Principles For The Management of Credit Risk

Download as pdf or txt
Download as pdf or txt
You are on page 1of 10

Credit risk management

Principles for the Management of Credit Risk

I. Introduction

1. While financial institutions have faced difficulties over the years for a multitude of
reasons, the major cause of serious banking problems continues to be directly related to lax
credit standards for borrowers and counterparties, poor portfolio risk management, or a lack
of attention to changes in economic or other circumstances that can lead to a deterioration in
the credit standing of a bank’s counterparties. This experience is common in both G-10 and
non-G-10 countries.
2. Credit risk is most simply defined as the potential that a bank borrower or
counterparty will fail to meet its obligations in accordance with agreed terms. The goal of
credit risk management is to maximise a bank’s risk-adjusted rate of return by maintaining
credit risk exposure within acceptable parameters. Banks need to manage the credit risk
inherent in the entire portfolio as well as the risk in individual credits or transactions. Banks
should also consider the relationships between credit risk and other risks. The effective
management of credit risk is a critical component of a comprehensive approach to risk
management and essential to the long-term success of any banking organisation.
3. For most banks, loans are the largest and most obvious source of credit risk;
however, other sources of credit risk exist throughout the activities of a bank, including in the
banking book and in the trading book, and both on and off the balance sheet. Banks are
increasingly facing credit risk (or counterparty risk) in various financial instruments other
than loans, including acceptances, interbank transactions, trade financing, foreign exchange
transactions, financial futures, swaps, bonds, equities, options, and in the extension of
commitments and guarantees, and the settlement of transactions.
4. Since exposure to credit risk continues to be the leading source of problems in banks
world-wide, banks and their supervisors should be able to draw useful lessons from past
experiences. Banks should now have a keen awareness of the need to identify, measure,
monitor and control credit risk as well as to determine that they hold adequate capital against
these risks and that they are adequately compensated for risks incurred. The Basel Committee
is issuing this document in order to encourage banking supervisors globally to promote sound
practices for managing credit risk. Although the principles contained in this paper are most

1
Credit risk management

clearly applicable to the business of lending, they should be applied to all activities where
credit risk is present.
5. The sound practices set out in this document specifically address the following areas:
(i) establishing an appropriate credit risk environment; (ii) operating under a sound credit-
granting process; (iii) maintaining an appropriate credit administration, measurement and
monitoring process; and (iv) ensuring adequate controls over credit risk. Although specific
credit risk management practices may differ among banks depending upon the nature and
complexity of their credit activities, a comprehensive credit risk management program will
address these four areas. These practices should also be applied in conjunction with sound
practices related to the assessment of asset quality, the adequacy of provisions and reserves,
and the disclosure of credit risk, all of which have been addressed in other recent Basel
Committee documents.1
6. While the exact approach chosen by individual supervisors will depend on a host of
factors, including their on-site and off-site supervisory techniques and the degree to which
external auditors are also used in the supervisory function, all members of the Basel
Committee agree that the principles set out in this paper should be used in evaluating a
bank’s credit risk management system. Supervisory expectations for the credit risk
management approach used by individual banks should be commensurate with the scope and
sophistication of the bank’s activities. For smaller or less sophisticated banks, supervisors
need to determine that the credit risk management approach used is sufficient for their
activities and that they have instilled sufficient risk-return discipline in their credit risk
management processes. The Committee stipulates in Sections II to VI of the paper, principles
for banking supervisory authorities to apply in assessing bank’s credit risk management
systems. In addition, the appendix provides an overview of credit problems commonly seen
by supervisors.
7. A further particular instance of credit risk relates to the process of settling financial
transactions. If one side of a transaction is settled but the other fails, a loss may be incurred
that is equal to the principal amount of the transaction. Even if one party is simply late in
settling, then the other party may incur a loss relating to missed investment opportunities.
Settlement risk (i.e. the risk that the completion or settlement of a financial transaction will
fail to take place as expected) thus includes elements of liquidity, market, operational and

1
See in particular Sound Practices for Loan Accounting and Disclosure (July 1999) and Best Practices for Credit Risk
Disclosure (September 2000).

2
Credit risk management

reputational risk as well as credit risk. The level of risk is determined by the particular
arrangements for settlement. Factors in such arrangements that have a bearing on credit risk
include: the timing of the exchange of value; payment/settlement finality; and the role of
intermediaries and clearing houses.2
8. This paper was originally published for consultation in July 1999. The Committee is
grateful to the central banks, supervisory authorities, banking associations, and institutions
that provided comments. These comments have informed the production of this final version
of the paper.

2
See in particular Supervisory Guidance for Managing Settlement Risk in Foreign Exchange Transactions (September
2000), in which the annotated bibliography (annex 3) provides a list of publications related to various settlement risks.

3
Credit risk management

Principles for the Assessment of Banks’ Management of Credit Risk

A. Establishing an appropriate credit risk environment

Principle 1: The board of directors should have responsibility for approving and
periodically (at least annually) reviewing the credit risk strategy and significant credit
risk policies of the bank. The strategy should reflect the bank’s tolerance for risk and
the level of profitability the bank expects to achieve for incurring various credit risks.

Principle 2: Senior management should have responsibility for implementing the credit
risk strategy approved by the board of directors and for developing policies and
procedures for identifying, measuring, monitoring and controlling credit risk. Such
policies and procedures should address credit risk in all of the bank’s activities and at
both the individual credit and portfolio levels.

Principle 3: Banks should identify and manage credit risk inherent in all products and
activities. Banks should ensure that the risks of products and activities new to them are
subject to adequate risk management procedures and controls before being introduced
or undertaken, and approved in advance by the board of directors or its appropriate
committee.

B. Operating under a sound credit granting process

Principle 4: Banks must operate within sound, well-defined credit-granting criteria.


These criteria should include a clear indication of the bank’s target market and a
thorough understanding of the borrower or counterparty, as well as the purpose and
structure of the credit, and its source of repayment.

Principle 5: Banks should establish overall credit limits at the level of individual
borrowers and counterparties, and groups of connected counterparties that aggregate in
a comparable and meaningful manner different types of exposures, both in the banking
and trading book and on and off the balance sheet.

Principle 6: Banks should have a clearly-established process in place for approving new
credits as well as the amendment, renewal and re-financing of existing credits.

4
Credit risk management

Principle 7: All extensions of credit must be made on an arm’s-length basis. In


particular, credits to related companies and individuals must be authorised on an
exception basis, monitored with particular care and other appropriate steps taken to
control or mitigate the risks of non-arm’s length lending.

C. Maintaining an appropriate credit administration, measurement and


monitoring process

Principle 8: Banks should have in place a system for the ongoing administration of their
various credit risk-bearing portfolios.

Principle 9: Banks must have in place a system for monitoring the condition of
individual credits, including determining the adequacy of provisions and reserves.

Principle 10: Banks are encouraged to develop and utilise an internal risk rating system
in managing credit risk. The rating system should be consistent with the nature, size and
complexity of a bank’s activities.

Principle 11: Banks must have information systems and analytical techniques that
enable management to measure the credit risk inherent in all on- and off-balance sheet
activities. The management information system should provide adequate information on
the composition of the credit portfolio, including identification of any concentrations of
risk.

Principle 12: Banks must have in place a system for monitoring the overall composition
and quality of the credit portfolio.

Principle 13: Banks should take into consideration potential future changes in economic
conditions when assessing individual credits and their credit portfolios, and should
assess their credit risk exposures under stressful conditions.

D. Ensuring adequate controls over credit risk

Principle 14: Banks must establish a system of independent, ongoing assessment of the
bank’s credit risk management processes and the results of such reviews should be
communicated directly to the board of directors and senior management.

5
Credit risk management

Principle 15: Banks must ensure that the credit-granting function is being properly
managed and that credit exposures are within levels consistent with prudential
standards and internal limits. Banks should establish and enforce internal controls and
other practices to ensure that exceptions to policies, procedures and limits are reported
in a timely manner to the appropriate level of management for action.

Principle 16: Banks must have a system in place for early remedial action on
deteriorating credits, managing problem credits and similar workout situations.

E. The role of supervisors

Principle 17: Supervisors should require that banks have an effective system in place to
identify, measure, monitor and control credit risk as part of an overall approach to risk
management. Supervisors should conduct an independent evaluation of a bank’s
strategies, policies, procedures and practices related to the granting of credit and the
ongoing management of the portfolio. Supervisors should consider setting prudential
limits to restrict bank exposures to single borrowers or groups of connected
counterparties.

II. Establishing an Appropriate Credit Risk Environment

Principle 1: The board of directors should have responsibility for approving and
periodically (at least annually) reviewing the credit risk strategy and significant credit
risk policies of the bank. The strategy should reflect the bank’s tolerance for risk and
the level of profitability the bank expects to achieve for incurring various credit risks.

9. As with all other areas of a bank’s activities, the board of directors3 has a critical role
to play in overseeing the credit-granting and credit risk management functions of the bank.

3
This paper refers to a management structure composed of a board of directors and senior management. The Committee is
aware that there are significant differences in legislative and regulatory frameworks across countries as regards the
functions of the board of directors and senior management. In some countries, the board has the main, if not exclusive,
function of supervising the executive body (senior management, general management) so as to ensure that the latter
fulfils its tasks. For this reason, in some cases, it is known as a supervisory board. This means that the board has no
executive functions. In other countries, by contrast, the board has a broader competence in that it lays down the general
framework for the management of the bank. Owing to these differences, the notions of the board of directors and senior
management are used in this paper not to identify legal constructs but rather to label two decision-making functions
within a bank.

6
Credit risk management

Each bank should develop a credit risk strategy or plan that establishes the objectives guiding
the bank’s credit-granting activities and adopt the necessary policies and procedures for
conducting such activities. The credit risk strategy, as well as significant credit risk policies,
should be approved and periodically (at least annually) reviewed by the board of directors.
The board needs to recognise that the strategy and policies must cover the many activities of
the bank in which credit exposure is a significant risk.
10. The strategy should include a statement of the bank’s willingness to grant credit
based on exposure type (for example, commercial, consumer, real estate), economic sector,
geographical location, currency, maturity and anticipated profitability. This might also include
the identification of target markets and the overall characteristics that the bank would want to
achieve in its credit portfolio (including levels of diversification and concentration
tolerances).
11. The credit risk strategy should give recognition to the goals of credit quality,
earnings and growth. Every bank, regardless of size, is in business to be profitable and,
consequently, must determine the acceptable risk/reward trade-off for its activities, factoring
in the cost of capital. A bank’s board of directors should approve the bank’s strategy for
selecting risks and maximising profits. The board should periodically review the financial
results of the bank and, based on these results, determine if changes need to be made to the
strategy. The board must also determine that the bank’s capital level is adequate for the risks
assumed throughout the entire organisation.
12. The credit risk strategy of any bank should provide continuity in approach.
Therefore, the strategy will need to take into account the cyclical aspects of any economy and
the resulting shifts in the composition and quality of the overall credit portfolio. Although the
strategy should be periodically assessed and amended, it should be viable in the long-run and
through various economic cycles.
13. The credit risk strategy and policies should be effectively communicated throughout
the banking organisation. All relevant personnel should clearly understand the bank’s
approach to granting and managing credit and should be held accountable for complying with
established policies and procedures.
14. The board should ensure that senior management is fully capable of managing the
credit activities conducted by the bank and that such activities are done within the risk
strategy, policies and tolerances approved by the board. The board should also regularly (i.e.
at least annually), either within the credit risk strategy or within a statement of credit policy,
approve the bank’s overall credit granting criteria (including general terms and conditions). In

7
Credit risk management

addition, it should approve the manner in which the bank will organise its credit-granting
functions, including independent review of the credit granting and management function and
the overall portfolio.
15. While members of the board of directors, particularly outside directors, can be
important sources of new business for the bank, once a potential credit is introduced, the
bank’s established processes should determine how much and at what terms credit is granted.
In order to avoid conflicts of interest, it is important that board members not override the
credit-granting and monitoring processes of the bank.
16. The board of directors should ensure that the bank’s remuneration policies do not
contradict its credit risk strategy. Remuneration policies that reward unacceptable behaviour
such as generating short-term profits while deviating from credit policies or exceeding
established limits, weaken the bank’s credit processes.

Principle 2: Senior management should have responsibility for implementing the credit
risk strategy approved by the board of directors and for developing policies and
procedures for identifying, measuring, monitoring and controlling credit risk. Such
policies and procedures should address credit risk in all of the bank’s activities and at
both the individual credit and portfolio levels.

17. Senior management of a bank is responsible for implementing the credit risk strategy
approved by the board of directors. This includes ensuring that the bank’s credit-granting
activities conform to the established strategy, that written procedures are developed and
implemented, and that loan approval and review responsibilities are clearly and properly
assigned. Senior management must also ensure that there is a periodic independent internal
assessment of the bank’s credit-granting and management functions.4
18. A cornerstone of safe and sound banking is the design and implementation of written
policies and procedures related to identifying, measuring, monitoring and controlling credit
risk. Credit policies establish the framework for lending and guide the credit-granting
activities of the bank. Credit policies should address such topics as target markets, portfolio
mix, price and non-price terms, the structure of limits, approval authorities, exception
procesing/reporting, etc. Such policies should be clearly defined, consistent with prudent
banking practices and relevant regulatory requirements, and adequate for the nature and

4
This may be difficult for very small banks; however, there should be adequate checks and balances in place to promote
sound credit decisions.

8
Credit risk management

complexity of the bank’s activities. The policies should be designed and implemented within
the context of internal and external factors such as the bank’s market position, trade area, staff
capabilities and technology. Policies and procedures that are properly developed and
implemented enable the bank to: (i) maintain sound credit-granting standards; (ii) monitor and
control credit risk; (iii) properly evaluate new business opportunities; and (iv) identify and
administer problem credits.
19. As discussed further in paragraphs 30 and 37 through 41 below, banks should
develop and implement policies and procedures to ensure that the credit portfolio is
adequately diversified given the bank’s target markets and overall credit strategy. In
particular, such policies should establish targets for portfolio mix as well as set exposure
limits on single counterparties and groups of connected counterparties, particular industries or
economic sectors, geographic regions and specific products. Banks should ensure that their
own internal exposure limits comply with any prudential limits or restrictions set by the
banking supervisors.
20. In order to be effective, credit policies must be communicated throughout the
organisation, implemented through appropriate procedures, monitored and periodically
revised to take into account changing internal and external circumstances. They should be
applied, where appropriate, on a consolidated bank basis and at the level of individual
affiliates. In addition, the policies should address equally the important functions of reviewing
credits on an individual basis and ensuring appropriate diversification at the portfolio level.
21. When banks engage in granting credit internationally, they undertake, in addition to
standard credit risk, risk associated with conditions in the home country of a foreign borrower
or counterparty. Country or sovereign risk encompasses the entire spectrum of risks arising
from the economic, political and social environments of a foreign country that may have
potential consequences for foreigners’ debt and equity investments in that country. Transfer
risk focuses more specifically on a borrower’s capacity to obtain the foreign exchange
necessary to service its cross-border debt and other contractual obligations. In all instances of
international transactions, banks need to understand the globalisation of financial markets and
the potential for spillover effects from one country to another or contagion effects for an
entire region.
22. Banks that engage in granting credit internationally must therefore have adequate
policies and procedures for identifying, measuring, monitoring and controlling country risk
and transfer risk in their international lending and investment activities. The monitoring of
country risk factors should incorporate (i) the potential default of foreign private sector

9
Credit risk management

counterparties arising from country-specific economic factors and (ii) the enforceability of
loan agreements and the timing and ability to realise collateral under the national legal
framework. This function is often the responsibility of a specialist team familiar with the
particular issues.

Principle 3: Banks should identify and manage credit risk inherent in all products and
activities. Banks should ensure that the risks of products and activities new to them are
subject to adequate risk management procedures and controls before being introduced
or undertaken, and approved in advance by the board of directors or its appropriate
committee.

23. The basis for an effective credit risk management process is the identification and
analysis of existing and potential risks inherent in any product or activity. Consequently, it is
important that banks identify all credit risk inherent in the products they offer and the
activities in which they engage. Such identification stems from a careful review of the
existing and potential credit risk characteristics of the product or activity.
24. Banks must develop a clear understanding of the credit risks involved in more
complex credit-granting activities (for example, loans to certain industry sectors, asset
securitisation, customer-written options, credit derivatives, credit-linked notes). This is
particularly important because the credit risk involved, while not new to banking, may be less
obvious and require more analysis than the risk of more traditional credit-granting activities.
Although more complex credit-granting activities may require tailored procedures and
controls, the basic principles of credit risk management will still apply.
25. New ventures require significant planning and careful oversight to ensure the risks
are appropriately identified and managed. Banks should ensure that the risks of new products
and activities are subject to adequate procedures and controls before being introduced or
undertaken. Any major new activity should be approved in advance by the board of directors
or its appropriate delegated committee.
26. It is critical that senior management determine that the staff involved in any activity
where there is borrower or counterparty credit risk, whether established or new, basic or more
complex, be fully capable of conducting the activity to the highest standards and in
compliance with the bank’s policies and procedures.

10

You might also like