142.A bank must conduct analyses of the underlying risks when investing in the structured products and must not solely rely on the external credit ratings assigned to securitisation exposures by the credit rating agencies. A bank must be aware that external ratings are a useful starting point for credit analysis, but are no substitute for full and proper understanding of the underlying risk, especially where ratings for certain asset classes have a short history or have been shown to be volatile. Moreover, a bank also must conduct credit analysis of the securitisation exposure at acquisition and on an ongoing basis. It must also have in place the necessary quantitative tools, valuation models and stress tests of sufficient sophistication to reliably assess all relevant risks.

143.When assessing securitisation exposures, a bank must ensure that it fully understands the credit quality and risk characteristics of the underlying exposures in structured credit transactions, including any risk concentrations. In addition, a bank must review the maturity of the exposures underlying structured credit transactions relative to the issued liabilities in order to assess potential maturity mismatches.

144.A bank must track credit risk in securitisation exposures at the transaction level and across securitisations exposures within each business line and across business lines. It must produce reliable measures of aggregate risk. A bank also must track all meaningful concentrations in securitisation exposures, such as name, product or sector concentrations, and feed this information to firm-wide risk aggregation systems that track, for example, credit exposure to a particular obligor.

145.A bank’s own assessment of risk needs to be based on a comprehensive understanding of the structure of the securitisation transaction. It must identify the various types of triggers, credit events and other legal provisions that may affect the performance of its on- and off-balance sheet exposures and integrate these triggers and provisions into its funding/liquidity, credit and balance sheet management. The impact of the events or triggers on a bank’s liquidity and capital position must also be considered.

146.Banks either underestimated or did not anticipate that a market-wide disruption could prevent them from securitising warehoused or pipeline exposures and did not anticipate the effect this could have on liquidity, earnings and capital adequacy. As part of its risk management processes, a bank must consider and, where appropriate, mark-to-market warehoused positions, as well as those in the pipeline, regardless of the probability of securitising the exposures. It must consider scenarios that may prevent it from securitising its assets as part of its stress testing and identify the potential effect of such exposures on its liquidity, earnings and capital adequacy.

147.A bank must develop prudent contingency plans specifying how it would respond to funding, capital and other pressures that arise when access to securitisation markets is reduced. The contingency plans must also address how the bank would address valuation challenges for potentially illiquid positions held for sale or for trading. The risk measures, stress testing results and contingency plans must be incorporated into the bank’s risk management processes and its ICAAP, and must result in an appropriate level of capital under Pillar 2 in excess of the minimum requirements.

148.A bank that employs risk mitigation techniques must fully understand the risks to be mitigated, the potential effects of that mitigation and whether or not the mitigation is fully effective. This is to help ensure that the bank does not understate the true risk in its assessment of capital. In particular, it must consider whether it would provide support to the securitisation structures in stressed scenarios due to the reliance on securitisation as a funding tool.