79.Counterparty Credit Risk (CCR) represents a form of credit risk and is covered in Pillar 1.

80.The bank must have counterparty credit risk management policies, processes and systems that are conceptually sound and implemented with integrity relative to the sophistication and complexity of a firm’s holdings of exposures that give rise to CCR. A sound counterparty credit risk management framework shall include the identification, measurement, management, approval and internal reporting of CCR.

81.The bank’s risk management policies must take account of the market, liquidity and operational riks that can be associated with CCR and, to the extent practicable, interrelationships among those risks. The bank must not undertake business with a counterparty without assessing its creditworthiness and must take due account of both settlement and pre-settlement credit risk. These risks must be managed as comprehensively as practicable at the counterparty level (aggregating counterparty exposures with other credit exposures) and at the firm-wide level.

82.The board of directors and senior management must be actively involved in the CCR control process and must regard this as an essential aspect of the business to which significant resources need to be devoted.

83.The bank’s CCR management system must be used in conjunction with internal credit and trading limits. In this regard, credit and trading limits must be the outcome of the firm’s risk measurement model in a manner that is consistent over time and that is well understood by credit managers, traders and senior management.

84.The bank must have a routine and rigorous program of stress testing in place as a supplement to the CCR analysis based on the day-to-day output of the bank’s risk measurement model. The results of this stress testing must be reviewed periodically by senior management and must be reflected in the CCR policies and limits set by management and the board of directors. Where stress tests reveal particular vulnerability to a given set of circumstances, management must explicitly consider appropriate risk management strategies (e.g. by hedging against that outcome, or reducing the size of the firm’s exposures).

85.The bank must have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operation of the CCR management system. The firm’s CCR management system must be well documented, for example, through a risk management manual that describes the basic principles of the risk management system and that provides an explanation of the empirical techniques used to measure CCR.

86.The bank must conduct an independent review of the CCR management system regularly through its own internal auditing process. This review must include both the activities of the business credit and trading units and of the independent CCR control. A review of the overall CCR management process must take place at regular intervals (ideally not less than once a year) and must specifically address, at a minimum:

1. i.The adequacy of the documentation of the CCR management system and process;
2. ii.The organisation of the CCR control;
3. iii.The integration of CCR measures into daily risk management;
4. iv.The approval process for risk pricing models and valuation systems used by front and back-office personnel;
5. v.The validation of any significant change in the CCR measurement process;
6. vi.The scope of counterparty credit risks captured by the risk measurement model;
7. vii.The integrity of the management information system;
8. viii.The accuracy and completeness of CCR data;
9. ix.The verification of the consistency, timeliness and reliability of data sources used to run internal models, including the independence of such data sources;
10. x.The accuracy and appropriateness of volatility and correlation assumptions;
11. xi.The accuracy of valuation and risk transformation calculations;
12. xii.The verification of the model’s accuracy through frequent back testing.