Title: Validation and Approval of IRB Systems under the CRD Guidelines on the implementation, validation an
1Validation and Approval of IRB Systems under the
CRD Guidelines on the implementation,
validation and review of AMA and IRB
approachesThomas Dietz, CEBS secretariat
- PRMIA Workshop 18 September 2006
2Outline
- CEBS role and tasks
- Industry reaction and scope of the Guidelines on
Validation (GL10) - The approval and post-approval process
- 3.1. Application, assessment, decision (approval
process) - 3.2. The cooperation and coordination process
between supervisors - Selected items of the Assessment process
- 4.1. Partial use and Roll-out
- 4.2. Use test
- 4.3. Rating assignment and risk quantification
(PDs, LGDs, CFs) - 4.4. Back-testing and benchmarking (incl. Low
default portfolios) - 4.5. Internal governance
- Summary
31. CEBS role and tasks
- CEBS is not a single European regulator, but a
coordination body comprised of high level
representatives of the 25 EU supervisory
authorities (observers from ROM, BG, LI, Iceland
and NO) responsible for banking supervision - Guidelines are one of the CEBS tools to achieve
convergence in supervisory practices - Convergence is one of the main tasks of CEBS
according to the European Commission decision in
November 2003 - Convergence means that the national supervisory
authorities implement and apply European banking
legislation as homogenously as possible
41. CEBS role and tasks (2)
- Convergence is in the interest of both the
supervisory authorities (avoiding regulatory
arbitrage) and the industry (level-playing field,
especially important for cross-border groups) - Guidelines are not legally binding, but national
supervisors have a high interest to respect them - Guidelines affect the industry since CEBS sets
out expectations towards the national supervisors
concerning what they should expect from their
institutions
52. Industry reaction and scope of GL10
- During the drafting process meeting with experts
nominated by the CEBS Consultative Panel to get
informal input (two meetings on AMA, one on CP10
as a whole) - Two rounds of public consultation (mid-July to
end October 2005 and end January until end
February 2006) - Positive Reactions (among others)
- Framework proposed for cooperation between home
and host well-reasoned - Flexibility introduced for institutions which
have already completed preliminary applications
(good faith clause) - Principle of proportionality
62. GL10 - Industry reaction (2)
- Negative Reactions (among others)
- Instead of principles based approach too many
details (not necessary to reach convergence)
and too prescriptive - indicative examples will lead to tick-box
approach (N.B. some associations asked for more
details/examples) - Internal Governance rules too burdensome
- Proposals are too conservative and
superequivalent to the CRD - Strong disagreement with general concept of
downturn LGDs - CEBS reaction
- 40 of the proposed changes in the first round
of consultation taken on board in CP10 revised,
50 of the proposed changes in the second round
in the final Guidelines
72. Scope Underlying CRD requirements
- Under the IRB Approach use of own estimates of
risk parameters for the calculation of the
institutions capital requirements - -gt adequacy of the resulting capital
requirements depends critically on the adequacy
of the estimated risk parameters - No use of AMA or IRB approaches for regulatory
purposes without prior approval - -gt explicit application necessary
- Approval only if the competent authority is
satisfied that the institution's systems for
managing and rating credit risk exposures are
sound, are implemented with integrity, and meet
the requirements listed in Article 84 and Annex
VII, Part 4 of the CRD. - -gt supervisory assessment necessary
- Guidelines on validation supposed to support the
national supervisors work when dealing with the
application, decision and especially the
assessment process
83. Approval and post-approval process Structure
of GL10
- Structure of GL10 a typical approval process
Preliminarycontacts Supervisorycooperation Appli
cation
Supervisorsassessment Dialogue andjudgement
Decision and permission Monitoring of
implementation
Ongoingreview
93. Approval process Art. 129 (2)
- Art 129 (2) of the CRD decisive new element in
the relations between consolidating and host
supervisors, strengthening the responsibility of
the consolidating supervisor - In the case of applications submitted by an
EU parent credit institution and its
subsidiaries, or jointly by the subsidiaries of
an EU parent financial holding company, the
competent authorities shall work together, in
full consultation, to decide whether or not to
grant the permission sought and to determine the
terms and conditions, if any, to which such
permission should be subject. The competent
authorities shall do everything within their
power to reach a joint decision on the
application within six months. In the absence
of a joint decision between the competent
authorities within six months, the competent
authority referred to in paragraph 1 shall make
its own decision on the application. - De facto non-agreement after six months is
unlikely. Supervisors will do everything to come
to a common decision after the six-months period
and will establish adequate cooperation
procedures, already in the pre-application phase
103.1. Approval process Application
- Required minimum documentation for an application
is divided into five parts - Cover letter requesting approval
- Documentation of used or planned rating systems
- Control environment of the rating systems,
implementation procedures and IT infrastructure - Implementation plan (including Roll-Out) and
details on permanent partial use - Self-assessment
- Cover letter and supporting material must enable
the supervisor to make an initial supervisory
assessment of the application, and to develop a
risk-based plan for a more thorough assessment - The six months clock is started upon receipt of a
complete application
113.1. Approval process - items to be covered in
the assessment
-
- Assessment? -gt the supervisor has to assess
whether or not he is satisfied that the
institutions systems meet the standards listed
in Article 84 in accordance with the requirements
of Annex VII, Part 4 of the CRD. - IRB approach must have been validated by the
institution (self-assessment), before supervisor
starts its own assessment. - Issues to be assessed by supervisors
- Methodology and documentation rating system
methodology and the quality of internal
documentation supporting the rating system - Data quality quality of data and databases being
used for the development of the rating systems,
in the rating assignment process, and in the
estimation of risk parameters, along with any
other databases needed to calculate minimum
regulatory capital
123.1. Assessment process items to be covered (2)
-
- Issues to be assessed by supervisors (continued)
- Quantitative procedures quantitative information
relating to performance, validation, and
monitoring of rating systems. - Qualitative procedures perform an overall
assessment of the quality of the internal model
and assess compliance with the qualitative
minimum regulatory requirements (use test,
internal governance, the role of senior
management, the adequacy of internal controls). - Technological environment reliability and
integration of systems, the functionality of the
model, and the quality of information provided by
systems.
133.1. Approval process and documentation Decision
-
- End of application process decision/permission
- Decision final act in the approval process, as a
result of the consultation between the competent
authorities. - Permission legal form by which the decision,
determinative and legally binding on the
competent authorities, comes into force in their
respective legislation (transposition of the full
content of the decision under the standing legal
provisions of each country) - Decision document may contain certain terms and
conditions or may also cover recommendations for
the possible improvement of any imperfections
revealed during the assessment process.
143.2.Supervisory cooperation and coordination
- As much cooperation as possible between
consolidating and host supervisors to avoid a
duplication of work (which supervisors to be
involved, respective roles and responsibilities,
allocation of specific tasks) - Basic idea Streamlining 129 (2) process by a
common understanding with regard to an
application, its assessment and the decision on
it - Developing an overall supervisory plan of action
(including time table, communication strategy and
escalation process -gt exchange of information
necessary already at a very early stage)
153.2.Supervisory cooperation and coordination (2)
- Consolidating supervisor as central point of
contact (also for the group) and as central
coordinator, e.g. - Assessing whether application is complete
- Coordinate the on-site inspection/off-site
assessment of the groups application - Determining the contents of the decision document
- Communication of the decision to the group
- sharing of tasks and resources (e.g. host
supervisor reviewing locally developed models) - Monitoring of the roll-out plan and of the terms
and conditions in the post-approval phase as well
as processing of possible preliminary
applications in the transition period before the
CRD has come into force will be conducted by the
supervisors involved (in the spirit of Art. 129
(2))
164. Selected items of the Assessment process
- 2. Cooperation procedures, approval and
post-approval process - 2.1.Co-operation between supervisory authorities
under Art. 129 (2) - Cross-reference to CP09 (Home/host)
- 2.2.Approval and post-approval process
- Application
- Supervisors assessment
- Decision and permission
- Post approval process
- Transition period
- 4. Supervisors assessment for Operational Risk
- 4.1. Partial Use combinations
- 4.2. Simpler Approaches (TSA, ASA, BIA)
- 4.3. AMA
- 4.3.1.Roll-out
- 4.3.2. Use test
- 4.3.3. Data
- 4.3.4. Guidelines for AMA Quantitative issues,
internal validation, risk transfer mechanisms and
allocation - AMA four elements
- Consistency of risk measurement system
- Expected loss, correlation, Insurance and other
risk transfer mechanisms - Internal validation of risk measurement and
management processes - Allocation methodology
- 4.3.5. Internal governance
- 3. Supervisors assessment for Credit Risk
- 3.1. Partial use/Roll-out
- 3.2. Use test
- 3.3. Methodology and documentation
- Assignment to Exposure classes
- Definition of loss and default
- Rating systems and quantification
- Quality of internal documentation
- External vendor models
- 3.4. Data
- 3.5. Quantitative and qualitative validation and
its assessment - 3.6. Internal Governance
- Role of management body
- Credit Risk Control Unit
- Internal Audit
174.1 Partial use and Roll-out permanent partial
use
- Permanent partial use allowed for the
institutions and/or central governments and
central banks exposure classes (if number of
material counterparties is limited and if unduly
burdensome to implement a rating system for these
counterparties). - No further guidance on this given in GL10 -gt onus
of the bank to justify its choice - Other possibility for permanent partial use
exposures in non-significant business units and
exposure classes that are immaterial in terms of
size and perceived risk profile - In CP10 no quantitative thresholds set for
significance and immateriality, but both should
be measured by either Exposure value (indicator
of size) or risk-weighted exposure amounts (risk
profile), measuring of significance and
immateriality at least at the aggregated level - Institution needs to have systems and procedures
for monitoring materiality issues in a timely and
appropriate manner
184.1. Partial use and Roll out - Roll out
- General approach in the CRD (Art. 85 (1)) once
an institution decides to apply the IRB approach,
all exposures should be covered by this approach.
Temporary or permanent partial use is possible,
however (e.g. because extension of rating systems
to some parts of their business may be unduly
burdensome) - Article 85 of the CRD gives institutions the
possibility of implementing the IRB Approach
sequentially across different exposure classes
(Roll-out). - Nevertheless, institutions should already be
using the IRB approach for at least a portion of
their business when they apply for approval
(assessed by supervisors by either qualitative or
quantitative rules Risk Weighted Exposure
Amounts or Exposure values) - Article 85(2) requires that IRB implementation
shall be carried out within a reasonable period
of time. - Application already contains a complete roll-out
plan, so no further Article 129 application will
be needed as each portfolio is rolled out, with
the possible exception of a merger or
acquisition. New decisions may be necessary,
however.
194.2. Use test
- Use test (Art.84(2)) refers to the time after the
initial approval information used in or produced
by its rating system to determine regulatory
capital requirements has also to be used in the
course of conducting its regular business,
particularly in risk management - Experience test (Art.84(3) and (4)) sets out
minimum requirements for rating systems in the
time period prior to the institutions
qualification to use the IRB approach (one up to
three years) Rating systems have to be broadly
in line/broadly consistent with the minimum
requirements for internal risk measurement and
management purposes and the systems for risk
parameter estimation - -gt institutions need to show that they are
familiar enough with the systems (The rating
systems used prior to approval do not need to
have been fully identical to the ones used
before) - -gt rating systems, ratings, and default and loss
estimates designed and set up with the exclusive
aim of qualifying for the IRB, and used only to
produce the data necessary for the IRB approach,
are not allowed. - Data inputs and systems outputs (ratings and
risk parameter estimates used in calculating
capital requirements) must have a substantial
influence on the institutions decision-making
and actions, but in order not to hamper
industry development do not have to be
completely identical for internal purposes such
as pricing.
204.3. Rating assignment and Risk quantification
PD
- In practice a variety of different methodologies
in use to assign obligor grades (statistical
models, heuristic models, causal models, or other
mechanical methods). Institutions can combine
various methodologies for assigning obligor
grades. (For example, they can combine
statistical models with expert judgement
systems.) - Similarly, institutions may use different
estimation methods (and different data sources)
to estimate PDs for obligor rating grades or
pools, including - mapping internal rating grades to the scale used
by an ECAI - statistical default prediction models
- or other estimation methods or combinations of
methods.
214.3. Risk quantification - LGD
- Realised LGDs are ex-post values that can be
applied to a facility grade or pool. Estimated
LGDs are based on realised LGDs predicting a
long-run forward-looking recovery rate for the
facility grade or pool, taking both current and
future economic circumstances into account - Realised LGD might be zero or even positive (e.g.
technical default or selling of a collateral to a
price higher than the outstanding amount). Even
if positive outcomes in the recovery processes
have been observed and can be explained, the
estimated LGD used to calculate capital
requirements must not be less than zero. - In principle, supervisors do not require any
specific technique for LGD estimation (or for
estimating other IRB parameters). However,
institutions will have to demonstrate that the
methods they choose are appropriate to the
institutions activities and the portfolios to
which they apply.
224.3. Risk quantification Downturn LGDs
- Institutions should produce an LGD estimate
appropriate for an economic downturn (Downturn
LGD) if this is more conservative than the
long-run average. - Three-stage process
- Identify appropriate downturn conditions for each
supervisory exposure class in each jurisdiction - Identify adverse dependencies, if any, between
default rates and recovery rates - Generate LGDs being consistent with identified
downturn conditions - Supervisors recognise Data problems! Therefore
While institutions are building better data sets
and developing more experience in estimating
downturn LGDs, supervisors may choose to direct
them to focus their efforts on types of exposures
for which they believe the downturn effect is of
special concern.
234.3. Risk quantification Conversion factors
- Conversion factors are part of the Exposure at
Default calculation - Definition conversion factor means the ratio
of the currently undrawn amount of a commitment
that will be drawn and outstanding at default to
the currently undrawn amount of the commitment - Not much guidance, since industry practice in
this area is still at an early stage. However,
four indicative examples are given how to
estimate CFs. One of them (momentum approach) can
only be accepted for a transitional period of
time - Controversial discussion For what instruments is
the estimation of own CFs allowed/obligatory? (No
estimation for 100 risk factors as listed in
Basel framework)
244.4. Backtesting and benchmarking High level
principles of validation
- High Level Principles of the Basel Accord
Implementation Group (AIG) - Validation encompasses a range of processes and
activities that contribute to an assessment of
whether ratings adequately differentiate risk and
whether estimates of risk components (such as PD,
LGD, or CF) appropriately characterise the
relevant aspects of risk. - The credit institution has primary responsibility
for validation - Validation is an iterative process and there is
no single validation method Validation should be
subject to independent review - Validation should encompass both qualitative and
quantitative elements (A validation process needs
to contain a mix of developmental evidence
(assessing the logic of the approach, its
conceptual soundness, statistical testing
performed prior to use), benchmarking and process
verification (comparisons to relevant
alternatives, verification that the process is
being applied as intended), and outcomes analysis
(backtesting)
254.4. Backtesting and benchmarking
- The CRD explicitly requires institutions to use
both Backtesting and Benchmarking tools in their
validation process (Annex VII, Part 4, Paragraphs
110 and 111). - Backtesting checking the performance of the risk
rating systems estimates by comparing realised
risk parameters with estimated risk parameters.
When backtesting is hindered by lack of data or
insufficient quantitative information,
institutions will need to rely more heavily on
additional qualitative elements such as quality
control tests (qualitative validation) - Benchmarking comparing the outputs of the
reviewed risk rating systems with the outputs of
other risk rating systems with external
information (other institutions or ECAIs). - In cases where a lack of internal or external
data prevents the proper use of these techniques,
institutions should apply a higher margin of
conservatism in their estimations.
264.4. Backtesting and Benchmarking Low default
portfolios
- Low-default portfolios are portfolios with few or
no defaults observed. Low-default portfolios can
arise under different circumstances (high-quality
borrowers or small number of borrowers) - In the case of systemic Low default portfolios
((data unavailable for all institutions)
Exposures in low-default Portfolios should not
necessarily be excluded from the IRB approach
simply because of the absence of sufficient data
to validate PD, LGD and CF estimates on a
statistical basis. - Such exposures may be included if institutions
can demonstrate that the methods and techniques
applied to estimate and validate PD, LGD and CF
constitute a sound and effective risk-management
process and are employed in a consistent way. - Institutions will be required to use appropriate
conservatism in risk parameter estimation
274.5. Internal Governance some definitions
- Management body as defined in the CRD. The use
of the term management body does not advocate
any particular board structure represents the
top management level of an institution - Senior management should be understood to
represent the level of management below the
management body - GL10 National authority can define which
function of the management body is responsible
for the tasks and responsibilities listed in the
internal governance section - Proportionality principle Assessment of an
institutions organisational structure, internal
governance, and internal control systems should
take into account their size and the complexity
and nature of their business (could include a
comply or explain approach)
284.5. Internal governance CRCU
- CRCU shall be responsible for the design or
selection, implementation, oversight and
performance of the rating systems (Annex VII,
Part 4, Paragraph 127) - Credit Risk Control function (CRCF) should be
independent from the business lines it monitors
and controls. - in most cases organisational CRCU and CRC
identical (consequently CRCU would encompass
only people responsible for fulfilling the Credit
Risk Control function), but CRCU could encompass
both people responsible for the design of the
model and for its independent review - Counterbalance in this case any potential for
lack of objectivity to be offset with rigorous
controls, administered by Internal Audit - Basic idea of Internal audit control of the
control function. It must not be directly
involved in model design/selection and not in
day-to-day operations (e.g. reviewing each
individual rating assignment)
294.5 Internal governance Role of management body
and senior management
- Management body may where appropriate -
delegate tasks to senior management and/or risk
committees - However, no relief for both bodies from general
awareness of the IRB framework used by the
institution - management body ultimate responsibility for the
IRB framework - senior management ultimate responsibility for
developing and implementing it - both management body and senior management should
be responsible for approving all material aspects
of the rating and estimation processes - Mangement body and senior management to have a
general understanding of the institutions rating
systems and detailed comprehension of its
associated management reports
305. Summary and Outlook
- GL 10 was heavily critizised by the industry (too
much rules- and not enough principles-based).
However, managing an IRB application is a new
field for supervisors rather detailed guidelines
were therefore deemed helpful at this stage - Probably most helpful for the industry common
application and decision process, part on Low
Default Portfolios - Evolving industry practices and the practical
application of these guidelines will enlarge
supervisors experience. It could turn out that
certain elements of the guidelines may not stand
the test of time (e.g. unexpected side effects).
Supervisors may reflect such additional
information for the interpretation of these
guidelines. - GL10 will be subject to review following
implementation of the CRD, when and where
necessary ('maintenance'). - Implementation seminars on (e.g.) Article 129(2)
applications, Downturn LGD and CF estimations,
etc. are scheduled/envisaged.