61.Interest rate risk in the banking book is a potentially significant risk that requires capital. There is considerable heterogeneity across UAE banks in terms of the nature of the underlying risk and the processes for monitoring and managing it. In light of this, the Central Bank considers it is most appropriate to treat interest rate risk in the banking book under Pillar 2 of the Framework.

62.To facilitate the Central Bank’s monitoring of interest rate risk exposures across banks, banks would have to provide the results of their internal measurement systems, expressed in terms of both, economic value and net interest income, relative to capital, using a standardised interest rate shock as described in the accompanying guidance document.

63.If the Central Bank determines that banks are not holding capital commensurate with the level of interest rate risk, they must require the bank to reduce its risk, to hold a specific additional amount of capital or some combination of the two.

64.A bank should ensure that it has sufficient capital to meet the Pillar 1 requirements and the results (where a deficiency has been indicated) of the credit risk stress test performed. The Central Bank will review how the stress test has been carried out.

65.Central bank will use the reference model to challenge the stress test results Reference model is based on +/- 200 basis point shock based on NII and EVE. Central Bank assumes a higher basis point for stress testing which is described in the accompanying guidance document.

66.The results of the stress test will thus contribute directly to the expectation that a bank will operate above the Pillar 1 minimum regulatory capital ratios. The outcome of the Central Bank stress tests will be used as a benchmark. If there is an impact of more than 200bps, the Central Bank will require setting higher minimum capital requirements so that capital resources could cover the Pillar 1 requirements plus the result of a recalculated stress test.

67.This section allows banks to offset credit or counterparty risk with collateral, guarantees or credit derivatives, leading to reduced capital charges in Pillar 1. While banks use credit risk mitigation (CRM) techniques to reduce their credit risk, these techniques give rise to risks that may render the overall risk reduction less effective. Accordingly, these risks (e.g. operational risk or liquidity risk) to which banks are exposed are of supervisory concern. Where such risks arise, and irrespective of fulfilling the minimum requirements set out in Pillar 1, a bank could find itself with greater credit risk exposure to the underlying counterparty than it had expected. Examples of these risks include:

1. i.Inability to seize, or realise in a timely manner, collateral pledged (on default of the counterparty);
2. ii.Refusal or delay by a guarantor to pay; and
3. iii.Ineffectiveness of untested documentation.

68.The Central Bank will require banks to have in place appropriate written CRM policies and procedures in order to control these residual risks. A bank may be required to submit these policies and procedures to the Central Bank and must regularly review their appropriateness, effectiveness and operation.

69.In its CRM policies and procedures, a bank must consider whether, when calculating capital requirements, it is appropriate to give the full recognition of the value of the credit risk mitigant as permitted in Pillar 1 and must demonstrate that its CRM management policies and procedures are appropriate to the level of capital benefit that it is recognising. Where the Central Bank is not satisfied as to the robustness, suitability or application of these policies and procedures they may direct the bank to take immediate remedial action or hold additional capital against residual risk until the deficiencies in the CRM procedures are rectified to the satisfaction of the Central Bank. For example, the Central Bank may direct a bank to:

1. i.Make adjustments to the assumptions on holding periods, supervisory haircuts, or volatility (in the own haircuts approach);
2. ii.Give less than full recognition of credit risk mitigants (on the whole credit portfolio or by specific product line); and/or
3. iii.Hold a specific additional amount of capital.

70.Unmanaged risk and excessive concentrations are an important cause of major problems in banks. A bank must aggregate all similar direct and indirect exposures regardless of where the exposures have been booked. A risk concentration is any single exposure or group of similar exposures (e.g. to the same borrower or counterparty, including protection providers, geographic area, industry or other risk factors) with the potential to produce (i) losses large enough (relative to a bank’s earnings, capital, total assets or overall risk level) to threaten a bank’s creditworthiness or ability to maintain its core operations or (ii) a change in a bank’s risk profile. Risk concentrations must be analysed on both a bank legal entity and consolidated basis, as an unmanaged concentration at a subsidiary bank may appear immaterial at the consolidated level, but can nonetheless threaten the viability of the subsidiary. A change in the concentration risk is identified as a significant change.

71.Risk concentrations must be viewed in the context of a single or a set of closely related risk-drivers that may have different impacts on a bank. These concentrations must be integrated when assessing a bank’s overall risk exposure. A bank must consider concentrations that are based on common or correlated risk factors that reflect more subtle or more situation-specific factors than traditional concentrations, such as correlations between market, credit risks and liquidity risk.

72.The growth of market-based intermediation has increased the possibility that different areas of a bank are exposed to a common set of products, risk factors or counterparties. This has created new challenges for risk aggregation and concentration management. Through its risk management processes and MIS, a bank must be able to identify and aggregate similar risk exposures across the firm, including across legal entities, asset types (e.g. loans, derivatives and structured products), risk areas (e.g. the trading book) and geographic regions. The typical situations in which risk concentrations can arise include:

1. i.Exposures to a single counterparty, borrower or group of connected counterparties or borrowers;
2. ii.Industry or economic sectors, including exposures to both regulated and nonregulated financial institutions such as hedge funds and private equity firms;
3. iii.Geographical regions;
4. iv.Exposures arising from credit risk mitigation techniques, including exposure to similar collateral types or to a single or closely related credit protection provider;
5. v.Trading exposures;
6. vi.Exposures to counterparties (e.g. hedge funds and hedge counterparties) through the execution or processing of transactions (either product or service);
7. vii.Assets that are held in the banking book or trading book, such as loans, derivatives and structured products; and
8. viii.Off-balance sheet exposures, including guarantees, liquidity lines and other commitments.

73.Risk concentrations can also arise through a combination of exposures across these broad categories. A bank must have an understanding of its firm-wide risk concentrations resulting from similar exposures across its different business lines.

74.While risk concentrations often arise due to direct exposures to borrowers and obligors, a bank may also incur a concentration to a particular asset type indirectly through investments backed by such assets (e.g. collateralised debt obligations – CDOs), as well as exposure to protection providers guaranteeing the performance of the specific asset type (e.g. monoline insurers). A bank must have in place adequate, systematic procedures for identifying high correlation between the creditworthiness of a protection provider and the obligors of the underlying exposures due to their performance being dependent on common factors beyond systematic risk (i.e. “wrong way risk”).

75.Procedures must be in place to communicate risk concentrations to the board of directors and senior management in a manner that clearly indicates where in the organisation each segment of a risk concentration resides. A bank must have credible risk mitigation strategies in place that have senior management approval. This may include altering business strategies, reducing limits or increasing minimum capital requirements in line with the desired risk profile. While it implements risk mitigation strategies, the bank must be aware of possible concentrations that might arise because of employing risk mitigation techniques.

76.Banks must employ a number of techniques, as appropriate, to measure risk concentrations. These techniques include shocks to various risk factors; use of business level and firm-wide scenarios; and the use of integrated stress testing and economic capital models. The Central Bank will use the reference model to challenge the credit concentration risk. The reference model is based on Herfindahl-Hirschman index (HHI), therefore the Central Bank requires all the banks to calculate and report the credit concentration risk using Herfindahl-Hirschman Index (HHI) methodology (single name and sector concentration) to be part of ICAAP document irrespective of the approach chosen by the bank. Identified concentrations must be measured in a number of ways, including for example, consideration of gross versus net exposures, use of notional amounts, and analysis of exposures with and without counterparty hedges. A bank must establish internal position limits for concentrations to which it may be exposed. When conducting periodic stress tests, a bank must incorporate all major risk concentrations and identify and respond to potential changes in market conditions that could adversely have an impact on their performance and capital adequacy.

77.The assessment of such risks under a bank’s ICAAP and the supervisory review process must not be a mechanical process, but one in which each bank determines, depending on its business model, its own specific vulnerabilities. Every bank must discuss these vulnerabilities with the Central Bank. An appropriate level of capital for risk concentrations must be incorporated in a bank’s ICAAP, as well as in Pillar 2 assessments.

78.A bank must have in place effective internal policies, systems and controls to identify, measure, monitor, manage, control and mitigate its risk concentrations in a timely manner. Not only must normal market conditions be considered, but also the potential build-up of concentrations under stressed market conditions, economic downturns and periods of general market illiquidity. In addition, the bank must assess scenarios that consider possible concentrations arising from contractual and non-contractual contingent claims. The scenarios must also combine the potential build-up of pipeline exposures together with the loss of market liquidity and a significant decline in asset values. The Central Bank will use its own benchmarking to determine if banks estimation of additional capital requirements is sufficient.

79.Counterparty Credit Risk (CCR) represents a form of credit risk and is covered in Pillar 1.

80.The bank must have counterparty credit risk management policies, processes and systems that are conceptually sound and implemented with integrity relative to the sophistication and complexity of a firm’s holdings of exposures that give rise to CCR. A sound counterparty credit risk management framework shall include the identification, measurement, management, approval and internal reporting of CCR.

81.The bank’s risk management policies must take account of the market, liquidity and operational riks that can be associated with CCR and, to the extent practicable, interrelationships among those risks. The bank must not undertake business with a counterparty without assessing its creditworthiness and must take due account of both settlement and pre-settlement credit risk. These risks must be managed as comprehensively as practicable at the counterparty level (aggregating counterparty exposures with other credit exposures) and at the firm-wide level.

82.The board of directors and senior management must be actively involved in the CCR control process and must regard this as an essential aspect of the business to which significant resources need to be devoted.

83.The bank’s CCR management system must be used in conjunction with internal credit and trading limits. In this regard, credit and trading limits must be the outcome of the firm’s risk measurement model in a manner that is consistent over time and that is well understood by credit managers, traders and senior management.

84.The bank must have a routine and rigorous program of stress testing in place as a supplement to the CCR analysis based on the day-to-day output of the bank’s risk measurement model. The results of this stress testing must be reviewed periodically by senior management and must be reflected in the CCR policies and limits set by management and the board of directors. Where stress tests reveal particular vulnerability to a given set of circumstances, management must explicitly consider appropriate risk management strategies (e.g. by hedging against that outcome, or reducing the size of the firm’s exposures).

85.The bank must have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operation of the CCR management system. The firm’s CCR management system must be well documented, for example, through a risk management manual that describes the basic principles of the risk management system and that provides an explanation of the empirical techniques used to measure CCR.

86.The bank must conduct an independent review of the CCR management system regularly through its own internal auditing process. This review must include both the activities of the business credit and trading units and of the independent CCR control. A review of the overall CCR management process must take place at regular intervals (ideally not less than once a year) and must specifically address, at a minimum:

1. i.The adequacy of the documentation of the CCR management system and process;
2. ii.The organisation of the CCR control;
3. iii.The integration of CCR measures into daily risk management;
4. iv.The approval process for risk pricing models and valuation systems used by front and back-office personnel;
5. v.The validation of any significant change in the CCR measurement process;
6. vi.The scope of counterparty credit risks captured by the risk measurement model;
7. vii.The integrity of the management information system;
8. viii.The accuracy and completeness of CCR data;
9. ix.The verification of the consistency, timeliness and reliability of data sources used to run internal models, including the independence of such data sources;
10. x.The accuracy and appropriateness of volatility and correlation assumptions;
11. xi.The accuracy of valuation and risk transformation calculations;
12. xii.The verification of the model’s accuracy through frequent back testing.

87.Gross income, used in the Basic Indicator and Standardised Approaches for operational risk, is only a proxy for the scale of operational risk exposure of a bank and can in some cases underestimate the need for capital for operational risk. The Central Bank will consider whether the capital requirement generated by the Pillar 1 calculation gives a consistent picture of the individual bank’s operational risk exposure, for example in comparison with other banks of similar size and with similar operations. The use of Pillar 2 to charge capital for inadequacy in risk management may also be applied by the Central Bank.

88.A bank offering Islamic financial services must ensure that its operational risk management framework addresses any operational risks arising from potential noncompliance with Sharī’ah provisions and Higher Shari’ah Authority resolutions.

Policies and procedures for trading book eligibility

89.Clear policies and procedures used to determine the exposures that may be included in, and those that must be excluded from, the trading book for purposes of calculating regulatory capital are critical to ensure the consistency and integrity of a bank’s trading book. The Central Bank must be satisfied that the policies and procedures clearly delineate the boundaries of the bank’s trading book and consistent with the bank’s risk management capabilities and practices. The Central Bank must also be satisfied that transfers of positions between banking and trading books can only occur in a very limited set of circumstances. The Central Bank will require a bank to modify its policies and procedures when they prove insufficient with the general principles set forth in this Standard, or not consistent with the bank’s risk management capabilities and practices.
 

Valuation

90.Prudent valuation policies and procedures form the foundation on which any robust assessment of market risk capital adequacy must be built. For a well-diversified portfolio consisting of highly liquid cash instruments, and without market concentration, the valuation of the portfolio, combined with the minimum quantitative standards may deliver sufficient capital to enable a bank, in adverse market conditions, to close out or hedge its positions in a quick and orderly fashion. However, for less well diversified portfolios, for portfolios containing less liquid instruments, for portfolios with concentrations in relation to market turnover, and/or for portfolios which contain large numbers of positions that are marked-to-model this is less likely to be the case. In such circumstances, the Central Bank will consider whether a bank has sufficient capital. To the extent, if there is a shortfall, the Central Bank will react appropriately. This will usually require the bank to reduce its risks and set higher minimum capital requirements.
 

91.Reputational risk of the bank can be defined as the risk arising from negative perception on the part of customers, counterparties, shareholders, investors, debt-holders, market analysts, other relevant parties or regulators that can adversely affect a bank’s ability to maintain existing, or establish new, business relationships and continued access to sources of funding (e.g. through the interbank or securitisation markets). Reputational risk is multidimensional and reflects the perception of other market participants. Furthermore, it exists throughout the organisation and exposure to reputational risk is essentially a function of the adequacy of the bank’s internal risk management processes, as well as the manner and efficiency with which management responds to external influences on bank-related transactions.

92.Reputational risk can lead to the provision of implicit support by the bank, which may give rise to credit, liquidity, market and legal risk – all of which can have a negative impact on a bank’s earnings, liquidity and capital position. A bank must identify potential sources of reputational risk to which it is exposed. These include the bank’s business lines, liabilities, affiliated operations, off-balance sheet vehicles and the markets in which it operates. The risks that arise must be incorporated into the bank’s risk management processes and appropriately addressed in its ICAAP and liquidity contingency plans.

93.A bank must incorporate the exposures that could give rise to reputational risk into its assessments of whether the requirements under the securitisation framework have been met and the potential adverse impact of providing implicit support.

94.Reputational risk also may affect a bank’s liabilities, since market confidence and a bank’s ability to fund its business are closely related to its reputation. For instance, to avoid damaging its reputation, a bank may call its liabilities even though this might negatively affect its liquidity profile. This is particularly true for liabilities that are components of regulatory capital, such as hybrid/subordinated debt. In such cases, a bank’s capital position is likely to suffer.

95.Bank management must have appropriate policies in place to identify sources of reputational risk when entering new markets, products or lines of activities. In addition, a bank’s stress testing procedures must take account of reputational risk so management has a firm understanding of the consequences and second round effects of reputational risk.

96.Once a bank identifies potential exposures arising from reputational concerns, it must measure the amount of support it might have to provide (including implicit support of securitisations) or losses it might experience under adverse market conditions. In particular, in order to avoid reputational damages and to maintain market confidence, a bank must develop methodologies to measure as precisely as possible the effect of reputational risk in terms of other risk types (e.g. credit, liquidity, market or operational risk) to which it may be exposed. This could be accomplished by including reputational risk scenarios in regular stress tests. For instance, non-contractual off-balance sheet exposures could be included in the stress tests to determine the effect on a bank’s credit, market and liquidity risk profiles. Methodologies also could include comparing the actual amount of exposure carried on the balance sheet versus the maximum exposure amount held off-balance sheet, that is, the potential amount to which the bank could be exposed.

97.A bank must pay particular attention to the effects of reputational risk on its overall liquidity position, taking into account both possible increases in the asset side of the balance sheet and possible restrictions on funding, as well as the loss of reputation as a result in various counterparties’ loss of confidence.

98.In contrast to contractual credit exposures, such as guarantees, implicit support is a more subtle form of exposure. Implicit support arises when a bank provides post-sale support to a securitisation transaction in excess of any contractual obligation. Such non-contractual support exposes a bank to the risk of loss, such as loss arising from deterioration in the credit quality of the securitisation’s underlying assets.

99.By providing implicit support, a bank signals to the market that all of the risks inherent in the securitised assets are still held by the organisation and, in effect, had not been transferred. Since the risk arising from the potential provision of implicit support is not captured ex ante under Pillar 1, it must be considered as part of the Pillar 2 process. In addition, the processes for approving new products or strategic initiatives must consider the potential provision of implicit support and must be incorporated in a bank’s ICAAP.

100.This Standard will focus on regulatory supervision of market conduct by the Central Bank. Supervision will rely on the supervisory activities identified in the previous chapters and is supplemented by the follow requirements and activities.

101.The Central Bank has taken steps to strengthen its regulatory and supervisory framework regarding market conduct of financial institutions by creating a separate Consumer Protection Department (CPD) that will have the resources and mandate to focus on monitoring market conduct, providing regulatory supervision and addressing issues of compliance / enforcement. It also has a mandate to improve consumer financial literacy through consumer education programs and outreach activities.

Consumer Protection Framework

102.A Consumer Protection Framework (CPF) is a regulatory and supervisory response designed to protect consumers by establishing standards of market conduct for institutional behaviour to mitigate potential risks of misconduct and protect consumers from harm.
 

103.Market conduct is defined simply as to how a financial institution conducts itself in the marketplace in terms of the level of integrity, fairness, and competency that it demonstrates in dealing with consumers. It includes the behaviour and actions of a financial institution in the market place involving such matters as:

1. i.product design, development
2. ii.marketing and sales practices,
3. iii.advertising,
4. iv.compliance with laws,
5. v.fulfilling its obligations to customers,
6. vi.treatment of customer’s / dispute resolution,
7. vii.conflicts of interest,
8. viii.transparency and disclosure
9. ix.Market competition, pricing, etc.

104.The supervisory activities under the CPF are risk-based and requires a comprehensive understanding of the retail operations of the financial institutions; the risks created by the behaviour of these organisations, the risks from products and services offered, and how these risks are being managed. The risk-based approach assesses the nature of the institution’s business activities and the risks that are inherent to each type of activity undertaken. The supervisory framework requires open, transparent and frequent flow of quality data and information between the financial institutions and the Central Bank that allows CPD to effectively perform up-to-date market conduct assessments.

Importance of Supervisory Review – Market Conduct

105.Many of the supervisory requirements discussed in previous sections of these Standards fully apply to the supervision of market conduct. However, supervision of market conduct adds another dimension and perspective in regulatory supervision. The additional supervisory concerns are highlighted as follows.
 

Board and Senior Management Oversight

106.In addition to the previous chapters, it is expected that effective reporting occur quarterly regarding any compliance issues regarding retail operations, analysis of consumer complaints / trends and identification of systemic issues. Boards should be confident that its retail workers have had the training and qualification to fulfil their responsibilities and regulatory responsibilities and those effective verifications are carried out.
 

Appropriate Policies, Procedures and Limits:

107.More specifically, market conduct will focus on policies, procedures, practices and related training associated with product design, development, distribution, marketing, advertising and sales. The Central Bank will evaluate the same elements for third parties carrying out outsourced retail activities.
 

Comprehensive Risk Assessment:

Operational Risk:

108.The financial institution must have a framework for monitoring, identifying and mitigating market conduct risks association with business lines and the products and services offered at the retail level. This includes identifying risks associated with institutional errors or misconduct. Risk analysis must consider such activities including product design, development, marketing, pricing, distribution, sales, advertising, disclosure, suitability, affordability, product assumptions and accuracy / method of calculations, fraud, technology downtime, etc. Institutions must also evaluate the risks related to third party distributors, suppliers / contractors.

109.An important differentiation from prudent supervision is the matter of materiality. It is not the basis for mitigating conduct risks in the retail market place. The regulatory concerns are on proactive mitigation of risks with the objectives of promoting consumer confident in the integrity of the market place, preventing harm done to the consumer and ensuring proper dispute resolution and redress where there is harm.

Reputational Risks:

110.The institution must also evaluate the impact that a risk event in the retail operations may have on its reputation in the market place, (a) whether it is an event of significant misselling or improper disclosure or calculation errors, these may be systemic issues that will attract regulatory actions, may attract public awareness and media attention and (b) what measures will the institution have in place to mitigate this risk and associated response by consumers.

Monitoring and Reporting:

111.Institutions are expected to have an adequate system for monitoring and reporting on their retails operations. The bank’s senior management or board of directors must, ensure proper monitoring and reporting including risk analysis and trends in consumer inquires and complaints. Reporting to the board should evaluate the quality and frequency of training of front line staff; the proper qualifications of staff to sell or market products, the meeting of performance indicators, the identification and frequency of bank errors, compliance with regulatory requirements and other matters of conduct risk.

112.Financial institutions will provide timely and accurate information as requested by the Central Bank including complaint information as required by the Central Bank as per Notice 383/2017 regarding setting up a Complaint Unit.

113.Financial institutions will provide notice to the Central Bank of any material changes and/or important issues that may affect consumers or the retail operations of the financial institution.

114.The financial market crisis underscores the importance of assessing the potential impact of liquidity risk on capital adequacy in a bank’s ICAAP. Senior management must consider the relationship between liquidity and capital since liquidity risk can affect capital adequacy, which, in turn, can aggravate a bank’s liquidity profile.

115.Another facet of liquidity risk management is that a bank must appropriately price the costs, benefits and risks of liquidity into the internal pricing, performance measurement, and new product approval process of all significant business activities.

116.A bank is expected to be able to thoroughly identify, measure and control liquidity risks, especially with regard to complex products and contingent commitments (both contractual and non-contractual). This process must involve the ability to project cash flows arising from assets, liabilities and off-balance sheet items over various time horizons, and must ensure diversification in both the tenor and source of funding. A bank must utilise early warning indicators to identify the emergence of increased risk or vulnerabilities in its liquidity position or funding needs. It must have the ability to control liquidity risk exposure and funding needs, regardless of its organisation structure, within and across legal entities, business lines, and currencies, taking into account any legal, regulatory and operational limitations to the transferability of liquidity.

117.A bank’s failure to effectively manage intraday liquidity could leave it unable to meet its payment obligations at the time expected, which could lead to liquidity dislocations that cascade quickly across many systems and institutions. As such, the bank’s management of intraday liquidity risks must be considered as a crucial part of liquidity risk management. It must also actively manage its collateral positions and have the ability to calculate all of its collateral positions.

118.While banks typically manage liquidity under “normal” circumstances, they must also be prepared to manage liquidity under stressed conditions. A bank must perform stress tests or scenario analyses on a regular basis in order to identify and quantify their exposures to possible future liquidity stresses, analysing possible impacts on the bank’s cash flows, liquidity positions, profitability, and solvency. The results of these stress tests must be discussed thoroughly by management, and based on this discussion, must form the basis for taking remedial or mitigating actions to limit the bank’s exposures, build up a liquidity cushion, and adjust its liquidity profile to fit its risk tolerance. The results of stress tests must also play a key role in shaping the bank’s contingency funding planning, which must outline policies for managing a range of stress events and clearly sets out strategies for addressing liquidity shortfalls in emergencies.

119.The Central Bank’s reserves the right to set higher liquidity requirements in Pillar 2.

120.In order to enhance the supervisory assessment of banks’ valuation practices, the Basel Committee published Supervisory guidance for assessing banks’ financial instrument fair value practices in April 2009. This guidance applies to all positions that are measured at fair value and at all times, not only during times of stress.

121.The characteristics of complex structured products as well as simple but illiquid products, including securitisation transactions, make their valuation inherently difficult due, in part, to the absence of active and liquid markets, the complexity and uniqueness of the cash waterfalls, and the links between valuations and underlying risk factors. The absence of a transparent price from a liquid market means that the valuation must rely on models or proxy-pricing methodologies, as well as on expert judgment. The outputs of such models and processes are highly sensitive to the inputs and parameter assumptions adopted, which may themselves be subject to estimation error and uncertainty. Moreover, calibration of the valuation methodologies is often complicated by the lack of readily available benchmarks.

122.Therefore, a bank is expected to have adequate governance structures and control processes for fair valuing exposures for risk management and financial reporting purposes. The valuation governance structures and related processes must be embedded in the overall governance structure of the bank, and consistent for both risk management and reporting purposes. The governance structures and processes are expected to explicitly cover the role of the board and senior management. In addition, the board must receive reports from senior management on the valuation oversight and valuation model performance issues that are brought to senior management for resolution, as well as all significant changes to valuation policies.

123.A bank must also have clear and robust governance structures for the production, assignment and verification of financial instrument valuations. Policies must ensure that the approvals of all valuation methodologies are well documented. In addition, policies and procedures must set forth the range of acceptable practices for the initial pricing, marking-to-market/model, valuation adjustments and periodic independent revaluation. New product approval processes (which has to be established in the first place) must include all internal stakeholders relevant to risk measurement, risk management, and the assignment and verification of valuations of financial instruments.

124.A bank’s control processes for testing and reporting valuations must be consistently applied across the firm and integrated with risk measurement and management processes. In particular, valuation controls must be applied consistently across similar instruments (risks) and consistent across business lines (books). These controls must be subject to internal audit. Regardless of the booking location of a new product, reviews and approval of valuation methodologies must be guided by a minimum set of considerations. Furthermore, the valuation/new product approval process must be supported by a transparent, well-documented inventory of acceptable valuation methodologies that are specific to products and businesses. The Board must be familiar with and approve the basic assumptions behind these methodologies.

125.In order to establish and verify valuations for instruments and transactions in which it engages, a bank must have adequate capacity, including during periods of stress. This capacity must be commensurate with the importance, riskiness and size of these exposures in the context of the business profile of the bank. In addition, for those exposures that represent material risk, a bank is expected to have the capacity to produce valuations using alternative methods that cannot just solely rely on the valuations provided by its counterparts in the event that primary inputs and approaches become unreliable, unavailable or not relevant due to market discontinuities or illiquidity. A bank must test and review the performance of its models under stress conditions so that it understands the limitations of the models under stress conditions.

126.The relevance and reliability of valuations is directly related to the quality and reliability of the inputs. Where values are determined to be in an active market, a bank must maximise the use of relevant observable inputs and minimise the use of unobservable inputs when estimating fair value using a valuation technique. However, where a market is deemed inactive, observable inputs or transactions may not be relevant, such as in a forced liquidation or distress sale, or transactions may not be observable, such as when markets are inactive. In such cases, accounting fair value guidance provides assistance on what must be considered, but may not be determinative. In assessing whether a source is reliable and relevant, a bank must consider, among other things:

1. i.The frequency and availability of the prices/quotes;
2. ii.Whether those prices represent actual regularly occurring transactions on an arm's length basis;
3. iii.The breadth of the distribution of the data and whether it is generally available to the relevant participants in the market;
4. iv.The timeliness of the information relative to the frequency of valuations;
5. v.The number of independent sources that produce the quotes/prices;
6. vi.The maturity of the market; and
7. vii.The similarity between the financial instrument sold in a transaction and the instrument held by the bank.

127.In order to strengthen banks’ stress testing practices, as well as improve supervision of those practices, in October 2018 the Basel Committee published Principles for sound stress testing practices and supervision. Improvements in stress testing alone cannot address all risk management weaknesses, but as part of a comprehensive approach, stress testing has a leading role to play in strengthening bank corporate governance and the resilience of individual banks and the financial system.

128.Stress testing is an important tool that is used by banks as part of their internal risk management that alerts bank management to adverse unexpected outcomes related to a broad variety of risks, and provides an indication to banks of how much capital might be needed to absorb losses if large shocks occur. Moreover, stress testing supplements other risk management approaches and measures. It plays a particularly important role in:

1. i.Providing forward looking assessments of risk,
2. ii.Overcoming limitations of models and historical data,
3. iii.Supporting internal and external communication,
4. iv.Feeding into capital and liquidity planning procedures,
5. v.Informing the setting of a banks’ risk tolerance,
6. vi.Addressing existing or potential, firm-wide risk concentrations, and
7. vii.Facilitating the development of risk mitigation or contingency plans across a range of stressed conditions.

129.Stress testing is especially important after long periods of benign risk, when the fading memory of negative economic conditions can lead to complacency and the underpricing of risk, and when innovation leads to the rapid growth of new products for which there is limited or no loss data.

130.Stress testing must form an integral part of the overall governance and risk management culture of the bank. Board and senior management involvement in setting stress testing objectives, defining scenarios, discussing the results of stress tests, assessing potential actions and decision making is critical in ensuring the appropriate use of stress testing in banks’ risk governance and capital planning. Senior management must take an active interest in the development and operation of stress testing. The results of stress tests must contribute to strategic decision making and foster internal debate regarding assumptions, such as the cost, risk and speed with which new capital could be raised or that positions could be hedged or sold. Board and senior management involvement in the stress-testing program is essential for its effective operation.

131.Therefore, a bank’s capital planning process must incorporate rigorous, forward-looking stress testing that identifies possible events or changes in market conditions that could adversely have an impact on the bank. Banks, in their ICAAPs must examine future capital resources and capital requirements under adverse scenarios. In particular, the results of forward-looking stress testing must be considered when evaluating the adequacy of a bank’s capital buffer. Capital adequacy must be assessed under stressed conditions against a variety of capital ratios, including regulatory ratios. In addition, the possibility that a crisis impairs the ability of even very healthy banks to raise funds at reasonable cost must be considered.

132.In addition, a bank must develop methodologies to measure the effect of reputational risk arising from other risk types, namely credit, liquidity, market and other risks that they may be exposed to in order to avoid reputational damages and in order to maintain market confidence. This could be done by including reputational risk scenarios in regular stress tests. For instance, AML sanctions.

133.A bank must carefully assess the risks with respect to commitments to off-balance sheet vehicles and third-party firms related to structured credit securities and the possibility that assets will need to be taken on-balance sheet for reputational reasons. Therefore, in its stress-testing programme, a bank must include scenarios assessing the size and soundness of such vehicles and firms relative to its own financial, liquidity and regulatory capital positions. This analysis must include structural, solvency, liquidity and other risk issues, including the effects of covenants and triggers.

134.The Central Bank will assess the effectiveness of banks’ stress testing programme in identifying relevant vulnerabilities. The Central Bank will review the key assumptions driving stress-testing results and challenge their continuing relevance in view of existing and potentially changing market conditions. The Central Bank will challenge the banks on how stress testing is used and the way it affects decision-making. Where this assessment reveals material shortcomings, the Central Bank will require a bank to detail a plan of corrective action