Corporate governance
|
| 16.53 | All material aspects of the rating and estimation processes must be approved by the bank’s board of directors or a designated authority. These parties must possess a general understanding of the bank’s risk rating system and detailed comprehension of its associated management reports. Senior management must provide notice to the board of directors or a designated committee thereof of material changes or exceptions from established policies that will materially impact the operations of the bank’s rating system.
|
| 16.54 | Senior management also must have a good understanding of the rating system’s design and operation, and must approve material differences between established procedure and actual practice. Management must also ensure, on an ongoing basis, that the rating system is operating properly. Management and staff in the credit control function must meet regularly to discuss the performance of the rating process, areas needing improvement, and the status of efforts to improve previously identified deficiencies.
|
| 16.55 | Internal ratings must be an essential part of the reporting to these parties. Reporting must include risk profile by grade, migration across grades, estimation of the relevant parameters per grade, and comparison of realized default rates (and LGDs and EADs for banks on advanced approaches) against expectations. Reporting frequencies may vary with the significance and type of information and the level of the recipient.
|
Credit risk control
|
| 16.56 | Banks must have independent credit risk control units that are responsible for the design or selection, implementation and performance of their internal rating systems. The unit(s) must be functionally independent from the personnel and management functions responsible for originating exposures. Areas of responsibility must include:
|
| | (1) | Testing and monitoring internal grades;
|
| | (2) | Production and analysis of summary reports from the bank’s rating system, to include historical default data sorted by rating at the time of default and one year prior to default, grade migration analyses, and monitoring of trends in key rating criteria;
|
| | (3) | Implementing procedures to verify that rating definitions are consistently applied across departments and geographic areas;
|
| | (4) | Reviewing and documenting any changes to the rating process, including the reasons for the changes; and
|
| | (5) | Reviewing the rating criteria to evaluate if they remain predictive of risk. Changes to the rating process, criteria or individual rating parameters must be documented and retained for SAMA to review.
|
| 16.57 | A credit risk control unit must actively participate in the development, selection, implementation and validation of rating models. It must assume oversight and supervision responsibilities for any models used in the rating process, and ultimate responsibility for the ongoing review and alterations to rating models.
|
Internal and external audit
|
| 16.58 | Internal audit or an equally independent function must review at least annually, the bank’s rating system and its operations, including the operations of the creditfunction and the estimation of PDs, LGDs and EADs. Areas of review include adherence to all applicable minimum requirements. Internal audit must document its findings.
|
