Principles for the Management of Credit Risk

complex, be fully capable of conducting the activity to the highest standards and in

compliance with the bank’s policies and procedures.

III. Operating under a Sound Credit Granting Process

Principle 4: Banks must operate within sound, well-defined credit-granting criteria.

These criteria should include a clear indication of the bank’s target market and a

thorough understanding of the borrower or counterparty, as well as the purpose and

structure of the credit, and its source of repayment.

27. Establishing sound, well-defined credit-granting criteria is essential to approving

credit in a safe and sound manner. The criteria should set out who is eligible for credit and for

how much, what types of credit are available, and under what terms and conditions the credits

should be granted.

28. Banks must receive sufficient information to enable a comprehensive assessment of

the true risk profile of the borrower or counterparty. Depending on the type of credit exposure

and the nature of the credit relationship to date, the factors to be considered and documented

in approving credits include:

• the purpose of the credit and sources of repayment;

• the current risk profile (including the nature and aggregate amounts of risks) of the

borrower or counterparty and collateral and its sensitivity to economic and market

developments;

• the borrower’s repayment history and current capacity to repay, based on historical

financial trends and future cash flow projections, under various scenarios;

• for commercial credits, the borrower’s business expertise and the status of the

borrower’s economic sector and its position within that sector;

• the proposed terms and conditions of the credit, including covenants designed to

limit changes in the future risk profile of the borrower; and

• where applicable, the adequacy and enforceability of collateral or guarantees,

including under various scenarios.

In addition, in approving borrowers or counterparties for the first time, consideration should

be given to the integrity and reputation of the borrower or counterparty as well as their legal

capacity to assume the liability. Once credit-granting criteria have been established, it is

essential for the bank to ensure that the information it receives is sufficient to make proper

credit-granting decisions. This information will also serve as the basis for rating the credit

under the bank’s internal rating system.

29. Banks need to understand to whom they are granting credit. Therefore, prior to

entering into any new credit relationship, a bank must become familiar with the borrower or

counterparty and be confident that they are dealing with an individual or organisation of

sound repute and creditworthiness. In particular, strict policies must be in place to avoid

association with individuals involved in fraudulent activities and other crimes. This can be

achieved through a number of ways, including asking for references from known parties,

accessing credit registries, and becoming familiar with individuals responsible for managing a

company and checking their personal references and financial condition. However, a bank

should not grant credit simply because the borrower or counterparty is familiar to the bank or

is perceived to be highly reputable.

30. Banks should have procedures to identify situations where, in considering credits, it

is appropriate to classify a group of obligors as connected counterparties and, thus, as a single

obligor. This would include aggregating exposures to groups of accounts exhibiting financial

interdependence, including corporate or non-corporate, where they are under common

ownership or control or with strong connecting links (for example, common management,

familial ties).5 Banks should also have procedures for aggregating exposures to individual

clients across business activities.

31. Many banks participate in loan syndications or other such loan consortia. Some

institutions place undue reliance on the credit risk analysis done by the lead underwriter or on

external commercial loan credit ratings. All syndicate participants should perform their own

due diligence, including independent credit risk analysis and review of syndicate terms prior

to committing to the syndication. Each bank should analyse the risk and return on syndicated

loans in the same manner as directly sourced loans.

32. Granting credit involves accepting risks as well as producing profits. Banks should

assess the risk/reward relationship in any credit as well as the overall profitability of the

account relationship. In evaluating whether, and on what terms, to grant credit, banks need to

assess the risks against expected return, factoring in, to the greatest extent possible, price and

non-price (e.g. collateral, restrictive covenants, etc.) terms. In evaluating risk, banks should

also assess likely downside scenarios and their possible impact on borrowers or

counterparties. A common problem among banks is the tendency not to price a credit or

5 Connected counterparties may be a group of companies related financially or by common ownership, management,

research and development, marketing or any combination thereof. Identification of connected counterparties requires a

careful analysis of the impact of these factors on the financial interdependency of the parties involved.

overall relationship properly and therefore not receive adequate compensation for the risks

incurred.

33. In considering potential credits, banks must recognise the necessity of establishing

provisions for identified and expected losses and holding adequate capital to absorb

unexpected losses. The bank should factor these considerations into credit-granting decisions,

as well as into the overall portfolio risk management process.6

34. Banks can utilise transaction structure, collateral and guarantees to help mitigate

risks (both identified and inherent) in individual credits but transactions should be entered into

primarily on the strength of the borrower’s repayment capacity. Collateral cannot be a

substitute for a comprehensive assessment of the borrower or counterparty, nor can it

compensate for insufficient information. It should be recognised that any credit enforcement

actions (e.g. foreclosure proceedings) can eliminate the profit margin on the transaction. In

addition, banks need to be mindful that the value of collateral may well be impaired by the

same factors that have led to the diminished recoverability of the credit. Banks should have

policies covering the acceptability of various forms of collateral, procedures for the ongoing

valuation of such collateral, and a process to ensure that collateral is, and continues to be,

enforceable and realisable. With regard to guarantees, banks should evaluate the level of

coverage being provided in relation to the credit-quality and legal capacity of the guarantor.

Banks should be careful when making assumptions about implied support from third parties

such as the government.

35. Netting agreements are an important way to reduce credit risks, especially in

interbank transactions. In order to actually reduce risk, such agreements need to be sound and

legally enforceable.7

36. Where actual or potential conflicts of interest exist within the bank, internal

confidentiality arrangements (e.g. “Chinese walls”) should be established to ensure that there

is no hindrance to the bank obtaining all relevant information from the borrower.

Principle 5: Banks should establish overall credit limits at the level of individual

borrowers and counterparties, and groups of connected counterparties that aggregate in

6 Guidance on loan classification and provisioning is available in the document Sound Practices for Loan Accounting and

Disclosure (July 1999).

7 Guidance on netting arrangements is available in the document Consultative paper on on-balance sheet netting (April

1998).

a comparable and meaningful manner different types of exposures, both in the banking

and trading book and on and off the balance sheet.

37. An important element of credit risk management is the establishment of exposure

limits on single counterparties and groups of connected counterparties. Such limits are

frequently based in part on the internal risk rating assigned to the borrower or counterparty,

with counterparties assigned better risk ratings having potentially higher exposure limits.

Limits should also be established for particular industries or economic sectors, geographic

regions and specific products.

38. Exposure limits are needed in all areas of the bank’s activities that involve credit

risk. These limits help to ensure that the bank’s credit-granting activities are adequately

diversified. As mentioned earlier, much of the credit exposure faced by some banks comes

from activities and instruments in the trading book and off the balance sheet. Limits on such

transactions are particularly effective in managing the overall credit risk profile or

counterparty risk of a bank. In order to be effective, limits should generally be binding and

not driven by customer demand.

39. Effective measures of potential future exposure are essential for the establishment of

meaningful limits, placing an upper bound on the overall scale of activity with, and exposure

to, a given counterparty, based on a comparable measure of exposure across a bank’s various

activities (both on and off-balance-sheet).

40. Banks should consider the results of stress testing in the overall limit setting and

monitoring process. Such stress testing should take into consideration economic cycles,

interest rate and other market movements, and liquidity conditions.

41. Bank’s credit limits should recognise and reflect the risks associated with the nearterm

liquidation of positions in the event of counterparty default.8 Where a bank has several

transactions with a counterparty, its potential exposure to that counterparty is likely to vary

significantly and discontinuously over the maturity over which it is calculated. Potential

future exposures should therefore be calculated over multiple time horizons. Limits should

also factor in any unsecured exposure in a liquidation scenario.

Principle 6: Banks should have a clearly-established process in place for approving new

credits as well as the amendment, renewal and re-financing of existing credits.

8 Guidance is available in the documents Banks’ Interactions with Highly Leveraged Institutions and Sound Practices for

Banks’ Interactions with Highly Leveraged Institutions (January 1999).

42. Many individuals within a bank are involved in the credit-granting process. These

include individuals from the business origination function, the credit analysis function and the

credit approval function. In addition, the same counterparty may be approaching several

different areas of the bank for various forms of credit. Banks may choose to assign

responsibilities in different ways; however, it is important that the credit granting process

coordinate the efforts of all of the various individuals in order to ensure that sound credit

decisions are made.

43. In order to maintain a sound credit portfolio, a bank must have an established formal

transaction evaluation and approval process for the granting of credits. Approvals should be

made in accordance with the bank’s written guidelines and granted by the appropriate level of

management. There should be a clear audit trail documenting that the approval process was

complied with and identifying the individual(s) and/or committee(s) providing input as well

as making the credit decision. Banks often benefit from the establishment of specialist credit

groups to analyse and approve credits related to significant product lines, types of credit

facilities and industrial and geographic sectors. Banks should invest in adequate credit

decision resources so that they are able to make sound credit decisions consistent with their

credit strategy and meet competitive time, pricing and structuring pressures.

44. Each credit proposal should be subject to careful analysis by a qualified credit

analyst with expertise commensurate with the size and complexity of the transaction. An

effective evaluation process establishes minimum requirements for the information on which

the analysis is to be based. There should be policies in place regarding the information and

documentation needed to approve new credits, renew existing credits and/or change the terms

and conditions of previously approved credits. The information received will be the basis for

any internal evaluation or rating assigned to the credit and its accuracy and adequacy is

critical to management making appropriate judgements about the acceptability of the credit.

45. Banks must develop a corps of credit risk officers who have the experience,

knowledge and background to exercise prudent judgement in assessing, approving and

managing credit risks. A bank’s credit-granting approval process should establish

accountability for decisions taken and designate who has the absolute authority to approve

credits or changes in credit terms. Banks typically utilise a combination of individual

signature authority, dual or joint authorities, and a credit approval group or committee,

depending upon the size and nature of the credit. Approval authorities should be

commensurate with the expertise of the individuals involved.

Credit risk management

16

Principle 7: All extensions of credit must be made on an arm’s-length basis. In

particular, credits to related companies and individuals must be authorised on an

exception basis, monitored with particular care and other appropriate steps taken to

control or mitigate the risks of non-arm’s length lending.

46. Extensions of credit should be made subject to the criteria and processes described

above. These create a system of checks and balances that promote sound credit decisions.

Therefore, directors, senior management and other influential parties (e.g. shareholders)

should not seek to override the established credit-granting and monitoring processes of the

bank.

47. A potential area of abuse arises from granting credit to non-arms-length and related

parties, whether companies or individuals.9 Consequently, it is important that banks grant

credit to such parties on an arm’s-length basis and that the amount of credit granted is suitably

monitored. Such controls are most easily implemented by requiring that the terms and

conditions of such credits not be more favourable than credit granted to non-related borrowers

under similar circumstances and by imposing strict absolute limits on such credits. Another

possible method of control is the public disclosure of the terms of credits granted to related

parties. The bank’s credit-granting criteria should not be altered to accommodate related

companies and individuals.

48. Material transactions with related parties should be subject to the approval of the

board of directors (excluding board members with conflicts of interest), and in certain

circumstances (e.g. a large loan to a major shareholder) reported to the banking supervisory

authorities.

IV. Maintaining an Appropriate Credit Administration, Measurement

and Monitoring Process

Principle 8: Banks should have in place a system for the ongoing administration of their

various credit risk-bearing portfolios.

9 Related parties can include the bank’s subsidiaries and affiliates, its major shareholders, directors and senior

management, and their direct and related interests, as well as any party that the bank exerts control over or that exerts

control over the bank.

49. Credit administration is a critical element in maintaining the safety and soundness of

a bank. Once a credit is granted, it is the responsibility of the business unit, often in

conjunction with a credit administration support team, to ensure that the credit is properly

maintained. This includes keeping the credit file up to date, obtaining current financial

information, sending out renewal notices and preparing various documents such as loan

agreements.

50. Given the wide range of responsibilities of the credit administration function, its

organisational structure varies with the size and sophistication of the bank. In larger banks,

responsibilities for the various components of credit administration are usually assigned to

different departments. In smaller banks, a few individuals might handle several of the

functional areas. Where individuals perform such sensitive functions as custody of key

documents, wiring out funds, or entering limits into the computer database, they should report

to managers who are independent of the business origination and credit approval processes.

51. In developing their credit administration areas, banks should ensure:

• the efficiency and effectiveness of credit administration operations, including

monitoring documentation, contractual requirements, legal covenants, collateral, etc.;

• the accuracy and timeliness of information provided to management information

systems;

• adequate segregation of duties;

• the adequacy of controls over all “back office” procedures; and

• compliance with prescribed management policies and procedures as well as

applicable laws and regulations.

52. For the various components of credit administration to function appropriately, senior

management must understand and demonstrate that it recognises the importance of this

element of monitoring and controlling credit risk.

53. The credit files should include all of the information necessary to ascertain the

current financial condition of the borrower or counterparty as well as sufficient information to

track the decisions made and the history of the credit. For example, the credit files should

include current financial statements, financial analyses and internal rating documentation,

internal memoranda, reference letters, and appraisals. The loan review function should

determine that the credit files are complete and that all loan approvals and other necessary

documents have been obtained.

Principle 9: Banks must have in place a system for monitoring the condition of

individual credits, including determining the adequacy of provisions and reserves.

54. Banks need to develop and implement comprehensive procedures and information

systems to monitor the condition of individual credits and single obligors across the bank’s

various portfolios. These procedures need to define criteria for identifying and reporting

potential problem credits and other transactions to ensure that they are subject to more

frequent monitoring as well as possible corrective action, classification and/or provisioning.10

55. An effective credit monitoring system will include measures to:

• ensure that the bank understands the current financial condition of the borrower or

counterparty;

• monitor compliance with existing covenants;

• assess, where applicable, collateral coverage relative to the obligor’s current

condition;

• identify contractual payment delinquencies and classify potential problem credits on

a timely basis; and

• direct promptly problems for remedial management.

56. Specific individuals should be responsible for monitoring credit quality, including

ensuring that relevant information is passed to those responsible for assigning internal risk

ratings to the credit. In addition, individuals should be made responsible for monitoring on an

ongoing basis any underlying collateral and guarantees. Such monitoring will assist the bank

in making necessary changes to contractual arrangements as well as maintaining adequate

reserves for credit losses. In assigning these responsibilities, bank management should

recognise the potential for conflicts of interest, especially for personnel who are judged and

rewarded on such indicators as loan volume, portfolio quality or short-term profitability.

Principle 10: Banks are encouraged to develop and utilise an internal risk rating system

in managing credit risk. The rating system should be consistent with the nature, size and

complexity of a bank’s activities.

57. An important tool in monitoring the quality of individual credits, as well as the total

portfolio, is the use of an internal risk rating system. A well-structured internal risk rating

system is a good means of differentiating the degree of credit risk in the different credit

10 See footnote 6.

exposures of a bank. This will allow more accurate determination of the overall characteristics

of the credit portfolio, concentrations, problem credits, and the adequacy of loan loss reserves.

More detailed and sophisticated internal risk rating systems, used primarily at larger banks,

can also be used to determine internal capital allocation, pricing of credits, and profitability of

transactions and relationships.

58. Typically, an internal risk rating system categorises credits into various classes

designed to take into account gradations in risk. Simpler systems might be based on several

categories ranging from satisfactory to unsatisfactory; however, more meaningful systems

will have numerous gradations for credits considered satisfactory in order to truly differentiate

the relative credit risk they pose. In developing their systems, banks must decide whether to

rate the riskiness of the borrower or counterparty, the risks associated with a specific

transaction, or both.

59. Internal risk ratings are an important tool in monitoring and controlling credit risk. In

order to facilitate early identification of changes in risk profiles, the bank’s internal risk rating

system should be responsive to indicators of potential or actual deterioration in credit risk.

Credits with deteriorating ratings should be subject to additional oversight and monitoring, for

example, through more frequent visits from credit officers and inclusion on a watchlist that is

regularly reviewed by senior management. The internal risk ratings can be used by line

management in different departments to track the current characteristics of the credit portfolio

and help determine necessary changes to the credit strategy of the bank. Consequently, it is

important that the board of directors and senior management also receive periodic reports on

the condition of the credit portfolios based on such ratings.

60. The ratings assigned to individual borrowers or counterparties at the time the credit is

granted must be reviewed on a periodic basis and individual credits should be assigned a new

rating when conditions either improve or deteriorate. Because of the importance of ensuring

that internal ratings are consistent and accurately reflect the quality of individual credits,

responsibility for setting or confirming such ratings should rest with a credit review function

independent of that which originated the credit concerned. It is also important that the

consistency and accuracy of ratings is examined periodically by a function such as an

independent credit review group.