Skip to main content
Back Custom print Text Only Rich Text Print

  • Credit Risk Management Regulation

    C 3/2024 Effective from 30/11/2024

    • Introduction

      The Central Bank of the UAE (“CBUAE”) seeks to promote the continuous development of an effective and efficient financial system. This regulation and the accompanying standards are issued pursuant to the powers vested under the Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities and its amendments.

      Each LFI is required to implement a comprehensive framework to manage the credit risk it acquires to ensure its financial resilience. In this context, this regulation establishes the minimum acceptable practices for credit risk management and provisioning for LFIs.

      Where this regulation or the accompanying standards include requirements to provide specific information, to take specific measures or to address a specific list of items ‘at a minimum’, the CBUAE reserves the right to impose additional requirements to those articulated in this regulation and the accompanying standards.

      This regulation supersedes and replaces the circulars and notices as set out in Article 17 of this regulation.

      The accompanying ‘Credit Risk Standards’ supplement the regulation and are mandatory and enforceable in the same manner as the regulation.

    • Scope

      This regulation applies to all LFIs in the UAE that provide Credit Facilities. In addition, LFIs incorporated in the UAE with foreign subsidiaries, affiliates, or international branches, must comply with this regulation on a consolidated basis. UAE branches or subsidiaries of foreign institutions must apply this regulation to their activities in the UAE and their reporting to the Central Bank.

    • Objective

      The objective of this regulation is to establish minimum requirements for LFIs with regard to effective credit risk management.

    • Article (1): Definitions

      1.1
      Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
       
      1.2
      Board: The LFI's board of directors.
       
      1.3
      CCO: The Chief Credit Officer of an LFI, this includes the Head of Credit, or any similar designation which denotes the highest level of authority for this role within the LFI.
       
      1.4
      Central Bank: The Central Bank of the United Arab Emirates.
       
      1.5
      1.6
      CEO: The Chief Executive Officer of an LFI.
       
      1.7
      Counterparty Credit Risk: Transactions that give rise to counterparty credit risk include: OTC derivatives, exchange-traded derivatives, long settlement transactions and securities financing transactions that are bilaterally or centrally cleared. Counterparty credit risk may result from (but is not limited to) transactions with LFIs and corporate entities.
       
      1.8
      Country Risk: The risk of loss caused by geopolitical, economic or natural events in a foreign country. The concept is broader than sovereign risk because it covers exposures to all types of obligors in the country, including individuals, corporates, banks and government entities. Country risk can have direct and indirect impacts on credit risk, market risk, operational risk, reputational risk and several other risk types. Country risk also covers transfer risk, i.e. the risk that an obligor is not able to convert local currency into a foreign currency, thereby reducing its ability to repay its debt in foreign currency. Such risk arises from foreign exchange restrictions imposed by the government in the country of the obligor.
       
      1.9
      Credit Facility (“Facility”): Any legal agreement that gives rise to financial obligations or commitments that are legally binding or perceived to be legally binding on one of the parties in a transaction. In the context of this regulation, credit facilities should be understood in the broad sense as credit exposure via any financial instrument, including amongst others, on-balance sheet credit facilities, capital market instruments, receivables, off-balance sheet contracts including but not limited to guarantees/letters of credit, as well as Counterparty Credit Risk arising from over-the-counter derivatives contracts and securities financing transactions including Shari’ah compliant facilities.
       
      1.10
      Credit Risk: The potential loss arising from the likelihood that a borrower or counterparty fails to meet its obligations in accordance with agreed terms of a lending agreement.
       
      1.11
      Credit Risk Mitigation (“CRM”): Cash flows derived from liquidation of collateral and other sources that may be utilised to mitigate against financial loss as described in this regulation and the accompanying standards.
       
      1.12
      CRO: The Chief Risk Officer of an LFI this includes the Head of Risk, or any similar designation which denotes the highest level of authority for this role within the LFI.
       
      1.13
      Days-Past-Due (“DPD”): A payment is considered past due if it has not been made by its contractual due date. The days-past-due is the number of calendar days that a payment is due, i.e. the number of days for which a payment is late.
       
      1.14
      Default: As defined in Article 6 of this regulation and the accompanying standards.
       
      1.15
      Deferrals: A payment is considered deferred if it has not been made on or by its contractual due date with the formal agreement of the LFI to delay the single instalment.
       
      1.16
      Group of Connected Counterparties: as defined in the Central Bank’s Large Exposures Regulation.
       
      1.17
      Interest: For the purpose of this regulation and the accompanying standards, the treatment of ‘interest’ used for conventional finance applies to ‘profit’ used for Islamic finance unless an exception from the Central Bank and the Higher Shari’ah Authority is obtained for Shari’ah compliance purposes.
       
      1.18
      Islamic Financial Services: Shari'ah compliant financial services offered by Licensed Financial Institutions that conduct all or part of their activities and businesses in accordance with the Islamic Shari’ah (“Islamic Financial Institutions” or “IFIs”).
       
      1.19
      Lending: For the purpose of this regulation, the treatment of ‘lending’ used for conventional finance also apply to ‘financing’ used for Islamic finance.
       
      1.20
      Licensed Financial Institutions (“LFI”): as defined under the Central Bank Law.
       
      1.21
      Obligor: Individual or entity or group of entities that have a Credit Facility with the LFI.
       
      1.22
      Parent and Subsidiary: An entity (the 'first entity') is a parent of another entity (the 'second entity') if any of the below requirements are met:
       
      1.22.1
      The first entity holds more than 50% shareholding in the second entity;
       
      1.22.2
      The first entity holds more than 50% of the voting rights in the second entity;
       
      1.22.3
      The first entity is a shareholder of the second entity and has the right to appoint or remove a majority of the Board of directors or managers of the second entity;
       
      1.22.4
      The first entity is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity; or
       
      1.22.5
      The second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.
       
      1.23
      Past Due: A financial asset is past due when an Obligor has failed to make a payment when that payment was contractually due, that is if any part of the contractual Interest and/or principal payment (or the debt due in case of IFIs’ debt-based structures) is not met on time. The number of days past due is non-cumulative, where the most recent payment cures the earliest contractual breach.
       
      1.24
      Purchased or Originated Credit Impaired (“POCI”): Credit Facility that is already impaired at the time when it is purchased or originated.
       
      1.25
      Related Parties: The Group and its controlling shareholders, members of the Board and Senior Management (and their Relatives) and persons with control, joint control or significant influence over the LFI (and their Relatives).
       
      1.26
      Relatives: The individual's parents, siblings and children.
       
      1.27
      Repayment: For the purpose of this regulation, the requirements applied to “repayment” in the context of conventional finance also apply to “payment” in Islamic finance context. The timing of such repayment is called the repayment structure. In many cases Interest and/or a charge to the principal balance is added in exchange for lending/financing services and/or to cover the time value of money/compensation for the exchange.
       
      1.28
      Restructured Credit Facility: As defined in Article 8 of this regulation.
       
      1.29
      Retail Obligor: For the purpose of this regulation, retail obligors refer to individuals to whom Credit Facilities are granted to satisfy that individual’s personal needs. It also includes SME, small business Credit Facilities for which Credit Risk is managed by the LFI using similar methods as applied for personal Credit Facilities. If this is not the case, then SME will be classified as wholesale.
       
      1.30
      Risk Appetite: The aggregate level and types of risk an LFI is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
       
      1.31
      Risk Governance Framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the LFI's strategy and risk approach; articulate and monitor adherence to the Risk Appetite and Risk Limits relative to the LFI's strategy; and identify, measure, manage and control risks.
       
      1.32
      Risk Limits: Specific quantitative measures that must not be exceeded based on, for example, forward-looking assumptions that allocate the LFI's aggregate Risk Appetite to business lines, legal entities or management units within the LFI or group in the form of specific risk categories, concentrations or other measures as appropriate.
       
      1.33
      Risk Management Function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on an LFI-wide and, if applicable, group-wide basis.
       
      1.34
      Risk Profile: Point in time assessment of the LFI's risk exposures aggregated within and across each relevant risk segment based on current or forward-looking assumptions.
       
      1.35
      Senior Management: The executive management of the LFI responsible and accountable to the Board for the sound and prudent day-to-day management of the LFI, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, chief credit officer and heads of the compliance and internal audit functions.
       
      1.36
      Significant Increase in Credit Risk (“SICR”): Material deterioration in credit-worthiness of a Credit Facility since its initial recognition as articulated in Article 7 of this regulation.
       
      1.37
      Small to Medium sized Enterprise (SME): includes small, micro and medium businesses, provided that the businesses meet the thresholds of employee headcount and turnover, as defined by the Federal Cabinet Resolution No. 22 of 2016 which sets out the Small to Medium sized Enterprise definition for the purposes of Federal Law No. 2 of 2014 or any subsequent amendments to the Federal laws defining an SME.
       
      1.38
      Stages: Stages are employed to classify Credit Facilities according to their current and expected credit worthiness.
       
      1.39
      Wholesale: Any Obligor that is not considered a Retail Obligor as defined in this regulation.
       

    • Article (2): Credit Risk Governance

      2.1
      The Board must approve and regularly review the LFI’s Credit Risk management strategy and significant policies and processes for the identification, measurement, evaluation, monitoring, reporting, control and mitigation of Credit Risk, including Counterparty Credit Risk, in a manner that is consistent with the Board-approved Risk Appetite.
       
      2.2
      Branches of foreign banks must comply with this regulation. Where this regulation refers to the Board of the LFI, branches of foreign banks may apply the requirement either with respect to the Board of their head office or with respect to the Senior Management of their head office, which has the oversight of the foreign branch. The Central Bank may, at its discretion, require that all or some of the requirements are met with respect to the Board of the head office.
       
      2.3
      The Board must ensure that the Risk Governance Framework is appropriate to the Risk Profile, nature, size and complexity of the LFI's business and structure. This includes a proactive and forward-looking oversight of the management of people, policies, processes, procedures and systems to identify, measure, monitor, report, control and mitigate Credit Risk on a timely basis, covering all exposures.
       
      2.4
      The Board must oversee management to ensure that the Credit Risk management strategy and governance is effectively implemented and fully integrated into the LFI’s overall risk management process.
       
      2.5
      The Board must ensure that the Risk Governance Framework includes a delegation matrix that articulates the roles and responsibilities for the approval of Credit Facilities, whereby facilities that are material, particularly risky or not aligned with the LFI’s core activities must be approved by the Board.
       
      2.6
      The Board must ensure that the LFI has policies for the classification of exposures, the determination of provisions and for the management of problem exposures and write-offs. These policies must be approved and regularly reviewed by the Board, and the Board must oversee management to ensure that these policies are effectively implemented.
       
      2.7
      The Board must ensure that it obtains information and reporting with sufficient detail on the LFI’s Credit Risk at an appropriate frequency throughout the year.
       
      2.8
      The Board must ensure that credit decisions are made free of conflicts of interest and on an arm’s length basis.
       
      2.9
      The Board remains ultimately accountable for the appropriate management of Credit Risk, notwithstanding specific responsibilities delegated to Senior Management.
       

    • Article (3): Credit Risk Management Framework

      3.1
      LFIs must implement an adequate, well-documented and effective Credit Risk management framework consisting of policies, processes and controls that comprehensively cover the acquisition and management of Credit Risk. This framework must be consistent with the Board-approved Risk Appetite of the LFI and the Risk Profile, systemic importance and capital strength of the LFI.
       
      3.2
      The framework must cover all the key steps of the Credit Risk lifecycle, including, but not limited to, origination, underwriting, approval, monitoring, portfolio management, recovery and provisioning.
       
      3.3
      The Credit Risk management framework must include a robust methodology for the early identification and appropriate measurement of credit losses that meets the minimum requirements as set out in the accompanying standards to this regulation.
       
      3.4
      The Credit Risk management framework must ensure the effective data aggregation, identification, measurement, monitoring, reporting, control and mitigation of Credit Risk.
       
      3.5
      The framework must ensure that significant sources of concentration risk and exposures with low levels of credit-worthiness are specifically addressed, and that proper risk management and risk mitigating processes are in place.
       
      3.6
      The framework must be supported by documented policies and procedures and clearly defined roles and responsibilities.
       
      3.7
      The Credit Risk framework must ensure an effective credit administration process supported by comprehensive and robust information systems for the accurate and timely identification, aggregation and reporting of Credit Risk exposures to the Board and Senior Management on a regular basis is in place.
       
      3.8
      The framework must also ensure that the LFI implements policies to identify, manage and report on exceptions to policies governing Credit Risk management. Such policies must specify the process to grant exceptions and ensure the involvement of Senior Management or the Board when necessary.
       
      3.9
      The framework must also be designed to identify and monitor the risk factors that could lead to a deterioration in creditworthiness or Default of their Obligors.
       

    • Article (4): Credit Risk Oversight Functions and Roles

      4.1
      Each LFI must have a credit review function headed by the CCO that is responsible for the prudent acquisition of Credit Risk arising from all products types across the LFI.
       
       
      For Wholesale Obligors, the function must review individual transactions in order to assess the specific Credit Risk of facilities, in accordance with Article 5 of this regulation focusing on credit underwriting.
       
       
      For Retail Obligors, the acquisition of Credit Risk must be controlled and governed at minimum at portfolio level.
       
      4.2
      Each LFI must have an independent Credit Risk Management Function within the risk management function headed by the CRO to conduct adequate and continuous oversight of the acquisition and management of Credit Risk. This function must safeguard the LFI from acquiring Credit Risk that is not within the LFI’s Risk Appetite, is not in accordance with the LFI’s policies, or may otherwise present a threat to the LFI.
       
      4.3
      While the Credit Risk Management Function must not have any decision-making role in the acquisition of Credit Risk, the Credit Risk Management Function must nevertheless have the power and responsibility to veto credit proposals where necessary, including but not limited to instances where the Risk Limits are or risk being breached.
       
      4.4
      The internal audit function, compliance function and external audit function must have an active role in the control and oversight of Credit Risk throughout the LFI.
       

    • Article (5): Credit Underwriting

      5.1
      LFIs must implement a comprehensive underwriting process for the acquisition of Credit Risk, consistent with the strategy of the LFI. This process must ensure a thorough understanding of the risk profile of Obligors.
       
      5.2
      The underwriting process must be supported by adequate policies and procedures covering the key components of the decision process, including, but not limited to, (i) governance of credit approval, (ii) credit limits, (iii) due diligence and financial information from the Obligor, (iv) methodology for Credit Risk analysis, (v) collateral and risk mitigation, (vi) credit file documentation, and (vii) legal documentation.
       
      5.3
      The credit underwriting policy must incorporate risk-return discipline consistent with the LFI’s Risk Appetite and strategy. Appropriate Risk Limits must be defined at an adequate level of granularity.
       
      5.4
      LFIs must limit their reliance on external credit assessment. Where external ratings or external credit analysis are employed for a credit decision, LFIs must nevertheless develop their own independent view of the Credit Risk associated with their exposures.
       
      5.5
      Credit underwriting policies must cover the approval of (i) new exposures, (ii) renewal and (iii) refinancing of existing exposures. The policy must ensure a thorough understanding of the risk profile and characteristics of the borrowers and counterparties driving the performance of these exposures. In the case of securitisations, this includes a thorough understanding of the risk profile of both the underlying assets and the structured investmentvehicle.
       

    • Article (6): Definition of Default

      6.1
      A Default is considered to have occurred with regard to a particular Obligor when at least one of the following events have taken place: (a) non-payment and/or (b) unlikeliness to pay.
       
       
      Non-payment
       
      6.2
      Non-payment is considered to have occurred when a material credit obligation to the LFI is Past Due for a period greater than 90 days.
       
      6.3
      Overdrafts are considered Past Due once the Obligor has breached a contractual or internal limit, or has been advised of a limit smaller than the current outstanding.
       
       
      Unlikeliness to pay
       
      6.4
      Unlikeliness to pay is considered to have occurred when it is unlikely that the Obligor will pay its credit obligations to the LFI in full.
       
      6.5
      For the purpose of the evaluation of the unlikeliness to pay, LFIs must establish and document a set of criteria and early warning signals. The early identification of decline in creditworthiness must be based on both financial and non-financial indicators.
       

    • Article (7): Significant Increase in Credit Risk

      7.1
      The LFI must assess and document regularly whether the Credit Risk of a financial instrument has increased significantly since its initial recognition. The identification of Significant Increase in Credit Risk (“SICR”) must be done in accordance with accounting standards and the LFI’s internal policy on SICR -and must incorporate the requirements set outin this regulation and the accompanyingstandards.
       
      7.2
      The presence of SICR must be used by the LFI to determine the classification of facilities and their associated provisioning.
       
      7.3
      LFIs must implement a process and develop a methodology to determine if an SICR has occurred, for all types of Obligors. The process and criteria for the identification of SICR must be linked to and consistent with the identification of unlikeliness to pay.
       

    • Article (8): Restructuring

      8.1
      LFIs must develop and implement a process supported by policies and procedures to appropriately identify, implement and manage Restructured Credit Facilities. The Obligor/Credit Facility must be correctly classified in accordance with the criteria articulated in Article 9 on classification and provisioning.
       
      8.2
      The requirements on the classification of exposures continue to apply throughout and after the restructuring process, including the related provisioning requirements set out in Article 9 of this regulation.
       
      8.3
      The restructuring process must be subject to robust internal oversight and be reviewed by internal audit on a regular basis.
       
      8.4
      Branches of foreign banks may have processes for the oversight of the restructuring process at head office level. Therefore, they may adopt alternative equivalent measures of oversight of the restructuring process which will be subject to supervisory review and approval by the Central Bank.
       
      8.5
      For the purpose of this regulation, restructuring events are categorised into two distinct groups:
       
      8.5.1
      Distressed restructuring: where any of the terms of a Credit Facility are amended in a context of financial difficulty of the Obligor.
       
      8.5.2
      Non-distressed restructuring: where any of the terms of a Credit Facility are amended in the absence of current financial distress of the Obligor.
       

      • Article (9): Classification and Provisioning

         
        Classification principles
         
        9.1
        Each LFI must establish a process to assess, monitor and classify each Credit Facility or each portfolio of facilities according to its current and expected credit-worthiness. This classification must form the basis for proactive Credit Risk management, risk mitigation and provisioning.
         
        9.2
        LFIs must adhere to the classification Stages as set out in the accompanying standards, or maintain a classification system that is mapped to the categories required under the accompanying standards.
         
        9.3
        The classification process must be documented based on the provisioning policy approved and regularly reviewed by the Board or, in the case of branches of foreign institutions, the Board of the head office or the senior management committee of the branch.
         
         
        Provisioning
         
        9.4
        All LFIs must implement a process to estimate and document provisions associated with each Credit Facility in all Stages and in all credit portfolios, supported by sufficient organisational resources, in compliance with this regulation and the accompanying standards.
         
        9.5
        The provisioning process must be documented, organised and approved by Senior Management and the Board, and fully integrated into the LFI’s overall risk management process.
         
        9.6
        The policies and processes related to provisioning must ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, including appropriate expectations about future credit losses.
         
        9.7
        The methodologies and levels of provisions and write-offs must be subject to an effective review and validation process by a function independent from the relevant risk-taking function.
         
         
        Restructured Credit Facilities
         
        9.8
        LFIs must pay particular attention to the classification of Restructured Credit Facilities as per the additional requirements articulated in the accompanying standards.
         

      • Article (10): Credit Risk Mitigation

        10.1
        LFIs may account for the presence of CRM when determining the appropriate level of provisions, but only to the extent permitted as per the accompanying standards.
         
        10.2
        LFIs must have appropriate mechanisms in place to regularly assess the value of Credit Risk mitigation, such as guarantees, credit derivatives and collateral, and adjust the level of provisions where necessary.
         
        10.3
        The valuation of collateral must reflect the net realisable value, taking into account prevailing market conditions and the time and cost required for realisation.
         

      • Article (11): Portfolio Management and Internal Reporting

        11.1
        LFIs must ensure that Credit Risk acquired through underwriting, refinancing and other mechanisms is fully monitored, reported and managed.
         
        11.2
        The processes for portfolio management, underwriting and restructuring must be organized such that information from each process informs the other processes.
         
        11.3
        The monitoring process must include processes to ensure that funds are used in accordance with the facility legal agreement of each Obligor.
         

        • Article (12): Non-Performing Assets and Write-Off

          12.1
          LFIs must establish a strategy to manage non-performing assets and avoid maintaining elevated stocks of non-performing assets. This strategy must be approved and regularly reviewed by the Board, and be achieved by maximising recoveries and implementing timely write-offs. The strategy must be fully embedded into the management process of the LFIs and be the subject of regular reviews.
           
          12.2
          When the LFI has no reasonable expectation to recover the full or part of a facility exposure as per the terms of the legal agreement, it should undertake a full or partial write-off of that exposure.
           
          12.3
          The LFI must ensure that write-offs are timely and reflect realistic payment and recovery expectations.
           

        • Article (13): Credit Risk Models

          13.1
          LFIs must have methodologies and analytical solutions to measure, analyse and categorise Credit Risk and compute the associated provisions. LFIs must be able to analyse Credit Risk at several granularity levels including Credit Facility level, Obligor level, segment level and portfolio level in order to identify credit concentration risk.
           
          13.2
          Where an LFI makes use of models for decision making, it must comply with separate modelling standards and guidance issued by CBUAE. Each LFI must demonstrate that its models are fit for purpose and adequately calibrated to effectively support the associated risk and business decisions. 
           

        • Article (14): Counterparty Liability

          This regulation and the accompanying standards, including the requirement to apply haircuts or to not account for certain CRM for the purposes of calculating provisions, or to partly or fully write off exposures, do not reduce or extinguish the liability outstanding of the counterparty, and are without prejudice to the counterparty’s liability and the ability of LFIs to fully exercise and enforce their rights with regard to any form of CRM (including collateral).

        • Article (15): Enforcement and Sanctions

          15.1
          Violation of any provision of this Regulation and any accompanying Standards may be subject to supervisory action and administrative & financial sanctions as deemed appropriate by the Central Bank.
           
          15.2
          Supervisory action and administrative & financial sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, imposition of fines or barring individuals from the UAE banking sector.
           

        • Article (16): Interpretation of Regulation

          The Regulatory Development Department of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

          • Article (18): Publication and Effective Date

            This Regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.