorporate the substance and
spirit of the standards outlined in this
guidance.
11. The structure of this guidance
generally follows the key components of
the advanced systems for credit risk.
Chapter 1 provides guidance on
governance of a bank’s overall advanced
systems. Chapters 2 through 7 cover the
components of a bank’s IRB systems for
wholesale and retail exposures. Chapter
8 provides guidance on stress testing.
Chapters 9 through 11 provide guidance
on the other systems a bank may need
to differentiate risk for certain
transactions subject to counterparty
credit risk, equity exposures, and
securitization exposures and
supplements the detailed discussion of
these exposure types in the NPR. The
data standards and control framework
provided in Chapters 6 and 7,
respectively, of this guidance generally
apply to these other systems as well.
12. To aid the reader, the applicable
NPR qualification requirements are
listed at the front of each chapter, as
well as listed together in Attachment A.
Also, certain NPR requirements, such as
definitions, are either repeated in this
guidance or paraphrased to provide
PO 00000
Frm 00008
Fmt 4701
Sfmt 4703
context. However, readers must look to
the NPR for the exact proposed rule
requirements.
13. What follows is a brief description
of each chapter:
Chapter 1: Advanced Systems for Credit
Risk
The chapter provides a discussion of
the governance and system and process
requirements for a bank’s advanced
systems for credit risk. It also outlines
the key components of a bank’s
advanced systems for credit risk.
Chapter 2: Wholesale Risk Rating
Systems
A key component of an IRB system for
wholesale exposures is the risk rating
system. This chapter describes the
design and operation of wholesale risk
rating systems. Banks should use the
principles outlined in this chapter when
designing and operating wholesale risk
rating systems.
Chapter 3: Retail Segmentation Systems
A key component of an IRB system for
retail credit exposures is the
segmentation system, which groups
retail exposures into segments according
to risk characteristics. This
segmentation is the retail portfolio
analogue of assigning ratings to
exposures in wholesale portfolios. This
chapter describes the design and
operation of an IRB segmentation
system. The retail framework provides
banks with substantial flexibility to use
the retail segmentation that is most
appropriate for their activities.
Chapter 4: Quantification
Another key component of an IRB
system is a quantification process that
assigns numerical values to the key risk
parameters that are used as inputs to the
IRB risk-based capital formulas. This
chapter provides guidance on the
quantification process for wholesale and
retail exposures. These risk parameters
are probability of default (‘‘PD’’),
expected loss given default (‘‘ELGD’’),
loss given default (‘‘LGD’’), and
exposure at default (‘‘EAD’’), and for
wholesale exposures only, the effective
remaining maturity (‘‘M’’). The
quantification of these risk parameters
should be the result of a disciplined
process as described in this chapter. The
chapter also includes specific examples
for both wholesale rating systems and
retail segmentation systems in the two
appendices.
Chapter 5: Wholesale Credit Risk
Protection
This chapter supplements the detailed
discussion of credit risk mitigation in
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
the NPR by providing guidance on how
banks may recognize contractual
arrangements for exposure-level credit
protection (eligible guarantees and
eligible credit derivatives) that transfer
risk to one or more third parties. Each
of these forms of credit protection must
meet certain specific standards of
eligibility, as articulated in the NPR, for
recognition of the associated risk
mitigation.
Chapter 6: Data Management and
Maintenance
A bank must have advanced data
management and maintenance systems
that support credible and reliable risk
parameter estimates. This chapter
describes how a bank should collect,
maintain, and manage the data needed
to support the other IRB system
components for wholesale and retail
exposures (e.g., risk rating and
segmentation systems, the
quantification process, and validation
and other control processes), as well as
the bank’s broader risk management and
reporting needs.
Chapter 7: Controls and Validation
A bank must have a system of controls
that ensures that the components of the
IRB system are functioning effectively.
This chapter provides guidance on the
important elements of an effective
control environment, including
independent review processes, a
comprehensive validation process
(evaluation of developmental evidence,
ongoing monitoring, and outcomes
analysis), and an internal audit review
and reporting process.
sroberts on PROD1PC70 with NOTICES
Chapter 8: Stress Testing of Risk-Based
Capital Requirements
Banks must conduct stress testing
analysis of their advanced systems for
credit risk as part of the risk-based
capital management process. Stress
testing analysis is a means of
understanding how economic
downturns, as described by stress
scenarios, cause migration across ratings
or segments and the concomitant change
in required risk-based capital. This
chapter discusses considerations for
conducting stress testing analyses.
Chapter 9: Counterparty Credit Risk
Exposure
For certain transactions subject to
counterparty credit risk, banks may be
allowed to recognize the risk mitigating
effect of financial collateral through an
adjustment to EAD. This chapter
supplements the detailed discussion of
counterparty credit risk in the NPR by
describing some of the elements of
counterparty credit risk mitigation,
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
providing information to aid banks in
choosing among the alternative methods
to calculate EAD for these transactions,
and providing some descriptions and
illustrative examples of acceptable
modeling practices for the estimation of
EAD under the alternative methods.
Chapter 10: Risk-Weighted Assets for
Equity Exposures
This chapter supplements the detailed
discussion of equity exposures provided
in the NPR. It provides guidance on
determining risk-based capital
requirements for equity exposures held
in the banking book for banks subject to
the Market Risk Rule and for all equity
exposures for banks not subject to the
Market Risk Rule.
Chapter 11: Securitization Exposures
A securitization exposure is any
exposure whose credit risk reflects the
tranching of risk of one or more
underlying exposures. This chapter
describes the concepts, eligibility, and
mechanics associated with applying the
three approaches for calculating riskbased capital requirements for
securitization exposures.
Chapter 1: Advanced Systems for Credit
Risk
Rule Requirements
Part III, Section 22(a)(2): The systems
and processes used by a bank for riskbased capital purposes [in the NPR]
must be consistent with the bank’s
internal risk management processes and
management information reporting
systems.
Part III, Section 22(a)(3): Each bank
must have an appropriate infrastructure
with risk measurement and management
processes that meet the qualification
requirements [in the NPR] and are
appropriate given the bank’s size and
level of complexity. Regardless of
whether the systems and models that
generate the risk parameters necessary
for calculating a bank’s risk-based
capital requirements are located at any
affiliate of the bank, the bank itself must
ensure that the risk parameters and
reference data used to determine its
risk-based capital requirements are
representative of its own credit risk and
operational risk exposures.
Part III, Section 22(j)(1): The bank’s
senior management must ensure that all
components of the bank’s advanced
systems function effectively and comply
with the qualification requirements [in
the NPR].
Part III, Section 22(j)(2): The bank’s
board of directors (or a designated
committee of the board) must at least
annually evaluate the effectiveness of,
PO 00000
Frm 00009
Fmt 4701
Sfmt 4703
9091
and approve, the bank’s advanced
systems.
Part III, Section 22(k): Documentation.
The bank must adequately document all
material aspects of its advanced
systems.
I. Overview
1. This chapter provides a discussion
of the governance and system and
process requirements for a bank’s
advanced systems for credit risk. Board
of directors and senior management
oversight is critical to ensure that the
design and function of the advanced
systems are appropriate. Regardless of
the specifics of a bank’s advanced
systems for credit risk, a bank should
have a rigorous credit risk management
infrastructure that complements these
systems.
2. A bank subject to the framework for
credit risk in the NPR is required to
have an internal ratings-based system
(‘‘IRB system’’) for determining riskbased capital requirements for its
wholesale and retail exposures.
S 1–1 An IRB system must have five
interdependent components that enable
an accurate measurement of credit risk
and risk-based capital requirements.
3. The components of an IRB system
are:
• A risk rating and segmentation
system that differentiates risk by
assigning ratings to individual
wholesale obligors and exposures and
individual retail exposures to segments;
• A quantification process that
translates the risk characteristics of
wholesale obligors and exposures and
segments of retail exposures into
numerical risk parameters that are used
as inputs to the IRB risk-based capital
formulas. These risk parameters are
probability of default (‘‘PD’’), expected
loss given default (‘‘ELGD’’), loss given
default (‘‘LGD’’), and exposure at default
(‘‘EAD’’), and for certain wholesale
exposures only, the effective remaining
maturity (‘‘M’’);
• A data management and
maintenance system that supports the
IRB system;
• Oversight and control mechanisms
that ensure the IRB system is
functioning effectively and producing
accurate results; and
• An ongoing process that validates
the accuracy of the risk rating
assignments, segmentations, and the
risk parameters.
4. If applicable, a bank will also need
systems to differentiate risk for other
credit exposure types, such as for equity
and securitization exposures, as well as
to recognize the benefits of financial
collateral in mitigating counterparty
credit risk in certain transactions or to
E:\FR\FM\28FEN2.SGM
28FEN2
9092
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
use double default treatment for certain
wholesale exposures.
5. In aggregation, the IRB system and
other systems for differentiating credit
risk are defined in the NPR and in this
guidance as a bank’s ‘‘advanced
systems’’ for credit risk. Chapters 2
through 7 of this guidance provide
supplemental guidance on IRB systems
for wholesale and retail exposures.
Chapter 8 provides banks with guidance
on conducting stress testing analyses of
their advanced systems for credit risk.
Chapters 9 through 11 cover additional
systems a bank may need to have for
other credit exposure types.
II. Governance of Advanced Systems
S 1–2 Senior management must
ensure that all of the components of the
bank’s advanced systems for credit risk
function effectively and comply with
the qualification requirements in the
NPR.
6. Senior management should provide
ongoing, active oversight of the
advanced systems outlined in this
supervisory guidance, and articulate the
expectations for the technical and
operational performance of the
advanced systems, including the control
framework. To provide effective
oversight of the advanced systems,
senior management should have
extensive knowledge of the advanced
systems’ policies, underwriting
standards, lending practices, account
management activities, and collection
and recovery practices. Senior
management should understand how
these factors affect all of the
components of the advanced systems.
7. The scope and depth of risk
management reports should be
sufficient for senior management to
monitor the performance of the
components of the advanced systems.
Detailed reports should include, but are
not limited to, the following topics:
• Risk profile by rating for wholesale
exposures and by segment for retail
exposures;
• Migration across ratings and
segments with emphasis on unexpected
results;
• Updates to the quantification
performance results;
• Validation results;
• Comparative analysis of risk-based
and internal capital assessments; and
• Control process assessments.
S 1–3 The board of directors or its
designated committee must at least
annually evaluate the effectiveness of,
and approve, the bank’s advanced
systems.
8. The board of directors or its
designated committee should at least
annually ensure that management has
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
appropriate processes and controls in
place that support effective advanced
systems for credit risk. The board
should be provided with information
that will enable it to conclude, with
reasonable assurance, that management
has appropriate processes and controls
in place that support effective advanced
systems for credit risk. To allow for
ongoing monitoring, the board should
be provided with reports summarizing
the design and performance of the
advanced systems. The board’s strategic
direction and oversight is essential to
effective advanced systems.
S 1–4 Each bank (including each
depository institution) must ensure that
the risk parameters and reference data
used to determine its risk-based capital
requirements are representative of its
own credit risk.
9. Each bank must have an
appropriate infrastructure with risk
measurement and management
processes that meet the qualification
requirements in the NPR. Each bank’s
advanced systems for credit risk should
also incorporate the supervisory
standards in this guidance. This
infrastructure must be appropriate given
the bank’s size and level of complexity.
Regardless of whether the systems and
models that generate the risk parameters
necessary for calculating a bank’s riskbased capital requirements are located
at any affiliate of the bank, the bank
must ensure that the risk parameters
and reference data used to determine its
risk-based capital requirements are
representative of the bank’s credit risk
profile.
10. While some organizations may
conduct rating, segmentation,
quantification, and validation activities
on a consolidated basis, each bank
subject to the capital requirements for
advanced systems must determine its
risk-based capital requirements for
credit risk on a stand-alone basis and
hold its own separate risk-based capital
in proportion to the risk exposure of its
portfolios. Specifically, the PD, ELGD,
LGD, and EAD estimates used to
determine risk-based capital levels must
be applied to exposures at the exposure
or segment level, and risk-based capital
requirements for each relevant bank
should be based on the proportionate
share of each exposure or segment
owned by such bank.
11. The board of directors should
ensure that senior management at each
bank confirm, through periodic
evaluations, that risk parameters
assigned to its credit exposures are
appropriate on a stand-alone basis, and
that the control and validation
standards in Chapter 7 of this guidance
are met.
PO 00000
Frm 00010
Fmt 4701
Sfmt 4703
S 1–5 Banks should establish
specific accountability for the overall
performance of their advanced systems
for credit risk.
12. An individual or group of
individuals should be responsible for
the design and operation of the overall
advanced systems. This accountability
includes oversight for all of the
components of the advanced systems for
credit risk, regardless of which
organizational units perform those
processes. Authority and key
responsibilities should be thoroughly
documented and responsible
individuals should be held accountable
for the performance of the advanced
systems.
S 1–6 A bank’s advanced systems
should be transparent.
13. Banks must adequately document
all material aspects of their advanced
systems. Adequate documentation will
ensure transparency of a bank’s
advanced systems. A bank demonstrates
the transparency of its advanced
systems by comprehensively
documenting all the systems’’
components. Transparency through
documentation is important so that
third parties, such as a bank’s
supervisors and auditors, are able to
understand, evaluate, and assess the
effectiveness of the bank’s advanced
systems.
14. Documentation should
encompass, but is not limited to, the
internal risk rating and segmentation
systems, risk parameter quantification
processes, data collection and
maintenance processes, and model
design, assumptions, and validation
results. The guiding principle governing
documentation is that it should support
the requirements for the quantification,
validation, and control and oversight
mechanisms as well as the bank’s
broader credit risk management and
reporting needs. Documentation is
critical to the supervisory oversight
process.
Chapter 2: Wholesale Risk Rating
Systems
Rule Requirements
Part III, Section 22(b)(1): A bank must
have an internal risk rating and
segmentation system that accurately and
reliably differentiates among degrees of
credit risk for the bank’s wholesale and
retail exposures.
Part III, Section 22(b)(2): For
wholesale exposures, a bank must have
an internal risk rating system that
accurately and reliably assigns each
obligor to a single rating grade
(reflecting the obligor’s likelihood of
default). The bank’s wholesale obligor
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
rating system must have at least seven
discrete rating grades for non-defaulted
obligors and at least one rating grade for
defaulted obligors. Unless the bank has
chosen to directly assign ELGD and LGD
estimates to each wholesale exposure,
the bank must have an internal risk
rating system that accurately and
reliably assigns each wholesale
exposure to loss severity rating grades
(reflecting the bank’s estimate of the
ELGD and LGD of the exposure). A bank
employing loss severity rating grades
must have a sufficiently granular loss
severity grading system to avoid
grouping together exposures with
widely ranging ELGDs or LGDs.
Part III, Section 22(b)(4): The bank’s
internal risk rating policy for wholesale
exposures must describe the bank’s
rating philosophy (that is, must describe
how wholesale obligor rating
assignments are affected by the bank’s
choice of the range of economic,
business, and industry conditions that
are considered in the obligor rating
process).
Part III, Section 22(b)(5): The bank’s
internal risk rating system for wholesale
exposures must provide for the review
and update (as appropriate) of each
obligor rating and (if applicable) each
loss severity rating whenever the bank
receives new material information, but
no less frequently than annually.
sroberts on PROD1PC70 with NOTICES
I. Overview
1. This chapter describes the design
and operation of IRB risk rating systems
for wholesale exposures. Banks will
have latitude in designing and operating
wholesale risk rating systems, subject to
four broad principles:
Two-dimensional risk rating system—
Banks must be able to make meaningful
and consistent differentiations among
credit exposures along two
dimensions—obligor default risk and
loss severity in the event of a default.
Rank order risks—Banks must rank
obligors by their likelihood of default,
and wholesale exposures (e.g., loans,
facilities) by the loss severity expected
in the event of default.
Quantification—The risk rating
system must be designed to facilitate
quantification of obligor ratings in terms
of PD and loss severity in terms of ELGD
and LGD.
Accuracy—The risk rating system
must be designed to ensure that ratings
are accurate, so that obligors within a
rating grade have similar default risk
and wholesale exposures within a loss
severity rating grade have similar risk of
loss in the event of default.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
II. Credit Rating Assignment
Techniques
2. In general, a credit rating is a
summary indicator of the relative risk of
a credit exposure. Credit ratings can
take many forms. Regardless of the form,
meaningful credit ratings share two
characteristics:
• They group exposures to
discriminate among possible outcomes.
• They rank the perceived level of
credit risk.
3. Banks have used credit ratings of
various types for a variety of purposes.
Some ratings are intended to rank
obligors by risk of default and some are
intended to rank wholesale exposures
by expected loss, which incorporates
risk of default and loss severity. Only
risk rating systems that distinguish
probability of default from loss given
default meet the two-dimensional
requirements for the IRB framework.
4. Banks use different techniques,
such as expert judgment and models, to
assign credit risk ratings. How ratings
are assigned is important because
different techniques will require
different validation processes and
control mechanisms to ensure the
integrity of the rating system. Validation
and controls are discussed in Chapter 7
of this guidance. Some rating
assignment techniques are described
below; any of these techniques—expert
judgment, models, constrained
judgment, or a combination thereof—
could be acceptable in an IRB system,
provided the bank meets the
qualification requirements in the NPR
and the substance and spirit of the
standards outlined in this guidance.
A. Expert Judgment
5. Historically, banks have used
expert judgment to assign ratings to
wholesale exposures. With this
technique, an individual weighs
relevant information and reaches a
conclusion about the appropriate risk
rating. The rater makes informed
judgments based on knowledge gained
through experience and training.
6. The key feature of expert-judgment
systems is flexibility. The prevalence of
judgmental rating systems reflects the
view that the determinants of default are
too complicated to be captured by a
single quantitative model. The quality of
management is often cited as an
example of a risk determinant that is
difficult to assess using a quantitative
model. In order to foster internal
consistency, banks employing expert
judgment rating systems should provide
narrative guidelines that set out specific
quantitative and qualitative rating
criteria for each rating grade. However,
PO 00000
Frm 00011
Fmt 4701
Sfmt 4703
9093
the expert should decide how much
weight to give to each of these criteria
in assigning a risk rating grade to an
obligor.
7. The flexibility possible in the
assignment of judgmental ratings has
implications for how the accuracy of the
ratings is reviewed. One goal of the
ratings review validation process is to
confirm that raters followed policy.
However, two individuals exercising
judgment can use the same information
to support different ratings. Thus,
individuals reviewing an expert
judgment rating system should have
sufficient credit expertise and a
thorough knowledge of how the bank’s
rating methodology and policies should
be applied.
B. Models
8. In recent years, models have been
developed to assign ratings to wholesale
exposures. In a model-based approach,
inputs are numeric and provide
quantitative and qualitative information
about an obligor. The inputs are
combined using mathematical equations
to produce a number that is translated
into a categorical rating. An important
feature of models is that the rating is
perfectly replicable by another party,
given the same inputs.
9. Models to assign wholesale ratings
typically are statistically derived or
based on expert-judgment techniques.
10. Some models are the result of
statistical optimization, in which welldefined mathematical criteria are used
to choose the model that has the closest
fit to the observed data. Numerous
techniques can be used to build
statistical models; regression is one
widely recognized example. Such
models are often referred to as scoring
models or scorecards, because they
produce a single number, or ‘‘score,’’ as
an output that may be related, for
example, to the estimated probability of
default of each individual obligor in a
portfolio. Regardless of the specific
statistical technique used, a
knowledgeable independent reviewer
should exercise judgment in evaluating
the reasonableness of a model’s
development, including its underlying
logic, and the methods used to handle
the data.
11. In other cases, banks have built
rating models by asking their experts to
decide what weights to assign to critical
variables in the models. Drawing on
their experience, the experts first
identify the observable variables that
affect the likelihood of default. They
then reach agreement on the weights to
be assigned to each of the variables.
Unlike statistical optimization, the
experts are not necessarily using clear,
E:\FR\FM\28FEN2.SGM
28FEN2
9094
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
consistent criteria to select the weights
attached to the variables. Indeed, expertjudgment model building is often a
practical choice when there is not
enough data to support a statistical
model building. Despite its dependence
on expert judgment, this method can be
called model-based as long as the
resulting equation, most likely with
linear weights, is used to rate the
credits. Once the equation is set, the
model can be replicated, a feature
shared with statistically derived models.
However, while some banks refer to
these types of expert-derived models as
‘‘scorecards,’’ they are not scoring
models in the conventional use of the
term. The term scoring model or
scorecard is customarily reserved for a
rating model derived using strictly
statistical techniques, as described in
the preceding paragraph. Generally,
independent credit experts use
judgment to evaluate the reasonableness
of the development of these expertderived models.
raise many of the same issues presented
separately by pure judgment and modelbased systems. If overrides are rare, the
system can be evaluated largely as if it
is a model-based system. If, however,
overrides are prevalent, the system will
be evaluated more like a judgmental
system.
C. Constrained Judgment
12. The alternatives described above
present the extremes; in practice, banks
use risk rating systems that combine
models with judgment. Two approaches
are common.
Judgmental systems with quantitative
guidelines or model results as inputs.
Individuals exercise judgment about
risks subject to policy guidelines
containing quantitative criteria such as
minimum values for particular financial
ratios. Banks develop quantitative
criteria to guide individuals in assigning
ratings, but the criteria may need to be
augmented with additional information.
One version of this constrained
judgment approach features a model
output as one among several criteria that
an individual may consider when
assigning ratings. The individual
assigning the rating is responsible for
prioritizing the criteria, reconciling
conflicts between criteria, and, if
warranted, overriding some criteria.
Even if individuals incorporate model
results as one of the factors in their
ratings, they will exercise judgment in
deciding what weight to attach to the
model result. The appeal of this
approach is that the model combines
many pieces of information into a single
output, which simplifies analysis, while
the rater retains flexibility regarding the
use of the model output.
Model-based ratings with judgmental
overrides. When banks use rating
models, individuals are permitted to
override the results under certain
conditions and within tolerance levels
for frequency. Credit-rating systems in
which individuals can override models
III. Definition of Default
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
D. Rating Overrides
13. Regardless of the rating
assignment technique in use, banks
should define, within their IRB rating
system documentation, what constitutes
a ratings override. A judgmental
override occurs when judgment is used
to reject a rating suggested by an
objective rating process, such as a model
or scorecard. A policy override occurs
whenever a rating is assigned in a
manner that deviates from the bank’s
approved rating policy and procedures.
Overrides should be specifically
identified, monitored, and analyzed to
evaluate their impact on the bank’s IRB
rating system.
S 2–1 Banks must identify obligor
defaults in accordance with the IRB
definition of default.
14. The consistent identification of
defaults is fundamental to any IRB risk
rating system. For IRB purposes, a
bank’s wholesale obligor is in default if,
for any wholesale exposure of the bank
to the obligor, the bank has:
• Placed the exposure on non-accrual
status consistent with the Call Report
Instructions or the Thrift Financial
Report (‘‘TFR’’) and the TFR Instruction
Manual;
• Taken a full or partial charge-off or
write-down on the exposure due to the
distressed financial condition of the
obligor; or
• Incurred a credit-related loss of 5
percent or more of the exposure’s initial
carrying value in connection with the
sale of the exposure or the transfer of
the exposure to the held-for-sale,
available-for-sale, trading account, or
other reporting category.
15. Partial charge-offs or write-downs
for reasons not related to the distressed
financial condition of the obligor do not
trigger the default definition. For
example, taking a write-down or chargeoff to reflect forgiveness of a minor fee
for relationship purposes unrelated to
financial distress does not trigger the
default definition.
16. An obligor in default remains in
default until the bank has reasonable
assurance of repayment and
performance for all contractual
principal and interest payments on all
exposures of the bank to the obligor
PO 00000
Frm 00012
Fmt 4701
Sfmt 4703
(other than exposures that have been
fully written-down or charged-off).
IV. Independence of the Wholesale Risk
Rating Process
S 2–2 Banks should demonstrate
that their wholesale risk rating
processes are sufficiently independent
to produce objective ratings.
17. Independence in the rating
process helps to ensure the integrity of
ratings. Banks can promote more
independence by implementing a
variety of controls and reporting
structures. For example, a bank could
structure its organizational reporting
lines so that the credit approval and the
rating assignment decisions are separate
from each other. Banks that separate the
credit approval process from the rating
assignment/review functions are often
better able to manage the conflicts that
arise between loan volume and credit
quality goals. Banks should be aware of
the full range of potential conflicts and
should develop effective controls to
mitigate any conflicts that might arise.
18. However, banks that choose to
maintain less separation in
organizational reporting lines between
credit approval and rating assignment
should strengthen controls and consider
conducting a post-closing review
process. A post-closing review provides
an independent review of a rating that
has been assigned by those who are not
fully independent of the approval
process. Any post-closing review, which
serves to ensure that the initial rating is
appropriate, should be conducted
shortly after a credit is originated. The
less independent the rating process is,
the more rigorous the post-closing
review should be.
19. Whether ratings integrity is
achieved by creating structural
independence in reporting lines or
through a combination of other control
processes, a bank should demonstrate
that its rating processes ensure integrity
in ratings throughout the economic
cycle.
V. IRB Risk Rating System Architecture
A. Two-Dimensional Risk-Rating System
S 2–3 IRB risk rating systems must
have two dimensions obligor default
and loss severity corresponding to PD
(obligor default), and ELGD and LGD
(loss severity).
20. Regardless of the type of rating
system(s) used by a bank, the IRB
framework imposes some specific
requirements. The first requirement is
that an IRB risk rating system must be
two-dimensional. Banks will assign
obligor ratings, which will be associated
with a PD. They will also assign either
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
a loss severity rating(s), which will be
associated with ELGD and LGD
estimates, or ELGD and LGD estimates
directly to each wholesale exposure.
21. The process of assigning the
obligor rating and either loss severity
ratings or ELGD/LGD values—hereafter
referred to as the rating system—is
discussed below, and the process of
quantifying the PD, ELGD and LGD risk
parameters is discussed in Chapter 4.
Obligor Ratings
S 2–4 Banks must assign discrete
obligor rating grades.
22. While banks may use models to
estimate probabilities of default for
individual obligors, the IRB framework
requires banks to group the obligors into
discrete rating grades. Each obligor
rating grade, in turn, must be associated
with a single PD.
S 2–5 The obligor rating system
must rank obligors by likelihood of
default.
23. For example, if a bank uses a
rating system based on a 10-point scale,
with 1 representing obligors of highest
financial strength and 10 representing
defaulted obligors, rating grades 2
through 9 should represent groups of
ever-increasing risk. In a rating system
in which risk increases with the rating
grade, an obligor with a rating grade 4
is riskier than an obligor with a rating
grade 2, but need not be twice as risky.
S 2–6 Banks must assign an obligor
to only one rating grade.
24. As noted above, the IRB
framework requires that the obligor
rating be distinct from the loss severity
rating, which is assigned to the
wholesale exposure. The obligor rating
should focus on the obligor’s ability and
willingness to service any obligation
and to follow through on any
commitments it has with the bank to
avoid default. For example, in a 1-to-10
rating system, where risk increases with
the number rating grade, an otherwise
defaulted obligor with a fully cashsecured transaction should be rated
10—defaulted—regardless of the remote
expectation of loss on a specific
exposure. Conversely, a nondefaulted
obligor whose financial condition
warrants the highest investment grade
rating should be rated 1, even if the
bank’s transactions are subordinate to
other creditors and unsecured. Since the
obligor rating is assigned to the obligor
and not to its individual exposures, the
bank must ensure that all the exposures
to the same obligor bear the obligor’s
rating grade.
25. At the bottom of any IRB rating
scale is at least one default rating grade.
Once an obligor is in default on any
exposure to the subject bank, the obligor
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
rating grade associated with all of its
exposures to that bank will be the
default rating grade—even for those
exposures of the obligor that have not
triggered any element of the definition
of default.
Ratings Philosophy and Expected
Ratings Migration
S 2–7 A bank’s rating policy must
describe its ratings philosophy and how
quickly obligors are expected to migrate
from one rating grade to another in
response to economic cycles.
S 2–8 In assigning an obligor to a
rating grade, a bank should assess the
risk of obligor default over a period of
at least one year taking into account the
possibility of adverse economic
conditions.
26. The term rating philosophy is
used to describe how obligor rating
assignments are affected by a bank’s
choice of the range of economic,
business, and industry conditions that
are considered in the rating process. It
establishes the bank’s philosophy on the
manner in which it rates credits and the
scenarios under which ratings would be
expected to change. In assigning an
obligor rating grade, banks must
consider both the current risk
characteristics of the obligor and the
impact that adverse economic, business,
and industry conditions could have on
the obligor’s ability to repay; however,
nothing in this guidance requires any
specific rating philosophy be employed.
27. Rating grades should group
obligors that are expected to share
similar default frequencies. The rating
assignment for an obligor may be based
upon a combination of obligor-specific
(idiosyncratic) risk characteristics and
the general economic, business, and
industry (systematic) risk characteristics
or conditions that obligors in the rating
may experience.
28. The time horizon used for the
assignment of obligors to rating grades
should be one year or longer. The
obligor rating should reflect the
obligor’s ability as evidenced by its
financial capacity, as well as its
willingness to service any obligation
and to follow through on any
commitments it has with the bank to
avoid default. The time horizon chosen
for the rating assignment process should
be appropriate to the business line or
geography for which the respective
obligor rating system will be used.
29. That general description, however,
still leaves open different possible
implementations, depending upon what
range of future systematic risk
conditions the bank considers when
making a rating assignment and the
weight given to those conditions. In
PO 00000
Frm 00013
Fmt 4701
Sfmt 4703
9095
practice, it appears that most banks have
adopted a rating philosophy where an
obligor’s rating would have some
sensitivity to changes in economic
conditions. Regardless of the approach
taken, banks should document their
choice of economic, business, and
industry conditions considered in each
risk rating system and the expected
frequency of rating changes over
economic cycles. Such differences have
important implications for validation
and other aspects of the operation of
rating systems, and therefore should be
clearly articulated and well understood.
A bank should also understand the
effects of ratings migration on its riskbased capital requirements and ensure
that sufficient capital is maintained
during all phases of the economic cycle.
30. A bank’s ratings philosophy can
be empirically demonstrated through an
analysis of how its obligors migrate
across rating grades as economic and
industry conditions change. While
individual obligor ratings may change
due to changes in obligor-specific risk
characteristics, the average migration
observed through time is likely to reveal
how sensitive rating assignments are to
systematic risk changes. Rating systems
in which obligor ratings are more
closely linked at a given point in time
to particular economic conditions are
more likely to be associated with higher
overall average rates of rating migration
than are other systems. Ratings that
respond primarily to obligor-specific
(idiosyncratic) changes may be less
sensitive to changes in economic and
industry conditions, and be more stable
throughout the economic cycle.
Obligor-Rating Granularity
S 2–9 Banks must have at least
seven discrete obligor rating grades for
non-defaulted obligors and at least one
rating grade for defaulted obligors.
31. A risk rating system’s grades
should be sufficiently numerous to
ensure that management can
meaningfully differentiate risk in the
portfolio, without being so numerous
that they limit the system’s practical
use. To determine the appropriate
number of rating grades beyond the
minimum seven non-default rating
grades, each bank should perform its
own internal analysis.
S 2–10 Banks should justify the
number of obligor rating grades used in
its risk rating system and the
distribution of obligors across those
grades.
32. Some portfolios may have a
majority of obligors assigned to only a
few of the available rating grades. The
mere existence of a concentration of
exposures in a rating grade (or rating
E:\FR\FM\28FEN2.SGM
28FEN2
9096
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
grades) does not, by itself, reflect
weakness in a rating system. For
example, banks focused on a particular
type of lending, such as asset-based
lending, may lend to obligors having
similar default risk. Banks with focused
lending activities may use the minimum
number of obligor rating grades, while
banks with a broad range of lending
activities should have more rating
grades. However, banks with a high
concentration of obligors in a particular
rating grade should perform a thorough
analysis that supports such a
concentration.
33. A concentration of obligors in a
rating grade is inappropriate when the
financial strength of those obligors
varies considerably. If such is the case,
the following questions should be
answered:
• Are the criteria for each rating grade
clear? Are rating criteria too vague to
allow raters to make clear distinctions?
Ambiguity may be an issue throughout
the rating scale or it may be limited to
the most commonly used ratings.
• How diverse are the obligors? Is the
bank targeting a narrow segment of
obligors with homogeneous risk
characteristics?
• Are the bank’s internal rating
categories considerably broader than
those of other lenders?
Recognition of Implied Support
S 2–11 Banks may recognize
implied support as a rating criterion
subject to specific supervisory
considerations; however, banks should
not rely upon the possibility of U.S.
government financial assistance, except
for the financial assistance that the U.S.
government has legally committed to
provide.
34. Implied support is support from a
third party that is less than a legally
enforceable guarantee. Banks that use
implied support as a ratings criterion
typically rely on a wide range of
policies and procedures for its use. As
the impact of implied support
arrangements has typically been
difficult to quantify, the circumstances
under which banks use such
arrangements as a ratings criterion
should be limited.
35. Supervisors will assess the
appropriateness of a bank’s usage of
implied support as a ratings criterion. A
bank should recognize implied support
only if the following are true:
• The support is from a parent
corporation or sovereign; however,
banks should not rely upon the
possibility of U.S. government financial
assistance, except for the financial
assistance that the U.S. government has
legally committed to provide;
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
• The implied support provider is
rated investment grade by an NRSRO;
• The implied support is a factor only
in assigning an obligor rating, not a loss
severity rating;
• The final rating assigned to the
obligor reflects greater credit risk than
the rating assigned to the implied
support provider (the parent corporation
or sovereign);
• The bank has considered the
magnitude of the rating benefit accorded
from the recognition of implied support
and the bank has performed and
documented comprehensive due
diligence to assess the parent
corporation or sovereign’s willingness
and capacity to support the obligor. To
assess the willingness to support the
obligor, a bank may consider prior
situations where the support provider
has supported the obligor or other
obligors under similar circumstances,
extended credit to the obligor at
beneficial rates, or made large scale
investments of cash or resources in the
obligor. To assess capacity, a bank
should conduct a thorough analysis of
the financial position of the support
provider and its ability to provide
support including during periods of
financial stress;
• There is broad market recognition
of the implied support. This can be
evidenced through a number of market
indicators including situations where
the external ratings of the parent
corporation and subsidiary are closely
linked or the ratings of the parent or
sovereign reflect an expectation of
support. It could also include evidence
derived from traded credit spreads of
the parent and subsidiary;
• For a bank whose rating system
design incorporates external ratings as a
tool in assigning an internal rating, the
internal rating does not additionally
incorporate implied support when there
is evidence that the external rating has
already benefited from the assumption
of support;
• The bank has established a standalone rating for the obligor and
continues to monitor the stand-alone
rating throughout the term of the
exposure;
• The bank’s internal tracking
processes monitor the dollar volume of
credit exposures where implied support
is a material consideration in the rating
assignment; and
• The provision of significant implied
support to a subsidiary or subsidiaries is
incorporated into the parent
corporation’s obligor rating.
Loss Severity Ratings
S 2–12 Banks must have a loss
severity rating system that is able to
PO 00000
Frm 00014
Fmt 4701
Sfmt 4703
assign loss severity estimates (ELGD
and LGD) to each wholesale exposure.
36. The term loss severity rating
system refers to the method by which a
bank assigns loss severity estimates to
wholesale exposures. This assignment
can be accomplished through a loss
severity rating process or via direct
assignment to each wholesale exposure.
A wholesale exposure’s ELGD and LGD
estimates are expressed as a percentage
of the estimated EAD of the exposure.
Both the ELGD and the LGD are
required inputs into the IRB risk-based
capital formulas.
S 2–13 Banks should have empirical
support for their loss severity rating
system and the rating system should be
capable of supporting the quantification
of ELGD estimates (and LGD estimates
if approved for internal estimates).
37. ELGD and LGD analysis is in the
early stages of development compared
to default risk modeling. Over time,
banks’ methodologies are expected to
evolve. Longstanding banking
experience and existing research on
ELGD and LGD, while preliminary,
suggests that type of collateral (in terms
of liquidity and marketability),
collateral values, seniority, industry
position and whether an exposure is
secured or unsecured are the most
commonly used predictors of loss
severity.
38. Whether a bank assigns ELGD and
LGD values directly or, alternatively,
rates wholesale exposures and then
quantifies ELGD and LGD for the rating
grades, the bank should conscientiously
identify characteristics that influence
ELGD and LGD. Each of the loss severity
rating categories should be associated
with empirically supported ELGD and
LGD estimates. (Even though the
grouped exposures have common
characteristics and a common expected
ELGD and LGD, realized loss severity
for individual exposures may vary).
Loss Severity Rating/LGD Granularity
S 2–14 Banks must have a
sufficiently granular loss severity rating
system to group exposures with similar
estimated loss severities or a process
that assigns estimated ELGDs and LGDs
to individual exposures.
39. While there is no stated minimum
number of loss severity ratings, the
systems that provide ELGD and LGD
estimates must be granular enough to
separate wholesale exposures with
significantly varying estimated LGDs.
For example, a bank using a loss
severity rating-scale approach that has
credit products with a variety of
collateral packages or financing
structures should have more ELGD and
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
LGD rating grades than those banks with
fewer options in their credit products.
40. Like obligor rating grades, the
mere existence of an exposure
concentration in an ELGD or LGD rating
grade (or rating grades) does not, by
itself, signify a rating system’s
weakness. However, banks with a high
concentration within ELGD and LGD
rating grades should perform a thorough
analysis that supports such a
concentration.
B. Other Considerations
Rating Criteria
S 2–15 Rating criteria should be
written, clear, consistently applied, and
include the specific qualitative and
quantitative factors used in assigning
ratings.
41. Each obligor and loss severity
rating (including ratings with modifiers
such as + or ¥) should be defined. The
definitions should describe all
significant quantitative and qualitative
ratings criteria used to promote
consistent application of risk ratings.
The ratings should be sufficiently
transparent to allow replication by a
third party. This is particularly
important in expert-judgment rating
systems where establishing the
transparency of rating assignments is
more challenging. Without clearly
defined rating criteria, expert-judgment
rating systems are not sufficiently
transparent. A risk rating system with
vague criteria or one defined only by
PDs, ELGDs, or LGDs is neither
replicable nor transparent. Transparent
criteria promote accurate and consistent
ratings within and across business lines
and geographies, and permit the rating
process to be refined over time.
sroberts on PROD1PC70 with NOTICES
Use of External Rating Tools
42. Banks may use results from
external rating tools, such as vendor
default models or agency ratings, as
inputs into their internal rating
processes for obligors and wholesale
exposures. The validation standards in
this guidance apply to a bank’s use of
external rating tools as well as internal
ones. Therefore, banks should apply the
same level of rigor to their external tools
as to their internal tools. In addition,
any external rating tool employed
should be consistent with the
architecture of the bank’s IRB rating
systems. To verify this consistency, a
bank should analyze and understand:
• The predictive ability of the
external rating tool;
• The factors and criteria used by the
external rating tools to assign ratings;
and
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
• The expected effect of using the
external rating tool on the migration of
internal ratings.
43. Sole reliance on external rating
tools is not appropriate. Every rating
tool has limitations, and banks should
have a process to ensure that accurate
ratings are assigned despite such
limitations. How much additional
analysis is required will depend on the
exposure’s rating, relative size and
complexity. Banks should maintain data
on the critical factors underpinning an
external rating tool’s obligor or loss
severity ratings (as the banks would for
any rating assignment process).
Timeliness of Ratings
S 2–16 Risk ratings must be updated
whenever new material information is
received, but in no instance less than
annually.
44. A bank should have a policy that
ensures that obligor and loss severity
ratings reflect current information. That
policy should also specify minimum
financial reporting and collateral
valuation requirements. When loss
severity ratings or estimates depend on
collateral values or other factors that
change periodically, that policy should
take into account the need to update
these factors.
45. Banks’ policies may include an
alternative timetable for updating
ratings of exposures below a de minimis
amount that the bank determines has no
material impact on risk-based capital
levels. For example, some banks use
triggering events to prompt them to
update their ratings on de minimis
exposures rather than adhering to a
specific timetable.
Multiple Ratings Systems
46. A bank’s complexity and
sophistication, as well as the size and
range of products offered, will affect the
types and number of rating systems
employed. However, each risk rating
system should conform to the standards
in this guidance, must be validated for
accuracy and consistency, and should
be used consistently. Validation
exercises should produce evidence that
the ratings have been applied
consistently.
Chapter 3: Retail Segmentation Systems
Rule Requirements
Part III, Section 22(b)(1): A bank must
have an internal risk rating and
segmentation system that accurately and
reliably differentiates among degrees of
credit risk for the bank’s wholesale and
retail exposures.
Part III, Section 22(b)(3): For retail
exposures, a bank must have a system
PO 00000
Frm 00015
Fmt 4701
Sfmt 4703
9097
that groups exposures into segments
with homogeneous risk characteristics
and assigns accurate and reliable PD,
ELGD, and LGD estimates for each
segment on a consistent basis. The
bank’s system must group retail
exposures into the appropriate retail
exposure subcategory and must group
the retail exposures in each retail
exposure subcategory into separate
segments. The bank’s system must
identify all defaulted retail exposures
and group them in segments by
subcategories separate from nondefaulted retail exposures.
Part III, Section 22(b)(5): The bank’s
retail exposure segmentation system
must provide for the review and update
(as appropriate) of assignments of retail
exposures to segments whenever the
bank receives new material information,
but no less frequently than quarterly.
I. Overview
1. This chapter describes the design
and operation of an IRB retail
segmentation system. An IRB retail
segmentation system groups retail
exposures into segments with
homogeneous risk characteristics within
each of the three retail exposure
subcategories (residential mortgage
exposures, qualifying revolving
exposures (QRE), other retail
exposures). Examples of segmentation
techniques include the use of obligor
(such as income and past credit
performance) and exposure (such as
product type and loan-to-value)
characteristics; or grouping loans by
similar estimated default rates and
estimated loss severities. The
segmentation system used for IRB will
often differ from segmentation used for
other purposes, such as for marketing
and scorecards. The retail risk
parameter estimates that determine riskbased capital requirements are assigned
at the segment level.
2. The retail IRB framework provides
banks substantial flexibility to use the
retail segmentation that is most
appropriate for their activities, subject
to the following broad principles:
• Differentiation of risk—
Segmentation should provide
meaningful differentiation of risk.
Accordingly, in developing the
segmentation system, banks should
select risk drivers that separate risk
distinctly and consistently over time.
• Reliable risk characteristics—
Segmentation uses borrower risk
characteristics and loan-related risk
characteristics that reliably differentiate
a segment’s risk from that of other
segments and that perform consistently
over time.
E:\FR\FM\28FEN2.SGM
28FEN2
9098
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
• Consistency—The risk drivers used
to segment exposures must be consistent
with the predominant risk
characteristics the bank uses to measure
and manage credit risk.
• Accuracy—The segmentation
process should generate segments that
separate exposures by realized
performance. It should be designed so
that actual long-run outcomes closely
approximate the retail risk parameters
estimated by the bank.
3. Defaulted retail exposures must be
segmented separately from nondefaulted exposures. In addition, retail
segments should not cross national
jurisdictions unless the bank can
demonstrate that the exposures in the
different jurisdictions have
homogeneous risk characteristics.
II. Definition of Default
S 3–1 Banks must use the IRB
definition of default when identifying
defaulted retail exposures.
4. For retail exposures, banks must
use the following definition of default
for its IRB system: A retail exposure of
a bank is in default if:
• The exposure is 180 days past due,
in the case of a residential mortgage
exposure or revolving exposure;
• The exposure is 120 days past due,
in the case of all other retail exposures;
or
• The bank has taken a full or partial
charge-off or write-down of principal on
the exposure for credit related reasons.
5. The exposure remains in default
until the bank has reasonable assurance
of repayment and performance for all
contractual principal and interest
payments on the exposure.
6. For retail exposures, the definition
of default is applied to a particular
exposure rather than to the obligor. That
is, default by an obligor on one
obligation would not require a bank to
consider all other obligations of the
same obligor in default.
III. Retail Segmentation Architecture
sroberts on PROD1PC70 with NOTICES
A. Criteria for Retail Segmentation
S 3–2 Banks must first place
exposures into one of the three retail
exposure subcategories (residential
mortgage, QRE, and other retail). Banks
must then separate exposures into
segments with homogeneous risk
characteristics.
S 3–3 A retail segmentation system
must produce segments that accurately
and reliably differentiate risk and
produce accurate and reliable estimates
of the risk parameters.
7. While banks have considerable
flexibility in determining retail
segments, they should consider factors
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
affecting the risk characteristics of both
borrowers and loans when determining
segmentation criteria. Statistical
modeling, expert judgment, or some
combination of the two may determine
the most relevant risk drivers.
8. Examples of acceptable approaches
to segmentation include:
• Segmenting exposures by common
risk drivers that are relevant and
material in determining the loss
characteristics of a particular retail
product. For example, a bank may
segment mortgage loans by LTV band,
age from origination, geography, and/or
origination channel.
• Segmenting exposures by common
risk drivers that are relevant and
material in determining the loss
characteristics of a particular borrower
population. For example, a bank may
segment by credit bureau score bands,
behavior score bands, and/or
delinquency status. In the case of
mortgage products, more borrower
information may be available and a bank
could include the debt-to-income ratio,
current income, and/or years at present
location.
• Segmenting by grouping exposures
with similar estimated loss
characteristics, such as expected average
loss rates, expected default rates, or
expected loss severity rates. Some banks
have developed models that rank order
default risk or generate an estimated
default rate, loss severity, and/or
exposure at default for individual
exposures. A bank could use such
estimates as criteria in their
segmentation system.
9. Each retail segment will have an
estimated PD, ELGD, LGD, and EAD. In
some cases, it may be reasonable to use
the same risk parameter estimates for
multiple segments. This may occur
more frequently for bank estimates of
ELGD and LGD as banks may have less
robust historical data for estimating
these IRB risk parameters. In such cases,
the bank should demonstrate that there
are no material differences in ELGD or
LGD among those segments. Over time,
supervisors expect banks to develop
more precise data and methodologies for
determining ELGD and LGD.
10. Data for certain retail loans are
sometimes missing or incomplete, such
as data for purchased loans or loans
originated with policy exceptions. The
overall segmentation system should
adequately capture the risk associated
with these loans based on the data
available. In some cases, missing or
incomplete data itself may be a
significant risk factor used for
segmentation purposes.
11. A bank should substantiate the
degree of granularity in its segmentation
PO 00000
Frm 00016
Fmt 4701
Sfmt 4703
system and the distribution of exposures
across segments. (Here, ‘‘granularity’’ is
how finely the portfolio is segmented.)
12. Banks have flexibility in
determining the granularity of their
segmentation system. Each bank should
perform internal analysis to determine
how granular segments must be to group
homogeneous exposures. For example, a
bank using credit score ranges to
segment its portfolio should provide the
rationale for the ranges chosen.
13. A concentration of exposures in a
segment (or segments) does not, by
itself, reflect a deficiency in the
segmentation system. For example, a
bank may lend within a narrow risk
range and, therefore, have a smaller
number of segments than a bank that
lends across a wider spectrum of risk.
However, a bank with a high
concentration of exposures in a
particular segment will be expected to
show that the bank’s segmentation
criteria are carefully delineated and
well-documented. The bank should be
able to demonstrate that there is little
risk differentiation among the exposures
within the segment, and that the
segmentation method produces reliable
estimates for each of the risk
parameters. A bank should not
artificially group exposures into
segments specifically to avoid the 10
percent LGD floor for mortgage
products. A bank should use consistent
risk drivers to determine its retail
exposure segmentations and not
artificially segment low LGD loans with
higher LGD loans to avoid the floor.
S 3–4 Banks should clearly define
and document the criteria for assigning
an exposure to a particular retail
segment.
14. Banks should choose risk drivers
that accurately reflect an exposure’s
risk. Risk drivers selected must be
consistent with risk measures used for
credit risk management.
15. The method of segmentation will
help determine the risk parameters, as
well as which techniques should be
used for validation and which control
mechanisms will best ensure the
integrity of the segmentation system.
Described below are some techniques
for determining whether the
segmentation was done appropriately:
• Statistical Models—Banks may
incorporate results of statistical
underwriting models or scoring models
directly into their segmentation process.
For example, a bank may use a custom
or bureau credit score as a segmenting
criterion. In that case, the bank should
support the choice of the score, and
should demonstrate that it has adequate
controls for the credit scoring system.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
• Inputs to Models—Banks may
incorporate the variables from a
statistical model into their segmentation
processes. For example, a bank that uses
a statistical model to predict losses for
its mortgage portfolio could select some
or all of the major inputs to that model,
such as debt-to-income and LTV, as
segmentation criteria. As part of its
validation and controls for the
segmentation system, the bank should
provide an appropriate rationale and
empirical evidence for its choice of the
particular set of risk drivers from the
loss prediction model.
• Expert Judgment—Banks may
combine expert judgment with
statistical analysis in determining
segmentation criteria. However, expert
judgment must be well-documented and
supported by empirical evidence
demonstrating that the chosen risk
factors are reliable predictors of risk.
16. A bank should be able to
demonstrate a strong relationship
between IRB risk drivers and
comparable measures used for credit
risk management. Specifically, a bank
should demonstrate that the
segmentation system differentiates
credit risk across the portfolio and
captures changes in the level and
direction of credit risk using measures
that are similar to those used in credit
risk management. For example, even if
a bank uses custom scores for
underwriting or account management,
generic bureau scores may be used for
IRB segmentation purposes if the bank
can demonstrate a relationship between
these measures.
17. Banks should have clear policies
to define the criteria for modifying the
segmentation system. Changes in the
segmentation system should be
documented and supported to ensure
consistency and historically comparable
measurements.
B. Assignment of Exposures to Retail
Segments
S 3–5 Banks should develop and
document their policies to ensure that
risk-driver information is sufficiently
accurate and timely to track changes in
underlying credit quality and that the
updated information is used to assign
exposures to appropriate segments.
18. Under the IRB framework, a bank
initially assigns retail exposures to
segments based on the risk-driver
information available at the time of
origination or acquisition. The bank
should then continue to monitor the risk
characteristics of the exposures and
assign exposures to appropriate
segments based on refreshed
information gathered by the bank as part
of its monitoring process.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
19. In accordance with industry
practices in retail credit risk
management, a bank should have a welldocumented policy on monitoring and
updating information about exposure
risk characteristics. The policy should
specify the risk characteristics to be
updated and the frequency of updates
for each product type or sub-portfolio
within its retail portfolio. Updating of
relevant information on these risk
drivers should be consistent with sound
risk management.
S 3–6 The bank’s retail exposure
segmentation system must provide for
the review and update (as appropriate)
of assignments of retail exposures to
segments whenever the bank receives
new material information, but no less
frequently than quarterly.
20. Decisions regarding the frequency
of obtaining refreshed information
should reflect the specific risk
characteristics of individual segments
and/or the potential impact on riskbased capital levels. The frequency of
updates will generally vary for different
risk drivers and for different products.
The underlying principle is that, in
every estimation period, retail
exposures are assigned to segments that
accurately reflect their risk profile and
produce accurate risk parameters.
21. Banks should assess their
approach to updating information and
migrating exposures when validating
the segmentation process.
Chapter 4: Quantification
Rule Requirements
Part III, Section 22(c)(1): The bank
must have a comprehensive risk
parameter quantification process that
produces accurate, timely, and reliable
estimates of the risk parameters for the
bank’s wholesale and retail exposures.
Part III, Section 22(c)(2): Data used to
estimate the risk parameters must be
relevant to the bank’s actual wholesale
and retail exposures, and of sufficient
quality to support the determination of
risk-based capital requirements for the
exposures.
Part III, Section 22(c)(3): The bank’s
risk parameter quantification process
must produce conservative risk
parameter estimates where the bank has
limited relevant data, and any
adjustments that are part of the
quantification process must not result in
a pattern of bias toward lower risk
parameter estimates.
Part III, Section 22(c)(4): PD estimates
for wholesale and retail exposures must
be based on at least 5 years of default
data. ELGD and LGD estimates for
wholesale exposures must be based on
at least 7 years of loss severity data, and
PO 00000
Frm 00017
Fmt 4701
Sfmt 4703
9099
ELGD and LGD estimates for retail
exposures must be based on at least
´
5ayears of loss severity data. EAD
estimates for wholesale exposures must
be based on at least 7 years of exposure
amount data, and EAD estimates for
retail exposures must be based on at
least 5 years of exposure amount data.
Part III, Section 22(c)(5): Default, loss
severity, and exposure amount data
must include periods of economic
downturn conditions, or the bank must
adjust its estimates of risk parameters to
compensate for the lack of data from
periods of economic downturn
conditions.
Part III, Section 22(c)(6): The bank’s
PD, ELGD, LGD, and EAD estimates
must be based on the definition of
default [in the NPR].
Part III, Section 22(c)(7): The bank
must review and update (as appropriate)
its risk parameters and its risk
parameter quantification process at least
annually.
Part III, Section 22(c)(8): The bank
must at least annually conduct a
comprehensive review and analysis of
reference data to determine relevance of
reference data to bank exposures,
quality of reference data to support PD,
ELGD, LGD, and EAD estimates, and
consistency of reference data to the
definition of default contained [in the
NPR].
I. Overview
1. Quantification is the process of
assigning numerical values to the key
risk parameters that are used as inputs
to the IRB risk-based capital formulas.
This chapter provides guidance on the
quantification process for wholesale and
retail exposures. For both wholesale and
retail portfolios these risk parameters
are the probability of default (‘‘PD’’),
expected loss given default (‘‘ELGD’’),
loss given default (‘‘LGD’’), and
exposure at default (‘‘EAD’’). Wholesale
exposures also require determination of
the exposure’s maturity (‘‘M’’). Risk
parameters are assigned to each
exposure for wholesale portfolios and to
each segment for retail portfolios.
Specific quantification issues related to
counterparty credit risk transactions,
equity exposures, and securitization
exposures are described in Chapters 9,
10, and 11, respectively.
2. In any discussions of the IRB
system, the risk rating or segmentation
system design and the quantification
process should be considered together.
This chapter focuses on quantification
given an existing risk rating or
segmentation system design, as covered
in Chapters 2 and 3, respectively.
3. Section I establishes an organizing
framework for considering
E:\FR\FM\28FEN2.SGM
28FEN2
9100
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
quantification and develops general
standards that apply to the entire
process. Sections II, III, and IV cover
specific supervisory standards that
apply to PD, ELGD and LGD, and EAD
respectively. The maturity risk
parameter receives somewhat different
treatment in section V, since it is much
less dependent on statistical estimates
from historical data. Special cases and
applications for quantification are
covered in section VI.
sroberts on PROD1PC70 with NOTICES
A. Stages of the Quantification Process
4. For each risk parameter,
quantification may be broken down into
four stages: obtaining historical
reference data; estimating the
relationship between risk characteristics
and the risk parameters in the reference
data; mapping the correspondence
between risk characteristics in the
reference data and those in the existing
portfolio; and applying the relationship
between risk characteristics and risk
parameters to the existing portfolio. An
evaluation of a bank’s quantification
process focuses on the overall adequacy
of the bank’s approach, including an
understanding of how the bank breaks
down the quantification process where
applicable into the four stages.
5. Banks are not required to separate
the quantification process into four
stages. The four stages are a conceptual
framework, and may serve as a useful
analytical and implementation guide.
Readers may find it helpful to refer to
the appendices to this chapter, which
illustrate how this four-stage framework
can be applied to quantification
approaches in practice. The four stages
of quantification are described below.
Data—First, the bank constructs a
reference data set, or source of data,
from which risk parameters can be
estimated.
A ‘‘reference data set’’ consists of a set
of exposures and their associated
identifying information and risk
characteristics. Reference data sets may
include internal data, external data, or
pooled data from different internal and
external sources. Internal data refers to
any data on exposures held in a bank’s
existing or historical portfolios,
including data elements or information
provided by third parties (e.g., data from
a credit bureau about one’s own
customers would be considered internal
data). External data refers to information
on exposures held outside the bank’s
portfolio, including aggregate industry
trends or economic data.
The reference data is described using
a set of observed characteristics;
consequently, the data set contains
variables that can be used for this
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
characterization. For example, risk
characteristics for wholesale exposures
include obligor and exposure
characteristics related to the risk
parameters, such as agency debt ratings,
risk ratings, financial measures,
geographic regions, and the economic
environment and industry/sector trends
during the time period of the reference
data. Risk characteristics for retail
exposures include borrower and loan
characteristics, such as loan terms, loanto-value, credit score, income, debt-toincome, or payment history. A bank
may use more than one reference data
set to improve the robustness or
accuracy of the risk parameter estimates.
Estimation—Second, the bank applies
statistical techniques to the reference
data to determine the relationship
between risk characteristics and the
estimated risk parameter.
The result of this step is a model that
ties descriptive risk characteristics, or
drivers, to the risk parameter estimates.
In this context, the term ‘‘model’’ is
used in the most general sense; a model
may be a simple calculation of historical
averages or a more sophisticated
approach based on advanced statistical
techniques (e.g., regression). This step
may include adjustments for differences
between the IRB definition of default
and the default definition in the
reference data set, as well as
adjustments for data limitations.
More than one estimation technique
may be used to generate estimates of the
risk parameters, especially if there are
multiple sets of reference data or
multiple sample periods. If multiple
estimates are generated, the bank should
have a clear and consistent policy for
reconciling and combining them into a
single estimate at the application stage.
Mapping—Third, the bank creates a
link between its portfolio data and the
reference data based on corresponding
characteristics.
Variables or characteristics used in
the estimation model are mapped, or
linked, to the variables that are available
for the existing portfolio. In order to
map effectively, a bank should have
reference data characteristics that allow
the construction of rating and
segmentation criteria that are consistent
with those used on the bank’s portfolio.
An important element of mapping is
making adjustments for differences
between reference data sets and the
bank’s exposures. The bank should map
each reference data set and each
combination of risk characteristics used
in any estimation model.
PO 00000
Frm 00018
Fmt 4701
Sfmt 4703
Application—Fourth, the bank applies
the relationship estimated for the
reference data to the actual portfolio
data.
The ultimate aim of quantification is
to attribute a PD, ELGD, LGD, and EAD
to each exposure within the wholesale
portfolio and to each segment of
exposures in the retail portfolio. If
multiple data sets or estimation
methods are used, the bank should
adopt a means of combining the various
estimates at this stage.
For wholesale portfolios, this step
may include adjustments to default rates
or loss rates to ‘‘smooth’’ the final risk
parameter estimates. If the estimates are
applied to individual transactions, the
bank must in some way aggregate the
estimates at the rating level.
For retail portfolios, the bank may
simply apply the risk parameter
estimates derived for each segment to
the corresponding segment in the
existing portfolio. However the
application stage could be more
complex if multiple data sets or
estimation methods were used or if the
mapping stage required adjustments.
6. The four-stage quantification
process described above outlines a
framework that a bank may use for
assigning numerical values to the IRB
key risk parameters. Whether the
quantification process explicitly
delineates each aspect of the four stages
of quantification for PD, ELGD, LGD,
and EAD, or the quantification process
is more integrated, each aspect of the
quantification process for the key risk
parameters should be justified,
documented, and subject to monitoring
and follow-up.
7. A number of examples are given in
this chapter to aid exposition and
interpretation of specific quantification
issues. None of the examples is
sufficiently detailed to incorporate all of
the considerations discussed in this
chapter. Moreover, technical progress in
the area of quantification is rapid. Thus,
banks should not interpret a specific
example that is consistent with the
standard being discussed, and that
resembles the bank’s current practice, as
being a ‘‘safe harbor.’’ Banks should
consider this guidance in its entirety
when determining whether systems and
practices are adequate.
B. General Standards for Sound
Quantification
8. Several core principles apply to the
overall quantification process of risk
rating and segmentation systems. Those
principles and the general standards
that reflect them are discussed in this
introductory section. Other supervisory
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
standards specific to particular stages or
risk parameters are discussed in later
sections.
9. The risk parameters should be
estimated in a manner consistent with
sound credit risk management practices
and the IRB standards. In addition, a
bank should have processes to ensure
that these estimates are independently
and thoroughly validated and the results
reported to senior management.
10. Supervisory evaluation of the
quantification process requires
consideration of all the standards in this
chapter, both general and specific.
Particular practical approaches to
quantification may be highly consistent
with some standards, and less so with
others. In assessing a bank’s approach,
supervisors will weigh the approach’s
strengths and weaknesses using all the
supervisory standards in this chapter as
a guide.
S 4–1 Banks should have a fully
specified process covering all aspects of
quantification (reference data,
estimation, mapping, and application).
The quantification process should be
fully documented.
11. A fully specified quantification
process should describe how all four
stages (data, estimation, mapping, and
application) are addressed for each
parameter. The linkages between the
bank’s quantification and validation
processes should also be explicit.
12. An important aspect of the
quantification process is the appropriate
capture and analysis of developmental
evidence in support of techniques
applied by the bank. A few examples of
such developmental evidence are:
• For reference data—a discussion of
how the best available data are chosen
from various sources so that the data
include periods of economic downturn
conditions and the portfolio in the
reference data is comparable to the
existing portfolio;
• For estimation—discussions of why
the bank uses various averaging
methods on historical data, how it
specifies downturn estimates, or how it
develops predictive models;
• For mapping—discussions of how
risk characteristics in the reference data
compare with those in the existing
portfolio; and
• For application—a discussion of the
combination of multiple estimates,
aggregations of estimates across
exposures, or any judgmental
adjustments.
13. Major decisions in the design and
implementation of the quantification
process should be justified and fully
documented. Documentation promotes
consistency and allows third parties to
review and replicate the entire process.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
S 4–2 Risk parameter estimates
must be based on the IRB definition of
default. At least annually, a bank must
conduct a comprehensive review and
analysis of reference data to determine
the relevance of reference data to the
bank’s exposures, quality of reference
data to support risk parameter
estimates, and consistency of reference
data to the IRB definition of default.
14. Many different sources of data
might be appropriately used in an
estimation model or the quantification
process. Regardless of the data used to
derive the risk parameter estimates,
such estimates must reflect the IRB
definition of default.
15. As part of its annual review of its
reference data, a bank must assess the
consistency of the reference data with
the IRB definition of default. In the early
stages of IRB implementation, a bank’s
internal historical reference data might
not include an element that fully
conforms to the IRB definition of
default. In addition, a bank may change
its policies regarding charge-offs or nonaccrual. For any internal or external
historical data that are not fully
consistent with the IRB definition of
default, a bank must still ensure that the
derived risk parameter estimates are
based on the IRB definition of default.
This will likely entail making
conservative adjustments to reflect data
discrepancies; larger discrepancies
require greater conservatism.
16. To support quantification and
validation of the risk parameter
estimates, one of the elements in a
bank’s internal data should conform to
the IRB definition of default. The
collection of internal data is discussed
in Chapter 6 (Data Management and
Maintenance) of this guidance and
validation is discussed in Chapter 7
(Controls and Validation).
S 4–3 Banks must separately
quantify wholesale risk parameter
estimates before adjusting the estimates
for the impact of eligible guarantees
and eligible credit derivatives.
17. As discussed in Chapter 5, the
benefits of wholesale credit risk
mitigation from eligible guarantees and
eligible credit derivatives are recognized
through adjustments to ratings and risk
parameter estimates. However, banks
must perform the basic quantification of
the risk parameters separately from the
process of determining an adjustment to
an exposure’s risk rating assignment
resulting from the credit protection or
any adjustments to the risk parameters
for recognition of the credit protection.
In quantifying the impact of the credit
protection, banks may make necessary
adjustments to the reference data or
mapping process, or may estimate the
PO 00000
Frm 00019
Fmt 4701
Sfmt 4703
9101
impact of the credit protection on the
bank’s existing portfolio. Chapter 5
deals with recognized types of
contractual arrangements and
instruments that transfer all or part of an
exposure’s credit risk from the bank to
one or more third parties.
S 4–4 Banks may take into account
the risk-reducing effects of guarantees
in support of retail exposures when
quantifying the PD, ELGD, and LGD of
the segment.
18. A bank may take into account the
risk reducing effects of guarantees in
support of retail exposures in a segment
when quantifying the PD, ELGD, and
LGD of the segment, but only for
guarantees of individual retail
exposures, or guarantees covering all or
a pro rata portion of all contractual
payments due on a group of retail
exposures. (See Example 5 in Appendix
B of this chapter.) Insurance in support
of retail exposures, for example private
mortgage insurance (‘‘PMI’’), generally
would be considered a guarantee.
19. The risk parameters for exposures
covered by retail guarantees should be
based on historical experience of
exposures with similar coverage and the
expected benefits of the guarantees on
future performance. Segments benefiting
from retail guarantees are still subject to
applicable regulatory floors, such as the
10 percent LGD floor for residential
mortgages.
20. Retail guarantees may affect PD or
ELGD and LGD. In most cases, and in
particular for PMI, banks reflect the
effects of retail guarantees primarily
through the quantification of ELGD and
LGD. For retail exposures, banks may
directly reflect the expected benefit of
retail guarantees in the risk parameters,
in contrast to the two-step process that
is required for guarantees of wholesale
exposures.
21. Banks should monitor and assess
potential counterparty risk for
guarantees of retail exposures through
tracking and analyzing the financial
strength of each guarantor. When
reflecting guarantees of retail exposures
in PD or ELGD and LGD estimates banks
should take into account the credit
quality of the guarantor. Other things
equal, PD or ELGD and LGD estimates
should be increased if the credit quality
of the guarantor deteriorates. In
addition, banks should consider the
potential for additional counterparty
risk during economic downturn
conditions.
22. Banks may also choose to
incorporate retail guarantee coverage
into their segmentation systems. For
example, mortgage loans without PMI
could be placed into different segments
than those with PMI.
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9102
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
23. Since there are a variety of
programs for retail guarantees that
provide differing types and levels of
coverage, banks incorporating retail
guarantees into the IRB risk parameters
should ensure that their systems are
sufficient to estimate the expected
benefits based on the actual amount of
coverage within the existing portfolio,
regardless of whether or not they
segment by coverage. This may require
exposure-by-exposure tracking over the
life of the exposure to accurately reflect
the expected benefits for different forms
of retail guarantees. Banks also should
develop appropriate reference data sets
that can be used to estimate the effect
on PDs or ELGDs and LGDs for
exposures that are covered by retail
guarantees.
S 4–5 Banks may only reflect the
risk-reducing benefits of tranched
guarantees of multiple retail exposures
by meeting the definition and
operational criteria for synthetic
securitizations.
24. Guarantees of multiple retail
exposures that do not cover all or a pro
rata portion of all contractual payments
due on the underlying exposures are
considered to be tranched. (See Example
5 in Appendix B of this chapter.)
25. A bank may obtain a reduction in
risk-based capital requirements in the
case of such tranched guarantees of
multiple retail exposures, but only
through applying the rules for
securitization exposures provided in the
NPR. To obtain any benefits, tranched
guarantees of multiple retail exposures
must satisfy all aspects of the definition
of synthetic securitization and comply
with all requirements for securitization
treatment in the NPR. (Also see Chapter
11 (Securitizations) for additional
guidance.)
26. In some cases, the determination
of the risk-based capital benefit for a
qualifying tranched guarantee will be
relatively straightforward. For example,
the securitization framework provides
three general approaches for
determining risk-weighted assets: The
ratings-based approach, the internal
assessment approach, and the
supervisory formula approach (‘‘SFA’’).
A bank can use the RBA if its exposure
is externally rated or has an inferred
rating. The SFA may be employed when
external or inferred ratings are not
available for tranching structures. (See
Chapter 11 for a more detailed
discussion of the applicability of the
various approaches in different
circumstances.)
S 4–6 At a minimum, the
quantification process and the resulting
risk parameters must be reviewed
annually and updated as appropriate.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
27. All material aspects of the
quantification process should be
reviewed annually, with adjustments
and enhancements made as needed. A
bank should have a well-defined policy
for reviewing and updating the
quantification design. New analytical
techniques and evolving industry
practice should be taken into account in
considering changes to quantification
techniques. The review should evaluate
the judgmental adjustments embedded
in the estimates; new data or evolving
industry practice may suggest a need to
modify those adjustments. Particular
attention should be given to any
changes that may have resulted in a
significant change in the composition of
exposures, such as new business lines,
material mergers or acquisitions, and
material divestitures, loan sales or
securitizations. Such changes, which
raise questions about the
appropriateness of risk ratings, the
segmentation system, and the
quantification process, should trigger a
review and revisions as needed.
28. The review process is particularly
relevant for the reference data stage
because new data become available
frequently. A bank must ensure
continued applicability of the reference
data to its existing exposures, and the
reference data should reflect the types of
exposures found in the bank’s existing
portfolio. Reference data must be of
sufficient quality to support PD, ELGD,
LGD, and EAD estimates. A welldefined and documented process should
be in place to ensure that the reference
data are updated as frequently as
needed, as fresh data become available
or as portfolio changes make necessary.
All data sources, characteristics, and the
overall processes governing data
collection should be fully documented,
and that documentation should be
readily available for review.
29. At a minimum, risk parameter
estimates must be reviewed at least
annually, and the process for doing so
should be documented in the bank’s
policy. If the review reveals that risk
parameter estimates should be updated,
the updates should be performed
promptly and documented clearly. New
data should be incorporated into the
risk parameter estimates using a welldefined process to correctly merge data
sets over time, and the frequency of risk
parameter updates and the process for
doing so should be justified and
documented in bank policy.
30. The risk parameter estimates may
be particularly sensitive to changes in
the way banks manage exposures. When
such changes take place, the bank
should consider them in all steps of the
quantification process. Changes likely to
PO 00000
Frm 00020
Fmt 4701
Sfmt 4703
significantly increase a risk parameter
value should prompt increases in the
risk parameter estimates. When changes
seem likely to reduce the risk parameter
value, estimates should be reduced only
after the bank accumulates a significant
amount of actual experience under the
new policy to support the reductions.
31. The mappings of the existing
portfolio to the reference data used in
estimation should also be reviewed with
sufficient frequency to ensure that the
mappings continue to be appropriate.
Mappings should be reaffirmed at least
annually for both internal and external
reference data, regardless of whether the
risk rating or segmentation systems have
undergone explicit changes during the
period covered by the reference data set,
because the relationship between a
bank’s existing exposures and the
reference data may change over time.
For example, in wholesale portfolios the
relationships between internal rating
grades and external agency ratings may
change during the economic cycle
because of differences in expected rating
migration. When significant
characteristics have been changed,
added, or dropped, the characteristics of
the existing exposures should be newly
mapped to the characteristics of the
reference data.
S 4–7 Quantification should be
based upon the best available data for
the accurate estimation of the risk
parameters.
32. Banks should always use the best
available data when quantifying the risk
parameters. In order to derive accurate
risk parameter estimates, banks should
incorporate relevant data, whether such
data are internal or external. One
objective of the IRB framework is to
encourage further development of credit
risk quantification techniques.
Improving the quality, capture, and
retention of internal data is an essential
prerequisite for such advances.
33. Internal data refers to any data on
exposures existing or historically held
in a bank’s own portfolio, including
historical exposure and risk
characteristics as well as exposure
performance—even if some data
components are purchased from outside
sources. For example, property
appraisals purchased from a third-party
appraiser for updating the LTVs of a
bank’s mortgage exposures are
considered internal data. However, if a
bank purchases data on risk
characteristics or performance for
exposures outside of its own portfolio,
these data would be considered
external.
34. A bank should incorporate
relevant external data for quantifying
risk parameters if internal data are
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
insufficient to produce accurate and
appropriate estimates. For example, the
use of external data may be necessary
when internal data do not provide
adequate coverage of economic
downturns or when there are significant
data gaps, either for periods of time or
for the types of exposures in the bank’s
existing portfolio. Banks should
demonstrate that all data used to
quantify risk parameters are relevant.
35. A bank should have a process for
vetting potential reference data, whether
the data are internal or external. The
vetting should assess whether the data
are sufficiently accurate, sufficiently
complete, sufficiently representative,
and sufficiently informative of the
bank’s existing exposures.
36. Furthermore, a bank should have
adequate data to estimate risk
parameters for all exposures on the
books, even if some are likely to be sold
or securitized before their long-term
credit performance can be observed.
S 4–8 The sample period for the
reference data must meet the minimum
length for each risk parameter by
portfolio.
S 4–9 The reference data must
include periods of economic downturn
conditions, or the parameter estimates
must be adjusted to compensate for the
lack of data from such periods.
37. For PD estimation, a minimum of
five years of data are required for all
portfolios. For ELGD, LGD and EAD
estimation, a minimum of seven years of
data are required for wholesale
portfolios, and five years of data are
required for retail portfolios.
38. This requirement for a minimum
of five or seven years of data should not
be taken to imply that reference data
sets of this length are optimal. The range
of conditions covered by the sample
period may be as important as its length.
Specifically, lack of inclusion of periods
of economic downturn conditions could
bias PD, ELGD, LGD, or EAD estimates
downward and lead to unjustifiably
lower risk-based capital requirements.
39. If a bank’s reference data do not
include periods of economic downturn
conditions, the bank must adjust its risk
parameter estimates to compensate for
the lack of these data. Given the
particular importance of periods of
economic downturn, a bank may choose
to augment an existing reference data set
with additional data from such a period
without including all of the intervening
years, if the overall data set satisfies
required minimums, otherwise covers
the appropriate range of economic
conditions and is appropriate for the
bank’s existing portfolio. Alternatively,
a bank may draw more heavily on subsamples of its internal portfolio (for
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
example, particular MSAs or geographic
regions) that experienced economic
downturn periods, or use appropriate
external data. However, the bank should
justify the exclusion of available
internal data for portions of its portfolio
and any inclusion of alternative internal
or external data sources, as well as its
weighting assumptions.
40. The minimum data requirement
may be met using internal data, external
data, or pooled data combining internal
data with similar data from other
sources. However, as noted above, the
minimum sample period for reference
data should not be construed as
generally providing optimum results. A
longer sample period usually fosters
more robust estimation; for example, a
longer sample will include more default
observations for ELGD, LGD or EAD
estimation. Banks should consider the
use of additional data when more than
the minimum length of historical data is
available. However, the potential
increase in precision afforded by a
larger sample should be weighed against
the potential for diminished
comparability of older data to the
existing portfolio; striking the correct
balance is a matter of judgment.
Reference data must not differ
systematically from the existing
portfolio in ways that seem likely to be
related to default risk, loss severity, or
exposure at default.
S 4–10 Banks should clearly
document how they adjust for the
absence of significant data elements in
either the reference data set or the
existing portfolio.
41. Some exposures in the reference
data set and the existing portfolio will
have missing data elements, some of
which are important factors for
measuring risk. Banks may use a variety
of statistical methods to impute values
for the missing factors—provided these
factors are sufficiently correlated to
known information about the exposure.
Expertise is required to judge whether
such correlations can be established.
Regardless of the approach and level of
sophistication, the bank should have a
clear and well-documented process
describing how it treats missing data
elements in the estimation and mapping
stages.
42. For example, in the development
of a default model, missing data
elements can be imputed and the
estimates of the missing data elements
input to the model. However, if
particular data elements are missing on
significant portions of the population,
this may justify the estimation of
separate models where data elements
are missing.
PO 00000
Frm 00021
Fmt 4701
Sfmt 4703
9103
S 4–11 Judgmental adjustments to
risk parameter estimates, either
upward or downward, may be an
appropriate part of the quantification
process, but must not result in an
overall bias toward lower risk
parameter estimates.
43. Judgment will inevitably play a
role in the quantification process and
may materially affect the estimates.
Judgmental adjustments to estimates are
often necessary because of some
limitations on available reference data
or because of inherent differences
between the reference data and the
bank’s existing exposures. The bank
must ensure that adjustments are not
biased toward optimistically low risk
parameter estimates. This standard does
not prohibit individual adjustments that
result in lower estimates of risk, because
both upward and downward
adjustments are expected. Individual
adjustments are less important than
broad patterns; consistent signs of
judgmental decisions that lower
parameter estimates materially may be
evidence of bias. The bank should also
ensure that large judgmental
adjustments are well justified and
infrequent, as frequent large
adjustments could indicate a problem
with the rating methodology.
44. The reasoning and empirical
support for any adjustments, as well as
the mechanics of the process, should be
documented. The bank should conduct
sensitivity analysis to demonstrate that
the adjustment procedure is not biased
toward reducing risk-based capital
requirements. The analysis should
consider the impact of any judgmental
adjustments on estimates and risk-based
capital requirements, and should be
fully documented.
S 4–12 Risk parameter estimates
should incorporate a degree of
conservatism that is appropriate for the
overall rigor of the quantification
process.
45. Estimated values of the risk
parameters should be as precise and
accurate as possible. However, estimates
are inherently subject to uncertainty and
potential error. Aspects of the
quantification process that are apt to
induce uncertainty and error include
model error, differences in default
definitions, errors in judgment, and data
deficiencies. A general principle of the
IRB framework is that the assumptions
and adjustments embedded in the
quantification process should reflect the
degree of uncertainty or potential error
inherent in the process.
46. In practice, a reasonable
estimation approach likely will result in
a range of defensible risk parameter
values. The choices of the particular
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9104
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
assumptions and adjustments that
determine the final estimate, within the
defensible range, should reflect the
uncertainty in the quantification
process. That is, the more uncertainty in
the process, the more risk-based capital
should be required.
47. The degree of conservatism should
be related to factors such as the
relevance and depth of the reference
data, the quality of the mapping, the
precision of the statistical estimates, and
the amount of judgment used
throughout the process. Conservative
methodologies should also be
considered for new products, such as
new residential mortgage products.
Margins of conservatism need not be
added at each step, as that could
produce an excessively conservative
result. Instead, the overall margin of
conservatism should adequately account
for all uncertainties and weaknesses.
Improvements in the quantification
process (use of better data, estimation
techniques, and so on) may allow risk
parameter estimates to become less
conservative over time.
S 4–13 Mapping should be based on
a comparison of available data
elements that are common to the
existing portfolio and each reference
data set.
48. Sound mapping practice uses
elements that are available in both the
existing portfolio and the reference data.
If a bank chooses to ignore certain
variables or to weight some variables
more heavily than others, those choices
should be supported. At least two kinds
of mapping challenges may arise:
• First, even if similarly named
variables are available in the historical
reference data and the existing portfolio
data, they may not be directly
comparable. Hence, a bank should
ensure that linked variables are truly
similar. Although adjustments to
enhance comparability can be
appropriate, they should be rigorously
developed and documented.
• Second, levels of aggregation may
vary. The bank’s information systems
for its existing exposures might supply
more detail. For example, to apply the
estimates derived from the reference
data, the portfolio data could be
regrouped to match the coarser
aggregation of the reference data.
49. Mapping should be consistent
with the risk rating and segmentation
systems. Levels and ranges of key
characteristics for each rating or
segment of the bank’s existing exposures
should approximate the values of
similar characteristics for the reference
data.
50. The standard allows for use of a
limited set of common variables that are
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
predictive of default, loss or exposure
risk, in part to permit flexibility in early
years when data may be far from ideal
for some portfolios. Nevertheless,
mapping exercises should aim to
provide the greatest possible assurance
that it is appropriate to apply the bank’s
estimation framework to the existing
portfolio of exposures. In instances
where banks rely on a limited set of
common variables, or where those
variables are not clearly identical, banks
should compensate by being more
conservative in other stages of the
quantification process.
S 4–14 A mapping process should
be established for each reference data
set and for each estimation model.
51. Banks should never assume that
the rationale for a mapping is selfevident. Even when reference data are
drawn from internal default and loss
experience, a bank should still link the
characteristics of the reference data with
those of the existing portfolio. The use
of internal data for reference data
purposes does not eliminate the need
for a mapping requirement because
changes in bank strategy or external
economic forces may alter the risk
characteristics or composition of the
portfolio over time, even within the
same wholesale obligor/loss severity
ratings or within the same retail
segments.
• For example, a wholesale rating
system that has been explicitly designed
to replicate external agency ratings may
or may not be effective in producing a
replica; formal mapping would be
performed. Indeed, in such a system the
kind of analysis involved in mapping
may help identify inconsistencies in the
rating process itself.
• Similarly for retail portfolios, even
if the bank uses the same segmentation
system over time, it should verify that
the risk factors behind the segmentation
capture the same types of borrowers in
today’s portfolio as they did in the
reference data. For example, a given
product offering may attract types of
customers that differ over time in ways
that affect risk but are not fully reflected
in the risk factors used for segmentation.
52. Banks often use multiple reference
data sets, and then combine the
resulting estimates to get a risk
parameter estimate for a wholesale
obligor/loss severity rating or for a retail
segment. A bank that does so should
conduct a rigorous mapping process for
each data set.
S 4–15 Banks that combine
estimates from internal and external
data or that use multiple estimation
methods should have a clear policy
governing the combination process and
PO 00000
Frm 00022
Fmt 4701
Sfmt 4703
should examine the sensitivity of the
results to alternative combinations.
53. To ensure that the best available
data are used to produce accurate risk
estimates a bank might combine data
from multiple sources and may use
multiple estimation methods. Banks
often combine internal data with
external data and use data from different
sample periods. For example, for a
wholesale portfolio a bank may combine
results from corporate-bond default
databases with results from equity-based
models of obligor default.
54. The manner in which the
estimates from multiple data sets or
estimation methods are combined is
extremely important, since different
combinations will produce different risk
parameter estimates. A bank should
investigate risk parameter estimates’
sensitivity to different ways of
combining data sets or combining
estimation methods. When results are
highly sensitive to how data or
estimates are combined, a bank should
make every effort to understand the
nature (reasons and implications) of the
instability (including use of statistical
tests) and choose among the alternatives
conservatively. A bank should
document why it selected the
combination techniques it did, and
these techniques should be subject to
appropriate approval and oversight by
management.
S 4–16 The aggregation of risk
parameter estimates from individual
exposures within rating grades or
segments should be governed by a clear
and well-documented policy.
55. Because different methods of
aggregation are possible, a bank should
have a clear and well-supported policy
regarding how aggregation should be
accomplished. Banks are required to
have a quantification system in which
the rating grades or segments are
homogeneous with regard to risk; in this
case, each obligor or exposure within
homogeneous grades or segments would
receive equal emphasis in
quantification.
56. For wholesale exposures, rating
grade-based mapping naturally
produces an average risk parameter
estimate by rating grade. Conversely,
obligor-based or loss severity-based
mappings require the aggregation of the
individual risk parameter estimates to
the rating grade level. The bank should
document this aggregation and compare
the results of alternative mappings.
These mappings are discussed in the
relevant PD and ELGD and LGD
sections.
57. If a bank uses a prediction model
for a retail portfolio that assigns a risk
parameter estimate to each exposure, it
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
should specify and document the
process by which it aggregates the
exposure-level risk parameters to assign
segment-level estimates.
II. Probability of Default (PD)
A. Data
58. For PD quantification, a minimum
of five years of data that include periods
of economic downturn conditions is
required; in the event that such data are
not available, a bank must adjust its PD
estimates to compensate for the lack of
data from periods of economic
downturn conditions. The data for PD
quantification should include relevant
characteristics of both defaulted and
non-defaulted exposures such as
information on the exposures at
different points in time, payment
history and ultimate disposition.
59. To estimate PD accurately and
support the determination of risk-based
capital requirements, a bank must have
a comprehensive reference data set with
observations that should be
representative of the bank’s existing
exposures. For wholesale portfolios the
reference data should map to obligors,
and for retail portfolios the reference
data should map to segments of the
existing portfolio. Clearly, the data set
used for estimation should be similar to
the portfolio to which such estimates
will be applied. The same comparability
standard applies to both internal and
external data sets.
60. To ensure ongoing applicability of
the reference data, a bank should assess
the characteristics of its existing
exposures relative to the characteristics
of exposures in the reference data. Such
variables might include qualitative and
quantitative information on the
exposure, internal and external
wholesale ratings and rating dates,
updated retail credit scores, corporate
lending relationships, retail product
type and loan terms, or geography. A
bank should maintain documentation
that fully describes all explanatory
variables in the data set, including any
changes to those variables over time. A
well-defined and documented process
should be in place to ensure that the
reference data are updated as frequently
as is practical, as fresh data become
available or portfolio changes make
necessary.
sroberts on PROD1PC70 with NOTICES
Example
A bank determines that the aggregate
national retail mortgage portfolio has
not experienced downturn conditions
during the time horizon for which
internal reference data are available.
However, regional sub-portfolios did
experience default rates that were
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
significantly higher than average during
the available data history. Data are
available from regional recessions in
New England (late 1980s and 1990
–1995), Texas (1983–1989), and
California (1991–1995). The bank
demonstrates that the drivers of
significantly higher default rates in
these regional recessions can be
extrapolated to the national portfolio,
and the bank justifies and documents
the resulting adjustments that would be
necessary in the mapping and
application stages.
B. Estimation
61. Estimation of PD is the process by
which risk characteristics of the
reference data are related to default rates
for each wholesale obligor or for each
retail segment in the reference portfolio.
The relevant risk characteristics that are
predictive of the likelihood of default
are referred to as ‘‘drivers of default.’’
Drivers for wholesale obligors might
include financial ratios, management
expertise and industry. Drivers for retail
segments might include product, loan
and borrower characteristics such as
loan-to-value, credit line utilization,
credit score, or delinquency status.
Also, a portfolio separator such as
geographic region, while not a direct
driver of default, might indicate
separate relationships of the PD to these
drivers by geographic region.
S 4–17 PD estimates must be
empirically based and must represent a
long-run average.
62. The PD is an estimate of the longrun average of one-year default rates for
wholesale rating grades, for segments of
non-defaulted retail exposures where
seasoning is not material, or for a
segment of non-defaulted retail
exposures in a retail exposure
subcategory for which seasoning effects
are not material.
63. PD estimates should represent
averages of one-year default rates over a
mix of economic conditions (including
economic downturn conditions)
sufficient to provide a reasonable
estimate of the one-year default rate
over the economic cycle for the rating
grade or retail segment as specified
above. If a bank uses the best available
historical data to estimate PD as the
mean of yearly realized default rates
over at least five years, and the bank can
empirically support that this period
includes economic downturn
conditions, then this is likely to
adequately represent long-run
experience. The emphasis should not
solely be on time span; the long-run
average concept captures the breadth, as
well as the length, of experience.
PO 00000
Frm 00023
Fmt 4701
Sfmt 4703
9105
64. Estimation generally should treat
data from different time periods
similarly. A bank choosing instead to
place greater relative weight on data
from particular time periods should
empirically demonstrate that doing so
produces a more accurate estimate of
future default behavior for each
wholesale rating grade and retail
segment in its existing portfolio. For
example, more recent data might be
given more weight in the estimation
process if the bank demonstrates that
doing so is more predictive of future
default behavior.
65. For a statistical model to
satisfactorily produce long-run PD
estimates, the reference data used in the
default model must meet the long-run
requirement. A model can be used to
relate risk drivers to the outcome—
default or non-default. Drivers might
include wholesale financial ratios, retail
borrower credit scores, loan terms,
economic conditions or industry
variables. Such a model must be
calibrated to capture the default
experience over a reasonable mix of
economic conditions. For example, a
Merton-style model’s estimate of
distance to default must be calibrated to
the default rate using long-run
experience. Whether a PD model is
developed internally or by a vendor, a
bank should verify that the model’s
results have been calibrated to a longrun average PD.
66. Adjustments that are part of the
PD estimation process must not result in
an overall bias toward lower risk
parameter estimates. The bank should
rigorously validate, justify, and
document such adjustments.
Example 1
If the bank’s internal data history does
not include any periods of economic
downturn, the bank may use external
data sources that include an economic
downturn period to adjust PD estimates
upward. The bank should justify the
assumption that the relationship
between the long-run average PD and
the risk drivers observed in the external
data applies to its portfolio. This
practice is consistent with this
guidance.
Example 2
A bank uses internal default
experience to estimate PDs for its
wholesale portfolio. However, the bank
has historically failed to recognize
defaults under the IRB default
definition. For example, exposures sold
at a material credit loss were not
captured as defaults. The realized PD
using the IRB definition would be
higher than that observed by the bank
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9106
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
(and LGD rates might differ as well). If
the bank made no adjustment for the
missing defaults, its practice would not
be acceptable.
S 4–18 Effects of seasoning, when
material, must be considered in the PD
estimates for retail portfolios.
67. A bank should determine whether
age since origination is a significant risk
factor for its retail exposures on the
balance sheet. If so, then seasoning may
be a material risk factor.
68. Material seasoning effects are
generally indicated when default rates
of a segment of retail exposures follow
a characteristic age profile, rising for the
first several periods following
origination. Seasoning of this type is
often significant for longer-maturity
consumer products such as residential
mortgages, but may also be important
for shorter-lived portfolios.
69. Additional common indicators of
material seasoning effects are large or
rapidly growing portfolio concentrations
of unseasoned exposures where age is a
significant risk factor. Such
concentrations could result from a high
growth rate of originations, unusually
high prepayment or attrition rates, or
high rates of sales or securitization of
seasoned exposures.
70. Even when age is a significant risk
factor and default rates follow a
characteristic age profile, seasoning
effects may not be material if a retail
exposure subcategory’s age distribution
is stable and the age distribution of the
portfolio is not concentrated in
unseasoned exposures.
71. The operational definition of
material seasoning effects for a segment
of retail exposures is that the annualized
cumulative default rate for that segment
materially exceeds the long-run average
of one year default rates.
72. If seasoning effects are material for
the retail exposure subcategory, banks
must use a PD that reflects a longer-run
horizon and provides adequate riskbased capital to cover potential credit
losses for its unseasoned segments in
that subcategory. Specifically, rather
than the best estimate of the long-run
average of 1-year default rates, the
higher PD that must be used is defined
as the estimated annualized cumulative
default rate of the segment over the
expected remaining life of the exposures
in the segment.3
73. Estimates of expected remaining
life should reflect a long-run average for
exposures in the segment; banks should
avoid undue volatility in their estimates
3 Expected remaining life is the average period
from today until an exposure of a particular type
will prepay, pay in full through normal
amortization, or default.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
caused by short-term fluctuations in
market factors (such as interest rates).
Also, banks may incorporate
discounting of cash flows into their
estimates of expected remaining life if
they so choose.
74. Even if the exposures are
potentially subject to material seasoning
effects, a bank may use the definition of
PD specified in Paragraph 62 of this
chapter for certain exposures that are
originated for sale or securitization,
provided that:
• The bank credibly demonstrates its
ability and intent to sell or securitize the
exposures within a 90-day time frame.
It can do so by:
—An established historical track
record of sales or securitizations for
similar exposures; or
—Commitments in the form of
forward sales agreements or other
contractual pipeline arrangements that
provide reasonable assurances that the
exposures will be sold within 90 days.
• The exposures are specifically
identified at origination.
• The bank monitors sales or
securitization market indicators,
including an assessment of counterparty
risk, to ensure its continuing ability to
sell or securitize these exposures in a
variety of market conditions.
Exposures that are not sold or
securitized within 90 days should be
assigned to segments that fully reflect
their risk profile based on their updated
risk characteristics.
75. Banks should note that under the
rules for securitization exposures in the
NPR, a bank may need to quantify the
IRB risk parameters for some securitized
exposures. For that quantification
process, a bank must meet the
quantification requirements for
estimating PDs for retail exposures held
on balance sheet, including the
requirements for estimating PD when
seasoning effects are material.
76. The account age profile may be
tracked by using account age as a
criterion in the segmentation system for
the retail exposures or as a predictive
variable in a PD quantification model.
Several methods can be used to account
for seasoning in the PD estimates. See
example 4 in Appendix B of this
chapter.
C. Mapping
77. Mapping is establishing a linkage
between the bank’s existing exposures
and the reference obligor data used in
the default model. Hence, mapping
involves identifying how drivers of
default for the existing exposures
correspond to the reference data’s
drivers. Wholesale drivers include
financial and nonfinancial variables,
PO 00000
Frm 00024
Fmt 4701
Sfmt 4703
and assigned rating grades; retail
segment drivers include exposure and
borrower risk characteristics.
78. Key drivers of default should be
factored directly into the obligor rating
or segmentation process. But in some
circumstances, certain effects related to
industry, geography, or other factors are
not reflected in wholesale obligor risk
rating assignments, retail segmentation,
or default estimation models. In such
cases, it may be appropriate for banks to
capture the impact of the omissions by
using different mappings for different
business lines or types of exposures.
Supervisors expect this practice to be
transitional, and that banks eventually
will incorporate the omitted effects into
the wholesale obligor risk rating, the
retail segmentation system or the PD
estimation process as they are
uncovered and documented, rather than
adjusting the mapping.
79. Banks may use multiple reference
data sets or estimation methods, and
then combine the resulting estimates to
get an obligor rating grade or segment
PD. A bank that does so should conduct
a rigorous mapping process for each
data set and estimation method. For
example, when using data from a
number of wholesale rating agencies,
the mapping should take into
consideration differences in the
agencies’ rating methods by mapping
each agency’s obligor rating scale
separately. Similarly, when combining
the results from internal historical data
and a default prediction model over a
retail portfolio, the bank should map
both the historical long-run PD and the
model’s output to the existing portfolio.
Retail Mapping
80. For retail portfolios, mapping
involves linking segments in the
reference data to segments in the
existing portfolio. If the bank’s
segmentation process has been in place
for a long time, the mapping between
internal historical data and the existing
portfolio data may be straightforward.
However, if the bank’s retail
segmentation system has varied over
time, the bank should demonstrate a
mapping between its existing
segmentation system and the segments
in the reference data. In either case, the
bank should demonstrate that the
mapping is appropriate and conduct
periodic assessments to verify this.
Example
2ven if similarly named
characteristics are available in the
reference data and the existing portfolio
data, they may not be directly
comparable. For example, in a retail
portfolio of auto loans, the particular
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
types of auto loans (for example, new or
used, direct or indirect) may vary from
one application to another. Hence, a
bank should ensure that linked drivers
are truly similar in PD estimation.
Although adjustments to enhance
comparability can be appropriate, they
should be rigorously developed and
documented.
sroberts on PROD1PC70 with NOTICES
Wholesale Mapping
81. There are two broad approaches to
the mapping process for wholesale
portfolios, obligor mapping and rating
grade mapping.
82. In obligor mapping, each existing
obligor is mapped to the reference data
based on its individual characteristics.
For example, if a bank applies a default
model to estimate an obligor-level
default probability, that model uses
certain obligor-level variables as inputs.
The values of these variables for each
obligor are used as inputs to the obligorlevel default probability estimation
model.
Example
In estimating rating grade PDs, a bank
relies on observed default rates on
bonds in various agency ratings. To map
its internal rating grades to the agency
ratings, the bank identifies variables that
together explain much of the rating
variation in the bond sample. The bank
then conducts a statistical analysis of
those same variables within its portfolio
of obligors, using a multivariate distance
calculation to assign each portfolio
obligor to the external rating whose
characteristics it matches most closely
(for example, assigning obligors to
ratings so that the sum of squared
differences between the external rating
averages and the obligor’s
characteristics is minimized). This
practice is broadly consistent with
sound mapping practices.
83. In rating grade mapping,
characteristics of the obligors within an
internal rating grade are averaged or
otherwise summarized to construct a
‘‘typical’’ or representative obligor for
each rating grade. Then, the bank maps
that representative obligor to the
reference data. For example, if the bank
uses a model that takes certain variables
as inputs to produce an obligor-level
default probability estimate, a
representative value for each input
variable would be determined for each
internal rating grade, creating in effect a
‘‘typical obligor’’ for a rating grade; the
default probability associated with that
typical obligor will serve as the rating
grade PD in the application stage. As an
alternative example, a bank maps the
typical obligor from each internal rating
grade to a particular external NRSRO
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
rating based on quantitative and
qualitative characteristics and assigns
the realized long-run average one-year
default rate for that external rating to the
internal rating grade in the application
stage.
Example
A bank uses rating grade mapping to
link portfolio obligors to the reference
data set described by agency ratings.
The bank reviews publicly-rated
portfolio obligors within an internal
rating grade to determine the most
common agency rating, does the same
for all rating grades, and creates a
linkage between internal and agency
ratings. The strength of the linkage is a
function of the number of externally
rated obligors within each rating grade,
the distribution of those agency ratings
within each rating grade and the
similarity of externally rated obligors in
the grade to those not externally rated.
This practice is broadly consistent with
sound mapping practices, and, for the
reasons discussed below, may require
adjustments and the addition of margins
of conservatism.
84. An acceptable quantification
process could include the use of either
a rating grade mapping or obligor
mapping approach. However, in the
absence of other compelling
considerations, banks should use
obligor mapping because rating grade
mapping has the following drawbacks:
• First, default probabilities are
nonlinear using many estimation
approaches. As a result, the typical
obligor’s default probability using the
rating grade mapping approach is often
lower than the mean of the individual
obligor default probabilities using the
obligor mapping approach.
• Second, a hypothetical obligor with
a rating grade’s average characteristics
may not represent well the risks
presented by the rating grade’s typical
obligor, since different types of obligors
might end up in the same grade.
85. A bank electing to use rating grade
mapping instead of obligor mapping
should be especially careful in choosing
a ‘‘typical’’ obligor for each grade. Doing
so generally requires that the bank
examine the actual distribution of
obligors within each rating grade, as
well as the characteristics of those
obligors. Banks should be aware that
different statistical measures (such as
mean, median, or mode) will produce
different results, and may result in
materially different PDs for a particular
rating grade. The bank should justify its
choice and should have a clear and
consistent policy toward the
calculation.
PO 00000
Frm 00025
Fmt 4701
Sfmt 4703
9107
86. In addition to the general
requirement to compare elements that
the reference data and portfolio have in
common, both obligor and rating grade
mappings should also take into account
differences in rating philosophy (as
commonly revealed through analysis of
rating migration) between any ratings
embedded in the reference data set and
the bank’s own rating regime.
D. Application
87. The application stage produces
final PD estimates that will be used in
the determination of risk-based capital
requirements. This stage is expected to
be relatively mechanical for most retail
portfolios, except when the bank uses
multiple reference data sets or multiple
estimation methods or significantly
changes its segmentation system over
time. Judgmental adjustments to the risk
parameter estimates should be rare for
retail portfolios.
88. This stage may be somewhat more
involved for wholesale portfolios. After
the bank applies the PD estimation
method to its existing exposures using
the mapping process, adjustments to the
raw results derived from the estimation
stage may be appropriate to obtain final
rating grade PD estimates. For example,
the bank might aggregate individual
obligor default probabilities to the rating
grade level or otherwise produce a
rating grade PD estimate, or might
smooth results because a rating grade’s
PD estimate was higher than a lower
quality grade. The bank should explain
and support all such adjustments when
documenting its quantification process.
89. The bank must ensure that the PD
applied in the determination of riskbased capital requirements for each
wholesale exposure or retail segment is
not less than the regulatory floor of 0.03
percent, except for exposures to or
directly and unconditionally guaranteed
by a sovereign entity, the Bank for
International Settlements, the
International Monetary Fund, the
European Commission, the European
Central Bank, or a multi-lateral
development bank, to which the bank
assigns a rating grade associated with a
PD of less than 0.03 percent.
Example
A bank uses external data to estimate
long-run average PDs for each wholesale
rating grade. The resulting PD estimate
for Grade 2 is slightly higher than the
estimate for Grade 3, even though Grade
2 is supposedly of higher credit quality.
The bank uses statistics to demonstrate
that this anomaly occurred because
defaults are rare in the highest quality
rating grades. The bank judgmentally
adjusts the PD estimates for Grades 2
E:\FR\FM\28FEN2.SGM
28FEN2
9108
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
and 3 to preserve the expected
relationship between obligor rating
grade and PD, but demonstrates that
total risk-weighted assets across both
rating grades using the adjusted PD
estimates are no less than total riskweighted assets based on the unadjusted
estimates, using a typical distribution of
obligors across the two rating grades. An
adjustment such as given in this
example is consistent with this
guidance.
sroberts on PROD1PC70 with NOTICES
III. Expected Loss Given Default (ELGD)
and Loss Given Default (LGD)
90. The ELGD and LGD quantification
process is similar to the PD
quantification process. Once a bank
identifies and obtains a reference data
set of defaulted exposures and relevant
descriptive characteristics, it selects a
technique to estimate the credit-related
economic loss per dollar of EAD for a
defaulted wholesale exposure with a
given array of characteristics or for all
defaulted exposures in a reference retail
segment. The reference data should then
be mapped to the bank’s existing
exposures so that the bank can estimate
ELGD and LGD for each wholesale
exposure, loss severity rating, or retail
segment, as the case may be. Finally,
application adjustments may be made to
obtain final risk parameter estimates.
91. The ELGD is an estimate of the
default-weighted average economic loss
(where individual defaults receive equal
weight), per dollar of EAD, the bank
expects to incur in the event that the
obligor were to default within a oneyear horizon over a mix of economic
conditions, including economic
downturn conditions. LGD estimates
reflect the estimate of the economic loss
per dollar of EAD that the bank expects
to incur if the obligor were to default
within a one-year horizon during
economic downturn conditions.
Accordingly, ELGD estimates
incorporate a mix of economic
conditions (including economic
downturn conditions) while LGD
estimates reflect losses that would occur
during economic downturn conditions
(i.e., conditions in which aggregate
default rates are significantly higher
than average). LGD estimates cannot be
less than ELGD estimates for a particular
wholesale exposure or retail segment.
A. Data
92. Unlike reference data sets used for
PD estimation, data sets for ELGD and
LGD estimation contain only exposures
to defaulted obligors. At least two broad
categories of data are necessary to
produce ELGD and LGD estimates.
93. First, factors must be available to
group the defaulted exposures in
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
meaningful ways. Wholesale exposures
are grouped by characteristics that are
likely to be important in predicting loss
rates—for example, whether an
exposure is secured and the type and
coverage of collateral, the seniority of a
claim, economic conditions, and the
obligor’s industry. The retail
segmentation system may separate
exposures by borrower and exposure
risk characteristics predictive of loss
severity or by an ELGD or LGD score—
for example, credit score, business line,
credit line utilization for unsecured
credit lines, or loan-to-value for
mortgage loans.
94. Although the characteristics
identified above have been found to be
significant in academic and industry
studies, a bank’s quantification of ELGD
and LGD certainly need not be limited
to these variables. For example, a bank
might examine many other potential
drivers of loss severity, including
geographic location, exposure type,
tenor of the relationship, wholesale
obligor size, or retail borrower wealth.
95. Second, data must be available to
calculate the realized economic loss of
each defaulted exposure. Such data may
include the market value of the
wholesale exposure at default or the
market value for a pool of charged-off
retail exposures, which can be used to
proxy a recovery rate. Alternatively,
economic loss may be calculated for
wholesale exposures and retail segments
using the EAD (including principal and
accrued but unpaid interest or fees),
losses on the sale of repossessed
collateral, direct workout costs, an
appropriate allocation of indirect
workout costs, the timing and amount of
subsequent recoveries, and the discount
rate appropriate to the risk of the
exposure.
96. Data should be comprehensive.
All cash flow data should include dollar
amounts and dates. For example, roll to
charge-off or non-accrual, number of
days past due, or bankruptcy status
should be captured if these factors are
expected to be significant for ELGD and
LGD. Recovery data should include
direct payments from the obligor/
borrower, the sale of the collateral or
realized income from the sale of
defaulted exposures. Supportable net
realizable value of defaulted exposures
and collateral acquired in default that
has yet to be disposed of can be
included as part of the reference data.
Cost data comprise the material direct
and indirect costs associated with
workouts and collections.
97. Ideally, loss severity should be
measured once all recoveries and costs
have been realized. However, a bank
may not resolve a defaulted wholesale
PO 00000
Frm 00026
Fmt 4701
Sfmt 4703
obligation for many years following
default. For practical purposes, banks
relying on actual recovery data may
choose to close the period of
observation before this final resolution
occurs—that is, at a point in time when
most costs have been incurred and
when recoveries are substantially
complete. Banks that do so should
estimate the additional costs and
recoveries that would likely occur
beyond this period and include them in
ELGD and LGD estimates. A bank
should document its choice of the
period of observation, and how it
estimated additional costs and
recoveries beyond this period.
98. Reference data sets may contain
individual loss observations that are less
than 0 percent or greater than 100
percent. However, extra diligence is
required for loss realizations reported to
be less than 0 percent to ensure that
economic loss is being measured.4
Example 1
A bank with internal wholesale data
covering the period 1997 through 2003
relies primarily on these data for
quantifying its wholesale risk parameter
estimates. The bank will continue to
extend this internal data set as time
progresses. Its current policy mandates
that credits be resolved within two years
of default, so the data set contains the
most recent data available. Although the
existing data set satisfies the seven-year
requirement for ELGD quantification,
the bank is aware that it does not
include appropriate economic downturn
conditions for certain portfolios. In
comparing its loss estimates with rates
published in external studies that cover
longer time periods and include
economic downturn periods for
similarly stratified data, the bank
observes that its estimates are
systematically lower. To be consistent
with the NPR, the bank must reflect
economic downturn conditions in its
ELGD estimates, as such estimates
represent the loss the bank expects to
incur in the event that the obligor of the
exposure defaults within a one-year
horizon over a mix of economic
conditions, including economic
downturn conditions.
Example 2
A bank develops evidence that during
the 2001 to 2003 period of highly
4 Banks are not required to truncate the loss
severity data used to derive ELGD and LGD
parameter estimates. Nonetheless, final ELGD and
LGD estimates should not be negative or zero.
Readers are directed to the discussion of the
application stage for ELGD and LGD in a later
section of this guidance for elaboration of related
supervisory expectations regarding ELGD and LGD
quantification.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
elevated mortgage prepayments owing
to record-low interest rates, losses were
likely deferred in mortgage portfolios
because of readily available refinancing
options. The bank also concludes that
losses on foreclosures during this period
were limited because housing prices
generally increased throughout the
United States despite a recession.
However, the bank notes that a similar
(though not as substantial) drop in
interest rates occurred in the early
1990s, during a recession that was
characterized by a sharp drop in
property values in many parts of the
country. Because the recent period may
have been atypical, the bank chooses to
weigh older data (perhaps from external
sources) more heavily than recent data
for ELGD quantification. Such an
approach to weighting the data would
be consistent with this guidance.
99. The following examples illustrate
how definitions of default in the
reference data that are different from the
IRB definition complicate ELGD
estimation.
Example 1
For ELGD estimation, a bank includes
in its default database only exposures
that actually experience a loss and
excludes exposures for which no loss
was recorded (effectively applying a
‘‘loss given loss’’ concept). This practice
is not consistent with the NPR because
the bank’s default definition is narrower
than the IRB definition.
sroberts on PROD1PC70 with NOTICES
Example 2
A bank relies on two external data
sources to estimate ELGD because it
lacks sufficient internal data. Both
sources use definitions that deviate from
the IRB definition; one uses
‘‘bankruptcy filing’’ to indicate default
while another uses ‘‘missed principal or
interest payment.’’ Although the
different definitions result in
significantly different loss estimates for
the loss severity ratings defined by the
bank, the bank simply combines the
external data sources in deriving its
ELGD estimates. The bank’s practice is
not consistent with the guidance. The
bank should determine the impact on
the parameter estimates of the different
definitions used in the reference data
sets. For minor definitional differences,
the bank may be able to make
appropriate adjustments during the
estimation stage. If the differences are
difficult to quantify, an appropriate
level of conservatism should be applied
or the bank should seek other sources of
reference data.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
9109
B. Estimation
Example 2
100. Estimation of ELGD and LGD is
the process by which characteristics of
the reference data are related to loss
severity. Relevant characteristics for
wholesale exposures might include
variables such as seniority, collateral,
exposure type, or business line. For
retail portfolios, as discussed in Chapter
3, a common ELGD or LGD might be
applied so long as the estimate is
accurate for each segment and
exposures within those segments have
homogenous risk characteristics.
101. In estimating ELGD and LGD,
banks should identify drivers of loss.
One estimation approach is to separate
the reference defaults into groups that
do not overlap, for example, by business
line, predominant collateral type, or
loan-to-value coverage. The ELGD
estimate for each category could then be
based on the default-weighted average
economic loss per dollar of EAD, and
LGD could be similarly derived using
data from periods of economic
downturn conditions. In most cases, it
will not be acceptable to calculate ELGD
as the average of annual loss rates
(where loss severity for each year
receives equal weight). Years with a
relatively large number of defaults
generally provide richer data for
measuring loss severity compared to
years when there are relatively few
defaults. Thus, in general, years with a
relatively large number of defaults
contribute more information and should
be appropriately weighted when
estimating ELGD. In addition, if years of
relatively low default rates typically
have relatively low loss severity rates,
then using the average of annual loss
rates will tend to understate ELGD.
102. A statistical model, for example
a regression model using data on loss
severity and some quantitative measures
of the loss drivers, could be applied to
estimate ELGD or LGD. Any model must
meet the requirements for validation
discussed in Chapter 7. Other methods
for estimating ELGD or LGD could also
be appropriate.
A bank groups observed defaults in
the reference data according to
geographic region and collateral. One of
the pools has too few observations to
produce a reliable estimate. By
augmenting the loss data with data from
similar geographic regions with the
same collateralization, the bank derives
an ELGD estimate. Provided the bank
can adequately support the process used
to establish the relevance of the data
from other regions, this approach would
be consistent with the guidance.
103. Banks should evaluate
adjustments in the ELGD and LGD
estimation process to ensure that they
do not result in an overall bias toward
lower estimates of risk.
Example 1
To estimate ELGD, a bank uses only
internal data. Although information on
security and seniority is lacking, no
adjustments for the lack of data are
made in the estimation or application
steps. This practice is not consistent
with the guidance because there is
ample external evidence that security
and seniority are relevant in estimating
ELGD. A bank with such limited
internal default data must incorporate
external or pooled data.
PO 00000
Frm 00027
Fmt 4701
Sfmt 4703
Example 1
A bank is unable to properly discount
a segment’s cash flows because the
reference data do not include the dates
of recoveries (and related costs).
However, the bank has sufficient
internal data to calculate economic loss
for defaulted exposures in another
portfolio segment. The bank can support
the assumption that the timing of cash
flows for the two segments is
comparable. Using the available data
and informed judgment, the bank
adjusts the estimates for the data-poor
segment to reflect how much the
measured loss without discounting
should be grossed up to account for the
time value of money and the distressed
nature of the assets. This practice is
consistent with the guidance.
Example 2
Collateral is one factor used by a bank
to estimate ELGD. Although the
available internal and external data
indicate a higher ELGD, the bank
judgmentally assigns a loss estimate of
2 percent for exposures secured by cash
collateral. The bank contends that the
lower estimate is justified because it
expects to do a better job of following
policies for monitoring cash collateral in
the future. Such an adjustment is
generally not appropriate because it is
based on projections of future
performance rather than realized
experience. This practice generally is
not consistent with the guidance.
S 4–19 ELGD and LGD estimates
must be empirically based and must
reflect the concept of ‘‘economic loss.’’
104. ELGD and LGD are based on the
concept of economic loss, which is a
broader, more inclusive concept than
accounting measures of loss. Broadly
speaking, economic loss incorporates
the mark-to-market loss of value of a
defaulted exposure and collateral,
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9110
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
including material accrued but unpaid
interest or fees, and all material direct
and indirect costs of workout and
collections, net of recoveries. Losses,
recoveries, and costs should all be
discounted to the time of default. See
the fourth paragraph of the LGD
definition in section 2 of the NPR for the
definition of economic loss.
105. Banks often estimate loss using
data on costs and recoveries from
workouts of defaulted exposures;
however, appropriate estimates may
sometimes be developed using market
data on defaulted exposures.
106. The scope of cash flows included
in recoveries and costs is meant to be
broad. Material recovery costs that can
be clearly attributed to certain
exposures, plus material indirect cost
items, must be reflected in the bank’s
ELGD and LGD assignments for those
exposures. Recovery costs include the
costs of running the bank’s collection
and workout departments and the cost
of outsourced collection services
directly attributable to recoveries during
a particular time or for a particular
segment or portfolio, at as granular a
level as possible. Recovery costs also
include an appropriate percentage of
other ongoing costs, such as overhead.
107. Recovery costs can be allocated
using the same principles and
techniques of cost accounting that are
usually used to determine the profit and
loss of activities within any large
enterprise. Collection and workout
departments, however, may cover
services not 100 percent attributable to
defaulted exposures. For example, the
same call center may manage reminder
calls to delinquent retail accounts, many
of which will never default, as well as
collection calls. The expenses for these
functions should be differentiated to
allocate only collection expenses
attributable to defaulted exposures.
108. When costs cannot be allocated
because of data limitations, the bank
may assign those costs using broad
averages. For example, the bank could
allocate costs by outstanding dollar
amounts of loans, including accrued but
unpaid interest or fees at the time of
default, within each rating grade or
segment.
109. All costs, and recoveries should
be discounted to the time of default
using the time interval between the date
of default and the date of the realized
loss, incurred cost, or recovery; this
calculation should be on a pooled basis
for retail exposures. The discount rate
should reflect the costs of holding
defaulted assets over the workout
period, including an appropriate risk
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
premium.5 As such, an appropriate
discount rate will reflect the uncertainty
of recovery cash flows and the presence
of undiversifiable risk.
S 4–20 ELGD estimates must reflect
the expected default-weighted average
economic loss rate over a mix of
economic conditions, including
economic downturn conditions.
110. For wholesale exposures, ELGD
is the best estimate of the economic loss
per dollar of EAD that would be
incurred in the event that the obligor (or
a typical obligor in the applicable loss
severity rating) defaults within a oneyear horizon. For retail segments, ELGD
is the best estimate of the economic loss
per dollar of EAD that would be
incurred on the segment from exposures
that default within a one-year horizon.
111. ELGD estimates should reflect
expected long-run loss severities and
should represent an estimate of the
default-weighted average economic loss
as observed over a complete credit
cycle. Similar to PD quantification, loss
severity data must include periods of
economic downturn conditions or the
bank must adjust its estimates to
compensate for the lack of data from
economic downturn conditions.
Economic Downturn LGD
S 4–21 LGD estimates must reflect
expected loss severities for exposures
that default during economic downturn
conditions, and must be greater than or
equal to ELGD estimates.
112. In addition to ELGD, banks must
quantify LGD in a way that
appropriately reflects downturn
conditions for each wholesale exposure
and for each retail segment. LGD is an
estimate of the percentage of EAD that
would be lost in the event of a default
during the one-year horizon, if that
default were to occur during a period of
economic downturn. Under economic
downturn conditions default rates are
higher than under more neutral
conditions, and LGD estimates must
reflect expected loss rates resulting from
downturn conditions.
113. If a bank obtains supervisory
approval to use its own estimates of
LGD for an exposure subcategory, it
must use internal estimates of LGD for
all exposures within that subcategory.
Within retail, the three subcategories are
residential mortgage, QRE, and other
retail, while within wholesale credit the
two subcategories are high-volatility
commercial real estate (‘‘HVCRE’’) and
all other wholesale.
5 This implies that the appropriate discount rate
for IRB purposes likely will differ from the interest
rate required under FAS 114 for accounting
purposes.
PO 00000
Frm 00028
Fmt 4701
Sfmt 4703
114. If a bank has not received prior
written approval from its primary
Federal supervisor to use internal LGD
estimates, the bank must use the
supervisory mapping function. The
supervisory mapping function
calculates LGD by taking 92 percent of
the ELGD and adding eight percentage
points to that result.
115. The LGD estimate for an
exposure or segment may never be less
than the ELGD assigned to that exposure
or segment, and must be higher than
ELGD if a higher estimate is appropriate
based on robust analysis of the impact
of economic downturn conditions on
loss severity. The LGD for some
exposures or segments may be
substantially higher than ELGD, while
for others it may not.
S 4–22 A bank may use internal
estimates of LGD only if supervisors
have previously determined that the
bank has a rigorous and welldocumented process for assessing the
effects of economic downturn
conditions on loss severities and for
producing LGD estimates consistent
with downturn conditions. The process
must appropriately identify downturn
conditions, identify the impact of
economic downturn conditions on loss
rates, identify any material adverse
correlations between drivers of default
and LGD, and incorporate any
identified correlations and/or downturn
impact into the quantification of LGD.
116. In determining whether to
approve a bank’s use of internal
estimates of LGD for a subcategory of
exposure, supervisors will consider
whether the process for generating LGD
estimates is consistent with the
supervisory standard above and
produces internal estimates of LGD that
are reliable and sufficiently reflective of
economic downturn conditions.
117. To meet the requirements for
internal estimates, a bank should satisfy
the following conditions:
• The bank should establish policies
to govern the process for identifying
downturn conditions and generating
LGD estimates. The policy should
address:
—Criteria for identifying downturn
conditions;
—The level of product and geographic
scope to be used for identification of
economic downturn conditions;
—Data requirements;
—Methods to determine the impact of
downturn conditions on loss severities;
and
—Quantification methodologies to
produce LGD estimates.
• The bank must have a rigorous
quantification process (covering all
stages of quantification, including
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
reference data, estimation, mapping,
and application) for estimating LGD.
The bank must be able to identify
economic downturns, determine the
impact of downturn conditions on loss
severities, and appropriately quantify
LGD.
118. In principle, quantification of
LGD is no different from quantification
of any other IRB risk parameter. The
target of the quantification process is
different, but the stages of quantification
(data, estimation, mapping, and
application) apply to LGD just as they
do to other risk parameters such as PD
and ELGD. However, the details
necessarily differ; the remainder of this
section discusses supervisory standards
related to quantification of ownestimates of LGD to reflect economic
downturn conditions.
Identifying Economic Downturn
Conditions
119. To identify periods of downturn
conditions, the bank should first
articulate both product and geographic
scope, since default rates for different
types of exposures in different areas are
themselves likely to differ. At the
product level, the highest level of
aggregation is a given IRB subcategory of
exposure (i.e., residential mortgage,
QRE, other retail, HVCRE, and all other
wholesale). Thus, for example,
downturn conditions for wholesale
exposures other than HVCRE are
defined as periods of high default rates
for non-HVCRE wholesale exposures in
general. A bank may choose to use
lower levels of aggregation in order to
achieve better measurement of actual
credit risk and greater risk sensitivity.
For example, a bank with an industry
concentration in a subcategory of
exposures (such as corporate exposures
to technology companies) may find that
information relating to a downturn in
that industry sector may be more
relevant for the bank than a general
downturn affecting many regions or
industries.
120. The geographic scope for
identification of economic downturn
conditions is the geographic ‘‘footprint’’
of the bank within an exposure
subcategory, that is, the geographic area
from which exposures of each type are
drawn (or can be expected to be drawn
customarily). This ‘‘footprint’’ need not
be the same for each subcategory of
exposures. Banks are not required to
further subdivide with regard to
geography; for example, if a bank’s
HVCRE exposures are drawn from two
distinct regions such as the Southeast
and the Northeast, they may define a
downturn in HVCRE as a period of
significantly above-average default rates
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
in HVCRE for the two regions jointly,
rather than considering each separately.
Nonetheless, as is the case with product
scope, banks are permitted to further
subdivide geographically if they choose
to do so.
121. The exception to the ‘‘footprint’’
scope is that separate countries must be
treated separately. For example, a bank
with residential mortgage exposures in
the United States and Japan must
separately identify the conditions under
which residential mortgage default rates
would be significantly higher than
average in each national jurisdiction.
122. Given these requirements for
product and geographic scope,
downturn conditions with respect to a
wholesale exposure or retail segment are
defined as those conditions under
which the aggregate default rate for the
exposure’s wholesale or retail exposure
subcategory (or subdivision of such
subcategory selected by the bank)
within the related geographic footprint
and/or jurisdiction (or finer subdivision
selected by the bank) would be
significantly higher than average.
123. It may be useful to distinguish
this definition of economic downturn
from other definitions that might seem
reasonable. For example, an economic
downturn for purposes of LGD
estimation is not defined as a period of
high loss severity, that is, a period in
which realized losses given default are
high. Loss severities may be high during
an economic downturn—indeed, that is
the primary motivation for the separate
estimation of economic downturn
LGD—but this is not the defining
characteristic; high realized loss severity
rates do not define a downturn.
Similarly, economic downturns are not
defined as periods of depressed
collateral values, although collateral
values may be low when default rates
are high. Finally, economic downturn
conditions for purposes of LGD
estimation are not defined as periods of
poor economic performance as
determined by other measures such as
GDP growth or other traditional
measures of business conditions and
economic climate. Traditional measures
of economic activity may indeed show
weakness during periods corresponding
to ‘‘economic downturn conditions’’ as
defined for purposes of LGD estimation,
but a period of weak economic activity
does not in and of itself indicate the
existence of economic downturn
conditions as defined in the NPR.
Economic downturn conditions are
identified only through reference to
default rates for exposure subcategories
within relevant geographic regions.
PO 00000
Frm 00029
Fmt 4701
Sfmt 4703
9111
Estimation of LGD
124. Once relevant downturn
conditions are identified, a bank must
determine the impact of such conditions
on loss severities and construct
appropriate estimates of LGD under
economic downturn conditions for each
wholesale loss severity rating grade or
exposure and each retail segment. LGD
should be the empirically based best
estimate of the loss severity as a
percentage of exposure if the obligor
were to default during economic
downturn conditions. Note that
although estimates are empirically
based, the purpose of quantification is
not to measure past patterns and
dependencies, but to generate
predictions of likely future outcomes.
125. Banks may choose to focus the
quantification process on LGD directly.
However, in many cases it may be more
practical to estimate the extent to which
loss rates can be expected to exceed
ELGD under economic downturn
conditions, through estimation of the
difference (LGD–ELGD) or estimation of
the percentage increase in the loss rate,
or perhaps through some other
translation of ELGD into LGD. In that
case, the result of one estimation
process—that for ELGD—is used an
input to the LGD estimation process,
and any evaluation of the robustness of
LGD estimates would have to
adequately consider the potential
modeling error and estimation error
introduced by their reliance on ELGD as
a key input.
126. Identification of the impact of
economic downturn conditions on LGD,
and incorporation of that impact into
LGD estimates, requires suitable design
of all stages of the quantification
process. No single approach is
presumed to be correct, and there are
many alternative approaches that, if
properly carried out, could satisfy the
supervisory requirements for use of
internal estimates of LGD. Several
examples, while not intended to be
exhaustive, can serve to illustrate the
point.
Example 1
A bank estimates a relationship
between loss rates and a set of
independent variables or risk drivers
that is robust over periods covering a
wide range of conditions, including
economic downturns. The bank
determines that the main impact of an
economic downturn on LGD arises
through changes in certain risk drivers
(such as collateral values) under
economic downturn conditions. The
bank quantifies LGD through a process
similar to a stress test, with the
E:\FR\FM\28FEN2.SGM
28FEN2
9112
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
C. Mapping
identified drivers of loss severity
stressed to the values they would
assume under economic downturn
conditions, based on historical
observations.
Example 2
A bank conducts rigorous analysis to
construct a model linking risk drivers
for LGD to variables that characterize
economic downturn conditions,
including underlying economic
variables and the way those variables
tend to change in a downturn. The bank
uses that model to directly simulate the
impact of downturn conditions on LGD
rather than using downturn values for
the variables that tend to determine loss
severity rates under more normal
conditions.
Example 3
A bank determines that the impact of
economic downturn conditions on LGD
arises from a fundamental change in the
relationship between risk drivers and
LGD during a downturn. That is, the
bank finds that loss severities rise in a
downturn because certain risk drivers or
variables that have an impact on losses,
such as collateral type or seniority, have
a different quantitative influence on loss
severity during a downturn than during
other periods. The bank estimates a
relationship between loss severity rates
and risk driving variables using data
from periods of economic downturn
conditions.
The approaches briefly described in
the examples above also require careful
consideration of appropriate mapping,
since use of an estimated relationship
between LGD and any other variables or
risk drivers would require mapping of
currently observed values of those
variables for exposures, rating grades, or
segments to the corresponding values of
those drivers during economic
downturn conditions.
sroberts on PROD1PC70 with NOTICES
Example 4
A bank conducts a rigorous
comparison of average recovery rates
with recovery rates observed during
appropriately identified downturn
periods, finding that the impact of
economic downturn conditions can be
characterized as a fixed, across-theboard reduction in recovery rates. The
bank is able to provide evidence that
this relationship is statistically robust,
and superior to other approaches to LGD
quantification. The bank uses the
implied, empirically based adjustments
in the application stage of the LGD
quantification process to reflect the
impact of economic downturns.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
127. ELGD and LGD mapping follows
the same general standards as PD
mapping. A mapping should be
plausible and should be based on a
comparison of loss severity-related data
elements common to both the reference
data and the existing portfolio. The
mapping approach is expected to be
unbiased, such that the exercise of
judgment does not consistently lower
ELGD and LGD estimates. The default
definitions in the reference data and the
existing portfolio of exposures should
be comparable, as should be the
methods of recovery. The mapping
process should be updated regularly,
well-documented, and independently
reviewed.
128. Mapping involves matching
exposure-specific data elements
available in the existing portfolio to the
factors in the reference data set used to
estimate expected loss severity rates.
Examples of factors that influence loss
rates include collateral type and
coverage, seniority, industry, and
location. Reference data often do not
include workout costs and will often
use different discount rates. Judgmental
adjustments for such differences should
be well-documented and empirically
based to the extent possible.
129. Different data sets and different
approaches to ELGD and LGD
estimation may be appropriate,
especially for different business
segments or product lines. Each
mapping process must be specified and
documented.
D. Application
130. At the application stage, banks
apply the ELGD and LGD estimation
framework to their existing portfolio of
credit exposures. This step might
require banks to aggregate retail
segment-level ELGD and LGD estimates
derived from more granular reference
data into estimates applicable to broader
segments in the existing portfolio, to
aggregate individual wholesale ELGD
and LGD estimates into discrete loss
severity ratings, or to combine
estimates.
131. The inherent variability of
recovery, due in part to unanticipated
circumstances, demonstrates that no
exposure type is risk-free, regardless of
structure, collateral type, or collateral
coverage. The existence of recovery risk
dictates that the application stage
should result in an ELGD and LGD
above 0 percent. As was discussed in
the data section, a data set may include
observations with negative realized loss
rates. Although these transactions may
be included in the ELGD and LGD
PO 00000
Frm 00030
Fmt 4701
Sfmt 4703
estimation process, no exposure or
rating grade should be assigned an
ELGD or LGD estimate that is less than
or equal to zero percent for purposes of
risk-based capital calculations.
132. The LGD (i.e., the economic
downturn loss estimate) for each
segment of residential mortgage
exposures (other than segments of
residential mortgage exposures for
which all or substantially all of the
principal of each exposure is directly
and unconditionally guaranteed by the
full faith and credit of a sovereign
entity) may not be less than 10 percent.
IV. Exposure at Default (EAD)
133. As EAD quantification is
somewhat less advanced than other
areas of quantification, it is addressed in
somewhat less detail in this guidance.
Banks should continue to innovate in
the area of EAD estimation, refining and
improving practices in EAD
measurement.
134. A bank must provide an estimate
of EAD for each exposure in its
wholesale portfolio and for each
segment in its retail portfolio. For fixed
exposures like term loans, EAD is equal
to the carrying value unless there is an
allocated transfer risk reserve for the
exposure or the exposure is held
available-for-sale. For variable
exposures such as loan commitments,
revolving exposures and other lines of
credit, EAD for each exposure includes
the outstanding balance at the point of
capital measurement plus an estimate of
net additions to the total balance due,
including estimated future additional
advances of funds, including principal
and accrued but unpaid interest and
fees that are likely to occur before and
after default assuming that the exposure
were to default within a one-year
horizon. The estimate of net additions
must reflect what would be expected
during a period of economic downturn
conditions.
135. Refer to Chapter 9 of this
guidance and the NPR for guidance on
quantifying EAD for OTC derivative
contracts, repo-style transactions, and
eligible margin loans.
136. For retail and wholesale
exposures in which only the drawn
balance has been securitized (e.g., a
typical credit card securitization), the
bank must reflect its share of the
exposures’ undrawn balances in EAD.
The undrawn balances of exposures for
which the drawn balances have been
securitized must be allocated between
the seller’s and investors’ interests on a
pro rata basis, based on the proportions
of the seller’s and investors’ shares of
the securitized drawn balances.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
expected by a bank subsequent to
realization of a default event should be
factored into the quantification of EAD.
The estimation process should be
capable of producing a plausible average
estimate of draws on unused available
credit (e.g., LEQ) to support the EAD
calculation for each exposure or retail
segment.
A. Data
138. Like reference data sets used for
ELGD and LGD estimation, EAD data
sets typically contain only exposures to
defaulted obligors, although data on
troubled non-defaulted obligors also
could be informative in estimation of
these parameters. The same reference
data are often used for ELGD, LGD and
EAD quantification. In addition to
relevant descriptive characteristics
(referred to as ‘‘drivers’’) that can be
used in estimation, the reference data
must include historical information on
the exposure (both drawn and undrawn
amounts) as of some date prior to
default, as well as the drawn exposure
at the date of default.
139. As discussed below under
‘‘Estimation,’’ EAD estimates may be
developed using either a cohort method
or a fixed-horizon method. The bank’s
reference data set should be structured
so that it is consistent with the
estimation method the bank applies.
Thus, the data should include
information on the total commitment,
the undrawn amount, and the exposure
drivers for each defaulted exposure,
either at fixed calendar dates for the
cohort method or at a fixed interval
prior to the default date for the fixedhorizon method.
140. The reference data should
contain variables that enable the bank to
group the exposures to defaulted
obligors in meaningful ways. Banks
should consider how a wide range of
obligor and exposure characteristics
affect EAD. Examples include time from
origination, time to expiration or
renewal, economic conditions, risk
rating changes, or certain types of
covenants. Some potential drivers may
be linked to a bank’s credit risk
management skills, while others may be
external to the bank.
sroberts on PROD1PC70 with NOTICES
137. A number of methods can be
used to estimate EAD. One common
approach is based on loan equivalent
exposure (‘‘LEQ’’), which is typically
expressed as a percentage of the current
total committed but undrawn amount.6
EAD can thus be represented as:
EAD = current outstanding + LEQ ×
(total committed ¥ current outstanding)
Example
A bank determines that a business
unit forms a homogeneous pool for the
purposes of estimating EAD. That is,
although the exposures in this pool may
differ in some respects, the bank
determines that the credit lines share a
similar drawdown experience in
default. The bank should provide
reasonable support for this pooling
through analysis of lending practices
and available internal and external data.
142. Two broad types of estimation
methods are used in practice, the cohort
method and the fixed-horizon method.
143. Under the cohort method, a bank
groups defaults into discrete calendar
periods, such as a year. A bank may use
a longer period if it provides a more
accurate estimate of future gross losses
arising from undrawn exposures. For
retail exposures, the bank estimates the
relationship between the balances for
defaulted exposures at the start of the
calendar period and at the time at
default. For wholesale exposures, the
bank estimates the relationship between
the drivers as of the start of that
calendar period and LEQ for each
exposure to a defaulter. For each
exposure category or retail segment (that
is, for each combination of exposure
drivers identified by the bank), an LEQ
estimate could be based on the mean
additional drawing for exposures in that
category or segment as a proportion of
the undrawn lines. One approach to
combine results for multiple periods
into a single long-run average would be
weighting the period-by-period means
by the proportion of defaults occurring
in each period, so that each default
receives equal weight.
144. Under the fixed-horizon method,
for each defaulted exposure the bank
compares additional drawdowns to the
gross committed but undrawn amount
that existed at a fixed date prior to the
date of the default (the horizon). For
example, the bank might base its
estimates on a reference data set that
supplies the actual amount outstanding
and any additional extensions along
with the drawn and undrawn amounts
(as well as relevant drivers) at a date a
fixed number of months prior to the
date of each default, regardless of the
actual calendar date on which the
default occurred. Estimates of LEQ for
B. Estimation
141. To derive EAD estimates for lines
of credit and loan commitments,
characteristics of the reference data are
related to additional drawings on an
exposure up to and after the time a
default event is triggered. Estimates of
any additional extensions of credit
6 This is frequently referred to as the credit
conversion factor (CCF).
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00031
Fmt 4701
Sfmt 4703
9113
wholesale exposures are computed from
the average drawdown proportions that
occur over the fixed-horizon interval,
for whatever combinations of the
driving variables the bank has
determined are relevant for explaining
and predicting EAD. LEQs estimated for
retail segments are computed from the
increase in balances that occur over the
fixed-horizon interval for the defaults in
the segment relative to their credit
limits. The time interval used for the
fixed-horizon method should be
sufficiently long to capture the
additional drawdowns generated by
exposures that default during the year
for which the risk parameters are being
estimated. In particular, the appropriate
fixed interval will be influenced by
charge-off policies. For example, using a
six-month time interval for credit card
loans would underestimate EAD.
Special Considerations for Retail EAD
Estimation
145. Different methods are used to
estimate EAD for open credit lines. The
LEQ method outlined in this guidance
is one technique observed in practice.
Other methods directly estimate the
defaulted balances for a segment over a
one-year window without taking the
committed line limit into account.
These other methods may be acceptable
if the bank could show that the size of
the line is not relevant given the other
risk factors used in the analysis.
146. EAD for a segment should
accurately estimate the total exposure at
default for the segment. Poor
segmentation may result in inaccurate
EADs. For example, if loans within a
segment do not have homogenous risk
characteristics because larger exposures
are more likely to default than smaller
exposures, then estimated EADs may be
biased downward.
S 4–23 Estimates of additional
drawdowns must reflect net additional
draws expected during economic
downturn periods.
147. Conceptually, banks should
approach EAD quantification in a
fashion parallel to LGD quantification
with respect to the potential for
volatility over the economic cycle.
Specifically, estimates of net additional
drawdowns should reflect what would
be expected during economic downturn
periods. Certain exposure types may not
exhibit cyclical EAD variability; in these
cases, use of a long-run defaultweighted average draw proportion used
to derive EAD in the IRB risk-based
capital calculation is appropriate. But
for exposure types for which
drawdowns are expected to be larger
when default rates are significantly
higher than average EAD—estimates
E:\FR\FM\28FEN2.SGM
28FEN2
9114
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
should take into account this cyclical
variability. In such cases, the estimated
draw proportion used to derive the EAD
input to the risk-based capital
calculation should exceed the long-run
default-weighted average, and should be
the bank’s estimate of the net additional
drawdown proportion per default
expected during economic downturn
conditions. For this purpose, banks may
use averages of EADs observed during
economic downturn periods, forecasts
based on appropriately conservative
assumptions, or other similar methods.
C. Mapping
148. If the characteristics that drive
EAD in the reference data are the same
as those used for the risk rating or
segmentation system of the bank’s
existing portfolio, mapping may be
relatively straightforward. However, if
the relevant characteristics are not
available in a bank’s existing portfolio,
the bank will encounter the same
mapping complexities that it does when
mapping PD, ELGD, and LGD in similar
circumstances.
sroberts on PROD1PC70 with NOTICES
D. Application
149. In the application stage, the
estimated relationship between risk
drivers and EAD is applied to the bank’s
existing portfolio. Multiple reference
data sets may be used for EAD
estimation and combined at the
application stage, subject to the general
standards for using multiple data sets.
S 4–24 Estimates of additional
drawdowns prior to default for
individual wholesale exposures or
retail segments must not be negative.
150. Analogous to the prior
discussion of ELGD and LGD
quantification, reference data sets used
for estimation of additional drawdowns
may contain individual negative
drawdown observations and
observations that exceed 100 percent of
the undrawn line amount. Regardless,
final estimates of additional drawdowns
prior to default for individual wholesale
exposures or retail segments must not be
negative.
V. Maturity (M)
151. A bank must assign an effective
maturity (‘‘M’’) to each wholesale
exposure in its portfolio; this measure is
also referred to as ‘‘average life.’’ In
general, M is the weighted-average
remaining maturity, measured in years,
of the cash flows that the bank expects
under the contractual terms of the
exposure, using the undiscounted
amounts of the cash flows as weights.
Alternatively, a bank may apply the
nominal remaining maturity, measured
in years, of the exposure. M is a direct
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
calculation; as such it is not subject to
the four stages of the quantification
process.
152. The data required to calculate M
are the undiscounted amount and
timing of each remaining contractual
cash flow, measured in years from the
date of the calculation. Specifically, M
is calculated as the sum of all timeweighted cash flows, where the weights
are equal to the fraction of the total
undiscounted cash flow to be received
at each date.
Example
A bank holds an asset with two
remaining contractual cash flows. 33
percent of the total remaining
contractual cash flow is expected at the
end of one year and the other 67 percent
is expected two years from today. For
risk-based capital purposes, M for this
asset could be calculated as: M = (1 ×
0.33) + (2 × 0.67) = 1.67; or simply M
= 2, applying the nominal remaining
contractual maturity.
153. The relevant cash flows are the
future payments the bank expects to
receive from the obligor, regardless of
form; they may include payments of
principal, interest, fees, or other types of
payments depending on the structure of
the transaction.
154. For exposures with predetermined cash flow schedules (fixedrate loans, for example), the calculation
of the weighted-average remaining
maturity is straightforward, using the
scheduled timing and amounts of the
individual undiscounted cash flows.
Cash flows associated with other types
of credit exposures may be less certain.
In such cases, the bank should establish
a method of projecting expected cash
flows. In general, the method used for
any exposure should be the same as the
one used by the bank for purposes of
valuation or risk management. The
method should be well-documented and
subject to independent review and
approval. A bank should demonstrate
either that the method used is standard
industry practice, or that it is widely
used within the bank for purposes other
than risk-based capital calculations. A
bank may use its best estimate of future
interest rates to compute expected
contractual interest payments on a
floating-rate exposure, but it may not
consider expected but non-contractually
required returns of principal when
estimating M.7
7 Question 31 in the NPR requests comment on
the appropriateness of permitting a bank to consider
prepayments when estimating M, and on the
feasibility and advisability of using discounted
(rather than undiscounted) cash flows as the basis
for estimating M.
PO 00000
Frm 00032
Fmt 4701
Sfmt 4703
155. To be conservative, a bank may
set M equal to the maximum number of
years the obligor could take to fully
discharge the contractual obligation
(provided that the maximum is not
longer than five years, as noted below).
This maximum will often correspond to
the stated or nominal maturity of the
instrument. Banks should make this
conservative choice (maximum nominal
maturity) if the timing and amounts of
the cash flows on the exposure cannot
be projected with a reasonable degree of
confidence.
156. For repo-style transactions,
eligible margin loans and over-thecounter derivatives contracts subject to
qualifying master netting agreements,
the bank may compute a single value of
M for the transactions as a group by
weighting each individual transaction’s
effective maturity by that transaction’s
share of the total notional value subject
to the netting agreement, and summing
the result across all of the transactions.
157. For risk-based capital
calculations, the value of M for any
exposure is subject to certain upper and
lower limits, regardless of the
exposure’s actual effective maturity. The
value of M should never exceed 5 years.
If an exposure clearly has a greater
effective maturity, the bank may simply
use a value of M = 5 rather than
calculating the actual effective maturity.
158. For most exposures, the value of
M should be no less than one year. For
certain short-term exposures that are not
part of a bank’s ongoing financing of a
borrower and that have an original
maturity of less than one year, M must
be greater than or equal to one day or
to the nominal or effective remaining
maturity.8
VI. Special Cases and Applications
A. Loan Sales
S 4–25 Quantification of the risk
parameters should appropriately
recognize the risk characteristics of
exposures that were removed from
reference data sets through loan sales
or securitizations.
159. Loan sales and securitizations
can pose substantial difficulties for
quantification. For example, PDs might
appear disproportionately low if loans
are sold before their inherent long-term
8 Section 31(d)(7) of the NPR defines an exposure
that is not part of a bank’s ongoing financing of the
obligor as one where the bank (1) has a legal and
practical ability not to renew or roll over the
exposure in the event of credit deterioration of the
obligor, (2) makes an independent credit decision
at the inception of the exposure and at every
renewal or rollover, and (3) has no substantial
commercial incentive to continue its credit
relationship with the obligor in the event of credit
deterioration of the obligor.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
risk becomes manifest. Upwardly
adjusting risk parameter estimates to
account for sales or securitization would
be particularly important for a bank that
sells off primarily exposures that are
performing poorly (for example,
delinquent loans).
160. When risk parameter estimates
use internal historical data as reference
data sets and the potential bias created
by loan sales and securitizations is
material, the bank should identify, by
detailed risk characteristics, the loans
sold out of the pool or portfolio. Any
potential bias caused by removing these
loans should be corrected.
161. For banks with a history of
regularly selling or securitizing loans of
particular types, long-run performance
data may be available from the servicers
or trustees. Alternatively, banks may be
able to estimate the performance of the
loans sold or securitized by constructing
comparable reference data sets with
similar risk drivers using internal
historical data from retained pools or
external data.
sroberts on PROD1PC70 with NOTICES
B. Multiple Legal Entities
162. Some banks have various
portfolios that are centrally managed,
even though the exposures are held by
multiple legal entities. Certain activities,
including ratings activities,
segmentation and quantification, can be
conducted across multiple legal entities.
However, each bank member of the
consolidated group must separately
ensure that risk parameters assigned to
its credit exposures are appropriate on
a standalone basis. For example, if a
particular bank within the banking
group holds exposures with
characteristics not representative of the
broader consolidated organization (such
as credit card loans originated through
a specific marketing channel or
mortgage loans in a certain location), the
bank must ensure the quantification
process produces PDs, ELGDs, LGDs,
and EADs that reflect the risk associated
with the exposures within that legal
entity.
163. Each bank (including each
depository institution) within a banking
group that has centrally managed
quantification processes should perform
periodic evaluations to confirm that its
risk-based capital requirements
accurately reflect its risk profile.
Appendix A: Illustrations of the
Quantification Process for Wholesale
Portfolios
This appendix provides examples to
show how the logical framework
described in this guidance, with its four
stages (data, estimation, mapping, and
application), applies when analyzing
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
quantification practices. The framework
is broadly applicable—for PD, ELGD,
LGD or EAD; using internal, external, or
pooled reference data; for simple or
complex estimation methods—although
the issues and concerns that arise at
each stage depend on a bank’s approach.
These examples are intended only to
illustrate the logic of the four-stage IRB
quantification framework, and should
not be taken to endorse the particular
techniques presented in the examples.
Example 1: PD Quantification From
Bond Data
• A bank establishes a
correspondence between its internal
rating grades and external rating agency
grades; the bank has determined that its
Grade 4 is equivalent to 3Ba and 1B
on the Moody’s scale.
• The bank regularly obtains
published estimates of mean default
rates for publicly rated Ba and B
obligors in North America from 1970
through 2002.
• The Ba and B historical default
rates are weighted 75/25, and the result
is a preliminary PD for the bank’s
internal Grade 4 exposures.
• However, the bank then increases
the PD by 10 percent to account for the
fact that the Moody’s definition of
default differs from the IRB definition.
• The bank makes a further
adjustment to ensure that the resulting
rating grade PD is greater than the PD
attributed to Grade 3 and less than the
PD attributed to Grade 5.
• The result is the final PD estimate
for Grade 4.
Process Analysis for Example 1:
Data—The reference data set consists
of issuers of publicly rated debt in North
America over the period 1970 through
2002. The data description is very basic:
Each issuer in the reference data is
described only by its rating (such as
Aaa, Aa, A, Baa, and so on).
Estimation—The bank could have
estimated default rates itself using a
database purchased from Moody’s, but
since these estimates would just be the
mean default rates per year for each
rating grade, the bank could just as well
(and in this example does) use the
published historical default rates from
Moody’s; in essence, the estimation step
has been outsourced to Moody’s. The 10
percent adjustment of PD is part of the
estimation process in this case because
the adjustment was made prior to the
application of the agency default rates to
the internal portfolio data.
Mapping—The bank’s mapping is an
example of a rating grade mapping;
internal Grade 4 is linked to the 75/25
mix of Ba and B. Based on the limited
PO 00000
Frm 00033
Fmt 4701
Sfmt 4703
9115
information presented in the example,
this step should be explored further.
Specifically, the bank should justify the
appropriateness of the 75/25 mix.
Application—Although the
application step is relatively
straightforward in this case, the bank
does make the adjustment of the Grade
4 PD estimate to give it the desired
relationship to the adjacent rating
grades. This adjustment is part of the
application stage because it is made
after the adjusted agency default rates
are applied to the internal rating grades.
Example 2: PD Quantification Using a
Merton-Type Equity-Based Model
• A bank obtains a 20-year database
of North American firms with publiclytraded equity, some of which defaulted
during the 20-year period.
• The bank uses the Merton approach
to modeling equity in these firms as a
contingent claim, constructing an
estimate of each firm’s distance-todefault at the start of each year in the
database.9 The bank then ranks the firmyears within the database by distanceto-default, divides the ordered
observations into 15 equal groups or
buckets, and computes a mean historical
one-year default rate for each bucket.
That default rate is taken as an estimate
of the applicable PD for any obligor
within the range of distance-to-default
values represented by each of the 15
buckets.
• The bank next looks at all obligors
with publicly-traded shares within each
of its internal rating grades, applies the
same Merton-type model to compute
distance-to-default at quarter-end, sorts
these observations into the 15 buckets
from the previous step, and assigns the
corresponding PD estimate.
• For each internal rating grade, the
bank computes the mean of the
individual obligor default probabilities
and uses that average as the rating grade
PD.
Process Analysis for Example 2
Data—The reference data set consists
of the North American firms with
publicly-traded equity in the acquired
database. The reference data are
described in this case by a single
variable, specifically an identifier of the
specific distance-to-default range from
the Merton model (one of the 15
possible in this case) into which a firm
falls in any year.
Estimation—The estimation step is
simple: The average default rate is
calculated for each distance-to-default
9 The term ‘‘Merton approach’’ is meant to
include any structural credit risk model that values
equity as a contingent claim, as promulgated in the
seminal work of Merton and Black and Scholes.
E:\FR\FM\28FEN2.SGM
28FEN2
9116
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
bucket. Since the data cover 20 years
and a wide range of economic
conditions, including downturn
conditions, the resulting estimates
satisfy the long-run average
requirement.
Mapping—The bank maps selected
portfolio obligors to the reference data
set using the distance-to-default
generated by the Merton model.
However, not all obligors can be
mapped, since not all have traded
equity. This introduces an element of
uncertainty into the mapping that
requires additional analysis by the bank:
Were the mapped obligors
representative of other obligors in the
same rating grade? The bank should
demonstrate comparability between the
publicly-traded portfolio obligors and
those not publicly traded. It may be
appropriate for the bank to make
conservative adjustments to its ultimate
PD estimates to compensate for the
uncertainty in the mapping. The bank
also should perform further analysis to
demonstrate that the implied distanceto-default for each internal rating grade
represented long-run expectations for
obligors assigned to that rating grade;
this could involve computing the
Merton model for portfolio obligors over
several years of relevant history that
span a wide range of economic
conditions.
Application—The final step is
aggregation of individual obligors to the
rating grade level through calculation of
the mean for each rating grade, and
application of this rating grade PD to all
obligors in the grade. The bank might
also choose to modify PD assignments
further at this stage, combining PD
estimates derived from other sources,
introducing an appropriate degree of
conservatism, or making other
adjustments.
Example 3: ELGD Quantification From
Internal Default Data
• For each wholesale exposure in its
portfolio, a bank records collateral
coverage as a percentage, as well as
which of four types of collateral applies.
• A bank has retained data on all
defaulted exposures since 1995. For
each defaulted exposure in the database,
the bank has a record of the collateral
type within the same four broad
categories. However, collateral coverage
is only recorded at three levels (low,
moderate, or high) depending on the
ratio of collateral to EAD.
• The bank also records the timing
and discounted value of recoveries net
of workout costs for each defaulted
exposure in the database.Cash flows are
tracked from the date of default to a
‘‘resolution date,’’ defined as the point
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
at which the remaining balance is less
than 5 percent of the EAD. A recovery
percentage is computed, equal to the
value of recoveries discounted to the
date of default, divided by the exposure
at default.
• For each cell (each of the 12
combinations of collateral type and
coverage), the bank computes a simple
arithmetic mean realized loss severity
percentage as the mean of one minus the
recovery percentage. One of the
categories has a mean realized loss
severity percentage of less than zero
(recoveries have exceeded exposure on
average), so the bank sets the loss rate
at zero.
• The bank assigns each exposure in
the existing portfolio to one of the 12
cells based on collateral type and
coverage. As its ELGD, the bank applies
the mean historical realized loss
severity percentage for that cell plus an
additional five percentage points to
account for the bank’s relatively small
number of default observations—in
relation to the total number of defaults
in the reference data—from years with
the largest default rates.
Process Analysis for Example 3
Data—The reference data is the
collection of defaults and associated
loss amounts from the bank’s historical
portfolio. The reference data are
described by the two categorical
variables (level of collateral coverage
and type of collateral). It would be
important to determine whether the
defaults over the past few years are
comparable to defaults from the existing
portfolio. One would also want to ask
why the bank ignores potentially
valuable information by converting the
continuous data on collateral coverage
into a categorical variable.
Estimation—Conceptually, the bank is
using a loss severity model in which 12
binary variables—one for each loan
coverage/type combination—explain the
percentage loss. The coefficients on the
variables are just the arithmetic mean
realized loss figures from the reference
data.
Mapping—Mapping in this case is
fairly straightforward, since all the
relevant characteristics of the reference
data are also in the data system for the
existing portfolio. However, the bank
should determine whether the variables
are being recorded in the same way (for
example, using the same definitions of
collateral types), otherwise some
adjustment might be appropriate.
Application—The bank is able to
apply the loss severity model by simply
plugging in the relevant values for the
existing portfolio (or what amounts to
the same thing, looking up the cell
PO 00000
Frm 00034
Fmt 4701
Sfmt 4703
mean). The bank’s assignment of zero
ELGD for one of the cells merits special
attention; while the bank represented
this assignment as conservative, the
adjustment does not satisfy the
supervisory requirement that ELGD
must exceed zero. A larger upward
adjustment is necessary. Finally, the
upward adjustment of the mean
historical realized loss severity
percentages to account for the relatively
small influence of downturn conditions
on the realizations may be appropriate
but should be the outcome of a welldocumented decision process supported
by empirical analysis.
Appendix B: Illustrations of the
Quantification Process for Retail
Portfolios
Example 1: Quantification of Segment
PD
A bank that has been making indirect
installment loans through furniture
stores for a number of years. Seven years
of internal data history are available,
over a period that includes economic
downturn conditions. The bank has
segmented this portfolio over the entire
period in a consistent manner: By
bureau score, internal behavioral score
and monthly disposable income. In
addition, realized loss severities for this
portfolio have demonstrated significant
cyclical variability over the period
covered by the bank’s data history.
The bank can empirically show that
the participating furniture retailers,
underwriting criteria, and collection
practices have remained reasonably
stable over the seven-year period, and
the definition of default has been
consistent with the IRB definition.
However, there are frequent changes in
the bank’s products and in the
borrowing population that affect the risk
characteristics of its loans. Therefore, in
quantifying PD the bank assigns more
weight to recent data within the sevenyear history. The segment PD is
calculated as a weighted-average of the
seven annual realized historical default
rates with the assigned weights
progressively lower for the earlier years
of the sample.
Process Analysis for Example 1
As discussed in the main chapter text,
quantification processes need not be
explicitly structured as four stages. The
four-stage structure is a conceptual
framework, and an analytical and
implementation guide. However, as in
other wholesale and retail examples,
this bank’s quantification process for PD
can be interpreted in terms of the fourstage framework:
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Data—The bank’s own seven-year
historical data serve as the reference
data.
Estimation—Estimation consists of
calculating a weighted-average of the
annual default rates for each segment in
the reference data.
Mapping—Mapping consists
primarily of ensuring that the
segmentation schemes and the
definition of default are consistent for
the reference data and the bank’s
existing portfolio.
Application—Application is a matter
of using the PD estimate derived from
the reference data for each segment of
the existing portfolio in the risk-based
capital formulas.
sroberts on PROD1PC70 with NOTICES
Example 2: Quantification of PD for
First-lien Mortgages
• For the past four years, a mortgage
lender has begun making loans in a
geographic region that has experienced
relatively lower default rates than the
bank had experienced previously. The
bank has fourteen years of internal data
history. The bank has analyzed external
mortgage data over the same time period
and has identified risk characteristics
that vary by geographic region (e.g.,
volatility of house prices in a region).
Analysis of the internal reference data
also indicates the importance of these
geographic risk factors.
• The recent four-year period does
not include economic downturn
conditions, so the bank uses its full
fourteen years of data history to reflect
downturn conditions. To estimate the
PD parameter over a long run of data
history that is also comparable to the
current portfolio, the bank develops a
statistical model of the PD based on the
combined internal and external
performance history. The variables used
as PD predictors include geographic risk
factors such as the volatility of
employment and house prices in the
region. The model also includes
borrower risk characteristics (credit
score, debt-to-income ratio) and loan
risk characteristics (loan-to-value ratio
and tenor). Models are built for each
major product type, such as fixed-rate
and adjustable-rate mortgages (FRM and
ARM). The model results are robust
according to standard statistical
diagnostic tests, and the models have
continued to perform satisfactorily in
validations outside the development
sample.
Process Analysis for Example 2
Data—The existing portfolio of firstlien mortgages is segmented by region,
LTV, credit score, tenor, mortgage type
(fixed-rate or ARM), and debt-to-income
ratio. For a given segment, the bank has
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
historical data from its own portfolio.
The reference data consist of fourteen
years of internal performance history for
loans originated between 1990 and
2003. However, only four years of those
internal data cover loans for the region
of the country where the bank currently
has a substantial mortgage portfolio. The
internal data are supplemented by
external mortgage data over the full
fourteen year history (1990–2003).
Estimation—The bank builds a set of
statistical models for different product
types in the portfolio (e.g., FRM and
ARM). The models estimate segment PD
as a function of the loan-to-value ratio,
credit score, debt-to-income ratio, loan
tenor, and measures the volatility of
regional employment and house prices.
The model is estimated on both the
internal and external data.
Mapping—Since the bank shifted a
significant amount of its first-lien
mortgage business to a different region
of the country with generally lower
default rates starting only in 2000, the
bank has only four years of internal
historical data (2000–2003) reflecting
the performance of its mortgage
business in the new region. Its older
internal data from 1990 to 1999
represent credit performance in higherrisk regions. Therefore, the bank does
not have sufficient historical data
representing its current mortgage
business to map directly, segment by
segment, to estimate the PDs of the
existing portfolio on the basis of the
long-run average of the annual default
rates of the comparable segments in the
reference data.
Instead, the bank has adopted the
technique of building default prediction
statistical models, based on internal and
external data from the entire fourteen
year history (before and since the
change in the regional focus of the
business in 2000) and using as causal,
or independent, variables the risk
drivers of mortgage default, including
regional risk factors.
In this framework, mapping consists
of ensuring that the segmentation
systems and definition of default for the
two data historical data sets and the
existing portfolio are all consistently
applied in the process of deriving the
values of the risk drivers used as inputs
to the statistical models for each
segment of the existing portfolio.
Application—Application consists of
using the estimated segment PDs
produced by the statistical models as
inputs into the residential mortgage
formula for risk-based capital.
PO 00000
Frm 00035
Fmt 4701
Sfmt 4703
9117
Example 3A: PD Estimation in Dollar
Terms
The text defines both the historical
default rate and estimated PD in unit, or
account, terms. That is, the number of
defaults in a segment as a proportion of
the number of exposures on the balance
sheet at the beginning of the time period
under analysis.
• Many banks, however, prefer to, or
have historically calculated the default
rate in terms of dollar losses. This
example shows that it is possible to
derive PDs from dollar loss rates that
will equal the required unit-or accountbased default rates. However, a bank
choosing to derive a default rate or PD
in this manner must segment its
portfolio properly and in a sufficiently
granular manner, and must ensure that
its estimates of EAD are accurate. A
credit card bank directly measures its
average dollars of economic loss for
each segment and uses the percentage of
dollars defaulted, rather than the
percentage of loans defaulted, to derive
the estimate of PD. Specifically, the
ratio employed is the gross dollar loss
divided by the exposure at default
(EAD) over a one-year time horizon. The
bank estimates EAD for a segment as the
current outstanding balances plus the
expected drawdowns on open lines
(including accrued but unpaid interest
and fees at the time of default) if all
accounts in the segment default.
• The bank uses the appropriate IRB
definition of default.
• The bank segments exposures by
size of credit line and credit line
utilization as well as by credit score.
• The bank regularly validates the
accuracy of the EAD estimates and the
consistency of the percentage-of-dollarsdefaulted measure with the accountbased default rate.
Process Analysis for Example 3A
Data—The historical reference data
consist of measurements of the
outstanding dollar balances and open
credit lines for each segment at the
beginning of the year. For accounts that
defaulted over the following year, the
gross defaulted balances (including
accrued interest and fees) are also
measured. The bank also tracks the
number of accounts open at the
beginning of the year in each segment
and the number that default.
Estimation—The bank’s PD parameter
is estimated as the long-run average of
the one-year realized default rates in
dollar terms, that is the gross balances
of defaulted loans divided by the
estimated EAD.
The following table shows two
segments of card exposures, both with
E:\FR\FM\28FEN2.SGM
28FEN2
9118
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
the dollar-denominated default rate
(gross dollar loss / EAD) is equal to the
unit-or account-measured PD.
Example 3B: Another Case of Dollar
Estimates of PD
Once again, a bank prefers to calculate
default rates or PDs in dollar terms.
However, this example is based on fixed
loans rather than revolving lines of
credit such as the credit cards in the
previous example. Because of a critical
segmentation factor, the dollar-based
default rates will rarely if ever equal the
correct unit- or account-based rates.
• Using the cohort method for EAD
discussed in the main chapter text, a
bank calculates default rates or PDs as
the accumulated gross dollar losses for
each segment over the course of a year
divided by the total outstanding dollar
balances of the segment at the beginning
of the year.11
• The bank uses the appropriate IRB
definition of default.
• The bank’s segmentation is not
particularly granular and uses few risk
drivers, such that the average balance
for those accounts defaulting tended to
be much greater than those that did not.
portfolio, including numbers and dollar
balances of accounts at the beginning of
each year and the number and dollar
balances of defaulted accounts in the
course of each year. The data include
economic downturn conditions.
Estimation—Because of the
inadequate degree of granularity, the
average January 1 dollar balances of
accounts that ultimately defaulted at
any time within the following year
typically exceeded the beginning
balances of accounts that did not
default. In this case, the dollardenominated PD (gross dollar losses
divided by total beginning outstanding
balances) consistently overestimated the
correct (unit-based) PD. (See first line of
table below, representing a single year
in the historical reference data.)
Conversely, if the beginning balances of
accounts that ultimately defaulted were
smaller than those that did not default
within the following year, an unusual
situation, this measure consistently
underestimated PD. (See second line of
table.)
Mapping and Application—Since the
estimation stage using this approach is
very likely to be flawed, the
quantification should not proceed to the
mapping and application stages. Rather,
the bank should revise its estimation to
employ the required unit-or accountbased methods of calculating historical
default rates and of estimating PDs
before proceeding to mapping and
application.
Example 4: PD Quantification With
Adjustments for Seasoning
10 In this example, EADs are estimated by way of
the LEQ ratio. As discussed in the main chapter
text, this is only one method of estimating EAD
currently in use.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
Process Analysis for Example 3B
Data—The bank has 5 years of
internal data history for this particular
• Realized default rates for a bank’s
credit card portfolio exhibit a
characteristic time profile by age—a
seasoning curve.’’ Using data from the
past five years, including economic
downturn conditions, the bank
estimates the shapes of a family of
‘‘seasoning curves for specific products,
PO 00000
Frm 00036
Fmt 4701
Sfmt 4703
loan characteristics, and borrower credit
quality at origination.
• The bank presents analyses
indicating that the seasoning curves can
be reasonably specified by borrower
credit quality at origination, and the
bank regularly analyzes new cohorts to
capture any changes in the curves over
changing economic and market
environments. Systematic changes are
incorporated into new seasoning curves.
11 For simplicity, we assume no amortization of
principal over the course of the year.
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.000</GPH> EN28FE07.001</GPH>
segmented by average outstanding
dollar balance and by average credit line
per account. In addition, the EADs were
estimated separately and accurately 10 at
the segment level, with the result that
However, banks that attempt to
estimate default rates or PDs in dollar
terms from their historical reference
data are often not as accurate as the
example above, and they arrive at
incorrect values. Most often, this results
from insufficiently granular
segmentation and consequent
inaccuracy in the estimation of EADs.
Because of the difficulties often
encountered in dollar-denominated
default and PD estimates, banks that
choose this method should periodically
demonstrate, as part of the validation of
their PD quantification, that the dollarderived PDs are essentially equal to
those derived using an account-based
definition.
Mapping—Mapping involves linking
segments in the reference data to
segments in the existing portfolio based
on the same drivers of default risk and
drawdowns.
Application—Application is generally
a straightforward process, linking the
estimates from segments in the reference
data to segments in the existing
portfolio.
sroberts on PROD1PC70 with NOTICES
estimated default rates of 1 percent as
measured from a single year of the
historical reference data in the required
manner in terms of numbers of
accounts. In this case, the portfolio was
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
• The portfolio is segmented by
borrower, product, and loan
characteristics, including account age,
or ‘‘time on books.’’
sroberts on PROD1PC70 with NOTICES
Process Analysis for Example 4
Data—The reference data consists of
five years of portfolio history, including
economic downturn conditions.
Supplemental data from earlier periods
for similar products, borrower credit
quality at origination, and loan type
permit the estimation of annualized
default rates over the remaining
expected life of the loans.
Estimation—It is necessary to
calculate two different PDs for each
segment of the portfolio: (1) The longrun average of one-year default rates
from the historical reference data, in the
same manner as for wholesale PDs, and
(2) the estimated annualized cumulative
default rate (‘‘ACDR’’) over the
remaining expected life of the loans in
the segment.
If the ACDR is larger than the longrun average of one-year rates, then
seasoning effects for this segment are
deemed to be material, and the ACDR
must be used as the estimated segment
PD. 12
For example, if the expected
remaining life for a segment of cards
that has been on the books for one year,
based on historical data for defaults and
attrition, is six years, and the estimated
cumulative default rate over that period
is five percent, the ACDR = 5/6 = 0.833.
If, for the same segment, the five-year
average of annual default rates from the
historical reference data set is 0.75, then
seasoning effects are deemed to be
material and the bank must use 0.833 as
the PD estimate for the coming (2nd)
year.
Mapping—The segmentation of the
existing portfolio is the same as that
employed for the reference data. This
makes the mapping straightforward
along the lines of product and loan
characteristics and borrower credit
quality.
Application—At the application stage,
either the ACDR or the long-run average
default rate estimated from the reference
data is applied as the estimated PD to
the segments in the existing portfolio
respectively, depending on whether or
not seasoning effects are deemed to be
material.
12 If the bank intends to sell or securitize the
exposures in the segment within a 90-day time
frame, the ‘‘wholesale’’ PD can be used even if the
ACDR is greater than the long-run average. See the
main chapter text for more details.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
Example 5: Guarantees for retail
exposures
Guarantees on individual retail
exposures
The following are examples of retail
guarantees that would qualify under
Standard 4–4:
• Consider an exposure of $85,000
secured by property valued at $100,000.
The guarantee covers all losses up to
$85,000.
• The guarantee covers a prespecified dollar amount of losses less
than $85,000, for example a first loss
position of $20,000.
• The guarantee covers a prespecified pro rata (or proportional) share
of all losses, for example up to 20
percent of the $85,000 exposure, or
$17,000.
• The guarantee covers a prespecified pro-rata or proportional share
of losses, but the pre-specified pro rata
share is defined in terms of the value of
the property that secures the exposure.
For example, in the case of the exposure
cited above, the guarantee covers losses
up to 12 per cent of the value of the
collateral, or $12,000. (This case
represents traditional Private Mortgage
Insurance (PMI) for first lien residential
mortgages, where insurance is typically
required for loan-to-value (‘‘LTV’’) ratios
above 80 percent; for LTVs up to 85
percent, the typical requirement is for
PMI in an amount equal to 12 percent
of the value of the property.)
Guarantees of Multiple Retail Exposures
Guarantees of multiple retail
exposures that involve tranching of the
aggregate credit risk of the underlying
exposures do not qualify under
Standard 4–4. Such guarantees may
qualify for treatment as synthetic
securitizations (provided they meet all
other requirements for securitization
treatment) as specified in Standard 4–5
and succeeding paragraphs. Other
guarantees of multiple retail exposures
where there is no tranching of the
aggregate credit risk, such as those in
the following examples, may qualify
under Standard 4–4:
• In some cases, a guarantee covers
multiple retail exposures; however,
coverage for each individual exposure
meets all the requirements of Standard
4–4 and succeeding paragraphs and is
consistent with any one of the four
examples above. Furthermore, there are
no additional limits, caps, or restrictions
of any kind pertaining to the aggregate
coverage. Such guarantees would meet
the requirements as guarantees of
individual retail exposures.
—Consider a guarantee that covers
multiple retail exposures, with a total
PO 00000
Frm 00037
Fmt 4701
Sfmt 4703
9119
exposure amount of $9.5 million
secured by 100 residential properties
each with a value of $100,000, thus an
aggregate value of $10 million. The
guarantee covers losses on each
exposure up to an amount that will
reduce the LTV on each exposure
considered separately to 90 percent.
• Other guarantees on multiple retail
exposures qualify under Standard 4–4,
but only if they cover all or a pro rata,
or proportional, share of all payments
due on the aggregate exposure amount.
—Consider the same multipleexposure retail pool as before. There are
100 retail exposures with an aggregate
exposure amount of $9.5 million. The
guarantee covers all losses on the
underlying exposures up to the full $9.5
million aggregate exposure amount.
—Once again, consider the pool of
multiple retail exposures above. In this
case, the guarantee covers a pro rata
share of losses, for example 20 percent
of the $9.5 million aggregate exposure,
or $1.9 million. (Alternatively, if the
guarantee coverage had been prespecified as a dollar amount, say the
first $1.9 million of losses, rather than
a pro rata share of the aggregate losses,
that guarantee would not reflect the
benefits of retail credit risk mitigation
treatment. Such guarantees of multiple
retail exposures would need to meet the
requirements set forth in Standard 4–5
in order to qualify for securitization
treatment.)
Chapter 5: Wholesale Credit Risk
Protection
Rule Requirements
Part III, Section 22(e): Double default
treatment. A bank must obtain the prior
written approval of [AGENCY] under
section 34 [of the NPR] to use the
double default treatment.
Part IV, Section 33: Guarantees and
Credit Derivatives: PD Substitution and
LGD Adjustment Treatments
Part IV, Section 34: Guarantees and
Credit Derivatives: Double Default
Treatment
1. This chapter supplements the
detailed discussion of credit risk
mitigation in the NPR by providing
guidance on how banks may recognize
contractual arrangements for exposurelevel credit protection—eligible
guarantees and eligible credit
derivatives—that transfer risk to one or
more third parties. Each of these forms
of credit protection must meet certain
specific standards of eligibility, as
articulated in the NPR, for recognition
of the associated risk mitigation.
2. An important aspect of either of
these types of credit protection is that
they are implemented at the exposure-
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9120
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
level, reducing credit risk faced by the
bank due to a specific exposure to an
individual obligor. Banks may use
similar mitigants—for example,
portfolio credit derivatives—to transfer
credit risk associated with groups of
exposures or whole portfolios. While
such contracts may make a valuable
contribution to broader risk
management within the bank, and may
be appropriately considered in an
assessment of overall capital adequacy,
their effects are not recognized for IRB
calculations of risk-based capital
requirements except in limited
circumstances.
3. Exceptions are made for certain
types of basket credit derivatives and
securitization exposures. In addition,
banks may recognize the benefits in IRB
calculations of pool-level guarantees (or
credit derivatives) that are the
functional equivalent of an exposure-byexposure guarantee provided the
following minimum conditions are met:
• The guarantee is an eligible
guarantee.
• The contractual provisions of the
guarantee must identify the specific
exposures in the pool to which the
guarantee applies.
• The guarantee must cover all or a
pro-rata share of the pool’s aggregate
credit losses in a manner that ensures
each individual exposure is provided
the same level of loss protection under
the guarantee.
• The guarantee must not contain cap
provisions, deductibles, or other payout
limitations that would effectively limit
coverage.
Once a bank demonstrates that the
pool-level guarantee is the functional
equivalent of an exposure-by-exposure
guarantee, the benefits may be
recognized in the IRB calculations using
the credit risk mitigation framework as
provided in the NPR and this document.
This requires that the bank calculate its
risk-based capital requirement for the
pool on an exposure-by-exposure basis,
as if the guarantee were applied at the
level of each individual exposure.
S 5–1 Risk-based capital benefits
are only recognized for credit
protection that transfers credit risk to
third parties.
4. Banks may recognize the risk-based
capital benefits of credit protection
associated with eligible guarantees and
eligible credit derivatives from third
parties. A bank may recognize the
benefits of credit protection from a
parent or sister company only if (a) the
credit protection provider has the ability
to fulfill its obligations to the bank
independent of the financial support of
the bank, and (b) the internal risk rating
assigned to the affiliate fully excludes
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
any support that is or may be derived
from bank operations. Under no
circumstances may a bank receive a
risk-based capital benefit from credit
protection from an internal department
of the bank or from the bank’s own
subsidiary. Banks often manage credit
risk through internal transactions that,
while possibly structured in ways
similar to guarantees or credit
derivatives, do not in themselves result
in a reduction of credit risk at the
consolidated level. Such credit
protection purchased internally may not
be recognized for IRB purposes. Once
the bank reliably demonstrates that the
credit risk is ultimately transferred to a
third party, for example through a
matched offsetting contract, credit
protection may be realized from the
third party provider. However, if this
protection provider is an affiliate, all of
the above limitations apply.
5. For wholesale exposures, credit risk
mitigation from eligible guarantees and
eligible credit derivatives is recognized
through one of three mutually exclusive
approaches. The approaches are
identified by the primary mechanism
through which risk mitigation is
recognized: PD substitution, LGD
adjustment, or the recognition of
double-default benefits. Recognition is
at the exposure level, so a bank may
select among the three alternative
approaches for each wholesale
exposure, subject to the NPR and to
relevant elements of the bank’s internal
policies and procedures.
6. If a bank chooses to recognize
credit protection through PD
substitution, it substitutes the PD
associated with the internal rating grade
assigned to the protection provider in
place of the PD of the obligor in the
capital calculation. However, if the bank
determines that this substitution
overstates the degree of risk mitigation,
a lesser adjustment may be made by
using a PD associated with any internal
rating grade inferior to that of the
protection provider. Note that in either
case, the PD applied is one that is
associated with one of the bank’s
internal rating grades, determined in
accordance with the bank’s established
processes for quantifying the default
risk of those grades. Similar
considerations apply in the case of
double-default treatment; the PD for the
protection provider used in the capital
calculation should be the PD for an
internal rating grade assigned to the
protection provider.
7. Under the LGD adjustment
approach, the bank modifies the LGD
assigned to the hedged exposure to
reflect the risk mitigating effects of the
credit protection, subject to limitations
PO 00000
Frm 00038
Fmt 4701
Sfmt 4703
on the resulting risk weight as specified
in the NPR. In determining the
magnitude of any LGD adjustment, the
bank should apply the general approach
to IRB quantification developed
elsewhere in this guidance;
quantification of LGD adjustments for
credit protection should reflect a
rigorous application of standards no
different from those that apply to LGD
quantification generally.
8. The NPR specifies various criteria
that must be met in order for a bank to
apply the double default treatment.
Among those requirements are that a
bank must have policies and processes
to detect excessive correlation between
the creditworthiness of the protection
provider and the obligor for the hedged
exposure. For example, the
creditworthiness of a protection
provider and an obligor would be
excessively correlated if the obligor
derives a high proportion of its income
or revenue from transactions with the
protection provider. Similarly, excessive
correlation could arise from exposure to
a common risk factor or set of risk
factors, such as industry or region; in
some cases a bank may be able to
leverage other components of the bank’s
internal credit risk management
processes to identify such dependence
on common risk factors.
9. A bank’s choice among these
approaches for reflecting the impact of
credit protection for a given exposure
should be made in accordance with
specific criteria contained in a bank’s
credit policy. In addition to the specific
eligibility requirements in the NPR and
general consideration of the credit
protection provider’s ability and
willingness to perform under the
agreement, the criteria should include
an assessment of the effect of the payout
structure of the credit protection on the
level and timing of recoveries. In some
cases, the nature of the contractual
arrangement reduces the likelihood that
the bank will experience an obligor
default (as defined within the IRB
framework); in such cases, PD
substitution (or double-default
treatment, if applicable) is often more
appropriate. In other cases, notably
those in which the protection is likely
to come into effect only after a default
has occurred, it is more likely that the
appropriate adjustment should be made
through LGD.
10. A bank recognizing risk mitigation
from eligible guarantees or eligible
credit derivatives should also have
policies that ensure adequate control of
any residual risks related to the use of
such forms of credit protection.
S 5–2 Banks must ensure that credit
protection for which risk-based capital
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
benefits are claimed represents
unconditional and legally binding
commitments to pay on the part of the
guarantors or counterparties.
11. As specified in the NPR, forms of
written third-party support that are
conditional or are not legally binding
are not recognized as credit risk
mitigation. Refer to Standard 2–11 in
the Wholesale Risk Rating Systems
chapter of this guidance regarding the
use of implied support as a rating
criterion.
12. In some instances, an eligible
credit derivative may incorporate a
reference asset that differs from the
underlying asset for which a bank has
acquired credit protection. A bank may
recognize an eligible credit derivative
that hedges an exposure that is different
from the credit derivative’s reference
exposure used for determining the
derivative’s cash settlement value,
deliverable obligation, or occurrence of
a credit event only if:
• The reference exposure ranks pari
passu (that is, equal) or junior to the
hedged exposure; and
• The reference exposure and the
hedged exposure share the same obligor
(that is, the same legal entity) and
legally enforceable cross-default or
cross-acceleration clauses are in place.
13. In such cases, a bank should
evaluate and document the relationship
between the reference asset and the
hedged exposure to ensure that the
reference asset is a reasonable proxy for
the hedged exposure and is likely to
behave in a similar manner upon the
occurrence of a credit event.
Chapter 6: Data Management and
Maintenance
Rule Requirements
sroberts on PROD1PC70 with NOTICES
Part III, Section 22(i)(1): A bank must
have data management and maintenance
systems that adequately support all
aspects of its advanced systems and the
timely and accurate reporting of riskbased capital requirements.
Part III, Section 22(i)(2): A bank must
retain data using an electronic format
that allows timely retrieval of data for
analysis, validation, reporting, and
disclosure purposes.
Part III, Section 22(i)(3): A bank must
retain sufficient data elements related to
key risk drivers to permit adequate
monitoring, validation, and refinement
of its advanced systems.
I. Overview
1. Banks using the IRB framework for
risk-based capital purposes must have
advanced data management and
maintenance systems that support
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
credible and reliable risk parameter
estimates. This chapter describes how a
bank should collect, maintain, and
manage the data needed to support the
other IRB system components for
wholesale and retail exposures (e.g., risk
rating and segmentation systems, the
quantification process, and validation
and other control processes), as well as
the bank’s broader risk management and
reporting needs. Additional detail
specific to wholesale and retail
exposures is provided in the appendices
to this chapter.
2. While this chapter specifically
addresses data management and
maintenance systems for wholesale and
retail exposures, the framework outlined
in this chapter generally applies to all
of a bank’s advanced systems for credit
risk as described in Chapter 1 of this
guidance. In addition, specific data
requirements for securitizations are
described in Chapter 11.
3. Banks may implement different
data management and maintenance
systems for wholesale and retail
exposures. Within a bank, moreover,
such data systems and processes may
differ across business lines and
countries. Therefore, the data structures
and practices, and the precise data
elements to be collected will be dictated
by the features and methodology of the
IRB system employed by each bank.
4. Reference data requirements related
to IRB quantification, which are
discussed in Chapter 4 of this guidance,
describe the minimum requirements for
historical default and loss reference data
using the best available data for
quantification, inclusive of internal,
external or pooled data sets. Best
available data should include historical
performance information necessary to
accurately estimate risk parameters for
exposures in the bank’s existing
portfolio. Reference data for
quantification are likely to comprise a
smaller subset of the internal data
elements cited in this chapter because
the objectives of ongoing internal data
management cover a wider range of
purposes, such as the development of
risk ratings or segmentation and the
validation of the IRB system. Data
histories built from the internal data
maintenance framework described in
this chapter will gain growing
significance in the risk parameter
estimation process over time.
II. General Data Requirements
S 6–1 Banks must collect and
maintain sufficient data to support
their IRB systems.
5. While banks have substantial
flexibility in designing their data
PO 00000
Frm 00039
Fmt 4701
Sfmt 4703
9121
management systems, the underlying
principle in this guidance is that the
data systems should be of sufficient
depth, scope, and reliability to
implement and evaluate the IRB system.
The systems should be able to support
the bank’s ability to:
• Track obligors of wholesale
exposures and to track wholesale
exposures throughout their life cycle
from origination to disposition;
• Capture all rating assignment data
for wholesale portfolios, which include
the significant quantitative and
qualitative factors used to assign the
obligor and loss severity ratings;
• Capture exposure and borrower
characteristics and performance history
for retail exposures over a historical
time period;
• Capture all data for retail exposures
necessary to develop the segmentation
system and to assign exposures to
segments;
• Develop internal risk parameter
estimates;
• Validate risk parameter estimates;
• Validate the IRB system and
processes;
• Refine the IRB system;
• Calculate risk-based capital ratios;
and
• Produce internal and public reports.
6. Data management and maintenance
systems should enable banks to
undertake necessary changes in their
IRB systems and improve methods of
credit risk management over time.
Systems should be capable of providing
detailed historical data and capturing
new data elements for enhancing an IRB
system. Given the importance of
developing robust data histories in this
process and the costs associated with
collecting additional data at a later date,
banks should err on the side of
collecting not only data that they are
currently using but also data that may
potentially be useful to their IRB models
or in validation processes.
A. Life Cycle Tracking for Wholesale
Exposures
S 6–4 For wholesale exposures,
banks must collect, maintain, and
analyze essential data for obligors and
exposures. This should be done
throughout the life and disposition of
the credit exposure.
7. Using a life cycle or ‘‘cradle to
grave’’ concept for each obligor and
exposure supports front-end validation,
backtesting, system refinements, and
risk parameter estimates. A depiction of
life-cycle tracking follows:
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
8. Data elements must be recorded at
origination and whenever the rating is
reviewed, regardless of whether the
rating is changed. Data elements
associated with current and past ratings
must be retained. These elements
include:
• Key borrower and exposure
characteristics;
• Ratings for obligors and exposures;
• Key factors used to assign the
ratings;
• Person responsible for assigning the
rating and model(s) used in that
assignment;
• Date rating assigned; and
• Overrides to the rating and
authorizing individual.
At disposition, data elements should
include:
• Nature of disposition: Renewal,
repayment, loan sale, default,
restructuring;
• For defaults: Exposure, actual
recoveries, source of recoveries, costs of
workouts and timing of recoveries and
costs;
• Guarantor support;
• Sale price for loans sold; and
• Other key elements that the bank
deems necessary.
See Appendix A for examples of data
elements that banks should collect and
maintain under an IRB data
management framework for wholesale
exposures.
sroberts on PROD1PC70 with NOTICES
B. Rating Assignment Data for
Wholesale Exposures
S 6–3 Banks must capture and
maintain all significant factors used to
assign obligor and loss severity ratings.
9. Assigning a rating to an obligor
requires the systematic collection of
various borrower characteristics, both
quantitative and qualitative, because
these factors are critical to validating the
rating system. Obligors are rated using
various methods, as discussed in
Chapter 2. Each of these methods
presents different challenges for input
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
collection. For example, in judgmental
rating systems, the qualitative factors
used in the rating decision have not
traditionally been explicitly recorded.
For purposes of the IRB framework, to
the extent qualitative factors play an
important role in assigning ratings,
banks should maintain these factors in
a readily available database for
validation purposes and to facilitate
analysis to help banks improve the
rating system over time.
10. For loss severity estimates, banks
should record the basic structural
characteristics of exposures and the
factors used in developing the loss
severity rating or LGD estimate. These
often include the seniority of the credit,
the amount and type of collateral, the
most recent collateral valuation date
and the collateral’s fair value.
11. Banks should also track any
overrides of the obligor or loss severity
rating. Tracking overrides separately
allows banks to identify whether the
outcome of such overrides suggests
either problems with rating criteria or
too much discretion to adjust the
ratings.
12. Historical data, including rating
histories on wholesale exposures, may
be lost or irretrievable; for example,
when exposures are acquired through
mergers, acquisitions, or portfolio
purchases. Banks are encouraged,
whenever practical, to collect any
missing historical data on rating
assignment drivers and to re-rate the
acquired obligors and exposures for
prior periods. When retrieving historical
data is not practical, banks may attempt
to create a rating history by carefully
mapping the legacy system and the new
rating structure. Mapped ratings should
be reviewed for accuracy. The level of
effort placed on filling gaps in data
should be commensurate with the size
and significance of the exposures to be
incorporated into the bank’s IRB system.
PO 00000
Frm 00040
Fmt 4701
Sfmt 4703
C. Segmentation Data for Retail
Exposures
S 6–4 For retail exposures, banks
must collect and maintain all essential
data elements used in segmentation
systems and the quantification process.
The data must cover a period of at least
five years and must include a period of
economic downturn conditions, or the
bank must adjust its estimates of risk
parameters to compensate for the lack
of data from periods of economic
downturn conditions.
13. Banks should maintain a
minimum five-year exposure-level
history of the entire retail portfolio,
including all exposures and lines that
were open at any time during this
period. The standard above establishes
key risk drivers used in the
segmentation system and in the
quantification of the risk parameters.
However, banks should retain
additional data elements that are used
in their internal credit risk management
systems. (See Appendix A of this
chapter for examples of retail data
elements.)
14. For retail exposures, if the most
recent period of economic downturn
conditions occurred more than five
years ago, banks should retain
additional data to cover the downturn
period. These data need not cover the
period between the downturn period
and the most recent five-year period.
These data may be in the form of
representative statistical samples of the
portfolio rather than data from all
exposures. The method of any sampling
should be statistically sound and welldocumented.
15. Banks should gather and retain
disposition data, including recovery
data on defaulted exposures (e.g., date
and dollar value of recoveries and
collection expenses) sufficient to
develop ELGD, LGD, and EAD estimates
for retail exposures. For many banks,
information related to recoveries and
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.002</GPH>
9122
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
collection expenses currently exists
only at an aggregate level. These banks
should develop interim solutions and a
plan to improve exposure-level data
availability.
16. For retail exposures, historical
segmentation data can be lost or
irretrievable; for example, when
exposures are acquired through mergers,
acquisitions, or portfolio purchases. In
these cases, as an interim measure,
banks should seek to obtain data from
external sources to supplement internal
data shortfalls. Alternatively, the
reference data sometimes may be drawn
from other sections of the portfolio, but
only when the business lines, and
exposure and borrower characteristics
are sufficiently similar (for examples,
see Chapter 3).
D. Outsourced Activities
S 6–5 Banks should ensure that
outsourced activities performed by
third parties are supported by sufficient
data to meet IRB requirements.
17. Certain processes, such as loan
servicing, broker and correspondent
origination, collection, and asset
management, may be outsourced to or
otherwise involve third parties. The
necessary data capture and oversight of
risk management standards for these
portfolios and processes should be
carried out as if they were conducted
internally.
E. Asset Sales
S 6–6 Banks should maintain data
to allow for a thorough review of asset
sale transactions.
18. It is important that banks be able
to quantify the impact of asset sale
activity on its IRB system.
Documentation for these transactions
should be sufficient for supervisors to
determine how asset sale activity affects
the integrity of the IRB system and the
resulting risk-based capital calculation.
For retail, asset sales may involve
exposures from a variety of portfolio
segments, and sale pricing may not be
available at a granular level. A bank
should be able to quantify the effect of
removing a portion of the loans or other
exposures from segments and the effect
of such asset sale activity on risk
parameter estimation.
III. Data Applications
sroberts on PROD1PC70 with NOTICES
A. Validation and Refinement
19. The data elements collected by
banks should facilitate meeting the
validation standards described in
Chapter 7. These standards include
validating the bank’s IRB system
processes, including the ‘‘front end’’
aspects, such as assigning ratings or risk
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
drivers used for segmentation, so that
issues can be identified early. The data
should support efforts to identify
whether raters and models are following
rating criteria and policies and whether
ratings are consistent across portfolios.
In addition, data should support the
validation of risk parameters,
particularly the comparison of realized
outcomes with estimates. For
backtesting risk parameters, data on
default and disposition characteristics
should be thorough.
20. Data for validation should be rich
in scope and depth in order to provide
insights on the performance of the IRB
system. This can contribute to a learning
environment in which refinements can
be made to the systems. These potential
refinements include enhancements to
rating assignment controls,
segmentation design, processes, criteria
or models, IRB system architecture, and
risk parameter estimates.
B. Applying IRB System Improvements
Historically
21. To maintain a consistent series of
information for credit risk monitoring
and validation purposes, banks should
be able to take improvements they make
to their risk rating systems for wholesale
exposures and segmentation systems for
retail exposures and apply them
historically. Moreover, banks are
encouraged to retain data beyond the
minimum requirements because they
should have robust historical databases
containing key risk drivers and
performance components over as long a
historical period and as many variables
as possible to facilitate the development
and validation of better models and
methods.
See Appendix B for an example as to
how a bank could apply new
information to improve its risk rating
system.
C. Calculating Risk-Based Capital Ratios
and Reporting to the Public
22. Data retained by the bank will be
essential for risk-based capital
calculations and public reporting under
the Pillar 3 disclosures. These uses
underscore the need for a well-defined
data management framework and strong
controls over data integrity. Total
exposures should be tied to systems of
record and documentation should be
maintained for this process for all
reporting periods. Control processes and
data elements themselves should also be
subject to periodic verification and
testing by internal auditors. Supervisors
should rely on these processes and
should also perform testing as
circumstances warrant.
PO 00000
Frm 00041
Fmt 4701
Sfmt 4703
9123
23. This guidance should also be
considered with the Proposed Agency
Information Collections published by
the Agencies on September 25, 2006 for
public comment along with the NPR.
The notice contained information
collection templates (FFIEC 101) and
information about the components of
reporting entities’ risk-based capital,
risk-weighted assets by type of credit
risk exposure under the IRB framework,
including templates for credit risk and
definitions of the data elements
contained therein. These templates will
assist banks in determining their data
retention needs related to the risk-based
capital requirements for credit risk
under the IRB framework.
D. Supporting Risk Management
24. The information that can be
gleaned from more extensive data
collection will support a broad range of
risk management activities. Risk
management functions will rely on
accurate and timely data to track credit
quality, make informed portfolio risk
mitigation decisions, and perform
portfolio stress tests. Obligor and loss
severity risk rating and segmentation
data will be used to support such
operations as internal capital allocation
models, pricing models, ALLL
calculations, and performance
management measures. Summaries of
these are included in reports to banks’
boards of directors, regulators, and in
public disclosures.
IV. Managing Data Quality and
Integrity
S 6–7 Banks should develop policies
and controls around the integrity of the
data maintained both internally and
through third parties.
25. Because data are collected at so
many different stages involving a variety
of groups and individuals, ensuring the
quality of the data poses numerous
challenges. For example:
• Qualitative risk-rating variables will
have subjective elements and will be
open to interpretation;
• Exposures will be acquired through
mergers and purchases, but without an
adequate and easily retrievable
institutional rating history; and
• Data purchased from or maintained
through third parties may not have
controls similar to the bank’s controls.
Bank policies and controls should
address these potential challenges.
Specifically, banks should have policies
employing change control management
processes and practices to ensure the
integrity of the data. In addition, banks
should seek reasonable assurances from
significant third-party providers
concerning the integrity of the data.
E:\FR\FM\28FEN2.SGM
28FEN2
9124
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
A. Documentation and Definitions
S 6–8 Banks should document the
process for delivering, retaining, and
updating inputs to the data warehouse
and ensuring data integrity.
S 6–9 Banks must maintain detailed
documentation of changes to the data
elements supporting the IRB system.
26. Given the many challenges
presented by data for an IRB system, the
management of data should be
formalized and banks should develop
comprehensive definitions for their data
elements. Fully documenting how the
bank’s flow of data is managed provides
a means of evaluating whether the data
management framework is functioning
as intended. Moreover, banks should be
able to communicate to persons
developing or delivering various data
the precise definition of the items
intended to be collected. Consequently,
a ‘‘data dictionary’’ and/or a ‘‘data
standards manual’’ would ensure
consistent inputs from business units
and data vendors and would allow third
parties (e.g., IRB system review process,
auditors, or banking supervisors) to
evaluate data quality and integrity.
27. When changes are made to the IRB
system and the supporting data
elements, the source of any significant
changes in the risk-based capital
requirements should be documented.
Therefore, it would be desirable to use
change control management processes.
sroberts on PROD1PC70 with NOTICES
B. Electronic Storage and Access
S 6–10 Banks must retain data using
an electronic format that allows timely
retrieval of data for analysis,
validation, reporting, and disclosure
purposes.
28. To meet the significant data
management challenges presented by
the validation and control features of
the IRB system, banks must store their
data electronically. Banks will have a
variety of storage techniques and
potentially a variety of systems to create
their data warehouses and data marts.
The data architecture should be
designed to be scalable to allow for
growth in portfolios, data elements,
history, and product scope. IRB data
requirements can be achieved by
melding together existing accounting,
servicing, processing, workout and risk
management systems, provided the
linkages between these systems are
well-documented and include sufficient
edit and integrity checks to ensure that
the data can be used reliably.
29. Banks lacking electronic databases
for wholesale exposures would be
forced to resort to manual reviews of
paper files for ongoing backtesting and
ad hoc ‘‘forensic’’ data mining and
VerDate Aug<31>2005
17:01 Feb 27, 2007
Jkt 211001
would be unable to perform that work
in the timely and comprehensive
manner required of the IRB system.
Forensic mining of paper files to build
an initial data warehouse from the
bank’s credit history is encouraged.
Paper research may sometimes be
necessary to identify data elements or
factors not originally considered
significant in estimating the risk of a
particular class of obligor or exposure.
The time and expense of this recovery
effort highlights the importance of
collecting a broad array of variables
during the initial design of the IRB data
system.
directly to the documented criteria that
the bank employs when assigning
ratings. For example, rating criteria
often include ranges of leverage or cash
flow for a particular obligor rating. In
addition, banks are encouraged to
develop and record quantitative
representations of qualitative factors
(such as management effectiveness) in
numeric form. For example, a 1 may
signify exceptionally strong
management and a 5 very weak
management. The rating data elements
should be sufficient for evaluating the
factors driving the rating decisions.
Appendix A: Data Elements for
Wholesale and Retail Exposures
For illustrative purposes, the
following section provides examples of
the kinds of data elements banks should
collect under an IRB data management
and maintenance framework first for
wholesale exposures and second for
retail exposures.
• Asset and sale size; and
• Key ratios used in rating criteria:
—Profitability;
—Cash flow;
—Leverage;
—Liquidity; and
—Other relevant factors.
A. Examples of Data Elements for
Wholesale Exposures
General Descriptive Obligor and
Exposure Data
The data below could be from an
exposure record or from various sources
within the data warehouse. Data
maintained for guarantors would be the
same as that maintained for obligors.
Obligor/Guarantor Data
• General data: name, address,
industry;
• ID number (unique for all related
parent/sub relationships);
• Rating, date, and rater; and
• PD corresponding to rating.
General Exposure Characteristics
• Exposure amounts: committed,
outstanding;
• Exposure type: term, revolver,
bullet, amortizing, etc.;
• Purpose: acquisition, expansion,
liquidity, inventory, working capital
etc.;
• Covenants;
• Exposure ID number;
• Origination and maturity dates;
• Last renewal date;
• Obligor ID link;
• Rating, date and rater;
• ELGD;
• LGD; and
• EAD.
Rating Assignment Data
The data below provide an example of
the categories and types of data that
banks should retain in order to
continually validate and improve rating
systems. These data items should tie
PO 00000
Frm 00042
Fmt 4701
Sfmt 4703
Quantitative factors in obligor ratings
Qualitative factors in obligor ratings
• Quality of earnings and cash flow;
• Management effectiveness,
reliability;
• Strategic direction, industry
outlook, position;
• Country factors and political risk;
and
• Other relevant factors.
Third-party obligor ratings
• Public debt rating and trend; and
• External credit model score and
trend.
Rating Notations
• Flag for overrides or exceptions;
and
• Authorized individual who can
change rating.
Key exposure factors in ELGD and LGD
ratings
• Seniority;
• Collateral type (cash, marketable
securities, AR, stock, RE, etc.);
• Collateral value and valuation date;
• Advance rates, LTV;
• Industry; and
• Geography.
Rating Notations
• Flag for overrides or exceptions;
and
• Authorized individual who can
change rating.
Final disposition data
Many banks maintain subsidiary
systems for their problem exposures
with details recorded, at times
manually, on systems that are not linked
to the bank’s central exposure or risk
management systems. The unlinked
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Obligor/guarantor
• Default date; and
• Circumstances of default (e.g.,
nonaccrual, bankruptcy chapters 7–11,
nonpayment).
Exposure
• Outstandings at default; and
• Amounts undrawn and outstanding
plus time series prior to and through
default.
Disposition
• Amounts recovered and dates
(including source: cash, collateral,
guarantor, etc.);
• Collection cost and dates;
• Discount factors to determine
economic cost of collection;
• Final disposition (e.g., restructuring
or sale);
• Sales price, if applicable; and
• Accounting items (charge-offs to
date, purchased discounts).
B. Examples of Data Elements for Retail
Exposures
Data Elements at Origination
sroberts on PROD1PC70 with NOTICES
• Customer identifiers, such as
borrower name;
• External credit bureau attributes;
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
• Application attributes, such as
income and financial information;
• Credit scores, including custom
scores or generic scores;
• Other underwriting data used in the
origination process;
• Score overrides and policy
exceptions;
• Origination channel, such as a
third-party vendor, telemarketing, direct
mail, or Internet;
• Product type and loan terms, such
as line amount, interest rate, payment
terms, balance transfer amount, and
reward programs;
• Collateral characteristics, such as
appraised value, geographic location,
and loan-to-value; and
• Guarantees or other credit risk
mitigants, such as PMI.
Ongoing Data Elements
• Refreshed credit bureau attributes;
• Payment history and performance
characteristics, including payments,
draws, fees, NSF checks, delinquency,
overlimit status, and utilization;
• Collections activity, including
workout or forbearance programs,
restructurings, payment deferrals, reaging and other similar programs;
• Behavior scores;
• Transaction-level information;
• Account management activities,
such as line increase or decrease
programs, pricing adjustments, changes
in payment requirements or fee
structures, and reward programs;
• Updated borrower information; and
• Updated collateral information.
Collection and recovery information
• Default date;
• Loss severity information;
PO 00000
Frm 00043
Fmt 4701
Sfmt 4725
• Circumstances of default (e.g.,
nonaccrual, bankruptcy chapters 7–11,
nonpayment);
• Outstandings at default;
• Amounts undrawn and outstanding
plus time series prior to and through
default;
• Amounts recovered and dates
(including source: cash, collateral,
guarantor, etc.);
• Collection cost and timing;
• Discount factors to determine
economic cost of collection;
• Final disposition (e.g., restructuring
or sale);
• Sales price, if applicable; and
• Accounting items (charge-offs to
date, purchased discounts).
Appendix B: Applying Risk Rating
System Improvements Historically
In the example below for wholesale
exposures, a bank experiences
unexpected and rapid migrations and
defaults in its rating grade 4 category
during 2006. Analysis of the actual
financial condition of borrowers that
defaulted compared with those that did
not suggests that the debt-to-EBITDA
range for its expert judgment criteria of
3.0 to 5.5 is too broad. Research
indicates that rating grade 4 should be
redefined to include only borrowers
with debt-to-EBITDA ratios of 3.0–4.5
and that rating grade 5 should be 4.5–
6.5. In 2007, the change is initiated, but
prior years’ numbers are not recast (see
Exhibit A). Consequently, a break in the
series prevents the bank from evaluating
credit quality changes over several years
and from identifying whether applying
the new rating criteria historically
provides reasonable results.
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.003</GPH>
data are a significant hindrance in
developing reliable risk parameter
estimates.
In advanced systems, the ‘‘grave’’
portion of obligor and exposure tracking
is essential for producing and validating
risk parameter estimates and is an
important feedback mechanism for
adjusting and improving these estimates
over time. Essential data elements are
outlined below.
9125
9126
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
the grade would be under the new rating
criteria. If the precise weight an expert
has given one of the redefined criteria
is unknown, banks are expected to make
estimates on a best efforts basis. After
the retroactive reassignment process, the
bank observes that the mix of obligors
in rating grade 5 declined somewhat
over the past several years while the
mix in rating grade 4 increased slightly.
This contrasts with the trend identified
before the retroactive reassignment. The
result is that the multiyear transition
statistics for rating grades 4 and 5
provide risk managers a clearer picture
of risk.
This example is based on applying
ratings historically using data already
collected by the bank. However, for
some risk rating system refinements,
banks may in the future identify drivers
of default or loss that might not have
been collected for borrowers or
exposures in the past. That is why banks
are encouraged to collect data that they
believe may serve as stronger predictors
of default in the future. For example,
certain elements of a borrower’s cash
flow might currently be suspected of
overstating the operational health of a
particular industry. In the future, should
a bank decide to reduce the weight
given to cash flow for this
overstatement, resulting in a downgrade
of many obligor ratings, the bank that
collected these data could apply this
rating change to prior years. This would
provide a consistent picture of risk over
time and also present opportunities to
validate the new criteria using historical
data. Recognizing that banks will not be
able to anticipate fully the data they
might find useful in the future, banks
are expected to reassign rating grades on
a best efforts basis when practical.
must be consistent with the bank’s
internal risk management processes and
management information reporting
systems.
Part III, Section 22(j)(2): The bank’s
board of directors (or a designated
committee of the board) must at least
annually evaluate the effectiveness of,
and approve, the bank’s advanced
systems.
Part III, Section 22(j)(3): A bank must
have an effective system of controls and
oversight that:
(i) Ensures ongoing compliance with
the qualification requirements [in the
NPR];
(ii) Maintains the integrity, reliability,
and accuracy of the bank’s advanced
systems; and
(iii) Includes adequate governance
and project management processes.
Part III, Section 22(j)(4): The bank
must validate, on an ongoing basis, its
advanced systems. The bank’s
validation process must be independent
of the advanced systems’ development,
implementation, and operation, or the
validation process must be subjected to
an independent review of its adequacy
and effectiveness. Validation must
include:
(i) The evaluation of the conceptual
soundness of (including developmental
evidence supporting) the advanced
systems;
(ii) An on-going monitoring process
that includes verification of processes
and benchmarking; and
(iii) An outcomes analysis process
that includes backtesting.
Part III, Section 22(j)(5): The bank
must have an internal audit function
independent of business-line
management that at least annually
assesses the effectiveness of the controls
supporting the bank’s advanced systems
and reports its findings to the bank’s
board of directors (or a committee
thereof).
Chapter 7: Controls and Validation
Rule Requirements
Part III, Section 22(a)(2): The systems
and processes used by a bank for riskbased capital purposes under [the NPR]
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00044
Fmt 4701
Sfmt 4703
I. Overview
1. A bank must have a system of
controls that ensures that the
components of the IRB system are
functioning effectively. This chapter
provides guidance on the essential
elements of an effective control
environment for an IRB system for
wholesale and retail exposures,
including independent review
processes, a comprehensive validation
process, and an internal audit review
and reporting process.
2. While this chapter specifically
addresses the control framework
supporting a bank’s IRB systems for
wholesale and retail exposures, the
framework outlined in this chapter
generally applies to all of a bank’s
advanced systems for credit risk as
described in Chapter 1 of this guidance.
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.004</GPH>
sroberts on PROD1PC70 with NOTICES
Recognizing the need to provide
senior managers and board members
with a consistent risk trend, the new
criteria are applied historically to
obligors in rating grades 4 and 5 (see
Exhibit B). The original ratings assigned
to the rating grades are maintained
along with notations describing what
sroberts on PROD1PC70 with NOTICES
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
In addition, specific validation
requirements for certain counterparty
credit risk transactions, equity
exposures, and securitization exposures
are provided in Chapters 9, 10, and 11,
respectively.
S 7–1 Banks must have an effective
system of controls that ensures ongoing
compliance with the qualification
requirements, maintains the integrity,
reliability, and accuracy of the IRB
system, and includes adequate
governance and project management
processes.
3. An accurate and reliable IRB
system will allow bank management to
make informed risk management and
capital management decisions. While
banks have flexibility in determining
how integrity in the IRB system is
achieved, the control framework that
supports the IRB system should be
constructed to ensure that the IRB
system’s design and performance are
effective and that it continues to operate
as intended.
4. The specific IRB-system controls, as
outlined in this chapter as well as in
Chapter 1 of this guidance, should be
part of a broader control infrastructure
that embodies more generic control
principles such as dual controls,
separation of duties, and
appropriateness of incentives that
enable prudential corporate oversight.
S 7–2 Control processes should be
independent and transparent to
supervisors and auditors.
5. The objective of independence is to
ensure the integrity of the IRB system.
When independence is not fully
achieved, there should be compensating
controls to confirm that actions and
conclusions are not compromised.
6. Independence can be achieved
structurally with organizational
separation, or functionally, through
policy and/or incentive based
separation. For example, reviews
performed by individuals who are not
structurally independent could be
acceptable as functionally independent
reviews if the structure does not inhibit
an objective evaluation. In these cases,
job responsibilities and reporting
relationships should be assessed to
determine if they present any inherent
conflicts that could impede conducting
an effective review. Banks should
consider a variety of factors when
designing a control structure to
adequately address independence,
including:
• Expertise and experience of
individuals conducting control
activities;
• Potential for conflicts of interest
and influence that could compromise
the effectiveness of controls;
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
• Incentives for individuals that
perform critical reviews;
• Separation of duties (individuals
should not review their own work); and
• Fully documenting all aspects of
the control structure to ensure it can be
understood and evaluated by
supervisors and auditors.
II. Reviews of the IRB System
S 7–3 The annual assessment of the
IRB system presented to the board of
directors should be supported by the
bank’s comprehensive and independent
reviews of the IRB system.
7. As discussed in Chapter 1, the
bank’s board of directors must at least
annually evaluate the effectiveness of,
and approve, the bank’s advanced
systems for credit risk. To do so, the
board should be provided with
information that would enable it to
conclude, with reasonable assurance,
that management has appropriate
processes and controls in place that
support an effective IRB system. This
information should include results from
the bank’s comprehensive and
independent reviews of the IRB system.
8. The bank’s independent review
process may be tailored to the bank’s
management and oversight framework.
The objective of these reviews should be
to evaluate compliance with the
requirements in the NPR and this
supervisory guidance and to measure
the effectiveness of the IRB system’s
design and operation. The review
should include all components of the
IRB system:
• Risk rating and segmentation
systems;
• Quantification process, particularly
the selection of reference data sets and
risk parameter estimation techniques;
• Ongoing validation process;
• Data management and maintenance
system that supports the IRB system;
and
• Control infrastructure supporting
the IRB system.
9. Responsibility for the review
process could be distributed across
multiple areas or housed within one
unit, so long as the bank can
demonstrate that the review process
provides a comprehensive and objective
assessment of the areas reviewed.
Individuals performing the reviews
should possess the requisite technical
skills and expertise.
10. Validation will encompass some
of the IRB system review standards
described above. However, to the extent
that validation or other control
functions do not address a component
of the IRB system or if they do not meet
the independence requirements, a
separate independent review of
PO 00000
Frm 00045
Fmt 4701
Sfmt 4703
9127
business-line management, risk
management, and internal audit should
be conducted as applicable. The
validation activities, which are the
evaluation of conceptual soundness
(including developmental evidence),
ongoing monitoring (i.e., process
verification and benchmarking), and
outcomes analysis (backtesting), are
described in more detail later in this
chapter.
S 7–4 Validation activities must be
conducted independently of the
advanced systems’ development,
implementation, and operation, or
subjected to an independent assessment
of their adequacy and effectiveness.
11. The developmental evidence
supporting risk rating and segmentation
systems’ design and quantification is
generally compiled by the systems’
designers. This evidence should be
subject to an ongoing substantive
independent assessment by qualified
staff. This independent review should
be conducted at the time of system
development and then updated
whenever significant changes in
methodology, data, or implementation
occur.
12. Furthermore, when process
verification, benchmarking, or outcomes
analysis (backtesting) activities are not
completed by individuals independent
of the risk rating and segmentation
systems’ design or use, these activities
must be the focus of an ongoing
substantive independent assessment.
Responsibility for the assessment of
developmental evidence and ongoing
validation may be drawn from a variety
of organizational structures provided
functional independence and sufficient
expertise are demonstrated.
III. Consistency Between IRB Systems
and Risk Management Processes
S 7–5 The systems and processes
used by a bank for risk-based capital
purposes must be consistent with the
bank’s internal risk management
processes and management information
reporting systems.
13. The systems and processes a bank
uses for risk-based capital purposes
must be consistent with the bank’s
internal credit risk management
processes and management information
reporting systems such that data from
the latter system and processes can be
used to verify the reasonableness of the
risk parameter inputs the bank uses for
risk-based capital purposes.
14. The wholesale risk ratings used
for risk-based capital purposes should
be consistent with those used to guide
day-to-day wholesale credit risk
management activities. Wholesale risk
ratings for IRB purposes should be
E:\FR\FM\28FEN2.SGM
28FEN2
9128
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
incorporated into and be consistent with
a bank’s credit risk management,
internal capital assessment and
planning, and corporate governance
processes. The different uses and
applications of the risk rating systems’
outputs should promote greater
accuracy and consistency of ratings
across an organization. Banks should
demonstrate that ratings used for IRB
purposes are consistent with the bank’s
internal credit risk management
processes.
15. The risk drivers used for IRB retail
segmentation should be consistent with
those used to guide day-to-day retail
credit risk management activities. Risk
drivers for IRB segmentation purposes
should correspond to risk drivers used
as part of the overall credit risk
management of business lines. Banks
should demonstrate that the risk drivers
used for IRB segmentation purposes are
consistent with those used in its day-today planning, execution, and
monitoring of retail lending activities.
However, the IRB segmentation criteria
do not have to be identical to those used
in credit risk management.
16. Risk parameters used for credit
risk management should be consistent
with the IRB risk parameters. Banks will
be afforded some flexibility in their use
of estimated risk parameters, since the
estimates prescribed for risk-based
capital purposes may not be appropriate
for other uses. For example, the PDs
used to estimate loan loss allowances
could reflect current economic
conditions that are different from the
long-term averages appropriate for riskbased capital calculations. While risk
parameters used for internal risk
management purposes could be
different from those used for risk-based
capital purposes, banks should be able
to demonstrate that the IRB measures of
credit risk are consistent with similar
measures used in internal credit risk
management.
IV. Internal Audit
S 7–6 Internal audit must, at least
annually, assess the effectiveness of the
controls supporting the IRB system and
report its findings to the board of
directors (or a committee thereof).
17. A bank must have an internal
audit function that is independent of
business line management and that
assesses at least annually the
effectiveness of the controls supporting
the IRB system and reports its findings
to the board of directors (or its
designated committee). At least
annually, internal audit should review
the validation process including
procedures, responsibilities,
appropriateness of results, timeliness,
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
and responsiveness to findings. Further,
internal audit should evaluate the
depth, scope, and quality of the
independent review processes and
conduct appropriate testing to ensure
that the conclusions of these reviews are
well founded.
V. Validation Activities
18. Validation is an ongoing process
that includes the review and monitoring
activities that verify the accuracy of the
risk rating and segmentation systems
and the quantification process. The
components of validation include
evaluation of conceptual soundness
(including developmental evidence),
ongoing monitoring, and outcomes
analysis.
A. General Validation Requirements
S 7–7 A bank’s validation policy
should cover the key aspects of risk
rating and segmentation systems and
the quantification process.
19. The validation policy should be
approved by the bank’s senior
management, and should:
• Describe the validation process;
• Outline the documentation
requirements;
• Assign responsibilities;
• Outline the process for corrective
actions; and
• Be updated periodically to
incorporate new developments in
validation practices and to ensure that
validation methods remain appropriate.
S 7–8 Validation must assess the
accuracy of the risk rating and
segmentation systems and the
quantification process.
20. The accuracy of risk rating and
segmentation systems and the
quantification process is measured by
determining whether the:
• Assignment of exposures to risk
ratings or segments has been
implemented as designed;
• Performance data show that the risk
rating or segmentation systems
adequately differentiate risk over time;
• Migration of wholesale risk ratings
is consistent with the bank’s rating
philosophy;
• Retail segmentation system
separates exposures into stable and
homogeneous segments; and
• Actual default, loss severity, and
exposure experience of each rating
grade or segment is consistent with risk
parameter estimates.
21. Some differences between
observed outcomes for individual
ratings or specific retail segments and
the estimated risk parameters are
expected. Risk parameter estimates
should reflect a degree of conservatism
appropriate for the inherent uncertainty
PO 00000
Frm 00046
Fmt 4701
Sfmt 4703
in the bank’s quantification process. As
such, observed outcomes should not
consistently or significantly exceed risk
parameter estimates. This applies to
each of the following:
• Actual long-run average default
rates for each rating grade or segment
and the assigned PD estimates;
• Actual long-run average economic
loss rates on defaulted exposures and
the assigned ELGD estimates;
• The economic loss rates on
defaulted exposures during actual
economic downturn conditions and the
assigned LGD estimates; and
• The exposure size of defaulted
exposures during actual economic
downturn conditions and the assigned
EAD estimates.
Bias that results in a reduction of riskbased capital requirements should
receive immediate attention from
management.
S 7–9 Validation processes for risk
rating and segmentation systems, and
the quantification process must include
the evaluation of conceptual soundness,
ongoing monitoring, and outcomes
analysis.
22. Validation should be designed to
give the greatest possible assurances of
the accuracy of the risk rating and
segmentation systems and the
quantification process. Three activities
must be carried out:
• Evaluating conceptual soundness
using developmental evidence—
determining whether the approach is
sound;
• Ongoing monitoring—verifying the
process and comparing results to other
sources of data or estimates
(benchmarking); and
• Outcomes analysis—comparing
actual outcomes with estimates by
backtesting and other methods.
These integral, ongoing activities
must evaluate both internally and
externally developed risk rating and
segmentation systems, models, and the
quantification process.
23. Validation processes, especially
outcomes analysis, should recognize
that realized outcomes for default, loss
severity, and additional drawdowns can
vary in a systematic fashion with the
economic cycle. Thus, realized
outcomes for a given risk parameter can
vary around the estimate of long run
average. A bank’s validation policy
should specify how realized outcomes
are expected to vary with the economic
cycle given the design of the IRB
system. For example, given a bank’s
obligor rating system design, a bank
might expect realized defaults to be
systematically below the PD estimate
during good states of the economic cycle
and systematically above the PD
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
estimate during bad states of the
economic cycle. This should be
specified in the policy documentation.
Realized outcomes for loss severity are
not directly comparable with LGD
estimates unless an economic downturn
is experienced. Nonetheless, outcomes
analysis for conditions less severe than
an economic downturn can shed light
on the validity of the LGD quantification
process.
B. Validation Activities
sroberts on PROD1PC70 with NOTICES
Evaluating Conceptual Soundness using
Developmental Evidence
24. Developmental evidence is the
primary mechanism used to evaluate the
conceptual soundness of the IRB
system. The developmental evidence for
risk rating and segmentation systems,
and the quantification process should
include documentation and empirical
evidence supporting the methods used
and the variables selected in the design
and quantification of the IRB system.
Where models are used, the evidence
should include documentation and a
description of the logic that supports the
model and an analysis of any statistical
model-building techniques.
25. Developmental evidence
supporting the risk rating system should
include the reasons the system was
selected over other systems. Other
developmental evidence should at a
minimum describe the bank’s obligor
ratings approach and ratings
philosophy, the mapping methodology,
and the use and design of facility ratings
or loss severity estimates.
26. In supporting the segmentation
system, developmental evidence should
describe the statistical design of the
segmentation system and the selection
of risk drivers. Additionally, it should
explain why the system was selected
over other segmentation approaches.
27. Developmental evidence
supporting a bank’s quantification
process should address each aspect of
the quantification process, whether the
process explicitly delineates the four
stages of quantification or implicitly
incorporates the stages.
28. Developmental evidence is more
persuasive when it includes empirical
evidence. Developmental evidence in
support of any model used in the risk
rating and segmentation systems or the
quantification process should include
documentation and a discussion of the
logic that supports the model, an
analysis of any model-building
techniques, sensitivity analysis (analysis
of outcome sensitivity with respect to
model input changes and model
breakdown points), and an assessment
of forecast quality. Models should be
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
supported by evidence that they work
well across reference data sets. Use of a
‘‘holdout’’ sample is a good modelbuilding practice to ensure that a model
is robust. It is possible to perform
several out-of-sample tests by varying
the holdout samples.
29. Empirical developmental evidence
for a judgmental rating system will
likely be derived differently than such
evidence for a model-driven system.
One approach to capture empirical
developmental evidence for analysis
might entail having qualified,
independent raters rate credits from
prior periods. Ideally, the raters would
not be familiar with the circumstances
of the disposition of the credits (e.g.,
default, downgrade, upgrade, paid as
agreed, etc.) and would only use
information available to the original
rater(s) at the time the credits were
underwritten and subsequently
reviewed. These retrospective ratings
could then be compared to the outcomes
to determine whether the ratings
adequately differentiate risk.
Conducting such tests may be difficult
if historical data sets do not include a
sufficient amount of the information
actually used when a rating was
assigned. Careful consideration should
be given to future data needs and
anticipated uses for validation, even if
some variables are not used in the
current model.
S 7–10 Banks must evaluate the
developmental evidence supporting the
risk rating and segmentation systems
and the quantification process.
30. Evaluating developmental
evidence involves assessing how well
the risk rating and segmentation systems
and the quantification process are
designed and constructed. The review of
developmental evidence should
determine whether:
• Risk rating systems can be expected
to accurately assess obligor and facility
risk;
• Segmentation systems can be
expected to separate exposures into
segments with homogenous risk
characteristics and to allow for the
accurate measurements of risk within
segments over time; and
• The quantification process can be
expected to accurately estimate PDs,
ELGDs, LGDs, and EADs.
31. Developmental evidence should
be reviewed whenever the bank makes
material changes in its risk rating and
segmentation systems or quantification
process.
32. Evaluation of developmental
evidence includes comparisons of a
bank’s implemented framework with
alternatives considered in the
development process and the reason the
PO 00000
Frm 00047
Fmt 4701
Sfmt 4703
9129
bank selected the chosen framework.
For retail portfolios, data may be
available on alternative risk drivers for
segmentation, and developmental
evidence should include the empirical
analysis conducted to choose between
risk drivers.
33. The development of risk rating
and segmentation systems and the
quantification process requires
developers to exercise informed
judgment. Whether the developmental
evidence is sufficient will itself be a
matter of expert opinion. Even if a
system is model-based, an evaluation of
developmental evidence will entail
judging the merits of the model-building
technique. Expert judgment is essential
to the evaluation of the risk rating and
segmentation systems and the
quantification process development.
Experts should be able to draw
conclusions about the likelihood of the
satisfactory performance of an
implemented system.
Ongoing Monitoring: Process
Verification and Benchmarking
34. The second component of the
validation process for risk rating and
segmentation systems and the
quantification process is ongoing
monitoring. The objective of ongoing
monitoring is to confirm that the
processes were implemented
appropriately and continue to perform
as intended. Such analysis involves
process verification and benchmarking.
S 7–11 Banks must conduct ongoing
process verification of the risk rating
and segmentation systems and the
quantification process to ensure proper
implementation and operation.
35. Process verification encompasses
a range of activities that are used to
assess whether all internal risk rating
and segmentation processes, as well as
all quantification processes, are being
used, monitored, and updated as
designed and intended. It includes
determining that data essential to these
processes have appropriate integrity,
and that all elements of these processes
continue to be appropriate to the nature
of the bank’s exposures. Process
verification should also ensure that
identified deficiencies are corrected.
36. Verification activities will vary
depending on the risk rating and
segmentation systems and
quantification approaches and their
related guidelines. Verification that data
are accurate and complete is important
for all IRB systems and applies to both
internal and external data, including the
data provided by a third party.
37. For models-based risk rating and
segmentation, verification includes an
evaluation of the automated assignment
E:\FR\FM\28FEN2.SGM
28FEN2
9130
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
processes, such as verification of the
correct computer coding of the model
and data inputs. For expert-judgment
and constrained-judgment risk rating
systems, verification includes an
evaluation of whether the rater adhered
to the rating policy and criteria, given
the information available to the rater
and the documented rationale for the
rating decisions.
38. Process verification of risk rating
and segmentation systems includes
monitoring and analysis of overrides.
An override is a generic term that may
have different meanings in different
contexts. Two types of overrides are
discussed below.
• ‘‘Judgmental overrides’’ occur when
judgments are made to reject the
decision of an objective process, such as
a model or scorecard, which rates a
wholesale obligor, assigns an exposure
to loss-severity rating grade, or assigns
an exposure to a retail segment;
judgmental overrides are an explicit
component of such a rating system’s
design. As a matter of policy in a
constrained judgment rating system for
wholesale lending, a rater is generally
allowed to adjust or override the results
of a statistical rating model. For retail
lending, the assignment of an exposure
to a segment could be overridden, but
such overrides generally are rare.
• ‘‘Policy overrides’’ refer to
exceptions to bank policy with regard to
risk rating assignment or segmentation.
In the case of pure models-based rating
and segmentation systems, an override
would be considered to override policy.
In a constrained judgment model, a
policy override would occur when a
rating is assigned by judgmental
decision that does not conform to the
bank’s rating criteria. Overrides outside
of policy are expected to be rare.13
39. Frequent overrides may call into
question aspects of the risk rating or
segmentation system. Overrides and
adjustments should be monitored and
the performance of ratings that have
been adjusted or overridden should be
tracked for both the validation of rating
and segmentation systems and the IRB
system as a whole. Banks should have
a policy addressing criteria for
judgmental overrides and tolerance
levels for policy overrides. The
frequency of overrides will depend
upon the portfolio, the risk rating and
segmentation design, and a bank’s
practices.
13 Another common use of overrides in retail
lending, not included in this context, relates to
underwriting decisions. ‘‘Low side’’ overrides
approve applications that would normally be
rejected and ‘‘high side’’ overrides reject
applications that would normally be approved.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
S 7–12 Banks must benchmark their
risk rating and segmentation systems,
and their risk parameter estimates.
40. Benchmarking is using alternative
methods or alternative data to draw
inferences about the appropriateness of
ratings, segments, risk parameter
estimates or model outputs before
outcomes are actually known.
Benchmarking is a useful validation
method that can be applied to all rating,
segmentation, and quantification
processes.
41. Benchmarking allows a bank to
compare the consistency of its risk
parameter estimates with those of other
estimation techniques and data sources.
Benchmarking can be a valuable
diagnostic tool for uncovering potential
weaknesses in a bank’s quantification
process. While benchmarking allows for
inferences about the accuracy of the risk
rating and segmentation systems, and
the risk parameter estimates, it does not
substitute for backtesting. When
differences are observed in the
benchmarking exercise, this does not
necessarily indicate that the risk rating
and segmentation systems, or the risk
parameter estimates, are in error. A
benchmark is merely an alternative
measure, and the difference may be due
to different data or methods.
Nevertheless, when differences are
revealed, proper benchmarking requires
the bank to investigate the source of the
differences and whether the extent of
the difference is appropriate. This
investigative process may identify ways
in which a bank can improve its risk
rating and segmentation systems, and
the quantification process.
42. To benchmark risk ratings and
segmentation, a bank must at a
minimum establish a process in which
a representative sample of its internal
ratings, portfolio segmentation, and risk
parameters are compared to results from
another source for the same exposures.
Examples of other sources include
independent internal raters such as loan
review, external corporate rating
agencies, or retail credit bureau models,
and alternative internally developed
credit risk models (‘‘challenger
models’’).
43. Benchmarking of a risk rating,
regardless of the rating approach,
customarily asks whether another rater
or rating method attaches a comparable
rating to a particular obligor or
exposure. Benchmarking of a
segmentation system customarily asks
whether other risk drivers or other
segmentation methods provide similar
risk separation and assessments of the
portfolio risk distribution.
44. Benchmarking of quantification
generally involves comparing different
PO 00000
Frm 00048
Fmt 4701
Sfmt 4703
choices made in the four stages of
quantification. Such benchmarking
compares:
• Reference data with data from other
data sources;
• Estimates of risk parameters with
estimates developed by alternative
methods using the same reference data;
• Mappings with alternative
mappings that would be expected to
provide similar results; and
• Adjustments at the application
stage with alternatives.
45. Benchmarking activities can be
accomplished in a number of ways and
at different levels of aggregation. Some
benchmarking activities are conducted
more frequently than others; for
example, a bank benchmarks a system to
evaluate its performance more
frequently than it benchmarks the
system to determine whether to
renovate it completely, an activity that
must be considerably more thorough.
Examples of benchmarking activities for
risk rating and segmentation systems,
and the quantification process are listed
below:
Risk Ratings or Segmentation
Benchmarking
• On an ongoing basis, analyzing the
characteristics of obligors or exposures
that have been assigned the same
wholesale risk rating or retail segment,
and comparing the distribution of the
portfolio by these ratings or segments
between different time periods.
• Periodically re-rating a sample of
wholesale credits previously rated
under the bank’s standard method;
examples of benchmark ratings include
alternate individual raters in a
judgmental system, an alternative
internally developed rating model, or
third-party credit or debt ratings.
• Periodically comparing the
separation power of the IRB retail
segmentation to alternative
segmentations used in credit risk
management and comparing the risk
parameter estimates derived from the
IRB retail segmentation with an
alternative segmentation.
Quantification Benchmarking
• On an ongoing basis, comparing a
bank’s PD, ELGD, LGD, and EAD
estimates with available alternative risk
estimates, such as business line loss
forecasts or allowance methodologies.
Within retail portfolios, vintage analyses
(tracking loss rates over the life of the
loan, given the same origination time
and borrower characteristics) can be
compared between different origination
periods.
• Periodically comparing a bank’s PD,
ELGD, LGD, and EAD estimates with
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
risk parameter estimates derived from
alternative choices at some step(s) of the
quantification process, such as different
reference data sources, different
estimation models, etc.
sroberts on PROD1PC70 with NOTICES
Outcomes Analysis
S 7–13 Banks must analyze
outcomes and must develop statistical
methods to backtest their risk rating
and segmentation systems and the
quantification process.
46. The third component of the
validation process is outcomes analysis,
which is the comparison of risk
parameter estimates and model results
with actual outcomes. Although banks
are expected to employ all the
components of the validation process,
the data to perform comprehensive
outcomes analysis on the existing
portfolio may not be available in the
early stages of implementation and may
be difficult when a bank’s process for
assessing risks changes significantly.
Therefore, banks may at times need to
rely more heavily on other validation
activities such as developmental
evidence, process verification, and
benchmarking.14
47. Backtesting is the statistical
comparison of estimates to realized
outcomes. Banks must back-test their
risk parameter estimates by regularly
comparing actual portfolio or rating
grade/segment-level default rates, loss
severities, and exposure-at-default
experience with the PD, ELGD, LGD,
and EAD estimates on which risk-based
capital calculations are based.
Backtesting indicates the combined
effectiveness of the assignment of
exposures to wholesale obligor and loss
severity ratings or to retail segments and
the quantification of the risk parameters
attached to those ratings or segments.
S 7–14 Banks should establish
ranges around the estimated values of
risk parameter estimates and model
results in which actual outcomes are
expected to fall and have a validation
policy that requires them to assess the
reasons for differences and that
outlines the timing and type of remedial
actions taken when results fall outside
expected ranges.
14 For wholesale risk rating systems, banks face
the challenge of how to measure the system’s
performance when backtesting is not conclusive.
Because of the rarity of defaults in most years and
the bunching of defaults in a few years, the other
parts of the validation process will assume greater
importance. If risk rating and segmentation
processes are developed in a learning environment
in which banks attempt to change and improve
them, backtesting may be delayed even further. In
its early stages, the validation of risk rating and
segmentation systems will depend on bank
management’s exercising informed judgment about
the strength of the systems, not simply on empirical
tests.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
9131
accuracy of the IRB risk rating and
segmentation systems, and the
quantification process.
S 7–16 Developmental evidence
must be updated whenever significant
changes in methodology, data, or
implementation occur. Other validation
activities must be ongoing and must not
be limited to a point in time.
52. Process verification,
benchmarking, and backtesting
activities should be conducted often
enough to ensure ongoing integrity of
the risk rating and segmentation
systems, and the quantification process.
For example, during high-default
periods, banks should analyze realized
default and loss severity rates more
frequently, perhaps quarterly. They
should document the results of
validation, report them to appropriate
levels of senior risk management, and
take action as appropriate.
48. Banks have considerable
flexibility in developing statistical tests
to back-test the performance of their risk
rating and segmentation systems and the
accuracy of their quantification process.
Regardless of the backtesting method
used, the bank should establish
expected ranges for validation results.
Backtesting often will not identify the
specific reasons for discrepancies
between expectations and outcomes.
Rather, it will indicate only that further
investigation is necessary.
49. When establishing expected
ranges, banks should consider relevant
elements of a bank’s risk rating or
segmentation systems that may affect
outcomes, for example whether the
system is designed to measure risk
parameter estimates at a point in time,
through the cycle, or at stressed periods.
Also, changes in economic or market
conditions and portfolio composition
between the historical data and data
from the present period can lead to
differences between outcomes and risk
parameter estimates.
50. In establishing expected ranges, a
bank should consider which elements of
its risk rating or segmentation system,
and the quantification process, are most
likely to affect outcomes of the risk
parameter estimates. However,
determining expected ranges can be
difficult if a bank has changed its
method of quantifying risk parameters
and the estimates were calculated by a
different method than the outcomes. If
so, it may be appropriate to recalculate
historical estimates in a manner
consistent with the new method. If a
bank adjusts final risk parameter
estimates to be conservative, it may be
appropriate to do its backtesting on the
unadjusted estimates.
51. Differences in realized default,
loss severity, or exposure rates from
expected ranges may point to issues in
the reference data, estimation, mapping
or application elements of
quantification. They may also indicate
potential problems in other parts of the
risk rating or segmentation system. The
bank’s validation policy should describe
(at least in broad terms) the types of
responses that should be considered
when actual outcomes fall outside the
expected ranges. If the discrepancies
demonstrate a systematic tendency to
decrease risk-based capital
requirements, the nature and source of
the bias requires even more detailed
scrutiny.
Rule Requirements
Part III, Section 22(j)(6): The bank
must periodically stress test its
advanced systems. The stress testing
must include a consideration of how
economic cycles, especially downturns,
affect risk-based capital requirements
(including migration across rating
grades and segments and the credit risk
mitigation benefits of double default
treatment).
1. Under the IRB framework, changes
in borrower credit quality will lead to
changes in the risk-based capital
requirements. Because credit quality
typically improves or deteriorates in
conjunction with economic conditions,
risk-based capital requirements may
also vary with the economic cycle.
During an economic downturn, riskbased capital requirements typically
increase as obligors or exposures
migrate toward lower credit quality risk
ratings or segments.
2. Stress testing analysis is a means of
understanding how economic cycles,
especially downturns, as represented by
stress scenarios, will affect risk-based
capital requirements through migration
across risk ratings or segments, effects
on double default treatment, and
through effects on other relevant aspects
of a bank’s advanced systems.15
S 8–1 Banks must conduct and
document stress testing of their
advanced systems as part of managing
risk-based capital.
C. Minimum Frequency of Validation
S 7–15 Each of the three activities in
the validation process should be
conducted often enough to ensure the
ongoing integrity, reliability, and
15 Stress testing is a general term that can be
applied to different types of analysis, depending on
the purpose of the exercise. Examples of stress
testing that have a different purpose than
contemplated here include a stress test of bank
solvency and a stress test of an individual obligor.
PO 00000
Frm 00049
Fmt 4701
Sfmt 4703
Chapter 8: Stress Testing of Risk-Based
Capital Requirements
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9132
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
3. Supervisors expect that banks will
manage their risk-based capital position
so that they remain at least adequately
capitalized during all phases of the
economic cycle. A bank that is able to
accurately estimate risk-based capital
levels during a downturn can be more
confident of appropriately managing
risk-based capital. Stress testing analysis
consists of identifying a stress scenario
and then translating that scenario into
its effect on the levels of key
performance measures, including riskbased capital ratios.
4. Banks should use a range of
scenarios and methods when stress
testing to manage risk-based capital.
Scenarios may be historical,
hypothetical, or model-based. Key
variables specified in a scenario could
include, for example, interest rates,
transition matrices (ratings and scoreband segments), asset values, credit
spreads, market liquidity, economic
growth rates, inflation rates, exchange
rates, or unemployment rates. A single
scenario may apply to the entire
portfolio, or a number of scenarios may
apply to various sub-portfolios. The
severity of the stress scenario should be
consistent with the periodic economic
downturns experienced in the bank’s
market areas. Such scenarios may be
less severe than those used for other
purposes, such as testing a bank’s
solvency.
5. Given a scenario, a bank then
estimates the effect of the scenario on
risk-weighted assets and its future
capital ratios relative to the risk-based
capital minimums. Estimating capital
ratios includes estimating levels of
capital (the numerator of the ratio) as
well as measures of risk-weighted assets
(the denominator).
6. For example, suppose the scenario
for both a retail and a wholesale
portfolio is a specific historical
recession. For the retail portfolio, scoreband transition matrices observed
during the recession could be used to
quantify migration between segments
and thus supply the new distribution of
segments expected for the current
portfolio, given the scenario. For the
wholesale portfolio, internal or rating
agency ratings transition matrices
observed during the recession could be
used to quantify ratings migration, and
thus supply the distribution of rating
grades. The distribution of segments and
rating grades would allow the
calculation of risk-weighted assets that
would be expected during the recession
scenario. Transitions into default would
allow banks to estimate the effects of
credit losses on income and capital. As
part of this analysis, the bank should
ensure that the rating philosophy (as
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
revealed by rating migration patterns) of
the rating agency, or any other source of
ratings, associated with the recession
transition matrix is consistent with the
bank’s rating system, or appropriate
adjustments should be made for
differences in rating philosophy.
7. The scope of this estimation
exercise should be broad and include all
material portfolios under the framework
for advanced systems. The time horizon
of the stress testing analysis should be
consistent with the specifics of the
scenario and should be long enough to
measure the material effects of the
scenario on key performance measures.
For example, if a scenario such as a
historical recession materially affected
income and segment or ratings
migration over two years, the
appropriate time horizon is at least two
years.
8. The bank’s management of riskbased capital should also take into
account the effect of a bank’s
discretionary actions on risk-based
capital levels. For example, a bank’s
plan to reduce dividends in the face of
lowered income would, if implemented,
affect retained earnings and the capital
accounts. Such discretionary actions
should be consistent with the bank’s
documented risk-based capital
management policy. Because
discretionary plans may or may not be
implemented, a bank should estimate
the relevant capital ratios both with and
without these actions.
Chapter 9: Counterparty Credit Risk
Exposure
Rule Requirements
Part III, Section 22(d): Counterparty
credit risk model. A bank must obtain
the prior written approval of [AGENCY]
under section 32 [of the NPR] to use the
internal models methodology for
counterparty credit risk.
Part IV, Section 32: Counterparty
Credit Risk
I. Overview
1. This chapter supplements the
detailed discussion of counterparty
credit risk in the NPR by describing
some of the elements of counterparty
credit risk mitigation, providing
information that may aid banks in
choosing among the alternative methods
to calculate EAD for these transactions,
and providing some descriptions and
illustrative examples of acceptable
modeling practices for estimation of
EAD under the alternative methods.
II. Transactions With Counterparty
Credit Risk
2. Transactions with counterparty
credit risk are those where the credit
PO 00000
Frm 00050
Fmt 4701
Sfmt 4703
risk exposure varies with a market
variable such as an interest rate or
security price. For certain transactions
subject to counterparty credit risk where
there is financial collateral, a bank may
be allowed to recognize the risk
mitigating effect of that collateral
through an adjustment to EAD.
3. As provided in the NPR,
transactions with counterparty credit
risk for which a bank may adjust EAD
rather than LGD include:
• Repo-style transactions including
repurchase and reverse repurchase
agreements, and securities lending and
securities borrowing transactions;
• Eligible margin loans; and
• Over-the-counter (‘‘OTC’’)
derivatives transactions.
4. Several methods are available to
calculate EAD depending on the type of
transaction, presence of eligible
collateral, legal agreements surrounding
a transaction, the operational capability
of a bank, and the modeling capability
of a bank:
• A collateral haircut approach that
includes standard supervisory haircuts
or the bank’s own estimates of the
haircuts—applied to individual repostyle transactions, eligible margin loans,
and single-product groups of such
transactions subject to a qualifying
master netting agreement (netting set).
Additionally, the haircut approach is
available to recognize financial
collateral in the current exposure
methodology for OTC derivatives;
• A simple VaR methodology—
applied to single-product netting sets of
repo-style transactions and eligible
margin loans;
• A current exposure methodology for
OTC derivatives; and
• An internal models methodology
available for all three transaction types.
5. Supervisor approval is required for
all methods except the collateral haircut
approach using standard supervisory
haircuts and the current exposure
methodology for OTC derivatives. To
receive approval, a bank should
demonstrate to its primary Federal
supervisor:
• Internal operational processes used
to determine the eligibility of
transactions for the method chosen;
• Internal processes used to
determine the regulatory and legal
ability to net transactions in bankruptcy;
• Appropriate model validation and
backtesting procedures;
• Appropriate internal controls for
counterparty credit risk;
• Appropriate collateral management
processes, which, at a minimum,
determine whether collateral meets the
definition of financial collateral; and
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
• Adequacy of the modeling
techniques used and how the models
meet qualification requirements.
6. If a transaction qualifies for one of
the EAD adjustment approaches and the
bank elects to use one of the EAD
adjustment methods for the transaction,
collateral may only be taken into
account in the estimation of EAD and
may not also affect the other parameters,
such as LGD. For eligible transactions,
the capital requirement is based on an
estimate of the PD of the counterparty
and LGD for an unsecured exposure to
the counterparty. The EAD is adjusted
to reflect a net exposure amount. Credit
exposures that do not qualify for the
EAD adjustment approach as discussed
in this section must follow the IRB
approach described elsewhere in this
guidance. For those transactions, (i) the
LGD for each individual transaction can
be adjusted, based on the collateral for
the transaction; and (ii) except for the
current exposure methodology for OTC
derivatives, netting cannot be
considered in determining either EAD
or PD.
sroberts on PROD1PC70 with NOTICES
III. Definitions
7. A repo-style transaction is a
repurchase or reverse repurchase
transaction, or a securities borrowing or
securities lending transaction, including
a transaction in which the bank acts as
agent for a customer and indemnifies
the customer against loss, provided that:
• The transaction is based solely on
liquid and readily marketable securities
or cash;
• The transaction is marked to market
daily and subject to daily margin
maintenance requirements;
• The transaction is executed under
an agreement that provides the bank the
right to accelerate, terminate, and closeout the transaction on a net basis and to
liquidate or set off collateral promptly
upon an event of default (including
upon an event of bankruptcy,
insolvency, or similar proceeding) of the
counterparty, provided that, in any such
case, any exercise of rights under the
agreement will not be stayed or avoided
under applicable law in the relevant
jurisdictions; 16 and
• The bank has conducted and
documented sufficient legal review to
16 Where all transactions under the agreement are
(i) executed under U.S. law and (ii) constitute
‘‘securities contracts’’ or ‘‘repurchase agreements ’’
under section 555 or 559, respectively, of the
Bankruptcy Code (11 U.S.C. 555 or 559), qualified
financial contracts under section 11(e)(8) of the
Federal Deposit Insurance Act (12 U.S.C.
1821(e)(8)), or netting contracts between or among
financial institutions under sections 401–407 of the
Federal Deposit Insurance Corporation
Improvement Act of 1991 (12 U.S.C. 4401–4407) or
the Federal Reserve Board’s Regulation EE (12 CFR
Part 231), this requirement is deemed to be met.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
conclude with a well-founded basis that
the agreement mentioned above meets
these requirements and is legal, valid,
binding, and enforceable under
applicable law in the relevant
jurisdictions.
8. An eligible margin loan is an
extension of credit where:
• The credit extension is
collateralized exclusively by debt or
equity securities that are liquid and
readily marketable;
• The collateral is marked to market
daily and the transaction is subject to
daily margin maintenance requirements;
• The extension of credit is
conducted under an agreement that
provides the bank the right to accelerate
and terminate the extension of credit
and to liquidate or set off collateral
promptly upon an event of default
(including upon an event of bankruptcy,
insolvency, or similar proceeding) of the
counterparty, provided that, in any such
case, any exercise of rights under the
agreement will not be stayed or avoided
under applicable law in the relevant
jurisdictions; and
• The bank has conducted and
documented sufficient legal review to
conclude with a well-founded basis that
the agreement mentioned above meets
these requirements and is legal, valid,
binding, and enforceable under
applicable law in the relevant
jurisdictions.
9. An OTC derivative contract is a
derivative contract that is not traded on
an exchange that requires the daily
receipt and payment of cash-variation
margin.
• A derivative contract means a
financial contract whose value is
derived from the values of one or more
underlying assets, reference rates, or
indices of asset values or reference rates.
Derivative contracts include interest rate
derivative contracts, exchange rate
derivative contracts, equity derivative
contracts, commodity derivative
contracts, credit derivatives, and any
other instrument that poses similar
counterparty credit risk.
• Derivative contracts also include
unsettled securities, commodities, and
foreign exchange transactions with a
contractual settlement or delivery lag
that is longer than the lesser of the
market standard for the particular
instrument or 5 business days. This
would include, for example, agency
mortgage-backed securities transactions
conducted in the To-Be-Announced
market.
10. Financial collateral is the
following set of financial instruments in
which the bank has a perfected, first
priority security interest or the legal
equivalent:
PO 00000
Frm 00051
Fmt 4701
Sfmt 4703
9133
• Cash on deposit with the bank
(including cash held for the bank by a
third-party custodian or trustee);
• Gold bullion;
• Long-term debt securities that have
an applicable external rating of one
category below investment grade or
higher (e.g., at least BB¥);
• Short-term debt instruments that
have an applicable external rating of at
least investment grade (e.g., at least A–
3);
• Equity securities that are publicly
traded;
• Convertible bonds that are publicly
traded; and
• Money market mutual fund shares
and other mutual fund shares if a price
for the shares is publicly quoted daily.
IV. Netting
S 9–1 All transactions with a
counterparty subject to a qualifying
master netting agreement constitute a
netting set and may be treated as a
single exposure, otherwise each
transaction shall have its risk-based
capital requirement calculated on a
standalone basis.
11. Counterparty credit risk may be
calculated at the level of a netting set.
Consistent with the industry’s general
practice for computing exposures to
counterparty credit risk, a bank can
estimate the exposure amount or EAD,
and calculate the associated capital
requirement on the basis of one or more
defined bilateral ‘‘netting sets.’’ A
‘‘netting set’’ is a group of transactions
with a single counterparty that are
subject to a legally enforceable bilateral
netting agreement that meets the
requirements to be a qualifying master
netting agreement or qualifying cross
product master netting agreement under
the terms of the NPR. If a transaction
with a counterparty is not subject to a
qualifying master netting agreement, it
comprises its own netting set and the
EAD will need to be calculated for that
transaction on its own. The total
exposure amount or EAD for a given
counterparty is the sum of the exposure
amounts or EADs of the individual
netting sets with that counterparty.
12. Cross-product netting allows for
banks using the internal models
methodology to recognize bilateral
netting arrangements across repo-style
transactions, eligible margin loans, and
OTC derivatives. To recognize crossproduct netting for risk-based capital
purposes:
• Transactions must be conducted
under a qualifying master netting
agreement;
• A bank must be able to effectively
integrate the risk-mitigating effects of
cross-product netting into its risk
E:\FR\FM\28FEN2.SGM
28FEN2
9134
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
management and other information
technology systems; and
• The bank must obtain the prior
written approval of its primary Federal
supervisor.
13. Netting other than on a bilateral
basis, such as netting across transactions
entered into by affiliates (known as
cross-affiliate netting), is not recognized
for the purposes of calculating riskbased capital requirements.
V. Determination of Eligibility for EAD
Adjustment
S 9–2 Banks should have an
appropriately documented process for
determining whether transactions are
eligible for an EAD adjustment
approach if they choose to use an EAD
adjustment approach.
14. The process for determining if a
transaction is eligible for an EAD
adjustment approach should consider
whether the transaction meets the
definition of a repo-style transaction,
eligible margin loan, or OTC derivative.
In addition, it must consider the
operational requirements for tracking
the exposures of such transactions. To
determine which EAD adjustment
approach to apply, the bank should
consider the treatment for similar
transactions, the need for regulatory
approval, operational and legal
requirements, and the scope and
complexity of the bank’s business in
each of the areas. In addition, banks
should consider whether transactions
otherwise eligible for the EAD
adjustment approach are subject to the
automatic stay under the U.S.
Bankruptcy Code or similar provisions
under other applicable bankruptcy law.
VI. Methods for Determining EAD
15. There are three EAD-based
methodologies—a collateral haircut
approach, a simple VaR methodology,
and an internal model methodology—
that a bank may use instead of an ELGD/
LGD estimation methodology to
recognize the benefits of financial
collateral in mitigating the counterparty
credit risk associated with repo-style
transactions and eligible margin loans.
For OTC derivative contracts, there are
two EAD-based methodologies—the
current exposure methodology and an
internal models methodology. The
current exposure methodology for
calculating EAD for an OTC derivative
contract or set of OTC derivative
contracts subject to a qualifying master
netting agreement is similar to the
methodology in the general risk-based
capital rules.17 If the OTC derivative is
collateralized and the internal models
methodology is used, the collateral is
recognized within that approach. If the
OTC derivative contract is collateralized
and the current exposure methodology
is used, the bank may use either the
ELGD/LGD estimation methodology to
recognize the benefits of financial
collateral or the collateral haircut
approach. Table 1 illustrates which EAD
estimation methodologies may be
applied to particular types of exposure.
TABLE 1
Models approach
Current exposure
methodology
OTC derivative .....................................................................
Recognition of collateral for OTC derivatives ......................
Repo-style transaction .........................................................
Eligible margin loan .............................................................
Cross-product netting set ....................................................
Collateral haircut
approach
Yes .......................
No .........................
No .........................
No .........................
No .........................
No .........................
Yes 19 ....................
Yes .......................
Yes .......................
No .........................
Simple VaR 18
methodology
No .........................
No .........................
Yes .......................
Yes .......................
No .........................
Internal models
methodology
Yes.
Yes.
Yes.
Yes.
Yes.
sroberts on PROD1PC70 with NOTICES
S 9–3 Banks must use the same
method for determining risk-based
capital requirements for all similar
transactions.
16. Banks must use the same method
for similar transactions, but may use
different methods for different
transaction types. A bank may use a
separate methodology for agency
securities lending transactions—that is,
repo-style transactions in which the
bank, acting as agent for a customer,
lends the customer’s securities and
indemnifies the customer against loss—
and all other repo-style transactions.
S 9–4 The method for calculating
EAD for transactions subject to
counterparty credit risk should be
appropriate for the risk, extent, and
complexity of the bank’s activity.
17. Banks that are engaged in prime
brokerage, market making, and other
sophisticated securities financing and
repurchase activities should consider
using the VaR model approach or the
internal models approach. Banks that do
not engage in such activities but are
principally using repurchase agreements
and other financial contracts for
liquidity, cash management, and other
risk management purposes may use a
collateral haircut approach for eligible
margin loans and repo-style
transactions, and the current exposure
methodology for OTC derivatives.
18. Under any of the available
methodologies for repo-style
transactions and eligible margin loans, a
bank can recognize the risk mitigating
effect of financial collateral that secures
a repo-style transaction, eligible margin
loan, or single-product netting set of
such transactions subject to a qualifying
master netting agreement through an
adjustment to EAD rather than ELGD
and LGD. The bank may use a collateral
haircut approach or one of two models
approaches: A simple VaR methodology
(for single-product netting sets of repostyle transactions or eligible margin
loans) or an internal models
methodology (the internal models
methodology is described under the
methods for OTC derivatives, but may
be applied to repo-style transactions and
margin loans as well). Figure 1
illustrates the methodologies available
for eligible margin loans and repo-style
transactions.
17 The general risk-based capital rules are in 12
CFR part 3, Appendix A (national banks), 12 CFR
part 208, Appendix A (state member banks), 12 CFR
part 225, Appendix A (bank holding companies), 12
CFR part 325, Appendix A (state non-member
banks), and 12 CFR part 567 (savings associations).
18 Only repo-style transactions and eligible
margin loans subject to a single-product qualifying
master netting agreement are eligible for the simple
VaR methodology.
19 In conjunction with the current exposure
methodology.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
A. Methodologies for Repo-Style
Transactions and Eligible Margin Loans
PO 00000
Frm 00052
Fmt 4701
Sfmt 4703
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
19. Under the collateral haircut
approach, a bank would set EAD equal
to the sum of three quantities:
• The value of the exposure less the
value of the collateral;
• The sum across all securities of (i)
the absolute value of the net position in
a given security (where the net position
in a given security equals the sum of the
current market values of the particular
security the bank has lent, sold subject
to repurchase, or posted as collateral to
the counterparty minus the sum of the
current market values of that same
security the bank has borrowed,
purchased subject to resale, or taken as
collateral from the counterparty);
multiplied by (ii) the market price
volatility haircut appropriate to that
security; and
• The sum across all currencies
different from the settlement currency of
(i) the absolute value of the net position
of both cash and securities in a given
currency; multiplied by (ii) the haircut
appropriate to that currency mismatch.
To determine the appropriate
haircuts, a bank could choose to use
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
standard supervisory haircuts or its own
estimates of haircuts.
20. For purposes of the collateral
haircut approach, a ‘‘given security’’
would include, for example, all
securities with a single Committee on
Uniform Securities Identification
Procedures (‘‘CUSIP’’) number and
would not include securities with
different CUSIP numbers, even if issued
by the same issuer with the same
maturity date.
Standard Supervisory Haircuts
21. If a bank chooses to use standard
supervisory haircuts, it would use an
eight percent haircut for each currency
mismatch and the haircut appropriate to
each security in Table 2 below. The
haircuts in the table assume a 10
business-day holding period
(appropriate for eligible margin loans).
These haircuts must be multiplied by
the square root of 1⁄2 to convert the
standard supervisory haircuts from the
10 business-day holding period to the 5
business-day holding period appropriate
for repo-style transactions. A bank
would be required to adjust the
PO 00000
Frm 00053
Fmt 4701
Sfmt 4703
supervisory haircuts upward to a
holding period longer than 10 business
days for eligible margin loans or 5
business days for repo-style transactions
to take into account collateral
illiquidity. To convert the haircut to a
holding period longer than 10 business
days, the haircut should be multiplied
by the square root of the ratio of the
actual holding period to the 10 business
day minimum holding period. As an
example, assume a bank that uses
standard supervisory haircuts has
extended an eligible margin loan of
$100 that is collateralized by 5-year U.S.
Treasury notes with a market value of
$100. The value of the exposure less the
value of the collateral would be zero,
and the net position in the security
($100) times the supervisory haircut
(.02) would be $2. There is no currency
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.005</GPH>
sroberts on PROD1PC70 with NOTICES
Collateral Haircut Approach
9135
9136
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
mismatch. Therefore, the EAD of the
exposure would be $0 + $2 = $2.
TABLE 2.—STANDARD SUPERVISORY MARKET PRICE VOLATILITY HAIRCUTS 20
External rating grade category for debt securities
Residual maturity for debt securities21
Issuers exempt from the
3 b.p. floor
Other issuers
Two highest investment grade rating categories for long-term ratings/
highest investment grade rating category for short-term ratings.
≤1 year ............................................
.005
.01
>1 year, ≤5 years ............................
>5 years ..........................................
≤1 year ............................................
.02
.04
.01
.04
.08
.02
>1 year, ≤5 years ............................
>5 years ..........................................
One rating category below investment grade ........................................... All .....................................................
Main index equities 22 (including convertible bonds) and gold ................................................................................
Other publicly-traded equities (including convertible bonds) ..................................................................................
Mutual funds ............................................................................................................................................................
.03
.06
.15
.06
.12
.25
Cash on deposit with the bank (including a certificate of deposit issued by the bank) .........................................
Own Estimates of Haircuts
22. With the prior written approval of
the bank’s primary Federal supervisor, a
bank may calculate security type and
currency mismatch haircuts using its
own internal estimates of market price
volatility and foreign exchange
volatility. When a bank calculates its
own estimates haircut on a TN-day
holding period, which is different from
the minimum holding period for the
transaction type, the applicable haircut
(HM) is calculated using the following
square root of time formula:
appropriate to take into account the
illiquidity of an instrument;
• The bank must select a historical
observation period for calculating
haircuts of at least one year;
• The bank must update its data sets
and re-compute haircuts no less
frequently than quarterly and must
reassess its data sets and haircuts
whenever market prices change
materially; and
• The bank generally must estimate
individually the volatilities of each
security and foreign exchange rate
separately, and may not take into
account the correlations between them.
Simple VaR Methodology
where
(i) TM = 5 for repo-style transactions and 10
for eligible margin loans;
(ii) TN = holding period used by the bank to
derive HN and
(iii) HN = haircut based on the holding period
TN.
sroberts on PROD1PC70 with NOTICES
Requirements for the Use of Internally
Estimated Haircuts
23. A bank must meet the following
eligibility requirements to use internal
estimates of collateral haircuts:
• The bank must use a 99th percentile
one-tailed confidence interval, a
minimum five-business-day holding
period for repo-style transactions, and a
minimum 10-business-day holding
period for eligible margin loans;
• The bank must adjust holding
periods upward where and as
20 The market price volatility haircuts in Table 2
are based on a 10-business-day holding period.
21 Residual maturity refers to the residual
contractual maturity of the debt security. For
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
24. With the prior written approval of
its primary Federal supervisor, a bank
may estimate EAD for repo-style
transactions and eligible margin loans
subject to a qualifying master netting
agreement using a VaR model. Under
the simple VaR methodology, a bank’s
EAD for the transactions subject to such
a netting agreement would be equal to
the value of the exposures minus the
value of the collateral plus a VaR-based
estimate of the potential future exposure
(‘‘PFE’’).
25. The VaR model must estimate the
PFE as the bank’s empirically-based,
best estimate of the 99th percentile, onetailed confidence interval for an
increase in the value of the net
collateralized exposure (SE¥SC) over a
5-business-day holding period for repostyle transactions or over a 10-businessday holding period for eligible margin
example, the remaining maturity to call dates or
reset dates for floating rate notes should not be used
for the residual maturity.
PO 00000
Frm 00054
Fmt 4701
Sfmt 4703
.15
.25
Highest haircut applicable to
any security in which the fund
can invest
0
loans using a minimum one-year
historical observation period of price
data on the instruments that the bank
has lent, sold subject to repurchase,
posted as collateral, borrowed,
purchased subject to resale, or taken as
collateral. In cases where the underlying
collateral is less liquid, a longer time
period may be appropriate.
S 9–5 Banks that use the VaR model
approach for single product netting sets
of repo-style transactions or eligible
margin loans must conduct rigorous
and regular backtesting to validate its
model.
26. The qualifying requirements for
the use of such a model are less
stringent than the qualification
requirements for the internal model
methodology described below. In
principle, the VaR model generally
should meet the quantitative and
qualitative criteria for recognition of
internal market risk models set out in
the Market Risk Amendment (‘‘MRA’’).
The main ongoing qualification
requirement for using the simple VaR
model is that the bank must validate its
VaR model by establishing and
maintaining a rigorous and regular
backtesting regime to ensure the validity
of the model the bank uses. A
backtesting regime that is conducted
once every quarter to compare values of
one, five, and/or ten day 99 percent
VaRs with changes in market values of
representative portfolios would be
appropriate and generally would be a
part of a regular program of backtesting.
22 The proposed rule defines a ‘‘main index’’ as
the S&P 500 Index, the FTSE All-World Index, and
any other index approved by the bank’s primary
Federal supervisor for purposes of the rule.
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.006</GPH>
Two lowest investment grade rating categories for both short- and longterm ratings.
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
9137
hypothetical portfolios, or a
combination of real and hypothetical
portfolios that are designed to test
specific aspects of the model, or specific
risk factors.
B. EAD for OTC Derivative Contracts
Current Exposure Methodology
29. The current exposure
methodology for determining EAD for
OTC derivative contracts is similar to
the methodology set forth in the general
risk-based capital rules, in that the EAD
for an OTC derivative contract would be
equal to the sum of the bank’s current
credit exposure and potential future
exposure (‘‘PFE’’) on the derivative
contract. The proposal’s conversion
factor (‘‘CF’’) matrix used to compute
PFE is based on the matrices in the
general risk-based capital rules, with
two exceptions:
• The CF for credit derivatives that
are not used to hedge the credit risk of
exposures subject to an IRB risk-based
capital requirement is specified to be 5.0
percent for contracts with investment
grade reference obligors and 10.0
percent for contracts with noninvestment grade obligors. The CFs for
credit derivative contracts do not
depend on the remaining maturity of the
contract; and
• Floating/floating basis swaps are
not exempt from the CF for interest rate
derivative contracts.
30. A bank may reflect the credit risk
mitigating effects of financial collateral
by adjusting the ELGD and LGD of the
contract or exposure. Alternatively, if
the transaction is subject to daily
marking-to-market and re-margining, the
bank may adjust the EAD of the contract
using the collateral haircut approach for
repo-style transactions and eligible
margin loans. A bank applying the
collateral haircut approach to OTC
derivatives must use a 10-business-day
minimum holding period.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00055
Fmt 4701
Sfmt 4703
28. A bank may use either the current
exposure methodology or the internal
models methodology to determine the
EAD for OTC derivative contracts.
Figure 2 illustrates the possible
methodologies for the calculation of
EAD for OTC derivatives.
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.007</GPH>
sroberts on PROD1PC70 with NOTICES
27. In general, the repo-style backtest
should include the backtesting of
several representative portfolios that
compares the one day 99 percent VaR
figure with the change in market value
for each portfolio tested. The
representative portfolios could be based
on actual counterparty portfolios,
sroberts on PROD1PC70 with NOTICES
9138
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
C. Internal Models Methodology
31. The internal models methodology
for the calculation of EAD can be
applied to repo-style transactions,
eligible margin loans, and OTC
derivatives. The internal models
methodology requires a risk model that
captures counterparty credit risk and
estimates EAD at the level of a ‘‘netting
set,’’ that is, transactions with a single
counterparty that are subject to a
qualifying master netting agreement. A
transaction not subject to a qualifying
master netting agreement is considered
to be its own netting set and EAD must
be calculated for each such transaction
individually. A bank may use the
internal model methodology for OTC
derivatives (collateralized or
uncollateralized) and single-product
netting sets thereof, for eligible margin
loans and single-product netting sets
thereof, or for repo-style transactions
and single-product netting sets thereof.
A bank may choose to use the internal
models methodology for one or two of
these three types of exposures and not
the other types. As described in
paragraph 12 of this chapter, in cases
where a bank has been approved by its
primary Federal supervisor to
incorporate the effects of cross-product
netting agreements in their internal
models methodology, the bank may use
the internal models methodology for
combinations of repo-style transactions,
eligible margin loans, and OTC
derivatives conducted under a
qualifying cross-product netting
agreement.
32. Banks use several measures to
manage their exposure to counterparty
credit risk, including peak exposure
(‘‘PE’’), expected exposure (‘‘EE’’), and
expected positive exposure (‘‘EPE’’). PE
is the maximum exposure estimated to
occur on a future date at a high level of
statistical confidence. Banks often use
PE when measuring counterparty credit
risk exposure against counterparty
credit limits. EE is the probabilityweighted average exposure to a
counterparty estimated to exist at any
specified future date, whereas EPE is the
time-weighted average of individual
expected exposures to a counterparty
where the weights are the proportion of
the time interval that an individual
exposure represents.
33. Effective EPE, described below, is
to be used in the calculation of EAD
under the internal models methodology.
EAD is calculated as a multiple of
effective EPE.
34. EE and EPE may not capture
additional risk arising from the
replacement of existing short-term
positions over the one year horizon used
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
for risk-based capital requirements (that
is, rollover risk) or may underestimate
the exposures of eligible margin loans,
repo-style transactions, and OTC
derivatives with short maturities. For
this reason, a netting set’s ‘‘effective
EPE’’ will be used as the basis for
calculating EAD for counterparty credit
risk. Effective EPE is the time-weighted
average of effective EE over one year
where the weights are the proportion
that an individual effective EE
represents in a one-year time interval. If
all contracts in a netting set mature
before one year, effective EPE is the
average of effective EE until all contracts
in the netting set mature. Effective EE is
defined as:
Effective EEtk = max (Effective EEtk-1,
EEtk)
where exposure is measured at future
dates t1, t2, t3, * * * and effective EEt0
equals current exposure. Under the
internal models methodology, a measure
that is more conservative than effective
EPE for every counterparty (for example,
a measure based on peak exposure) can
be used in place of effective EPE with
prior approval of the primary Federal
supervisor.
35. The internal model methodology
scales effective EPE using a multiplier,
termed ‘‘alpha.’’ Alpha is set at 1.4; a
bank’s primary Federal supervisor has
the flexibility to raise this value in
appropriate situations. With approval of
the primary Federal supervisor, a bank
may use its own estimate of alpha as
described below, subject to a floor of
1.2.
36. The maturity adjustment for
transactions under the internal models
methodology is described in the NPR.
This maturity formula for M is based on
the effective credit duration of the
counterparty exposure. A bank that uses
an internal model to calculate a onesided credit valuation adjustment can
use the effective credit duration
estimated by such a model for maturity,
M, if the bank can demonstrate to its
primary Federal supervisor that the
effective credit duration used by the
bank gives the same value for M as the
maturity formula for Counterparty
Credit Risk (‘‘CCR’’) described in the
NPR.
A Description of the Modeling Process
for Effective Expected Positive Exposure
distribution of the market values for the
portfolio. There are many possible
methods for making this forecast
ranging from Monte Carlo simulation to
using an analytic formula.
38. The process generally starts with
a calculation of the current market value
of the transactions with a counterparty
that are in a netting set. Cases where the
current market value of the netting set
is positive represent an exposure to the
counterparty (the counterparty owes the
bank money). Cases where the current
market value is negative do not
represent exposures to the counterparty
since the bank owes the counterparty
money. To determine the current
exposure, the market value of collateral
posted by the counterparty is subtracted
from the current market value of the
netting set. If this difference is negative
the current exposure is zero.
39. The distribution of exposures on
a future date can also include the
exposure reducing effect of financial
collateral. In cases where financial
collateral is held, the distribution of
market values of the positions and the
collateral held against the netting set is
calculated together and cases of negative
combined market values of transactions
and collateral are set to zero since they
do not represent a credit exposure if the
counterparty were to default (the
counterparty has posted more collateral
than it owes the bank, or the bank owes
the counterparty).
40. The bank will have to determine
for which future dates to calculate
probability distributions of the market
value of transactions in the netting set.
These should be chosen to accurately
reflect the cashflows of transactions in
a netting set.
41. For these future dates (e.g., 1, 3,
5, and 10 days in the future and every
month out to one year 23) the bank will
calculate the distribution of market
values for the netting set.
42. Expected exposure (‘‘EE’’) is
defined as the expected value of the
probability distribution of credit risk
exposures to a counterparty at any
specified future date before the maturity
date of the longest term transaction in
the netting set. Banks will need to
convert from market values of
transactions to credit risk exposures to
make this calculation. When the
transactions in a netting set have a
37. The basis of the calculation is to
forecast, based on observed price
movements, the range of possible values
that a portfolio of transactions with a
counterparty that constitute a netting set
can take in the future and assign
probabilities to those possible values.
This is the statistical probability
23 These example dates are given to clarify the
meaning of future dates, they do not represent a
requirement. As described in paragraph 47 of this
chapter, as well as in the NPR, a large number of
future dates may be computationally burdensome,
and the number of future dates will depend
explicitly on a trade off between the ability to
calculate effective EPE in an expeditious manner
and the accuracy of the computation.
PO 00000
Frm 00056
Fmt 4701
Sfmt 4703
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
positive value, the counterparty owes
money to the bank and there is a credit
risk exposure equal to the positive
market value of the transactions. When
the transactions have a negative market
value, the bank owes the counterparty
money and there is no credit risk
exposure. Generally, banks will start by
calculating the probability distribution
of the market value of the transactions
in a netting set with a counterparty on
a future date. To convert from a
probability distribution of market values
to a probability distribution of credit
risk exposures, cases where the market
value is negative should correspond to
a credit risk exposure of zero, and cases
where the market value is positive
should correspond to a credit risk
exposure equal to the market value of
the transactions. This means that
expected exposure includes in the
probability weighted average a value of
zero for all cases where the market
value, including the effect of collateral,
is negative.
43. Effective expected exposure on a
future date is the greater of expected
exposure on that date or effective
expected exposure on the previous
future date. Effective expected exposure
is calculated recursively, and the value
for the first future date should be the
greater of the expected exposure
calculated on that date or the current
exposure. This means that effective
expected exposure is not allowed to
decline as one moves to future dates
that are further in the future, and that
effective expected exposure will always
be greater than or equal to current
exposure.
44. Effective expected positive
exposure then takes the time-weighted
average of effective expected exposures.
For example, if effective expected
exposure is calculated each month for
the first six months as 5, 6, 6, 6, 7 and
7 in order, and each quarter for the
second half of the year as 7 and 7,
respectively, then those first six
monthly values would each get a weight
of 1/12 and the quarterly observations in
the second half of the year would each
get a weight of 1/4 in the average.
Effective expected positive exposure
using these values at these dates would
be 6.583.
45. If the longest maturity contract in
the netting set was less than a year then
the effective expected positive exposure
only includes the effective expected
exposures out to the longest maturity
and the time-weighted average only goes
out to the longest maturity. For
example, if the longest maturity contract
in the netting set is 5 months and the
effective expected exposures are
calculated for each month for those five
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
months as (3, 3, 4, 4, 6), each monthly
calculation would get a weight of 1/5
and the effective expected positive
exposure would be 4. The zero exposure
values for months six through twelve
would not be included in the average
nor would the average be computed
over a full year.
Requirements for the Internal Models
Methodology
S 9–6 Banks must meet certain
qualifying criteria that consist of
operational requirements, modeling
standards, and model validation
requirements before receiving their
primary Federal supervisor’s approval
to use the internal models method.
46. Banks must have the systems
capability to estimate EE on a daily
basis. While this does not require the
bank to report EE daily, or even to
estimate EE daily, the bank must be able
to demonstrate that it is capable of
performing the estimation daily.
47. Banks must estimate EE at enough
future time points to accurately reflect
all future cash flows of contracts in the
netting set. In order to accurately reflect
the exposure arising from a transaction,
the model should incorporate those
contractual provisions, such as reset
dates, that can materially affect the
timing, probability, or amount of any
payment. The requirement reflects the
need for an accurate estimate of
effective EPE. However, in order to
balance the ability to calculate
exposures with the need for information
on a timely basis, the number of time
points is not specified. Supervisors will
assess the tradeoff between the
computation requirements of more
future time points against the need for
the ability to perform timely
assessments of counterparty credit risk
in determining the number of time
points that banks should use in
establishing a counterparty’s EE profile.
EE should be calculated for enough
future dates to accurately reflect the
timing of cash flows. This accuracy
should be subject to the bank’s internal
review process.
48. Banks must have been using an
internal model that broadly meets the
minimum standards to calculate the
distributions of exposures upon which
the EAD calculation is based for a
period of at least one year prior to
approval. This requirement is to ensure
that the bank has integrated the
modeling into its counterparty credit
risk management process.
49. Bank models must account for the
non-normality of exposure distribution
where appropriate. Non-normality of
exposures means that high loss events
occur more frequently than would be
PO 00000
Frm 00057
Fmt 4701
Sfmt 4703
9139
expected on the basis of a normal
distribution, the statistical term for
which is leptokurtosis. In many
instances, there may not be a need to
account for this. The characteristics of
leptokurtosis will have a greater
proportional effect on the measures of
peak exposure (or some high threshold
percentile measure) than on the measure
of expected exposure used here.
However, the bank should adjust its
EAD measure appropriately when the
underlying distribution of the market
risk factors displays a significant degree
of leptokurtosis.
50. Banks must measure, monitor, and
control both current exposure to
counterparties and counterparty credit
risk over the whole life of the contracts
in a netting set with a counterparty. The
bank should exercise active
management of both existing exposure
and exposure that could change in the
future due to market moves.
51. Banks must measure and manage
current exposures gross and net of
collateral held, where appropriate. The
bank must estimate expected exposure
for OTC derivatives contracts both with
and without the effects of collateral
agreements.
52. Banks must have procedures to
identify, monitor, and control specific
wrong way risk throughout the life of an
exposure. Wrong way risk in this
context is the risk that future exposure
to a counterparty will be high when the
counterparty’s probability of default is
also high.
53. The data used by banks should be
adequate for the measurement and
modeling of the exposures. In particular,
current exposures must be calculated on
the basis of current and accurate market
data. When historical data are used to
estimate model parameters, at least
three years of data that cover a wide
range of economic conditions must be
used. This requirement reflects the
longer horizon for counterparty credit
risk exposures compared to market risk
exposures. The data should be updated
at least quarterly or more frequently
when conditions warrant. Banks are also
encouraged to incorporate model
parameters based on forward-looking
measures.
S 9–7 Banks that use the internal
models methodology for counterparty
credit risk transactions must establish
initial model validation and ongoing
model review procedures. The model
review should consider whether the
inputs and risk factors as well as the
model outputs are appropriate. The
review of outputs should include a
backtesting regime that compares the
model’s output with realized exposures.
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9140
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
54. Because counterparty exposures
are driven by movements in market
variables, the validation of an EPE
model is similar to the validation of a
VaR model that is used to measure
market risk. A validation of either type
of model compares forecasted changes
in value to realized changes. However,
the EPE simulation model forms an
average of credit exposures over a 1-year
time horizon, whereas a market risk VaR
typically forms an estimate of value
changes. These differences make
backtesting internal models used to
measure counterparty credit risk more
difficult to conduct and reliably
interpret than backtesting VaR models
used to measure market risk.
55. The pricing models used to
calculate counterparty credit risk
exposure for a given scenario of future
shocks to market risk factors should be
tested as part of the model validation
process. These pricing models may be
different from those used to calculate
VaR over a short horizon. Pricing
models should account for the
nonlinearity of option value with
respect to market risk factors where
appropriate.
56. Historical backtesting on
representative counterparty portfolios
should be part of the model validation
process. The representative portfolio
should be held fixed over the
backtesting interval. A bank should
conduct such backtesting on a number
of representative counterparty portfolios
(actual or hypothetical) looking back an
appropriate time period. These
representative portfolios should be
chosen based on their sensitivity to the
material risk factors and correlations to
which the firm is exposed. It would
appropriate to conduct such backtests
once each quarter.
57. Starting at a particular historical
date, the backtest would use the internal
model to forecast each portfolio’s
probability distribution of exposure at
various time horizons. Using historical
data on movements in market risk
factors, the backtest then computes the
actual exposures that would have
occurred on each portfolio at each time
horizon assuming no change in the
portfolio’s composition. These realized
exposures would then be compared
with the model’s forecast distribution at
various time horizons. The above
should be repeated for several historical
dates covering a wide range of market
conditions (e.g., rising rates, falling
rates, quiet markets, volatile markets).
Significant differences between the
realized exposures and the model’s
forecast distribution could indicate a
problem with the model or the
underlying data.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
Modeling Requirements for the Internal
Models Method
Time Horizon
58. The time horizon over which the
time-weighted average of effective
expected exposures is taken for the
calculation of effective expected
positive exposure is one year or the
longest maturity of any transaction in a
netting set, whichever is shorter.
Examples are provided in paragraphs 44
and 45. Banks which receive approval to
incorporate the effect of collateral
agreements using the shortcut method
described below may also use a shorter
time horizon than one year.
Recognition of Collateral
59. With the prior written approval of
its primary Federal supervisor, a bank
may fully incorporate into its internal
model the effect of a collateral
agreement that requires receipt of
collateral when exposure to the
counterparty increases. Banks may not
capture the effects of agreements that
require receipt of collateral when
counterparty credit quality deteriorates.
A bank may use a shortcut method
where the effective EPE is equal to the
lesser of:
• The threshold, defined as the
exposure amount at which the
counterparty is required to post
collateral under the collateral
agreement, if the threshold is positive,
plus an add-on that reflects the potential
increase in exposure over the margin
period of risk. The add-on is computed
as the expected increase in the netting
set’s exposure beginning from current
exposure of zero over the margin period
of risk. The margin period of risk is
defined in the NPR. The minimum
margin period of risk is 5 business days
for repo-style transactions and 10
business days for other transactions
when liquid collateral is posted under a
daily margin maintenance requirement.
This period should be extended to cover
any additional time between margin
calls, any potential close out difficulties,
and the time to sell out collateral,
particularly if it is illiquid; or
• Effective EPE without a collateral
agreement.
Risk Management and Modeling
60. The modeling approval
requirements reflect the need for
accurate and timely estimates of EAD,
secure contractual rights for collateral
and netting, sound management of
counterparty credit risk using
appropriate risk measures,
consideration of risks that are outside of
models when managing risk, and an
operational system that facilitates the
PO 00000
Frm 00058
Fmt 4701
Sfmt 4703
management of counterparty credit risk
using the appropriate models and tools.
61. The use of effective EPE for
determining risk-based capital
requirements does not necessitate the
use of effective EPE for setting
counterparty exposure limits. Peak
exposure may be, and often is, a more
appropriate measure to limit
counterparty exposures. However, the
probability distributions of future
exposures that are used for the effective
EPE calculation should be the same as
those used for risk management and
limit setting. This underlying
distribution of future exposures should
be used for one year at the bank prior
to the bank being approved to use
internal models for its risk-based capital
calculation, but not necessarily to
calculate EPE or Effective EPE.
62. Banks should estimate the
probability distribution of future
exposures out to the longest remaining
maturity of any contract with a
counterparty, even though Effective EPE
for risk-based capital purposes is
calculated over one year. The exposures
beyond one year must be monitored and
controlled by the bank.
63. The bank should exercise active
management of both existing exposure
and exposure that could change in the
future due to market moves. The bank
should measure, monitor, and control
the exposure to a counterparty over the
whole life of all contracts in the netting
set, in addition to accurately measuring
and actively monitoring the current
exposure to counterparties.
Alternative Models for Counterparty
Credit Risk
64. Banks that opt to use the internal
models method can choose to model
EAD for some transactions using a
model different than an alpha (of 1.4 or
higher) times effective EPE. The bank
must receive approval of its primary
Federal supervisor in such cases, and
must demonstrate to its supervisor that
the alternative model is more
conservative than effective EPE
multiplied by an alpha of 1.4 for each
counterparty. This demonstration is
necessary to receive initial approval,
and should be demonstrated to the
primary Federal supervisor whenever
circumstances change. For example,
banks may already have a peak exposure
model for some transactions that is more
conservative than effective EPE
multiplied by 1.4. Rather than develop
an Effective EPE model, the bank may
choose to continue to use the peak
exposure model for these transactions
for a period of time, while adopting an
effective EPE model for other
transactions. The bank would have to
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Own Estimates of Alpha
67. The value of alpha for a bank
using internal models of EPE is 1.4
unless (i) the primary Federal
supervisor raises the value of alpha in
appropriate circumstances based on the
bank’s specific characteristics of
counterparty credit risk or (ii) the bank
meets the requirements outlined in the
NPR and has supervisory approval to
use its own estimate of alpha. A bank
with sufficiently sophisticated models
that can perform the necessary credit
and market risk simulations and that
has supervisory approval to do its own
estimate of alpha may use the greater of
that estimated alpha or 1.2.
68. For banks that receive supervisory
approval to model alpha,
sroberts on PROD1PC70 with NOTICES
Where:
ULCCR = the bank’s own internal estimate of
the 99.9 percentile unexpected losses
from CCR over a one-year time horizon,
and
ULBII = the measure of unexpected losses
from CCR using the Basel II risk-based
capital requirement, but with the EAD
component of that requirement
calculated using an alpha set equal to
1.0.
69. The estimate of alpha is calculated
as the ratio of the bank’s internal
measure of unexpected losses due to
counterparty credit risk at a one-year
99.9 percent confidence level
(numerator) to the estimate of losses
using the internal model method in the
NPR, but with alpha set equal to one
(denominator). This ratio must be run at
least quarterly, and evidence of the
stability of this estimate over a quarter
should be presented to the bank’s
primary Federal supervisor.
70. The numerator is determined
considering the PD, EAD, and LGD
together to determine unexpected
losses. A simulation, or other model,
which considers the variation of PD and
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
EAD together should be used to
determine the distribution of
counterparty credit losses. The estimate
of unexpected losses at a one-year 99.9
percent confidence level should capture
the correlation of a counterparty’s PD
with exposure, the effect of
concentrated exposures, the proportion
of a counterparty exposure that is
accounted for by a market risk factor,
and the correlation of exposures across
counterparties.
71. The bank should provide a
description of the sources of model risk
for the calculation of the numerator. The
primary Federal supervisor will review
the models to determine if the internally
estimated alpha is acceptable, if any
adjustment to the internally estimated
alpha is necessary, or if the models used
to estimate alpha need to be adjusted.
72. If a bank uses a conservative
internal model to determine EAD for
some transactions, the primary Federal
supervisor may require the bank to
remove these transactions from both the
numerator and denominator for the
purposes of estimating alpha.
Counterparty Credit Risk Mitigation
Using Credit Derivatives
73. Under the internal models
method, the reference instrument
underlying a credit derivative that pays
the bank on the default of a
counterparty may be entered as a short
exposure into a netting set of the
counterparty that credit protection is
purchased on. The reference instrument
underlying the credit derivative should
also be entered as a long exposure into
the netting set of the seller of the credit
protection. The purchase of a credit
derivative on a counterparty exposure
transfers the risk of the instrument
referenced in the credit derivative
contract from the counterparty to the
seller of the credit derivative.
74. Banks may apply the PD
substitution approach, the LGD
adjustment approach, or (if applicable)
the double default treatment to a CCR
exposure hedged by an eligible
guarantee or eligible credit derivative.
VII. Defaulted Counterparties
75. Operational or settlement errors
do not necessarily trigger a default event
for PD assignment purposes. However, if
a credit-related charge-off occurs as the
result of a counterparty’s failure to
perform on a financial contract, this
would constitute a default event for
risk-based capital purposes and the PDs
for all exposures to that obligor should
be adjusted to the value of one.
PO 00000
Frm 00059
Fmt 4701
Sfmt 4703
Chapter 10: Risk-Weighted Assets for
Equity Exposures
Rule Requirements
Part III, section 22(g): Equity
exposures model. A bank must obtain
the prior written approval of [AGENCY]
under section 53 [of the NPR] to use the
internal models approach for equity
exposures.
Part VI: Risk-Weighted Assets for
Equity Exposures
I. Overview
1. This chapter supplements the
detailed discussion of equity exposures
in the NPR. It describes supervisory
guidance for determining risk-based
capital requirements for equity
exposures held in the banking book for
banks subject to the Market Risk Rule
and for all equity exposures for banks
not subject to the Market Risk Rule.
II. Definition of Banking Book Equities
2. Equity exposure means:
• A security or instrument (whether
voting or non-voting) that represents a
direct or indirect ownership interest in,
and a residual claim on, the assets and
income of a company, unless:
—The issuing company is
consolidated with the bank under
Generally Accepted Accounting
Principles (‘‘GAAP’’);
—The bank is required to deduct the
ownership interest from Tier 1 or Tier
2 capital under the NPR;
—The ownership interest is
redeemable;
—The ownership interest incorporates
a payment or other similar obligation on
the part of the issuing company (such as
an obligation to pay periodic interest);
or
—The ownership interest is a
securitization exposure.
• A security or instrument that is
mandatorily convertible into a security
or instrument described in the first
bullet of this definition;
• An option or warrant that is
exercisable for a security or instrument
described in the first bullet of this
definition; or
• Any other security or instrument
(other than a securitization exposure) to
the extent the return on the security or
instrument is based on the performance
of a security or instrument described in
the first bullet of this definition.
III. Applying the Framework
3. Under the proposed framework for
equity exposures in the NPR, a bank
would have the option to use either a
simple risk-weight approach (‘‘SRWA’’)
or an internal models approach (‘‘IMA’’)
for equity exposures that are not
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.008</GPH>
demonstrate that it meets the
qualification requirements to use an
internal model for the peak exposure
model and that the model results in a
conservative EAD.
65. Cases where a bank might opt to
use a more conservative model than
alpha times effective EPE include
transactions for which the bank has
legacy models, new business lines, and
structured transactions that are not
expected to comprise an ongoing
business and the conservative model is
less computationally intensive.
66. Alternative models for
counterparty credit risk should be
applied to all similar transactions.
9141
sroberts on PROD1PC70 with NOTICES
9142
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
exposures to an investment fund. A
bank would use a look-through
approach for equity exposures to an
investment fund. Under the SRWA, a
bank would generally assign a 300
percent risk weight to publicly-traded
equity exposures and a 400 percent risk
weight to non-publicly-traded equity
exposures. Certain equity exposures to
sovereigns, multilateral institutions, and
public sector enterprises would have a
risk weight of 0 percent, 20 percent, or
100 percent. Also, community
development equity exposures, as well
as hedged equity exposures that meet
specified conditions are risk weighted at
100 percent. Non-significant equity
exposures (i.e., exposures that aggregate
to an amount that is less than or equal
to 10 percent of the bank’s Tier 1 plus
Tier 2 capital) are also risk weighted at
100 percent.
4. The ‘‘adjusted carrying value’’ of an
equity exposure is:
• For the on-balance sheet component
of an equity exposure, the bank’s
carrying value of the exposure reduced
by any unrealized gains on the exposure
that are reflected in such carrying value
but excluded from the bank’s Tier 1 and
Tier 2 capital; and
• For the off-balance sheet
component of an equity exposure, the
effective notional principal amount of
the exposure, the size of which is
equivalent to a hypothetical on-balance
sheet position in the underlying equity
instrument that would evidence the
same change in fair value (measured in
dollars) for a given small change in the
price of the underlying equity
instrument, minus the adjusted carrying
value of the on-balance sheet
component of the exposure as
calculated in the previous bullet.
5. Publicly-traded equity exposures
can be hedged to reduce their risk-based
capital requirement. However, private
equities cannot be hedged to reduce
their risk-based capital requirement.
S 10–1 Banks must apply the same
methodology to like instruments.
6. A bank may apply (i) the SRWA to
private equity exposures and the IMA to
public equities, or (ii) the IMA to all
equity exposures, or (iii) the SRWA to
all equity exposures. As described
further in the NPR, the IMA provides for
the application of SRWA risk weights
for those equity exposures that would
qualify for a risk weight between zero
and 100 percent.
7. Equity exposures in investment
funds must use one of three lookthrough approaches (where the fund
holdings are treated as if proportionally
held directly by the bank) to determine
risk-based capital requirements under
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
this framework. The three approaches
are:
• The full look-through approach;
• The simple modified look-through
approach; or
• The alternative modified lookthrough approach.
8. There is a risk-weighted asset floor
of 7 percent of the adjusted carrying
value of a bank’s exposure to an
investment fund. A zero percent risk
weight can still be applied to a
particular exposure class within an
investment fund; the 7 percent floor
applies to an investment fund, not its
constituents.
9. A bank may use the full lookthrough approach only if the bank is
able to compute a risk-weighted asset
amount for each of the exposures held
by the investment fund (calculated
under the proposed rule as if the
exposures were held directly by the
bank). Under this approach, a bank
would set the risk-weighted asset
amount of the bank’s equity exposure to
the investment fund equal to the greater
of:
(i) The product of
(A) the aggregate risk-weighted asset
amounts of the exposures held by the
fund as if they were held directly by the
bank and
(B) the bank’s proportional ownership
share of the fund; and
(ii) 7 percent of the adjusted carrying
value of the bank’s equity exposure to
the investment fund.
10. Under the simple modified lookthrough approach, a bank may set the
risk-weighted asset amount for its equity
exposure to an investment fund equal to
the adjusted carrying value of the equity
exposure multiplied by the highest risk
weight in Table L of the NPR that
applies to any exposure the fund is
permitted to hold under its prospectus,
partnership agreement, or similar
contract that defines the fund’s
permissible investments. The bank may
exclude derivative contracts that are
used for hedging, not speculative
purposes, and do not constitute a
material portion of the fund’s exposures.
A bank may not assign an equity
exposure to an investment fund to an
aggregate risk weight of less than 7
percent under this approach.
11. Under the alternative modified
look-through approach, a bank may
assign the adjusted carrying value of an
equity exposure to an investment fund
on a pro rata basis to different riskweight categories in Table L of the NPR
according to the investment limits in the
fund’s prospectus, partnership
agreement, or similar contract that
defines the fund’s permissible
investments. If the sum of the
PO 00000
Frm 00060
Fmt 4701
Sfmt 4703
investment limits for all exposure
classes within the fund exceeds 100
percent, the bank must assume that the
fund invests to the maximum extent
permitted under its investment limits in
the exposure class with the highest risk
weight under Table L, and continues to
make investments in the order of the
exposure class with the next highest
risk-weight under Table L until the
maximum total investment level is
reached. If more than one exposure class
applies to an exposure, the bank must
use the highest applicable risk weight.
A bank may exclude derivative
contracts held by the fund that are used
for hedging, not speculative, purposes
and do not constitute a material portion
of the fund’s exposures. The overall risk
weight assigned to an equity exposure to
an investment fund under this approach
may not be less than 7 percent.
IV. Using Internal Models for Equity
Exposures
S 10–2 If a bank chooses to use an
internal model, it must produce reliable
estimates of the potential loss in the
bank’s portfolio from equity holdings
under stress market conditions.
12. To qualify to use the IMA to
calculate risk-based capital
requirements for equity exposures, a
bank must receive prior written
approval from its primary Federal
supervisor. To receive such approval,
the bank must demonstrate to its
primary Federal supervisor’s
satisfaction that the bank meets the
following criteria:
• The bank must have a model that:
—Assesses the potential decline in
value of its modeled equity exposures;
—Is commensurate with the size,
complexity, and composition of the
bank’s modeled equity exposures; and
—Adequately captures both general
market risk and idiosyncratic risk.
• The bank’s model must produce an
estimate of potential losses for its
modeled equity exposures that is no less
than the estimate of potential losses
produced by a VaR methodology
employing a 99.0 percent, one-tailed
confidence interval of the distribution of
quarterly returns for a benchmark
portfolio of equity exposures
comparable to the bank’s modeled
equity exposures using a long-term
sample period.
• The number of risk factors and
exposures in the sample and the data
period used for quantification in the
bank’s model and benchmarking
exercise must be sufficient to provide
confidence in the accuracy and
robustness of the bank’s estimates.
• The bank’s model and
benchmarking process must incorporate
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
data that are relevant in representing the
risk profile of the bank’s modeled equity
exposures, and must include data from
at least one equity market cycle
containing adverse market movements
relevant to the risk profile of the bank’s
modeled equity exposures. If the bank’s
model uses a scenario methodology, the
bank must demonstrate that the model
produces a conservative estimate of
potential losses on the bank’s modeled
equity exposures over a relevant longterm market cycle. If the bank employs
risk factor models, the bank must
demonstrate through empirical analysis
the appropriateness of the risk factors
used.
• Daily market prices must be
available for all modeled equity
exposures, either direct holdings or
proxies.
• The bank must be able to
demonstrate, using theoretical
arguments and empirical evidence, that
any proxies used in the modeling
process are comparable to the bank’s
modeled equity exposures and that the
bank has made appropriate adjustments
for differences. The bank must derive
any proxies for its modeled equity
exposures and benchmark portfolio
using historical market data that are
relevant to the bank’s modeled equity
exposures and benchmark portfolio (or,
where not, must use appropriately
adjusted data), and such proxies must
be robust estimates of the risk of the
bank’s modeled equity exposures.
13. No one particular type of model is
preferred or required. Appropriate
internal models may include either
traditional VaR models (e.g., historical
simulation, variance/covariance, or
Monte Carlo simulation) or scenario
analysis ‘‘stress tests.’’ These models are
subject to the validation framework
outlined in Chapter 7 of this guidance.
14. The use of either single or multifactor models is permitted, provided
that the factors are sufficient to capture
all material risks of a bank’s equity
holdings. Risk factors should
correspond to the appropriate equity
market characteristics (e.g., public,
private, large cap, small cap, industry
sectors) in which the bank holds
significant positions.
V. Quantification of Equity Exposures
sroberts on PROD1PC70 with NOTICES
A. Reference Data
15. The data used to represent return
distributions or depict stress scenarios
should reflect as long a sample period
for which data are available and
meaningful in representing the risk
profile of equity holdings. In the case of
VaR models, the data used should be
sufficient to provide statistically reliable
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
and robust loss estimates and should
include at least one equity market cycle
containing adverse market movements
relevant to the risk profile of the bank’s
specific holdings. In the case where the
internal model uses a scenario or stress
test methodology, the bank should
demonstrate that the shock employed
provides a conservative estimate of
potential losses over a relevant longterm market or business cycle.
16. In constructing VaR models
estimating potential quarterly losses,
banks should use quarterly data to the
extent practicable. Where estimates
based on shorter time periods are
converted to a quarterly equivalent, the
conversion should be made through the
use of an analytically appropriate
method supported by empirical
evidence, and should be applied
through a well-developed and welldocumented thought process and
analysis. In general, time horizon
conversions should be applied
conservatively and consistently over
time. Furthermore, where only limited
data are available or where technical
limitations are such that estimates from
any single method will be of uncertain
quality, banks should add appropriate
margins of conservatism.
B. External Data
17. It is recognized that there are
significant challenges associated with
deriving market-based measures of risk
for both privately-held and publiclytraded equities where objectivelydetermined market prices may not be
readily available. Accordingly, banks
with significant equity holdings with
these characteristics may need to use
external data in modeling the risks
associated with these holdings.
18. Banks should be able to
demonstrate that the external data
adequately capture the risks of the
underlying equity portfolio.
Documentation should identify the
relevant factors (e.g., business lines,
balance sheet characteristics, geographic
location, company age, industry sector
and subsector, operating characteristics)
used in mapping the external data to the
bank’s individual equity exposures.
C. Estimation
19. Banks will have discretion to
recognize and estimate empirical
correlations, provided that the bank’s
system for measuring correlations is
sound and empirically supported. When
calculating correlations, consideration
should be given to data consistency,
relevant time period, and the volatility
of correlations under stressed market
conditions. The appropriateness of
correlation assumptions and estimation
PO 00000
Frm 00061
Fmt 4701
Sfmt 4703
9143
techniques should be discussed in
model documentation.
20. Survivorship bias is a particularly
important issue in cases where banks
choose to use databases of actual returns
of equity exposures. Internal data on
private equity exposure returns may
reflect only those private equity
exposures that have experienced
positive returns and were exited
successfully (i.e., where a true market
price has been revealed). In short, the
returns on investments that have
achieved success measure only the
winners—as opposed to the entire
population of relevant private equities
(including those that failed). This
imparts an upward bias on the ex-ante
returns expected by banks. Accordingly,
banks that choose to use actual return
statistics for individual private equity
exposures or private equity funds,
whether provided by external vendors
or internally generated databases,
should fully understand how these
statistics are computed and, where
necessary, should make adjustments to
account for any selection biases that
may be present.
VI. Validation of Internal Models for
Equity Exposures
S 10–3 Banks must validate internal
models used for equity exposures.
21. The developmental evidence
provided for a VaR model should
include a discussion of the results from
a rigorous and comprehensive stress
testing of the model and estimation
procedure. This stress test should be
applied to volatility computations and
make use of either hypothetical or
historical scenarios that reflect worstcase losses given underlying positions.
Stress tests should provide information
about the effect of tail events beyond the
level of confidence assumed in the
internal models approach.
22. For purposes of evaluating the
capital requirements produced by a
bank’s internal model methodology,
banks should demonstrate that non-VaR
based internal models for equity
exposures (e.g., a stress scenario
analysis) provide risk estimates and
capital requirements that are at least as
conservative as those produced by a 99
percent VaR over one quarter for a
benchmark portfolio. The benchmark
portfolio should have sufficient data to
calculate a one quarter 99 percent VaR.
To demonstrate this, the bank should
run their internal model on the
benchmark portfolio and show that the
internal model produces a capital
amount for the benchmark portfolio that
is at least as great as the one quarter 99
percent VaR for the benchmark
portfolio. Banks that choose a scenario
E:\FR\FM\28FEN2.SGM
28FEN2
9144
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
analysis ‘‘stress-test’’-type model or
some other form of non-VaR-based
model do not have to run a VaR model
in parallel, but banks should be able to
compare their internal model to the VaR
for the benchmark portfolio.
23. For VaR models, model validation
through backtesting must be conducted
on a regular basis. Banks using such
models should construct and maintain
appropriate databases on the actual
quarterly performance of their equity
exposures, as well as on the estimates
derived using their internal models.
Banks should also backtest the volatility
estimates used within their internal
models and the appropriateness of any
external data used in the model. Banks
will have data available on different
equity exposures at different
frequencies. For example, price data for
public equities may be available daily,
and price data for private equities may
be available on a monthly or quarterly
basis. Banks can divide their equity
portfolio into several smaller portfolios
based on data availability and conduct
backtesting on the smaller portfolios.
When sufficient data are available,
banks should employ statistical-based
measures of the accuracy of their VaR
models.
VII. Consistency Between Internal
Models Used for Equity Exposures and
Risk Management Processes
S 10–4 Internal models used to
calculate risk-based capital
requirements for equity exposures must
be consistent with models used in the
bank’s risk management processes and
management information reporting
systems.
24. The internal model should be
fully integrated into the bank’s risk
management infrastructure. It should,
when appropriate, be used to establish
equity price risk limits, to evaluate
alternative investments, and to measure
and assess equity portfolio performance
(including the risk-adjusted
performance). The bank should
demonstrate the internal model’s role in
risk management (using investment
committee minutes, for example).
Chapter 11: Securitizations
sroberts on PROD1PC70 with NOTICES
Rule Requirements
Part III, Section 22(f): Securitization
exposures. A bank must obtain the prior
written approval of [AGENCY] under
section 44 [of the NPR] to use the
internal assessment approach for
securitization exposures to ABCP
programs.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
Part V: Risk-Weighted Assets for
Securitization Exposures
I. Overview
1. This chapter supplements the
detailed discussion of the framework for
securitization exposures in the NPR. It
describes the concepts, eligibility
criteria, and mechanics associated with
applying each of the three allowed
approaches—the ratings-based approach
(‘‘RBA’’), the internal assessment
approach (‘‘IAA’’), and the supervisory
formula approach (‘‘SFA’’). It also
discusses related topics, such as risk
transference, implicit support, early
amortization provisions, and control
and validation. This guidance applies to
a bank regardless of its role in the
securitization—investor or originator.
S 11–1 Banks must use the
securitization framework for any
exposures that involve the tranching of
credit risk (with the exception of a
tranched guarantee that applies only to
an individual retail exposure).
2. The securitization framework relies
principally on one of two sources of
information, where available: (1) An
assessment of the securitization
exposure’s external credit risk ratings or
(2) the IRB risk-based capital
requirement and expected loss of the
underlying exposures as if the
exposures had not been securitized. See
section 2 of the NPR for the definition
of a securitization exposure.
3. To determine risk-weighted assets
for securitization exposures, a bank
must: (1) Identify all securitization
exposures subject to the framework, (2)
assign each exposure to an approach
according to the specified hierarchy,
and (3) calculate risk-weighted assets (or
required deductions from capital)
according to the requirements for the
applicable approach.
S 11–2 Banks should develop
written implementation policies and
procedures describing the allowed
approaches, methods of application,
and designated responsibilities for
complying with the securitization
framework.
4. In addition to the IRB requirements,
originating banks should maintain
specific securitization policies and
procedures including the appropriate
accounting treatment for the
securitization exposure (FASB 140, FIN
46R), pooling and servicing agreements
for each securitization exposure (to
assess compliance with risk transference
and recourse requirements, waterfall
structure, trigger requirements for early
amortization structures), and
contractual arrangements related to risk
mitigation of the securitization exposure
PO 00000
Frm 00062
Fmt 4701
Sfmt 4703
(net interest margin transactions,
mitigating residual interest exposure).
5. Certain basic risk management
practices are also important to the
framework’s implementation. The
central component is a full written
description, or implementation guide,
detailing each step in the process. The
guide should include all key processes,
such as methods of identifying
exposures, selecting approaches,
documenting approvals and data
elements, and establishing
responsibility for oversight and quality
control. The remainder of this chapter
expands on how to apply the various
approaches, as well as supervisory
guidance regarding eligibility and sound
risk management practices.
II. Scope of Application
6. Tranching of credit risk is the
structuring of cash flows and credit
exposure so that an investor’s share of
the credit losses differ from its pro rata
interest in the underlying exposures.
Another characteristic of a
securitization exposure is that payments
to the various parties depend on
performance of the underlying
exposures, as opposed to an obligation
of the entity originating those
exposures.
7. Examples of securitization
exposures include asset-backed
securities, mortgage-backed securities
(including those issued by Fannie Mae
and Freddie Mac),24 stripped mortgagebacked securities, credit enhancements
and liquidity facilities to asset-backed
commercial paper (‘‘ABCP’’) programs,
collateralized debt obligations (‘‘CDO’’),
loan participation agreements that
include a tranching of payments such as
last-in and first-out, guarantees and
credit derivatives that provide tranched
(i.e., non-proportional) credit protection
against a pool of credit exposures,
reserve accounts, and other retained
residual interests.
8. Since securitization transactions
may be structured in a variety of ways,
the economic substance of the
transaction rather than its legal form
should guide both the designation of
exposures and the calculation of riskbased capital requirements.
III. General Principles of the
Securitization Framework
A. Risk Transference
S 11–3 Securitization transactions
must transfer credit risk to at least one
24 Fannie Mae and Freddie Mac mortgage-backed
pass-through securities are to be treated as
securitization transactions even though the risk of
the securitized mortgage pool has not been tranched
among investors.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
third party to qualify for treatment
under the securitization framework.
9. Securitization exposures must meet
all of the risk transference requirements
imposed by Generally Accepted
Accounting Principles (‘‘GAAP’’) and
regulatory requirements. In this regard,
banks should continue to use published
supervisory guidance related to risk
transference, recourse, and other
activities that constitute implicit
recourse.
10. For an exposure to qualify for
treatment under the securitization
framework, the transaction must meet
the requirements outlined in Statement
of Financial Accounting Standards No.
140 and must transfer credit risk from
the originator of the underlying
exposures to at least one third party. In
synthetic securitizations, credit risk
mitigants are often used to transfer the
credit risk of the underlying exposures,
which generally remain on the bank’s
balance sheet. In order to exclude the
underlying exposures from risk-based
capital requirements, banks must
comply with the operational
requirements for recognition of credit
risk mitigants in synthetic
securitizations set forth in section 41 of
the NPR. When the transaction does not
qualify for GAAP sales treatment, does
not satisfy the risk transference
requirement, contains an ineligible
clean-up call, or the bank has tainted
the transaction by providing implicit
support to the transaction,25 the bank
must include the underlying exposures
in the calculation of risk-based capital
requirements as if the securitization
transaction did not occur. For example,
transactions reported as GAAP sales that
do not transfer credit risk to third
parties, such as transfers of assets
subject to credit-enhancing
representations and warranties, require
the bank to include the underlying
exposures in the calculation of riskbased capital as if the transfer had not
occurred.
sroberts on PROD1PC70 with NOTICES
B. Implicit Support
S 11–4 Banks that provide implicit
support to securitization transactions
must hold risk-based capital as if the
underlying assets had not been
securitized, and must deduct from Tier
1 capital any after-tax gain-on-sale
resulting from the securitization.
11. Implicit support is credit support
provided by a bank in excess of its
contractual obligation under the original
25 In addition, as discussed in the NPR, if a bank
provides implicit support to any securitization, the
bank’s primary Federal supervisor may require the
bank to hold risk-based capital against the
underlying exposures of some or all of the bank’s
other securitizations.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
terms of the transaction. The issuer
provides such support often to maintain
access to funding and/or to protect its
reputation in the market. Providing
implicit support violates the risk
transference principles inherent in a
securitization transaction and, for riskbased capital purposes, requires that the
bank treat the underlying securitized
assets as if the securitization transaction
had not occurred.26 For example, banks
are considered to have provided
implicit support when they either:
• Sell assets to a securitization trust
or other special-purpose entity (SPE) at
a discount from the price specified in
the securitization documents (typically
par value);
• Purchase assets from a
securitization trust or other SPE at an
amount greater than fair value;
• Exchange performing assets for
nonperforming assets; or
• Provide credit enhancements
beyond contractual requirements.
12. Policies governing securitization
activities should explicitly refer to the
issue of implicit support, and include
criteria for identifying and reporting
instances of implicit support. An
independent risk management or review
group should systematically monitor
securitization transactions to identify
actions that constitute implied support
and ensure appropriate regulatory
capital treatment is applied.
C. Servicer Cash Advances
13. The risk-based capital requirement
for servicer cash advances generally will
be calculated using either the RBA or
SFA. The RBA can be used if the bank
can assign an inferred rating to the
servicer cash advance based upon a
rated subordinated tranche. If the RBA
is not available, and the bank can
compute the risk parameter estimates
for the SFA, the bank can apply the
SFA.
14. A bank is not required to hold
risk-based capital against the undrawn
portion of an eligible servicer cash
advance facility. An eligible servicer
cash advance is a servicer cash advance
facility in which:
• The servicer is entitled to full
reimbursement of advances (except that
a servicer may be obligated to make
non-reimbursable advances if any such
advance with respect to any underlying
exposure is limited to an insignificant
amount of the outstanding principal
balance of the underlying exposure);
• The servicer’s right to
reimbursement is senior in right of
26 A bank that provides implicit support is also
subject to related disclosure requirements in section
42(h) of the NPR.
PO 00000
Frm 00063
Fmt 4701
Sfmt 4703
9145
payment to all other claims on the cash
flows from the underlying exposures of
the securitization; and
• The servicer has no legal obligation
to, and does not, make advances to the
securitization if the servicer concludes
that the advances are unlikely to be
repaid. The advance is made only after
expected repayment is supported by a
credit assessment that is consistent with
prudent lending standards.
15. If these conditions are not
satisfied, a bank that provides a servicer
cash advance facility must determine its
risk-based capital requirement for the
undrawn portion of the facility in the
same manner as the bank would
determine its risk-based capital
requirement for any other undrawn
securitization exposure.
D. Clean-Up Calls
16. A clean-up call is a contractual
provision that permits a bank to call
securitization exposures before their
stated maturity date. In a traditional
securitization, a clean-up call is
generally accomplished by repurchasing
the remaining securitization exposures
once the amount of underlying
exposures or outstanding securitization
exposures fall below a specified level
and it becomes uneconomical to
maintain the transaction. In the case of
a synthetic securitization, the clean-up
call may take the form of a clause that
extinguishes the credit protection once
the amount of underlying exposures has
fallen below a specified level. An
originating bank may exclude
securitized exposures from its riskweighted assets calculated in
connection with a securitization that
has a clean-up call only if the clean-up
call is an eligible clean-up call as
defined in the NPR. The following are
required criteria for an eligible clean-up
call:
• The exercise of the clean-up call is
solely at the discretion of the servicer;
• The clean-up call is not structured
to avoid allocating losses to
securitization positions held by
investors, or otherwise structured to
provide credit enhancements to the
securitization; and
• The clean-up call is only
exercisable for traditional
securitizations when 10 percent or less
of the principal amount of underlying
exposures or securitization exposures
are outstanding, or for synthetic
securitization transactions, when 10
percent or less of the principal amount
of the original reference portfolio is
outstanding.
S 11–5 A clean-up call constitutes
implicit support if, in exercising the
call, the bank provides support in
E:\FR\FM\28FEN2.SGM
28FEN2
9146
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
excess of its contractual obligation to
provide support to the securitization.
17. The ultimate determination of
whether the exercise of a clean-up call
constitutes implicit support depends on
the facts. If the bank affects a clean-up
call on terms that differ from contractual
provisions, the following actions will
point to a finding of implicit support:
• Exercising a clean-up call that
serves as the functional equivalent of a
credit enhancement; or
• Purchasing assets from a trust or
other SPE at an amount greater than fair
value.
sroberts on PROD1PC70 with NOTICES
E. Maximum Capital Requirements for
Securitization Exposures
S 11–6 The maximum risk-based
capital requirement for all
securitization exposures held by a bank
associated with a single securitization
transaction is the amount of risk-based
capital plus expected losses that would
have been required had the underlying
exposures not been securitized.
18. Unless one or more of the
underlying exposures does not meet the
definition of a wholesale, retail,
securitization, or equity exposure, the
total risk-based capital requirement for
all securitization exposures held by a
single bank associated with a single
securitization—including any risk-based
capital requirement that relates to an
early amortization provision, but
excluding any capital requirements that
relate to the bank’s gain-on-sale or
CEIOs (and any accrued interest
receivables (‘‘AIR’’) that meet the
definition of a CEIO) associated with the
securitization—cannot exceed the sum
of (i) the bank’s total risk-based capital
requirement for the underlying
exposures as if the bank directly held
the underlying exposures; and (ii) the
bank’s total expected credit loss for the
underlying exposures.
19. If a bank has multiple
securitization exposures to an ABCP
program that provide overlapping
coverage of the underlying exposures,
such as when a bank provides a
program-wide credit enhancement and
multiple pool-specific liquidity
facilities, the bank is not required to
hold duplicative risk-based capital
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
against the overlapping position.
Instead, the bank may limit its capital
requirement for the overlapping
positions to the single applicable
treatment that results in the highest
capital requirement. However, if
different banks have overlapping
exposures to an ABCP program, each
bank must hold capital against the
entire amount of its exposure.
20. When a bank sponsors an ABCP
program and is required to consolidate
the program as a variable interest entity
under GAAP solely because it qualifies
as a primary beneficiary, it may exclude
the consolidated ABCP program assets
from risk-weighted assets. However, the
decision to exclude the consolidated
program from risk-weighted assets does
not exempt the bank from holding riskbased capital against any exposures to
that program in accordance with the
overall securitization framework.
IV. Hierarchy of Approaches
S 11–7 Banks must follow the
specified hierarchy of approaches to
determine risk-weighted asset amounts
for all securitization exposures.
21. The first step in determining the
risk-weighted asset amount for a
securitization exposure for either an
investing or originating bank is to
deduct entirely from Tier 1 capital all
increases in capital due to after tax gainon-sale income from the transaction. In
addition, any CEIOs, including any AIRs
that meet the definition of a CEIO, must
be deducted 50 percent from Tier 1
capital and 50 percent from Tier 2
capital.27 If the amount deductible from
Tier 2 capital exceeds the amount of
actual Tier 2 capital, the excess must be
deducted from Tier 1 capital.
22. Next, the bank applies one of the
three approaches for determining riskweighted assets: The RBA, the IAA, or
the SFA. The RBA and the IAA
calculate risk-weighted assets using
27 For specific guidance on the treatment of AIRs
see the Interagency Advisory on the Regulatory
Capital Treatment of Accrued Interest Receivable
Related to Credit Card Securitizations, dated May
17, 2002, and the Interagency Advisory on the
Accounting Treatment of Accrued Interest
Receivable Related to Credit Card Securitizations,
dated December 4, 2002.
PO 00000
Frm 00064
Fmt 4701
Sfmt 4703
supervisory tables based on external or
inferred ratings. Subject to specific
conditions, the SFA may be used for
securitization exposures when the IAA
or RBA is not available. Securitization
exposures that do not qualify for one of
these three approaches are deducted
from regulatory capital.
23. Banks must apply the three
approaches according to the following
hierarchy:
1. RBA—If the securitization exposure
is not required to be deducted and
qualifies for the RBA, the bank must
apply the RBA.28 In general, an
originating bank qualifies to use the
RBA if its retained securitization
exposure has at least two external
ratings or an inferred rating based on at
least two external ratings, while an
investing bank qualifies to use the RBA
if its securitization exposure has one or
more external or inferred ratings.
2. IAA or SFA—If a securitization
exposure is not required to be deducted,
does not qualify for the RBA, and is an
exposure to an ABCP program, the bank
may apply either the IAA or the SFA.
However, the bank must consistently
use either the IAA or the SFA when this
type of exposure would be eligible for
both approaches.
3. SFA—If the securitization exposure
is not required to be deducted, does not
qualify for the RBA, and is not an
exposure to an ABCP program, the bank
may apply the SFA if it is able to
calculate, on an ongoing basis, the SFA
risk parameters.
24. When a securitization exposure
does not qualify for the RBA, IAA, or
SFA, a bank is required to deduct the
exposure 50 percent from Tier 1 capital
and 50 percent from Tier 2 capital. If the
amount deductible from Tier 2 capital
exceeds the bank’s actual Tier 2 capital,
however, the bank must deduct the
shortfall amount from Tier 1 capital.
25. The following diagram illustrates
the hierarchy for the treatment of a
securitization exposure for either an
investing or originating bank:
28 Regardless of any other provision, the risk
weight for a non-credit enhancing interest-only
residential mortgage backed security (e.g., FNMA IO
Strip), may not be less than 100 percent.
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
V. IRB Approaches for Securitization
Exposures
A. Ratings-Based Approach
26. Banks may use the RBA to
determine the appropriate risk weight
for a securitization exposure if the
exposure is externally rated, or for a
non-rated exposure for which a rating
can be inferred. The appropriate risk
weight is multiplied by the
securitization exposure amount to arrive
at the appropriate risk-weighted asset
amount.
S 11–8 In order to use the RBA, the
securitization exposure must be
externally rated by an NRSRO, or be
eligible for an inferred rating.
27. For a bank to utilize the RBA, the
securitization exposure must be rated by
an NRSRO as defined in the NPR.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
28. A rating may be inferred if the
subject securitization exposure is senior
to another securitization exposure in the
transaction (that is backed by the same
underlying obligations and is issued by
the same issuer) that has an external
rating from an NRSRO. The applicable
rating to be applied for an inferred
rating is the current rating of the
subordinate rated tranche. Inferred
ratings should be updated at least
annually, or more frequently when
warranted, so that any changes in the
external rating or characteristics of the
rated exposure are reflected in a timely
manner. An inferred rating cannot be
derived from a proxy securitization
exposure (e.g., a similarly structured but
separate securitization exposure).
PO 00000
Frm 00065
Fmt 4701
Sfmt 4703
9147
S 11–9 The securitization
transaction must have an external
rating assigned by an NRSRO that fully
reflects the credit risk associated with
timely repayment of principal and
interest.
29. When a securitization exposure is
structured, the originating bank can
elect to have the securitization
transaction placed in the NRSRO’s
monitoring/surveillance program that
requires a periodic review of the
financial performance of the underlying
exposures. By placing the securitization
exposure in the NRSRO monitoring
program, the integrity of the credit
rating is maintained for the life of the
securitization exposure, and thereby
ensures that the credit rating fully
reflects the entire amount of credit risk
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.009</GPH>
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
9148
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
with regard to all payments owed to the
holder of the exposure. Securitization
exposures receiving a rating only at
origination are not eligible for the RBA.
The external rating must take into
account and reflect the entire amount of
credit risk exposure the bank has with
regard to all payments owed to it. If the
bank is owed both principal and
interest, the rating must fully reflect the
credit risk associated with timely
repayment of both. With certain
securitization exposures, such as
combination bonds, which generally are
combinations of a subordinated, unrated
securitization exposure and a highly
rated principal-only strip, the principal
component of the bond often receives a
higher rating than the interest
component. A rating structure such as
this does not qualify as a full credit
exposure rating, and therefore the RBA
is not available. In the event that a
rating does not capture the full credit
exposure, the bank may use the SFA if
applicable, or deduct.
30. When a bank has used the RBA (or
IAA) to calculate its risk-based capital
requirement for a securitization
exposure whose external or inferred
rating (or IAA rating) reflects the credit
enhancement of a credit risk mitigation
(‘‘CRM’’) technique, a bank may not
obtain additional risk-based capital
recognition of the CRM technique
through the securitization CRM rules in
section 46 of the NPR.
31. When a credit risk mitigant is not
obtained by the SPE but rather is
obtained by a bank separately to protect
itself against losses on a specific
securitization exposure (e.g., ABS
tranche), the bank may use the
applicable securitization CRM treatment
to recognize the hedge as outlined in
section 46 of the NPR.
S 11–10 Banks should document the
factors that support their use of the
RBA.
32. Factors the bank should document
include the identification of the
NRSROs, type of underlying exposures
(e.g., wholesale, retail), seniority of the
securitization exposure, pool
granularity, and placement of reference
tranches in the waterfall for inferred
ratings.
33. Senior securitization exposures
supported by granular pools receive
special treatment under the RBA. Only
one tranche may be considered ‘‘senior’’
for each transaction. In a traditional
securitization where all tranches above
the first-loss piece are rated, the most
highly rated position would be treated
as the senior tranche. However, when
several tranches share the same rating,
only the most senior tranche in the cash
waterfall, according to security
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
provisions in the indenture, would be
treated as the senior position. In a
synthetic securitization, a super-senior
tranche would be treated as the senior
tranche. Eligible servicer cash advances
are not considered in the seniority
assignment for the RBA.
34. Pool granularity refers to the
number of different underlying
exposures. The RBA considers the
impact of pool granularity on credit risk
by assigning higher risk-weight
percentages to non-granular pools.
Securitizations of retail exposures
contain a significant number of
underlying exposures and will be
considered granular for risk-weighting
purposes.
B. Internal Assessment Approach
Overview
35. A bank’s exposures to ABCP
conduit programs (i.e., liquidity
facilities and credit enhancements) are
considered securitization exposures for
which the bank must hold risk-based
capital. Where ABCP exposures qualify
for the RBA approach, the RBA must be
used to calculate risk-weighted assets.
However, exposures such as ABCP
liquidity facilities and credit
enhancements are generally unrated.
Subject to qualification standards, a
bank may use either the IAA or the SFA;
however, one approach must be used
consistently for all the bank’s exposures
to ABCP programs.
36. To qualify for the use of the IAA,
a bank must at a minimum demonstrate
that its ABCP program meets specific
operational requirements set forth in the
NPR. A bank may apply the IAA to
exposures related to ABCP programs
and to exposures to programs that are
similarly structured, which could
include structured investment vehicles,
tender option bonds, and variable note
programs, as long as they meet the
NPR’s definition of an ABCP program.
The bank must demonstrate that it has
met the qualification standards for each
asset class for which it has exposure.
37. The IAA requires a bank to use an
internal credit assessment (‘‘ICA’’)
framework that maps or corresponds
directly to NRSRO rating criteria for a
similar asset class. For example, if the
pool of assets consists of credit card
receivables, the bank’s credit assessment
for a liquidity facility or credit
enhancement extended to the pool
should be based on the NRSRO’s rating
criteria for credit card receivables. In
order to use the IAA, the bank’s ICA
process should at a minimum (a)
identify reliable historical loss rates on
the underlying exposures, (b) map
internal ratings to specific ratings of the
PO 00000
Frm 00066
Fmt 4701
Sfmt 4703
NRSRO, as well as validate the mapping
process to ensure its integrity and
accuracy, and (c) document the criteria
used to arrive at the ICA rating. See
section 44(a)(1) of the NPR for a
complete list of the criteria a bank’s ICA
process must meet in order for the bank
to obtain approval from its supervisor to
use the IAA.
38. After assigning an internal rating
based on the appropriate ICA
framework, the bank calculates riskweighted assets by applying the
applicable risk weights from the RBA
tables to the amounts of the ABCP
program exposures. Consistent with the
RBA, the applicable risk-weight
assignment requires three additional
inputs—the seniority of the exposure,
an assessment of pool granularity, and
whether the ICA is a long- or short-term
rating. Pool granularity is based on the
number of underlying exposures, with
exposures to a single obligor aggregated.
ABCP liquidity facilities would be
considered senior exposures provided
they meet the definition of a senior
securitization exposure in the NPR.
39. For example, the ICA for a $10
million (maximum contractual value)
liquidity facility has an ICA that is
equivalent to a long-term external rating
of ‘‘AA.’’ Using the RBA tables, a risk
weight of 8 percent is applicable,
resulting in risk-weighted assets of
$800,000 provided (1) the position is
senior exposure, (2) the pool is granular,
and (3) there is a long-term rating (e.g.,
‘‘AA’’). If it is determined that the pool
is non-granular, the risk weight is 25
percent, or risk-weighted assets of $2.5
million.
40. The IAA’s reliance on an NRSRO’s
rating methodology and ratings criteria
for the applicable asset class does not
reduce the level of analysis, review, and
due diligence that the bank should
conduct as part of the initial purchase
decision, and regularly thereafter.
41. The systems and processes used
by the bank for risk-based capital
purposes must be consistent with the
bank’s internal risk management
processes and management information
reporting systems. For example, the
conduit’s ICA ratings process should be
linked to the required seller-provided
credit enhancement levels,
establishment of transaction dynamic
trigger levels, tracking of individual
obligor exposure levels, and
establishment of concentration levels.
Also, the risk management systems
should capture the market (interest rate
mismatch), liquidity (commercial paper
maturity laddering, extendable funding
products) and operational (integration of
servicer and investor reporting) risks
associated with the conduit activities.
E:\FR\FM\28FEN2.SGM
28FEN2
9149
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
VI. Internal Credit Assessment Process
in the IAA
S 11–11 Banks’ internal credit
assessment processes should be
comprehensive, transparent,
independent, well-defined, and fully
documented.
42. The ICA process should address
the full range of activities, including
pre-purchase analysis of the proposed
transaction, verification of the seller’s
representation of the assets’ risk
characteristics, the assignment of
internal credit assessments, and ongoing validation to ensure the integrity
of the process and rating accuracy.
43. The bank must have an effective
system of controls and oversight that
ensures compliance with these
operational requirements and maintains
the integrity and accuracy of the
internal credit assessments. The bank
must have an internal audit function
independent from the ABCP program
business line and internal credit
assessment process that assesses at least
annually whether the controls over the
internal credit assessment process
function as intended.
44. Banks should be able to
demonstrate that these assessments
accurately capture and quantify the risk
inherent in these exposures. To
facilitate transparency, banks should
have (1) approved policies and
procedures, (2) a written and detailed
summary of the processes, including the
roles and responsibilities of relevant
parties, and (3) management
information reports on items such as
pool status, usage of liquidity and/or
credit enhancement facilities, and other
risk management issues (e.g. level of
losses relative to seller-provided credit
protection or proximity to termination
events).
45. The bank should clearly document
its processes for determining the
required level of seller-provided credit
enhancement, including the level of
historical losses and the NRSRO’s stress
factor used to establish equivalency to a
specific external rating. The bank
should be able to demonstrate that the
pool’s loss estimate is empirically
based, credible, and predictive of
expected losses. Historical and current
information on delinquencies, chargeoffs, recoveries, dilution,29 and obligor
and geographic concentrations should
be maintained to support these
estimates.
46. The time horizon for historical
losses should be consistent with the
number of years used in the NRSRO’s
external rating criteria. For instance,
with respect to the performance of a
pool that is comprised of trade
receivables, the program administrator
should use at least three years of loss
data when determining the required
level of credit enhancement.
47. When adjustments are made to an
internal credit assessment that are based
on factors not included in the NRSRO’s
rating criteria, written rationale and
support should be available. In addition,
the bank should be able to provide
evidence that the adjustments were
subject to an appropriate approval
process.
48. When reviewing the seller’s risk
profile, the sponsoring bank (or program
administrator) should analyze both the
credit risks of the underlying assets and
the seller’s risk profile. The transaction
summary provided by the seller should
include information on the default risk
of the underlying assets, including
historical loss characteristics,
concentrations, delinquencies, and
payment history. In addition, the bank
should assess the quality of the seller’s
underwriting practices as an indicator of
the future performance of the
underlying assets.
49. The assessment of the seller’s risk
profile should include past and
expected financial performance and
condition (e.g., leverage, cash flow, and
interest coverage), the seller’s current
market position, expected future
competitiveness, and debt rating.
50. Credit and investment policies
should include the following: WellPurchase
authorization
Conduit funding
sroberts on PROD1PC70 with NOTICES
Credit Card .........................................................
Account Rec. ......................................................
Trade Rec. .........................................................
29 Dilution is the reduction of the asset receivable
due to customer returns of sold goods, warranty
claims, disputes between the seller and its
customers, and other factors. Sellers are generally
required to establish a reserve to cover a multiple
of historical dilution. The adequacy of the dilution
reserve is reviewed at the inception of the
transaction and may or may not be incorporated in
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
$400,000
400,000
400,000
Pool
balance
$0
250,000
300,000
Frm 00067
Fmt 4701
Sfmt 4703
Pool Summary
LF
coverage
$400,000
400,000
400,000
the seller-provided credit enhancement for the pool
of assets sold to the conduit.
30 Termination events, also referred to as
‘‘dynamic’’ or wind-down triggers, are used to
mitigate the occurrence of losses due to a
deteriorating asset pool or an event that may hinder
the conduit’s ability to repay maturing commercial
paper. Pool-specific triggers include the insolvency
or bankruptcy of the seller/servicer of assets, a
PO 00000
defined underwriting standards for
purchased assets; the minimum
requirements for a seller’s credit quality;
limits on transaction size; limits on
concentrations for obligors, asset types,
or geographic exposure; required
structural features; procedures for
monitoring and reporting pool
performance; and required levels of
liquidity and credit support.
51. The bank should maintain a
transaction summary to support each
ABCP program exposure. The summary
should include the following: The
structure of the pool transaction; the
type and details of the bank’s support
for the program or pool; a profile of the
seller (asset originator); the criteria used
to determine the eligibility of assets; the
risk characteristics of the purchased
assets (e.g., credit quality and tenor);
dilution risk; statistics on the historical
performance of the underlying assets
and other similar asset pools; and
termination events.30
52. When the liquidity facility and
either transaction specific or programwide credit enhancement overlap, banks
are required to hold capital only once
for any overlap. However, banks must
allocate the program-wide credit
enhancement overlap across pools that
results in the highest risk-based capital
requirement. For example, assume an
ABCP program is made up of a pool of
credit card receivables, a pool of loan
receivables, and a pool of trade
receivables. The bank has issued
liquidity facilities for $400,000 for each
pool and a $120,000 program-wide
credit enhancement facility. The
liquidity facilities for the credit card
and loan pools are internally-rated as
‘‘AAA,’’ with the trade receivables’ pool
rated as ‘‘A+.’’ The credit enhancement
is rated ‘‘A.’’ The appropriate risk-based
capital charge for the liquidity facility
and credit enhancement is detailed in
the table below.
LF
tenor
366 day .....
366 day .....
366 day .....
Internal
credit ass.
NRSRO
equivalent
2
2
3
‘‘AAA’’
‘‘AAA’’
‘‘A+’’
downgrade of the seller’s credit rating below a
certain rating grade, or the deterioration of the asset
pool to the point where charge-offs, delinquencies,
or dilution reaches predetermined levels. Programwide triggers include the conduit’s failure to repay
maturing commercial paper or draws on the
program-wide credit enhancement that exceed a
certain amount.
E:\FR\FM\28FEN2.SGM
28FEN2
9150
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Purchase
authorization
Conduit funding
Total ............................................................
Credit Enhancement ..........................................
Pool
balance
1,200,000
120,000
LF
coverage
LF
tenor
Internal
credit ass.
550,000
....................
1,200,000
....................
...................
NRSRO
equivalent
4
‘‘A’’
Overlap and Risk-Weighted Assets
LF exposure
amount net of
overlap adjustment
Credit Card .............................................
Account Rec. .........................................
Trade Rec. .............................................
LF RWA
$0
* 250,000
300,000
$0
** 17,500
30,000
Total Risk-Weighted Assets ...........
CE exposure
amount net of
overlap adjustment
CE RWA
$120,000
0
0
Total RWA
$24,000
0
0
$24,000
$47,500
$24,000
17,500
30,000
$71,500
* $250,000 ¥ 0 = $250,000.
** (LF ¥ CE Overlap) × RWA% for respective NRSRO equivalent rating ($250,000 × 7% = $17,500).
53. Using the same underlying
exposures as in the above example, the
bank has issued liquidity facilities for
$400,000 for each pool and a $120,000
credit enhancement facility. However,
the credit enhancement in this example
is transaction specific, allocated at
$40,000 per transaction. The liquidity
facilities for the credit card and loan
pools are internally-rated as ‘‘AAA,’’
with the trade receivables’’ pool rated as
‘‘A+.’’ The credit enhancement is rated
Purchase
authorization
Conduit funding
Pool
balance
‘‘A.’’ The appropriate risk-based capital
charge for the liquidity facility and
credit enhancement is detailed in the
table below.
Pool Summary
LF
coverage
Credit Card .........................................................
Account Rec. ......................................................
Trade Rec. .........................................................
$400,000
400,000
400,000
$0
250,000
300,000
$400,000
400,000
400,000
Total ............................................................
Credit Enhancement ..........................................
1,200,000
120,000
550,000
LF
tenor
Internal
credit ass.
NRSRO
equivalent
366 day .....
366 day .....
366 day .....
2
2
3
‘‘AAA’’
‘‘AAA’’
‘‘A+’’
1,200,000
..............
4
‘‘A’’
Overlap and Risk-Weighted Assets
LF exposure
amount net of
overlap adjustment
Credit Card .............................................
Account Rec. .........................................
Trade Rec. .............................................
LF RWA
$0
* 210,000
260,000
CE exposure
amount of overlap
adjustment
$0
** 14,700
26,000
Total Risk-Weighted Assets ...........
CE RWA
$40,000
40,000
40,000
Total RWA
$8,000
*** 8,000
8,000
$24,000
$40,700
$8,000
22,700
34,000
$64,700
sroberts on PROD1PC70 with NOTICES
* $250,000 ¥ 40,000 = $210,000.
** (LF ¥ CE Overlap) × RWA% for respective NRSRO equivalent rating ($210,000 × 7% = $14,700).
*** CE × RWA% for respective NRSRO equivalent rating ($40,000 × 20% = $8,000).
S 11–12 Banks should analyze the
servicer’s capabilities and document
the analysis in the internal assessment.
54. The analysis should consider the
servicer’s data systems, data capabilities
(or consider the capabilities of the
servicer’s data systems), excess capacity,
collections processes, reliance on
vendors or other service bureaus, and
backup servicing arrangements. A
separate rating for the servicer may also
be assigned, and should consider the
servicer’s financial position, operating
capabilities, historical pool
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
performance, and other criteria such as
a publicly available NRSRO servicer
rating report.
VII. Validation of IAA
S 11–13 The bank must validate its
ICA process on an ongoing basis and at
least annually the ICA process and
results must be subject to the full range
of the bank’s IRB validation activities.
55. The bank should review the
relationship between the credit
assessment process and the NRSRO’s
current rating criteria to ensure that
PO 00000
Frm 00068
Fmt 4701
Sfmt 4703
internal credit assessments are
appropriately aligned to external ratings
and reflect the NRSRO’s rating criteria.
56. The robustness of the validation
process should be consistent with the
complexity and volume of the bank’s
activities. Validation should consider
the relevance and appropriateness of the
NRSRO rating methodologies to the
purchased assets, the integrity of the
mapping process and its application to
the bank’s ABCP program exposures,
and the quality of the bank’s risk
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
management and internal controls in
this business line.
57. Developmental evidence is
particularly relevant to the IAA. A bank
should be able to provide evidence to
support the integrity of its ICA process.
Written documentation should include,
but is not limited to: (1) How the
process is consistent with the NRSRO’s
rating criteria to which the bank is
mapping assessments, (2) the process for
verifying the seller’s estimates of
historical loss for the purchased assets,
and (3) the methodology used to assess
the risk characteristics of the asset
seller, the servicer, and program
administrator (when not the bank). The
bank should be able to support that its
process is complete and that its ICAs are
accurate based on their design and
implementation.
58. Process verification should focus
on whether the policies and procedures
are sufficiently detailed to support
transparency and replication of the
assessments, as well as the extent to
which the process operates as designed.
The process review should include (1)
quantifying risk across the spectrum of
the bank’s exposures, and (2) evaluating
the completeness, accuracy, and
applicability of the data that supports
the securitization framework.
59. The bank should perform
backtesting or outcomes analysis on the
ICA ratings. This should also include
tracking the financial performance of
the underlying exposures including the
ICA rating for the securitization
exposure. At a minimum, the review
process should be performed annually,
or more frequently when there are
significant changes in the NRSRO’s
rating criteria or the performance of the
underlying assets warrants an
adjustment to the bank’s internal
assessment. Performance analysis
should cover not only the level of excess
spread, but also trends and volatility in
excess spread components such as
interest and fee revenues, bond
coupons, payment rates, loss rates, and
other variable components affecting
securitization performance.
sroberts on PROD1PC70 with NOTICES
A. Supervisory Formula Approach
Overview
60. The SFA may be available to
determine the risk-based capital
requirement for unrated securitization
exposures when an external rating is not
available or cannot be inferred, or when
the bank chooses not to use, or does not
qualify to use, the IAA.31 The SFA
31 The exposure may be related to a conduit
program, but the bank does not meet the operational
standards to use the IAA. Under this scenario,
banks may use the SFA.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
calculation relies, in large part, on the
risk-based capital requirement that
would be assessed had the exposures
underlying the securitization not been
securitized. The SFA relies on this
calculation as its starting point since
securitizing a pool of exposures does
not change the overall amount of credit
risk, but merely changes how credit risk
is distributed to the holders of the
securitization exposures. Regulatory
overrides, based on supervisory
judgment, have been added to this pure
model-based assessment of credit risk to
ensure that (1) a minimum regulatory
capital requirement is assessed on all
securitization exposures, (2) tranches
with insufficient credit enhancement
are assessed a dollar-for-dollar capital
requirement, and (3) model
discontinuities are minimized.
Common Unrated Securitization
Exposures Subject to the SFA
61. The SFA provides banks a means
of calculating risk-based capital
requirements for unrated securitization
exposures. The SFA allows for a more
risk sensitive capital requirement for
higher quality, unrated securitization
positions that lie above the KIRB
boundary, provided the bank has access
to the information necessary to
parameterize the SFA. Regardless of the
information the bank has on the
underlying securitized exposures and
the securitization structure, CEIOs,
including any AIRs that meet the
definition of a CEIO, will remain subject
to deduction.
62. Banks could use the SFA to
determine risk-based capital
requirements for the following common
unrated securitization exposures:
• Unrated credit enhancements,
including cash collateral, and spread
accounts;
• Unrated CDO equity tranches;
• Other unrated retained or
purchased subordinated securities from
traditional or synthetic securitizations;
• Loans sold or serviced with
recourse when the risk retained is of a
different priority than the risk
transferred;
• Loan participations and
syndications when there is other than a
pro-rata form of distribution;
• Unrated securitization exposures
resulting from a bank’s participation in
the FHLB Mortgage Partnership Finance
Program or Mortgage Purchase Program;
• Unrated exposures resulting from
pool-level mortgage insurance programs;
• Senior synthetic securitization
exposures when a rating cannot be
inferred;
• MBS/ABS retained by the originator
with less than two external ratings; and
PO 00000
Frm 00069
Fmt 4701
Sfmt 4703
9151
• ABCP credit enhancements and
liquidity facilities for which the bank
has not received approval to use the
IAA, or chooses for any reason not to
use it.
The above is intended to provide
examples of securitization exposures
that would be subject to the SFA;
however, there are likely additional
securitization exposures that could be
evaluated with the SFA. As the
securitization market evolves,
additional structures may emerge that
will be subject to the SFA.
Implementation of the SFA
63. Banks are required to provide
seven inputs when implementing the
SFA. These inputs include:
• The amount of underlying
exposures (UE);
• The sum of the IRB capital
requirement and expected loss on the
underlying exposures, divided by UE
(KIRB);
• The effective number of underlying
exposures (N);
• The exposure-weighted average loss
given default of the underlying
exposures (EWALGD);
• The percentage of the tranche of
interest the bank owns (TP);
• The thickness of the tranche of
interest (T) in relation to UE; and
• The credit enhancement level for
the tranche of interest (L).
64. To use the SFA the bank must
have these inputs to calculate the
capital requirement on the underlying
exposures. The first four inputs (UE, N,
EWALGD, and KIRB) require the bank to
have a detailed knowledge of the
characteristics of the underlying
securitized exposures. The remaining
three inputs (TP, T and L) require
detailed knowledge of the structural
features of the securitization.
65. Since the calculation of KIRB
requires detailed knowledge of the
underlying exposures, the SFA may be
difficult for an investor in an unrated
securitization exposure to implement.
For example, if a bank provides credit
enhancement to wholesale exposures
originated and securitized by another
party, the bank as credit enhancer may
not have access to the data to accurately
derive the inputs necessary (e.g., and
PD, LGD, M and EAD) to calculate KIRB.
In this situation, the bank as credit
enhancer would not be able to use the
SFA to compute regulatory capital
requirements on the unrated
securitization exposure, and would be
required to deduct the exposure from
regulatory capital.
66. Banks must also be prepared to
update the SFA inputs quarterly.
Because the output of the SFA is
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
predicated upon KIRB, any changes in
the quality of the underlying exposures
will result in a change in the SFA
capital requirement. For example,
deterioration in the collateral values of
the underlying exposures would likely
result in increased values for EWALGD
and KIRB, which would generate a
higher SFA capital requirement for each
securitization tranche. Additionally, the
prepayment of smaller exposures in a
pool may lead to a more concentrated,
riskier pool as N decreases.
Calculation of KIRB
67. KIRB represents the ratio of (i) the
IRB capital requirement plus the
expected credit losses of the underlying
exposures had they not been securitized
to (ii) UE, which is discussed below. All
underlying exposures should be
included in the calculation of KIRB,
including assets in reserve accounts.
The counterparty credit risk charge
associated with derivative instruments
should also be reflected in the
numerator of KIRB, while the EAD of
derivatives should be reflected in the
denominator. The calculation of KIRB
should also reflect the effects of any
credit risk mitigant that is applied on
the underlying exposures that benefits
all the securitization exposures. CEIOs,
including any AIRs that meet the
definition of a CEIO, should not be
included in the calculation of KIRB.
68. When banks have established a
valuation allowance other than an ALLL
or liability reserve on an underlying
exposure, both the numerator and
denominator of KIRB should be
calculated using the gross amount of the
sroberts on PROD1PC70 with NOTICES
Where:
• C1 is the largest exposure in the pool;
• Cm is the share of the pool composed by
the ‘‘m’’ largest underlying exposures;
and
• ‘‘m’’ is selected by the bank.
Alternatively, if only C1 is available
and is no more than .03, a bank may set
EWALGD at 50% and N at 1/C1. When
determining N and EWALGD for a
particular non-retail securitization,
banks should document which
methodology for calculating N and
EWALGD is applied.
74. The remaining three required
inputs necessary to implement the
SFA—the percentage of the tranche of
interest the bank owns (TP), that
tranche’s credit enhancement level (L),
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
exposure without the specific provision.
In this situation, the valuation
allowance can be used to reduce the
amount of deduction from capital
associated with the securitization
exposure. A detailed application of this
treatment appears in Example 2 of this
chapter’s Appendix A.
Calculation of UE
69. The amount of underlying
exposures (UE) is the EAD of any
underlying wholesale and retail
exposures (including the amount of any
funded spread accounts, cash collateral
accounts, and other similar funded
credit enhancements) plus the amount
of any underlying exposures that are
securitization exposures plus the
adjusted carrying value of any
underlying equity exposures. For
purposes of the SFA, the amount of an
on-balance sheet securitization exposure
is: (i) The bank’s carrying value, if the
exposure is held-to-maturity or for
trading; or (ii) the bank’s carrying value
minus any unrealized gains and plus
any unrealized losses on the exposure,
if the exposure is available-for-sale. The
amount of an off-balance sheet
securitization exposure is the notional
amount of the exposure. For a
commitment, such as a liquidity facility
extended to an ABCP program, the
notional amount may be reduced to the
maximum potential amount that the
bank currently would contractually be
required to fund. For an OTC derivative
contract that is not a credit derivative,
the notional amount is the EAD of the
derivative contract as calculated in
section 32 of the NPR.
and that tranche’s thickness (T)—
require the bank to understand the
securitization’s structure and loss
prioritization. Banks should document
the amount of the tranche they own
relative to the outstanding issuance of
the tranche in order to accurately
calculate TP. Additionally, banks
should document their understanding of
the securitization’s structure and loss
prioritization in order to accurately
calculate L and T.
75. Banks must also update their
calculations of TP, L and T on an
ongoing basis. For example, payments to
senior tranches in a particular structure
may result in increases in L for junior
tranche holders. Increasing defaults or
PO 00000
Frm 00070
Fmt 4701
Sfmt 4703
Calculation of N and EWALGD
70. Although the SFA can be used for
a pool containing only one asset, the
SFA generally yields higher risk-based
capital requirements for highly
concentrated, non-granular pools.
Therefore, the effective number of
exposures (N) weights each exposure by
its size to account for the higher risk in
more highly concentrated, non-granular
pools. When calculating N, multiple
exposures to the same borrower are
considered a single exposure. A sample
calculation of N is included in
Appendix A.
71. The exposure-weighted average
loss given default (EWALGD) is the LGD
of each exposure weighted by the size
of each exposure. The weighting process
is designed to give the LGD of larger
exposures more weight in determining
the EWALGD of the overall pool. A
sample calculation of exposureweighted EWALGD is also included in
Appendix A.
72. For retail securitizations, banks
are not required to calculate N and
EWALGD. The two SFA variables— h
and v —requiring N and EWALGD as
inputs, are reduced to 0 for
securitizations where all underlying
exposures are retail exposures.
73. A simplified method of
calculating N and EWALGD is also
available for securitizations as long as
the size of the largest exposure is known
with certainty and is no larger than 3
percent of the entire pool. In this case,
banks may set EWALGD = 50% and N
can be calculated as:
loss severity in the underlying
exposures may reduce L and T.
Additionally, a bank’s decision to
mitigate its exposure through a partial
sale of a particular tranche will reduce
TP.
Calculation of T, L, and TP
76. T is the ratio of the amount of the
tranche of interest to UE. L is the sum
of (i) T to (ii) UE, for all tranches
subordinate to the tranche of interest.
The current outstanding principal
balance or notional amount of the
tranche of interest should be used when
calculating T. TP is the ratio of the
amount of the bank’s securitization
exposure to the amount of the tranche
that contains the securitization
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.010</GPH>
9152
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
exposure. L should be measured
without any consideration of the effects
of tranche-specific credit enhancement
(e.g., third party guarantees or collateral
that benefit only the tranche of interest).
77. UE must equal the sum of the
individual thickness levels of each
tranche. Therefore, credit enhancement
based upon future cash flows, such as
excess spread, CEIOs, non-credit
enhancing IOs, or the subordination of
fees in the cash flow waterfall, should
be excluded for purposes of calculating
L and T. Both L and T should include
only funded reserve and spread
accounts. Derivatives embedded in
securitization structures should be
measured based only upon current
mark-to-market value, if positive,
without regard to potential future
exposure.
78. Cash advances made by a servicer
to an SPE to cover delinquent or late
payments on the underlying exposures
should be included in the calculation of
L and T. When a servicer makes a cash
advance to an SPE, it puts money into
the SPE in order to pay down investor
tranches; the pay-down of investor
tranches does not bring any
corresponding reduction in the
principal balance of the underlying
exposures. Therefore, in order for the
sum of the tranches to equal UE,
servicer cash advances should be
considered in the calculation of L and
T. Servicer cash advances that are not
considered credit enhancing can be
assumed to be the most senior
securitization exposure in a
securitization, with L calculated
accordingly. For servicer cash advances
that are in any way credit enhancing,
the calculation of L should reflect the
advance’s degree of subordination.
79. Refer to this chapter’s Appendix A
‘‘Description of the Supervisory
Formula Approach (SFA),’’ for further
details.
Special Considerations for
Re-securitizations
80. Re-securitizations, such as CDOsquared, represent a new securitization
in which the underlying exposures are
themselves securitization interests and
present a unique challenge in the
calculation of UE, N, EWALGD and
KIRB. As a general rule, banks holding
securitization exposures in resecuritizations should not ‘‘look
through’’ to the exposures underlying
the securitized securitization tranches
when calculating UE, N, EWALGD and
KIRB and must set EWALGD equal to
100 percent for re-securitizations.
81. For example, if a bank holds an
unrated securitization exposure in
which the underlying exposures consist
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
entirely of rated securitization interests,
the bank first would sum the exposure
amounts associated with these rated
securitization interests to obtain UE.
Next, the bank would use the RBA to
determine KIRB for these rated
securitization interests, applying dollarfor-dollar capital to those exposures
rated below BB¥. Since the RBA risk
weights include expected losses, no
additional adjustment to KIRB for
expected losses is necessary. After
determining KIRB, the bank calculates
the effective number of exposures based
upon the relative size of the underlying
securitization tranches included in the
re-securitization pool, without ‘‘looking
through’’ to the exposures underlying
the securitized tranches. Next, the bank
would assume that EWALGD equals 100
percent. At this point, the bank would
have sufficient information on the
underlying exposures to apply the SFA
to the unrated re-securitization tranche
of interest.
Pool Level Mortgage Insurance
82. Certain transactions may
incorporate pool insurance as a form of
credit enhancement for a pool of
mortgage loans. Pool insurance can take
various forms but generally provides
insurance coverage for the pool of loans
up to a maximum amount (a ‘‘stop loss’’
level) and can include loss coverage for
each loan within the pool. The extent of
coverage is negotiable and may result in
100 percent loss coverage on defaulted
loans, or modified pool insurance that
results in lower or variable levels of
coverage on defaulted loans using loanto-value limits, for example.
83. The credit risk mitigation benefits
of pool insurance may be recognized in
determining the appropriate risk-based
capital requirement. Pool insurance that
covers all or a pro rata share of all losses
in a pool is recognized in the retail
segmentation process (see Chapter 4, S
4–4 and accompanying text). Pool
insurance that incorporates a tranching
of credit risk is addressed in the
securitization framework. In
circumstances where a securitization
structure with external credit ratings
benefits from pool level insurance, such
ratings incorporate the effects of credit
risk mitigation and would, under the
securitization framework (RBA), provide
a method for the assessment of the
appropriate capital requirement. For
unrated securitization transactions, the
credit risk mitigation effect of the pool
insurance would need to be assessed
under the SFA framework. The pool
insurance and its application to the pool
assets should be fully documented.
Specifically, the documentation should
describe and support the quantification
PO 00000
Frm 00071
Fmt 4701
Sfmt 4703
9153
of the credit risk that is being absorbed
by the pool insurance, and detail how
cash proceeds from the pool insurance
are applied within the waterfall
structure to effect a reduction in credit
risk.
84. For securitization exposures
where the underlying exposures benefit
from guarantees such as pool level
mortgage insurance, the bank may be
able to utilize the synthetic
securitization rules to calculate the
benefit of the guarantee. The bank
should ensure that securitizations for
which the SFA or synthetic
securitization is applied have
reasonably strict contractual loss
prioritization rules embedded into the
deal. The following example outlines
the process for calculating the capital
requirement for a securitization that
contains a pool level credit risk mitigant
with a stop loss level:
Example
Pool level insurance covers the first
$8 of loss on a $100 retail mortgage loan
pool.
Step Process
1. Calculate the risk-based capital
requirement for the underlying
exposures according to the retail IRB
rules: EL estimation, retail
segmentation, PD and LGD estimation,
and the retail risk-weight function;
2. Use the risk-based capital
requirement from step 1 to determine
KIRB and then use the SFA to calculate
the risk-based capital requirement on
the $92 senior position (where the $8
first loss coverage of the insurance is
treated as a junior tranche);
3. Calculate the risk-based capital
requirement on the $8 position as if it
were a direct exposure to the insurer
using the guarantor’s PD, the bank’s
estimate of the guarantor’s ELGD and
LGD, and the corporate risk-weight
function. The PD of the guarantor is
subject to the 3 basis point wholesale
floor; and
4. The total risk-weight capital
requirement is the sum of the capital
requirements in steps 2 and 3.
Loss Prioritization
S 11–14 Banks should document the
securitization structure and loss
prioritization.
85. A bank may use the SFA only if
it can calculate each of the SFA input
parameters on an ongoing basis. For the
purpose of calculating L, the credit
enhancement level for the tranche of
interest, this requirement implies that
bank must be able to calculate how the
pool’s credit losses will be allocated
among the deal’s various tranches not
only at the deal’s inception, but over
E:\FR\FM\28FEN2.SGM
28FEN2
9154
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
time. Otherwise, the SFA may not be
used.
86. For some transactions, the
allocation of credit losses among
tranches may depend on certain
contingencies, such as the specific
timing of credit losses over the life of
the deal, the possibility that
subordinated tranches may amortize
prior to full retirement of senior
tranches, the speed at which reserve
accounts will be built up through
retained excess spread, or structural
features whereby the losses allocated to
a particular tranche may depend on how
these losses are distributed among the
exposures in the underlying pool. The
existence of such contingencies does not
automatically disqualify a bank from
using the SFA to compute the capital
charge for an unrated securitization
exposure. However, the structure of the
transaction should be sufficiently clear
cut to enable the bank to determine the
loss prioritization associated with each
potential contingency. Furthermore, the
calculation of L should address
contingencies in a manner that is
demonstrably conservative, for example,
by calculating L to reflect those
contingencies that are least favorable to
the bank. In all cases, the calculation of
L must comply with applicable rules for
recognizing credit enhancements (e.g.,
unfunded reserve accounts may not be
recognized).
sroberts on PROD1PC70 with NOTICES
VIII. Early Amortization Provisions
87. In addition to holding capital
against any retained interest in a
securitization transaction, originating
banks are required to hold capital
against the investors’ interest (both
drawn and undrawn balances) in a
securitization that includes one or more
underlying exposures in which the
borrower is permitted to vary the drawn
amount within an agreed limit under a
line of credit and that contains an early
amortization feature. The likelihood of
triggering an early amortization
increases as the level of excess spread
declines. Accordingly, a bank would be
required to hold increasing amounts of
risk-based capital as the probability of
an early amortization event increases.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
Total risk-based capital requirements for
securitization transactions subject to the
early amortization capital requirement
continue to be limited by the maximum
capital requirement discussed earlier.
Policies should also address the use of
early amortization clauses, including
realistic consideration of contingency
funding plans, capital plans, and
reporting systems necessary to monitor
and assess the risk and likelihood of an
early amortization event.
88. For an originating bank, the riskweighted asset amount for the investors’
interest in the securitization is equal to
the product of the following four
quantities: (1) The investors’ interest
EAD; (2) the appropriate conversion
factor; (3) KIRB; and 12.5. Under the
securitization framework, the investors’
interest is made up of the investors’
drawn balances and the EAD associated
with the investors’ undrawn lines. The
undrawn balances of the securitized
exposures would be allocated between
the seller’s and investors’ interests on a
pro rata basis, based on the proportions
of the seller’s and investors’ shares of
the securitized drawn balances.
89. Once the transaction’s structure
has been determined, the level of excess
spread must also be considered in
determining the applicable credit
conversion factor for uncommitted
credit lines. To determine the capital to
be held against the investors’ interest in
a securitization of uncommitted retail
exposures, the bank should compare the
three-month average excess spread to
the point at which the bank is required
to trap excess spread as required by the
structure. When the transaction does not
require excess spread to be trapped, the
trapping point is 4.5 percent. For
securitization trusts that issue several
series with spread capture points that
vary (e.g., credit card master trust
structures), the trapping point for this
provision would be the most
conservative series in the trust. The
bank should divide the excess spread
level by the trapping point, and then
reference Table 8 in section 47 of the
NPR to determine which conversion
factor is applicable.
PO 00000
Frm 00072
Fmt 4701
Sfmt 4703
IX. Data Management Requirements
A. Data Elements
S 11–15 Banks should retain the
specific data elements necessary to
calculate the appropriate securitization
risk-based capital requirement.
90. Reporting systems should
produce, at least monthly, information
that captures overall securitization
activity, as well as specific data
elements of individual transactions.
Performance tracking should include
vintage performance, cash collections,
cash flow sensitivity, covenant
compliance, and, when applicable,
potential for early amortization events.
Accounting methods, residual valuation
methods, and regulatory reporting
requirements should be in writing and
consistently applied. The valuation
assumptions for retained interests and
servicing assets or liabilities should be
conservative, fully documented, and
reviewed by senior management on a
regular basis. Accurate and timely riskbased capital calculations should be
maintained that include the recognition
and reporting of any recourse obligation
resulting from securitization
transactions.
91. Refer to this chapter’s Appendix
B, ‘‘Data Elements for Securitization
Exposures,’’ for further details on the
data elements that a bank’s reporting
systems should electronically capture
and store.
Appendix A: Description of the
Supervisory Formula Approach (SFA)
This appendix provides illustrative
examples to demonstrate how the
framework described in this guidance
applies to different securitization
exposures. The examples provide
insight into the SFA capital calculation
and the KIRB boundary, as well as the
supervisory capital add-ons, in addition
to its application to products which
represent tranched cover.
The supervisory formula capital
requirement for a given unrated
securitization exposure is calculated as
UE * TP multiplied by the greater of: (i)
.0056 · T, or (ii) S[L + T]¥S[L] where:
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
tranche in question by computing
capital for the tranche of interest and all
tranches beneath it (S[L + T]) and
subtracting from that the capital for all
tranches beneath the tranche of interest
(S[L]). For tranches with credit
enhancement levels below KIRB (Y ≤
KIRB), the supervisory formula assigns a
dollar-for-dollar capital requirement.
For tranches with greater credit
enhancement levels (Y > KIRB), the
supervisory formula produces a riskbased capital requirement that is a blend
of credit risk modeling and supervisory
judgment. The function K[Y] represents
a pure model-based estimate of the
underlying securitized pool’s aggregate
systematic or non-diversifiable credit
PO 00000
Frm 00073
Fmt 4701
Sfmt 4725
risk that is attributable to a first-loss
position covering loss up to and
including Y. Because the tranche of
interest covers losses over a specified
range (defined in terms of L and T), its
systematic risk can be represented as
K[L + T] ¥ K[L].
Unquestionably, the supervisory
formula appears very complex, but
actually the mechanics are algebraic in
nature and merely require the user to
determine certain inputs and solve. To
better understand the components of the
supervisory formula, it is best to begin
with the model-based estimate of credit
risk, the K[Y] term. This estimate of risk
is given by the following equation:
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.011</GPH> EN28FE07.012</GPH>
sroberts on PROD1PC70 with NOTICES
RWA are determined when the
supervisory formula output is
multiplied by 12.5.
The factor (i) above imposes a 56 basis
point minimum or floor IRB risk-based
capital requirement per dollar of tranche
exposure. Regulators have imposed this
floor because the supervisory formula
regularly produces a risk-based capital
requirement of nearly zero for high
quality tranches that, nonetheless, have
positive credit risk. The floor is
equivalent to the RBA risk-based capital
requirement for an externally rated AAA
securitization exposure, which lessens
the potential regulatory capital arbitrage
opportunities that could arise.
Factor (ii) represents the supervisory
formula, which derives capital for the
9155
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
The techniques commonly used to
estimate the potential loss experience in
ASRF models depend on the
relationship between the risk factor and
credit losses. In some cases, it is
necessary to simulate the pattern of
potential losses that can result when the
risk factor takes on high value—also
known as Monte Carlo simulation.
Monte Carlo techniques, while
commonly used, require significant
computing resources. In other cases, it
may be possible to characterize this
pattern of losses with an appropriate
functional form. In language that is
slightly more rigorous, it is possible to
approximate the conditional loss
distribution. Gordy and Jones (2003)
undertook the task of specifying this
‘‘reasonable functional form,’’ which
became the basis for the supervisory
formula.32
Most of the expressions that comprise
the supervisory formula arise due to the
effort to describe the shape of the
conditional loss function. Expressions
(3) through (9), discussed below, are
used to parameterize K[Y].
is the conditional probability that the
exposure performs. Assuming that the
f is an approximation of the variance
of the fitting function:
Each securitization has rules
governing how payments are disbursed
to the tranches, often called the cash
flow ‘‘waterfall.’’ These rules can be
quite complex and the supervisory
formula must handle the spectrum of
sroberts on PROD1PC70 with NOTICES
where b[Y;a,b] is shorthand for the
Beta distribution. For the purpose of
calculating the supervisory formula, it is
sufficient to know that the Beta
distribution, when suitably transformed
and normalized, can be used to model
the loss distribution given that the
systematic risk factor is at the 99.9th
percentile. Even more concretely, the
Beta distribution evaluated at the
specified parameters is a number which
can be readily calculated in Excel using
the betadist (L,a,b) function.
The model used to estimate the nondiversifiable risk in the pool of
exposures is developed from the class of
credit value-at-risk (CVaR) models
known as asymptotic single risk factor
models (ASRF models). In essence,
ASRF models simplify the many forces
that may affect a pool of exposures by
assuming that there is only one ‘‘risk
factor’’ that causes credit losses to be
correlated across exposures.
Alternatively, one can think of the
single risk factor as a random variable
encompassing the many possible states
of economic activity—from very good to
very bad. Under the ASRF assumptions,
CVaR for a portfolio is equal to the
portfolio’s expected credit losses over
the modeling horizon given a very bad
state of the economy. (The pattern of
losses that result when the risk factor
takes on a specific value is also known
as the conditional loss distribution.) The
SFA calculates the capital necessary to
cover credit losses over a one-year
horizon when the risk factor is at the
99.9th percentile i.e., when economic
conditions are as bad as the worst year
in 1000 years. This is consistent with
the approach applied throughout Basel
II and the manner in which KIRB is
calculated.
different arrangements. In the model,
the waterfall is represented by the
tranche structure with the most junior
tranche suffering losses up to its entire
position before more senior tranches are
affected. This simplification, while
useful for modeling purposes, may not
accurately describe the structure of a
specific securitization.
v is the variance of the conditional
loss distribution:
32 For those familiar with calculus, Gordy and
Jones approximate the marginal amount of credit
risk associated with an arbitrarily small slice of a
tranche. From this, it is possible to calculate the
risk-based capital requirements by integrating an
appropriately parameterized approximation, which
behaves similarly to a cumulative density function.
Note that since integration yields the capital
requirement for exposure up to and including the
tranche of interest, it is necessary to subtract any
subordinate exposures’ capital requirements.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00074
Fmt 4701
Sfmt 4725
EN28FE07.020</GPH>
EN28FE07.019</GPH>
EN28FE07.018</GPH>
EN28FE07.017</GPH>
The ‘‘fitting function’’ approximates
the pool’s conditional loss distribution.
This approximation is necessary to
avoid using simulation or numerical
methods to solve for K[Y] as previously
mentioned. However, note that h (the
cumulative conditional probability that
every exposure performs) is likely to be
small in most cases. Consequently, C
will be approximately equal to KIRB
under normal circumstances.
g is the precision parameter for the
fitting function and is determined by c,
f and v. This term arises from the
processes through which Gordy and
Jones approximate the conditional loss
distribution.
EN28FE07.016</GPH>
is the probability of default for one
exposure in the pool when the risk
factor is at the 99.9th percentile.
Therefore,
c is the approximation of the mean
parameter for the ‘‘fitting function’’ and
is given by:
EN28FE07.015</GPH>
Note that
exposures are conditionally
independent, multiplying the
probability of performance together N
times (the effective number of
exposures) yields the cumulative
conditional probability that every
exposure performs, or h.
a and b are defined entirely in terms
of g and c, defined below. They are used
to simplify the notation of the Beta
distribution.
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.013</GPH> EN28FE07.014</GPH>
9156
9157
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
In the portion of expression (1) related
to the supervisory add-on the terms are
included to prevent exploitation of
inadequacies in the model’s stylized
representation of a securitization. The
add-on applies primarily to positions
with credit enhancement just above KIRB
and its quantitative effect diminishes
rapidly the farther Y is from KIRB.
Returning to expression (1) we can
extract the supervisory add-on portion:
Example 1: Comprehensive SFA
Calculation
Because of the complexities
associated with applying the SFA, a
comprehensive example has been
developed to aid in application.
wholesale exposures will be used to
illustrate the basic application of the
SFA. Since none of the six tranches are
externally rated, and the securitization
does not meet the definition of an ABCP
conduit, neither the RBA nor the IAA is
applicable.
Table 1 below identifies the
characteristics of the ten underlying
exposures in the securitized pool.
where
Notice that expressions (3) through
(10) do not change for a given
securitization. In other words, since
these expression do not contain
information which is tranche-specific,
the results from expressions (3) through
(10) can be used when calculating S[Y]
for any tranche of a given securitization
if Y > KIRB.
Transaction Summary
A six-tranche, privately placed
securitization with 10 underlying
TABLE 1.—UNDERLYING WHOLESALE EXPOSURE CHARACTERISTICS
Principal
balance
(EAD)
Exposure
PD
(percent)
LGD
(percent)
EL
percent
Maturity (M)
IRB capital
charge
#1 .....................................................................................
#2 .....................................................................................
#3 .....................................................................................
#4 .....................................................................................
#5 .....................................................................................
#6 .....................................................................................
#7 .....................................................................................
#8 .....................................................................................
#9 .....................................................................................
#10 ...................................................................................
$5.00
5.00
5.00
5.00
15.00
20.00
30.00
5.00
5.00
5.00
0.75
0.75
0.75
0.75
0.50
1.25
1.25
0.75
0.75
0.75
35.0
35.0
35.0
35.0
25.0
55.0
55.0
35.0
35.0
35.0
0.26
0.26
0.26
0.26
0.13
0.69
0.69
0.26
0.26
0.26
5
5
5
5
2
10
10
5
5
5
$0.35
0.35
0.35
0.35
0.43
2.59
3.87
0.35
0.35
0.35
Pool ..................................................................................
100.00
0.96
43.5
0.46
4.55
9.34
Calculation of Bank-Supplied Inputs
EWALGD is the exposure-weighted
average loss given default for the
has 10 actual exposures; however, the
effective number of exposures is much
less than 10 because three larger
exposures dominate the pool. To
illustrate numerically:
underlying exposures. To illustrate
numerically for our stylized example:
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00075
Fmt 4701
Sfmt 4725
E:\FR\FM\28FEN2.SGM
EN28FE07.023</GPH>
28FEN2
EN28FE07.021</GPH> EN28FE07.022</GPH>
sroberts on PROD1PC70 with NOTICES
EN28FE07.024</GPH>
In order to utilize the SFA, banks
must supply seven inputs. Based upon
the previously provided information
regarding the securitization’s structure
and underlying collateral
characteristics, each of the seven banksupplied inputs can be calculated.
N is the exposure-weighted number of
exposures in the pool. In the stylized
example, the wholesale securitization
9158
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sum of the individual exposures’ IRB
capital requirements ($9.34, calculated
using the wholesale IRB risk-weight
function) KIRB can be determined:
UE is equivalent to the sum of the
underlying exposures in the pool, or
$100 in this case.
TP is set to 100 percent in our
example, primarily so that the aggregate
capital requirement for the entire
securitization, as well as individual
charges for each tranche, can be
illustrated.
T represents a tranche’s thickness or
its size relative to the underlying
securitized exposures, while L
represents the credit enhancement level
of the subject tranche. All things being
equal, a thicker tranche will generate a
higher SFA capital requirement in
dollar terms relative to a thinner
tranche. Further, a tranche with a higher
credit enhancement level, all things
being equal, will generate a lower SFA
capital requirement than one with a
lower credit enhancement level.
The tranches, in order of seniority
from most senior to most junior, have
notional values of $60, $15, $10, $8, $5
and $2, which we designate Tranche A
through Tranche F, respectively. Table 2
below depicts the calculation of L and
T for each tranche of the securitization.
Calculating the Risk-Based Capital
Requirement for Tranches A through F
F are equivalent since both L + T and
L are below KIRB. Two important results
are apparent when using the SFA for
tranches below KIRB. First, the capital
requirement for each tranche (E and F)
is dollar-for-dollar. Put slightly
differently, tranches of securitized
exposures that absorb losses below KIRB
are subject to dollar-for-dollar capital
requirements. Second, when L + T <
KIRB, no additional information beyond
UE, TP, L and T is required to determine
the SFA capital requirement. Since
Tranches E and F are subject to dollarfor-dollar (100 percent) charges, they
clearly exceed the 56 basis point floor.
The capital requirement calculations for
Tranches E and F are displayed below
to reinforce this concept:
Tranche E: UE · TP · ((L + T) ¥ L) =
$100 · 100% · ((2% + 5%) ¥ 2%) =
$5
Tranche F: UE · TP · ((L + T) ¥ L) =
$100 · 100% · ((0% + 2%) ¥ 0%) =
$2
Using the seven bank-supplied inputs
determined above, the SFA capital
requirement can be calculated for each
tranche of the securitization. The
calculations for each tranche of the
sample securitization are illustrated
below. The calculations are categorized
in three separate groups to display the
idiosyncrasies of the SFA: (1) The
tranches below KIRB (E and F), (2) the
tranche straddling KIRB (D), and (3) the
tranches above KIRB (A through C).
Group 1: Tranches Below the KIRB
Boundary
The methodology for determining the
capital requirements for Tranches E and
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00076
Fmt 4701
Sfmt 4703
Group 2: Tranche Straddling the KIRB
Boundary
Tranche D straddles KIRB since L + T
> KIRB (15% > 9.80%) and L < KIRB, (7%
< 9.80%). Since L + T > KIRB, the bank
would have to calculate equations (3)
through (10) to determine S[L + T]. As
noted previously, only UE, TP and L are
necessary to determine S[L] since L <
KIRB. As noted in the ‘‘Mechanics of the
SFA’’ section of this guidance,
equations (3) through (10) do not change
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.025</GPH> EN28FE07.026</GPH>
sroberts on PROD1PC70 with NOTICES
By utilizing the exposure-weighted
average expected loss (0.46%) and the
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
for a given securitization. The
calculations for equations (3) through
9159
(10) for the sample securitization are
included below:
K[KIRB] is then substituted into the
full supervisory add-on term:
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00077
Fmt 4701
Sfmt 4703
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.027</GPH> EN28FE07.028</GPH>
sroberts on PROD1PC70 with NOTICES
EN28FE07.029</GPH>
Next, the supervisory add-on term can
be calculated. First the value for K[KIRB]
is calculated:
9160
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Since S[L + T] is a combination of the
model-based estimate of nondiversifiable credit risk (K[L + T]) and
the supervisory add-on, S[L + T] can be
determined as follows:
S[15%] = 7.96% + 3.87% = 11.83%
Since L < KIRB, can easily be
determined in the same fashion used for
Tranches E and F. S[L + T] ¥ S[L] =
11.83% ¥ 7% = 4.83%. Since 4.83
percent exceeds the 56 basis point floor
(.56% · 8% = .45%), the SFA capital
requirement for Tranche D is: Tranche
D: UE · TP · (S[L + T] ¥ S[L]) = $100
· 100% · (4.83%) = $4.83
Group 3: Tranches Above the KIRB
Boundary
Tranches A through C all lie above the
KIRB boundary. The calculations for
each of these tranches are given below.
Again, the prior calculations for
equations (3) through (10) can be used
for Tranches A through C since these
values are the same for every tranche of
a securitization. Further simplifying the
task, S[L] equals S[L + T] for the tranche
immediately junior.
Tranche A
Tranche C
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00078
Fmt 4701
Sfmt 4703
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.030</GPH> EN28FE07.031</GPH>
sroberts on PROD1PC70 with NOTICES
EN28FE07.032</GPH>
Tranche B
9161
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
The next step is verifying whether any
of the above capital calculations for
tranches A, B, or C violate the 56 basis
point supervisory floor. In dollar terms,
the above formulas produce capital
requirements for these tranches equal to
$0.02, $0.38, and $1.44, respectively,
while the corresponding floors are $0.34
(=.56% · $60), $.08 (=.56% · $15), and
$0.06 (=.56% · $10). Thus, the floor is
binding only for tranche A, whose
capital charge is increased to $0.34. The
SFA capital requirement for each
tranche is presented below:
Tranche A: UE · TP · (.0056 · T) = $100
· 100% · .34% = $0.34
Tranche B: UE · TP · (S[40%] ¥ S[25%])
= $100 · 100% · .38% = $0.38
Tranche C: UE · TP · (S[25%] ¥ S[15%])
= $100 · 100% · 1.44 = $1.44
Summary
Table 3 below summarizes the SFAproduced capital requirements for each
tranche of the securitization:
sold all but Tranches E and F, the KIRB
cap would not apply since the aggregate
capital requirement ($7) would be less
than the charge implied by KIRB ($9.80).
SFA capital
requirement
However, if the bank retained Tranche
D in addition to Tranches E and F, then
$0.34
the aggregate SFA capital requirement
0.38
1.44 ($11.83) would exceed the KIRB cap and
4.83 the risk-based capital requirement
5.00 would be capped at $9.80.
TABLE 3.—SFA CAPITAL
REQUIREMENTS FOR EXAMPLE 1
Tranche
Tranche
amount
A ...............
B ...............
C ...............
D ...............
E ...............
F ................
$60
15
10
8
5
2
Total ...
100
2.00
13.98
The 56 basis point floor, supervisory
add-on, and below KIRB deduction
requirements can result, as in the case
of this example, with the aggregate
capital requirement for a bank
exceeding the implied capital
requirement for the underling
exposures. For this reason, the total
capital that an entity must hold is
capped at the level implied by KIRB (UE
· TP · KIRB also referred to as the KIRB
cap). Whether this bank is subject to the
cap depends on which tranches the
bank retains. For example, if the bank
Example 2: Sale of a Pool of Mortgages
With Partial Recourse
Transaction Summary
A bank sells a high-quality mortgage
loan pool of $100. As a condition of the
sale, the bank agrees to cover the first
$10 of losses on mortgages. The bank
correctly applies GAAP accounting and
removes the sold loans from its books,
while establishing a $0.40 recourse
liability reserve (valuation allowance)
for the estimated fair market value of the
recourse liability. Note that this is a
specific reserve, not a general reserve.
The characteristics of the sold mortgage
loan pool are noted below:
TABLE 4.—UNDERLYING MORTGAGE LOAN POOL CHARACTERISTICS
Retail ............................................................................................................
sroberts on PROD1PC70 with NOTICES
The transaction noted above is an
example of tranched cover. In this case,
the bank has agreed to absorb the first
$10 of losses, which results in the
selling bank retaining a disproportionate
risk position in the transaction. As a
result of this contractual sales
agreement, two distinct credit risk
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
$ 100.00
PD
LGD
EL
0.50%
10.0%
0.05%
positions are created: (1) A $90 senior
position and (2) a $10 junior position.
Since neither position carries an
external rating, the SFA is the
appropriate method with which to
determine the capital requirement,
provided the seller and the purchaser
are eligible to use it.
PO 00000
Frm 00079
Fmt 4701
Sfmt 4703
IRB capital
requirement
$ 0.62
KIRB
0.67%
Calculation of Bank-Supplied Inputs
Table 5 below shows the values for L
and T. Because this is a retail
securitization, h and v can be set to
zero. We continue to assume that TP =
100%.
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.033</GPH>
Principal
balance
(EAD)
Exposure
9162
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Calculation of the SFA Capital
Requirement for Tranche 1 and 2
sroberts on PROD1PC70 with NOTICES
Summary
Table 7 below summarizes the SFA
capital requirement for each tranche of
the securitization. Note, in this example,
the originating bank established a $.40
recourse reserve liability with a charge
through earnings. However, while such
reserves can be used to offset
deductions from capital required under
the Securitization Framework, they
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
cannot be used to offset a position’s
risk-based capital requirement. Thus,
the risk-based capital requirement for
Tranche 2 is not reduced by the
valuation allowance and remains $0.67.
Another interesting feature of this
example is that because the investing
bank holds Tranche 1 and the
originating bank holds Tranche 2, the
SFA produces an aggregate capital
requirement for the entire transaction
($1.17) that is well above the KIRB cap
($0.67). The capital required in excess of
the KIRB cap is the result of the 56 basis
point floor capital requirement assessed
against Tranche 1. Without the floor,
Tranche 1 would not receive a capital
requirement. The investing bank is
assessed a capital requirement even
though the originating bank is subject to
the KIRB cap. If the investing bank could
not calculate KIRB because the bank
cannot compute the risk-based capital
requirement for all underlying
exposures, the entire $90 position
would be deducted from capital.
PO 00000
Frm 00080
Fmt 4701
Sfmt 4703
TABLE 7.—SFA CAPITAL
REQUIREMENTS FOR EXAMPLE 2
Tranche
Tranche
amount
SFA capital
requirement
1 ................
2 ................
$90
10
$0.50
0.67
Total ...
100
1.17
Example 3: Collateralized Loan
Obligation—SFA and RBA Interaction
Transaction Summary
This example represents a typical
cash-funded collateralized loan
obligation using corporate loans. The
example assumes that the originating
bank retains an unrated residual
exposure to Class E and that investing
banks acquire the externally rated
tranches.
Since the Class E exposure is unrated
and is not an ABCP exposure, the
originating bank can use the SFA
provided it is eligible and can calculate
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.034</GPH> EN28FE07.038</GPH>
In the case of Tranche 1, S[L + T] ¥
S[L] <.0056 · T = .0056 · 90% = 0.50%
and is subject to the supervisory floor.
Using this and values from Table 6
above, the SFA capital requirement for
Tranches 1 and 2 can be determined as
follows:
Tranche 1: UE · TP · (.0056 · T) = $100
· 100% · (.50%) = $.50
Tranche 2: UE · TP · (S[L + T] ¥ S[L])
= $100 · 100% · (.79%) = $.79
Notice that the capital requirement for
Tranche 2 exceeds the KIRB cap (UE · TP
· KIRB = $100 · 100% · (.67%) = $.67)
and is reduced to $.67.
9163
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
all the necessary inputs. Table 8 below
identifies the characteristics of the
aggregated underlying exposures in the
securitized pool. We assume for
simplicity that the effective number of
exposures (N) is set to 100 and TP to
100 percent.
TABLE 8.—UNDERLYING LOAN POOL CHARACTERISTICS
Exposure
Principal balance
(EAD)
EL
Wholesale ....................................................................................................................
$ 100.00 .....................
1.32%
bank to calculate the SFA for Tranche
E (e.g. L and T) and the external ratings
Table 9 below identifies the other
inputs necessary for the originating
Originating Bank Capital Calculation
sroberts on PROD1PC70 with NOTICES
Table 10 below provides the various
calculations necessary for the
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
$ 7.32
KIRB
8.64%
necessary for the investing banks to
apply the RBA.
originating bank to apply the SFA to
Tranche E.
PO 00000
Frm 00081
Fmt 4701
Sfmt 4703
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.035</GPH>
Calculation of Bank-Supplied Inputs
IRB capital
requirement
9164
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Using values from Table 10 above, the
SFA capital requirement can be
determined as follows:
Tranche E: UE · TP · (S[L + T] ¥ S[L])
=$100 · $100% · (9.59%) = $9.59
Again we have a case where the
capital requirement for Tranche E
exceeds the KIRB cap (UE · TP · KIRB =
$100 · $100% ·8.64% = $8.64) and is
reduced accordingly.
capital for each of the rated tranches
after applying the RBA. The relevant
RBA risk weights in this example
depend not only on the external rating,
but also on the tranche’s seniority.
Investing Bank Capital Calculation:
For an investing bank, Table 11 below
illustrates the amount of required
TABLE 11.—RBA RISK WEIGHTS APPLICABLE TO RATED TRANCHES
A
B
C
D
Rating
...............................................................
...............................................................
...............................................................
...............................................................
‘‘AAA’’ .......................................................
‘‘AA’’ ..........................................................
‘‘A’’ ............................................................
‘‘BBB’’ .......................................................
Comparison of RBA and SFA Generated
Capital Requirements
TABLE 12.—RBA AND SFA CAPITAL
REQUIREMENTS FOR EXAMPLE 3
Tranche
Tranche
amount
Exposure
SFA capital
requirement
$ 67.50
7.50
8.00
5.00
Appendix B: Examples of Data
Elements for Securitization Exposures
For illustrative purposes, this
appendix provides examples of the
kinds of data elements banks should
collect under an IRB data management
framework for securitization exposures.
For All Securitization Exposures
sroberts on PROD1PC70 with NOTICES
A
B
C
D
E
...............
...............
...............
...............
...............
$ 67.50
7.50
8.00
5.00
12.00
$ 0.38
0.09
0.13
0.30
8.64
• The description and amount of each
exposure;
• The fundamental characteristics of
the exposure (e.g., tenor, fixed or
variable rates, call, and early
Total ...
100.00
9.54 amortization features);
• The exposure’s initial rating and
effective date;
If the other classes of notes were held
• The amount of any exposures
by the originating bank, the RBA would
deducted from risk-based capital under
be used to determine required capital
provisions of the framework;
since all of these classes are rated.
• A description and amount of
Notably, regardless of how many classes exposure limits at the aggregate and
are held in addition to Class E, the total
transaction level;
amount of capital that the originating
• A description and amount of
bank must hold for the transaction will
concentration limits, for the underlying
not exceed the KIRB cap ($8.64).
exposure level and capital;
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00082
Fmt 4701
Sfmt 4703
RBA risk
weights
(percent)
7
15
20
75
Required
capital
$0.38
0.09
0.13
$0.30
Capital as
% of exposure
0.56
1.20
1.60
6.00
• The person who authorizes limit
and concentration levels, and his or her
authority levels; and
• Reports of all policy exceptions.
For Exposures Subject to the RatingsBased Approach
• The NRSRO providing the rating;
• Documentation indicating that the
exposure is part of the surveillance/
monitoring program, is publicly
published, and is in transition matrices;
• A description and amount of any
rated security supporting an inferred
rating;
• Seniority and granularity (for nonretail securitizations) of the exposure;
• Whether the NRSRO rating is a
short-term or long-term credit
assessment;
• The risk-weight schedule used, and
the risk-weight column applied; and
• The date, magnitude, and details of
any rating changes.
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.039</GPH>
Tranche
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
For Exposures Subject to the Internal
Assessment Approach
• The name of the sourced NRSRO,
and the rating criteria for the referenced
asset class;
• The criteria used for selecting the
NRSRO;
• NRSRO stress loss factors used for
each ICA;
• Historical loss and dilution
estimates used in applying NRSRO
criteria;
• Seller-servicer rating assignment, if
any;
• Any quantitative adjustments to
ratings criteria, stress loss factors, or
loss estimates based upon qualitative
judgments (e.g., seller-servicer strength,
concentration, etc.);
• The external rating for the
commercial paper issued by the ABCP
program (that is supported by the
exposure);
• Seniority and granularity of the
exposure;
• Whether the ICA is a short-term or
long-term credit assessment;
• The risk-weight schedule used, and
the risk-weight column applied;
• The person or model responsible for
assigning the rating;
• Any overrides to the rating and the
authorizing official (if applicable); and
• The date, magnitude, and details of
any rating changes.
For Exposures Subject to the
Supervisory Formula Approach
• The dollar amount of underlying
exposures in the transaction (UE);
• The securitization exposure’s
proportion of the tranche (TP);
• The risk-based capital requirements
of the underlying exposures as if they
were held on the bank’s balance sheet
(KIRB);
• The exposure’s credit enhancement
level (L);
• The exposure tranche’s thickness
(T);
• The securitization transaction’s
effective number of underlying
exposures (N); and
• The transaction’s exposureweighted loss-given-default (EWALGD).
sroberts on PROD1PC70 with NOTICES
For Securitization Transactions With
Early-Amortization Provisions (On a
Monthly Basis)
• The total amount of the sold
(investor’s interest) and retained
positions in the securitization
transaction;
• The IRB risk-based capital
requirements of the underlying
exposures as if they were held on the
originating bank’s balance sheet;
• The excess spread-capture schedule
for the transaction (or earliest spread
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
capture requirement when multiple
series are issued from a trust);
• The three-month average excess
spread for the transaction (or the lowest
three-month average within the trust);
• The designation of whether the
amortization provision is ‘‘controlled’’
or ‘‘non-controlled’’; and
• The credit-conversion factor
schedule (controlled or non-controlled)
applied to the exposure, and the row
and column applied.
Attachment A—The NPR Qualification
Requirements Related to the IRB
Framework
Part III. Qualification
Section 22. Qualification
Requirements 33
(a) Process and systems requirements.
(1) A [bank] 34 must have a rigorous
process for assessing its overall capital
adequacy in relation to its risk profile
and a comprehensive strategy for
maintaining an appropriate level of
capital.
(2) The systems and processes used by
a [bank] for risk-based capital purposes
under this appendix must be consistent
with the [bank]’s internal risk
management processes and management
information reporting systems.
(3) Each [bank] must have an
appropriate infrastructure with risk
measurement and management
processes that meet the qualification
requirements of this section and are
appropriate given the [bank]’s size and
level of complexity. Regardless of
whether the systems and models that
generate the risk parameters necessary
for calculating a [bank]’s risk-based
capital requirements are located at any
affiliate of the [bank], the [bank] itself
must ensure that the risk parameters
and reference data used to determine its
risk-based capital requirements are
representative of its own credit risk and
operational risk exposures.
(b) Risk rating and segmentation
systems for wholesale and retail
exposures. (1) A [bank] must have an
internal risk rating and segmentation
system that accurately and reliably
differentiates among degrees of credit
risk for the [bank]’s wholesale and retail
exposures.
(2) For wholesale exposures, a [bank]
must have an internal risk rating system
that accurately and reliably assigns each
obligor to a single rating grade
(reflecting the obligor’s likelihood of
33 71
FR 55922 through 55924 (Sept. 25, 2006).
simplicity, and unless otherwise noted, the
NPR uses the term [bank] to include banks, savings
associations, and bank holding companies.
[AGENCY] refers to the primary Federal supervisor
of the bank applying the rules.
34 For
PO 00000
Frm 00083
Fmt 4701
Sfmt 4703
9165
default). The [bank]’s wholesale obligor
rating system must have at least seven
discrete rating grades for non-defaulted
obligors and at least one rating grade for
defaulted obligors. Unless the [bank] has
chosen to directly assign ELGD and LGD
estimates to each wholesale exposure,
the [bank] must have an internal risk
rating system that accurately and
reliably assigns each wholesale
exposure to loss severity rating grades
(reflecting the [bank]’s estimate of the
ELGD and LGD of the exposure). A
[bank] employing loss severity rating
grades must have a sufficiently granular
loss severity grading system to avoid
grouping together exposures with
widely ranging ELGDs or LGDs.
(3) For retail exposures, a [bank] must
have a system that groups exposures
into segments with homogeneous risk
characteristics and assigns accurate and
reliable PD, ELGD, and LGD estimates
for each segment on a consistent basis.
The [bank]’s system must group retail
exposures into the appropriate retail
exposure subcategory and must group
the retail exposures in each retail
exposure subcategory into separate
segments. The [bank]’s system must
identify all defaulted retail exposures
and group them in segments by
subcategories separate from nondefaulted retail exposures.
(4) The [bank]’s internal risk rating
policy for wholesale exposures must
describe the [bank]’s rating philosophy
(that is, must describe how wholesale
obligor rating assignments are affected
by the [bank]’s choice of the range of
economic, business, and industry
conditions that are considered in the
obligor rating process).
(5) The [bank]’s internal risk rating
system for wholesale exposures must
provide for the review and update (as
appropriate) of each obligor rating and
(if applicable) each loss severity rating
whenever the [bank] receives new
material information, but no less
frequently than annually. The [bank]’s
retail exposure segmentation system
must provide for the review and update
(as appropriate) of assignments of retail
exposures to segments whenever the
[bank] receives new material
information, but no less frequently than
quarterly.
(c) Quantification of risk parameters
for wholesale and retail exposures. (1)
The [bank] must have a comprehensive
risk parameter quantification process
that produces accurate, timely, and
reliable estimates of the risk parameters
for the [bank]’s wholesale and retail
exposures.
(2) Data used to estimate the risk
parameters must be relevant to the
[bank]’s actual wholesale and retail
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9166
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
exposures, and of sufficient quality to
support the determination of risk-based
capital requirements for the exposures.
(3) The [bank]’s risk parameter
quantification process must produce
conservative risk parameter estimates
where the [bank] has limited relevant
data, and any adjustments that are part
of the quantification process must not
result in a pattern of bias toward lower
risk parameter estimates.
(4) PD estimates for wholesale and
retail exposures must be based on at
least 5 years of default data. ELGD and
LGD estimates for wholesale exposures
must be based on at least 7 years of loss
severity data, and ELGD and LGD
estimates for retail exposures must be
based on at least 5 years of loss severity
data. EAD estimates for wholesale
exposures must be based on at least 7
years of exposure amount data, and EAD
estimates for retail exposures must be
based on at least 5 years of exposure
amount data.
(5) Default, loss severity, and
exposure amount data must include
periods of economic downturn
conditions, or the [bank] must adjust its
estimates of risk parameters to
compensate for the lack of data from
periods of economic downturn
conditions.
(6) The [bank]’s PD, ELGD, LGD, and
EAD estimates must be based on the
definition of default in this appendix.
(7) The [bank] must review and
update (as appropriate) its risk
parameters and its risk parameter
quantification process at least annually.
(8) The [bank] must at least annually
conduct a comprehensive review and
analysis of reference data to determine
relevance of reference data to [bank]
exposures, quality of reference data to
support PD, ELGD, LGD, and EAD
estimates, and consistency of reference
data to the definition of default
contained in this appendix.
(d) Counterparty credit risk model. A
[bank] must obtain the prior written
approval of [AGENCY] under section 32
to use the internal models methodology
for counterparty credit risk.
(e) Double default treatment. A [bank]
must obtain the prior written approval
of [AGENCY] under section 34 to use
the double default treatment.
(f) Securitization exposures. A [bank]
must obtain the prior written approval
of [AGENCY] under section 44 to use
the internal assessment approach for
securitization exposures to ABCP
programs.
(g) Equity exposures model. A [bank]
must obtain the prior written approval
of [AGENCY] under section 53 to use
the internal models approach for equity
exposures.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
—Text omitted—
(i) Data management and
maintenance. (1) A [bank] must have
data management and maintenance
systems that adequately support all
aspects of its advanced systems and the
timely and accurate reporting of riskbased capital requirements.
(2) A [bank] must retain data using an
electronic format that allows timely
retrieval of data for analysis, validation,
reporting, and disclosure purposes.
(3) A [bank] must retain sufficient
data elements related to key risk drivers
to permit adequate monitoring,
validation, and refinement of its
advanced systems.
(j) Control, oversight, and validation
mechanisms. (1) The [bank]’s senior
management must ensure that all
components of the [bank]’s advanced
systems function effectively and comply
with the qualification requirements in
this section.
(2) The [bank]’s board of directors (or
a designated committee of the board)
must at least annually evaluate the
effectiveness of, and approve, the
[bank]’s advanced systems.
(3) A [bank] must have an effective
system of controls and oversight that:
(i) Ensures ongoing compliance with
the qualification requirements in this
section;
(ii) Maintains the integrity, reliability,
and accuracy of the [bank]’s advanced
systems; and
(iii) Includes adequate governance
and project management processes.
(4) The [bank] must validate, on an
ongoing basis, its advanced systems.
The [bank]’s validation process must be
independent of the advanced systems’’
development, implementation, and
operation, or the validation process
must be subjected to an independent
review of its adequacy and
effectiveness. Validation must include:
(i) The evaluation of the conceptual
soundness of (including developmental
evidence supporting) the advanced
systems;
(ii) An on-going monitoring process
that includes verification of processes
and benchmarking; and
(iii) An outcomes analysis process
that includes back-testing.
(5) The [bank] must have an internal
audit function independent of businessline management that at least annually
assesses the effectiveness of the controls
supporting the [bank]’s advanced
systems and reports its findings to the
[bank]’s board of directors (or a
committee thereof).
(6) The [bank] must periodically stress
test its advanced systems. The stress
testing must include a consideration of
how economic cycles, especially
PO 00000
Frm 00084
Fmt 4701
Sfmt 4703
downturns, affect risk-based capital
requirements (including migration
across rating grades and segments and
the credit risk mitigation benefits of
double default treatment).
(k) Documentation. The [bank] must
adequately document all material
aspects of its advanced systems
Attachment B—Supervisory Standards
Chapter 1: Advanced Systems for Credit
Risk
S 1–1 An IRB system must have five
interdependent components that enable
an accurate measurement of credit risk
and risk-based capital requirements.
S 1–2 Senior management must
ensure that all of the components of the
bank’s advanced systems for credit risk
function effectively and comply with
the qualification requirements in the
NPR.
S 1–3 The board of directors or its
designated committee must at least
annually evaluate the effectiveness of,
and approve, the bank’s advanced
systems.
S 1–4 Each bank (including each
depository institution) must ensure that
the risk parameters and reference data
used to determine its risk-based capital
requirements are representative of its
own credit risk.
S 1–5 Banks should establish specific
accountability for the overall
performance of their advanced systems
for credit risk.
S 1–6 A bank’s advanced systems
should be transparent.
Chapter 2: Wholesale Risk Rating
Systems
S 2–1 Banks must identify obligor
defaults in accordance with the IRB
definition of default.
S 2–2 Banks should demonstrate that
their wholesale risk rating processes are
sufficiently independent to produce
objective ratings.
S 2–3 IRB risk rating systems must
have two dimensions obligor default
and loss severity corresponding to PD
(obligor default), and ELGD and LGD
(loss severity).
S 2–4 Banks must assign discrete
obligor rating grades.
S 2–5 The obligor rating system must
rank obligors by likelihood of default.
S 2–6 Banks must assign an obligor to
only one rating grade.
S 2–7 A bank’s rating policy must
describe its ratings philosophy and how
quickly obligors are expected to migrate
from one rating grade to another in
response to economic cycles.
S 2–8 In assigning an obligor to a
rating grade, a bank should assess the
risk of obligor default over a period of
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
at least one year taking into account the
possibility of adverse economic
conditions.
S 2–9 Banks must have at least seven
discrete obligor rating grades for nondefaulted obligors and at least one rating
grade for defaulted obligors.
S 2–10 Banks should justify the
number of obligor rating grades used in
its risk rating system and the
distribution of obligors across those
grades.
S 2–11 Banks may recognize implied
support as a rating criterion subject to
specific supervisory considerations;
however, banks should not rely upon
the possibility of U.S. government
financial assistance, except for the
financial assistance that the U.S.
government has legally committed to
provide.
S 2–12 Banks must have a loss
severity rating system that is able to
assign loss severity estimates (ELGD and
LGD) to each wholesale exposure.
S 2–13 Banks should have empirical
support for their loss severity rating
system and the rating system should be
capable of supporting the quantification
of ELGD estimates (and LGD estimates
if approved for internal estimates).
S 2–14 Banks must have a
sufficiently granular loss severity rating
system to group exposures with similar
estimated loss severities or a process
that assigns estimated ELGDs and LGDs
to individual exposures.
S 2–15 Rating criteria should be
written, clear, consistently applied, and
include the specific qualitative and
quantitative factors used in assigning
ratings.
S 2–16 Risk ratings must be updated
whenever new material information is
received, but in no instance less than
annually.
Chapter 3: Retail Segmentation Systems
S 3–1 Banks must use the IRB
definition of default when identifying
defaulted retail exposures.
S 3–2 Banks must first place
exposures into one of the three retail
exposure subcategories (residential
mortgage, QRE, and other retail). Banks
must then separate exposures into
segments with homogeneous risk
characteristics.
S 3–3 A retail segmentation system
must produce segments that accurately
and reliably differentiate risk and
produce accurate and reliable estimates
of the risk parameters.
S 3–4 Banks should clearly define
and document the criteria for assigning
an exposure to a particular retail
segment.
S 3–5 Banks should develop and
document their policies to ensure that
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
risk-driver information is sufficiently
accurate and timely to track changes in
underlying credit quality and that the
updated information is used to assign
exposures to appropriate segments.
S 3–6 The bank’s retail exposure
segmentation system must provide for
the review and update (as appropriate)
of assignments of retail exposures to
segments whenever the bank receives
new material information, but no less
frequently than quarterly.
Chapter 4: Quantification
S 4–1 Banks should have a fully
specified process covering all aspects of
quantification (reference data,
estimation, mapping, and application).
The quantification process should be
fully documented.
S 4–2 Risk parameter estimates must
be based on the IRB definition of
default. At least annually, a bank must
conduct a comprehensive review and
analysis of reference data to determine
the relevance of reference data to the
bank’s exposures, quality of reference
data to support risk parameter estimates,
and consistency of reference data to the
IRB definition of default.
S 4–3 Banks must separately quantify
wholesale risk parameter estimates
before adjusting the estimates for the
impact of eligible guarantees and
eligible credit derivatives.
S 4–4 Banks may take into account
the risk-reducing effects of guarantees in
support of retail exposures when
quantifying the PD, ELGD, and LGD of
the segment.
S 4–5 Banks may only reflect the riskreducing benefits of tranched guarantees
of multiple retail exposures by meeting
the definition and operational criteria
for synthetic securitizations.
S 4–6 At a minimum, the
quantification process and the resulting
risk parameters must be reviewed
annually and updated as appropriate.
S 4–7 Quantification should be based
upon the best available data for the
accurate estimation of the risk
parameters.
S 4–8 The sample period for the
reference data must meet the minimum
length for each risk parameter by
portfolio.
S 4–9 The reference data must
include periods of economic downturn
conditions, or the parameter estimates
must be adjusted to compensate for the
lack of data from such periods.
S 4–10 Banks should clearly
document how they adjust for the
absence of significant data elements in
either the reference data set or the
existing portfolio.
S 4–11 Judgmental adjustments to
risk parameter estimates, either upward
PO 00000
Frm 00085
Fmt 4701
Sfmt 4703
9167
or downward, may be an appropriate
part of the quantification process, but
must not result in an overall bias toward
lower risk parameter estimates.
S 4–12 Risk parameter estimates
should incorporate a degree of
conservatism that is appropriate for the
overall rigor of the quantification
process.
S 4–13 Mapping should be based on
a comparison of available data elements
that are common to the existing
portfolio and each reference data set.
S 4–14 A mapping process should be
established for each reference data set
and for each estimation model.
S 4–15 Banks that combine estimates
from internal and external data or that
use multiple estimation methods should
have a clear policy governing the
combination process and should
examine the sensitivity of the results to
alternative combinations.
S 4–16 The aggregation of risk
parameter estimates from individual
exposures within rating grades or
segments should be governed by a clear
and well-documented policy.
S 4–17 PD estimates must be
empirically based and must represent a
long-run average.
S 4–18 Effects of seasoning, when
material, must be considered in the PD
estimates for retail portfolios.
S 4–19 ELGD and LGD estimates
must be empirically based and must
reflect the concept of ‘‘economic loss.’’
S 4–20 ELGD estimates must reflect
the expected default-weighted average
economic loss rate over a mix of
economic conditions, including
economic downturn conditions.
S 4–21 LGD estimates must reflect
expected loss severities for exposures
that default during economic downturn
conditions, and must be greater than or
equal to ELGD estimates.
S 4–22 A bank may use internal
estimates of LGD only if supervisors
have previously determined that the
bank has a rigorous and welldocumented process for assessing the
effects of economic downturn
conditions on loss severities and for
producing LGD estimates consistent
with downturn conditions. The process
must appropriately identify downturn
conditions, identify the impact of
economic downturn conditions on loss
rates, identify any material adverse
correlations between drivers of default
and LGD, and incorporate any identified
correlations and/or downturn impact
into the quantification of LGD.
S 4–23 Estimates of additional
drawdowns must reflect net additional
draws expected during economic
downturn periods.
E:\FR\FM\28FEN2.SGM
28FEN2
9168
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
S 4–24 Estimates of additional
drawdowns prior to default for
individual wholesale exposures or retail
segments must not be negative.
S 4–25 Quantification of the risk
parameters should appropriately
recognize the risk characteristics of
exposures that were removed from
reference data sets through loan sales or
securitizations.
sroberts on PROD1PC70 with NOTICES
Chapter 5: Wholesale Credit Risk
Protection
S 5–1 Risk-based capital benefits are
only recognized for credit protection
that transfers credit risk to third parties.
S 5–2 Banks must ensure that credit
protection for which risk-based capital
benefits are claimed represents
unconditional and legally binding
commitments to pay on the part of the
guarantors or counterparties.
Chapter 6: Data Management and
Maintenance
S 6–1 Banks must collect and
maintain sufficient data to support their
IRB systems.
S 6–2 For wholesale exposures, banks
must collect, maintain, and analyze
essential data for obligors and
exposures. This should be done
throughout the life and disposition of
the credit exposure.
S 6–3 Banks must capture and
maintain all significant factors used to
assign obligor and loss severity ratings.
S 6–2 For retail exposures, banks
must collect and maintain all essential
data elements used in segmentation
systems and the quantification process.
The data must cover a period of at least
five years and must include a period of
economic downturn conditions, or the
bank must adjust its estimates of risk
parameters to compensate for the lack of
data from periods of economic
downturn conditions.
S 6–5 Banks should ensure that
outsourced activities performed by third
parties are supported by sufficient data
to meet IRB requirements.
S 6–6 Banks should maintain data to
allow for a thorough review of asset sale
transactions.
S 6–7 Banks should develop policies
and controls around the integrity of the
data maintained both internally and
through third parties.
S 6–8 Banks should document the
process for delivering, retaining, and
updating inputs to the data warehouse
and ensuring data integrity.
S 6–9 Banks must maintain detailed
documentation of changes to the data
elements supporting the IRB system.
S 6–10 Banks must retain data using
an electronic format that allows timely
retrieval of data for analysis, validation,
reporting, and disclosure purposes.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
Chapter 7: Controls and Validation
S 7–1 Banks must have an effective
system of controls that ensures ongoing
compliance with the qualification
requirements, maintains the integrity,
reliability, and accuracy of the IRB
system, and includes adequate
governance and project management
processes.
S 7–2 Control processes should be
independent and transparent to
supervisors and auditors.
S 7–3 The annual assessment of the
IRB system presented to the board of
directors should be supported by the
bank’s comprehensive and independent
reviews of the IRB system.
S 7–4 Validation activities must be
conducted independently of the
advanced systems’ development,
implementation, and operation, or
subjected to an independent assessment
of their adequacy and effectiveness.
S 7–5 The systems and processes
used by a bank for risk-based capital
purposes must be consistent with the
bank’s internal risk management
processes and management information
reporting systems.
S 7–6 Internal audit must, at least
annually, assess the effectiveness of the
controls supporting the IRB system and
report its findings to the board of
directors (or a committee thereof).
S 7–7 A bank’s validation policy
should cover the key aspects of risk
rating and segmentation systems and the
quantification process.
S 7–8 Validation must assess the
accuracy of the risk rating and
segmentation systems and the
quantification process.
S 7–9 Validation processes for risk
rating and segmentation systems, and
the quantification process must include
the evaluation of conceptual soundness,
ongoing monitoring, and outcomes
analysis.
S 7–10 Banks must evaluate the
developmental evidence supporting the
risk rating and segmentation systems
and the quantification process.
S 7–11 Banks must conduct ongoing
process verification of the risk rating
and segmentation systems and the
quantification process to ensure proper
implementation and operation.
S 7–12 Banks must benchmark their
risk rating and segmentation systems,
and their risk parameter estimates.
S 7–13 Banks must analyze outcomes
and must develop statistical methods to
backtest their risk rating and
segmentation systems and the
quantification process.
S 7–14 Banks should establish ranges
around the estimated values of risk
parameter estimates and model results
PO 00000
Frm 00086
Fmt 4701
Sfmt 4703
in which actual outcomes are expected
to fall and have a validation policy that
requires them to assess the reasons for
differences and that outlines the timing
and type of remedial actions taken when
results fall outside expected ranges.
S 7–15 Each of the three activities in
the validation process should be
conducted often enough to ensure the
ongoing integrity, reliability, and
accuracy of the IRB risk rating and
segmentation systems, and the
quantification process.
S 7–16 Developmental evidence must
be updated whenever significant
changes in methodology, data, or
implementation occur. Other validation
activities must be ongoing and must not
be limited to a point in time.
Chapter 8: Stress Testing of Risk-Based
Capital Requirements
S 8–1 Banks must conduct and
document stress testing of their
advanced systems as part of managing
risk-based capital.
Chapter 9: Counterparty Credit Risk
Exposure
S 9–1 All transactions with a
counterparty subject to a qualifying
master netting agreement constitute a
netting set and may be treated as a
single exposure, otherwise each
transaction shall have its risk-based
capital requirement calculated on a
standalone basis.
S 9–2 Banks should have an
appropriately documented process for
determining whether transactions are
eligible for an EAD adjustment approach
if they choose to use an EAD adjustment
approach.
S 9–3 Banks must use the same
method for determining risk-based
capital requirements for all similar
transactions.
S 9–4 The method for calculating
EAD for transactions subject to
counterparty credit risk should be
appropriate for the risk, extent, and
complexity of the bank’s activity.
S 9–5 Banks that use the VaR model
approach for single product netting sets
of repo-style transactions or eligible
margin loans must conduct rigorous and
regular backtesting to validate its model.
S 9–6 Banks must meet certain
qualifying criteria that consist of
operational requirements, modeling
standards, and model validation
requirements before receiving their
primary Federal supervisor’s approval
to use the internal models method.
S 9–7 Banks that use the internal
models methodology for counterparty
credit risk transactions must establish
initial model validation and ongoing
model review procedures. The model
E:\FR\FM\28FEN2.SGM
28FEN2
9169
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
review should consider whether the
inputs and risk factors as well as the
model outputs are appropriate. The
review of outputs should include a
backtesting regime that compares the
model’s output with realized exposures.
sroberts on PROD1PC70 with NOTICES
Chapter 10: Risk-Weighted Assets for
Equity Exposures
S 10–1 Banks must apply the same
methodology to like instruments.
S 10–2 If a bank chooses to use an
internal model, it must produce reliable
estimates of the potential loss in the
bank’s portfolio from equity holdings
under stress market conditions.
S 10–3 Banks must validate internal
models used for equity exposures.
S 10–4 Internal models used to
calculate risk-based capital
requirements for equity exposures must
be consistent with models used in the
bank’s risk management processes and
management information reporting
systems.
Chapter 11: Securitizations
S 11–1 Banks must use the
securitization framework for any
exposures that involve the tranching of
credit risk (with the exception of a
tranched guarantee that applies only to
an individual retail exposure).
S 11–2 Banks should develop written
implementation policies and procedures
describing the allowed approaches,
methods of application, and designated
responsibilities for complying with the
securitization framework.
S 11–3 Securitization transactions
must transfer credit risk to at least one
third party to qualify for treatment
under the securitization framework.
S 11–4 Banks that provide implicit
support to securitization transactions
must hold risk-based capital as if the
underlying assets had not been
securitized, and must deduct from Tier
1 capital any after-tax gain-on-sale
resulting from the securitization.
S 11–5 A clean-up call constitutes
implicit support if, in exercising the
call, the bank provides support in
excess of its contractual obligation to
provide support to the securitization.
S 11–6 The maximum risk-based
capital requirement for all securitization
exposures held by a bank associated
with a single securitization transaction
is the amount of risk-based capital plus
expected losses that would have been
required had the underlying exposures
not been securitized.
S 11–7 Banks must follow the
specified hierarchy of approaches to
determine risk-weighted asset amounts
for all securitization exposures.
S 11–8 In order to use the RBA, the
securitization exposure must be
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
externally rated by an NRSRO, or be
eligible for an inferred rating.
S 11–9 The securitization transaction
must have an external rating assigned by
an NRSRO that fully reflects the credit
risk associated with timely repayment of
principal and interest.
S 11–10 Banks should document the
factors that support their use of the
RBA.
S 11–11 Banks’ internal credit
assessment processes should be
comprehensive, transparent,
independent, well-defined, and fully
documented.
S 11–12 Banks should analyze the
servicer’s capabilities and document the
analysis in the internal assessment.
S 11–13 The bank must validate its
ICA process on an ongoing basis and at
least annually the ICA process and
results must be subject to the full range
of the bank’s IRB validation activities.
S 11–14 Banks should document the
securitization structure and loss
prioritization.
S 11–15 Banks should retain the
specific data elements necessary to
calculate the appropriate securitization
risk-based capital requirement.
Attachment C—Acronym List
Acronym
Definition
FHLB ..............
FIN .................
Federal Home Loan Bank.
Financial Accounting Standards Board interpretation
number.
Financial Times Securities
Exchange.
Generally accepted accounting principles.
Gross domestic product.
Government sponsored enterprise.
High-volatility commercial
real estate.
Internal assessment approach.
Internal credit assessment.
Identification.
Internal models approach.
Internal ratings-based.
Capital requirement for underlying pool of exposures
(securitizations).
Credit enhancement level for
the tranche of interest.
Loan equivalent exposure.
Liquidity facility.
Loss given default.
Loan-to-value ratio.
Effective maturity.
Mortgage-backed security.
Metropolitan statistical area.
Effective number of underlying exposures.
Noticed of proposed rulemaking.
Nationally recognized statistical rating organization.
Nonsufficient funds.
Over-the-counter.
Probability of default.
Peak exposure.
Potential future exposure.
Private mortgage insurance.
Qualifying revolving exposure.
Ratings-based approach.
Real estate.
Risk-weighted assets.
Standard and Poors.
Small business investment
company.
Supervisory formula approach.
Special purpose entity.
Thickness of the tranche of
interest.
Thrift financial report.
Percentage of the tranche of
interest the bank owns.
Underlying exposure.
Unexpected losses from
counterparty credit risk
based on the Basel II capital requirement with an
alpha of 1.0.
Unexpected losses from
counterparty credit risk at
a one year 99.9% confidence level based on
banks internal models.
U.S. Code.
Value-at-risk.
FTSE ..............
GAAP .............
GDP ...............
GSE ...............
HVCRE ..........
IAA .................
ICA .................
ID ...................
IMA .................
IRB .................
KIRB ................
L .....................
LEQ ................
LF ...................
LGD ................
LTV ................
M ....................
MBS ...............
MSA ...............
N ....................
Acronym
Definition
NPR ...............
ABCP .............
Asset-backed commercial
paper.
Asset-backed security.
Accrued interest receivable.
Allowance for loan and lease
losses.
Advance notice of proposed
rulemaking.
Accounts receivable.
Adjustable rate mortgage.
Asymptotic single risk factor
model.
Counterparty Credit Risk.
Credit conversion factor.
Collateralized debt obligations.
Credit enhancement.
Credit-enhancing InterestOnly.
Code of Federal Regulations.
Credit risk mitigation.
Committee on Uniform Securities Identification Procedures.
Credit valuation adjustment.
Credit value-at-risk.
Exposure at default.
Earnings before interest,
taxes, depreciation and
amortization.
Expected exposure.
Expected positive exposure.
Expected loss.
Expected loss given default.
Exposure-weighted average
loss given default.
Financial Accounting Standards Board.
NRSRO ..........
ABS ................
AIR .................
ALLL ...............
ANPR .............
AR ..................
ARM ...............
ASRF .............
CCR ...............
CF ..................
CDO ...............
CE ..................
CEIO ..............
CFR ................
CRM ...............
CUSIP ............
CVA ................
CVaR .............
EAD ................
EBITDA ..........
EE ..................
EPE ................
EL ...................
ELGD .............
EWALGD .......
FASB ..............
PO 00000
Frm 00087
Fmt 4701
Sfmt 4703
NSF ................
OTC ...............
PD ..................
PE ..................
PFE ................
PMI .................
QRE ...............
RBA ................
RE ..................
RWA ...............
S&P ................
SBIC ...............
SFA ................
SPE ................
T .....................
TFR ................
TP ..................
UE ..................
ULBII ..............
ULCCR ...........
USC ...............
VaR ................
E:\FR\FM\28FEN2.SGM
28FEN2
9170
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Proposed Supervisory Guidance on
Advanced Measurement Approaches
for Operational Risk
Table of Contents
I. Introduction
A. Purpose
B. Qualification Requirements, Supervisory
Standards, and Operational Risk AMA
Systems
C. Supervisory Objectives and Approach
II. Definitions
III. Operational Risk Management
A. Governance
B. Board of Directors and Management
Oversight
C. Firm-Wide Operational Risk
Management Function
D. Line of Business Management
E. Reporting
IV. Operational Risk Data and Assessment
A. Capture and Maintenance of Elements
B. Internal Operational Loss Event Data
C. External Operational Loss Event Data
D. Scenario Analysis
E. Business Environment and Internal
Control Factors
V. Operational Risk Quantification
A. Analytical Framework
B. Eligible Operational Risk Offsets
C. Unit of Measure
D. Accounting for Dependence
E. Risk Mitigation
F. Alternative Approaches for Depository
Institutions
G. Documentation of Operational Risk
Quantification Systems
VI. Data Management and Maintenance
VII. Verification and Validation
VIII. Appendices
A. The NPR Qualification Requirements,
Risk-Weighted Assets for Operational
Risk, and Disclosure Requirements
B. Supervisory Standards
C. The NPR Qualification Process
D. Basel II Operational Risk Information
Collection Templates
E. Operational Loss Event Types and
Examples
sroberts on PROD1PC70 with NOTICES
I. Introduction
A. Purpose
This document sets forth the
supervisory guidance of the federal
banking agencies 1 (‘‘Agencies’’) for U.S.
banks, savings associations, and bank
holding companies (‘‘banks’’) that use
Advanced Measurement Approaches
(AMA) for calculating the risk-based
capital requirement for operational risk
under the Basel II capital regulation.
The primary Federal supervisor will
review a bank’s AMA System relative to
relevant regulatory requirements and
this guidance to determine whether the
bank may use Basel II-based rules to
determine its risk-based capital
requirements. Banks will have
1 The
Federal banking agencies are: the Board of
Governors of the Federal Reserve System, the
Federal Deposit Insurance Corporation, the Office of
the Comptroller of the Currency, and the Office of
Thrift Supervision.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
considerable flexibility in developing
operational risk management, data and
assessment, and quantification
processes that are appropriate for the
nature of their activities, business
environment, and internal controls.
This guidance should be considered
with the related notice of proposed
rulemaking (NPR), published in the
Federal Register on September 25,
2006.2 The NPR proposes the AMA
regulatory framework and the AMA
qualification requirements for banks
that are required to operate, or seek to
operate, under that framework. This
supervisory guidance provides
additional detail regarding supervisory
standards for operational risk
management, data and assessment, and
quantification processes that will help a
bank comply with the qualification
requirements in the NPR.
B. Qualification Requirements,
Supervisory Standards, and Operational
Risk AMA Systems
Although operational risk is not a new
risk, deregulation and globalization of
financial services, together with the
growing sophistication of financial
technology, and new business activities
and delivery channels are making
banks’ operational risk profiles (i.e., the
level of operational risk across banks’
activities and risk categories) more
complex. As such, banks and
supervisors are increasingly viewing
operational risk management as a
distinct risk discipline. The NPR and
this guidance outline a more disciplined
approach to operational risk
management and measurement.
The NPR establishes the qualification
requirements that a bank must meet in
order to use advanced systems for
calculating its risk-based capital
requirement. The NPR qualification
requirements for banks using an AMA
System to calculate the operational risk
component of the bank’s risk-based
capital requirement are listed in
Appendix A.3 This guidance identifies
supervisory standards (‘‘S’’) that a bank
should follow to implement and
maintain an AMA System for regulatory
capital purposes. Banks meeting these
standards should be well positioned to
demonstrate that their AMA System
meets the qualification requirements of
the NPR. The relevant supervisory
standards are listed at the beginning of
each major section of the guidance, with
a full compilation of the standards
provided in Appendix B. The standards
establish broad regulatory guidelines,
2 71
FR 55830 (Sept. 25, 2006).
guidance does not include all of the
qualifying criteria contained in the NPR.
3 This
PO 00000
Frm 00088
Fmt 4701
Sfmt 4703
while providing each bank the ability to
uniquely tailor the framework to its
organizational structure and culture.
This guidance should not be interpreted
as weakening or superseding the safety
and soundness principles articulated in
existing statutes, or in the regulations or
guidance issued by the Agencies.
The standards are organized into five
major groupings: Operational risk
management; operational risk data and
assessment; operational risk
quantification; data management and
maintenance; and verification and
validation. Operational risk
management includes standards for the
governance and organizational
structures (including reporting) needed
to manage operational risk. Operational
risk data and assessment establishes the
standards for a consistent and
comprehensive capture of the four
elements of the AMA.4 Operational risk
quantification encompasses the
standards governing the systems and
processes that quantify a bank’s
operational risk exposure. The sections
addressing data management and
maintenance, and verification and
validation, establish standards to help
ensure that a bank’s AMA System
remains robust and relevant as its
operational risk profile changes over
time. The objectives of the standards are
to help ensure rigor, integrity, and
transparency for each bank’s AMA
System and the resulting operational
risk component of the bank’s risk-based
capital requirement.
A bank’s AMA System should provide
for the consistent application of
operational risk policies and procedures
throughout the bank, and address the
roles of both the independent firm-wide
operational risk management function
and the lines of business. A sound AMA
System will identify operational risk
losses, calculate operational risk
exposures and associated operational
risk regulatory capital, promote risk
management processes and procedures
to mitigate or control operational risks,
and help ensure that management is
fully aware of emerging operational risk
issues. This framework should also
provide for the consistent and
comprehensive capture and assessment
of data elements needed to identify,
measure, monitor, and control the
bank’s operational risk exposure. This
includes identifying the nature, type(s),
and underlying cause(s) of the
operational loss event(s). Moreover, the
4 The four elements of the AMA include internal
operational loss event data, external operational
loss event data, scenario analysis, and business
environment and internal control factors. See
Section IV for a detailed discussion of the
supervisory standards for each element.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
framework must also include
independent verification and validation
to assess the effectiveness of the
controls supporting the bank’s AMA
System, including compliance with
policies, processes, and procedures.
Given the importance of these functions,
the Agencies believe that a bank’s
validation and verification functions
should begin their work soon after the
bank has started to implement its AMA
System.
In practice, a bank’s operational risk
AMA System should reflect the scope
and complexity of the business lines, as
well as the corporate organizational
structure. Each bank’s operational risk
profile is unique and requires a tailored
risk management approach, appropriate
for the scale and materiality of the risks
present, and the size of the bank. There
is no single framework that suits every
bank; the Agencies expect that different
banks will develop and implement
unique risk management, data and
assessment, and quantification systems,
consistent with their culture and risk
profile.
C. Supervisory Objectives and Approach
The supervisory standards in this
document apply to banks subject to the
Basel II regulation. However, the
Agencies will not simply evaluate a
bank’s qualification using each of the
individual supervisory standards.
Supervisors will also assess how well
the various components of a bank’s
AMA System complement and reinforce
one another to achieve the overall
objectives of effective management and
measurement of operational risk.
In performing their evaluation, the
Agencies will exercise supervisory
judgment in evaluating both the
individual components and the overall
AMA System. The NPR provides that
the primary Federal supervisor may
require a bank to assign a different riskweighted asset amount for operational
risk, to change aspects of its operational
risk analytical framework (for example,
distributional or dependence
assumptions), or to make other changes
to the bank’s operational risk
management processes, data and
assessment systems, or quantification
systems if the supervisor determines
that the risk-weighted asset amount for
operational risk produced by the bank is
not commensurate with the bank’s
operational risk profile. The primary
Federal supervisor may exercise this
authority, for example, if it has
identified significant changes or
weakness within operational risk
management processes that have not
been appropriately captured in the
bank’s AMA System.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
A bank’s AMA System will be
assessed as part of the ongoing
supervision process. Some elements of
sound operational risk management (for
example, internal controls and
information technology) have long been
subject to examination by supervisors.
Where practical, supervisors will make
every effort to leverage these
examination activities to assess the
effectiveness of AMA processes.
Substantive weaknesses or changes in a
bank’s operational risk profile identified
in an examination or through other
supervisory activities will be factored
into the AMA qualification process.5
A part of the supervisory review will
include an assessment of the bank’s
implementation plan.6 The
implementation plan must address how
the bank complies or plans to comply
with the AMA qualification
requirements. The plan must also
address the qualifying standards for the
bank and each consolidated subsidiary
(U.S. and foreign-based). A
comprehensive and sound planning and
governance process to oversee the
implementation efforts must also be
maintained. For a complete description
of the NPR’s qualification process,
please see Appendix C.
II. Definitions
There are important definitions
relevant to an AMA System for the
purposes of the Agencies’ risk-based
capital requirements. They are:
• Advanced Measurement Approach
(AMA) System means a bank’s advanced
operational risk management processes,
operational risk data and assessment
systems, and operational risk
quantification systems.
• Backtesting means the comparison
of a bank’s internal estimates with
actual outcomes during a sample period
not used in model development. In this
context, backtesting is one form of outof-sample testing.
5 For example, mergers and acquisitions
potentially change the operational risk profile of the
bank, pose challenges in integrating operational risk
management, data and assessment, and
quantification processes of the affected banks, and
consequently raise supervisory issues regarding a
bank’s AMA System. The Agencies will assess the
effects of mergers and acquisitions as a part of the
ongoing supervision of operational risk
management.
6 A bank that becomes subject to the requirements
of the rule must adopt a written implementation
plan no later than six months after the later of the
effective date of the final rule or the date the bank
meets one of the applicability criterion of the rule.
A bank that chooses to be subject to the
requirements of the final rule must adopt a written
implementation plan and notify its primary Federal
supervisor in writing of its intent at least twelve
months before it proposes to be subject to the first
floor period.
PO 00000
Frm 00089
Fmt 4701
Sfmt 4703
9171
• Benchmarking means the
comparison of a bank’s internal
estimates with relevant internal and
external data sources or estimation
techniques.
• Business environment and internal
control factors means the indicators of
a bank’s operational risk profile that
reflect a current and forward-looking
assessment of the bank’s underlying
business risk factors and internal
control environment.
• Dependence means a measure of the
association among operational losses
across and within business lines and
operational loss event types.
• Eligible operational risk offsets
means amounts, not to exceed expected
operational loss, that:
(1) Are generated by internal business
practices to absorb highly predictable
and reasonably stable operational losses,
including reserves calculated consistent
with GAAP; and
(2) Are available to cover expected
operational losses with a high degree of
certainty over a one-year horizon.
• Expected operational loss (EOL)
means the expected value (mean) of the
distribution of potential aggregate
operational losses, as generated by the
bank’s operational risk quantification
system using a one-year horizon.
• External operational loss event
data, with respect to a bank, means
gross operational loss amounts, dates,
recoveries, and relevant causal
information for operational loss events
occurring at organizations other than the
bank.
• GAAP means U.S. generally
accepted accounting principles.
• Internal operational loss event data,
with respect to a bank, means gross
operational loss amounts, dates,
recoveries, and relevant causal
information for operational loss events
occurring at the bank.
• Operational loss means a loss
(excluding insurance or tax effects)
resulting from an operational loss event.
Operational loss includes all expenses
associated with an operational loss
event except for opportunity costs,
forgone revenue, and costs related to
risk management and control
enhancements implemented to prevent
future operational losses.
• Operational loss event means an
event that results in loss and is
associated with internal fraud; external
fraud;7 employment practices and
7 Retail credit card losses arising from noncontractual, third-party initiated fraud (for example,
identity theft) are to be treated as external fraud
operational losses. All other third-party initiated
losses are to be treated as credit losses—see
discussion under Standard 17 for more details.
E:\FR\FM\28FEN2.SGM
28FEN2
9172
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
workplace safety; clients, products, and
business practices; damage to physical
assets; business disruption and system
failures; or execution, delivery, and
process management (see Appendix D
for examples of loss event types).
• Operational risk means the risk of
loss resulting from inadequate or failed
internal processes, people, and systems
or from external events (including legal
risk, but excluding strategic and
reputational risk).
• Operational risk exposure means
the 99.9th percentile of the distribution
of potential aggregate operational losses,
as generated by the bank’s operational
risk quantification system using a oneyear horizon (and not incorporating
eligible operational risk offsets or
qualifying operational risk mitigants).
• Parallel run period means a period
of at least four consecutive quarters after
adoption of the bank’s implementation
plan before the bank’s first floor period
during which the bank complies with
all the qualification requirements to the
satisfaction of the bank’s primary
Federal supervisor.
• Scenario analysis means a
systematic process of obtaining expert
opinions from business managers and
risk management experts to derive
reasoned assessments of the likelihood
and loss impact of plausible highseverity operational losses.
• Total risk-weighted assets means:
(1) The sum of:
(i) Credit risk-weighted assets; and
(ii) Risk-weighted assets for
operational risk; minus
(2) The sum of:
(i) Excess eligible credit reserves not
included in Tier 2 capital; and
(ii) Allocated transfer risk reserves.
• Unexpected operational loss (UOL)
means the difference between the bank’s
operational risk exposure and the bank’s
expected operational loss.
• Unit of measure means the level
(for example, organizational unit or
operational loss event type) at which the
bank’s operational risk quantification
system generates a separate distribution
of potential operational losses.
III. Operational Risk Management
sroberts on PROD1PC70 with NOTICES
A. Governance
S 1. The bank’s AMA System must
include an operational risk
management function and audit
function that are independent of
business line management. The
operational risk management function
should address operational risk on a
firm-wide basis.
The organizational structure that
supports a bank’s AMA System may
vary across banks, but should reflect the
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
scale and complexity of the bank’s
operational risk profile. However,
within all AMA banks, there are three
key components that should be evident:
The firm-wide operational risk
management function, line of business
management, and an independent audit
function. These three areas should have
functional independence,8 but should
work in cooperation to ensure that an
effective AMA System is in place.
S 2. The bank must have and
document a process that clearly
describes its AMA System, including
how the bank identifies, measures,
monitors, and controls operational risk.
Management should maintain
comprehensive documentation on
operational risk management policies,
processes, and procedures and
communicate them to appropriate staff.
The documentation should outline all
aspects of the bank’s AMA System,
including the following:
• The roles and responsibilities of the
board of directors,9 the independent
firm-wide operational risk management
function, line of business management,
and the independent verification and
validation functions;
• A definition for operational risk
that, at a minimum, encompasses the
regulatory definition of operational risk,
including the loss event types that will
be monitored;
• The capture and use of internal and
external operational risk loss event data,
including clear documentation of which
losses are used in and which are
excluded from estimating the bank’s
operational risk exposure;
• The appropriate use of scenario
analysis;
• The development and incorporation
of business environment and internal
control factor assessments, and risk
mitigants;
• A description of the analytical
framework that quantifies the
operational risk exposure of the bank;
• How eligible operational risk offsets
are determined, measured, and
accounted for;
• A description of report content,
distribution, and frequency for board of
directors, line of business, and firmwide reporting, including escalation of
emerging issues and changing trends;
8 For the purposes of this guidance, ‘‘functional
independence’’ is the ability to carry out work
freely and objectively and render impartial and
unbiased judgments. Independence is often
evidenced through separate reporting lines.
Supervisory assessments of independence will rely
upon guidelines contained in existing regulatory
guidance (for example, audit, internal control
systems, and board of directors/management).
9 For the purposes of this guidance, the ‘‘board of
directors’’ refers to either the full board or its
designated board committee.
PO 00000
Frm 00090
Fmt 4701
Sfmt 4703
• A description of the verification
and validation processes and
procedures; and
• Descriptions of the review and
approval process for significant policy
and procedural changes and exceptions.
The bank’s documentation should
clearly differentiate the roles and
responsibilities of the independent
verification and validation functions.
Activities to verify the bank’s AMA
System are typically included in the
bank’s internal or external audit
programs. More specifically,
independent verification includes the
work done to test and verify the bank’s
AMA policies and procedures.
Verification activities should be
sufficiently broad to confirm that the
bank’s AMA System is working
effectively and in a manner consistent
with policies approved by the bank’s
board of directors. In addition, the
verification function ensures that
validation of AMA models was
completed in accordance with the
bank’s validation policy. Validation
includes processes the bank uses to test
and assess the accuracy of models used
to quantify the operational risk exposure
and the operational risk component of
the bank’s risk-based capital
requirement.
The documentation need not be
contained in a single comprehensive
document. Instead, banks may choose to
develop and maintain an umbrella
document that provides the board of
directors with an overview of its AMA
System, including how the framework
allows for identifying, measuring,
monitoring, and controlling operational
risk. A bank should consider including
the following in this overview
document:
• Define the bank’s philosophy and
strategy for operational risk
management and its risk tolerance;
• Define the roles and responsibilities
of those involved in the development,
implementation, and oversight of the
bank’s AMA System; and
• Reference additional detailed
policies, processes, and procedures.
S 3. The bank must maintain
effective internal controls supporting its
AMA System.
As one of the foundations of safe and
sound banking, sound internal controls
are essential to a bank’s management of
operational risk and are an important
requirement for AMA qualification.
When properly designed and
consistently enforced, a sound system of
internal controls will help management
safeguard the bank’s resources, produce
reliable financial reports, and comply
with laws and regulations. Sound
internal controls, assessed annually for
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
effectiveness by internal audit, should
also reduce the possibility of significant
human errors and irregularities in
internal processes and systems, and
should assist in their timely detection
when they do occur. The audit
function’s annual assessment is not
required to assess all operational risk
controls, but the scope of the assessment
should be sufficient to assess the
effectiveness of the controls supporting
the bank’s AMA System (see Section
VII).
The Agencies are not introducing new
internal control standards, but rather
emphasizing the importance of existing
standards.10 Internal control systems
may differ among banks due to the
nature and complexity of a bank’s
products and services, organizational
structure, and risk management culture.
The existing regulatory standards allow
for these differences, while also
establishing regulatory expectations for
the scope and quality of the internal
control structure.
The extent to which a bank maintains
effective internal controls will be
assessed through ongoing supervisory
processes. As noted earlier, the
Agencies will leverage existing
examination processes to avoid
duplication in assessing implementation
of a bank’s AMA System.
sroberts on PROD1PC70 with NOTICES
B. Board of Directors and Management
Oversight
S 4. The bank must ensure that an
effective framework is in place to
identify, measure, monitor, and control
operational risk, and to accurately
compute the bank’s operational risk
component of the bank’s risk-based
capital requirement. The board of
directors must at least annually
evaluate the effectiveness of, and
approve, the bank’s AMA System,
including the strength of the bank’s
control infrastructure.
S 5. The board of directors and
management should ensure that the
bank’s operational risk management,
data and assessment, and
quantification processes are
appropriately integrated into the bank’s
existing risk management and decisionmaking processes and that there are
adequate resources to support these
processes throughout the bank.
Strong board of directors and
management oversight forms the
10 Each Agency has extensive guidance on
corporate governance, internal controls, and risk
monitoring and reporting in its respective
examination policies and procedures. All Agencies
have standards for safe and sound operations and
for safeguarding customer information. In addition,
there are a number of interagency standards that
cover topics relevant to the internal control
structure.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
cornerstone of an effective operational
risk management process. The board of
directors is responsible for overseeing
the establishment and ongoing
effectiveness of the AMA System. The
board of directors must approve the
bank’s written implementation plan. In
addition, the board of directors must at
least annually evaluate the effectiveness
of, and approve, the bank’s AMA
System. Information provided to the
board of directors for this review should
be detailed enough for the bank’s board
members to understand and evaluate its
AMA System.11 The board of directors’
evaluation should reflect the results of
any independent reviews and the
findings of the verification and
validation functions.12
Other board of directors’
responsibilities with respect to
operational risk may include:
• Understanding and approving the
bank’s tolerance for operational risk; 13
• Ensuring appropriate management
responsibility, accountability, and
reporting;
• Understanding the major aspects of
the bank’s operational risk profile
through the periodic review of highlevel reports that address material risks,
capital adequacy, and strategic
implications for the bank;
• Ensuring that management
demonstrates that it is actively using its
AMA System as a basis for assessing
and managing operational risk, and that
the framework’s use is not limited to
determining regulatory capital;
• Ensuring that mechanisms exist to
allow for the independent verification of
the AMA System’s implementation and
validation activities;
• Ensuring that mechanisms exist to
allow for the independent validation of
the bank’s risk measurement and
quantification processes; and
• Ensuring Compliance with
regulatory disclosure requirements.
11 Important sources of information about the
effectiveness of the AMA System include: (1)
Internal audit’s annual review of the effectiveness
of operational risk controls and the independent
verification function’s annual assessment of the
adequacy of the overall operational risk framework,
and (2) the results of the validation function’s
testing of model results and assessment of
quantification processes—see Standards 3 and 32.
12 See Section VII—Verification and Validation
for more details regarding independent review
requirements.
13 Banks use several approaches to define
operational risk tolerance, including establishing
expectations for control self assessments,
establishing targeted ceilings for operational losses,
developing key risk indicators, or establishing other
qualitative expectations for operational risk
management. These approaches will continue to
evolve and banks are encouraged to continue to
develop effective metrics to define their operational
risk tolerance.
PO 00000
Frm 00091
Fmt 4701
Sfmt 4703
9173
The board of directors may delegate
the responsibility and authority for the
design and implementation of the AMA
System to management. Management is
responsible for translating the bank’s
AMA System into specific policies,
processes, and procedures,
implementing them across business
lines, and ensuring independent
verification and validation of the AMA
System. Management is also responsible
for communicating the policies,
processes, and procedures throughout
the bank to ensure consistent
understanding and treatment of
operational risk.
While each level of management is
responsible for implementing the AMA
System in their areas, senior
management should clearly assign
authority and responsibilities to
business managers to encourage and
maintain accountability. Moreover,
senior management should ensure
appropriate implementation of the AMA
System within individual business
lines.
Senior management is responsible for
ensuring that operational risk is
appropriately managed across the bank
and that all components of the bank’s
AMA System function effectively and
meet regulatory requirements.
Specifically, management should ensure
that the bank has qualified staff and
sufficient resources to carry out the
operational risk functions outlined in its
AMA System. Appropriate staff and
resources should be available within the
lines of business, the firm-wide
operational risk management function,
and the verification and validation
functions to monitor and enforce
compliance with the bank’s policies and
procedures related to the AMA System.
Other management responsibilities
include ensuring that:
• The bank’s overall operational risk
profile is monitored, maintained at
prudent levels, and supported by
adequate capital;
• Compensation policies are
sufficiently flexible to attract and retain
qualified and competent operational
risk expertise; and
• Operational risk issues are
communicated consistently to staff
responsible for managing other risks (for
example, credit, market, and liquidity
risk), as well as staff responsible for
purchasing insurance and overseeing
third-party outsourcing arrangements.
C. Firm-Wide Operational Risk
Management Function
S 6. The bank must have a firm-wide
operational risk management function
that oversees the AMA System and is
independent of business line
E:\FR\FM\28FEN2.SGM
28FEN2
9174
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
management. The operational risk
management function is also
responsible for the development of
operational risk data and assessment
systems, operational risk quantification
systems, and related processes
throughout the bank.
S 7. The firm-wide operational risk
management function should ensure
adequate analysis and reporting of
operational risk information. The
function should also develop and report
on the firm-wide operational risk
profile.
The roles and responsibilities of the
firm-wide operational risk management
function may vary among banks, but
should be clearly documented in
operational risk policies and
procedures. The firm-wide function
should have organizational stature
commensurate with the bank’s
operational risk profile. At a minimum,
the function should ensure the
development of policies, processes, and
procedures that explicitly manage
operational risk as a distinct risk.
Responsibilities of the firm-wide
operational risk management function
may include:
• Assisting in the implementation of
the AMA System;
• Reviewing the bank’s performance
against stated operational risk
objectives, goals, and risk tolerances;
• Periodically evaluating the
effectiveness of the bank’s AMA
System;14
• Reviewing and analyzing
operational loss event data and reports;
and
• Ensuring appropriate reporting to
senior management and the board of
directors.
D. Line of Business Management
sroberts on PROD1PC70 with NOTICES
S 8. Line of business management is
responsible for ensuring appropriate
day-to-day management of the
operational risks within its business
unit.
S 9. Line of business management
should ensure that internal controls
and practices within its business unit
are consistent with firm-wide policies,
processes, and procedures.
Line of business management should
ensure that business-specific policies,
processes, and procedures are in place,
and appropriate staff is available to
14 The evaluation of a bank’s operational risk
framework may consider loss experience; effects of
external market changes, other environmental
factors, and the potential for new or changing
operational risks associated with new products,
activities or systems; and the framework’s ability to
detect or prevent potential operational losses. This
evaluation process should include an assessment of
leading industry practices.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
manage operational risk associated with
the products and activities offered.
Implementation of the AMA System
within each line of business should
correspond to the scope of that business
and its operational complexity and risk
profile. Line of business operational risk
reporting should be appropriate in
frequency and scope to identify,
measure, monitor, and control
operational risk. Reporting should also
address the condition of the internal
control environment for a given line of
business.
E. Reporting
S 10. The board of directors and
senior management must receive
reports on operational risk exposure,
operational risk loss events, and other
relevant operational risk information.
The reports should include information
regarding firm-wide and business line
risk profiles, loss experience, and
relevant business environment and
internal control factor assessments.
These reports should be received
quarterly.
To facilitate monitoring of operational
risk, results from the data and
assessment, and quantification
processes should be summarized and
included in reports that can be used by
different audiences to understand,
manage, and control operational risk
and losses. Reports generated by the
bank’s AMA System 15 should provide
the foundation for reporting to the board
of directors and senior management.
Comprehensive management reporting,
geared toward the firm-wide operational
risk management function and line of
business management, should include:
• Operational loss experience,
including an overview and assessment
of loss experience over time;
• Operational risk exposure;
• Changes in assessments of business
environment and internal control
factors;
• Changes in factors signaling an
increased risk of future losses;
• Trend analysis, allowing line of
business and independent firm-wide
operational risk management to assess
and manage operational risk exposures,
systemic line of business risk issues,
and other corporate risk issues;
• Policy and risk tolerance reporting;
and
• Operational risk causal factors.
15 The firm-wide operational risk management
function, lines of business, and the verification and
validation functions should be generating reports
for their unique needs. These reports should form
the basis for aggregating reporting to senior
management and the board of directors.
PO 00000
Frm 00092
Fmt 4701
Sfmt 4703
IV. Operational Risk Data and
Assessment
The bank must have operational risk
data and assessment systems that
include credible, transparent,
systematic, and verifiable processes that
incorporate the following elements on
an ongoing basis:
• Internal operational loss event data,
• Relevant external operational loss
event data,
• Scenario analysis, and
• Assessments of the bank’s business
environment and internal control
factors.
In addition, the operational risk data
and assessment systems must be
structured in a manner consistent with
the bank’s current business activities,
risk profile, technological processes,
and risk management processes. The
operational risk data and assessment
systems should provide for the
consistent and comprehensive capture
of the four elements needed to measure
and verify the bank’s operational risk
exposure. The four elements should be
combined in a manner that most
effectively allows the bank to quantify
its exposure to operational risk.
A. Capture and Maintenance of
Elements
S 11. The bank must have a
systematic process for incorporating
internal loss event data, external loss
event data, scenario analyses, and
assessments of its business environment
and internal controls factors to support
both its operational risk management
and measurement framework, as well
as its calculation of the bank’s
operational risk component of its riskbased capital requirement.
S 12. The bank must use the
regulatory definition of operational risk
when assessing the operational risks to
which the bank is exposed in order to
calculate its risk-based capital
requirement for operational risk. The
bank should have clear standards for
the collection and modification of all
four elements in the operational risk
data and assessment systems that
support its AMA System.
The four required elements of a bank’s
data and assessment systems that
support its AMA System aid the bank in
identifying the level of and trends in
operational risk, determining the
effectiveness of risk management and
control, highlighting opportunities to
better mitigate operational risk, and
assessing operational risk on a forwardlooking basis. The bank should
demonstrate that the four elements
jointly cover all significant operational
risks to which it is exposed. In the case
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
where the bank has sustained an
operational loss event above its
established threshold, but the loss is not
yet included in the internal loss
database, the bank should be able to
demonstrate that the exposure is
reasonably captured elsewhere, such as
in one of its external loss observations
or in one of its scenarios (see Standard
16 regarding the use of thresholds).
The bank should demonstrate that it
has implemented its AMA System
appropriately in all lines of business
and corporate functions that could
generate operational risk. For regulatory
capital purposes, a bank must use the
definition of operational risk that is
provided in Section II—Definitions. A
bank may use an expanded definition
for risk management and measurement
purposes, if it considers it more
appropriate for risk management and
measurement purposes.
As part of its AMA System
implementation, a bank should
demonstrate that it has established a
consistent and comprehensive process
for the capture and modification of all
four required elements. While the
primary Federal supervisor will review
the quantification processes that
combine these elements to determine
the operational risk exposure, the
supervisor must have the capacity to
review the data collection process and
the individual elements as well.
The bank should have a defined
process that establishes responsibilities
over the systems developed to capture
and modify the AMA elements. In
particular, the issue of modifying the
data capture systems should be
addressed in policies or procedures.
System and process documentation
should be maintained, with any
modification tracked separately and
reasons for the changes kept in the
historical record. Such tracking allows
management and supervisors to identify
the nature and rationale of the
modification. For example, the Agencies
are particularly interested when a bank
modifies its loss database by excluding
a loss event from the quantitative
measurement process. Management
should have clear standards for
addressing modifications and clearly
delineate who has authority to override
the data systems and under what
circumstances. In addition, management
should track override decisions.
B. Internal Operational Loss Event Data
S 13. The bank must have a historical
observation period of at least five years
for internal operational loss event data.
A shorter period may be approved by
the primary Federal supervisor to
address transitional situations, such as
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
integrating a new business line.
Internal data should be captured across
all business lines, corporate functions,
events, product types, and geographic
locations. The bank must have a
systematic process for capturing and
using internal operational loss event
data in its operational risk data and
assessment systems.
S 14. The bank should be able to map
internal operational losses to the seven
operational loss-event categories.
S 15. The bank should have a policy
that identifies when an operational loss
is recognized and should be added to
the loss event database. The policy
should provide for consistent treatment
across the bank.
S 16. The bank may establish
appropriate internal operational loss
event data thresholds and, if so, must
demonstrate the appropriateness of
such thresholds.
S 17. The bank should have a clear
policy that allows for the consistent
treatment of loss event classifications
(for example, credit, market, or
operational loss events) across the
organization.
Internal data with sufficient integrity
is important in identifying the level of
and trends in operational risk. A key to
internal data integrity is the consistent
and complete capture of loss event data
across the bank. The bank must have a
minimum historical observation period
of five years of internal operational loss
event data, or such shorter transitional
period approved by the bank’s primary
Federal supervisor. For example, when
a bank has recently acquired a firm that
does not have comprehensive internal
loss event data, the resulting bank
should make use of both its internal loss
data and the acquired firm’s data to
properly reflect the risks of the resulting
institution. Depending on the quality of
the data from the acquired firm, the
resulting bank may have to place more
weight on relevant external loss event
data, results from scenario analysis, and
factors reflecting assessments of the
business environment and internal
controls. Additionally, if a bank exits a
business line and can clearly
demonstrate that its exposure has been
eliminated and that the loss experience
does not have relevance to other
remaining activities, the bank would
likely be able to exclude that business
unit’s loss experience from subsequent
quantification processes.
The bank should have a policy that
identifies when an operational loss is
recognized and should be added to the
loss event database. Policies and
procedures should be communicated to
ensure there is satisfactory
understanding of operational risk and
PO 00000
Frm 00093
Fmt 4701
Sfmt 4703
9175
the data capture requirements by
appropriate staff. The independent firmwide operational risk management
function should ensure that the loss
data are captured across all business
lines, corporate functions, products
types, event types, and from all
geographic locations that could generate
operational risk. The bank’s operational
loss policies and procedures should
consider the effect and treatment of
operational loss events that are
recovered within a short period of time.
The bank’s data and assessment
system should have the ability to
aggregate internal losses that are
associated with the same loss event.
This means the bank should be able to
link operational loss events that cross
multiple business lines or event types.
Institutions should also maintain
policies to ensure consistent
identification and capture of multiple
loss events that occur within one or
several time periods, but that result
from the same initial operational loss
event. When capturing internal losses
that span more than one business line,
the bank may choose to assign the entire
loss to one business line (for example,
where the effect is the greatest, where
the control breakdown occurred).
Alternatively, the bank may choose to
apportion the loss across several
affected business lines. Regardless of
how losses are assigned, the method
should be well-reasoned and
sufficiently documented. The treatment
of related losses will also have an effect
on dependence modeling, as discussed
under Standard 28. If data are not
captured across all business lines or
from all geographic locations, the bank
should document and explain the
exceptions, including why the
exceptions will not impair the bank’s
estimation of its operational risk
exposure.
The description of the loss event,
including causal factors, should be
collected for internal operational loss
events. Examples of additional loss
event information to be collected
include:
• Gross loss amount;
• Where the loss is reported and
expensed;
• Loss event type category;
• Date of the loss;
• Discovery date of the loss;
• Event end date;
• Insurance recoveries;
• Other recoveries; and
• Adjustments to the loss estimate.
The level of detail describing the loss
event and management action should be
commensurate with the size of the gross
loss amount. The bank may also choose
to capture additional data that enhance
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9176
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
loss events; and (3) credit, market, and
operational risk losses are being
accounted for in the correct manner for
regulatory capital purposes.
The agencies have established a
boundary between credit and
operational risks for regulatory capital
purposes. Losses that arise from events
associated with a credit arrangement
with a borrower are credit losses with
one proposed exception: Retail credit
card fraud losses (for example, identity
theft) are to be considered external fraud
operational losses.
its operational risk management, data
and assessment, and quantification
processes. For example, it may be
appropriate to capture data on ‘‘near
miss’’ events, where no financial loss
was incurred. While these near misses
may not factor directly into the
regulatory capital calculation, they may
be useful to inform scenario analysis or
for the operational risk management
process.
For regulatory capital purposes, AMA
banks should be able to map operational
risk losses into the seven operational
loss event categories defined in Section
II. Banks will not be required to produce
reports or perform analysis on the basis
of the operational loss event categories
for internal purposes, but should use the
information to verify the
comprehensiveness of the bank’s data
set.
The bank may refrain from collecting
internal operational loss event data for
individual operational losses below
established thresholds, if the bank can
demonstrate to its primary Federal
supervisor that the thresholds are
reasonable. There are a number of
factors that a bank may use to establish
the thresholds. Thresholds may be
based on business lines, corporate
functions, product types, geographic
location, or other appropriate factors.
The Agencies will allow flexibility in
this area, provided the bank can
demonstrate that the thresholds are
reasonable, do not exclude important
internal operational loss event data, and
permit the bank to capture substantially
all the dollar value of the bank’s
operational losses. A bank could
demonstrate to its primary Federal
supervisor that it has chosen
appropriate thresholds by estimating the
change in operational risk exposure as
a result of using different thresholds.16
Banks may also find it useful to
capture loss events in their operational
risk databases that are treated as credit
risk for regulatory capital purposes, but
have an underlying element of
operational risk. These types of events,
while not incorporated into the
regulatory capital calculation for
operational risk, may have implications
for operational risk management. For
banks that capture loss events
differently for regulatory capital and
risk management purposes, bank
management should demonstrate that
(1) loss events are being captured
consistently across the bank; (2) the data
systems are sufficiently advanced to
allow for this differential treatment of
External data may serve a number of
different purposes in an AMA System.
For example, where internal loss data
are limited, external data may be a
useful input in determining the bank’s
level of operational risk exposure. Even
where external loss data are not an
explicit input to a bank’s database, such
data may provide a means for the bank
to understand industry experience and
assess the adequacy of its internal data.
External data may also prove useful to
inform scenario analysis, provide
additional data for severity
distributions, or in model validation
and out-of-sample testing.
The bank must establish a systematic
process for determining the
methodologies for incorporating
external loss data into its operational
risk data and assessment systems. To
incorporate external loss data into a
bank’s framework, examples of the type
of information a bank should collect
include:
• Loss amount;
• Loss description; 17
• Loss event type category;
• Loss event date;
• Adjustments to the loss amount (for
example, recoveries and insurance
settlements) to the extent that they are
known; and
• Sufficient information about the
reporting institution to facilitate
comparison to its own organization.
Banks may obtain external loss data in
any reasonable manner. For example,
some banks are using data acquired
through membership with industry
16 As discussed later in Standard 26, the choice
of thresholds may affect the amount of EL offset that
a bank can recognize.
17 Loss descriptions should be included to the
extent possible, but are not generally available from
consortium data sources.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
C. External Operational Loss Event Data
S 18. THE BANK MUST HAVE A SYSTEMATIC
PROCESS FOR DETERMINING HOW EXTERNAL
LOSS DATA WILL BE INCORPORATED INTO
ITS OPERATIONAL RISK DATA AND
ASSESSMENT SYSTEMS.
S 19. THE BANK SHOULD SYSTEMATICALLY
REVIEW EXTERNAL DATA TO ENSURE AN
UNDERSTANDING OF INDUSTRY
OPERATIONAL LOSS EXPERIENCE.
PO 00000
Frm 00094
Fmt 4701
Sfmt 4703
consortia while other banks are using
data obtained from vendor databases or
public sources such as court records or
media reports. In all cases, management
should carefully evaluate the data
source to ensure that the information
being reported is relevant and accurate.
The bank should document its process
for and decisions regarding external
data selection and scaling.
D. Scenario Analysis
S 20. The bank must have a
systematic process for determining how
scenario analysis will be incorporated
into its operational risk data and
assessment systems.
Scenario analysis allows the bank to
incorporate forward-looking elements
into its operational risk data and
assessment systems. More specifically,
scenario analysis is a systematic process
of obtaining expert opinions from
business and risk managers to derive
reasoned assessments of the likelihood
and loss impact of plausible highseverity operational losses that may
occur at a bank. Scenario analysis is
especially relevant for business lines or
operational loss event types in which
internal data, external data, or
assessments of business environment
and internal control factors do not
provide a sufficiently robust estimate of
the bank’s exposure to operational risk.
For example, a bank’s scenario analysis
should include consideration of highseverity loss events that occur
infrequently in the industry. It could
also include the effects of mergers or
other significant organizational changes
that may affect the nature of operational
losses in the future. Business line and
risk management experts’ use of wellreasoned, external data may itself be a
form of scenario analysis.
The bank must have a systematic
process for determining the
methodologies for incorporating
scenario analysis into its operational
risk data and assessment systems. The
process should cover key elements of
scenario analysis, such as the manner in
which the scenarios are generated, the
frequency with which they are updated,
and the scope and coverage of
operational loss events they are
intended to reflect. The bank should
document its process for conducting
scenario analysis, as well as the results
of the analysis.
E. Business Environment and Internal
Control Factors
S 21. The bank must incorporate
business environment and internal
control factors into the bank’s
operational risk data and assessment
systems.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
regard, banks should identify and assess
the level of and trends in operational
risk and related control structures across
the organization. These assessments
should be current and comprehensive
across the bank, and should identify the
critical operational risks facing the
bank.
The business environment and
internal control factor assessments
should identify positive and negative
trends in operational risk management
within the bank. These assessments
include reviewing both the control
processes relating to current activities,
as well as those relating to anticipated
changes in a bank’s business risk
profile. Periodic comparisons must be
made between the bank’s actual
operational loss exposure and the
assessment results.
Operational risk exposure may be
reduced with eligible operational risk
offsets, up to the amount of EOL (see
Section B below). The bank’s primary
Federal supervisor will review the
bank’s use of eligible operational risk
offsets for appropriateness. A bank may
also adjust its operational risk exposure
to reflect reductions from operational
risk mitigants (for example, insurance),
subject to the qualification requirements
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
V. Operational Risk Quantification
A bank must have a comprehensive
operational risk quantification system,
using inputs from its data and
assessment systems, that provides an
estimate of the bank’s operational risk
PO 00000
Frm 00095
Fmt 4701
Sfmt 4703
exposure, which is defined as the 99.9th
percentile of the distribution of
potential aggregate operational losses
over a one-year horizon. The bank’s
operational risk exposure is the starting
point in determining the risk-based
capital requirement for operational risk
(see Graph 1).
A bank’s estimate of operational risk
exposure includes both EOL and UOL,
forming the basis of the bank’s riskbased capital requirement for
operational risk. The bank’s estimate of
operational risk exposure should also
consider qualitative factors (for
example, changes in business
environment and internal control
factors). Qualitative factors can be
incorporated into the bank’s
quantification methodology in different
ways and at different modeling stages.
While not prescribing a specific
methodology, the Agencies will assess
the processes banks use to integrate
qualitative factors into the
quantification of operational risk
exposure.
and limits (described in Section E
below).
The dollar risk-based capital
requirement for operational risk,
resulting from the bank’s risk
quantification system, is the greater of:
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.036</GPH>
sroberts on PROD1PC70 with NOTICES
S 22. The bank must periodically
compare the results of its business
environment and internal control factor
assessments against the bank’s actual
operational risk loss experience.
Business environment and internal
control factors are indicators of the
bank’s operational risk profile that
reflect the underlying business risk
factors, an assessment of the current
internal control environment, and a
forward-looking assessment of the
bank’s control environment. The
framework established to maintain the
business environment and internal
control factor assessments should be
sufficiently flexible to encompass the
range and complexity of actual and
planned activities, changes in internal
control systems, or an increased volume
of information. In principle, a bank with
strong internal controls in a stable
business environment will have, all
other things being equal, less exposure
to operational risk than a bank with
internal control weaknesses, that is
experiencing rapid growth, or that is
introducing new products. In this
9177
9178
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
• The bank’s operational risk
exposure adjusted for qualifying
operational risk mitigants minus eligible
operational risk offsets; or
• 0.8 multiplied by the difference
between the bank’s operational risk
exposure and eligible operational risk
offsets (if any).
If the bank has no qualifying
operational risk mitigants, the dollar
risk-based capital requirement for
operational risk is equal to its
operational risk exposure less any
eligible operational risk offsets.
In recognition of the modeling
challenges in legal entities with little
internal operational risk loss data, a
bank may generate an estimate of its
operational risk exposure using an
alternative approach to that described
above, with the prior written approval
of its primary Federal supervisor.
Requirements for the use of an
alternative approach are provided in
Section V.F. below.
The bank’s risk-weighted asset
amount for operational risk equals the
bank’s dollar risk-based capital
requirement for operational risk
determined as described above
multiplied by 12.5.
A. Analytical Framework
S 23. The bank must have an
operational risk quantification system
that provides an estimate of the bank’s
operational risk exposure.
S 24. The bank’s operational risk
quantification system must use a
combination of internal operational
loss event data, relevant external
operational loss event data, business
environment and internal control factor
assessments, and scenario analysis
results. The bank should combine these
elements in a manner that most
effectively enables it to quantify its
operational risk exposure. The bank
should choose the analytical
framework that is most appropriate to
its business model.
S 25. The bank must review and
update its operational risk
quantification system whenever it
becomes aware of information that may
have a material effect on the bank’s
estimate of operational risk exposure or
risk-based capital requirement for
operational risk, but no less frequently
than annually. A complete review and
recalculation of the bank’s
quantification system, including all
modeling inputs and assumptions, must
be done at least annually.
While not specifying the exact
methodology, the Agencies have
developed regulatory requirements that
a bank must use to determine its
operational risk exposure. These
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
requirements are intended to help
ensure that the regulation can
accommodate continued evolution of
operational risk quantification
techniques, yet remain amenable to
consistent application and enforcement
across banks. The Agencies expect that
there will be significant variation in
analytical frameworks across banks,
with each bank tailoring its framework
to leverage existing technology
platforms and risk management
procedures. The framework must use
the following inputs: Internal
operational loss event data, relevant
external operational loss event data,
assessments of business environment
and internal control factors, and
scenario analysis. The Agencies expect
that there will be some uncertainty in
the analytical frameworks because of the
evolving nature of operational risk data
and assessment systems. Therefore, the
analytical frameworks should be
conservative and reflect the
evolutionary status of operational risk
management, measurement and
quantification, and its impact on data
capture and analytical modeling.
The Agencies expect there will be
variation across banks in the
combination and weighting of the four
elements. In weighting each element, a
bank should consider availability and
applicability of each of the four
elements within each unit of measure.
For example, banks with comprehensive
internal data that reflect the full range
of their potential loss exposures may
choose to place less emphasis on
external data or scenario analysis.
Conversely, banks with limited internal
data would generally rely more heavily
on external data and scenario analysis
in estimating their operational risk
exposure.
Banks should be able to demonstrate
(see Standard 30) the effect of each
element on the operational risk
exposure estimate. In cases where this is
not possible, or where an element is not
used as a direct input into the
quantitative model, the bank should
calculate a benchmark estimate using
that element individually.
A bank must review and update its
operational risk quantification system
whenever it becomes aware of
information that may have a material
effect on the bank’s estimate of
operational risk exposure, but no less
frequently than annually. On a quarterly
basis, a bank must publicly disclose its
total and Tier 1 risk-based capital ratios
and their components, including
operational risk related data (see
Appendix D). As a part of this
disclosure process, the bank should
consider any material changes in either
PO 00000
Frm 00096
Fmt 4701
Sfmt 4703
(1) the qualitative/quantitative inputs
and assumptions from the previous
quarter or (2) the risk profile of the bank
that may affect the estimate of
operational risk exposure or the
resulting operational risk capital
requirement. Specifically, the bank
should ensure that all major inputs,
elements, and assumptions are
reviewed, and adjusted as necessary, to
reflect relevant changes in the bank’s
operational risk profile (for example,
changes in loss experience, data inputs,
business activity, external factors,
assumptions, insurance coverage, and
eligible offsets). Senior management
should determine and document which
components of the quantification system
will need to be revised prior to
recalculating the bank’s operational risk
exposure and operational risk capital
requirement due to any identified
material change in inputs or
assumptions. A complete review and
recalculation of a bank’s estimate of
operational risk exposure and its riskbased capital requirement for
operational risk, including updating all
modeling inputs and assumptions, must
be done at least annually.
B. Eligible Operational Risk Offsets
S 26. In calculating the risk-based
capital requirement for operational
risk, management may deduct certain
eligible operational risk offsets from its
estimate of operational risk exposure.
To the extent that these offsets do not
fully cover expected operational loss
(EOL), the bank’s risk-based capital
requirement for operational risk must
incorporate the shortfall. Eligible
operational risk offsets may only be
used to offset EOL, not UOL.
In calculating the risk-based capital
requirement for operational risk, a bank
may deduct certain eligible operational
risk offsets from its estimate of
operational risk exposure. As with other
aspects of the AMA, the eligible
operational risk offset process is
intended to be flexible and dynamic in
order to accommodate the continuing
evolution of underlying business
practices and accounting standards.
Supervisors will review all offsets to
ensure they are eligible as defined by
the NPR. The Agencies intend to
develop a process of approving eligible
operational risk offsets that is practical,
clearly articulated, and grounded in
prudential bank supervisory principles.
Banks should clearly document how
eligible operational risk offsets are
measured and accounted for, including
how they meet the conditions outlined
above.
The maximum offset is bounded by
EOL. Furthermore, the losses
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
corresponding to the eligible operational
risk offset must be fully consistent with
the EOL-plus-UOL capital requirement
calculated using the bank’s AMA model.
If certain small losses are not modeled
(for example, because they are below a
collection threshold), an operational
risk offset should not be taken for such
losses.
Banks must demonstrate that losses
corresponding to the potential eligible
operational risk offset are highly
predictable and reasonably stable. The
bank’s estimation process for eligible
operational risk offsets should be
consistent over time. The Agencies
consider balance sheet reserves,
established consistent with GAAP to
cover such losses, as eligible operational
risk offsets. Eligible offsets also must be
clear capital substitutes or otherwise
available to cover EOL with a high
degree of certainty over a one-year
horizon. Reserves associated with large,
unexpected operational losses (UOL) do
not qualify as eligible operational risk
offsets. While additional eligible
operational risk offsets may be
considered in the future, the Agencies’
review of the implementation of AMA
Systems indicates that banks so far have
only been able to demonstrate that
losses resulting from external credit
card fraud or securities processing
errors may meet the test of being highly
predictable and reasonably stable.
sroberts on PROD1PC70 with NOTICES
C. Unit of Measure
S 27. The bank must employ a unit
of measure that is appropriate for the
bank’s range of business activities and
the variety of operational loss events to
which it is exposed, and that does not
combine business activities or
operational loss events with different
risk profiles within the same loss
distribution.
Banks should weigh the advantages
and disadvantages of estimating a single
loss distribution or very few loss
distributions (top-down approach),
versus a larger number of loss
distributions for specific event types
and/or business lines (bottom-up
approach). One advantage of the topdown approach is that data sufficiency
is less likely to be a limiting factor,
whereas with the bottom-up approach
there may be pockets of missing or
limited data. However, a loss severity
distribution may be more difficult to
specify with the top-down approach, as
it is a statistical mixture of (potentially)
heterogeneous business line and event
type distributions. Supervisors will
consider the conditions necessary for
the validity of top-down approaches and
evaluate whether these conditions are
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
met in their particular individual
circumstances.
D. Accounting for Dependence
S 28. The bank may use internal
estimates of dependence among
operational losses within and across
business lines and operational loss
events if the bank can demonstrate to
the satisfaction of its primary Federal
supervisor that the bank’s process for
estimating dependence is sound, robust
to a variety of scenarios, and
implemented with integrity, and allows
for uncertainty surrounding the
estimates. If the bank has not made
such a demonstration, it must sum
operational risk exposure estimates
across units of measures to calculate its
total operational risk exposure.
A bank using internal estimates of
dependence, whether explicit or
embedded, must demonstrate that its
process for estimating dependency is
sound, robust to a variety of scenarios,
and implemented with integrity, and
allows for the uncertainty surrounding
the estimates. To the extent a bank
cannot support its process for estimating
dependence, the bank must sum
operational risk exposure estimates
across its chosen units of measure to
calculate the bank’s total operational
risk exposure. While dependence
modeling for operational risk is an
evolving area, banks should consider
the following principles and guidelines:
• Assumptions regarding dependence
should be supported by empirical
analysis (data) where possible. The
Agencies expect this analysis will
become more feasible over time as data
availability increases and greater
consensus emerges with regard to
dependence modeling.
• Where empirical support is not
possible, dependence assumptions
should be based on the judgment of
business line experts. In such cases, it
would be important to express
dependence concepts in intuitive terms.
For example, business line experts
could assess the probability of certain
large loss event scenarios occurring
simultaneously. For banks that already
rely heavily on scenario analysis, using
expert judgment to assess dependence
in this manner would merely be an
extension of the scenario analysis
process from a business line perspective
to a broader perspective.
• The bank should demonstrate that it
has considered the possibility that
dependence may not be constant over
time and may increase during stress
environments.
• The bank should develop a process
for assessing on-going improvements to
the approach (for example, through out-
PO 00000
Frm 00097
Fmt 4701
Sfmt 4703
9179
of-sample testing). Such advances
would in turn enhance the ability of the
bank to estimate its aggregate
operational losses at the 99.9 percent
confidence level.
• Banks should perform sensitivity
analyses of the effect of alternative
dependence assumptions on their
operational risk exposure estimate.
• Banks should not restrict
dependence structures to those based on
normal distributions, as normality may
underestimate the amount of
dependence between tail events.
• Dependence assumptions should be
consistent with the way in which loss
events are defined and used. For
example, if one underlying factor causes
multiple losses, such as an earthquake
that results in damage to multiple
buildings, recording multiple loss
entries in the data set would require the
bank to model the dependence between
these losses. Judicious aggregation of
related losses within the data set (in this
example, aggregating all of the losses
caused by a single earthquake into one
loss entry) could satisfy some of the
expectations regarding dependence
modeling.
• The choice between a bottom-up or
a top-down modeling approach affects
how a bank accounts for dependence. A
bottom-up approach requires explicit
assumptions regarding dependence to
estimate operational risk exposure at the
bank-wide level. Top-down approaches
inherently mask dependence and, under
many circumstances, assume statistical
independence across business lines and
event types. To the extent a top-down
approach is used, a bank should ensure
that dependence within units of
measure is suitably reflected in the
operational risk exposure estimate.
• As with other areas of the
framework, assumptions regarding
dependence should be conservative
given the uncertainties surrounding
dependence modeling for operational
risk. The Agencies will closely review
frameworks that assume statistical
independence across loss events.
E. Risk Mitigation
S 29. The bank may adjust its
operational risk exposure results by no
more than 20 percent to reflect the
impact of operational risk mitigants. In
order to recognize the effects of risk
mitigants, management must estimate
its operational risk exposure with and
without their effects.
There are many mechanisms to
manage operational risk, including risk
transfer through risk mitigation
products. Because risk mitigation can be
an important element in limiting or
reducing operational risk exposure in a
E:\FR\FM\28FEN2.SGM
28FEN2
9180
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
bank, an adjustment that will directly
affect the amount of regulatory capital
that is held for operational risk is being
permitted. The adjustment is limited to
20 percent of the overall operational risk
exposure less any eligible operational
risk offsets.
In order to recognize the effects of risk
mitigants, the bank must calculate two
estimates of its operational risk
exposure. The first estimate should
include the effects of risk mitigants, in
addition to all other adjustments and
effects (for example, expected losses,
diversification, and qualitative
adjustments) that are to be reflected in
the risk-based capital requirement for
operational risk. The second estimate
should be identical to the first, except
that it should not reflect the effects of
risk mitigants. The first exposure
estimate should be used to calculate
risk-weighted assets for operational risk
(as described in the introduction to
Section V), provided that it is at least 80
percent of the second estimate. If the
first exposure estimate is less than 80
percent of the second estimate, then risk
weighted assets for operational risk
should be calculated as the second
exposure estimate multiplied by 0.8 and
by 12.5.
Currently, the primary risk mitigant
used for operational risk is insurance.
The industry has raised the possibility
that some securities products may be
developed to provide risk mitigation
benefits; however, to date no specific
products have emerged that have
characteristics sufficient to be
considered a capital replacement for
operational risk. However, as innovation
in this field continues, a bank may be
able to realize the benefits of risk
mitigation through certain capital
markets instruments with the approval
of their primary Federal supervisor.
For a bank that wishes to adjust its
regulatory capital requirement as a
result of the risk mitigating effect of
insurance, management must
demonstrate that the insurance policy:
• Has been provided by an
unaffiliated company that has a
minimum claims paying ability that is
rated in one of the three highest ratings
categories by a Nationally Recognized
Statistical Rating Organization
(NRSRO); 18
• Has an initial term of at least one
year and a residual term of more than
90 days;
18 Rating agencies may use slightly different
rating scales. For the purpose of this supervisory
guidance, the insurer must have a rating that is at
least the equivalent of an ‘‘A’’ under Standard and
Poor’s Insurer Financial Strength Ratings or an
‘‘A2’’ under Moody’s Insurance Financial Strength
Ratings.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
• Has a minimum notice period for
cancellation by the provider of 90 days;
• Has no exclusions or limitations
based upon regulatory action or for the
receiver or liquidator of a failed bank;
and
• Coverage has been explicitly
mapped to a potential operational loss
event.
Insurance policies that meet these
standards may be incorporated into a
bank’s adjustment for risk mitigation. A
bank should be conservative in its
recognition of such policies; for
example, the bank should demonstrate
that insurance policies used as the basis
for the adjustment have a history of
timely payouts. Banks must decrease the
amount of the adjustment if the
remaining term is less than one year.
The bank’s methodology for
incorporating the effects of insurance
must also capture, through appropriate
discounts to the amount of risk
mitigation, the residual term of the
policy, if the remaining term is less than
one year. In addition, the bank should
be able to show that the policy would
actually be used in the event of a loss
situation; that is, the deductible should
not be set so high that no loss would
ever conceivably exceed the deductible
threshold.
The Agencies do not specify how
banks should calculate the risk
mitigation adjustment. Nevertheless,
banks should use conservative
assumptions when calculating
adjustments. As the payout of a
particular policy varies over time and
depends upon the frequency and
severity of covered losses, calculation of
the adjustment should be embedded in
the analytical framework rather than
being an ex-post adjustment to the
quantified operational risk exposure
number. A bank should discount (i.e.,
apply its own estimates of haircuts) the
impact of insurance coverage to take
into account factors that may limit the
likelihood or size of claims payouts.
Among these factors are the remaining
term of a policy (for example, when it
is less than a year); the willingness and
ability of the insurer to pay on a claim
in a timely manner; the legal risk that
a claim may be disputed; and the
possibility that a policy can be
cancelled before the contractual
expiration.
F. Alternative Approaches for
Depository Institutions
The Agencies recognize that in certain
limited circumstances, there may not be
sufficient data available for a bank to
generate an AMA estimate of its own
operational risk exposure at the 99.9
percent confidence level. In these
PO 00000
Frm 00098
Fmt 4701
Sfmt 4703
circumstances, a bank may propose use
of an alternative operational risk
quantification system, subject to
approval by the bank’s primary Federal
supervisor. The Agencies are not
prescribing any estimation
methodologies for the alternative
approach. However, the Agencies expect
that use of an alternative approach will
occur on a very limited basis.
Furthermore, such approaches will not
be available at the bank holding
company level.
A bank proposing to use an
alternative operational risk
quantification system must submit a
proposal to its primary Federal
supervisor. In evaluating a bank’s
proposal, the primary supervisor will
review the bank’s justification in light
of:
• The bank’s size, complexity, and
risk profile; and
• Whether the proposed approach can
be supported empirically.
Additional areas that a primary
Federal supervisory may consider in its
evaluation of a proposal to use an
alternative approach include:
• The bank’s ability to establish that,
for data or other reasons, a stand-alone
AMA is not feasible or that it would not
result in a credible capital estimate;
• Whether capital levels using the
alternative approach are commensurate
with the bank’s operational risk profile;
• Whether the alternative approach is
sensitive to changes in the bank’s
operational risk profile; and
• Whether the proposed approach
allows for the bank’s board members to
fulfill their fiduciary responsibilities to
ensure that the bank is adequately
capitalized.
Furthermore, a bank using an
alternative operational risk
quantification system must meet the
regulatory requirements for the
establishment and use of operational
risk management, and data and
assessment systems.19
A bank proposing an alternative
approach that is based on an allocation
methodology should be aware of certain
limitations associated with the use of
such an approach. Specifically, the
agencies will not accept an allocation of
operational risk capital requirements
that includes non-depository
institutions or the benefits of
diversification across entities. The
exclusion of allocations that include
non-depository institutions is in
recognition that depositors and creditors
of a depository institution generally
19 See also Standards 1 through 22 for supervisory
guidance on risk management and data and
assessment systems.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
have no legal recourse to capital funds
that are not held by the depository
institution or its affiliate depository
institutions.20
G. Documentation of Operational Risk
Quantification Systems
sroberts on PROD1PC70 with NOTICES
S 30. The bank must document all
material aspects of its AMA System.
This documentation should include the
rationale for the development,
operation, and assumptions
underpinning its chosen analytical
framework, including the choice of
inputs, distributional assumptions, and
the weighting across qualitative and
quantitative elements.
Whatever analytical approach a bank
chooses, it must document all material
aspects of its AMA System. Generally,
the documentation should include: A
discussion of the bank’s modeling
philosophy; a ‘‘how to’’ guide that
would provide sufficient detail for an
independent party to substantially
replicate the capital calculation; and an
audit trail of any changes to the
framework’s assumptions. More
specifically, this documentation should:
• Provide an overview of the
analytical approach (for example,
description of the model(s) and/or
statistical technique(s) used, model
inputs and outputs, and steps taken to
ensure the integrity of the data used in
the estimation process).
• Identify how the different inputs
are combined and weighted to arrive at
the overall operational risk exposure so
that the analytical framework is
transparent.
• Demonstrate that the analytical
framework is comprehensive and
internally consistent. Comprehensive
and consistent means that all required
inputs are incorporated and
appropriately weighted and that there
are not overlaps or double counting.
• Identify the quantitative
assumptions embedded in the
methodology and provide explanations
for the choice and limitations of these
assumptions (for example, quantitative
assumptions include distributional
assumptions, and dependence
assumptions between operational losses
across and within business lines).
• Include where possible,
documentation of quantitative measures
of each assumption’s validity, based on
the relevant data elements (for example,
20 The cross-guarantee provision of the Federal
Deposit Insurance Act provides that a depository
institution is liable for any losses incurred by the
FDIC in connection with the failure of commonlycontrolled depository institutions. There are no
statutory provisions requiring cross-guarantees
between a depository institution and its nondepository institution affiliates.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
statistical goodness-of-fit tests should be
used to evaluate distributional
assumptions).
• Identify the qualitative assumptions
embedded in the methodology and
provide explanations for the choice of
these assumptions. (For example,
qualitative assumptions could include
the use of business environment and
internal control factor assessments,
scenario analysis, and business
judgment to derive dependence
assumptions).
• Provide results based on alternative
quantitative and qualitative
assumptions to gauge the overall
model’s sensitivity to these
assumptions.
• Identify all simplifying or
normalizing assumptions. (For example,
assumptions could include setting a
maximum cap on losses in order to
influence the shape of the severity
distribution or to normalize results at
specific units of measure for internal
capital purposes or prior to aggregation.
Assumptions should be consistent with
relevant loss data from both internal and
external sources).
• Provide results to assess the impact
of simplifying or normalizing
assumptions.
• Compare the operational risk
exposure estimate generated by the
analytical framework with actual loss
experience over time, to assess the
framework’s performance and the
reasonableness of its outputs.
• Identify all limitations of and
changes to assumptions, and provide
explanations for such changes.
• Include details and rationale for
establishing thresholds and their use.
• Include information on the
technical process underlying the
analytical approach (for example,
programming language(s) and software
used, logical process flow diagrams,
system or source of record for the data
elements, how outputs are used in
subsequent steps of the approach).
• Include technical change control
information relating to the analytical
approach (for example, a record of the
changes, the associated rationale for the
changes and the effects on the analytical
approach).
• Provide the results of an
independent verification and validation
of the analytical framework.
VI. Data Management and Maintenance
S 31. Banks using the AMA approach
for regulatory capital purposes must
have data management and
maintenance systems that adequately
support all aspects of an AMA System.
AMA data management systems must
support the requirements for the
PO 00000
Frm 00099
Fmt 4701
Sfmt 4703
9181
operational risk management, data and
assessment, and quantification
processes, as well as the verification and
validation mechanisms described in this
guidance. The precise data to be
collected will be determined by a bank’s
specific AMA System methodology.
A bank should have access to the key
data elements needed for operational
risk management, data and assessment,
and quantification. An important factor
in ensuring consistent reporting of the
data elements is the development of
comprehensive definitions for each data
element used by the bank for reporting
operational loss events or for the risk
assessment inputs. The data must be
stored in an electronic format to allow
for timely retrieval for analysis,
verification, validation, reporting, and
disclosure purposes.
While banks have substantial
flexibility in the design of their data
maintenance systems, data systems
should be of sufficient depth, scope, and
reliability to implement and evaluate
the AMA System. The systems should
be capable of:
• Identifying and tracking operational
risk loss events from initial discovery
through final resolution across all
business lines, including instances
where a loss event impacts multiple
business lines.
• Producing timely and accurate
internal and public reports on
operational risk data and assessment,
and quantification results, including
patterns revealed by loss data, scenario
analysis, and business environment and
internal control factor assessments. The
bank should also have sufficient data to
produce exception reports for
management (for example, a record of
and justification for omitted large loss
events).
• Supporting risk management
activities and providing access to data
management processes for all interested
parties, including audit.
In addition, the systems must be
capable of retaining sufficient data
elements related to key risk drivers to
permit adequate monitoring, validation,
and refinement of the bank’s AMA
System.
Banks should also be able to use the
data to identify patterns, track problem
areas and identify emerging risks. Such
data should include not only
operational loss event information, but
also information on business
environment and internal control factor
assessments, which are incorporated
into the operational risk exposure
calculation.
Since data are collected at different
stages of the risk management and
quantification process, and involve a
E:\FR\FM\28FEN2.SGM
28FEN2
9182
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
variety of groups and individuals, there
are potential challenges to ensuring the
quality of the data including:
• Retaining data over long
timeframes;
• Ensuring that data purchased from,
or maintained by, third parties meet the
bank’s standards; and
• Retaining sufficient data elements
and documentation of model
methodologies, parameter estimates and
assumptions to permit adequate ex-post
review of operational risk data.
Banks’ policies and controls should
address these potential data challenges.
Furthermore, for external data, banks
should seek reasonable assurance from
third-party providers concerning data
quality and integrity and a clear
understanding of the sources and
limitations of external data.
Management should identify those
responsible for maintaining the bank’s
data maintenance systems. In particular,
policies and processes should be
developed for delivering, storing,
retaining, and updating the data
warehouse. Policies and procedures
should also cover the edit checks for
data input functions. Like other areas of
the AMA System, it is critical that
management ensure accountability for
ongoing data maintenance, as this will
impact operational risk management
and measurement efforts.
VII. Verification and Validation
S 32. The bank must validate, on an
ongoing basis, its AMA system. The
bank’s validation process must be
independent of the AMA System’s
development, implementation, and
operation, or the validation process
must be subject to an independent
review of its adequacy and
effectiveness.
Bank policies and procedures should
clearly differentiate the roles and
responsibilities of the independent
verification and validation functions.
Verification of the bank’s AMA System
typically encompasses internal and
external audit activities. More
specifically, verification includes the
work done to test and verify that the
policies, procedures, and processes that
make up the bank’s AMA System are
working effectively and as intended. In
addition, the verification function also
ensures that validation of AMA models
was completed in accordance with the
bank’s validation policy. Validation,
often performed by non-audit staff,
includes the processes the bank uses to
test and assess the accuracy and
integrity of models being used to
quantify operational risk exposure and
risk-based capital for operational risk.
The primary Federal supervisor will
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
consider, whenever possible, the work
performed by the bank’s verification and
validation functions when assessing the
bank’s AMA System.
Banks may use independent and
qualified internal (for example, internal
audit, and quality assurance) or external
parties to perform verification and
validation. The verification and
validation functions should annually
assess and report to the board of
directors on the adequacy of the overall
AMA System. This assessment should
include the review of both the accuracy
and integrity of the AMA System,
control elements, as well as the scope
and effectiveness of operational risk
reporting. The verification and
validation functions should also review
reporting processes to ensure the
timeliness, accuracy, and
comprehensiveness of operational risk
reporting systems, both at the firm-wide
and the line of business levels. Other
areas of assessment include, but are not
limited to:
• Organizational structure,
governance, and oversight;
• Internal and external data sources,
collection processes, and repositories;
• Scenario analysis;
• Reporting and MIS;
• Business environment and internal
control factor assessments;
• Quantification methodology and
assumptions, including a review of the
integrity of the operational risk
exposure calculation; and
• Compliance with internal standards
for validation of the models used to
quantify operational risk exposure.
Banks should have a formal written
validation process that documents the
development of risk quantification
models and assures model accuracy,
whether developed internally or
externally. The validation process
should address model documentation,
data sources, model assumptions,
coding and mathematical computations,
conceptual soundness of the approach,
comparison of estimates to results of
alternative quantitative and qualitative
models, model performance evaluation,
and out-of-sample testing. The
validation process must also require the
bank to periodically stress test its
quantitative and qualitative models.
Stress testing must include a
consideration of how economic cycles,
especially downturns, affect the bank’s
operational risk-based capital
requirement. Technically competent
individuals who are independent of the
development, implementation, or
operation of the model should perform
validation. These individuals may or
may not be a part of the internal audit
function. If validation is done by
PO 00000
Frm 00100
Fmt 4701
Sfmt 4703
internal audit, staff performing the
validation of bank models should not
participate in the verification of the
validation process.
Validation of operational risk models
should include review of:
• Adjustments to empirical
operational risk capital estimates,
including operational risk exposure;
• On-going monitoring processes that
include verification of processes and
benchmarking;
• Outcome analysis processes that
includes model performance evaluation
and out-of-sample testing;
• The operational risk models’
conceptual soundness and underlying
assumptions;
• Assumptions underlying
operational risk exposure, data decision
models, and the risk-based capital
requirement for operational risk;
• Stress testing, robustness, and
sensitivity analysis, as appropriate; and
• The sufficiency of the
documentation pertaining to the
analytical approach and of the change
control process, including a review of
the historical record of changes and
associated rationale.
Appropriate reports summarizing the
results of independent verification and
validation of the bank’s AMA System,
including associated models, should be
provided to the board of directors and
appropriate management. The board of
directors should ensure that senior
management initiates timely corrective
action where necessary.
The bank may determine the scope of
its annual assessment, and the
frequency of specific verification and
validation work, based on risk-based
auditing principles. The extent of
verification of individual components of
the bank’s AMA System may be based
on a risk assessment of the overall
system, which identifies key processes,
controls, activities, and assumptions.
All material components of a bank’s
AMA System should be assessed and
tested (as appropriate) at least annually,
with the remaining components tested
consistent with risk-based auditing and
testing principles. Documentation of the
verification and validation program
should support the scope and frequency
of work performed.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
Appendix A—The NPR Qualification
Requirements, Risk-Weighted Assets for
Operational Risk, and Disclosure
Requirements
Part III. Qualification
Section 22. Qualification
Requirements 21
sroberts on PROD1PC70 with NOTICES
(a) Process and systems requirements.
(1) A [bank] 22 must have a rigorous
process for assessing its overall capital
adequacy in relation to its risk profile
and a comprehensive strategy for
maintaining an appropriate level of
capital.
(2) The systems and processes used by
a [bank] for risk-based capital purposes
under this appendix must be consistent
with the [bank]’s internal risk
management processes and management
information reporting systems.
(3) Each [bank] must have an
appropriate infrastructure with risk
measurement and management
processes that meet the qualification
requirements of this section and are
appropriate given the [bank]’s size and
level of complexity. Regardless of
whether the systems and models that
generate the risk parameters necessary
for calculating a [bank]’s risk-based
capital requirements are located at any
affiliate of the [bank], the [bank] itself
must ensure that the risk parameters
and reference data used to determine its
risk-based capital requirements are
representative of its own credit risk and
operational risk exposures.
—Text omitted—
(h) Operational risk—(1) Operational
risk management processes. A [bank]
must:
(i) Have an operational risk
management function that:
(A) Is independent of business line
management; and
(B) Is responsible for designing,
implementing, and overseeing the
[bank]’s operational risk data and
assessment systems, operational risk
quantification systems, and related
processes;
(ii) Have and document a process to
identify, measure, monitor, and control
operational risk in [bank] products,
activities, processes, and systems
(which process must capture business
environment and internal control factors
affecting the [bank]’s operational risk
profile); and
(iii) Report operational risk exposures,
operational loss events, and other
21 71
FR 55922 through 55924 (Sept. 25, 2006).
simplicity, and unless otherwise noted, the
NPR uses the term [bank] to include banks, savings
associations, and bank holding companies.
[AGENCY] refers to the primary Federal supervisor
of the bank applying the rules.
22 For
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
relevant operational risk information to
business unit management, senior
management, and the board of directors
(or a designated committee of the
board).
(2) Operational risk data and
assessment systems. A [bank] must have
operational risk data and assessment
systems that capture operational risks to
which the [bank] is exposed. The
[bank]’s operational risk data and
assessment systems must:
(i) Be structured in a manner
consistent with the [bank]’s current
business activities, risk profile,
technological processes, and risk
management processes; and
(ii) Include credible, transparent,
systematic, and verifiable processes that
incorporate the following elements on
an ongoing basis:
(A) Internal operational loss event
data. The [bank] must have a systematic
process for capturing and using internal
operational loss event data in its
operational risk data and assessment
systems.
(1) The [bank]’s operational risk data
and assessment systems must include a
historical observation period of at least
five years for internal operational loss
event data (or such shorter period
approved by [AGENCY] to address
transitional situations, such as
integrating a new business line).
(2) The [bank] may refrain from
collecting internal operational loss
event data for individual operational
losses below established dollar
threshold amounts if the [bank] can
demonstrate to the satisfaction of the
[AGENCY] that the thresholds are
reasonable, do not exclude important
internal operational loss event data, and
permit the [bank] to capture
substantially all the dollar value of the
[bank]’s operational losses.
(B) External operational loss event
data. The [bank] must have a systematic
process for determining its
methodologies for incorporating
external operational loss data into its
operational risk data and assessment
systems.
(C) Scenario analysis. The [bank]
must have a systematic process for
determining its methodologies for
incorporating scenario analysis into its
operational risk data and assessment
systems.
(D) Business environment and
internal control factors. The [bank] must
incorporate business environment and
internal control factors into its
operational risk data and assessment
systems. The [bank] must also
periodically compare the results of its
prior business environment and internal
control factor assessments against its
PO 00000
Frm 00101
Fmt 4701
Sfmt 4703
9183
actual operational losses incurred in the
intervening period.
(3) Operational risk quantification
systems. (i) The [bank]’s operational risk
quantification systems:
(A) Must generate estimates of the
[bank]’s operational risk exposure using
its operational risk data and assessment
systems; and
(B) Must employ a unit of measure
that is appropriate for the [bank]’s range
of business activities and the variety of
operational loss events to which it is
exposed, and that does not combine
business activities or operational loss
events with different risk profiles within
the same loss distribution.
(C) May use internal estimates of
dependence among operational losses
within and across business lines and
operational loss events if the [bank] can
demonstrate to the satisfaction of
[AGENCY] that its process for
estimating dependence is sound, robust
to a variety of scenarios, and
implemented with integrity, and allows
for the uncertainty surrounding the
estimates. If the [bank] has not made
such a demonstration, it must sum
operational risk exposure estimates
across units of measure to calculate its
total operational risk exposure.
(D) Must be reviewed and updated (as
appropriate) whenever the [bank]
becomes aware of information that may
have a material effect on the [bank]’s
estimate of operational risk exposure,
but no less frequently than annually.
(ii) With the prior written approval of
[AGENCY], a [bank] may generate an
estimate of its operational risk exposure
using an alternative approach to that
specified in paragraph (h)(3)(i) of this
section. A [bank] proposing to use such
an alternative operational risk
quantification system must submit a
proposal to [AGENCY]. In considering a
[bank]’s proposal to use an alternative
operational risk quantification system,
[AGENCY] will consider the following
principles:
(A) Use of the alternative operational
risk quantification system will be
allowed only on an exception basis,
considering the size, complexity, and
risk profile of a [bank];
(B) The [bank] must demonstrate that
its estimate of its operational risk
exposure generated under the
alternative operational risk
quantification system is appropriate and
can be supported empirically; and
(C) A [bank] must not use an
allocation of operational risk capital
requirements that includes entities other
than depository institutions or the
benefits of diversification across
entities.
E:\FR\FM\28FEN2.SGM
28FEN2
9184
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
(i) Data management and
maintenance. (1) A [bank] must have
data management and maintenance
systems that adequately support all
aspects of its advanced systems and the
timely and accurate reporting of riskbased capital requirements.
(2) A [bank] must retain data using an
electronic format that allows timely
retrieval of data for analysis, validation,
reporting, and disclosure purposes.
(3) A [bank] must retain sufficient
data elements related to key risk drivers
to permit adequate monitoring,
validation, and refinement of its
advanced systems.
(j) Control, oversight, and validation
mechanisms. (1) The [bank]’s senior
management must ensure that all
components of the [bank]’s advanced
systems function effectively and comply
with the qualification requirements in
this section.
(2) The [bank]’s board of directors (or
a designated committee of the board)
must at least annually evaluate the
effectiveness of, and approve, the
[bank]’s advanced systems.
(3) A [bank] must have an effective
system of controls and oversight that:
(i) Ensures ongoing compliance with
the qualification requirements in this
section;
(ii) Maintains the integrity, reliability,
and accuracy of the [bank]’s advanced
systems; and
(iii) Includes adequate governance
and project management processes.
(4) The [bank] must validate, on an
ongoing basis, its advanced systems.
The [bank]’s validation process must be
independent of the advanced systems’
development, implementation, and
operation, or the validation process
must be subjected to an independent
review of its adequacy and
effectiveness. Validation must include:
(i) The evaluation of the conceptual
soundness of (including developmental
evidence supporting) the advanced
systems;
(ii) An on-going monitoring process
that includes verification of processes
and benchmarking; and
(iii) An outcomes analysis process
that includes back-testing.
(5) The [bank] must have an internal
audit function independent of businessline management that at least annually
assesses the effectiveness of the controls
supporting the [bank]’s advanced
systems and reports its findings to the
23 71
24 71
FR 55946 through 55947 (Sept. 25, 2006).
FR 55947 and 55952 (Sept. 25, 2006).
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
[bank]’s board of directors (or a
committee thereof).
(6) The [bank] must periodically stress
test its advanced systems. The stress
testing must include a consideration of
how economic cycles, especially
downturns, affect risk-based capital
requirements (including migration
across rating grades and segments and
the credit risk mitigation benefits of
double default treatment).
(k) Documentation. The [bank] must
adequately document all material
aspects of its advanced systems.
—Text omitted—
Part VII. Risk-Weighted Assets for
Operational Risk
Section 61. Qualification Requirements
for Incorporation of Operational Risk
Mitigants 23
(a) Qualification to use operational
risk mitigants. A [bank] may adjust its
estimate of operational risk exposure to
reflect qualifying operational risk
mitigants if:
(1) The [bank]’s operational risk
quantification system is able to generate
an estimate of the [bank]’s operational
risk exposure (which does not
incorporate qualifying operational risk
mitigants) and an estimate of the
[bank]’s operational risk exposure
adjusted to incorporate qualifying
operational risk mitigants; and
(2) The [bank]’s methodology for
incorporating the effects of insurance, if
the [bank] uses insurance as an
operational risk mitigant, captures
through appropriate discounts to the
amount of risk mitigation:
(i) The residual term of the policy,
where less than one year;
(ii) The cancellation terms of the
policy, where less than one year;
(iii) The policy’s timeliness of
payment;
(iv) The uncertainty of payment by
the provider of the policy; and
(v) Mismatches in coverage between
the policy and the hedged operational
loss event.
(b) Qualifying operational risk
mitigants. Qualifying operational risk
mitigants are:
(1) Insurance that:
(i) Is provided by an unaffiliated
company that has a claims payment
ability that is rated in one of the three
highest rating categories by a NRSRO;
(ii) Has an initial term of at least one
year and a residual term of more than
90 days;
(iii) Has a minimum notice period for
cancellation by the provider of 90 days;
(iv) Has no exclusions or limitations
based upon regulatory action or for the
receiver or liquidator of a failed
depository institution; and
(v) Is explicitly mapped to a potential
operational loss event; and
(2) Operational risk mitigants other
than insurance for which the [AGENCY]
has given prior written approval. In
evaluating an operational risk mitigant
other than insurance, [AGENCY] will
consider whether the operational risk
mitigant covers potential operational
losses in a manner equivalent to holding
regulatory capital.
Section 62. Mechanics of Risk-Weighted
Asset Calculation
(a) If a [bank] does not qualify to use
or does not have qualifying operational
risk mitigants, the [bank]’s dollar riskbased capital requirement for
operational risk is its operational risk
exposure minus eligible operational risk
offsets (if any).
(b) If a [bank] qualifies to use
operational risk mitigants and has
qualifying operational risk mitigants,
the [bank]’s dollar risk-based capital
requirement for operational risk is the
greater of:
(1) The [bank]’s operational risk
exposure adjusted for qualifying
operational risk mitigants minus eligible
operational risk offsets (if any); or
(2) 0.8 multiplied by the difference
between:
(i) The [bank]’s operational risk
exposure; and
(ii) Eligible operational risk offsets (if
any).
(c) The [bank]’s risk-weighted asset
amount for operational risk equals the
[bank]’s dollar risk-based capital
requirement for operational risk
determined under paragraph (a) or (b) of
this section multiplied by 12.5.
Part VIII. Disclosure
Section 71. Disclosure Requirements 24
(a) Each [bank] must publicly disclose
each quarter its total and tier 1 riskbased capital ratios and their
components (that is, tier 1 capital, tier
2 capital, total qualifying capital, and
total risk-weighted assets).25
[Disclosure paragraph (b)]
[Disclosure paragraph (c)]
—Text omitted—
25 Other public disclosure requirements continue
to apply—for example, Federal securities law and
regulatory reporting requirements.
PO 00000
Frm 00102
Fmt 4701
Sfmt 4703
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
9185
TABLE 11.9—OPERATIONAL RISK
Qualitative disclosures ............................
(a) ..........................
(b) ..........................
(c) ..........................
sroberts on PROD1PC70 with NOTICES
Appendix B—Supervisory Standards
S 1. The bank’s AMA System must
include an operational risk management
function and audit function that are
independent of business line
management. The operational risk
management function should address
operational risk on a firm-wide basis.
S 2. The bank must have and
document a process that clearly
describes its AMA System, including
how the bank identifies, measures,
monitors, and controls operational risk.
S 3. The bank must maintain effective
internal controls supporting its AMA
System.
S 4. The bank must ensure that an
effective framework is in place to
identify, measure, monitor, and control
operational risk, and to accurately
compute the bank’s operational risk
component of the bank’s risk-based
capital requirement. The board of
directors must at least annually evaluate
the effectiveness of, and approve, the
bank’s AMA System, including the
strength of the bank’s control
infrastructure.
S 5. The board of directors and
management should ensure that the
bank’s operational risk management,
data and assessment, and quantification
processes are appropriately integrated
into the bank’s existing risk
management and decision-making
processes and that there are adequate
resources to support these processes
throughout the bank.
S 6. The bank must have a firm-wide
operational risk management function
that oversees the AMA System and is
independent of business line
management. The operational risk
management function is also
responsible for the development of
operational risk data and assessment
systems, operational risk quantification
systems, and related processes
throughout the bank.
S 7. The firm-wide operational risk
management function should ensure
adequate analysis and reporting of
operational risk information. The
function should also develop and report
on the firm-wide operational risk
profile.
S 8. Line of business management is
responsible for ensuring appropriate
day-to-day management of the
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
The general qualitative disclosure requirement for operational risk.
Description of the AMA, including a discussion of relevant internal and external
factors considered in the bank holding company’s measurement approach.
A description of the use of insurance for the purpose of mitigating operational
risk.
operational risks within its business
unit.
S 9. Line of business management
should ensure that internal controls and
practices within its business unit are
consistent with firm-wide policies,
processes, and procedures.
S 10. The board of directors and
senior management must receive reports
on operational risk exposure,
operational risk loss events, and other
relevant operational risk information.
The reports should include information
regarding firm-wide and business line
risk profiles, loss experience, and
relevant business environment and
internal control factor assessments.
These reports should be received
quarterly.
S 11. The bank must have a
systematic process for incorporating
internal loss event data, external loss
event data, scenario analyses, and
assessments of its business environment
and internal controls factors to support
both its operational risk management
and measurement framework, as well as
its calculation of the bank’s operational
risk component of its risk-based capital
requirement.
S 12. The bank must use the
regulatory definition of operational risk
when assessing the operational risks to
which the bank is exposed in order to
calculate its risk-based capital
requirement for operational risk. The
bank should have clear standards for the
collection and modification of all four
elements in the operational risk data
and assessment systems that support its
AMA System.
S 13. The bank must have a historical
observation period of at least five years
for internal operational loss event data.
A shorter period may be approved by
the primary Federal supervisor to
address transitional situations, such as
integrating a new business line. Internal
data should be captured across all
business lines, corporate functions,
events, product types, and geographic
locations. The bank must have a
systematic process for capturing and
using internal operational loss event
data in its operational risk data and
assessment systems.
S 14. The bank should be able to map
internal operational losses to the seven
operational loss-event categories.
PO 00000
Frm 00103
Fmt 4701
Sfmt 4703
S 15. The bank should have a policy
that identifies when an operational loss
is recognized and should be added to
the loss event database. The policy
should provide for consistent treatment
across the bank.
S 16. The bank may establish
appropriate internal operational loss
event data thresholds and, if so, must
demonstrate the appropriateness of such
thresholds.
S 17. The bank should have a clear
policy that allows for the consistent
treatment of loss event classifications
(for example, credit, market, or
operational loss events) across the
organization.
S 18. The bank must have a
systematic process for determining how
external loss data will be incorporated
into its operational risk data and
assessment systems.
S 19. The bank should systematically
review external data to ensure an
understanding of industry operational
loss experience.
S 20. The bank must have a
systematic process for determining how
scenario analysis will be incorporated
into its operational risk data and
assessment systems. S 21. The bank
must incorporate business environment
and internal control factors into the
bank’s operational risk data and
assessment systems.
S 22. The bank must periodically
compare the results of its business
environment and internal control factor
assessments against the bank’s actual
operational risk loss experience.
S 23. The bank must have an
operational risk quantification system
that provides an estimate of the bank’s
operational risk exposure.
S 24. The bank’s operational risk
quantification system must use a
combination of internal operational loss
event data, relevant external operational
loss event data, business environment
and internal control factor assessments,
and scenario analysis results. The bank
should combine these elements in a
manner that most effectively enables it
to quantify its operational risk exposure.
The bank should choose the analytical
framework that is most appropriate to
its business model.
S 25. The bank must review and
update its operational risk
quantification system whenever it
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9186
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
becomes aware of information that may
have a material effect on the bank’s
estimate of operational risk exposure or
risk-based capital requirement for
operational risk, but no less frequently
than annually. A complete review and
recalculation of the bank’s
quantification system, including all
modeling inputs and assumptions, must
be done at least annually.
S 26. In calculating the risk-based
capital requirement for operational risk,
management may deduct certain eligible
operational risk offsets from its estimate
of operational risk exposure. To the
extent that these offsets do not fully
cover expected operational loss (EOL),
the bank’s risk-based capital
requirement for operational risk must
incorporate the shortfall. Eligible
operational risk offsets may only be
used to offset EOL, not UOL.
S 27. The bank must employ a unit of
measure that is appropriate for the
bank’s range of business activities and
the variety of operational loss events to
which it is exposed, and that does not
combine business activities or
operational loss events with different
risk profiles within the same loss
distribution.
S 28. The bank may use internal
estimates of dependence among
operational losses within and across
business lines and operational loss
events if the bank can demonstrate to
the satisfaction of its primary Federal
supervisor that the bank’s process for
estimating dependence is sound, robust
to a variety of scenarios, and
implemented with integrity, and allows
for uncertainty surrounding the
estimates. If the bank has not made such
a demonstration, it must sum
operational risk exposure estimates
across units of measures to calculate its
total operational risk exposure.
S 29. The bank may adjust its
operational risk exposure results by no
more than 20 percent to reflect the
impact of operational risk mitigants. In
order to recognize the effects of risk
mitigants, management must estimate
its operational risk exposure with and
without their effects.
S 30. The bank must document all
material aspects of its AMA System.
This documentation should include the
rationale for the development,
operation, and assumptions
underpinning its chosen analytical
framework, including the choice of
inputs, distributional assumptions, and
the weighting across qualitative and
quantitative elements.
S 31. Banks using the AMA approach
for regulatory capital purposes must
have data management and maintenance
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
systems that adequately support all
aspects of an AMA System.
S 32. The bank must validate, on an
ongoing basis, its AMA system. The
bank’s validation process must be
independent of the AMA System’s
development, implementation, and
operation, or the validation process
must be subject to an independent
review of its adequacy and
effectiveness.
Appendix C—The NPR Qualification
Process
Part III. Qualification
Section 21. Qualification Process 26
(a) Timing. (1) A [bank] 27 that is
described in paragraph (b)(1) of section
1 must adopt a written implementation
plan no later than six months after the
later of the effective date of this
appendix or the date the [bank] meets a
criterion in that section. The plan must
incorporate an explicit first floor period
start date no later than 36 months after
the later of the effective date of this
appendix or the date the [bank] meets at
least one criterion under paragraph
(b)(1) of section 1. [AGENCY] may
extend the first floor period start date.
(2) A [bank] that elects to be subject
to this appendix under paragraph (b)(2)
of section 1 must adopt a written
implementation plan and notify the
[AGENCY] in writing of its intent at
least 12 months before it proposes to
begin its first floor period.
(b) Implementation plan. The [bank]’s
implementation plan must address in
detail how the [bank] complies, or plans
to comply, with the qualification
requirements in section 22. The [bank]
also must maintain a comprehensive
and sound planning and governance
process to oversee the implementation
efforts described in the plan. At a
minimum, the plan must:
(1) Comprehensively address the
qualification requirements in section 22
for the [bank] and each consolidated
subsidiary (U.S. and foreign-based) of
the [bank] with respect to all portfolios
and exposures of the [bank] and each of
its consolidated subsidiaries;
(2) Justify and support any proposed
temporary or permanent exclusion of
26 71
FR 55921 through 55922 (Sept. 25, 2006).
simplicity, and unless otherwise noted, the
NPR uses the term [bank] to include banks, savings
associations, and bank holding companies.
[AGENCY] refers to the primary Federal supervisor
of the bank applying the rules. In addition, the text
in Appendix C refers often to an ‘appendix.’ Use of
‘appendix’ within the text refers to where the NPR
rule text will be inserted within each Agency’s
capital adequacy regulation. The ‘appendix’ is titled
‘‘Capital Adequacy Guidelines for [Bank]s: InternalRatings-Based and Advanced Measurement
Approaches.’’
27 For
PO 00000
Frm 00104
Fmt 4701
Sfmt 4703
business lines, portfolios, or exposures
from application of the advanced
approaches in this appendix (which
business lines, portfolios, and exposures
must be, in the aggregate, immaterial to
the [bank]);
(3) Include the [bank]’s selfassessment of:
(i) The [bank]’s current status in
meeting the qualification requirements
in section 22; and
(ii) The consistency of the [bank]’s
current practices with the [AGENCY]’s
supervisory guidance on the
qualification requirements;
(4) Based on the [bank]’s selfassessment, identify and describe the
areas in which the [bank] proposes to
undertake additional work to comply
with the qualification requirements in
section 22 or to improve the consistency
of the [bank]’s current practices with the
[AGENCY]’s supervisory guidance on
the qualification requirements (gap
analysis);
(5) Describe what specific actions the
[bank] will take to address the areas
identified in the gap analysis required
by paragraph (b)(4) of this section;
(6) Identify objective, measurable
milestones, including delivery dates and
a date when the [bank]’s
implementation of the methodologies
described in this appendix will be fully
operational;
(7) Describe resources that have been
budgeted and are available to
implement the plan; and
(8) Receive board of directors
approval.
(c) Parallel run. Before determining its
risk-based capital requirements under
this appendix and following adoption of
the implementation plan, the [bank]
must conduct a satisfactory parallel run.
A satisfactory parallel run is a period of
no less than four consecutive calendar
quarters during which the [bank]
complies with all of the qualification
requirements in section 22 to the
satisfaction of [AGENCY]. During the
parallel run, the [bank] must report to
the [AGENCY] on a calendar quarterly
basis its risk-based capital ratios using
[the general risk-based capital rules] and
the risk-based capital requirements
described in this appendix. During this
period, the [bank] is subject to [the
general risk-based capital rules].
(d) Approval to calculate risk-based
capital requirements under this
appendix. The [AGENCY] will notify
the [bank] of the date that the [bank]
may begin its first floor period following
a determination by the [AGENCY] that:
(1) The [bank] fully complies with the
qualification requirements in section 22;
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
(2) The [bank] has conducted a
satisfactory parallel run under
paragraph (c) of this section; and
(3) The [bank] has an adequate
process to ensure ongoing compliance
with the qualification requirements in
section 22.
(e) Transitional floor periods.
Following a satisfactory parallel run, a
[bank] is subject to three transitional
floor periods.
(1) Risk-based capital ratios during
the transitional floor periods—(i) Tier 1
risk-based capital ratio. During a
[bank]’s transitional floor periods, a
[bank]’s tier 1 risk-based capital ratio is
equal to the lower of:
(A) The [bank]’s floor-adjusted tier 1
risk-based capital ratio; or
(B) The [bank]’s advanced approaches
tier 1 risk-based capital ratio.
(ii) Total risk-based capital ratio.
During a [bank]’s transitional floor
periods, a [bank]’s total risk-based
capital ratio is equal to the lower of:
(A) The [bank]’s floor-adjusted total
risk-based capital ratio; or
(B) The [bank]’s advanced approaches
total risk-based capital ratio.
(2) Floor-adjusted risk-based capital
ratios. (i) A [bank]’s floor-adjusted tier 1
risk-based capital ratio during a
transitional floor period is equal to the
[bank]’s tier 1 capital as calculated
under [the general risk-based capital
rules], divided by the product of:
(A) The [bank]’s total risk-weighted
assets as calculated under [the general
risk-based capital rules]; and
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
(B) The appropriate transitional floor
percentage in Table 1.
(ii) A [bank]’s floor-adjusted total riskbased capital ratio during a transitional
floor period is equal to the sum of the
[bank]’s tier 1 and tier 2 capital as
calculated under [the general risk-based
capital rules], divided by the product of:
(A) The [bank]’s total risk-weighted
assets as calculated under [the general
risk-based capital rules]; and
(B) The appropriate transitional floor
percentage in Table 1.
(iii) A [bank] that meets the criteria in
paragraph (b)(1) or (b)(2) of section 1 as
of the effective date of this rule must use
[the general risk-based capital rules]
effective immediately before this rule
became effective during the parallel run
and as the basis for its transitional
floors.
TABLE 1.—TRANSITIONAL FLOORS
Transitional floor period
First floor period ...................
Second floor period ..............
Third floor period ..................
Transitional
floor
percentage
95
90
85
(3) Advanced approaches risk-based
capital ratios. (i) A [bank]’s advanced
approaches tier 1 risk-based capital ratio
equals the [bank]’s tier 1 risk-based
capital ratio as calculated under this
appendix (other than this section on
transitional floor periods).
PO 00000
Frm 00105
Fmt 4701
Sfmt 4703
9187
(ii) A [bank]’s advanced approaches
total risk-based capital ratio equals the
[bank]’s total risk-based capital ratio as
calculated under this appendix (other
than this section on transitional floor
periods).
(4) Reporting. During the transitional
floor periods, a [bank] must report to the
[AGENCY] on a calendar quarterly basis
both floor-adjusted risk-based capital
ratios and both advanced approaches
risk-based capital ratios.
(5) Exiting a transitional floor period.
A [bank] may not exit a transitional
floor period until the [bank] has spent
a minimum of four consecutive calendar
quarters in the period and the
[AGENCY] has determined that the
[bank] may exit the floor period. The
[AGENCY]’s determination will be
based on an assessment of the [bank]’s
ongoing compliance with the
qualification requirements in section 22.
Appendix D—Basel II Operational Risk
Information Collection Templates
(Schedule V) 28
BILLING CODES 4810–33–P, 6210–01–P, 6714–01–P,
6720–01–P
28 Notices of Proposed Rulemaking and Proposed
Agency Information Collections—Requests for
Comments were published in the Federal Register
for comment on September 25, 2006 (71 FR 55981
through 55986). The Notices contained Basel II
information collection templates, including a
template for operational risk that is included in this
Appendix.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
BILLING CODES 4810–33–C, 6210–01–C, 6714–01–C,
6720–01–C
VerDate Aug<31>2005
17:01 Feb 27, 2007
Jkt 211001
PO 00000
Frm 00106
Fmt 4701
Sfmt 4703
E:\FR\FM\28FEN2.SGM
28FEN2
EN28FE07.037</GPH>
sroberts on PROD1PC70 with NOTICES
9188
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
9189
OPERATIONAL RISK—DEFINITIONS
Business environment and internal control factors.
Dependence ........................................................
Eligible operational risk offsets ...........................
Expected operational loss (EOL) ........................
Frequency distribution .........................................
Operational loss event ........................................
Operational risk ...................................................
Operational risk exposure ...................................
Risk mitigants (e.g., insurance) ...........................
Scenario analysis ................................................
Severity distribution .............................................
Unexpected operational loss (UOL) ....................
Unit of measure ...................................................
The indicators of a bank’s operational risk profile that reflect a current and forward-looking assessment of the bank’s underlying business risk factors and internal control environment.
A measure of the association among operational losses across and within business lines and
operational loss event types.
Amounts, not to exceed expected operational loss, that: (1) Are generated by internal business practices to absorb highly predictable and reasonably stable operational losses, including reserves calculated consistent with GAAP; and (2) are available to cover expected operational losses with a high degree of certainty over a one-year horizon.
The expected value of the distribution of potential aggregate operational losses, as generated
by the bank’s operational risk quantification system using a one-year horizon.
Statistical distribution used to calculate the frequency of losses.
An event that results in loss and is associated with internal fraud; external fraud; employment
practices and workplace safety; clients, products, and business practices; damage to physical assets; business disruption and system failures; or execution, delivery, and process
management.
The risk of loss resulting from inadequate or failed internal processes, people, and systems or
from external events (including legal risk but excluding strategic and reputational risk).
The 99.9th percentile of the distribution of potential aggregate operational losses, as generated by the bank’s operational risk quantification system over a one-year horizon (and not
incorporating eligible operational risk offsets or qualifying operational risk mitigants).
A contractual arrangement whose primary purpose is to transfer risk to a third party.
A systematic process of obtaining expert opinions from business managers and risk management experts to derive reasoned assessments of the likelihood and loss impact of plausible
high-severity operational losses.
Statistical distribution used to calculate the severity of losses.
The difference between the bank’s operational risk exposure and the bank’s expected operational loss.
The level (for example, organizational unit or operational loss event type) at which the bank’s
operational risk quantification system generates a separate distribution of potential operational losses.
Appendix E—Operational Loss Event
Types and Examples
Internal fraud .......................................................
External fraud ......................................................
Employment practices and workplace safety ......
Clients, products, and business practices ..........
Damage to physical assets .................................
Business disruption and system failures .............
Execution, delivery, and process management ..
Proposed Supervisory Guidance on the
Supervisory Review Process (PILLAR
2).
sroberts on PROD1PC70 with NOTICES
1. This guidance supplements the
notice of proposed rulemaking (NPR)
published jointly by the U.S. Federal
banking agencies 1 in the Federal
Register on September 25, 2006.2 The
NPR proposes the implementation of a
New Advanced Capital Adequacy
Framework (U.S. Advanced Framework)
encompassing three pillars:
1 The Federal banking agencies are: The Board of
Governors of the Federal Reserve System; the
Federal Deposit Insurance Corporation; the Office of
the Comptroller of the Currency; and the Office of
Thrift Supervision; and will collectively be referred
to as ‘‘the agencies,’’ ‘‘supervisors,’’ or ‘‘regulators’’
in this guidance.
2 71 FR 55830 (Sept. 25, 2006).
VerDate Aug<31>2005
17:01 Feb 27, 2007
Jkt 211001
Employee theft, intentional misreporting of positions, and insider trading on an employee’s
own account.
Robbery, forgery, and check kiting.
Workers’ compensation and discrimination claims, violation of employee health and safety
rules, and general liability.
Fiduciary breaches, misuse of confidential customer information, money laundering, and sale
of unauthorized products.
Terrorism, vandalism, earthquakes, fires, and floods.
Hardware and software failures, telecommunication problems, and utility outages.
Data entry errors, collateral management failures, incomplete legal documentation, and vendor
disputes.
• Minimum risk-based regulatory
capital requirements (Pillar 1);
• Supervisory review (Pillar 2); and
• Market discipline through
enhanced public disclosures (Pillar 3).
The regulatory capital requirements in
Pillar 1 of the U.S. Advanced
Framework would apply to credit risk
and operational risk.3
2. This document addresses the
process for supervisory review in the
proposed U.S. Advanced Framework.
Supervisory review as described in this
guidance covers three main areas:
3 Some banks may be subject to both the U.S.
Advanced Framework and the revised Market Risk
Capital Rule, as published in the Federal Register
on September 25, 2006 (71 FR 55958). If so, the
requirement for banks to conduct an internal
assessment of capital adequacy for market risk in
the revised Market Risk Capital Rule could be
satisfied by the requirement for banks to have a
comprehensive internal capital adequacy
assessment (covering all risk types) under the U.S.
Advanced Framework. Additionally, banks subject
only to the revised Market Risk Capital Rule would
• Internal capital adequacy
assessment process (ICAAP).
PO 00000
Frm 00107
Fmt 4701
Sfmt 4703
• Comprehensive supervisory
assessment of capital adequacy;
• compliance with regulatory capital
requirements;
not need to conduct a comprehensive internal
capital adequacy assessment covering all risk types,
but only an internal assessment for market risk of
covered positions as defined in the revised Market
Risk Capital Rule.
E:\FR\FM\28FEN2.SGM
28FEN2
9190
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
3. The process of supervisory review
described in this document reflects a
continuation of the longstanding
approach employed by the agencies in
their supervision of banking
institutions. However, the new methods
proposed for calculating regulatory
capital requirements in the U.S.
Advanced Framework affect certain
aspects of supervisory review. Thus,
this guidance highlights areas of
existing supervisory review that are
being augmented or more clearly
defined to support implementation of
the U.S. Advanced Framework. It
applies only to those banks calculating
U.S. regulatory capital requirements
under that framework, and not to banks
calculating U.S. regulatory capital
requirements by other means.4
4. The supervisory review process
described in this document is intended
to help ensure overall capital adequacy
by:
• Confirming a bank’s compliance
with regulatory capital requirements;
• Addressing the limitations of
regulatory capital requirements as a
measure of a bank’s full risk profile—
including risks not covered or not
adequately quantified;
• Encouraging banks to develop and
use better techniques in identifying and
measuring the risks they face; and
• Ensuring that each bank is able to
assess its own individual capital
adequacy (beyond regulatory capital
requirements), based on its risk profile
and business mix.
5. This guidance does not supersede
or alter the functioning of the existing
U.S. Prompt Corrective Action
requirements.5 This guidance also does
not change requirements for compliance
with existing regulations and
supervisory standards related to risk
management practices or other areas.
The supervisory review process
described in this guidance helps to
support supervisors’ ability to intervene
when necessary to prevent an
individual bank’s capital from falling
below the level required to support its
risk profile.
sroberts on PROD1PC70 with NOTICES
Comprehensive Supervisory
Assessment of Capital Adequacy
6. Capital helps protect individual
banks from insolvency, thereby
promoting safety and soundness in the
4 The term ‘‘bank’’ as used in this guidance
includes banks, savings associations and bank
holding companies. The terms ‘‘bank holding
company’’ and ‘‘BHC’’ refer only to bank holding
companies regulated by the Federal Reserve Board
and do not include savings and loan holding
companies regulated by the Office of Thrift
Supervision.
5 See section 38 of the Federal Deposit Insurance
Act (12 U.S.c. 1831o).
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
overall U.S. banking system. Minimum
regulatory capital requirements (Pillar 1
in the U.S. Advanced Framework)
establish a threshold below which a
sound bank’s regulatory capital must
not fall. Regulatory capital ratios permit
some comparative analysis of capital
adequacy across regulated institutions
because they are based on certain
common assumptions. However,
supervisors must perform a more
comprehensive assessment of capital
adequacy that considers risks specific to
the bank, conducting analyses that go
beyond minimum regulatory capital
requirements.
7. Supervisors generally expect banks
to hold capital above their minimum
regulatory capital levels, commensurate
with their individual risk profiles, to
account for all material risks. Going
forward, supervisors will continue to
assess the overall capital adequacy of
any bank through a comprehensive
evaluation that considers all relevant
available information. In determining
the extent to which banks should hold
capital in excess of regulatory
minimums, supervisors would consider
the combined implications of a bank’s
compliance with qualification
requirements for regulatory capital
standards, the quality and results of a
bank’s ICAAP, and supervisory
assessment of the bank’s risk
management processes, control
structure, and other relevant
information relating to the bank’s risk
profile and capital position. This
supervisory assessment process is
consistent with current supervisory
practice, under which supervisors
assess the overall capital adequacy of a
bank through a comprehensive
evaluation of all relevant information.
8. On an ongoing basis, the
supervisory assessment process
determines whether a bank’s overall
capital remains adequate as underlying
conditions change. Changes in a bank’s
risk profile or in relevant capital
measures are areas of particular focus
that are effectively addressed through
the supervisory review process.
Generally, material increases in risk that
are not otherwise mitigated should be
accompanied by commensurate
increases in capital. Conversely,
reductions in overall capital (to a level
still above regulatory minimums) may
be appropriate if the supervisory
assessment provides support to
conclude that risk has materially
declined or that it has been
appropriately mitigated.
9. As a result of its comprehensive
supervisory assessment, a bank’s
primary Federal supervisor may take
action if it is not satisfied that capital is
PO 00000
Frm 00108
Fmt 4701
Sfmt 4703
adequate. The primary supervisor may
require the bank to take actions
designed to address identified
supervisory concerns, which may
include holding an amount of capital
greater than otherwise would be
required. In addition, a primary
supervisor may, under its enforcement
authority, require a bank to modify or
enhance risk management and internal
control processes, or reduce risk
exposures, or take any other action as
deemed necessary to address identified
supervisory concerns.
Compliance With Regulatory Capital
Requirements
10. In order to qualify under the U.S.
Advanced Framework to use new
methods for calculating regulatory
capital requirements, banks must meet
certain process and systems
requirements. Supervisors must ensure
that banks are indeed meeting these
requirements. Thus, one aspect of
supervisory review pertains to the
evaluation of a bank’s compliance with
the qualification requirements for the
systems and processes to be used in the
calculation of regulatory capital under
the U.S. Advanced Framework. The
supervisory guidance regarding the U.S.
Advanced Framework provides a
detailed explanation of these
qualification requirements for the
systems and processes for the
calculation of regulatory capital.
11. Banks adopting the U.S. Advanced
Framework must comply with the
qualification requirements not just for
initial qualification, but also for ongoing
use. A bank that falls out of compliance
with the qualification requirements
would be required to establish a plan
satisfactory to its primary Federal
supervisor to return to compliance, as
discussed in the U.S. Advanced
Framework.
12. Supervisors will ensure that each
bank using the U.S. Advanced
Framework complies with the
qualifying requirements for calculating
regulatory capital, both at the
consolidated level and at any U.S.
subsidiary banks also subject to the U.S.
Advanced Framework. Thus, each bank
applying the U.S. Advanced Framework
must have appropriate risk
measurement and management
processes and systems that meet the
rule’s qualification requirements for
calculating regulatory capital.
ICAAP
13. The qualification requirements in
the U.S. Advanced Framework state that
‘‘a bank must have a rigorous process for
assessing its overall capital adequacy in
relation to its risk profile and a
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
comprehensive strategy for maintaining
an appropriate level of capital.’’ 6 A
bank’s internal process for assessing its
overall capital adequacy, the ICAAP,
must be conducted by a bank in
addition to its calculation of regulatory
capital requirements.7
14. The fundamental objectives of a
sound ICAAP are:
• Identifying and measuring material
risks;
• Setting and assessing internal
capital adequacy goals that relate
directly to risk;
• Ensuring the integrity of internal
capital adequacy assessments.
15. Assessing overall capital adequacy
through the ICAAP requires thorough
identification of all material risks,
measurement of those that can be
reliably quantified, and systematic
assessment of all risks and their
implications for capital adequacy. In
this manner, an ICAAP should
contribute broadly to the development
of better risk management within the
organization at both the individual
entity and consolidated levels.
16. Each bank that uses the U.S.
Advanced Framework should have an
ICAAP appropriate for its unique risk
characteristics and should not rely
solely upon the assessment of capital
adequacy at the parent company level.
This does not preclude the use of a
consolidated ICAAP as an important
input to a subsidiary bank’s own
ICAAP, provided that each entity’s
board and senior management ensure
that such processes are appropriately
modified from the consolidated ICAAP
to address the unique structural and
operating characteristics and risks of
their bank.
17. In general, the ICAAP will likely
go beyond the restrictive or simplifying
assumptions in regulatory requirements.
However, in certain instances the
ICAAP may build on and utilize
methods, practices, and results from a
bank’s work for determining regulatory
capital requirements. For example, an
ICAAP may use data, ratings, or
estimates from internal ratings-based
approaches to credit risk. Furthermore,
while an ICAAP should generally be a
distinct and comprehensive process that
produces its own capital measures, in
some cases banks may be able to justify
6 Part III, section 22 (a) (1) of the U.S. Advanced
Framework.
7 Should the primary Federal supervisor exempt
a bank from the application of the U.S. Advanced
Framework based upon a written determination that
the application of the rule is not appropriate in light
of the bank’s asset size, level of complexity, risk
profile, or scope of operations, such exemption
would likewise apply to the requirement that the
bank have an ICAAP in the U.S. Advanced
Framework.
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
that regulatory capital measures are
appropriate for internal use and reflect
the bank’s risk profile.
18. The design and operation of
systems to meet the ICAAP requirement
will necessarily differ based upon the
complexity of each bank’s operations
and risk profile. Many banks currently
employ ‘‘economic capital’’ measures
for some elements of risk management,
such as, limit setting, or for evaluating
performance and determining aggregate
capital adequacy needs.8 In some cases,
economic capital measures may relate
directly to ICAAP requirements; in other
cases, banks may be using economic
capital measures that do not relate
directly to ICAAP requirements. For the
latter, a bank does not necessarily need
to change its existing process or
systems, but may build upon or
reconcile its economic capital process in
relation to the ICAAP requirement to
demonstrate how the two are generally
related. Regardless of the specific
implementation method(s) chosen, a
bank’s overall ICAAP should address
the three ICAAP objectives stated in
paragraph 14.
Identifying and Measuring Material
Risks in ICAAP
19. The first objective of an ICAAP is
to identify all material risks. Risks that
can be reliably measured and quantified
should be treated as rigorously as data
and methods allow. The appropriate
means and methods to measure and
quantify those material risks are likely
to vary across banks.
20. Some of the risks to which banks
are exposed include credit risk, market
risk, operational risk, interest rate risk
in the banking book, and liquidity risk
(as outlined below).9 However, other
risks, such as reputational risk, business
or strategic risk, and country risk may
be as important for a bank and, in such
cases, should be given equal
consideration to the more formally
defined risk types.10 Additionally, if
8 The term ‘‘economic capital’’ generally refers to
the capital attributed to cover the economic effects
of an institution’s risk taking activities. In practice,
economic capital takes on a variety of definitions
and is applied in a number of ways at the product,
business-line, and consolidated institution level.
9 Examination policies and procedures from each
agency provide extensive guidance on the major
risk categories. A bank’s risk management
processes, including its ICAAP, should be
consistent with this existing body of guidance, as
well as with relevant interagency guidance.
10 For example, a bank may be engaged in
businesses for which periodic fluctuations in
activity levels, combined with relatively high fixed
costs, have the potential to create unanticipated
losses that must be supported by adequate capital.
Additionally, a bank might be involved in strategic
activities (such as expanding business lines or
engaging in acquisitions) that introduce significant
PO 00000
Frm 00109
Fmt 4701
Sfmt 4703
9191
banks employ risk mitigation
techniques, they should understand the
risk to be mitigated and the potential
effects of that mitigation (including its
enforceability and effectiveness).
• Credit risk: A bank should have the
ability to assess credit risk at the
portfolio level as well as at the exposure
or counterparty level. Banks should be
particularly attentive to identifying
credit risk concentrations and ensuring
that their effects are adequately
assessed. This should include
consideration of various types of
dependence among exposures,
incorporating the credit risk effects of
extreme outcomes, stress events, and
shocks to assumptions about portfolio
and exposure behavior. Banks should
also carefully assess concentrations in
counterparty credit exposures,
including counterparty credit risk
exposures emanating from trading in
less liquid markets, and determine the
effect that these might have on capital
adequacy.
• Market risk: A bank should be able
to identify risks in trading activities
resulting from a movement in market
prices. This determination should
consider factors such as illiquidity of
instruments, concentrated positions,
one-way markets, non-linear/deep outof-the money positions, and the
potential for significant shifts in
correlations. Exercises that incorporate
extreme events and shocks should also
be tailored to capture key portfolio
vulnerabilities.
• Operational risk: A bank should be
able to assess the potential risks
resulting from inadequate or failed
internal processes, people, and systems,
as well as from events external to the
bank. This assessment should include
the effects of extreme events and shocks
relating to operational risk. Events could
include a sudden increase in failed
processes across business units or a
significant incidence of failed internal
controls.
• Interest rate risk in the banking
book: A bank should identify the risks
associated with changing interest rates
on balance sheet and off-balance sheet
exposures in the banking book from
both a short-term and long-term
perspective. This might include the
impact of changes due to parallel
shocks, yield curve twists, yield curve
inversions, changes in the relationships
of rates (basis risk), and other relevant
scenarios. The bank should be able to
support its assumptions about the
behavioral characteristics of servicing
rights, non-maturity deposits and other
elements of risk and for which additional capital
would be appropriate.
E:\FR\FM\28FEN2.SGM
28FEN2
sroberts on PROD1PC70 with NOTICES
9192
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
assets and liabilities, especially those
exposures characterized by embedded
optionality. Given uncertainty in such
assumptions, stress testing and scenario
analysis should be used in the analysis
of interest rate risks.
• Liquidity risk: A bank should
understand risks resulting from its
inability to meet its obligations as they
come due, because of difficulty in
liquidating assets or in obtaining
adequate funding. This assessment
should include analysis of sources and
uses of funds, an understanding of the
funding markets in which the bank
operates, and an assessment of the
efficacy of a contingency funding plan
for events that could arise.
The risk factors discussed above
should not be considered an exhaustive
list of those affecting any given bank.
All relevant factors that present a
material source of risk to capital should
be incorporated in a well-developed
ICAAP. Furthermore, banks should be
mindful of the capital adequacy effects
of concentrations that may arise within
each risk type.
21. All measurements of risk
incorporate both quantitative and
qualitative elements, but generally a
quantitative approach should form the
foundation of a bank’s measurement
framework. In some cases, quantitative
tools can include the use of large
historical databases; when data are more
scarce, a bank may choose to rely more
heavily on the use of stress testing and
scenario analyses. Banks should
understand when measuring risks that
measurement error always exists, and in
many cases is, itself, difficult to
quantify. In general, an increase in
uncertainty related to modeling and
business complexity should result in a
larger capital cushion.
22. Quantitative approaches that focus
on most likely outcomes for budgeting,
forecasting, or performance
measurement purposes may not be fully
applicable for capital adequacy because
the ICAAP should also take less likely
events into account. Stress testing and
scenario analysis can be effective in
gauging the consequences of outcomes
that are unlikely but would have a
considerable impact on safety and
soundness.
23. To the extent that risks cannot be
reliably measured with quantitative
tools—for example, where
measurements of risk are based on
scarce data or unproven quantitative
methods—qualitative tools, including
experience and judgment, may be more
heavily utilized. Banks should be
cognizant that qualitative approaches
have their own inherent biases and
assumptions that affect risk assessment;
VerDate Aug<31>2005
16:25 Feb 27, 2007
Jkt 211001
accordingly, banks should recognize the
biases and assumptions embedded in,
and the limitations of, the qualitative
approaches used.
24. An effective ICAAP should assess
risks across the entire bank. A bank
choosing to conduct risk aggregation
among various risk types or business
lines should understand the challenges
in such aggregation. In addition, when
aggregating risks, banks should be sure
to address any potential concentrations
across more than one risk dimension,
recognizing that losses could arise in
several risk dimensions at the same
time, stemming from the same event or
a common set of factors. For example,
a localized natural disaster could
generate losses from credit, market, and
operational risks at the same time.
25. In considering possible effects of
diversification, management should be
systematic and rigorous in documenting
decisions, and in identifying
assumptions used in each level of risk
aggregation. Assumptions about
diversification should be supported by
analysis and evidence. The bank should
have systems capable of aggregating
risks based on the bank’s selected
framework. For example, a bank
calculating correlations within or among
risk types should consider data quality
and consistency, and the volatility of
correlations over time and under
stressed market conditions.
Setting and Assessing Capital Adequacy
Goals That Relate to Risk
26. The second objective of an ICAAP
is to set and assess capital adequacy
goals in relation to all material risks.
Importantly, banks should recognize
that regulatory capital requirements
represent a floor below which a bank’s
overall capital level must not fall, even
if bank management believes that there
is justification for a lower overall level.
27. Assessments of risk and capital
adequacy should reflect the risk appetite
of the bank. This appetite may be
expressed through an established risk
tolerance that generally reflects a
desired level of risk coverage and/or a
certain degree of creditworthiness, such
as an explicit solvency standard.
Because risk profiles and choices of risk
tolerance may differ across banks,
chosen capital targets may also differ.
28. Actual capital held should reflect
not only the measured amount of risk,
but also potential uncertainties related
to the measurement of risk. In
addressing concerns about how
limitations of risk measurement affect
capital adequacy, banks should pay
particular attention to the relative
importance to the bank of the activities
producing the risk. In their assessment
PO 00000
Frm 00110
Fmt 4701
Sfmt 4703
of capital adequacy, banks should
challenge fundamental assumptions
embedded in the measurement of risks;
in certain cases, assumptions that were
accurate during one historical time
period may no longer be valid and may
lead to mismeasurement or
misunderstanding of risks and/or the
capital needed to support them. Banks
should be explicitly aware of how
sensitive their risk measurements are to
various input assumptions.
29. A bank should consider external
conditions and other factors that
influence overall capital adequacy. The
potential impact of contingent
exposures and changing economic and
financial environments should be
addressed; such analysis can include
stress testing or scenario analysis, but in
all cases should incorporate both
quantitative and qualitative methods.11
30. A bank’s ICAAP should ensure
adequate capital is held against all
material risks not just at a point in time,
but over time, in order to account for
inevitable changes in a bank’s strategic
direction, evolving economic
conditions, and volatility in the
financial environment. Indeed,
sensitivity of capital to economic and
financial cycles is an important feature
to be included in a bank’s planning for
current and future capital needs. For
example, a bank’s ICAAP should
consider the potential effects of a
sudden, sustained downturn. The level
of capital deemed adequate by an
ICAAP might also be influenced by a
bank’s intention to hold additional
capital to mitigate the impact of
volatility in capital requirements, the
need to accommodate acquisition plans,
or the decision to accommodate market
perceptions of capital adequacy and
their impact on funding costs.
31. Various definitions of bank capital
are used within banking. A bank should
state clearly the definition of capital
used in any aspect of its ICAAP. For
example, the definition used in models
to measure capital adequacy relative to
risk may not correspond to capital
actually held (available capital
resources), and the bank should
understand such differences. For
internal purposes, some banks may
choose a narrow capital definition, such
11 The use of stress testing and scenario analysis
in identifying and measuring risk exposures and
assessing capital adequacy in an ICAAP is not the
same as the stress testing requirement related to
minimum regulatory capital requirements (as
described in the U.S. Advanced Framework and
supervisory guidance relating to qualification
requirements). The stress testing and scenario
analysis encouraged in the ICAAP guidance is
intended to focus on overall capital needs and their
possible fluctuations—not just fluctuations in
minimum regulatory capital requirements.
E:\FR\FM\28FEN2.SGM
28FEN2
Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 / Notices
sroberts on PROD1PC70 with NOTICES
as only common equity, while others
may define capital more broadly. Banks
should also state explicitly the impact
that retained earnings have on capital
positions. Since components of capital
are not necessarily alike and have
varying ability to absorb losses, a bank
should thoroughly understand the
relationship between its internal capital
definition and its assessment of capital
adequacy. The bank should document
any changes in its internal definition of
capital, and the reason for those
changes.
32. For effective capital planning,
banks should identify the time horizon
over which they are assessing capital
adequacy. Banks should evaluate
whether long-run capital targets are
consistent with short-run goals, based
on current and planned changes in risk
profiles and the recognition that
accommodating additional capital needs
can require significant lead time. Capital
planning should factor in the potential
difficulties of raising additional capital
during downturns or other times of
stress. Banks should have contingency
plans to address unexpected capital
needs or liquidity/funding issues.
Ensuring Integrity of Internal Capital
Adequacy Assessments
33. A satisfactory ICAAP comprises a
complete process with proper oversight
and controls, not just an ability to carry
out certain capital calculations. The
various elements of a bank’s ICAAP
should supplement and reinforce one
another to achieve the overall objective
of assessing the adequacy of the bank’s
actual capital resources, taking into
account the full risk profile.
34. Adequate internal controls and
documentation should be in place to
ensure transparency, objectivity, and
consistency in an ICAAP. Decisions
regarding the design and operation of
the ICAAP should reflect sound risk
management objectives, and should not
be unduly influenced by competing
business objectives. Principles
underlying a bank’s ICAAP should be
incorporated in policies that are
reviewed and approved at appropriate
levels within the organization.
35. Banks should have complete
documentation covering the ICAAP. At
a minimum, such documentation
should include a description of the
overall process, including committees
and individuals responsible for the
ICAAP, the frequency of ICAAP-related
reporting, and procedures for the
periodic evaluation of the
VerDate Aug<31>2005
18:11 Feb 27, 2007
Jkt 211001
appropriateness and adequacy of
ICAAP. In addition, where applicable,
documentation should cover all aspects
ordinarily expected for sound use of
quantitative methods, including model
selection, limitations, data selection and
maintenance, controls, and validation.
36. An ICAAP should be enhanced
and refined over time, with learning and
experience (both quantitative and
qualitative) contributing to its
improvement. It should evolve with
changes in the risk profile and activities
of the bank as well as advances in risk
measurement and management
practices. Special attention may be
necessary for areas where the
operational or business environment has
changed, such as the introduction of
new products and activities.
37. The board of directors and senior
management have certain
responsibilities in developing,
implementing, and overseeing an
ICAAP. The board or its appropriately
delegated agent should approve the
ICAAP and its components, review
them on a regular basis, and approve
any revisions. That review should
encompass the effectiveness of the
ICAAP, the appropriateness of risk
tolerance levels and capital planning,
and the strength of control
infrastructures. Senior management
should continually ensure that the
ICAAP is functioning effectively and as
intended; considerations by senior
management should be explicit, formal,
and documented. Additionally, internal
audit should play a key role in the
controls and governance surrounding an
ICAAP on an ongoing basis.
38. Each bank should ensure that the
components of its ICAAP, including any
models and their inputs, are subject to
validation policies and procedures.
Validation is generally defined as an
ongoing process that encompasses, but
is not limited to, the collection and
review of developmental evidence,
process verification, benchmarking,
outcomes analysis, and monitoring
activities used to confirm that processes
are operating as designed. The
sophistication of validation policies and
procedures should be appropriate to the
bank’s business, structure, and
sophistication, as well as the relative
importance of each component of
ICAAP. In conducting validation, banks
should adhere to the existing body of
supervisory guidance on the subject.
39. The primary use of an ICAAP is
to provide an assessment of internal
PO 00000
Frm 00111
Fmt 4701
Sfmt 4703
9193
capital adequacy. Beyond that,
management should be able to
demonstrate that the ICAAP influences
business decisions and overall risk
management, and is not simply a
compliance exercise. An ICAAP should
influence decision-making at both the
consolidated and individual businessline levels.
40. An ICAAP should, to the extent
possible, be integrated with other
management processes related to risk
assessment, business planning and
forecasting, pricing strategies and
performance measurement.
Additionally, the components of an
ICAAP, including models and their
inputs, should be used in (or at the very
least be consistent with elements used
in) regular business and risk
management decisions.
41. As part of the ICAAP, the board
or its delegated agent, as well as
appropriate senior management, should
periodically review the resulting
assessment of overall capital adequacy
and determine that actual capital held is
consistent with the risk appetite of the
bank, taking into account all material
risks. This review should include an
analysis of how measures of internal
capital adequacy compare with other
capital measures (such as regulatory,
accounting-based or marketdetermined). The review should also
result in formal procedures to correct
any deficiencies uncovered in the
assessment process, especially if capital
is not consistent with the risk profile or
risk appetite of the bank.
Dated: February 12, 2007.
John C. Dugan,
Comptroller of the Currency.
By order of the Board of Governors of the
Federal Reserve System.
Dated: February 13, 2007.
Jennifer J. Johnson,
Secretary of the Board.
Dated at Washington, DC, the 15th day of
February, 2007.
By order of the Federal Deposit Insurance
Corporation.
Robert E. Feldman,
Executive Secretary.
Dated: February 15, 2007.
By the Office of Thrift Supervision,
John M. Reich,
Director.
[FR Doc. 07–811 Filed 2–27–07; 8:45 am]
BILLING CODES 4810–33–P, 6210–01–P, 6714–01–P,
6720–01–P
E:\FR\FM\28FEN2.SGM
28FEN2
]]>Agencies
[Federal Register Volume 72, Number 39 (Wednesday, February 28, 2007)]
[Notices]
[Pages 9084-9193]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-811]
[[Page 9083]]
-----------------------------------------------------------------------
Part II
Department of the Treasury
-----------------------------------------------------------------------
Office of the Comptroller of the Currency
Office of Thrift Supervision
-----------------------------------------------------------------------
Federal Reserve System
-----------------------------------------------------------------------
Federal Deposit Insurance Corporation
-----------------------------------------------------------------------
Proposed Supervisory Guidance for Internal Ratings-Based Systems for
Credit Risk, Advanced Measurement Approaches for Operational Risk, and
the Supervisory Review Process (Pillar 2) Related to Basel II
Implementation; Notice
��Federal Register / Vol. 72, No. 39 / Wednesday, February 28, 2007 /
Notices��
[[Page 9084]]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
[Docket No. OCC-2007-0004]
FEDERAL RESERVE SYSTEM
[Docket No. OP-1277]
FEDERAL DEPOSIT INSURANCE CORPORATION
DEPARTMENT OF THE TREASURY
Office of Thrift Supervision
[No. 2007-06]
Proposed Supervisory Guidance for Internal Ratings-Based Systems
for Credit Risk, Advanced Measurement Approaches for Operational Risk,
and the Supervisory Review Process (Pillar 2) Related to Basel II
Implementation
AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC);
Board of Governors of the Federal Reserve System (Board); Federal
Deposit Insurance Corporation (FDIC); and Office of Thrift Supervision,
Treasury (OTS) (collectively, the Agencies).
ACTION: Proposed supervisory guidance with request for public comment.
-----------------------------------------------------------------------
SUMMARY: The Agencies are publishing for comment three documents that
set forth proposed supervisory guidance for implementing proposed
revisions to the risk-based capital standards in the United States (New
Advanced Capital Adequacy Framework or proposed framework). These
proposed revisions, which would implement the ``International
Convergence of Capital Measurement and Capital Standards: A Revised
Framework,'' published in June 2004 by the Basel Committee on Banking
Supervision (Basel II), in the United States, were published in the
Federal Register on September 25, 2006 as a notice of proposed
rulemaking (NPR or proposed rule). The proposed framework outlined in
the NPR would require some and permit other qualifying banks to
calculate their regulatory risk-based capital requirements using an
internal ratings-based (IRB) approach for credit risk and the advanced
measurement approaches (AMA) for operational risk (together, the
advanced approaches); it also provides guidelines for the supervisory
review process (Pillar 2). The proposed supervisory guidance documents
provide additional detail for the advanced approaches and the
supervisory review process that should help banks satisfy the
qualification requirements in the NPR.
DATES: Comments on the three proposed supervisory guidance documents
must be submitted on or before May 29, 2007.
ADDRESSES:
OCC: You must include OCC and Docket Number OCC-2007-0004 in your
comment. You may submit comments by any of the following methods:
Agency Web site: https://www.occ.treas.gov. Click on
``Contact the OCC,'' scroll down and click on ``Comments on Proposed
Regulations.''
E-mail address: regs.comments@occ.treas.gov.
Fax: (202) 874-4448.
Mail: Office of the Comptroller of the Currency, 250 E
Street, SW., Mail Stop 1-5, Washington, DC 20219.
Hand Delivery/Courier: 250 E Street, SW., Attn: Public
Information Room, Maila Stop 1-5, Washington, DC 20219.
Instructions: All submissions received must include the agency name
(OCC) and docket number for this proposed notice. In general, OCC will
enter all comments received into the docket without change, including
any business or personal information that you provide.
You may review comments and other related materials by any of the
following methods:
Viewing Comments Personally: You may personally inspect
and photocopy comments at the OCC's Public Information Room, 250 E
Street, SW., Washington, DC. You can make an appointment to inspect
comments by calling (202) 874-5043.
Viewing Comments Electronically: You may request e-mail or
CD-ROM copies of comments that the OCC has received by contacting the
OCC's Public Information Room at: regs.comments@occ.treas.gov.
Docket: You may also request available background
documents and project summaries using the methods described above.
Board: You may submit comments, identified by Docket No. OP-1277,
by any of the following methods:
Agency Web site: https://www.federalreserve.gov. Follow the
instructions for submitting comments at https://www.federalreserve.gov/
generalinfo/foia/ProposedRegs.cfm.
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
E-mail: regs.comments@federalreserve.gov. Include the
docket number in the subject line of the message.
Fax: (202) 452-3819 or (202) 452-3102.
Mail: Jennifer J. Johnson, Secretary, Board of Governors
of the Federal Reserve System, 20th Street and Constitution Avenue,
NW., Washington, DC 20551.
All public comments are available from the Board's Web site at
https://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as
submitted, unless modified for technical reasons. Accordingly, your
comments will not be edited to remove any identifying or contact
information. Public comments also may be viewed electronically or in
paper form in Room MP-500 of the Board's Martin Building (20th and C
Streets, NW.) between 9 a.m. and 5 p.m. on weekdays.
FDIC: You may submit comments by any of the following methods:
Agency Web Site: https://www.fdic.gov/regulations/laws/
federal. Follow instructions for submitting comments on the Agency Web
Site.
E-mail: Comments@FDIC.gov. Include ``Basel II Supervisory
Guidance'' in the subject line of the message.
Mail: Robert E. Feldman, Executive Secretary, Attention:
Comments, Federal Deposit Insurance Corporation, 550 17th Street, NW.,
Washington, DC 20429.
Hand Delivery/Courier: Guard station at the rear of the
550 17th Street Building (located on F Street) on business days between
7 a.m. and 5 p.m. (EST).
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
Public Inspection: All comments received will be posted without
change to https://www.fdic.gov/regulations/laws/federal including any
personal information provided. Comments may be inspected and
photocopied in the FDIC Public Information Center, 3501 North Fairfax
Drive, Room E-1002, Arlington, VA 22226, between 9 a.m. and 5 p.m.
(EST) on business days. Paper copies of public comments may be ordered
from the Public Information Center by telephone at (877) 275-3342 or
(703) 562-2200.
OTS: You may submit comments, identified by No. 2007-06 by any of
the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
E-mail: regs.comments@ots.treas.gov. Please include No.
2007-06 in the subject line of the message, and include your name and
telephone number in the message.
Fax: (202) 906-6518.
[[Page 9085]]
Mail: Regulation Comments, Chief Counsel's Office, Office
of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552,
Attention: No. 2007-06.
Hand Delivery/Courier: Guard's Desk, East Lobby Entrance,
1700 G Street, NW., from 9 a.m. to 4 p.m. on business days, Attention:
Regulation Comments, Chief Counsel's Office, Attention: No. 2007-06.
Instructions: All submissions received must include the agency name
and document number. All comments received will be posted without
change to https://www.ots.treas.gov/pagehtml.cfm?catNumber=67&an=1,
including any personal information provided.
Docket: For access to the docket to read background documents or
comments received, go to https://www.ots.treas.gov/
pagehtml.cfm?catNumber=67&an=1. In addition, you may inspect comments
at the Public Reading Room, 1700 G Street, NW., by appointment. To make
an appointment for access, call (202) 906-5922, send an e-mail to
public.info@ots.treas.gov, or send a facsimile transmission to (202)
906-7755. (Prior notice identifying the materials you will be
requesting will assist us in serving you.) We schedule appointments on
business days between 10 a.m. and 4 p.m. In most cases, appointments
will be available the next business day following the date we receive a
request.
FOR FURTHER INFORMATION CONTACT:
OCC: IRB guidance: Fred Finke, Senior Basel Policy Liaison (202-
874-4468 or fred.finke@occ.treas.gov); AMA guidance: Mark O'Dell,
Deputy Comptroller for Operational Risk (202-874-4316 or
mark.odell@occ.treas.gov); or guidance on supervisory review: Akhtarur
Siddique, Lead Expert (202-874-4665 or
akhtarur.siddique@occ.treas.gov); Office of the Comptroller of the
Currency, 250 E Street, SW., Washington, DC 20219.
Board: IRB guidance: Sabeth Siddique, Assistant Director, Credit
Risk Section (202-452-3861); AMA guidance: Stacy Coleman, Assistant
Director, Operational Risk Section (202-452-2934) or Connie Horsley,
Senior Supervisory Financial Analyst, Operational Risk Section (202-
452-5239); or guidance on supervisory review: David Palmer, Senior
Supervisory Financial Analyst, Credit Risk Section (202-452-2904);
Board of Governors of the Federal Reserve System, 20th Street and
Constitution Avenue, NW., Washington, DC 20551. Users of
Telecommunication Device for Deaf (TTD) only, call (202) 263-4869.
FDIC: IRB guidance: Pete Hirsch, Chief, Large Bank Supervision
(202-898-6751 or phirsch@fdic.gov), Curtis Wong, Senior Examination
Specialist, Planning and Program Development Section (202-898-7327 or
cwong@fdic.gov); AMA guidance: Mark S. Schmidt, Regional Director (678-
916-2189 or maschmidt@fdic.gov), Alfred Seivold, Senior Examination
Specialist, Large Bank Supervision (415-808-8248 or aseivold@fdic.gov);
or guidance on supervisory review: Bobby Bean, Chief, Capital Markets
Policy Section (202-898-3575 or bbean@fdic.gov), Gloria Ikosi, Senior
Quantitative Risk Analyst, Capital Markets Policy Section (202-898-3997
or gikosi@fdic.gov); Federal Deposit Insurance Corporation, 550 17th
Street, NW., Washington, DC 20429.
OTS: IRB guidance: David Tate, Manager, Examination Quality Review
(202-906-5717); AMA guidance: Eric Hirschhorn, Senior Financial
Economist, Credit Policy (202-906-7350); or guidance on supervisory
review: Sonja White, Senior Project Manager, Capital Policy (202-906-
7857); Office of Thrift Supervision, 1700 G Street, NW., Washington, DC
20552.
SUPPLEMENTARY INFORMATION: The Agencies issued an NPR on September 25,
2006,\ 1\ which seeks comment on the New Advanced Capital Adequacy
Framework that revises the existing general risk-based capital
standards as applied to large, internationally active U.S. banks.\2\
The public comment period on the NPR closes on March 26, 2007.\3\ The
proposed framework would implement Basel II in the United States.
---------------------------------------------------------------------------
\1\ See 71 FR 55830 (Sept. 25, 2006).
\2\ For simplicity, and unless otherwise noted, the term
``banks'' is used here to refer to banks, savings associations, and
bank holding companies. The terms ``bank holding company'' and
``BHC'' refer only to bank holding companies regulated by the Board
and do not include savings and loan holding companies regulated by
the OTS. For a detailed description of the institutions covered by
this notice, refer to part I, section 1, of the NPR.
\3\ See 71 FR 77518 (Dec. 26, 2006).
---------------------------------------------------------------------------
As described in the NPR, Basel II sets forth a three-pillar
framework encompassing regulatory risk-based capital requirements
(Pillar 1); supervisory review of capital adequacy (Pillar 2); and
market discipline through enhanced public disclosures (Pillar 3). The
proposed framework outlined in the NPR for Pillar 1 would require some
and permit other qualifying banks to calculate their regulatory risk-
based capital requirements using the IRB approach for credit risk and
the AMA for operational risk.\4\ The NPR also requires a process for
the supervisory review of capital adequacy under Pillar 2, and outlines
requirements for enhanced public disclosures under Pillar 3.\5\ The NPR
describes the qualification process and provides qualification
requirements for obtaining supervisory approval for use of the advanced
approaches.\6\ The qualification requirements are written broadly to
accommodate the many ways a bank may design and implement robust credit
and operational risk measurement and management systems, and to permit
industry practice to evolve.
---------------------------------------------------------------------------
\4\ While Basel II provides several approaches for calculating
regulatory risk-based capital requirements under Pillara1, only the
advanced approaches are proposed for implementation in the United
States.
\5\ Supervisory expectations pertaining to a bank's public
disclosures are not part of this notice.
\6\ See part III, section 22 of the NPR.
---------------------------------------------------------------------------
The proposed supervisory guidance documents are companion guidance
to the September 2006 NPR and, as such, are designed to be consistent
with the proposed rule and do not address any public comments since the
NPR was issued. They provide additional detail that should help banks
satisfy the qualification requirements in the NPR. However, the
publication of these guidance documents for comment does not imply that
the outcome of the NPR has already been determined. As part of the
regulatory rulemaking process, the proposed guidance documents are
subject to change as needed based on, among other things, the public
comments on the guidance and the Agencies' decisions regarding any
final rule.
The Agencies believe that the proposed supervisory guidance
documents are necessary to supplement the proposed framework with
standards to promote safety and soundness and encourage comparability
across banks. A bank's primary Federal supervisor will review the
bank's framework relative to the qualification requirements in the NPR
to determine whether the bank may apply the advanced approaches and has
complied with the proposed rule in determining its regulatory capital
requirements.
In August 2003, the Agencies issued an advance notice of proposed
rulemaking (ANPR), which described the proposed revisions to the
existing risk-based capital framework in general terms and sought
public comment.\7\ The content of the ANPR was based, in large part, on
the April 2003 version of the Basel II framework.\8\ Contemporaneously
with the ANPR, the Agencies also issued for public
[[Page 9086]]
comment two proposed supervisory guidance documents relating to the
proposed framework.\9\ The first proposed 2003 guidance document
described supervisory views on the credit risk measurement and
management systems that should be implemented by banks that adopt the
IRB approach for computing risk-based capital requirements for
corporate credit risk exposures. The second proposed 2003 guidance
document provided supervisory views on the operational risk measurement
and management systems that should be implemented by banks that adopt
the AMA for computing risk-based capital requirements for operational
risk, including their operational risk management, data elements, and
quantification processes. In October 2004, the Agencies also issued for
public comment proposed supervisory guidance on IRB systems for retail
credit risk exposures.\10\
---------------------------------------------------------------------------
\7\ See 68 FR 45900 (Aug. 4, 2003).
\8\ See The New Basel Capital Accord (April 2003) (available at
https://www.bis.org).
\9\ See 68 FR 45949 (Aug. 4, 2003).
\10\ See 69 FR 62748 (Oct. 27, 2004), and 70 FR 423 (Jan. 4,
2005) (correction).
---------------------------------------------------------------------------
The first guidance document presented in this notice sets forth
proposed supervisory guidance on IRB systems for credit risk covering
the wholesale and retail exposure categories, as well as guidance on
the equity and securitization exposure categories (IRB Guidance). Under
the IRB framework, banks would use internal estimates of certain risk
components as key inputs in the determination of their regulatory risk-
based capital requirement for credit risk. As mentioned above, the
Agencies previously published proposed supervisory guidance on a bank's
IRB systems for corporate and retail exposures in 2003 and 2004,
respectively. Since the release of those documents, the Agencies have
continued to refine the proposals based on insights gained from public
comment and the collective efforts of the interagency IRB working
groups. The IRB Guidance updates and consolidates the previously
proposed supervisory guidance on corporate and retail exposures. It
also provides new guidance on systems a bank may need to differentiate
the risk of other credit exposure types, such as equity and
securitization exposures, as well as to recognize the benefits of
financial collateral in mitigating counterparty credit risk in certain
transactions or to use the double default treatment for certain
wholesale exposures.
The IRB Guidance is structured somewhat differently from the
proposed supervisory guidance issued in 2003 and 2004. Those guidance
documents contained four chapters covering corporate ratings and retail
segmentation systems, quantification, data management and maintenance,
and controls, with discussion of validation and stress testing
contained within the rating and segmentation and quantification
chapters. The structure of the IRB Guidance generally follows the key
components of a bank's advanced systems for credit risk outlined in the
NPR. Chapter 1 provides guidance on governance of a bank's overall
advanced systems for credit risk. Chapters 2 through 5 cover the
components of a bank's IRB systems for wholesale and retail exposures.
Chapters 6 and 7 provide guidance on data management and maintenance
and the control and validation framework. Chapter 8 provides guidance
on stress testing. Chapters 9 through 11 provide guidance on the other
systems a bank may need to differentiate risk in certain transactions
subject to counterparty credit risk, equity exposures, and
securitization exposures.
The IRB Guidance supplements the NPR and provides additional
context and detail to help banks meet the qualification requirements in
the NPR relevant to a bank's systems and processes for credit risk.
Thus, the guidance should be read alongside the NPR to obtain a full
perspective of the underlying requirements in the proposed rule. The
guidance does not contain additional proposed requirements that are not
in the NPR. Chapters 5, 9, 10, and 11, are being issued for the first
time and supplement the detailed discussion of those topics in the NPR.
Similar to the previously proposed corporate and retail guidance, the
IRB Guidance contains supervisory standards (designated with an ``S'')
that highlight important elements of a bank's advanced systems for
credit risk. The supervisory standards contained in the previously
proposed corporate and retail guidance documents have been consolidated
and updated and new supervisory standards are proposed.
The second guidance document in this notice sets forth proposed
supervisory guidance on the AMA for operational risk (AMA Guidance),
updating the proposed AMA Guidance published in 2003. Since the
issuance of that proposed AMA Guidance, the Agencies have revised the
guidance to clarify issues and simplify, wherever possible, supervisory
standards. The revisions are based on insights gained from public
comment and the collective efforts of the interagency AMA working
group. Under the AMA framework, a bank would rely on internal estimates
of its operational risk exposure to generate its regulatory risk-based
capital requirement for operational risk. The AMA Guidance provides
additional context and detail to help a bank meet the qualification
requirements outlined in the NPR relevant to operational risk.
Some of the specific revisions to the AMA Guidance include: (1)
Clarifying the roles of a bank's board of directors and management in
developing and overseeing the implementation of the bank's AMA
framework; (2) expanding standard 5 to address the integration of the
bank's operational risk management, data and assessment, and
quantification processes into the bank's existing risk management
decision-making processes; (3) expanding and clarifying operational
risk quantification standards both to reflect the evolution of industry
practices, as well as to address supervisory concerns; (4) clarifying
supervisory expectations regarding the use of scenario analysis, the
key elements used to support operational risk management and
measurement, and eligible operational risk offsets (see standards 20,
24, and 26, respectively); (5) adding standard 25 that discusses how
frequently a bank must recalculate its estimate of operational risk
exposure and its risk-based capital requirement for operational risk;
(6) adding standard 27 that a bank must employ a unit of measure that
is appropriate for its range of business activities and the variety of
operational loss events to which it is exposed; (7) expanding the
discussion on dependence modeling in standard 28; and (8) adding a
section that discusses a bank's use, in certain limited circumstances,
of an alternative quantification system to estimate its operational
risk exposure.
The Agencies recognize that a bank required to adopt an AMA
framework may have developed an implementation plan using the proposed
supervisory standards in the 2003 proposed AMA Guidance to assess its
status in meeting the requirements proposed in the ANPR and to
determine additional work needed to comply with those requirements. The
table below maps the current proposed supervisory standards to those in
the 2003 proposed AMA Guidance.
Comparison of Current Proposed AMA Supervisory Standards to the 2003
Proposed AMA Supervisory Standards
------------------------------------------------------------------------
2003 Proposed
Current Proposed Standard Number Standard
Number
------------------------------------------------------------------------
1....................................................... 1
[[Page 9087]]
2....................................................... 8
3....................................................... 11
4....................................................... 2
5....................................................... 3
6....................................................... 4
7....................................................... 5
8....................................................... 6
9....................................................... 7
10...................................................... 9, 10
11...................................................... 12
12...................................................... 13, 14
13...................................................... 15
14...................................................... 16
15...................................................... 17
16...................................................... 18
17...................................................... 19
18...................................................... 20
19...................................................... 21
20...................................................... 24
21...................................................... 22
22...................................................... 23
23...................................................... 25
24...................................................... 27
25...................................................... New
26...................................................... 28
27...................................................... New
28...................................................... 29
29...................................................... 30
30...................................................... 26
31...................................................... 31
32...................................................... 32, 33
------------------------------------------------------------------------
The third document sets forth proposed supervisory guidance on the
supervisory review process (Pillar 2) in the New Advanced Capital
Adequacy Framework. The process of supervisory review described in this
proposed guidance document reflects a continuation of the longstanding
approach employed by the Agencies in their supervision of banks.
However, new methods for calculating regulatory risk-based capital
requirements--such as those in the proposed framework--and development
of improved risk monitoring and management tools within the industry
often bring changes in the relative emphasis placed on the various
aspects of supervisory review. This proposed guidance document
highlights aspects of existing supervisory review that are being
augmented or more clearly defined to support the proposed framework.
Under the framework, in determining the extent to which banks should
hold capital in excess of regulatory minimums, supervisors would
consider the combined implications of a bank's compliance with
qualification requirements for regulatory risk-based capital standards,
the quality and results of its internal capital adequacy assessment
process (ICAAP), and supervisory assessment of its risk management
processes, control structure, and other relevant information relating
to its risk profile and capital position. The ICAAP (while not
mandating the determination of economic capital) should, to the extent
possible, identify and measure material risks, which may include (but
should not necessarily be limited to) credit risk, market risk,
operational risk, interest rate risk, and liquidity risk, and account
for concentrations within and among risk types.
The Agencies solicit comment on all aspects of the supervisory
guidance documents. In addition, the Agencies believe an important goal
for any regulatory capital system is to achieve a measure of
consistency in the capital requirements assigned to exposures with
similar risk profiles held by different banks. The Agencies seek
comment on the extent to which this proposed supervisory guidance will
promote that objective.
Paperwork Reduction Act
A. Request for Comment on Proposed Information Collection
In accordance with the requirements of the Paperwork Reduction Act
of 1995, the Agencies may not conduct or sponsor, and the respondent is
not required to respond to, an information collection unless it
displays a currently valid Office of Management and Budget (OMB)
control number. The Agencies are requesting comment on a proposed
information collection. The Agencies are also giving notice that the
proposed collection of information has been submitted to OMB for review
and approval.
Comments are invited on:
(a) Whether the collection of information is necessary for the
proper performance of the Agencies' functions, including whether the
information has practical utility;
(b) The accuracy of the estimates of the burden of the information
collection, including the validity of the methodology and assumptions
used;
(c) Ways to enhance the quality, utility, and clarity of the
information to be collected;
(d) Ways to minimize the burden of the information collection on
respondents, including through the use of automated collection
techniques or other forms of information technology; and
(e) Estimates of capital or start up costs and costs of operation,
maintenance, and purchase of services to provide information.
Comments should be addressed to:
OCC: Communications Division, Office of the Comptroller of the
Currency, Public Information Room, Mail stop 1-5, Attention: 1557-NEW,
250 E Street, SW., Washington, DC 20219. In addition, comments may be
sent by fax to (202) 874-4448, or by electronic mail to
regs.comments@occ.treas.gov. You can inspect and photocopy the comments
at the OCC's Public Information Room, 250 E Street, SW., Washington, DC
20219. You can make an appointment to inspect the comments by calling
(202) 874-5043.
Board: You may submit comments, identified by FR 4199, by any of
the following methods:
Agency Web Site: https://www.federalreserve.gov. Follow the
instructions for submitting comments at https://www.federalreserve.gov/
generalinfo/foia/ProposedRegs.cfm.
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
E-mail: regs.comments@federalreserve.gov.
Fax: (202) 452-3819 or (202) 452-3102.
Mail: Jennifer J. Johnson, Secretary, Board of Governors
of the Federal Reserve System, 20th Street and Constitution Avenue,
NW., Washington, DC 20551.
All public comments are available from the Board's Web site at
https://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as
submitted, except as necessary for technical reasons. Accordingly, your
comments will not be edited to remove any identifying or contact
information. Public comments may also be viewed electronically or in
paper form in Room MP-500 of the Board's Martin Building (20th and C
Streets, NW.) between 9 a.m. and 5 p.m. on weekdays.
FDIC: You may submit comments by any of the following methods:
Agency Web Site: https://www.fdic.gov/regulations/laws/
federal. Follow instructions for submitting comments on the Agency Web
Site.
E-mail: Comments@FDIC.gov. Include ``Basel II Supervisory
Guidance'' in the subject line of the message.
Mail: Robert E. Feldman, Executive Secretary, Attention:
Comments, Federal Deposit Insurance Corporation, 550 17th Street, NW.,
Washington, DC 20429.
Hand Delivery/Courier: Guard station at the rear of the
550 17th Street Building (located on F Street) on business days between
7 a.m. and 5 p.m. (EST).
[[Page 9088]]
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
Public Inspection: All comments received will be posted without
change to https://www.fdic.gov/regulations/laws/federal including any
personal information provided. Comments may be inspected and
photocopied in the FDIC Public Information Center, 3501 North Fairfax
Drive, Room E-1002, Arlington, VA 22226, between 9 a.m. and 5 p.m.
(EST) on business days. Paper copies of public comments may be ordered
from the Public Information Center by telephone at (877) 275-3342 or
(703) 562-2200.
A copy of the comments may also be submitted to the OMB desk
officer for the Agencies: By mail to U.S. Office of Management and
Budget, 725 17th Street, NW., 10235, Washington, DC 20503 or
by facsimile to 202-395-6974, Attention: Federal Banking Agency Desk
Officer.
OTS: Information Collection Comments, Chief Counsel's Office,
Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552;
send a facsimile transmission to (202) 906-6518; or send an e-mail to
infocollection.comments@ots.treas.gov. OTS will post comments and the
related index on the OTS Internet site at https://www.ots.treas.gov. In
addition, interested persons may inspect the comments at the Public
Reading Room, 1700 G Street, NW., by appointment. To make an
appointment, call (202) 906-5922, send an e-mail to
public.info@ots.treas.gov, or send a facsimile transmission to (202)
906-7755.
B. Proposed Information Collection
Title of Information Collection: Proposed Basel II Interagency
Supervisory Guidance for IRB, AMA, and the Supervisory Review Process.
Frequency of Response: Event-generated.
Affected Public:
OCC: National banks.
Board: State member banks, bank holding companies, affiliates and
certain non-bank subsidiaries of bank holding companies, commercial
lending companies owned or controlled by foreign banks, and Edge and
agreement corporations.
FDIC: Insured nonmember banks and certain subsidiaries of these
entities.
OTS: Savings associations and certain of their subsidiaries.
Abstract: The notice sets forth three proposed supervisory guidance
documents for implementing proposed revisions to the risk-based capital
standards in the United States (New Advanced Capital Adequacy
Framework). The proposed guidance documents concern (1) the internal
ratings-based systems for credit risk (IRB), (2) the advanced
measurement approaches for operational risk (AMA), and (3) the
supervisory review process (Pillar II).
The Agencies believe that the documentation, prior approvals, and
disclosures included in the proposed IRB and AMA guidance are directly
related to the information collection requirements found in the Basel
II notice of proposed rulemaking (NPR) published in the Federal
Register on September 25, 2006 (71 FR 55830). More specifically, the
information collection aspects of the proposed IRB and AMA guidance tie
to the following sections of the NPR: 21, 22, 44, 53, and 71. The
Agencies believe that the burden estimates developed for the NPR
adequately cover the additional specificity contained in the proposed
IRB and AMA guidance.
For the proposed Pillar II portion of the guidance, the Agencies
believe that paragraphs 25, 31, 35, 37, and 42 impose new information
collection requirements that were beyond the scope of the burden
estimates developed for the NPR. The agencies burden estimates for
these additional information collection requirements are summarized
below. Note that the estimated number of respondents listed below
include both institutions for which the Basel II risk-based capital
requirements are mandatory and institutions that may be considering
opting-in to Basel II (despite the lack of any formal commitment by
most of these latter institutions).
Estimated Burden:
OCC
Number of Respondents: 52.
Estimated Burden per Respondent: 140 hours.
Total Estimated Annual Burden: 7,280 hours.
Board
Number of Respondents: 15.
Estimated Burden per Respondent: 420 hours.
Total Estimated Annual Burden: 6,300 hours.
FDIC
Number of Respondents: 19.
Estimated Burden per Respondent: 420 hours.
Total Estimated Annual Burden: 7,980 hours.
OTS
Number of Respondents: 4.
Estimated Burden per Respondent: 420 hours.
Total Estimated Annual Burden: 1,680 hours.
The proposed supervisory guidance documents follow:
Proposed Supervisory Guidance on Internal Ratings-Based Systems for
Credit Risk
Table of Contents
Introduction
I. Purpose
II. Scope of Guidance
Chapter 1: Advanced Systems for Credit Risk
Rule Requirements
I. Overview
II. Governance of Advanced Systems
Chapter 2: Wholesale Risk Rating Systems
Rule Requirements
I. Overview
II. Credit Rating Assignment Techniques
A. Expert Judgment
B. Models
C. Constrained Judgment
D. Rating Overrides
III. Definition of Default
IV. Independence of the Wholesale Risk Rating Process
V. IRB Risk Rating System Architecture
A. Two-Dimensional Risk-Rating System
B. Other Considerations
Chapter 3: Retail Segmentation Systems
Rule Requirements
I. Overview
II. Definition of Default
III. Retail Segmentation Architecture
A. Criteria for Retail Segmentation
B. Assignment of Exposures to Retail Segments
Chapter 4: Quantification
Rule Requirements
I. Overview
A. Stages of the Quantification Process
B. General Standards for Sound Quantification
II. Probability of Default (PD)
A. Data
B. Estimation
C. Mapping
D. Application
III. Expected Loss Given Default (ELGD) and Loss Given Default (LGD)
A. Data
B. Estimation
C. Mapping
D. Application
IV. Exposure at Default (EAD)
A. Data
B. Estimation
C. Mapping
D. Application
V. Maturity (M)
VI. Special Cases and Applications
A. Loan Sales
B. Multiple Legal Entities
Appendix A: Illustrations of the Quantification Process for
Wholesale
[[Page 9089]]
Portfolios
Appendix B: Illustrations of the Quantification Process for Retail
Portfolios
Chapter 5: Wholesale Credit Risk Protection
Rule Requirements
Chapter 6: Data Management and Maintenance
Rule Requirements
I. Overview
II. General Data Requirements
A. Life Cycle Tracking for Wholesale Exposures
B. Rating Assignment Data for Wholesale Exposures
C. Segmentation Data for Retail Exposures
D. Outsourced Activities
E. Asset Sales
III. Data Applications
A. Validation and Refinement
B. Applying IRB System Improvements Historically
C. Calculating Risk-Based Capital Ratios and Reporting to the
Public
D. Supporting Risk Management
IV. Managing Data Quality and Integrity
A. Documentation and Definitions
B. Electronic Storage and Access
Appendix A: Data Elements for Wholesale and Retail Exposures
A. Examples of Data Elements for Wholesale Exposures
B. Examples of Data Elements for Retail Exposures
Appendix B: Applying Risk Rating System Improvements Historically
Chapter 7: Controls and Validation
Rule Requirements
I. Overview
II. Reviews of the IRB System
III. Consistency Between IRB Systems and Risk Management Processes
IV. Internal Audit
V. Validation Activities
A. General Validation Requirements
B. Validation Activities
C. Minimum Frequency of Validation
Chapter 8: Stress Testing of Risk-Based Capital Requirements
Rule Requirements
Chapter 9: Counterparty Credit Risk Exposure
Rule Requirements
I. Overview
II. Transactions with Counterparty Credit Risk
III. Definitions
IV. Netting
V. Determination of Eligibility for EAD Adjustment
VI. Methods for Determining EAD
A. Methodologies for Repo-style Transactions and Eligible Margin
Loans
B. EAD for OTC Derivative Contracts
C. Internal Models Methodology
VII. Defaulted Counterparties
Chapter 10: Risk-Weighted Assets for Equity Exposures
Rule Requirements
I. Overview
II. Definition of Banking Book Equities
III. Applying the Framework
IV. Using Internal Models for Equity Exposures
V. Quantification of Equity Exposures
A. Reference Data
B. External Data
C. Estimation
VI. Validation of Internal Models for Equity Exposures
VII. Consistency Between Internal Models Used for Equity Exposures
and Risk Management Processes
Chapter 11: Securitizations
Rule Requirements
I. Overview
II. Scope of Application
III. General Principles of the Securitization Framework
A. Risk Transference
B. Implicit Support
C. Servicer Cash Advances
D. Clean-up Calls
E. Maximum Capital Requirements for Securitization Exposures
IV. Hierarchy of Approaches
V. IRB Approaches for Securitization Exposures
A. Ratings-Based Approach
B. Internal Assessment Approach
VI. Internal Credit Assessment Process in the IAA
VII. Validation of IAA
A. Supervisory Formula Approach
VIII. Early Amortization Provisions
IX. Data Management Requirements
A. Data Elements
Appendix A: Description of the Supervisory Formula Approach (SFA).
Appendix B: Examples of Data Elements for Securitization Exposures
Attachment A: The NPR Qualification Requirements Related to the IRB
Framework
Attachment B: Supervisory Standards
Attachment C: Acronym List
Introduction
I. Purpose
1. This proposed guidance (``guidance''), published jointly by the
U.S. Federal banking agencies \1\ provides supervisory guidance for
U.S. banks, thrifts, and bank holding companies (``banks'') that adopt
the Advanced Internal Ratings-Based Approach (``IRB'' or ``IRB
framework'') for calculating minimum regulatory risk-based capital
(``risk-based capital'') requirements for credit risk under the Basel
II capital regulation.
---------------------------------------------------------------------------
\1\ The Federal banking agencies are: The Board of Governors of
the Federal Reserve System; the Federal Deposit Insurance
Corporation; the Office of the Comptroller of the Currency; and the
Office of Thrift Supervision; and will collectively be referred to
as ``the Agencies,'' ``supervisors,'' or ``regulators'' in this
guidance.
---------------------------------------------------------------------------
2. This guidance supplements the notice of proposed rulemaking
(``NPR'' or ``proposed rule'') published in the Federal Register on
September 25, 2006.\2\ The NPR proposes a regulatory framework within
which all banks subject to the proposed rule must develop their IRB
systems. The NPR contains qualification requirements that each bank
subject to the proposed rule must meet to the satisfaction of its
primary Federal supervisor before using its IRB systems to calculate
risk-based capital requirements. As stated in the preamble to the NPR,
the qualification requirements for these systems are written in broad
terms to accommodate the many ways a bank may design and implement a
robust internal risk measurement and management system and to permit
industry practice to evolve. As a supplement to the NPR, this guidance
provides supervisory standards and additional detail on credit risk
measurement and management systems that will assist banks in satisfying
the requirements in the NPR.
---------------------------------------------------------------------------
\2\ 71 FR 55830 (Sept. 25, 2006).
---------------------------------------------------------------------------
II. Scope of Guidance
3. The focus of this guidance is on wholesale, retail, equity, and
securitization exposures. A bank subject to the IRB framework for
credit risk in the NPR is required to have systems for determining
risk-based capital requirements for its wholesale and retail exposures.
The wholesale category includes corporate exposures (for example,
exposures to companies and banks, as well as commercial real estate
exposures and other types of specialized lending), sovereign exposures,
and other non-retail exposures. The retail category includes
residential mortgage exposures, qualifying revolving exposures (QRE),
and other retail exposures.
4. A bank may also need systems to differentiate the risk of other
exposure types, such as equity and securitization exposures, as well as
to recognize the benefits of financial collateral in mitigating
counterparty credit risk in certain transactions or to use double
default treatment for certain wholesale exposures.
5. In aggregation, the IRB systems and other systems for
differentiating credit risk are defined in the NPR and in this guidance
as a bank's ``advanced systems.'' This guidance covers advanced systems
for all of a bank's credit-related exposure types. A bank's advanced
systems also include its systems for determining risk-based capital
requirements for its operational risk exposures under the proposed
Advanced Measurement Approaches (``AMA'') framework, which is the
subject of a separate supervisory
[[Page 9090]]
guidance document. Certain banks subject to the proposed rule may also
be required to calculate risk-based capital requirements for their
market risk exposures.
6. As described in separate guidance relating to supervisory review
(Pillar 2), in addition to meeting qualification requirements for
regulatory risk-based capital standards, a bank must have a rigorous
process for assessing its overall capital adequacy in relation to its
risk profile and a comprehensive strategy for maintaining an
appropriate level of capital. This process (while not mandating the
determination of economic capital) should, to the extent possible,
identify and measure material risks, which may include (but should not
necessarily be limited to) credit risk, market risk, operational risk,
interest rate risk, and liquidity risk, and account for concentrations
within and among risk types. One of the main objectives of the internal
capital adequacy assessment process is to identify the extent to which
banks need to hold capital above regulatory minimums, in order to
address risks not adequately captured by minimum regulatory capital
requirements.
7. A primary objective of the IRB framework is to make the risk-
based capital requirements more sensitive to credit risk. In general,
the IRB framework incorporates recent developments in risk management
and banking supervision. Under this framework, banks use their own
internal risk rating and segmentation systems, as well as their
quantification processes, to generate estimates of risk parameters that
are inputs to the calculation of the risk-based capital requirements.
Data that support accurate and reliable credit risk measurements, as
well as rigorous management oversight and controls, including
continuous monitoring and validation, are crucial to the prudent
application of the IRB framework.
8. This guidance, which is written for supervisors and bankers,
describes the important elements and characteristics of a bank's
advanced systems for credit risk. Toward this end, this guidance
designates certain of those elements as supervisory standards denoted
by the prefix ``S.'' These supervisory standards generally implement or
clarify the requirements in the NPR and, whenever possible, are
principle-based to provide banks with flexibility in implementing the
framework. However, when prudential concerns or the need for
standardization outweigh the benefits of flexibility, the supervisory
standards are specified in greater detail. Furthermore, nothing in this
guidance should be interpreted as weakening, modifying, or superseding
the safety and soundness principles articulated in the Agencies''
existing statutes, regulations, or guidance. The standards are
contained within each chapter with a full compilation of the standards
provided in Attachment B.
9. Supervisors will consider this guidance in evaluating banks'
advanced systems for credit risk. This guidance assumes that readers
are familiar with the proposed framework for calculating risk-based
capital requirements for credit risk articulated in the NPR.
10. The conceptual framework outlined in this guidance is not
intended to dictate the precise manner by which banks should meet the
qualification and other requirements in the NPR. Supervisors will
determine compliance with the qualification requirements by evaluating,
on an individual bank basis, the extent to which banks meet the
substance and spirit of those requirements as they relate to each of
the components of a bank's advanced systems for credit risk. However,
evaluating each qualification requirement individually is not
sufficient to determine a bank's overall compliance. The components of
a bank's advanced systems for credit risk should complement and
reinforce one another to ensure the accuracy of risk measurements. As
part of the supervisory review of a bank's advanced systems,
supervisors will analyze the extent to which a bank's advanced systems
incorporate the substance and spirit of the standards outlined in this
guidance.
11. The structure of this guidance generally follows the key
components of the advanced systems for credit risk. Chapter 1 provides
guidance on governance of a bank's overall advanced systems. Chapters 2
through 7 cover the components of a bank's IRB systems for wholesale
and retail exposures. Chapter 8 provides guidance on stress testing.
Chapters 9 through 11 provide guidance on the other systems a bank may
need to differentiate risk for certain transactions subject to
counterparty credit risk, equity exposures, and securitization
exposures and supplements the detailed discussion of these exposure
types in the NPR. The data standards and control framework provided in
Chapters 6 and 7, respectively, of this guidance generally apply to
these other systems as well.
12. To aid the reader, the applicable NPR qualification
requirements are listed at the front of each chapter, as well as listed
together in Attachment A. Also, certain NPR requirements, such as
definitions, are either repeated in this guidance or paraphrased to
provide context. However, readers must look to the NPR for the exact
proposed rule requirements.
13. What follows is a brief description of each chapter:
Chapter 1: Advanced Systems for Credit Risk
The chapter provides a discussion of the governance and system and
process requirements for a bank's advanced systems for credit risk. It
also outlines the key components of a bank's advanced systems for
credit risk.
Chapter 2: Wholesale Risk Rating Systems
A key component of an IRB system for wholesale exposures is the
risk rating system. This chapter describes the design and operation of
wholesale risk rating systems. Banks should use the principles outlined
in this chapter when designing and operating wholesale risk rating
systems.
Chapter 3: Retail Segmentation Systems
A key component of an IRB system for retail credit exposures is the
segmentation system, which groups retail exposures into segments
according to risk characteristics. This segmentation is the retail
portfolio analogue of assigning ratings to exposures in wholesale
portfolios. This chapter describes the design and operation of an IRB
segmentation system. The retail framework provides banks with
substantial flexibility to use the retail segmentation that is most
appropriate for their activities.
Chapter 4: Quantification
Another key component of an IRB system is a quantification process
that assigns numerical values to the key risk parameters that are used
as inputs to the IRB risk-based capital formulas. This chapter provides
guidance on the quantification process for wholesale and retail
exposures. These risk parameters are probability of default (``PD''),
expected loss given default (``ELGD''), loss given default (``LGD''),
and exposure at default (``EAD''), and for wholesale exposures only,
the effective remaining maturity (``M''). The quantification of these
risk parameters should be the result of a disciplined process as
described in this chapter. The chapter also includes specific examples
for both wholesale rating systems and retail segmentation systems in
the two appendices.
Chapter 5: Wholesale Credit Risk Protection
This chapter supplements the detailed discussion of credit risk
mitigation in
[[Page 9091]]
the NPR by providing guidance on how banks may recognize contractual
arrangements for exposure-level credit protection (eligible guarantees
and eligible credit derivatives) that transfer risk to one or more
third parties. Each of these forms of credit protection must meet
certain specific standards of eligibility, as articulated in the NPR,
for recognition of the associated risk mitigation.
Chapter 6: Data Management and Maintenance
A bank must have advanced data management and maintenance systems
that support credible and reliable risk parameter estimates. This
chapter describes how a bank should collect, maintain, and manage the
data needed to support the other IRB system components for wholesale
and retail exposures (e.g., risk rating and segmentation systems, the
quantification process, and validation and other control processes), as
well as the bank's broader risk management and reporting needs.
Chapter 7: Controls and Validation
A bank must have a system of controls that ensures that the
components of the IRB system are functioning effectively. This chapter
provides guidance on the important elements of an effective control
environment, including independent review processes, a comprehensive
validation process (evaluation of developmental evidence, ongoing
monitoring, and outcomes analysis), and an internal audit review and
reporting process.
Chapter 8: Stress Testing of Risk-Based Capital Requirements
Banks must conduct stress testing analysis of their advanced
systems for credit risk as part of the risk-based capital management
process. Stress testing analysis is a means of understanding how
economic downturns, as described by stress scenarios, cause migration
across ratings or segments and the concomitant change in required risk-
based capital. This chapter discusses considerations for conducting
stress testing analyses.
Chapter 9: Counterparty Credit Risk Exposure
For certain transactions subject to counterparty credit risk, banks
may be allowed to recognize the risk mitigating effect of financial
collateral through an adjustment to EAD. This chapter supplements the
detailed discussion of counterparty credit risk in the NPR by
describing some of the elements of counterparty credit risk mitigation,
providing information to aid banks in choosing among the alternative
methods to calculate EAD for these transactions, and providing some
descriptions and illustrative examples of acceptable modeling practices
for the estimation of EAD under the alternative methods.
Chapter 10: Risk-Weighted Assets for Equity Exposures
This chapter supplements the detailed discussion of equity
exposures provided in the NPR. It provides guidance on determining
risk-based capital requirements for equity exposures held in the
banking book for banks subject to the Market Risk Rule and for all
equity exposures for banks not subject to the Market Risk Rule.
Chapter 11: Securitization Exposures
A securitization exposure is any exposure whose credit risk
reflects the tranching of risk of one or more underlying exposures.
This chapter describes the concepts, eligibility, and mechanics
associated with applying the three approaches for calculating risk-
based capital requirements for securitization exposures.
Chapter 1: Advanced Systems for Credit Risk
Rule Requirements
Part III, Section 22(a)(2): The systems and processes used by a
bank for risk-based capital purposes [in the NPR] must be consistent
with the bank's internal risk management processes and management
information reporting systems.
Part III, Section 22(a)(3): Each bank must have an appropriate
infrastructure with risk measurement and management processes that meet
the qualification requirements [in the NPR] and are appropriate given
the bank's size and level of complexity. Regardless of whether the
systems and models that generate the risk parameters necessary for
calculating a bank's risk-based capital requirements are located at any
affiliate of the bank, the bank itself must ensure that the risk
parameters and reference data used to determine its risk-based capital
requirements are representative of its own credit risk and operational
risk exposures.
Part III, Section 22(j)(1): The bank's senior management must
ensure that all components of the bank's advanced systems function
effectively and comply with the qualification requirements [in the
NPR].
Part III, Section 22(j)(2): The bank's board of directors (or a
designated committee of the board) must at least annually evaluate the
effectiveness of, and approve, the bank's advanced systems.
Part III, Section 22(k): Documentation. The bank must adequately
document all material aspects of its advanced systems.
I. Overview
1. This chapter provides a discussion of the governance and system
and process requirements for a bank's advanced systems for credit risk.
Board of directors and senior management oversight is critical to
ensure that the design and function of the advanced systems are
appropriate. Regardless of the specifics of a bank's advanced systems
for credit risk, a bank should have a rigorous credit risk management
infrastructure that complements these systems.
2. A bank subject to the framework for credit risk in the NPR is
required to have an internal ratings-based system (``IRB system'') for
determining risk-based capital requirements for its wholesale and
retail exposures.
S 1-1 An IRB system must have five interdependent components that
enable an accurate measurement of credit risk and risk-based capital
requirements.
3. The components of an IRB system are:
A risk rating and segmentation system that differentiates
risk by assigning ratings to individual wholesale obligors and
exposures and individual retail exposures to segments;
A quantification process that translates the risk
characteristics of wholesale obligors and exposures and segments of
retail exposures into numerical risk parameters that are used as inputs
to the IRB risk-based capital formulas. These risk parameters are
probability of default (``PD''), expected loss given default
(``ELGD''), loss given default (``LGD''), and exposure at default
(``EAD''), and for certain wholesale exposures only, the effective
remaining maturity (``M'');
A data management and maintenance system that supports the
IRB system;
Oversight and control mechanisms that ensure the IRB
system is functioning effectively and producing accurate results; and
An ongoing process that validates the accuracy of the risk
rating assignments, segmentations, and the risk parameters.
4. If applicable, a bank will also need systems to differentiate
risk for other credit exposure types, such as for equity and
securitization exposures, as well as to recognize the benefits of
financial collateral in mitigating counterparty credit risk in certain
transactions or to
[[Page 9092]]
use double default treatment for certain wholesale exposures.
5. In aggregation, the IRB system and other systems for
differentiating credit risk are defined in the NPR and in this guidance
as a bank's ``advanced systems'' for credit risk. Chapters 2 through 7
of this guidance provide supplemental guidance on IRB systems for
wholesale and retail exposures. Chapter 8 provides banks with guidance
on conducting stress testing analyses of their advanced systems for
credit risk. Chapters 9 through 11 cover additional systems a bank may
need to have for other credit exposure types.
II. Governance of Advanced Systems
S 1-2 Senior management must ensure that all of the components of
the bank's advanced systems for credit risk function effectively and
comply with the qualification requirements in the NPR.
6. Senior management should provide ongoing, active oversight of
the advanced systems outlined in this supervisory guidance, and
articulate the expectations for the technical and operational
performance of the advanced systems, including the control framework.
To provide effective oversight of the advanced systems, senior
management should have extensive knowledge of the advanced systems'
policies, underwriting standards, lending practices, account management
activities, and collection and recovery practices. Senior management
should understand how these factors affect all of the components of the
advanced systems.
7. The scope and depth of risk management reports should be
sufficient for senior management to monitor the performance of the
components of the advanced systems. Detailed reports should include,
but are not limited to, the following topics:
Risk profile by rating for wholesale exposures and by
segment for retail exposures;
Migration across ratings and segments with emphasis on
unexpected results;
Updates to the quantification performance results;
Validation results;
Comparative analysis of risk-based and internal capital
assessments; and
Control process assessments.
S 1-3 The board of directors or its designated committee must at
least annually evaluate the effectiveness of, and approve, the bank's
advanced systems.
8. The board of directors or its designated committee should at
least annually ensure that management has appropriate processes and
controls in place that support effective advanced systems for credit
risk. The board should be provided with information that will enable it
to conclude, with reasonable assurance, that management has appropriate
processes and controls in place that support effective advanced systems
for credit risk. To allow for ongoing monitoring, the board should be
provided with reports summarizing the design and performance of the
advanced systems. The board's strategic direction and oversight is
essential to effective advanced systems.
S 1-4 Each bank (including each depository institution) must ensure
that the risk parameters and reference data used to determine its risk-
based capital requirements are representative of its own credit risk.
9. Each bank must have an appropriate infrastructure with risk
measurement and management processes that meet the qualification
requirements in the NPR. Each bank's advanced systems for credit risk
should also incorporate the supervisory standards in this guidance.
This infrastructure must be appropriate given the bank's size and level
of complexity. Regardless of whether the systems and models that
generate the risk parameters necessary for calculating a bank's risk-
based capital requirements are located at any affiliate of the bank,
the bank must ensure that the risk parameters and reference data used
to determine its risk-based capital requirements are representative of
the bank's credit risk profile.
10. While some organizations may conduct rating, segmentation,
quantification, and validat
