Skip to main content
Back Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

  • 5. Systems and Procedures

    Banks should put in place adequate systems and procedures for credit risk management. Broad guidelines for setting systems and procedures regarding various credit related activities of a bank are provided hereunder: 
     

    • 5.1. Credit Origination

      Banks should establish sound and well-defined credit-granting criteria, which is essential to approving credit in a safe and sound manner. These criteria should include a clear indication of the bank’s target market and a thorough understanding of the borrower or counterparty, as well as the purpose and structure of the credit, and its source of repayment. 
       
      Banks should also have clearly established processes and procedures to assess the risk profile of the customer as well as the risks associated with the proposed credit transaction before granting any credit facility. These processes and procedures should be applicable for approving new credits as well as the amendment, renewal and re-financing of existing credits. The factors to be considered for origination of credit may include, inter alia, the following: 
       
        a.Credit assessment of the borrower’s industry, and macro economic factors;
       
        b.The purpose of credit and source of repayment;
       
        c.Assessing the track record / repayment history of the borrower. In case of new borrowers, assessing their integrity and repute as well as their legal capacity to assume the liability;
       
        d.Assessment/evaluation of the repayment capacity of the borrower;
       
        e.Determination of the terms and conditions and covenants of credit;
       
        f.Assessment of the adequacy and enforceability of collaterals;
       
        g.Assessment of adherence to exposure limits and determination of appropriate authority for credit approval;
       
      All extensions of credit must be made on an arm’s-length basis. In particular, credits to related borrowers must be authorized on an exception basis, monitored with particular care and other appropriate steps taken to control or mitigate the risks of non-arm’s length lending. 
       
      In case of consortium/syndication loans, it is important that other consortium members should not over rely on the lead bank and should have their own systems and procedures to perform independent analysis and review of syndication terms. 
       

    • 5.2. Limit Setting

      Banks should establish overall credit limits at the level of individual borrowers and counterparties, and groups of connected counterparties that aggregate in a comparable and meaningful manner different types of exposures, both in the banking and trading book and on and off the balance sheet. 
       
      SAMA has separately specified exposure limits for single counterparties and group of connected counterparties. While remaining within the overall limits specified by SAMA, banks can establish more conservative exposure limits. Banks are required to have well-defined policies and procedures for establishing their internal exposure limits as such limits are an important element of credit risk management. The limit structure should set the boundaries for overall risk taking, be consistent the bank’s overall risk management approach, be applied on a bank-wide basis, allow management to monitor exposures against predetermined risk tolerance levels and ensure prompt management attention to any exceptions to established limits. Banks should take into account the following parameters in establishing their exposure limits: 
       
        a.The size of the limits should be based on the credit strength of the borrower, genuine requirement of credit, economic conditions and the bank’s risk tolerance;
       
        b.The limits should be consistent with the bank’s risk management process and commensurate with its capital position;
       
        c.The limits should be established for both individual borrowers as well as groups of connected borrowers. The limits can be based on the internal risk rating of the borrower or any other basis linked to the borrower’s risk profile;
       
        d.There can be separate limits for different credit products and activities, specific industries, economic sectors or geographic regions to avoid concentration risk. The ultimate objective should be to achieve reasonable diversification of credit portfolio;
       
        e.The results of stress testing should be taken into account in the overall limit setting and monitoring process;
       
        f.Credit limits should be reviewed regularly at least annually or more frequently if the borrower’s credit quality deteriorates;
       
        g.All requests of increase in credit limits should be fully evaluated and substantiated.
       
      Banks should closely monitor their credit exposures against established limits and put in place adequate procedures for timely identification of any exceptions against the approved limits. There should also be well defined procedures to deal with any excesses over approved limits. Furthermore, all such instances of excesses over limits should be reported to the senior management along with the details of the corrective action taken. Exceptions to the approved limits should be approved at senior level by the authorized persons. In case of occurrence of frequent exceptions, the management or the board should review the limit structure and devise a strategy to ensure non-occurrence of such breaches. 
       

    • 5.3. Delegation of Authority

      Banks are required to establish responsibility for credit approvals and fully document any delegation of authority to approve credits or make changes in credit terms. In this regard, banks are required to take into account the following factors: 
       
        a.Board of Directors or its relevant sub-committee should approve the overall lending authority structure, and explicitly delegate credit sanctioning authority to senior management (by position/level of hierarchy) and/or the Credit Committee. The Senior Management may assign the delegated powers to specific individuals or positions down the line subject to adherence of the overall delegation of authority and the criteria laid down for this purpose by the Board or its relevant subcommittee;
       
        b.Lending authority assigned to different levels of hierarchy should be commensurate with the level, experience, ability and character of the person. For this purpose, banks may develop a risk-based authority structure whereby the lending authority is tied to the risk ratings of the obligor;
       
        c.There should be a clear segregation of duties between Relationship Managers, Credit Approvers, Operations processors and Risk Managers with regard to credit approvals or making any changes in credit terms. Any limitations on who should hold credit approval authority should also be clearly stated;
       
        d.The credit policy should spell out the escalation process to ensure appropriate reporting and approval of credit extension beyond prescribed limits or any other exceptions to credit policy;
       
        e.There should be a periodic review of lending authority assigned to different levels of hierarchy;
       
        f.There should be an appropriate system in place to detect any exceptions or misuse of delegated powers and reporting thereof to the senior management and/or the Board of Directors or its relevant sub-committee;
       

    • 5.4. Credit Administration

      Credit administration is an important element of the credit process that support and control extension and maintenance of credit. Banks should have in place a system for the ongoing administration of their various credit risk-bearing portfolios. Banks should also have separate units to perform credit administration function. A typical credit administration unit generally performs the following functions: 
       
        a.Credit Documentation: Ensuring completeness of documentation (loan agreements, guarantees, transfer of title of collaterals, etc.) in accordance with the approved terms and conditions of credit;
       
        b.Credit Disbursement: Ensuring that credit approval have been obtained from the competent authority and all other formalities have been completed before any loan disbursement is effected;
       
        c.Credit monitoring: This process starts after disbursement of credit and include keeping track of borrowers’ compliance with credit terms, identifying early signs of irregularity, conducting periodic valuation of collateral and monitoring timely repayments;
       
        d.Loan Repayment: The obligors should be communicated ahead of time as and when the principal and/or commission income becomes due. This may be done either by providing details of the due dates and repayable amounts for both commission and principal in the facility agreement or through a separate communication to the obligor before each due date of the principal and/or commission income or by adopting both these practices. Any delinquencies involving non-payment or late payment of principal or commission should be tagged and communicated to the management. Proper records and updates should also be made after receipt of overdue amount;
       
        e.Maintenance of Credit Files: All credit files should be properly maintained including all original correspondence with the borrower and necessary information to assess its financial health and repayment performance. The credit files should be maintained in a well organized way so that these are easily accessible to external / internal auditors or SAMA inspection team. Banks may resort to maintain electronic credit files only if permitted by relevant law(s) and subject to compliance of all relevant rules/regulations;
       
        f.Collateral and Security Documents: Ensuring that all collateral/security documents are kept in a secured way and under dual control. Proper record of all collateral/security documents should be maintained to keep track of their movement. Procedures should also be established to track and review relevant insurance coverage for facilities/collateral wherever required. Physical checks on collateral/security documents should also be conducted on a regular basis.
       
      Banks should ensure that the credit administration function should be independent of business origination and credit approval process. In developing their credit administration function, banks should ensure: 
       
        a.the efficiency and effectiveness of credit administration operations, including monitoring documentation, contractual requirements, legal covenants, collateral, etc.;
       
        b.the accuracy and timeliness of information provided to management information systems;
       
        c.adequate segregation of duties;
       
        d.the adequacy of controls over all “back office” procedures; and
       
        e.compliance with prescribed management policies and procedures as well as applicable laws and regulations.
       

    • 5.5. Credit Risk Measurement

      Banks should adopt elaborate techniques to measure credit risk which may include both qualitative and quantitative techniques. Banks should also establish and utilize an internal credit risk rating framework in managing credit risk. The internal credit risk rating is a summary indicator of a bank’s individual credit exposures and categorizes all credits into various classes on the basis of underlying credit quality. This rating framework may incorporate, inter alia, the business risk (including industry characteristics, competitive position e.g. marketing/technological edge, management capabilities, etc.) and financial risk (including financial condition, profitability, capital structure, present and future cash flows, etc.). The rating system should be consistent with the nature, size and complexity of a bank’s activities. 
       
      An internal rating framework would facilitate banks in a number of ways such as: 
       
        a.Credit selection;
       
        b.Amount of exposure;
       
        c.Tenure and price of facility;
       
        d.Frequency or intensity of monitoring;
       
        e.Analysis of migration of deteriorating credits and more accurate computation of future loan loss provisions;
       
        f.Deciding the level of approving authority of credit approval.
       
      It is not the intention of these guidelines to prescribe any particular rating system. Banks can choose a rating system which commensurate with the size, nature and complexity of their business as well their risk profile. However, banks are encouraged to take into account the following factors in designing and implementing an internal rating system; 
       
        a.The rating system should explicitly define each risk rating grade. The number of grades on rating scale should be neither too large nor too small. A large number of grades may increase the cost of obtaining and analyzing additional information and thus make the implementation of rating system expensive. On the other hand, if the number of rating grades is too small it may not permit accurate characterization of the underlying risk profile of a loan portfolio;
       
        b.The rating system should lay down an elaborate criteria for assigning a particular rating grade, as well as the circumstances under which deviations from criteria can take place;
       
        c.The operating flow of the rating process should be designed in a way that promotes the accuracy and consistency of the rating system while not unduly restricting the exercise of judgment;
       
        d.The operating design of a rating system should address all relevant issues including which exposures to rate; the division of responsibility for grading; the nature of ratings review; the formality of the process and specificity of formal rating definitions;
       
        e.The rating system should ideally aim at assigning a risk rating to all credit exposures of the bank. However, the banks may decide as to which exposures needs to be rated taking into account the cost benefit analysis. The decision to rate a particular credit exposure could be based on factors such as exposure amount, nature of exposure(i.e. corporate, commercial, retail, etc.) or both. Generally corporate and commercial exposures are subject to internal ratings whereas consumer / retail loans are subject to scoring models;
       
        f.Banks should take adequate measures to test and develop a risk rating system prior to adopting one. Adequate validation testing should be conducted during the design phase as well as over the life of the system to ascertain the applicability of the system to the bank’s portfolio. Furthermore, adequate training should be imparted to the staff to ensure uniformity in assignment of ratings;
       
        g.Banks should clearly spell out the roles and responsibilities of different parties for assigning risk rating. Ratings are generally assigned /reaffirmed at the time of origination of a loan or its renewal /enhancement. Generally loan origination function initiates a loan proposal and also allocates a specific rating. This proposal passes through the credit approval process and the rating is also approved or recalibrated simultaneously by approving authority. This may, however, vary from bank to bank;
       
        h.The rating process should take into account all relevant risk factors including borrower’s financial condition, size, industry and position in the industry; the reliability of financial statements of the borrower; quality of management; elements of transaction structure such as covenants, etc. before assigning a risk rating. The risk rating should reflect the overall risk profile of an exposure;
       
        i.Banks should also ensure that risk ratings are updated periodically and are also reviewed as and when any adverse events occur. There should also be a periodic independent review of the risk ratings by a separate function independent of loan origination to ensure consistency and accuracy of ratings.
       

    • 5.6. Credit Risk Monitoring

      Banks should put in place an effective credit monitoring system that enables them to monitor the quality of individual credit exposures as well as the overall credit portfolio and determine the adequacy of provisions. The monitoring system should also enable the bank to take remedial measures as and when any deterioration occurs in individual credits or the overall portfolio. An effective system of credit monitoring should ensure that: 
       
        a.the current financial condition of the borrower is fully understood and assessed by the bank;
       
        b.the overall risk profile of the borrower is within the risk tolerance limits established by the bank;
       
        c.all credits are in compliance with the applicable terms & conditions and regulatory requirements;
       
        d.usage of approved credit lines by borrowers is monitored by the bank;
       
        e.the projected cash flow of major credits meet debt servicing requirements;
       
        f.collateral held by the bank provides adequate coverage;
       
        g.all loans are being serviced as per facility terms & conditions;
       
        h.potential problem credits are identified and classified on a timely basis;
       
        i.provisions held by the bank against non-performing loans are adequate;
       
      The banks’ credit policy should explicitly provide procedural guidelines relating to credit risk monitoring covering, inter alia, the following points: 
       
        a.The roles and responsibilities of individuals responsible for credit risk monitoring;
       
        b.The assessment procedures and analysis techniques (for individual loans & overall portfolio). This may include, inter alia, the assessment procedures for assessing the financial position and business conditions of the borrower, monitoring his account activity/conduct, monitoring adherence to loan covenants and valuation of collaterals;
       
        c.The frequency of monitoring;
       
        d.The periodic examination of collaterals and loan covenants;
       
        e.The frequency of site visits;
       
        f.Renewal of existing loans and the circumstances under which renewal may be deferred;
       
        g.Restructuring or rescheduling of loans and other credit facilities;
       
        h.The identification of any deterioration in any loan and follow-up actions to be taken.
       

    • 5.7. Independent Credit Risk Review

      Banks should establish a mechanism of conducting an independent review of credit risk management process. Such a review should be conducted by staff involved in credit risk assessment, independent from business area. The placement of this function within the organization and its reporting lines can be determined by the banks themselves provided its independence from the business is ensured. The Credit Policy of the bank should contain provisions for conducting the credit risk review whereas the modalities of conducting such a review should be spelt out in the procedural documents. The purpose of such review is to independently assess the credit appraisal and administration process, the accuracy of credit risk ratings, level of risk, sufficiency of collaterals and overall quality of loan portfolio. Banks should take into account the following factors for conducting a credit risk review: 
       
        a.All facilities except those managed on a portfolio basis should be subjected to individual risk review at least once in a year. The review may be conducted more frequently for new borrowers as well as for classified and low rated accounts that have higher probability of default;
       
        b.The credit review should be conducted with updated information on the borrowers financial and business conditions, as well as conduct of account. Any exceptions noted in the credit monitoring process should also be evaluated for impact on the borrowers’ creditworthiness;
       
        c.The credit review should be conducted on a solo as well as consolidated group basis to factor in the business connections among entities in a borrowing group;
       
        d.The results of such review should be properly documented and reported directly to the board or its relevant sub-committee as well as to the senior management;
       
      The credit risk review will mainly focus on corporate and commercial loans. Banks may decide not to cover a particular loans products or categories e.g. consumer loans or retail loans under the risk review. However, they should closely monitor the quality of such loans and report any deterioration in their quality along with the results of credit reviews conducted on other loans. 
       

    • 5.8. Managing Problem Credits

      Banks should establish a system to identify problem loans ahead of time for taking appropriate remedial measures. Such a system should provide appropriate guidance to concerned staff on identifying and managing various types of problem loans including corporate, commercial and consumer loans. Once a loan is identified as a problem loan, it should be managed under a dedicated remedial process. In this regard, banks may take into account the following factors: 
       
        a.The credit policy should clearly set out how the bank will manage problem credits. The basic elements of managing problem credits may include, inter alia, negotiations and follow-up with the borrowers, working out remedial strategies e.g. restructuring of loan facility, enhancement in credit limits, reduction in commission rates, etc., review of collateral/security documents, and more frequent review and monitoring. Banks should provide detailed guidance in this regard in their systems and procedures for dealing with problem credits;
       
        b.The organizational structure and methods for dealing with problem credits may vary from bank to bank. Generally the responsibility for such credits may be assigned to the originating business function, a specialized workout section, or a combination of the two, depending upon the size and nature of the credit and the reason for its problems. When a bank has significant credit-related problems, it is important to segregate the workout function from the credit origination function;
       
        c.There should be an appropriate system for identification and reporting of problem credits along with the details of remedial measures on regular basis to the senior management and/or the Board of Directors or its relevant sub-committee;