To us, an IRB compliant bank has to pass through the several hurdles, including amongst others:
Calculation of PDs There are several issues here to consider:
1. Definition of PDs. Any risk rating system should provide ratings to show potential defaults for both, forward looking cases, and backward looking experiences. On the forward looking side, the system methodology should focus on high potential of default based on obligor’s ability to settle dues on time; using financials and non financial attributes (see Risk Rating methodology below). On the post fact basis, the bank should capture defaults (including excesses) for all periods covering 7 days, 30 days, 60 days and 90 days plus. These help check three behavioural traits:
- whether on an individual and risk-grouped basis the slope of the graph post 7 days is indeed very steep. A steep graph indicates a strong control over processes and procedures and provides comfort on the allocated rating; the less steep, the more questions to be asked in terms of rating scales;
whether there is a “passing the hat” syndrome, where borrowed funds are covered from other bank debts, leaving the bank unaware of the high risks; a condition that can be corrected with cash flow analysis and PD rate adjustments (see Risk Rating Methodology below); and
on aggregate for all obligors, whether the ratio of defaulting versus total clients per rating grade is in line with expected PD averages that are assumed by the bank. The closer the average the better the bank is in capturing this data.
3. The validation process will determine the variance between the average of calculated PDs for a each rating scale and each individual obligor. The standard deviation would then be calculated and it is up to the central bank to decide an acceptable scale of standard deviations per rating. The more granular the rating the better as that provides for a spread in results.
So the first step for assessing PD validation is to check on the calculation of PDs in the first instance.
Risk Rating methodology This is extremely important. If you were to use 90 days plus default rates, you would have missed out on much in terms of the draw backs in assessing defaults. Pre-default assessment is a benchmark for forward PD calculations. There are two ways to assess forward looking defaults:
a. using cash flow analysis and appropriate forward projections at that, and b. assessing qualitative criteria (such as management, industry and economy). The trick here is to assess vulnerabilities more than achievements. The more granular the assessment the better.
So if we were to do a good job at validating risk rating systems, it would be wise to focus on the process of assessing default and whether the definitions of ratings are in line with experience (7, 30, 60 and 90 days).
Risk Rating Override rules One of the biggest pitfalls of any risk rating system is the ability of users to override the rating. Once you allow overrides without proper controls, especially judgemental overrides, then the whole sanctity of the system is invalidated. There are over 150 criteria that is used is assessing a risk rating (quantitative and qualitative) and to override these is to assume the users have more knowledge and ability to assess beyond the basics. Human being are only able to assess 7 items at any one time (limitation of the brain) and so to supersede a system with over 150 criteria would seem to be inappropriate. Overrides should be allowed only if the override is to worsen the rating (not improve it) and only if strict rules on its use are in place.
So one of the important tests in validation is to identify how many obligors within a system have had their ratings overridden and to what extent. If the bank were to improve ratings or to gravitate ratings to a particular range on a regular basis with judgmental criteria, then its system ratings cannot be validated adequately.
PRR Calculation (and Stress Testing considerations) The rating of any obligor is a means to an end. That end is to manage the portfolio, and hence the ability of banks to calculate Portfolio Risk Rating. If the risk management of a bank cannot do that, and if the board of directors does not use PRR calculation in its strategic decision making, then the risk rating system is not in tune with proper Risk Management practices, and therefore cannot be validated or approved.
PRR calculation is fundamental in the management of the portfolio and setting forward looking strategies. However it does require the proper calculation of FRRs and hence data acquisition from core banking systems. If these are not in place, then the system as a whole cannot be validated, and the bank cannot be considered IRB compliant.
Target Market and RAC Generation Again the PRR is a means to an end. The end is to set TM and RACs to control the portfolio across the five levels: Industry, Groups, Facility Types, Collateral Security, Countries, and Businesses. These risks associated with portfolio mixes should be reviewed at least once a year (using PRR calculations) and appropriate TM and RAC rules set in place to control the risks within them. All credit applications have to be passed using them (and therefore the ORR is central to each credit) and deviations to be well controlled and managed.
A bank that has not created TM and RACs studies across at least products and industries is not considered as worthy of IRB Compliance, and its risk rating systems and uses are to be questioned.
Abidance with Basel’s 16 Principles of Management of Credit Risk Although the rules are 20 strong, the first 16 are the most important for a bank (rest for supervisors). These cover the way a bank conducts itself, with the central focus on the rating of portfolios and obligors. A bank that has not set in placed appropriate processes and procedures in line with these rules and abides by them diligently, it cannot be considered as worthy of IRB Compliance, and its risk rating systems and uses are to be questioned.
You might be interested in an extract from my book “Corporate and Commercial Credit” that goes as follows:
“The world of Basel 1 treated all obligors the same. It was a “process-based” world, where credit processes were more important than the applications; where the 5 “C”s were applied on all clients irrespective; where the officers were fidgeting in the balance sheet and income statement for clues and comparisons between companies, while the real story was in the cash flows. This narrow view left many banks unable (intentionally or otherwise) to measure risks; and as increased assets and profitability continued to play important roles in the psyche of bankers, the true value of the portfolio was largely ignored. It was not whether the obligor could pay back or not; it was what collateral security was available to cover the financing. The issue of how much the obligor needed was focused almost purely on individual transactions and was not aligned to the obligor’s business characteristics and overall needs.
This tunnel vision has lead, and indeed continues to lead to an overstatement of the quality of many a bank’s portfolio. Coupled with lack of sound principals in banking along with the discipline to implement them, the world of finance continues to be dominated by large losses and misappropriation of shareholder value.
Basel 2 environment has gone a long way to address the above shortcomings in the management of banking business. It finally recognized the need to improve the measurement of risk, and has encouraged banks to adopt it through economic measures such as more efficient capital adequacy allocations. What a bank did not need in extra capital to cover a measured credit risk position could now be used to cover market or operational risks.
However considering that it’s been over six years since the introduction of these accords, it is surprising that banks did not change much quicker, and have yet to adopt any of the new principals. I believe the reason for this slow pace is two-fold: (a) the Central Banks that are normally the instruments of change are themselves in need of a total overhaul; they need to learn what it takes to manage banks and measure risk much more rigorously than the banks themselves, and (b) that Basel 2 left it to the shareholders to decide whether to have their banks remain in the world of Basel 1 (the Standardized Approach), or decide to move forward into the more sophisticated IRB Approaches. Had Basel 2 enforced a deadline for the IRB methodologies, we would have probably witnessed more professionalism across the banking sector in almost all countries.”
I hope we can work together to provide you with a totally IRB compliant solution, one that is Best in Class, and one that you can feel proud off in discussion with your Central Bank.© 2014 6 Sigma Group
While the information contained herein is believed to be accurate, neither 6 Sigma nor any of its affiliates or subsidiaries or its employees makes any representation or warranty, express or implied, as to the accuracy or completeness of the information set out in this document or that it will remain unchanged after the date of issue of this document, and accordingly neither 6 Sigma nor any of their respective affiliates or subsidiaries or employees has any responsibility for such information. This document is not intended by 6 Sigma to provide the sole basis of any credit decision or other evaluation and should not be considered as a recommendation by 6 Sigma that any recipient of this document should purchase an equity stake in, provide credit facilities to, or conduct any business with any company(ies) listed in this document. Each recipient should determine its interest in the information provided herein upon such independent investigations as it deems necessary and appropriate for such purpose without reliance upon 6 Sigma.WANT TO USE THIS ARTICLE IN YOUR NEWSLETTER OR WEB SITE? You can, as long as you include this complete phrase with it: “6 Sigma Group teaches bankers around the world how to become better bankers. Get the “5 Mistakes Bankers Do in Credit Analysis” at www.credit-risk-store.com”