Experiences in the Implementation of Credit Risk Management for Basel II
February 2008
PRMIA Shanghai Credit Risk Forum
Gary Chen
Principal, Credit Advisory
Algorithmics, Fitch Group
© 2007 Algorithmics Incorporated. All rights reserved. 2
Introduction
Purpose: To provide
An overview of sound practices for credit risk management under BIS II IRB Pillar 1 framework
A framework for model development and validation based on sound industry practices
A process for internal credit risk control aligned with regulatory principles and guidance
© 2007 Algorithmics Incorporated. All rights reserved. 3
Agenda
1. Introduction
2. Pre-model Build Process
3. IRB Model Build Process
4. Rating System Validation Process
5. Credit Risk Control & Oversight
© 2007 Algorithmics Incorporated. All rights reserved. 4
An Overview of credit risk measurement under BIS II Framework
Quantitative Evaluation
Qualitative Evaluation
Internal Rating
Loss Given Default(LGD)
Exposure at Default(EAD)
Correlation
Stress Testing
Cal
cula
tion
of C
redi
t R
isk
Am
ount
Exp
ecte
d Lo
ss (
EL)
Une
xpec
ted
Loss
(U
L)
Ris
k C
ompo
nent
s
Financial Data
Portfolio Monitoring
Provisioning
Pricing
Profit Management
Capital Allocation
Reporting to the Board
Migration Matrix
Probability of Default (PD)
Quantification of Credit Risk
Internal Rating System
Internal UseSource: BoJ Sep 2005
© 2007 Algorithmics Incorporated. All rights reserved. 5
Inputs
Business Processes
BIS II – Standard Approach
Internal Rating Approach
BIS II – IRB Foundation
BIS II – IRB Advanced
Portfolio Approach
Risk AppetiteCapital AllocationActive Portfolio Mgmt.Mitigation StrategiesRisk Averse PricingRAPM & VaR limitsEcoCap Optimisation
IRB Parameters Macroeconomic Forecasts
Internal Estimate PD Internal Estimate LGD Internal estimate EAD
Internal Estimate PD Supervisory LGD Supervisory EAD
External PD Supervisory LGD Supervisory EAD
Regulatory Capital Requirement
Regulatory Capital Requirement
Risk-Adjusted PricingProvisioning PoliciesLimits Based on ELEarly Warnings
Correlations
Diver
sifica
tio
n
Regulatory Capital Requirement
Risk-Adjusted PricingProvisioning PoliciesLimits Based on ELEarly Warnings
From Expected Loss to Economic Capital
Algo’s Advisory: From Pillar 1 to Pillar 2
© 2007 Algorithmics Incorporated. All rights reserved. 6
A Simple Look on Pillar 1 IRB Tasks
Internal Use
“Use Test”*: Pricing,
Portfolio Monitoring,
Credit Risk Quantification?
Validation Work
Architecture of an Internal Rating System,
Quantitative Rating Model
Qualitative Evaluation
Estimation of Risk Components
Risk estimates (i.e., PD, LGD, EAD) predictive and accurate?
Source: BoJ Sep 2005
* Use Test: IRB provision that requires ratings and default and loss estimates to “play an essential role” in the Institution’s credit approval, risk management, internal capital allocations and corporate governance functions.
© 2007 Algorithmics Incorporated. All rights reserved. 7
3. Perform Development and Validation Activities for all IRB Components:
Overview of Pillar 1 IRB Tasks
Initial Setup Ongoing & Iterative Process
2. Check Policies/Documents
DevelopmentalEvidence
OutcomesAnalysis
OngoingMonitoring
Rating System
Quantification
Data
Controls & Oversight
Board & Senior Management Independent Validation Group
Create credit /validation policy & procedural manual
Define Roles & Responsibilities
Form Independent Validation Group
Establish System of Controls
1. Review IRB Gap Assessment
InternalAudit
© 2007 Algorithmics Incorporated. All rights reserved. 8
The need for clear CRM Roles and Responsibilities
The Board
Risk Control and Management Department
Senior Management
Business UnitSupport
Department
Credit Policy
Risk Quantification
Credit Review and Control
Bu
siness
Develop
men
t
Risk
Con
trol
Accounting
Human Resource
IT
Legal ServiceCredit Process
Internal Audit
Model Development, Maintenance and Monitoring
Model Application
Resource and IT Support
Risk Report
Business Strategy
Internal ControlEvaluation
Validation Group
© 2007 Algorithmics Incorporated. All rights reserved. 9
Agenda
1. Introduction
2. Pre-model Build Process
3. IRB Model Build Process
4. Rating System Validation Process
5. Credit Risk Control & Oversight
© 2007 Algorithmics Incorporated. All rights reserved. 10
The Basics : First Things First
Pre-Model Build Process: to clarify:
1. Portfolio Type:- Customer, product, industry or geographic region is model applicable to?
2. Model Purpose: - Assign ratings? Establish credit limits?
3. Model Performance Definition: - Question model is trying to answer in quantifiable terms (e.g., predict default) - Which parameters shall be estimated?
4. Model Type: - What type of model shall be estimated?
5. Definition of Default: - How is default defined?
6. Time Horizon:- What time horizon is chosen?
© 2007 Algorithmics Incorporated. All rights reserved. 11
Types of Rating Systems
Types of rating systems:
• Expert-judgement based: qualitative/subjective ratings criteria; lacks transparency and consistency (e.g., LDPs);
• Model-based: ratings based on objective risk factors using mathematical equations;
• Constrained judgment or Hybrid: combines elements of both expert-judgment and model-based systems; and
• Vendor Models: external third-party rating systems
© 2007 Algorithmics Incorporated. All rights reserved. 12
Rating Philosophies
Per Basel II, IRB systems must have a valid risk grading methodology based on an assessment horizon reflected in the Institution’s rating philosophy
▪ Institution must specify a rating philosophy representing its business practices:
e.g. Citigroup
(a)Ratings represent the risk of default over the next year
(b)Ratings take into account anticipated changes in borrowers conditions (stress-test)
(c) Ratings are reviewed at a minimum once a year
▪ Difference in ratings philosophy is mostly due to “time horizon” (LT vs. ST)
▪ Rating philosophy has important implications for validation and stress testing-- Must be clearly articulated in the Institution’s rating policy
© 2007 Algorithmics Incorporated. All rights reserved. 13
IRB Minimum Requirements for Rating Systems
Rating systems are subject to IRB minimum requirements and must be validated against:
• Supervisory Standards
• Design Specifications
• Operational Criteria
© 2007 Algorithmics Incorporated. All rights reserved. 14
IRB Minimum Requirements for Rating Systems
IRB design requirements for rating systems:
• Rating Dimensions• 2 separate distinct dimensions: (i) risk of borrower default; and (ii) transaction-specific factors
(e.g., collateral, seniority, etc.)
• Rating Structure• Meaningful distribution of exposures across grades w/ no excessive concentrations; minimum of
7 borrower grades &1 for defaulted
• Rating Criteria• Detailed rating definitions and grade descriptions/criteria
• Rating Assignment Horizon• 1 year forward horizon for PD estimation
• Use of Models• Human review; vetting data inputs & representativeness
• Documentation of a Rating System
• Rating Systems’ Design & Operational Details (history of changes)
© 2007 Algorithmics Incorporated. All rights reserved. 15
IRB Minimum Requirements for Rating Systems
IRB operational criteria for rating systems:
• Coverage of Ratings• Obligors assigned ratings; exposures associated w/ facility rating
• Integrity of Rating Process• Independence; ratings refreshed at least 1x p.a.
• Rating Criteria• Detailed rating definitions and grade descriptions/criteria
• Overrides• Policy stating by whom and when; identification & tracking
• Data Maintenance• Collection & storage of borrower/facility characteristics; rating histories
• Stress Tests• Evaluation of low probability/high impact events on required capital
© 2007 Algorithmics Incorporated. All rights reserved. 16
Agenda
1. Introduction
2. Pre-model Build Process
3. IRB Model Build Process
4. Rating System Validation Process
5. Credit Risk Control & Oversight
© 2007 Algorithmics Incorporated. All rights reserved. 17
Quantification: Supervisory Standards
The Institution must meet the IRB risk-quantification standards for own-estimates of PD, LGD and EAD:
• PD estimates are 1 year forward-looking probabilities of default
• LGD estimates reflect economic downturn conditions; and
• EAD estimates are a long-run default weighted average EAD
© 2007 Algorithmics Incorporated. All rights reserved. 18
Model Development Process Overview
Data merge and exclusion (1)
Data analysis and variable calculation (2)
Assessment of model input (3)
Model Selection (4)
Model validation (5)
Model calibration (6)
Mapping to rating system (7)
Step 1: Univariate analysis (3.1)
Step 2: Data Treatment (3.2)
Step 3: Monotonicity analysis (3.3)
Step 1: Correlation analysis (4.1)
Step 2: Significance and predictive power (4.2)
Step 3: Select first factor (4.3)
Step 4: Select additional factors (4.4)
Step 1: Discriminatory power (5.1)
Step 2: Bootstrapping test (5.2)Sensitivity tests (5.3)
Input of master rating system
Input of population PD
Homogeneous Tests (7.1)
Benchmark Tests (7.2)
On-going validation (8)Stress Test (8.1)
Credit migration matrix & related stability tests (8.2)
© 2007 Algorithmics Incorporated. All rights reserved. 19
Model Development Process Overview
Explanatory Analysis
Transformation / Preparation of Variables
Estimation
Performance
Credit sense of coefficients
Tests
Performance
ImplementationYes
No
Variable selection
Create dummy variables
Data Collection
© 2007 Algorithmics Incorporated. All rights reserved. 20
Basel Alert: Data Collection and Maintenance Systems
The Institution must have processes to collect data, assess and manage data quality and integrity and must meet key supervisory standards regarding data maintenance:
• Collect Data Over Life of Loan: “cradle to grave” collection of data for obligors and facilities
• Collect Rating Assignment Data: significant quantitative and qualitative factors for both obligors and facilities
• Support of IRB System: data collected must be of sufficient depth, scope, and reliability to:
• Develop and validate IRB system processes,
• Develop and validate parameters,
• Refine the IRB system,
• Apply improvements historically,
• Calculate capital ratios,
• Produce internal and public reports, and
• Support risk management
© 2007 Algorithmics Incorporated. All rights reserved. 21
Data Infrastructure: Managing Quality and Integrity
Assurance of data quality and integrity require the following:
• Documentation: • Formalize process to ensure data integrity
• Articulate requirements for delivery, retention and renewal of inputs to data warehouse
• Definitions: • Develop and document comprehensive data dictionary
• Electronic Storage: • Store data in electronic format to facilitate analysis, validation and disclosure
requirements
• Regular Review and Refreshment:
• Conduct data quality assessment at least annually
• Review IRB requirements regarding “accuracy” (e.g., timeliness), “completeness” (i.e., data gaps) and “appropriateness”
© 2007 Algorithmics Incorporated. All rights reserved. 22
Agenda
1. Introduction
2. Pre-model Build Process
3. IRB Model Build Process
4. Rating System Validation Process
5. Credit Risk Control & Oversight
© 2007 Algorithmics Incorporated. All rights reserved. 23
“Institutions must have a robust system in place to validate the accuracy
and consistency of ratings systems and process, and estimation of all
relevant risk components. An institution must demonstrate to its
supervisor that the internal validation process enables it to assess the
performance of internal rating and risk estimation systems consistently
and meaningfully”.
[Source: BCBS, IC §500]
Basel Validation Expectations
© 2007 Algorithmics Incorporated. All rights reserved. 24
Broad Interpretation: Rating System & Process
Internal Validation by Individual Bank
Validation of Rating System
Validation of Rating Process
BenchmarkingBacktesting
Data Quality
PD
Report Problem & Handling
Internal Use by Credit Officers
Risk Components
Model Design
LGD EAD
Broad Approachto Validation
Source: BCBS Working Paper No. 14– Feb 2005]
© 2007 Algorithmics Incorporated. All rights reserved. 25
Validation Activities and IRB Components
Upon development
Development evidence Continuous monitoring Outcome analysis
Validation activities
Upon operation
Backtesting
Model performance
(Power /Stability
Basel minimum requirements
Completeness of development report
Model performance evidence
(Power /Stability etc,.)Model design and logic
Monitoring item
Stress Test
Benchmark analysis
IRB
validation
Model
validation
Support
structure
Control
Data
Quantitative
Data maintenance,Model operation procedure
Governance review
Internal use
BOD reporting
Actions based on
Validation results
Model
Responsibility, Governance
(authority/responsibility/limitation/documentation
)
Data adequacy
validation
© 2007 Algorithmics Incorporated. All rights reserved. 26
Summary: Guiding Principles for Validation
√
√
√
√
Ensure integrity of IRB processes & systems
Confirm predictiveness of PD, LGD, EAD
Review IRB compliance
All IRB components
Models
Inputs (Data) & Outputs (Estimates)
Rating Process (i.e., Independence)
Control & Oversight Mechanisms (e.g., Internal Audit, Use)
Independent validation team
Experts in credit and/or modeling
Qualitative and Quantitative techniques
Review of documents
Meet w/ various depts. (e.g., risk mgmt, audit, etc.)
Determine model type & rating philosophy
Check logic behind model (programs)
Review sample data
Benchmarking (i.e., compare w/ external sources)
Backtesting (i.e., estimates v. actual)
Regular and Periodic Basis
At least 1x per year
Changes in model, data or portfolio
Initial model development
TIMING (WHEN)
PURPOSE (WHY)
SCOPE (WHAT)
MEMBERS (WHO)
METHOD (HOW)√
© 2007 Algorithmics Incorporated. All rights reserved. 27
Agenda
1. Introduction
2. Pre-model Build Process
3. IRB Model Build Process
4. Rating System Validation Process
5. Credit Risk Control & Oversight
© 2007 Algorithmics Incorporated. All rights reserved. 28
Corporate Governance and Oversight
Prerequisites for the Board and Senior Management
General understanding of regulatory expectations
General understanding of the institution’s proposal to meet such expectations
General understanding of the use of IRB risk estimates in capital management
Good understanding of the internal rating system design and operation
Delegation
Delegate to an appropriate party
Defined roles and responsibilities for delegated tasked if appointed
© 2007 Algorithmics Incorporated. All rights reserved. 29
Corporate Governance and Oversight
Senior management’s IRB responsibilities
Resource management
Adequate training
Integration of IRB systems into Institution’s credit risk management processesand culture
Ensure that IRB ratings/estimates are put to proper use
Approve and track material differences between established policies and actual practice
Review performance and predictive power of IRB estimates
Advise the Board of material changes or exceptions from established policies
© 2007 Algorithmics Incorporated. All rights reserved. 30
Controls and Oversight: Reporting Requirements
Validation Report to Management:• Upon completion of its validation activities, validation group must
submit to senior management and the Board its findings and recommendation for actions
Frequency of reporting: • Validation Policy and/or Operational Manual should set the
timetable, which at minimum is once per annum
© 2007 Algorithmics Incorporated. All rights reserved. 31
Regulators Concerns: Infrastructure Gaps
Source: Y K Choi, Deputy Chief Executive HKMA November 2007
Observed Challenges facing Banks:Knowledge gapsInsufficient default and loss data for model development and validationInadequate awareness on importance of data integrityRevamp of risk management practice, culture, internal controls and oversight frameworkComplexity of CAR calculation and reporting engine
© 2007 Algorithmics Incorporated. All rights reserved. 32
Regulators Concerns: PD Deviations across banks
Illustration: UK FSA Working Paper September 2007
© 2007 Algorithmics Incorporated. All rights reserved. 33
Key Messages
Basel II’s purpose is the quantification of Capital at Risk
This requires forward-looking risk estimates
Fewer international banks than expected have so far achieved IRB Pillar
1 compliance. This calls for more complete and rigorous on-going
Validation processes
In-house data is seldom sufficient. Chinese banks will benefit from
participating in Chinese data consortiums
The on-going management of capital resources in relation to risks taken
requires robust database and risk system infrastructures.
© 2007 Algorithmics Incorporated. All rights reserved. 34
Questions?
Further Contacts:
Gary Chen Ph.D.Principal, Credit AdvisoryAlgorithmics (Hong Kong) Ltd.28th Floor, Tower Two, Lippo Center89 Queensway, Central, Hong KongTel : (852) 2263 9970Fax : (852) 2530 [email protected]