The supervisors� role in assessing internal credit risk rating systems

The supervisors’ role in assessing internal credit risk rating systems One of the most important advances resulting from the reform of the solvency ratio (Basel II) is undoubtedly the possibility for banks to use their own internal rating systems to calculate their capital requirements for credit risk. Under the internal ratings-based approach, banks can rely on proprietary systems — subject to certain conditions — to generate some of the key risk measurement parameters, such as probability of default (PD), exposure at default (EAD), loss given default (LGD) and the effective maturity (M) of the exposures under consideration. These key parameters cannot be obtained directly from financial statements or existing data; they have to be calculated and estimated, primarily on the basis of the bank’s own internal data or market data. These parameters are used as primary inputs in the regulatory functions for calculating minimum capital requirements. Therefore, they have a direct impact on the level of these requirements. The main purpose and the main advantage of the internal ratings-based approach is that it is more sensitive to each bank’s real risks than the current Basel I system or the standardised approach under Basel II. Regulatory capital requirements are no longer calculated using fixed risk weights, as was the case under Basel I; instead they are more closely attuned to each institution’s risk profile. By bringing internal ratings-based systems into general use and providing incentives for their use, Basel II should promote modern risk management techniques and best practices, thereby enhancing the financial soundness of banking institutions. The use of internal data and estimates to generate regulatory capital requirements naturally assumes that the risk parameters are accurate and present an appropriate measure of the institution’s risk exposure. Consequently, the Basel II Accord requires banks to have a mechanism for validating their internal rating system. This mechanism must ensure the accuracy and consistency of internal rating systems, processes and estimates of all relevant risk components1. Thus, banks have the primary responsibility for validating the quality of their systems. Yet banking supervisors are also involved in the evaluation of internal rating systems. The use of the internal ratings-based approach for calculating credit risk capital requirements is subject to the supervisors’ prior authorisation. This authorisation is subject to compliance with a number of minimum requirements to ensure the quality of internal rating systems and to ensure that they work properly. In France, therefore, the General Secretariat of the Commission Bancaire (SGCB) plans to carry out detailed examinations of internal rating systems at banks that have announced their intention to use the internal ratings-based approach. These examinations will ensure the intrinsic quality of these systems and make sure that they comply with the minimum requirements. The SGCB will proceed primarily 1 See paragraph 500 of the Basel II framework “International Convergence of Capital Measurement and Capital Standards,” Basel Committee, June 2004. Basel II allows banks using an internal ratings-based approach to compute their own risk parameters… … so that capital requirements are tailored more closely to their actual risk profile. Requirements will thus be directly linked to the quality of rating systems… 131 through on-site inspections. In operational terms, these will be broadly similar to the work already done by banks, but the purpose is different. The SGCB's action per se will not constitute approval or recognition of internal rating systems. It is merely the means that the SGCB intends to use to gather enough information and indicators to assess the quality each institution’s systems and processes. Ultimately, it is up to the Commission Bancaire to decide, based on the information gathered by the SGCB, whether an institution shall be authorised to use the internal ratingsbased approach or not. The purpose of this report is to present the approach that the SGCB plans to use for assessing the internal rating systems of institutions that have announced their intention to use the internal ratings-based approach. It starts with a presentation of the type of work that the SGCB will carry out. Then it provides details about the practical steps that the SGCB plans to take. This approach is based primarily on on-site inspections, which need to be coordinated with the banks’ own internal validation work. It ends with an examination of the specific case of internationally active groups, which require a special treatment when implementing an internal ratings-based approach. 1. THE IMPLEMENTATION OF INTERNAL RATING SYSTEMS REQUIRES FULL COMPLIANCE WITH OPERATIONAL AND QUANTITATIVE REQUIREMENTS The SGCB will have to evaluate all facets of rating systems in order to ensure compliance with minimum requirements and the quality of institutions’ internal rating systems. 1.1. General remarks and definitions 1.1.1. The use of internal rating systems is subject to minimum requirements Use of the internal ratingsbased approach is premised on minimum requirements… The rules need to be adaptable to a variety of circumstances in order to ensure that the Basel II framework remains sensitive to risk and provides an accurate picture of each institution’s real exposures. The purpose of the new Accord is not to require or prescribe a specific rating system for banks. On the contrary, it is to let banks use their own systems and methodologies. Some elements cannot be determined in advance, such as the range of the rating scale, the use of credit scoring or estimation methods for risk parameters. The institutions themselves are in the best position to identify and develop methods and tools that suit their business, their processes and their risk culture. Therefore, future regulations will come in the form of principles, which make the use of the internal ratings-based approach subject to compliance with minimal requirements. This should make it possible for a larg number of institutions to opt for this approach. There is no requirement for any institution to adopt the internal ratingsbased approach as the decision is up to the institutions themselves. Similarly, no specific method for rating counterparties or assessing risk parameters is prescribed. It feels that it is up to each institution to choose the elements it thinks are best suited to its circumstances. This means that compliance with the minimum … thus allowing each bank to choose the methods and systems best suited to its business operations. 132 requirements for using the internal ratings-based approach is critical and constitutes the main assurance for the SGCB that minimum capital requirements are properly measured. 1.1.2. The SGCB will need to examine every aspect of internal rating systems In the run-up to the implementation of Basel II, the object of the SGCB inspections will be an assessment of how well internal rating systems comply with the future minimum requirements. In addition to the formal aspects of the inspection, the SGCB will have to control that the risk parameters calculated by each bank for the regulatory functions correspond to its real risk exposure and that the rating systems are applied and used consistently. Therefore, the SGCB will pay particularly close attention to the set of operations and tasks that need to be carried out to verify the intrinsic quality of a system and its environment. The SGCB’s assessment of an internal ratings system could therefore be defined as a process or an activity encompassing the tests, inspections and verifications necessary to obtain enough objective information about the system being examined. This is not the same as allowing an institution to use internal rating for the application of regulatory ratios, which is a decision of the Commission Bancaire. The SGCB’s examination of a system will be only one component of the process leading to this decision. At the heart of the process, therefore, is the verification that the risk parameters are appropriate and have good predictive power. This means checking to see if the grades differentiate risks correctly and if the estimated regulatory parameters (primarily PD, LGD and EAD) provide an appropriate characterisation of the corresponding risk dimensions. The estimates need to be accurate, robust and relatively stable over time. This process calls for more than just performance measurement of the estimates. It needs to encompass the systems and their environment, which means, for example, examining procedures and the use of systems to ensure that they are applied consistently and uniformly, both within the various entities of the group and over time. Models can only be assessed with regard to a given context and a well-defined use. Ultimately, this work will cover all aspects of an internal rating system, while ensuring compliance with all the minimum requirements for using the internal ratings-based approach. Therefore, the examination is both quantitative and qualitative, relying on a combination of methods to cover every aspect of a model. All aspects of these systems will need to be addressed. The SGCB will assess how banks comply with the legal minimum requirements… It will also verify the inherent quality of internal rating systems. 1.1.3. The SGCB’s evaluation methodology The methodology that the SGCB applies within a given bank will depend largely on the nature of its internal rating systems and the underlying data. In view of the leeway that institutions have when designing their systems, as well as the variety of exposures to be rated, a given bank may even use two or more different rating systems. The combination of factors, such as the types of counterparties, the size of exposures, the properties of the rating methods, the availability of internal data and the potential use of external data and systems, gives rise to several different types of systems. Therefore, it is impossible to define a one-size-fits-all method and the SGCB will have to customise its inspection process to suit the SGCB inspections will be customised for each institution 133 specific characteristics of each institution. The Basel II1 Accord explicitly recognises the need to customise inspection methods. SGCB inspections will be based on a combination of techniques, including backtesting, benchmarking, and analysis of underlying logic. This is why the SGCB has no plans, for example, to define reference tests or to set target confidence levels for certain statistical tasks. Implementation of the reform will be assessed using a combination of indicators and tools, including such key elements as backtesting, which means comparing actual realised losses with estimates, and benchmarking, which involves comparing the institution’s ratings, estimates and results to external reference data. The SGCB also plans to pay special attention to understanding the rationale underlying the systems and verifying the assumptions used, since quantitative work may raise methodological problems as a result of the meagreness of the available historical data or the very small number of defaults in a given portfolio, for example. In order to meet the objectives set out, the SGCB will need to consider all of the main aspects or steps in the operation of a rating system. Roughly speaking, these are: – – – Rating of counterparties (quality of the system and the adequacy of its risk classes); Quantification of parameters (relevance of the estimated probabilities of default, losses given default, exposures at default and maturities of the debts); Robustness and reliability of the operating environment, which should stem from thorough integration of the rating system into the bank’s information systems. The following presentation of these various components is primarily aimed at stressing the main areas or steps in an inspection. It is not intended to be a complete list of all of the checks to be carried out, or a complete review of the minimum requirements set out in the Basel II Accord. Furthermore, the European Union is currently working to develop methodology from a more technical angle. Banks should be informed of the results of this work in the coming year. 1.2. Rating of counterparties Rating of counterparties is the key step in the internal ratings-based approach. It requires banks to be capable of measuring and differentiating their risks and assigning each exposure to the right grade. 1.2.1. Internal rating system design The Basel II Accord sets out a number of design requirements for the rating system that are specifically intended to define the main characteristics of the system and the nature of the risks to be measured. Systems are required to take into consideration two risk dimensions for each exposure: the risk of borrower default and transaction-specific factors. In keeping with the underlying principles of the Basel II Accord and in keeping with its calibration, the rating system must also be able to measure the borrower’s ability to meet its obligations despite adverse economic conditions or the occurrence of unexpected events. 1 See paragraph 389: “The Committee recognises that differences in markets, rating methodologies, banking products, and practices require banks and supervisors to customise their operational procedures.” 134 Subject to compliance with regulatory requirements, institutions should be able to apply the main rating techniques currently in use. Assigning grades to counterparties or assigning claims to pools of homogenous exposures may be done on the basis of expert judgement, a credit scoring model or an expert system. A combination of these different methods may be considered, as is often the case in practice. Regardless of the rating method used, the testing of the tools will cover two main areas. First of all, the SGCB will analyse the underlying rationale and principles of the rating system and its design. It will examine the appropriateness of the techniques used and the thoroughness with which they are implemented. This analysis enables the SGCB to make sure that the risk segmentation criteria are plausible, comprehensible and transparent. The explanatory variables used must make clear economic sense. The SGCB will then try to assess the discriminatory and predictive powers of the system. The examination of the results and data generated should also enable the SGCB to assess the distribution of grades and to ensure that there is no excessive concentration of exposures in certain risk grades. In cases where several different methods are applied to the same portfolio, the SGCB’s will also try to ensure that the methods are consistent and that there is continuity in the ratings of different sub-populations. The SGCB will examine the actual design of the tool and the results it produces 1.2.2. Implementation of the internal rating system In addition to its intrinsic qualities, the operating conditions for the rating system are especially important and have a decisive impact on the quality of the results obtained. Consistent and uniform application of the system within the various entities of the group and over time is critical. In this respect, various measures are planned to ensure adequate coverage of ratings, which must encompass all exposures, and to safeguard the integrity of the rating process through limits and rules to deal with overrides. This step also deals with issues relating to the maintenance, updating and further development of systems. Checking these various aspects for compliance with requirements calls for a primarily qualitative examination that will be carried out by assessing the processes used within the institution. This means that the institution needs to draft official descriptions and duly document the elements subject to regulatory requirements. Proper operation of a rating system also requires appropriate data collection and storage. Consequently, a bank needs to have an information system that meets the minimum requirements if it is to qualify for the internal ratings-based approach. Even though the new regulatory framework does not set any specific requirements with regard to overall system design and the linking of various management tools and data processing circuits, it does require implementation of operational structures and procedures that provide accurate, comprehensive and consistent risk measurement, quantification and monitoring. The only explicit requirements deal with data collection and storage for the rating system and the elements for calculating the PD/EAD/LGD trio, along with documentation of risk measurement systems and processes. But, to meet these requirements, the overall information system needs to be designed so that it is capable of capturing, retrieving, combining and storing all of the quantitative and qualitative data needed following officially defined, secure and auditable procedures. The structure used must therefore provide for full integration of the “risk” dimension into the data entry, retrieval, processing and storage processes. The quality of a rating system depends heavily on how it is used and the way it operates In particular, a suitable information system is needed 135 1.3. Estimating risk parameters The main purpose of this step is to ensure that the risk parameters are relevant and robust. Once exposures have been rated and assigned to the proper grade, the rationale of the internal rating process calls for a probability of default to be assigned to each grade and, in the case of banks using the advanced internal ratings-based approach for their retail exposures, losses given default and exposures at default need to be estimated too. Examining data quality is a necessary prelude to any statistical application… Adequate data need to be available in order to make accurate statistical estimates. Even though internal data should be the main or preferred source of the historical series used for the estimates, since they are expected to correspond most closely to each institution’s individual risk profile, the Basel II framework also allows institutions to use external data. The use of internal and external data is subject to strict controls designed to ensure that the estimates are robust. More specifically, the observation period must cover a minimum of five years, according to the proposed revision of the European Directive 2000/12 (Capital Requirements Directive – CRD)), but institutions must incorporate, or at least analyse, any additional data they have when making their estimates. As a general rule, the fewer data an institution has, the more prudent its estimates should be. In addition, the estimates also need to factor in the risk of errors. These considerations mean that credit institutions should use a conservative approach in their estimates. The SGCB will pay close attention to the type of data used and the prudence of the estimates, since it is expected that some of the institutions that intend to apply the internal ratings-based approach as soon as the regulations come into force will have only limited data series available and will barely be able meet the requirements regarding the minimum observation period, which is to be eased during the transitional period, leaving them with no room for manoeuvre. After verifying the quality of these data in the first step, the quantification of the risk parameters will require the following steps: … particularly since many data series will be limited when Basel II comes into force. Strict compliance with the concept of default is vital for the proper calibration of risk parameters. – Preliminary analysis of the institution’s concept of default. The concept of default is defined precisely by the regulations. It is a key concept for calculating probabilities of default and losses given default. The definition of default must be uniform within the various entities in the group and over time. Analysis of the institution’s estimation methodology. This step involves an assessment of the technique used, the choices made (with particular attention to the quality of the implicit and explicit assumptions), the nature and impact of any adjustments made and the relevance of the methods to the information available and the bank’s operations. Evaluation of results. This step is primarily a quantitative exercise aimed at assessing how the estimates compare to past results (backtesting) or to external reference systems (benchmarking). The banks must carry out these various tests as part of their own internal validation process1. The SGCB will examine their test results and may carry out further tests. – – The overall approach will be similar for verifying the different parameters, but each parameter raises specific methodological problems with respect to such issues as data collection, application of regulations and the validity of the tests conducted. These problems will be given due consideration during the verification. 1 See paragraphs 500 to 505. 136 In this respect, the Basel Committee is to provide further clarifications about the calculation of loss given default in 2005. 1.4. Rating system environments and integration 1.4.1. Operational use and corporate governance One of the key requirements set by the Basel II solvency ratio reform for using an internal ratings-based approach is that banks must prove that their internal rating systems and the data generated are not used exclusively for calculating regulatory capital requirements. These systems must be used in the banks’ business operations. Therefore, Basel II accord stipulates that internal ratings, and probability of default and loss given default estimates must play an essential role in the credit approval, risk management, internal capital allocation, pricing and corporate governance functions of banks. In more general terms, the internal rating criteria must be consistent with internal lending rules and policies for handling troubled borrowers and facilities1. Requiring systems to be incorporated into the banks’ day-to-day business is extremely important because it means that it is in the banks’ interest to ensure that their systems produce relevant results. In addition, requiring the integration of their internal rating systems into their core business strengthens internal management policies and incites banks to adopt best practices. Basel II calls for a “use test” to ensure that banks use their rating systems for their operations. It stipulates that banks must have been using a system that is broadly in line with the minimum requirements for at least three years prior to qualifying for the internal ratings-based approach. However, this criterion will not apply until 2010, after the transitional period for the changeover to Basel II. In order to be able to verify these elements, it will be necessary to extend the scope of inspection beyond internal rating systems and their direct application. It may require the SGCB to examine lending rules, for example, or credit risk management systems in general to control that banks use ratings and risk parameters in their day-to-day business. The integration of internal rating systems into the day-to-day business of banks must exist at every level, and more particularly at the level of the Board of directors and the senior managers, who are subject to specific requirements. For example, the decision-making and executive bodies, as defined by Regulation 97-02 of the Comité de la réglementation bancaire et financière (CRBF), are required to both be familiar with and understand the internal rating system, albeit to different degrees. These measures are intended to ensure that banks actually use rating systems to run their business, thereby enabling them to identify, manage and monitor risk more effectively. In this respect, internal ratings are a key element of reporting to the decision-making and executive bodies. It should also be noted that these bodies must approve the main steps in the rating and quantification process. They are responsible for the decision to use an internal ratings-based approach, as well as for setting the conditions for its implementation. The executive body also needs to monitor the operation of rating systems closely, making sure that they are working properly and keeping abreast of needs for improvements and projects under way. 1 Institutions must use internal rating systems in their daily operations… Internal rating systems must be integrated up to Board and senior management levels. See paragraphs 444 and 410. 137 1.4.2. Internal control system The SGCB considers that internal control of rating systems is vital. Integration of internal rating systems into the bank’s day-to-day business creates specific internal control requirements. In order to use their internal rating systems, banks must have an independent risk management unit that is responsible for designing, implementing and monitoring the systems. This unit is to be responsible for the first-level audits defined in CRBF Regulation 97-02. More specifically, it must not be involved in any operational functions relating to the use or implementation of ratings. Internal rating systems must also be subject to second-level internal audits. At least once a year, the internal audit function or any similar entity must conduct a review of the bank’s rating system and its operations, including the work of the credit risk management units and the estimates of risk parameters. The audits should also include verification of compliance with all of the applicable regulatory requirements. Internal control epitomises banks' primary responsibiliy for the quality of their systems. The SGCB deems that compliance with these measures is critical. They make institutions responsible for the quality of their rating systems and ensure that an “internal validation” function is actually in place and working properly. More specifically, the SGCB has developed its own inspection approach and plan of action on the basis of this internal validation function. 2. THE SGCB’S EXAMINATION OF INTERNAL RATING SYSTEMS WILL MOSTLY RELY ON ITS ON-SITE SUPERVISION OF CREDIT INSTITUTIONS The SGCB plans to conduct on-site inspections of banks that have opted for the internal ratings-based approach prior to the entry into force of the reform so that it can gather adequate information for the process of the new regulatory scheme implementation. SGCB inspections will be scheduled according to the banks’ readiness and subject to prior “internal validation” conducted by the banks’ internal audit units. 2.1. Preparatory phase: the SGCB’s monitoring of banks At a very early stage, the SGCB tried to identify and monitor banks that would like to use an internal ratings-based approach for measuring credit risk. In view of the scale of the adjustments to be made to achieve compliance with the future regulations, the SGCB wanted to make sure that French banks are ready to meet the challenge of switching to Basel II. Early on, the SGCB sought to identify and monitor banks wishing to adopt an internal ratings-based approach. The SGCB started by polling credit institutions back in 2002 to find out their intentions and objectives. This first step did not produce exact figures, but it did give the SGCB an order of magnitude with regard to the number of target banks. Since then, the population of banks working towards qualifying for an internal ratings-based approach has been constantly monitored. According to the information available, slightly more than 20 banking groups or individual institutions should opt for the internal ratings-based approach when Basel II enters into force, which means the total number of legal entities involved will be very 138 large. This figure only reflects the current intentions of banks polled by the SGCB and of course it does not determine in any way the number of institutions or groups that will ultimately qualify to use the internal ratings-based approach. The second step involved fact-finding missions aimed at assessing the banks’ readiness. These missions relied on a detailed questionnaire sent out to institutions covering the main technical aspects of implementing an internal ratings-based approach. The fact-finding missions usually involved a week-long visit by a multidisciplinary team from the SGCB. Interviews and discussions with managers and the key people involved in the Basel II project enabled the team to achieve a precise understanding of the project organisation and objectives, and to evaluate the existing elements within each institution. The SGCB used the information gathered primarily to assess the ability of each institution to carry its project through successfully, making sure that the project had adequate resources to meet its objectives and that the banks’ main policies were consistent with Basel II. These missions were not official inspections, since the rules had not been finalised at the time they were carried out. However, they helped to make institutions aware of the efforts required. They were also an opportunity to explain the SGCB’s expectations and clarify some of the technical aspects of Basel II. The fact-finding missions took place in 2003 and 2004. They called on France’s leading banking groups, as well as some smaller groups and specialised institutions that can reasonably expect to implement an internal ratings-based approach to credit risk measurement, given the clearly circumscribed nature of their business. The missions gave the SGCB an overall view of preparations for Basel II through a comparison of institutions’ practices (see Box 1). Fact-finding missions were carried out at the main institutions in 2003 and 2004… … to assess the level of preparation and the consistency of their policies 139 Box 1 Main conclusions from the fact-finding missions One of the main objectives of the fact-finding missions was to make sure that the institutions announcing their intention to use internal ratings-based approaches were fully capable of carrying through their plans successfully and achieving compliance with future regulations. The situations of the leading banking groups have proven to be very diverse with regard to the following criteria: Organisation: all of the banks have set up project management structures with one or more special teams. The projects are usually overseen at a very high level, testifying to the institutions’ growing awareness of the importance of the project and making it possible to bring resources to bear from all parts of the institution. The board and senior executives often play a key role in running the project, but the operational departments are involved to widely varying degrees at this stage. Quality of existing systems: the existing data are often very inadequate. Furthermore, the banks’ operations with regard to a given portfolio covered by Basel II often rely on several information systems (because of the number of different legal entities, for example), which leads to a wide diversity of data and problems drawing up a complete inventory of exposures or centralising data. The existing systems for corporate borrowers seemed to be more advanced than systems for retail borrowers. The corporate systems are more likely to provide ratings of counterparties. But, in many cases, no single system is used throughout a group. Ratings for retail borrowers are often based on nothing more than credit scoring, with no follow-up or ongoing ratings of borrowers (behavioural scoring). Compliance of parameters: The missions revealed the difficulty of calibrating probability of default calculations properly, since the existing data are not based on the Basel Committee’s definition of default. This means that one of the banks’ priorities is to adopt this definition and generalise its use. The samples are very meagre and need to be reworked so that historical series can be adjusted. As a general rule, institutions had concentrated primarily on calculating probabilities of default, since work on losses given default and exposures at default is still in the preliminary stages or has barely even started. The missions revealed the scale of the work still to be done. The existence of previous rating systems did seem to be an advantage, more specifically because it implies the existence of historical data series, but these systems need to undergo major changes if they are to be brought into compliance. All in all, banks still have to make major efforts to harmonise their systems and procedures. A regular dialogue was maintained with institutions preparing to adopt an internal ratings-based approach… The fact-finding missions made it possible to draw up a detailed report of the situation in each bank. These missions were the starting point for the prudential supervision process relating to preparations for Basel II. Individual monitoring was then implemented with periodical bilateral meetings in order to track progress on the projects and answer questions and clear up interpretation problems relating to the regulations. More recently, discussions with banks have improved the supervisors’ knowledge of the scope and pace of the roll-out with regard to the portfolios involved and the legal entities covered in France and in other countries. 140 Ultimately, the SGCB now has a fairly detailed picture of the population of banks that want to adopt the internal ratings-based approach and their state of readiness. This information is critically important for the SGCB as it plans for the transition from the awareness-raising and preparation-monitoring stage to the actual supervision stage. It will enable the SGCB to plan its actions more effectively. SGCB was able to closely monitor progress on preparations for Basel II. 2.2. On-site inspections and the process by the Commission Bancaire 2.2.1. Importance of on-site inspections The use of an internal rating system to calculate regulatory capital requirements will be subject to prior decision from the Commission Bancaire (see Article 84 of the proposed CRD). The details of the Commission Bancaire’s decision-making process have not been defined yet and will depend on the work under way at the Committee of European Banking Supervisors (CEBS). In the coming year, the CEBS should provide details about the procedure for filing applications, the contents of the applications and the conditions for examining them, particularly with regard to time limits and cooperation between supervisors in the case of internationally active groups. Nevertheless, with the entry into force of Basel II less than 24 months away, the SGCB is planning to start the internal rating system evaluation phase as soon as possible so that the workload can be spread out over several months, giving it the time to examine all of the groups and institutions identified and to gather the information needed for the rest of the approval process. The SGCB considers on-site inspections to be critical for assessing the quality of internal rating systems and ensuring that banks comply with the minimum requirements set out in the regulations. The scope and diversity of the work to be carried out (see Part 1) will call for specialised teams to make on-site visits that are likely to last for several weeks. It is critical for the teams to work near the systems and data, as well as the staff that is familiar with the systems, in order to conduct all of the requisite tests to ascertain the quality of the models. More importantly, it would be difficult to isolate the systems from their environment and carry out tests at a distance in view of the importance of the use test and the conditions for using this criterion and its impact on the findings. All else being equal, the approach being considered by the SGCB is similar to the one that is already used for supervisory recognition of the internal models used to calculate market risk capital requirements (regulatory Value at Risk, or VaR, models). This approach relies on a dedicated on-site inspection to conduct all of the verifications needed to obtain an adequate degree of confidence in the model and its use. The on-site inspections should start in the second half of 2005. Naturally, they shall give due consideration to the fact that the official regulations will not yet be finalised at that time. However, the future regulations are already sufficiently clear-cut and known, and the SGCB deems that it is capable of inspecting and evaluating the systems using criteria that are in line with the regulations that will ultimately apply. If necessary, its findings will naturally be revised to incorporate any unexpected legal or regulatory developments. These inspections will be a vital component of the Basel II approval and qualification process. On-site inspections will be needed to examine banks' internal rating systems. 141 Furthermore, in March 2005, the Basel Committee decided that a fifth Quantitative Impact Survey of the new capital adequacy system (QIS 5) shall be carried out between October and December 2005. The documents needed to conduct the study will be available in July 2005. It is important for French banks to take part in this exercise and it is in their interest to do so, since the study could have an impact on the final calibration of Basel II. Therefore, before undertaking any on-site inspections in the second half of 2005, the SGCB will examine the conditions for conducting the inspections in the institutions concerned in order to define any adjustments to be made in light of constraints stemming from QIS 5 that concern the special Basel II teams. The findings of the on-site inspections and the follow-up of any recommendations made by the inspectors will be transmitted to the Commission Bancaire. The findings and recommendations will constitute the Commission Bancaire’s primary source of information and it will use them to assess the bank’s application to use the internal ratings-based approach. However, they shall not be the only determining factors for the final decision. Other factors will be taken into consideration, such as the results of parallel running (calculation of capital requirements under both Basel I and Basel II), which should start in 2006, or the banks’ Basel II roll-out plans, which should cover an adequate number of entities and/or portfolios. It is worth underlining that the possible decision of the Commission Bancaire to allow an institution to use its internal rating system does not exempt this one to permanently verify its reliability and the adequacy of its utilization. 2.2.2. Structure of on-site inspections Several inspections (one per portfolio) may be carried out at the same bank … In principle, on-site inspections should be conducted at the loan portfolios level. As a general rule, the SGCB should not carry out an overall inspection of any given group or institution. Instead, it should carry out several targeted inspections of individual portfolios over the coming months. The models will be different for each portfolio defined in Basel II because of the different types of counterparties, the different products being marketed and the different portfolio-specific minimum requirements. The main advantage of this structure is that it will enable the SGCB to adapt its actions to the roll-out of rating systems in banks. It means that the SGCB can start its evaluation of banking groups before all of its portfolios and banks have made the transition to Basel II. Therefore, the SGCB’s inspection schedule was worked out in collaboration with the banks on the basis of the information gathered during the preparatory phase. In order to remain on schedule, the SGCB stresses the importance of banks sticking to their own schedules, because, if too many inspections have to be delayed, it could compromise the overall inspection programme. As stated above (see Part 1), the inspections will cover all aspects of internal rating systems, including counterparty ratings, quantification of parameters and the environment, in order to ensure the quality of the parameters and, more generally, compliance with the minimum requirements. … in order to fine-tune its Basel II transition plan. 142 2.3. Banks’ preparation for the SGCB’s on-site inspections The SGCB’s inspections will be adapted to the banks’ roll-out plans, since the SGCB is interested in examining fully operational models that are already in use and not projects or plans. More importantly, banks need to make specific preparations for the SGCB’s inspections. For example, the SGCB asks that banks’ internal audit units examine their internal rating systems before it carries out its inspection. This demand is in keeping with the provisions of the future regulations and ensures the effectiveness of the inspection. Both Basel II and the proposed CRD are clear on this point, stipulating that the prime responsibility for validation rests with the banks. It is up to them to demonstrate the validity and quality of their systems. In addition, the minimum requirements for using the internal ratings-based approach call for comprehensive internal audit of rating systems, including an annual review by the internal audit unit (see above). Prior internal validation is also required to make the inspection more effective. The internal audit unit’s findings will help the SGCB to prepare its own inspection and determine its priorities, even though the SGCB has every intention of double checking the bank’s own findings and running certain tests again, if necessary. The supervisor’s inspection combines an examination of the bank’s internal validation with a review of the bank’s compliance with regulatory requirements and an external evaluation of the systems aimed at providing practical control of the accuracy of the results. The prior involvement of the internal audit unit is also intended to ensure that banks have adequate documentation and official definitions of their procedures and control processes. However, the SGCB is aware that banks’ internal audit units do not necessarily yet have all of the requisite resources in quantitative and qualitative terms to carry out all of the validation tasks required for using internal ratingsbased approaches, and more specifically, the quantification work required. Under these circumstances, the SGCB would like to stress that it is critically important for the work required of banks, and the quantitative tasks in particular, to be carried out by teams that are independent from the staff that developed the models. The teams involved may be specialists from another department of the bank or else external consultants. It is up to each bank to come up with an effective division of labour among the available audit resources and other functions that may be involved in the exercise. For example, plans could call for statistical models to be reviewed by a team made up of independent operational staff and for the internal audit unit to concentrate on the other aspects, such as the quality of data, procedures, the environment and the information system. However, the SGCB expects the internal audit unit to draw up and transmit a summary of the different tasks carried out and its findings. SGCB inspections will not be carried out until an "internal audit" has been performed These audits shall satisfy regulatory requirements… … and reflect the SGCB's insistence on effective action. It is crucial that validation be carried out by independent teams… … under the auspices of the head of internal audit. 2.4. Internal rating systems shall also be subject to ongoing review Up until now, the accent in the supervisory process presented here has been on the initial assessment of internal rating systems with a view to qualifying and preparing for applying Basel II for the first time. The deadlines are tight, both for banks, which have to complete their projects to be ready on time, and for the SGCB, which will have to cope with a large workload in the coming months. The The quality of internal rating systems will be assessed over time. 143 SGCB needs to carry out one or more on-site inspections for each internal rating system and it will also have to undertake the same task for banks that adopt an internal ratings-based approach after Basel II comes into force. The process is also bound to continue after the approval stage has been completed since the quality of a system needs to be assessed over time to see if it is able to cope with the changes that are sure to occur in portfolios, models and procedures. A bank’s lending policies and its appetite for risk are going to change over time as its strategy evolves, and those changes will be reflected in the composition of its loan portfolios. The ups and downs of the business cycle will also have an impact on the quality and composition of the loan portfolios. Furthermore, banks will have to incorporate new products and new types of customers into their systems. The robustness of their systems will be measured by their ability to cope with all of these changes without any loss of quality. Systems are also bound to change as a result of methodological developments, for example, or the implementation of new control procedures. In this respect, it is critical that a bank retains all of the relevant data in a form that facilitates its use and the conduct of audits. Such retention is in fact a regulatory requirement and banks must make sure to document any changes they make. The SGCB will carry out periodic on-site inspections. These circumstances mean that supervision must necessarily be an ongoing process. Regulations establish the ongoing supervision principle for banks, along with the rules governing internal control and periodic validation. For the SGCB, monitoring internal rating systems will be an integral part of the prudential supervision process. Consequently it will carried out as part of the off-site monitoring of banks, with the occasional on-site inspection modelled along the lines of the initial on-site inspections to conduct further tests and make sure that the bank still complies with the minimum requirements. 3. THE ISSUES RELATING TO THE USE OF INTERNAL RATING SYSTEMS BY INTERNATIONALLY ACTIVE BANKING GROUPS ARE BEING ADDRESSED The supervision of internationally active banking groups’ internal rating systems raises special problems that can only be solved through closer cooperation among banking supervisors. Since each banking group has its own specific structure, a pragmatic approach is required to achieve an effective division of rating system inspection tasks and to prevent pointless duplication of tasks, which would be harmful for both banks and supervisors. 3.1. The decision of allowing the use of internal rating systems calls for enhanced international cooperation between supervisors Supervisors of leading international banking groups work in close cooperation with each other. The primary goal of most of the Basel Committee’s work since it was first founded has been to ensure equal treatment of cross-border banking operations. Yet Basel II will require even greater cooperation and coordination among the various authorities involved in supervising a banking group. 144 Basel II is not a one-size-fits-all framework; it leaves some matters up to the discretion of banks and supervisors. This is true with regard to the supervisory review process, which is the second pillar of the framework, but it is especially important for the assessment of internal rating systems. Basel II applies to all of the main levels in a banking group. Use of internal ratings-based approaches by an internationally active banking group requires several authorisations since Basel II does not change the respective responsibilities of each supervisor for subsidiaries and branches operating within its jurisdiction. Furthermore, verifying compliance with the operational and quantitative requirements for using internal ratings-based approaches presumes that detailed information is available at every level of the banking group. If there is a lack of communication and cooperation between the home country and host country supervisors of a banking group, the different supervisors’ decision processes might be inconsistent or incompatible, which could lead to duplication of tasks and excessive requests to the bank. Successful implementation of Basel II, particularly with regard to internal rating systems, will therefore require the different authorities involved in supervising a group to work together. From the outset, the Basel Committee has acknowledged the need for enhanced cooperation among the various supervisors involved in supervising an internationally active banking group. Back in August 2003, even before the publication of the final version of the framework, the Committee published the High Level Principles for the Cross-Border Implementation of the New Accord (see Box 2). Transition to Basel II requires closer international cooperation among supervisors… The Basel Committee has laid down guidelines to facilitate cross-border implementation of Basel II. Box 2 High Level Principles for the Cross-Border Implementation of the New Accord Principle 1: The New Accord will not change the legal responsibilities of national supervisors for the regulation of their domestic institutions or the arrangements for consolidated supervision already put in place by the Basel Committee on Banking Supervision. Principle 2: The home country supervisor is responsible for the oversight of the implementation of the New Accord for a banking group on a consolidated basis. Principle 3: Host country supervisors, particularly where banks operate in subsidiary form, have requirements that need to be understood and recognised. Principle 4: There will need to be enhanced and pragmatic cooperation among supervisors with legitimate interests. The home country supervisor should lead this coordination effort. Principle 5: Wherever possible, supervisors should avoid performing redundant and uncoordinated approval and validation work in order to reduce the implementation burden on the banks, and conserve supervisory resources. Principle 6: In implementing the New Accord, supervisors should communicate the respective roles of home country and host country supervisors as clearly as possible to banking groups with significant cross-border operations in multiple jurisdictions. The home country supervisor would lead this coordination effort in cooperation with the host country supervisors. 145 The home country supervisor will play a key role in the process relating to internal rating systems. The Basel Committee later precised these principles, stressing in a May 2004 press release that the home country supervisor should play a leading role in the decision relating to the most advanced approaches in order to avoid duplication of tasks relating to Basel II. The Commission Bancaire fully intends to play its central role for French banking groups operating in other countries. At the European level, the proposed revision of Directive 2000/12 (CRD) confirms and officialises the need for cooperation and the leading role of the home country supervisor. The proposed directive deals directly with the relationships between the home country supervisor, which is the competent authority for supervision on a consolidated basis, and the host country supervisor, by requiring a consultation among all of the competent authorities for a given group when examining its application to use an internal ratings-based approach. The proposed directive gives these different authorities six months to reach an agreement and take a joint decision to be issued as a single document. Failing a joint decision within the stipulated time period, the home country supervisor shall decide on its own. Therefore, CRD should clarify the respective responsibilities of each supervisor and recognise the need for consultations when examining the situation of a banking group. The SGCB intends to work in a spirit of cooperation with the other supervisors to reach joint decisions for French groups. Consequently, the proposed six-month time limit is merely seen as a legal safeguard. 3.2. Work at international level needs to be pragmatic Because every application of Basel II will be unique, both in form and in pace… Once the principle of cooperation has been established, it would be difficult to implement a single approach at the international level. The design of internal rating systems is based on a business-line rationale under which portfolios are divided up according to counterparty types defined by the Basel Committee. This principle suggests that a horizontal rationale can be applied to the entire group, but at the portfolio level, other factors come into play that may warrant separate models for specific countries or legal entities. Differences in laws and regulations, and differences between markets and products mean that banks have to customise their models for some countries or even come up with new models. In addition, the pace of the roll-out and application of systems may vary greatly from one country to the next and, more generally, the cross-border application of a system within a group depends very much on its internal structure and how centralised it is. Ultimately, the form and the pace of implementation of each application of Basel II will be unique. To overcome these difficulties, the Basel Committee has stressed the need for a pragmatic approach and has offered to conduct case studies to find practical solutions. These studies started in 2004 and are continuing in 2005. They have been carried out by the Committee’s Accord Implementation Group (AIG). Two case studies have already been conducted in France, bringing together the host country supervisors of significant operations in other countries (in terms of risk weighted assets) belonging to the groups in question. Other studies have been scheduled for the coming months. These meetings have enabled the host country supervisors to get accurate information about Basel II project management and the groups’ roll-out plans. More importantly, these meetings were an opportunity to discuss the division of tasks among supervisors and the nature of the information to be shared so that each supervisor can oversee the operations in its jurisdiction effectively. … a pragmatic approach is vital. 146 At this stage, it is too early to come up with any hard rules, especially since international and European work is continuing on recommendations for the crossborder implementation of the new Accord and cooperation among supervisors. Nevertheless, the case studies completed seem to show that subsidiaries and branches will be treated very differently, with the supervisory responsibility for branches’ models usually resting with the home country supervisor. This has even been set out as a European rule stipulated in CRD. Most importantly, the studies seem to show that the distinction between central models and local models could be used as a basis for a rational and efficient division of the tasks involved in examining rating systems. The home country supervisor would verify the “central” models developed by the head office and applied to the entire group, along with any models developed for the domestic market, naturally. The host country supervisors’ role would be to ensure the quality of the data used for the central models and any adaptations that have been made to account for distinctive local characteristics. The host country supervisors would also be responsible for locally developed models for the domestic market. The SGCB intends to carry out its onsite inspections according to these principles, examining models developed by the head office and applied in France and other countries. This approach could involve carrying out on-site inspections in other countries. One of the main criteria is whether models are central or local Supervisors may use this criterion as a basis for sharing out assessment tasks. 3.3. Convergence of methods and procedures Significant progress should be accomplished in 2005, when the findings of work on validation under way at the international and European levels are published. More specifically, the Committee of European Banking Supervisors (CEBS) should publish a set of recommendations with regard to the Basel II qualification process towards the middle of the year. The recommendations will cover both the Internal Ratings-Based Approach (IRB) for credit risk and the Advanced Measurement Approach (AMA) for operational risk. The recommendations will reflect the convergence efforts currently under way with regard to the assessment of internal rating systems. Progress on convergence is bound to be beneficial for both banks and supervisors. The pooling of resources and identification of best practices involved in the current work should make it possible to come up with practical and operational solutions to the common technical, methodological and interpretation issues that all supervisors face and that banks also have to deal with to a large extent. For example, further clarification is expected about the definition of economic loss, which is a key determinant of loss given default (LGD), and the treatment of portfolios with very low historical default frequencies. With the publication of these documents, banks will see how their supervisors interpret the rules and thus be able to achieve compliance. Convergence of methods also means that the supervisors’ requirements will be similar in each country, thus ensuring that European banks have a fair competitive environment. The convergence process ultimately promotes better understanding of other supervisors’ practices by defining reference methods and through the use of common tools. Therefore, it is bound to facilitate cooperation and mutual recognition among supervisors. The CEBS is due to release a methodological guide in 2005. The guide will reflect ongoing efforts to achieve convergence… … thereby fostering uniform enforcement of Basel II. 147 * * * The SGCB’s supervision of internal rating systems will take the form of on-site inspections, which will start in the second half of 2005. The inspections will focus on compliance with the minimum requirements and, more generally, will provide an opportunity to ensure that the main risk parameters (PD, LGD and EAD) used for the regulatory calculations of capital requirements are accurate and reflect the banks’ true risk exposure. The inspections will be based on the prior internal validation work carried out by the banks themselves, relying primarily on their own internal audit units. The findings of the on-site inspections will be a key element in the process through which the Commission Bancaire decides whether or not a bank can use an internal ratings-based approach. Banks have already done a lot of work to adapt their information systems, procedures and models. It is critically important for this work to continue in the coming months in order to complete the adaptations necessary for compliance with the future regulations in a timely manner. Banks should also take on board the need for dual, internal and external, examinations as part of their preparations for Basel II, since these examinations will form the basis of the process used to approve the use of an internal ratings-based approach. 148