1. General Requirements
1.1. Overview
Credit risk is historically the most significant risk faced by banks. It is measured by estimating the actual or potential losses arising from the inability or unwillingness of the obligors to meet their credit obligations on time. Credit risk could stem from both on and off balance sheet exposures of banks. Keeping in view the importance of effective credit risk management for the safety and soundness of banks, these Rules are being issued by SAMA to set out the regulatory requirements for further strengthening of credit risk management framework in banks.
All banks operating in Saudi Arabia are required to ensure that they have put in place an elaborate credit risk management framework to effectively manage their credit risk. Such framework would cover various types of lending including corporate, commercial, SME, retail, consumer, etc. The credit risk management framework should include, inter alia, the following components:
i. Board and senior management’s Oversight;
ii. Organizational structure;
iii. Systems and procedures for identification, measurement, monitoring and control of credit risk.
While designing and strengthening their credit risk management framework, banks should ensure compliance of these Rules. Furthermore, banks should also take into account the requirements of the “Principles for the Management of Credit Risk”, “Sound credit risk assessment and valuation for loans”, and “Principles for enhancing corporate governance” issued by the Basel Committee on Banking Supervision in September 2000, June 2006 and October 2010 respectively, and any other related principles and standards including updates thereof issued by the relevant international standard setting bodies.
1.2. Objective of the Rules
The objective of these Rules is to set out the minimum requirements for banks in the area of credit risk management. However, banks are encouraged to adopt more stringent standards beyond the minimum requirements of these Rules to effectively manage their credit risk.
1.3. Scope of Application
These Rules shall be applicable to the locally incorporated banks as well as the branches of foreign banks. Where a locally incorporated bank has majority owned Subsidiary(ies) operating in the financial sector, it will either formulate group level Credit Policy consistent with these Rules for application across the group or will ensure that the subsidiary’s credit policies and procedures are in line with these Rules. Furthermore, in case of foreign subsidiaries, the legal and regulatory requirements of the host country shall also be taken into account while framing their credit policies and procedures. For the purpose of these rules, majority owned subsidiary(ies) include those subsidiary(ies) where a bank owns more than 50% of its shareholding. The branches of foreign banks licensed and operating in Saudi Arabia shall also follow these Rules. However, they will apply these Rules to the extent practically applicable to them and with such modifications as may be considered expedient keeping in view the size and complexity of their business activities. Further, their Credit Policy can be approved by the Chief Executive or a relevant management committee at Head Office instead of the Board of Directors.
1.4. Effective Date
These Rules shall come into force with immediate effect. All banks are required to take all necessary steps to bring their existing policies, procedures and structures in line with these Rules by 30 June 2013. Furthermore, they are also required to submit a copy of their revised Credit Policy fully aligned with these Rules and duly approved by their Board of Directors to the Central Bank latest by 30 June 2013. In case there are any practical issues in implementation of these rules, banks should approach SAMA to seek further guidance on addressing such issues.