Table of contents
Prudential practice guide
APG 113 Capital Adequacy: Internal Ratings-based Approach to Credit Risk
-
Current1 January 2023
Prudential framework pillars
About this guide
Prudential practice guides (PPGs) provide guidance on APRA’s view of sound practice in particular areas. PPGs frequently discuss legal requirements from legislation, regulations, or APRA’s prudential standards, but do not themselves create enforceable requirements.
Prudential Standard APS 113 Capital Adequacy: Internal Ratings-based Approach to Credit Risk (APS 113) sets out APRA’s requirements for an authorised deposit-taking institution (ADI) that has approval to use an internal ratings-based approach (IRB) to credit risk for regulatory capital purposes, or is seeking approval to use an IRB approach.
This PPG, Prudential Practice Guide APG 113 Capital Adequacy: Internal Ratings-based Approach to Credit Risk (APG 113), aims to assist ADIs in complying with those requirements and, more generally, to outline prudent practices in relation to the management and measurement of credit risk. APG 113 should be read in conjunction with other relevant prudential standards and PPGs.
For capital, the relevant standards and guides include:
For risk management, the relevant standards and guides include:
Subject to the requirements of APS 113, an ADI has the flexibility to structure its business operations in the way most suited to achieving its strategic objectives. Not all practices outlined in this PPG will be relevant for every ADI and some aspects may vary depending upon the size, business mix and complexity of the ADI’s operations.
Disclaimer and copyright
This prudential practice guide is not legal advice and users are encouraged to obtain professional advice about the application of any legislation or prudential standard relevant to their particular circumstances and to exercise their own skill and care in relation to any material contained in this guide.
APRA disclaims any liability for any loss or damage arising out of any use of this prudential practice guide.
© Australian Prudential Regulation Authority (APRA)
This work is licensed under the Creative Commons Attribution 3.0 Australia Licence (CCBY 3.0). This licence allows you to copy, distribute and adapt this work, provided you attribute the work and do not suggest that APRA endorses you or your work. To view a full copy of the terms of this licence, visit https://creativecommons.org/licenses/by/3.0/au/
Glossary
Introduction
APS 113 applies to an authorised deposit-taking institution (ADI) that has been approved, or is seeking approval, to use an internal ratings-based (IRB) approach for the purpose of determining the regulatory capital requirement for credit risk. The main elements of the IRB approach are summarised in Table 1.
Table 1. IRB approach – key elements
This Prudential Practice Guide (PPG) sets out good practice for an ADI using an IRB approach to credit risk. It provides guidance on governance and oversight of the ADI’s rating and estimation processes, asset classes under the IRB approach, and other quantitative and qualitative requirements. Attachment 4 of this PPG also contains guidance for an ADI seeking approval to use an IRB approach in relation to the IRB application process, IRB approval expectations, and phased roll-out of an IRB approach.
Chapter 1 - Governance and oversight
APS 113 (paragraphs 20-23) details requirements relating to the role of the Board in the governance and oversight of an ADI’s rating systems and risk estimates. Information provided to the Board for this purpose should be sufficient to enable directors to actively discuss and confirm, at least annually, the continuing appropriateness, effectiveness and integrity of the rating systems and risk estimates. Such information would generally include reporting from risk management as well as internal audit.
Good practice for senior management in the governance and oversight of an ADI’s rating systems and risk estimates includes:
governance: establishing effective governance arrangements and controls for the rating systems and risk estimates. Effective governance arrangements would delineate clear roles and responsibilities for: development, implementation and use; validation; and independent review. Such arrangements would be clearly documented and include delegations of authority to approve changes to the rating systems and exceptions to policies, and reporting mechanisms to escalate issues;
policies: overseeing the development and implementation of policies to identify, assess and manage risks inherent in the rating systems and risk estimates, and promoting compliance with those policies;
oversight: providing oversight of activities across the entire lifecycle of the rating systems and risk estimates including development, implementation, monitoring, validation and use;
resourcing: ensuring that IRB functions are resourced appropriately. The number of resources would generally be commensurate with the volume and complexity of activities undertaken. For example, the development and validation functions would have adequate technical skills and expertise as well as an understanding of the business lines in which rating systems are used;
incentives and culture: establishing an appropriate incentive and organisational structure. For example, remuneration practices and risk culture would support effective challenge of the rating systems and risk estimates, and encourage critical and objective analysis. APRA expects reporting lines and incentives to be clear, with potential conflicts of interest identified and addressed; and
independent review: acting to ensure that comprehensive independent reviews are undertaken at least annually, and on an ad hoc basis as circumstances warrant.
A prudent ADI would establish a principal committee to provide robust governance and oversight of its rating systems and risk estimates. Good practice would be for the committee to provide challenge from different perspectives and have representation from a range of stakeholders, including senior management in risk management and business lines. The operation of the committee would generally be supported by formal and informal working groups, and challenge provided by the committee would be well documented in meeting minutes.
Model risk policy
APRA expects an ADI that uses statistical models or other mechanical methods in rating assignments and risk estimation to have a model risk policy that details robust processes for model development, validation, implementation and governance. Table 2 provides good practice for the model risk policy and associated registers.
Table 2. Model risk policy and registers
[1]
For example, the model owner would have ultimate accountability for the use and performance of a model, which includes ensuring that the model is developed, implemented and used properly, has undergone the appropriate validation and approval processes, and is documented comprehensively.
[2]
For example, the model register would typically include details about the type of model, model scope, IRB asset class, model materiality (including total exposure), model owner, implementation date, validation rating and dates of the most recent and next scheduled validations.
Independent review
APS 113 (paragraph 27) details requirements relating to the independent review of an ADI’s rating systems and operations by internal audit or a similar independent function. The objective of the independent review is to assess the overall adequacy and effectiveness of the risk management framework for internal rating systems and risk estimates, and the ADI’s compliance with APS 113.
In meeting this objective, the internal audit function would typically map the minimum APS 113 requirements to its audit reviews, and establish an audit plan that specifies the requirements that are to be reviewed annually and the requirements to be covered over a longer cycle. High risk items would be reviewed more regularly and a deep dive of all aspects would be undertaken at least every three years.
On an annual basis, the internal audit function would usually collate audit findings relevant to APS 113 to provide a holistic view of the effectiveness of the ADI’s rating systems and risk estimates for relevant stakeholders, including the Board and senior management. This would include a summary of audit reviews, action plans and the status of audit findings. APRA expects that material issues would be promptly escalated by internal audit and rectified by the ADI.
Reviews that would typically be undertaken by the internal audit function include:
evaluating the overall effectiveness of the development, validation and governance functions. For example, a review of the validation function could assess whether that function is resourced appropriately and provides meaningful independent challenge of an ADI’s rating systems and risk estimates. However, internal audit would not be expected to duplicate the activities of the validation function;
assessing the adequacy of relevant policies and the ADI’s compliance with those policies. This could include an assessment of whether approval and change control processes are being followed adequately, validation is being conducted in a timely manner, and issues and exceptions are being escalated appropriately;
examining the design and effectiveness of internal controls and processes that are intended to ensure compliance with APS 113; and
assessing the adequacy, consistency and completeness of documentation and reporting. This could include an assessment of the accuracy and completeness of the model and issues registers.
Chapter 2 - Asset classes
APS 113 (paragraph 28) requires an ADI to assign its credit exposures to different IRB asset classes according to certain criteria. The following principles and case studies aim to assist with asset classification for certain exposures.
Table 3. Summary of IRB asset classes
[3]
Small-business exposures or exposures secured by residential real estate, whether or not extended to an individual, may be classified as retail exposures where they satisfy the criteria in APS 113 (paragraphs 37 or 40).
Corporate exposures
Income-producing real estate
APS 113 (paragraph 31) defines income-producing real estate as a method of funding for real estate where the prospects for repayment depend primarily on the cash flows generated by the asset or other real estate owned by the borrower. Real estate assets include office buildings to let, retail space, residential buildings, industrial or warehouse space, hotels and land.
The primary source of cash flows for IPRE exposures would generally be lease or rental payments, or the sale of the asset. The borrower might, but need not necessarily be, a special purpose vehicle, an operating company focused on real estate construction or holdings, or an operating company with sources of revenue other than real estate.
An exposure to a borrower whose primary business is real estate investment or development would usually be classified as IPRE irrespective of the purpose of the exposure because the primary source of income and risk for such a borrower is the property market. That is, for a real estate borrower, transactional banking exposures such as credit cards, overnight overdraft facilities and short-term working capital facilities would be treated as IPRE in addition to property exposures.
An exposure for real estate investment or development purposes where the primary source of debt servicing and repayment is real estate income would generally be classified as IPRE even if the borrower is a non-real estate borrower, such as a manufacturing company.
An exposure for which non-real estate income is sufficient to either predominantly or fully service the credit obligation would not usually meet the definition of general corporate, unless non-real estate income is also the primary source of income and debt servicing.
The presence of non-real estate collateral (such as cash collateral) would not usually be sufficient to classify an exposure as general corporate.
An exposure is not required to be classified as IPRE where it meets certain criteria in APS 113 (paragraph 32). One requirement is that the borrower has more than $250 million in tangible assets to which the ADI has unconditional recourse. Directors’ personal assets and simple debenture charges taken for ‘makeweight’ purposes would not count towards the borrower’s assets for this purpose. Another requirement is that real estate assets are sufficiently diversified and not concentrated in one particular specific geographic location. Asset concentrations in an individual major central business district are considered sufficiently diversified to meet this requirement.
An exposure for which rural property has been acquired specifically for lease or resale would not generally be classified as IPRE where:
an ADI satisfies itself that the exposure can be serviced appropriately on a principal-and-interest basis over a commercial term, by looking through any lease arrangement to the underlying productive capacity of the rural property based on normal seasonal conditions; and
the exposure and its valuation are considered by an agricultural lending specialist team, rather than a commercial property specialist team, should any such teams be in place at the ADI.
The classification of an exposure as IPRE or general corporate is expected to be strongly aligned to the reporting classification under Reporting Standard ARS 230.0 Commercial Property (ARS 230.0), rating tool or model used, and Australian and New Zealand Standard Industrial Classification (ANZSIC) code assigned. Any material differences would be well supported.
The classification of an exposure as IPRE or general corporate would usually be reassessed upon new or additional lending.
Large corporate
In determining whether an exposure meets the definition of large corporate in APS 113 (paragraph 14(p)), an ADI must consider the audited financial statements of the corporate counterparty or, where the corporate counterparty is part of a group, the audited financial statements of the group. For this purpose, ‘group’ refers to the entities in a group to which the ADI has recourse. That is, the ADI may use consolidated (special purpose) financial statements representing the entities in the group to which it has recourse.
SME corporate
SME corporate exposures are corporate exposures where borrowers form part of a group of connected borrowers with reported consolidated annual revenue of less than $75 million to which the firm-size adjustment in APS 113 (Attachment A, paragraph 6) applies. In determining consolidated annual revenue:
an ADI would sum the revenue of all entities in a connected borrower group to which it has recourse. Transactions between entities in the group may be netted off for this purpose;
where EAD is greater than or equal to $5 million, revenue would be based on the average amount calculated over the prior three years, or the latest amount updated at least every three years;
where EAD is less than $5 million:
revenue could be based on information obtained at the time of origination or refinancing. However, better practice is to update revenue on an ongoing basis and use the average amount calculated over the prior three years or the latest amount updated at least every three years; and
the ADI may use sources other than financial statements to determine revenue; and
in limited circumstances where revenue data is not available, the ADI must use the minimum firm-size values in APS 113 (Attachment A, paragraph 7) for asset classification and risk-weighting purposes. The minimum firm-size values are based on the EAD of the connected borrower group. The treatment in APS 113 (Attachment A, paragraph 7) would be applied on an exceptions basis only.
Public sector entities
For public sector entities that do not have specific revenue-raising powers (such as agencies, statutory authorities and bodies created to enable legislation), consolidated annual revenue would be set equal to the minimum value of $7.5 million, as detailed in APS 113 (Attachment A, paragraph 6), for asset classification and risk-weighting purposes. This means that such entities would be classified as SME corporate and obtain the full benefit of the firm-size adjustment in APS 113 (Attachment A, paragraph 6).
For all other public sector entities, the reported consolidated annual revenue would be used for asset classification and risk-weighting purposes. Where revenue data is unavailable, the minimum values in APS 113 (Attachment A, paragraph 7) must be used.
Retail exposures
Retail residential mortgage
To be classified as a retail residential mortgage exposure under APS 113 (paragraph 37), the exposure cannot be for business purposes. In this context, an exposure would not usually be assessed as being for business purposes if it is provided wholly or predominantly:
for personal, domestic or household purposes; or
to purchase, renovate or improve residential real estate for investment purposes, or to refinance credit previously provided for this purpose.
An ADI may treat a mortgage over a lease of crown land as a retail residential mortgage exposure provided that all other eligibility criteria in APS 113 (paragraph 37) are met.
APS 113 (Attachment A, paragraph 14) requires an ADI to separately identify retail residential mortgage exposures to borrowers that have mortgaged five or more investment properties. For this purpose:
properties mortgaged with the ADI as well as other lenders would be taken into account;
where a borrower has a joint property with another party, it would count as one property for that borrower;
where the ADI has a joint exposure to two or more borrowers, the highest property count of the individual borrowers would be used to determine the risk-weight for that exposure. Table 4 provides an illustrative example of how properties would be counted for risk-weighting purposes;
information on the number of properties would be obtained at least at the time of origination or refinancing; and
for exposures that were originated or refinanced before 1 January 2023, it may be reasonable to conclude that APS 113 (Attachment A, paragraph 14) does not apply where the ADI:
checks that the borrower has less than five mortgaged properties with the ADI itself; and
does not have any other information to suggest that the borrower has five or more mortgaged investment properties overall.
Table 4. Illustrative example of counting properties
Exposure | Property count |
Exposures to borrower A | 4 + 1 = 5 |
Exposures to borrower B | 2 + 1 = 3 |
Joint exposure to borrowers A and B | Max(5, 3) = 5 |
APRA expects that some exposures to borrowers with multiple investment properties would be more appropriately managed as corporate (including IPRE) exposures. An ADI would have effective criteria in place to identify and monitor those exposures. Such exposures would not be eligible for retail classification nor capital treatment.
Qualifying revolving retail
To be classified as a QRR exposure under APS 113 (paragraph 38), the exposure cannot be for business purposes. An exposure would not usually be assessed as being for business purposes if it meets the criteria in paragraph 26 of this PPG.
APS 113 (paragraph 39) defines a QRR transactor as a borrower that has repaid the balance of their facility in full at each scheduled repayment date for the previous 12 months. A QRR transactor would not generally include a borrower that:
pays the minimum repayment amount, rather than the full outstanding balance at the statement date; or
has taken up a zero interest balance transfer offer.
SME retail
APS 113 (paragraph 40) requires an ADI to identify the consolidated annual revenue for a group of connected small-business borrowers to determine SME retail eligibility. For this purpose:
the guidance in paragraphs 23a) and 23c) of this PPG would apply; and
in limited circumstances where revenue data is not available, an ADI may still reasonably form the view that revenue is less than $75 million, and therefore the exposure may be classified as SME retail provided that all other eligibility criteria in APS 113 (paragraph 40) are met. This treatment would be applied on an exceptions basis only.
To be classified as a SME retail exposure under APS 113 (paragraph 40), both the borrower and exposure must be non-complex. An ADI would document its definition of complexity for this purpose. Complexity could be defined based on various factors, including product type, borrower type and level of risk.
Chapter 3 - Ongoing requirements
APRA expects an ADI to attest annually that it continues to meet the minimum requirements of APS 113. This would typically be provided by an accountable person of the ADI. To support the attestation, a prudent ADI would have an effective APS 113 compliance framework and process in place. The effectiveness of the compliance framework and process would be reviewed periodically.
To ensure it remains in compliance with APS 113, a prudent ADI would keep APRA fully informed of changes to rating systems, risk estimates and modelling assumptions. The ADI would, in consultation with APRA, determine which changes are material and would require prior approval by APRA under APS 113 (paragraph 52). As a general principle, the ADI should take a conservative approach by classifying changes as material unless otherwise agreed with APRA. APRA expects that an ADI would seek formal approval from APRA only after undertaking internal validation and governance processes.
To support changes to rating systems, risk estimates or modelling assumptions, an ADI would usually provide the supporting information outlined in Table 5. In all cases, relevant documentation would be submitted to APRA prior to the implementation of the changes.
Table 5. Supporting information for changes
For an overseas banking subsidiary that is prudentially regulated by the Reserve Bank of New Zealand (RBNZ), an ADI is not expected to obtain prior approval from APRA for changes to internal rating systems, risk estimates and modelling assumptions where these are exclusively for exposures of that subsidiary and comply with RBNZ requirements relating to model approval. However, APRA would still expect to be notified of any changes prior to implementation. Such notification would include details of the change, the rationale, intended implementation timing, indicative RWA impact and any approval conditions imposed by the RBNZ.
APRA expects an ADI to monitor specific non-material changes to its rating systems and risk estimates that, in aggregate or over time, may have a material cumulative effect.
Chapter 4 - IRB risk-weight functions and components
APS 113 requires an ADI to apply certain risk-weight functions or risk-weight schedules, and quantify certain credit risk components, to calculate RWA for UL for various asset classes. The credit risk components include PD, LGD, EAD and M.
Supervisory slotting approach for specialised lending
Where specialised lending exposures are subject to the supervisory slotting approach, APS 113 (Attachment A, paragraph 9) requires an ADI to map its internal ratings to the slotting categories. Each slotting category broadly corresponds to a range of external credit rating grades as detailed in Table 6.
[4]
This also corresponds to any broadly equivalent credit grade across external credit assessment institutions.
Table 6. Mapping of slotting categories to external credit rating grades
Strong | Good | Satisfactory |
BBB- or better | BB+ or BB | BB- or B+ |
Where an ADI applies a two-dimensional mapping approach that takes both PD and LGD into account, the LGD estimates used in the mapping would be calibrated to economic downturn conditions.
Loss given default estimates
For the purposes of assigning LGD estimates to subordinated debt, APS 113 (Attachment B, paragraph 13) requires an ADI to have a policy that defines subordination, including economic subordination. APG 112 provides guidance on indicators of subordination. In developing a policy on subordination, an ADI may choose to include materiality thresholds that trigger subordination.
For senior exposures to operators of domestic large public infrastructure assets or utilities that provide essential services to the economy, and have tripartite arrangements with Australian federal or state governments or are valued based on regulatory asset base:
the foundation IRB (FIRB) LGD in APS 113 (Attachment B, paragraph 10) and the advanced IRB (AIRB) LGD in Attachment B, paragraph 12, are applicable to domestic exposures only. Offshore exposures would be treated in the same manner as other senior unsecured exposures;
to calculate the LGD under the FIRB approach for a partially secured exposure in accordance with APS 113 (Attachment B, paragraph 16), LGDu would be set equal to the LGD in Attachment B, paragraph 10; and
the concession, right to operate or the asset-owning entity and shares thereof would not be treated as other eligible physical collateral under the FIRB approach nor as other physical collateral for the purpose of the LGD floor calculation under the AIRB approach.
For covered bond exposures, where cover pools comprise residential or commercial property exposures, an ADI would use the FIRB LGD applicable to eligible residential or commercial real estate in APS 113 (Attachment B, paragraph 14) for risk-weighting purposes.
Where covered bonds are provided as collateral for an exposure, covered bonds would be treated as eligible financial collateral under the FIRB approach and as financial collateral for the purpose of LGD floor calculation under the AIRB approach.
Where APS 113 requires an ADI’s LGD estimates to be subject to an LGD floor, the floor would usually be applied at the same level at which the estimates are assigned. For example, if LGD is assigned at a borrower level, the LGD floor would also be applied at the borrower level. The LGD floor would be calculated as the weighted average across collateral types.
For the purpose of the LGD floor calculation under the AIRB approach in APS 113 (Attachment B, paragraph 19) , where an exposure is secured by a general security agreement over collateral, an ADI may look through to the underlying collateral and apply the relevant floor values. Where the ADI chooses not to look through to the underlying collateral, the general security agreement would be treated as ‘all other collateral’ for the floor calculation.
An ADI may treat a mortgage over a lease of crown land as residential or commercial real estate for the purposes of the LGD calculation under the FIRB approach and LGD floor calculation under the AIRB and retail IRB approaches.
Exposure at default estimates
APS 113 (Attachment B, paragraph 33) allows an ADI to apply credit conversion factors (CCFs) to the lower of the value of the unused committed credit line and the value of any other constraining factor on the availability of the facility. The constraining factor would be written explicitly into the facility documentation and processes would exist to check the constraint prior to approving drawdowns.
Conditions precedent, as defined in APS 112 (Attachment C, paragraph 2), would not generally be recognised as constraining factors.
Constraining factors may include the existence of a ceiling on the potential lending amount that a borrower can draw down based on the borrower’s reported cash flow, external rating, maximum allowable loan-to-valuation ratio or collateral securing the exposure. However, exposures that are drawn in stages according to a pre-arranged schedule (such as construction loans) would be excluded from such treatment.
In the case of seasonal facilities, where an overdraft limit varies in size based on the period of the year, the CCF may be applied to the lower committed available amount during the period that the funding is restricted. When the funding is no longer restricted by the time period, the CCF would be applied to the ordinary or higher amount.
Use of proxy values for risk components
A prudent ADI would have sound business and data management practices to minimise the extent to which proxy values are used in the regulatory capital calculation.
In exceptional circumstances, such as where risk estimate data is missing, a prudent approach would be to apply the following estimates:
for PD, the PD estimate corresponding to the highest (non-defaulted) PD grade or pool;
for LGD, the LGD estimate corresponding to the highest LGD grade or pool or, where LGD is not eligible to be modelled, the applicable supervisory estimate;
for EAD, the limit of the exposure or, where EAD is not eligible to be modelled, the applicable supervisory estimate; and
for M, 5 years.
Where there is doubt about the enforceability of collateral due to inadequate controls or processes, the exposure would be treated as unsecured for regulatory capital purposes.
Treatment of guarantees and credit derivatives
APS 113 (Attachment B, paragraph 49) does not permit the application of credit risk mitigation (CRM) to reflect the effect of double default, nor result in an adjusted riskweight that is less than that of a comparable direct exposure to the guarantor or credit protection provider. This means that:
rating criteria, rating processes and risk estimates would not take into consideration any favourable effects of imperfect correlation between default events for the borrower and guarantor or credit protection provider; and
for the purpose of determining the risk-weight floor, regardless of the nature of the underlying exposure, a comparable direct exposure to the guarantor or credit protection provider is an unsecured claim on the guarantor or credit protection provider; however, an ADI may take the seniority and collateralisation of the guarantee or credit derivative into account where applicable. For example, if the guarantor or credit protection provider pledges collateral, the ADI may reflect that collateral in the LGD used to determine the risk-weight for a comparable direct exposure. In the case of asset finance exposures with a parental guarantee, the ADI may choose to rate the borrower as part of a group, if appropriate, based on consolidated financial statements (instead of applying PD substitution) and reflect the collateral provided by the borrower in the LGD. The treatment of entities in a connected group for rating purposes would be consistent with the ADI’s policy as per APS 113 (Attachment D, paragraph 44).
An ADI may choose not to recognise CRM if doing so would result in a higher capital requirement.
Under the FIRB substitution approach, APS 113 (Attachment B, paragraph 53) permits an ADI to replace the LGD of the underlying exposure with the LGD applicable to the guarantee or credit derivative, taking the seniority and collateralisation of the guarantee or credit derivative into account. For example:
where the ADI has a subordinated claim on a borrower but has a guarantee that represents a senior claim on the guarantor, it may determine the risk-weight of the covered portion based on the PD of the guarantor and an LGD applicable to a senior exposure instead of subordinated debt; and
where an exposure is guaranteed by a sovereign counterparty, the ADI may reflect the risk-mitigating effect of the guarantee by replacing the PD and LGD of the underlying exposure with the PD and LGD of the sovereign.
Table 7 provides two examples of how guarantees would be recognised with LGD substitution.
Table 7. Illustrative examples of LGD substitution
Sovereign rated AA | |
Total | 200 |
Of which: Covered | 100 |
Collateral value post-haircut | 40 |
LGD | min [5%, (40/100)*25% + (60/100)*5%] = 5% |
LGD | 75% |
LGD | (100/200)*75% + (100/200)*5% = 40% |
Chapter 5 - Rating system design and operations
A prudent ADI would ensure that the development of its rating systems is underpinned by logic, conceptual soundness, robust statistical (or other) methods and human judgement, and is aligned with the intended use and business need.
APRA expects the design and logic underlying the rating systems to be supported by sound industry practice and published research. Qualitative adjustments and judgements would be made in an appropriate manner and clearly documented. Business insights and feedback from users would usually be considered in the development process.
A prudent ADI would undertake a rigorous assessment of the relevance and quality of data underpinning their rating systems. Any data proxies used in rating system development would be identified, justified and, where appropriate, adjusted.
Good practice in the development of an ADI’s rating systems would include comprehensive testing of the effective functioning of the rating systems on an overall basis as well as for underlying components. A range of quantitative and qualitative tests would be undertaken to assess accuracy, robustness, stability, key assumptions, limitations and performance over a range of input values and scenarios.
APRA expects an ADI to mitigate weaknesses and limitations in the rating systems through conservative adjustments and other compensating controls. This is intended to ensure that the rating systems can be used effectively over a sustained period without the need for remediation or redevelopment.
APRA expects the documentation of an ADI’s rating systems to be sufficiently detailed to enable independent parties (including APRA supervisors) to understand and validate the rating systems, and replicate the development process. The documentation would generally address each step of the development process and outline the methodologies employed, underlying assumptions and logic, segmentation, data sources and proxies, judgement and qualitative adjustments, testing activities, and weaknesses and limitations. The documentation would be kept up to date as the rating systems and operating environment change.
Rating philosophy
The rating philosophy of an internal rating system reflects its rating criteria and risk drivers, and influences the cyclicality or responsiveness of internal ratings and risk estimates to the economic cycle.
There is a spectrum of rating philosophies between a:
through-the-cycle (TTC) rating philosophy, which seeks to consider the performance of borrowers across the economic cycle and produce ratings that are insensitive to the cycle; and
point-in-time (PIT) rating philosophy, which seeks to produce ratings that are sensitive to the economic cycle.
Most internal rating systems are usually a hybrid of TTC and PIT rating philosophies. The degree to which rating philosophies are more TTC or PIT in nature may differ for different rating processes and portfolio segments within an ADI.
APRA expects an ADI to analyse and thoroughly understand its rating philosophies. A prudent ADI would consider the implications of particular rating philosophies when designing internal rating systems and interpreting validation results.
A prudent ADI would avoid excessive procyclicality in the design of its rating systems, which may otherwise amplify economic cycles. Cyclicality would typically be assessed qualitatively and supported by quantitative analysis. In seeking to dampen excessive procyclicality, an ADI would recognise that there is a trade-off with risk sensitivity and strike an appropriate balance between the two objectives.
Good practice would be to:
include TTC inputs that seek to dampen excessive procyclicality;
avoid PIT inputs that contribute to excessive procyclicality and volatility (such as simple delinquency measures and other behavioural characteristics with shortterm prediction horizons); and
include PIT inputs that contribute to timely and accurate recognition of risk.
An ADI should take care not to confuse rating philosophy with calibration. Calibrating PIT ratings or PIT PD estimates to a long-run average default rate would not usually result in TTC ratings or TTC PD estimates.
Rating system operations
APS 113 (Attachment D, paragraph 44) requires an ADI to separately rate each legal entity to which it is exposed. For this purpose, a legal entity is a borrower.
APRA expects that an ADI would ensure that effective processes and controls are in place to facilitate the operational integrity and consistency of internal ratings. The ability of the ADI’s rating systems to rank risk consistently through time would typically be enhanced by greater specificity and objectivity of rating criteria, and controls over the integrity of inputs and their conversion into outputs. Consistency through time would not preclude changes due to improvements in methodologies and processes. The ADI would consider the consistency of ratings around portfolio boundaries.
APS 113 (Attachment D, paragraphs 46-47) requires an ADI to review and refresh the assignment of borrower and facility ratings at least annually, and have an effective process for obtaining and updating information on the borrower’s financial condition and other relevant aspects. The level of analysis and information needed for those purposes would usually vary across different types of borrowers.
While the consideration of financial statements remains an important part of credit risk management, for SME corporate exposures, an ADI could use alternative data or a more automated process to assign and review borrower ratings and refresh risk estimates. In such circumstances, good practice is to adopt the following principles:
robust risk measurement: the onus is on the ADI to demonstrate that the use of alternative data or a more automated process:
considers a broad range of relevant information;
provides timely and meaningful differentiation of risk on an overall basis and across key borrower segments, including industry, exposure size and borrower type (for example, existing customers seeking new or additional lending);
provides similar or improved risk predictions when compared with the use of financial statements or a manual rating process;
is underpinned by robust data quality (both in terms of the data used when developing the rating system or process, and as inputs to the ratings); and
allows for borrower data to be aggregated effectively;
scope and exclusions: the role of financial statements and rigour of assessment become more important as exposure size, borrower size, complexity and/or risk increases. The ADI would usually consider carve-outs to the use of alternative data or a more automated process on the basis of those factors. At a minimum, new-tobank borrowers and borrowers with total business-related exposure above $5 million would be out of scope. For the avoidance of doubt, corporate borrowers with consolidated annual revenue of $75 million or more would also be out of scope;
human judgement and oversight: it is prudent practice for the rating system or process to allow for the possibility of human judgement and oversight to be reflected in rating assignments where necessary (such as by way of overrides). This could include circumstances where material new information comes to light that might not otherwise be reflected in the rating. A prudent ADI would separately track the exercise of human judgement and oversight in the rating process; and
prior APRA approval: changes to a rating system or process used to review or refresh internal ratings would usually require prior approval from APRA under APS 113 (paragraph 52).
Any underlying assumptions, weaknesses and limitations of an ADI’s rating systems would typically be communicated to users in relevant policies and procedures, training or other mechanisms, to prevent inappropriate use.
A prudent ADI would ensure that new rating systems and changes to existing rating systems are implemented properly and in a timely manner.
Management of rating system underperformance
APRA expects an ADI to ensure that deterioration in the performance of its rating systems is identified and remediated proactively and in a timely manner. Remediation could include tactical actions (including temporary overlays or calibration adjustments) and strategic actions.
Where rating system underperformance relates to an underestimation of risk, an ADI would ensure that remedial action is implemented as soon as practicable. This would typically be within six months of the issue being identified (such as when the relevant governance committee agrees that an issue exists).
Where remedial action takes the form of a permanent change to an ADI’s rating systems or risk estimates, prior approval would usually be required from APRA under APS 113 (paragraph 52). APRA expects the ADI to submit relevant documentation detailing the change within four months of the issue being identified, to allow time for review and approval.
Where remedial action takes the form of a temporary overlay or adjustment to an ADI’s rating systems, risk estimates or capital requirement, APRA expects that:
the overlay would generally be implemented once it is agreed by the relevant decision maker or governance committee of the ADI. APRA expects to be notifed when an overlay is agreed, and may challenge the nature and size of the overlay after it is implemented;
the size of the overlay would usually be no less than the estimated shortfall in the capital requirement;
the adequacy of the overlay would be reviewed at least annually;
the ADI would take appropriate actions to facilitate the removal of the overlay in a timely manner;
the ADI would typically seek approval from APRA prior to removing or reducing any overlays, including those implemented proactively by the ADI or determined by APRA. An overlay that naturally varies in size (such as a risk-weight floor) would not generally need such approval, provided that the variation is in line with the operation of the overlay as documented at the time of implementation; and
the ADI would maintain a register of all overlays including those implemented proactively by the ADI or determined by APRA. The register would usually contain, at a minimum, the affected rating systems or models, a description of the issue and the size of the overlay (such as the equivalent RWA amount). An existing model or issues register containing such information could be sufficient for this purpose. The register would be kept up to date and made available to APRA upon request.
A prudent ADI would discuss with APRA whether, and if so how, to disclose any material APRA-determined supervisory adjustments to ‘Pillar 1’ RWA requirements, such as supervisory overlays, in public financial and regulatory reporting. Further guidance is provided in APG 110 (paragraph 10).
[5]
The Basel framework for capital rests on three pillars. ‘Pillar 1’ is quantitative requirements for capital as set out in the prudential standards and measured in risk-weighted assets (RWA) terms. ‘Pillar 2’ is the supervisory review process, which includes supervision of risk management and may include adjustments to capital requirements. ‘Pillar 3’ is disclosure requirements designed to encourage market discipline.
Data maintenance
APS 113 (Attachment D, paragraphs 52 to 64) details requirements relating to data maintenance. In meeting these requirements, good practice includes:
governance: having a robust and well-embedded data governance and accountability framework with clearly delineated roles and responsibilities. Business lines would be held accountable for data quality;
data lineage, flows and controls: being able to comprehensively map and document end-to-end data lineage, flows and controls for critical data elements. Controls are expected to be assessed as being effective;
reporting: establishing regular reporting on the quality of critical data elements across a range of dimensions. Data quality measurement and reporting would be reviewed regularly and improved where necessary. A consistent approach to reporting would generally be implemented across the ADI; and
issue management: ensuring that there is timely identification and remediation of data quality issues. The impact of such issues on the rating systems and risk estimates would be quantified. The risk estimates would usually include a margin of conservatism where data is less satisfactory. For example, missing data would be treated in a manner that would incentivise adequate data capture.
Wrong-way risk
APS 113 (Attachment D, paragraph 44) requires an ADI to have procedures in place to identify, monitor and control cases of specific wrong-way risk. This is expected to begin at the inception of a trade, and continue through the life of the trade.
APRA expects an ADI with significant exposure to counterparty credit risk to have processes in place to identify general wrong-way risk. An ADI is exposed to general wrong-way risk if the probabilities of counterparty defaults are correlated with general market risk factors, such that there may be adverse economic factors influencing many
counterparties at once rather than being specific to a single counterparty. For example, if the ADI enters into an interest rate swap to pay a fixed rate and receives a variable rate from counterparties adversely exposed to increasing interest rates, an increase in interest rates will both increase exposure and increase the likelihood of counterparty default.
General wrong-way risk could be identified by the use of stress testing and scenario analyses, designed to measure the potential for increased exposure due to changes in risk factors that are positively correlated with counterparty creditworthiness. Such stress testing would address the potential impact of severe shocks occurring when relationships between risk factors have changed.
Good practice is for general wrong-way risk to be monitored by product, region, industry or other categories that are relevant to the business. A prudent ADI would provide reports to senior management on a regular basis that communicate wrong-way risks and the steps that are being taken to manage those risks.
Stress tests in the assessment of capital adequacy
APS 113 (Attachment D, paragraph 65) requires an ADI to identify possible events or future changes in economic conditions that could have unfavourable effects on its credit exposures, for the purposes of its internal assessments of capital adequacy. Examples of scenarios that could be considered are economic or industry downturns, market risk events and liquidity conditions.
APS 113 (Attachment D, paragraph 66) requires an ADI to consider the effect of mild recession scenarios when stress-testing its capital adequacy. For example, the ADI could use two consecutive quarters of zero economic growth to assess the effect on the assigned PD, LGD and EAD estimates, taking its level of international diversification into account on a conservative basis (that is, by not assuming or modelling lower losses as a result of diversification).
The ADI would generally need to consider a wide range of sources when informing, or testing, the adequacy of its stress testing approach. Such sources would include:
internal evidence on the migration of the ADI’s credit ratings in economic downturns;
information about the extent to which the impact of a small deterioration in the credit environment on internal ratings might provide some indication of the likely effect of more severe stress circumstances; and
relevant external evidence on ratings migration.
Where an ADI operates in several markets, it does not need to test for stress conditions in all of those markets. However, the ADI would stress test portfolios containing the majority of its exposures.
Use of internal ratings
APS 113 (Attachment D, paragraph 67) requires an ADI to use its rating systems and risk estimates for various internal purposes and not solely in the regulatory capital calculation. The main objective of the use requirement is to promote adequate incentives for ensuring the accuracy, robustness and timeliness of the IRB estimates. This would occur through meaningful internal challenge arising from the use of the estimates for internal purposes. Three main areas where the use of the IRB estimates would generally be observable are strategy and planning processes, credit exposure measurement and credit risk management, and reporting.
An ADI might not use exactly the same rating systems and risk estimates for regulatory capital and all internal purposes. In this case, the use requirement would be considered as being met if the ADI is able to demonstrate that the rating criteria, risk drivers, methodologies and/or data sources used internally for broader strategy and risk management are consistent with those used for regulatory capital purposes.
Practices that would not generally satisfy the use requirement include the following:
the ADI has little or no internal incentives for ensuring the quality of the estimates and underlying rating systems;
a deterioration in the accuracy, robustness and timeliness of the IRB estimates is unlikely to be identified by the ADI’s internal processes;
the IRB estimates are based on insufficient or lower quality data than that used for internal purposes;
the ADI lacks a process for the continuous improvement of the IRB estimates; and
the methodologies and data that underpin the IRB estimates are inconsistent with the ADI’s internal approach to measuring credit risk.
Chapter 6 - Risk quantification
Good practice for risk quantification is to ensure that the population of exposures represented in the data, the lending standards used when the data were generated, and other relevant characteristics match closely, or are at least comparable, with an ADI’s current exposures and lending standards.
An ADI would normally be able to demonstrate that the economic or market conditions underlying the estimation data are relevant to current and foreseeable conditions, and that the number of exposures in the sample and the data period used for quantification are sufficient to provide the ADI with confidence in the accuracy and robustness of its estimates. The estimation technique used would perform well in out-of-sample tests.
APS 113 (Attachment D, paragraph 71) requires an ADI to add a margin of conservatism to its risk estimates where appropriate. This is intended to ensure that the ADI identifies and addresses potential (downward) biases, inaccuracies and uncertainties in its risk estimates. Those biases and uncertainties might relate to the relevance and quality of development datasets, estimation processes, and amount and nature of judgement used.
Margins of conservatism could be implemented through adjustments to inputs, calculations and/or outputs, and could be based on quantitative or qualitative assessments. The larger the biases or uncertainties, the larger the margin of conservatism that is expected to be applied. An ADI would usually have a policy that addresses and promotes the use of conservatism in a consistent and robust manner where appropriate, and would be able to substantiate the conservatism of its risk estimates.
Definition of default
APS 113 (Attachment D, paragraph 72) requires an ADI to use the reference definition of default detailed in APS 220 for the purposes of recording defaults and estimating PD, LGD and EAD. APRA expects the ADI to use a consistent definition of default for all relevant purposes including risk estimation, monitoring, validation, regulatory reporting and disclosure.
Variations to the reference definition of default could be considered for estimation purposes (such as creating additional default observations); however, such variations would be clearly identified, and adjustments made to achieve broad equivalence with the reference definition as part of the overall estimation process. The total number of defaults is expected to be consistent across PD, LGD and EAD reference datasets.
APRA expects an ADI to separately identify borrowers or facilities that default due to the ‘unlikely to pay’ criterion of the reference definition of default, and borrowers or facilities that default due to the ‘90 days past due’ criterion.
APRA expects an ADI to record a default against a borrower or facility once the reference definition of default is met, regardless of CRM in place and the ability of a guarantor or credit protection provider to meet the underlying credit obligation. The default would be recorded against the PD grade of the borrower prior to the application of CRM. For example, where the ADI uses the PD substitution approach to reflect the risk-mitigating effect of CRM in the regulatory capital calculation, a default of the underlying borrower would be recorded against the borrower’s risk grade, rather than the risk grade of the guarantor or credit protection provider.
APS 113 (Attachment D, paragraph 72) permits an ADI to apply materiality thresholds to the reference definition of default for the purposes of estimating PD, LGD and EAD. Materiality thresholds could be defined in relation to the exposure amount or past due amount. A threshold based on the past due amount would generally be applicable in circumstances where days past due is determined based only on calendar days (such as revolving exposures without a regular minimum repayment schedule).
Prudent values for a materiality threshold would be $1,000 for corporate, sovereign and financial institution exposures and $100 for retail exposures. An ADI would clearly document any materiality thresholds used.
Where there are multiple defaults of a given facility or borrower, a prudent ADI would treat the facility or borrower as being continuously in default for PD, LGD and EAD estimation purposes if the time between the end of one default (i.e. return to performing) and the start of a subsequent default is less than nine months. A longer period may be used if it is appropriate to the type of exposure.
Re-aging
APS 113 (Attachment D, paragraph 73) requires an ADI to have documented policies on re-aging. Those policies would include:
approval authorities and reporting requirements;
the minimum age of a facility before it is eligible for re-aging;
delinquency levels of facilities that are eligible for re-aging;
the maximum number of times that a facility may be re-aged; and
a reassessment of the obligor’s capacity to repay.
Probability of default estimation
APS 113 (Attachment D, paragraph 75) requires an ADI to estimate PD for each borrower grade or pool based on an observed historical one-year default rate. For this purpose, the default rate would generally be calculated as: 
where:
D is the total number of borrowers (or facilities in the case of retail residential mortgage, QRR and other retail exposures) that defaulted during the observation period;
𝐸𝐷 is the total number of borrowers or facilities excluded from the numerator. Such exclusions could include defaults deemed technical in nature (such as timing issues around expired facilities). ADIs would aim to limit the extent of technical defaults. Any exclusions from the numerator would be clearly identified and documented;
𝑁 is the total number of the non-defaulted borrowers or facilities at the reference start date; and
𝐸𝑁 is the total number of borrowers or facilities excluded from the denominator. Such exclusions would typically comprise:
borrowers (or facilities in the case of retail residential mortgage, QRR and other retail exposures) with zero exposure at the reference start date; and
for corporate, sovereign, financial institution and SME retail exposures, exits. In this context, an exit is defined as a borrower with non-zero exposure at the reference start date and zero exposure at the end of the observation period.
A borrower would not be classified as an exit if any of the following criteria are met: the exposure to the borrower matured during the observation period rather than being refinanced; the exposure to the borrower transitioned to the retail residential mortgage, QRR or other retail sub-asset class during the observation period; the borrower merged with another borrower (to which the ADI is also exposed) during the observation period; or the borrower defaulted during the observation period.
Any exclusions from the denominator would be clearly identified and documented.
[6]
Merged borrowers would be counted as one observation in the denominator and, depending on the performance of the borrowers, the numerator.
For the purpose of calculating the default rate, an ADI would typically use a common reference date for all borrowers or facilities in a given sample; however, a variable reference date (such as the rating date for each borrower or facility) could also be used.
APRA expects an ADI to limit the number of ratings and defaults to one per borrower (or facility in the case of retail residential mortgage, QRR or other retail exposures) in a given observation period. The ADI’s approach to multiple ratings and defaults would be documented clearly.
An ADI would generally ensure that a borrower or facility is included in the calculation of the default rate for the grade or pool to which it is assigned at the reference start date.
APS 113 (Attachment D, paragraph 76) requires an ADI to use count weighted default rates for PD estimation. While other weighting approaches are not permitted, APRA expects the ADI to still consider exposure based measures when assessing the risksensitivity and calibration of PD estimates.
APS 113 (Attachment D, paragraph 78) requires an ADI to use techniques for PD estimation that take appropriate account of long-run experience. For corporate, sovereign and financial institution exposures, such techniques could include:
internal default experience – In this case, good practice is to ensure that the PD estimates are reflective of the ADI’s underwriting standards, and any differences in the rating system that generated the data and its current rating system. Where only limited data is available or where underwriting standards or rating systems have changed, APRA expects the ADI to add a greater margin of conservatism to its PD estimates. An ADI could use data that has been pooled across institutions, but would normally ensure that the pooled data is relevant to its own circumstances;
mapping to external data – The ADI could associate or map its internal grades to the rating scale used by an external credit assessment institution (ECAI), or similar entity, and attribute the default rates observed for the external institution’s ratings to internal borrower grades. For this purpose, the ADI could compare its internal rating criteria to the criteria used by the external institution, and the internal and external ratings of any common borrowers. APRA expects the ADI to avoid biases or inconsistencies in the mapping approach or underlying data. When mapping to external data, the ADI would typically ensure that the external institution’s criteria underlying the data used for quantification are oriented to the risk of the borrower and do not reflect transaction characteristics. An ADI would typically compare its definition of default to that of the ECAI; and
statistical default models – The ADI could use a simple average of PD estimates for individual borrowers in a given grade, where such estimates are drawn from statistical default prediction models.
Loss given default estimation
Three common approaches for calculating realised LGD are:
discounting actual recovery cash flows;
discounting changes in the balance of a facility (change-in-balance approach); and
discounting write-off amounts associated with a facility (discounted write-off approach).
An ADI that uses the change-in-balance approach for LGD measurement purposes would generally calculate realised LGD prior to collection costs as: 
where:
𝐵𝑡 is the gross facility balance including post-default accrued interest and fees at
time 𝑡;
𝑊O𝑡 is the amount written off in period 𝑡;
𝐼𝑡 is post-default interest accrued in period 𝑡. Post-default interest is set to zero if interest charges are not included in the balance;
𝐹𝑡 is post-default fees accrued in period 𝑡;
D𝐹𝑡 is the discount factor in period 𝑡𝑡; and
𝑡 = 0 is the time of default, 𝑡 = 𝑇 is the end of the workout period and 𝑡𝑡 is typically measured in months.
An ADI that uses the discounted write-off approach for LGD measurement purposes would generally calculate realised LGD prior to collection costs as:
where the terms are as defined in paragraph 115 of this PPG.
APS 113 (Attachment D, paragraph 82) requires an ADI to take post-default drawings into account in LGD measurement. Post-default drawings are implicitly factored into realised LGD under the change-in-balance approach (as a negative recovery amount) and the discounted write-off approach. Where the ADI uses actual recovery cash flows to calculate realised LGD, post-default drawings are expected to be incorporated explicitly.
For defaults that resolve without a write-off, realised LGD prior to collection costs would usually be set equal to zero.
APS 113 (Attachment D, paragraph 80) requires an ADI to take collection costs into account in the measurement of realised LGD. Collection costs generally include direct and indirect costs associated with collecting on an exposure that are not charged to the borrower.
APRA expects an ADI to ensure that the discount rate or factor used in the realised LGD calculation is broadly consistent with the principles in Table 8.
Table 8. Principles for discount factors in the realised LGD calculation
APRA expects an ADI to clearly document its realised LGD measurement approach, including the discount rate methodology.
The numerical examples in Attachment 3 illustrate the calculation of realised LGD before collection costs under the change-in-balance and discounted write-off approaches.
An ADI could estimate and assign LGD at either a borrower or facility level.
Incomplete workouts are defaulted exposures for which the recovery process is still in progress and recoveries are not yet certain. Incomplete workouts are generally associated with recent defaults, but could also include defaults subject to an extended workout period. To avoid bias in its LGD estimates, APRA expects an ADI to:
incorporate estimates of future recoveries and costs for incomplete workouts observed in the development sample in LGD modelling;
undertake sensitivity analysis of the assumptions used to estimate future recoveries and costs for incomplete workouts; and
set a maximum workout period beyond which additional recoveries are not expected to be realised.
APS 113 (Attachment D, paragraph 83) requires LGD estimates to reflect economic downturn conditions. For this purpose, an ADI could use averages of loss severities observed during periods of high credit losses, forecasts based on appropriately conservative assumptions or other similar methods. Estimates of LGD during periods of high credit losses could be made using either internal or external data.
APS 113 (Attachment D, paragraph 84) requires LGD estimates to be no less than the long-run default-weighted average LGD. In this context, default-weighted average means weighted by the count of defaults.
Exposure at default estimation
APS 113 (Attachment D, paragraph 98) requires an ADI to estimate EAD based on appropriately homogeneous segments or an estimation approach that disentangles the impact of different characteristics exhibited within the reference dataset effectively. Practices that would not generally comply with this requirement include the use of estimates based wholly or partly on:
data from commitments with small unused limit availability being applied to facilities with large unused limit availability;
data from borrowers already identified as problematic at the reference date being applied to borrowers with no known issues. Problematic borrowers would include borrowers who were already delinquent, watchlisted by the ADI, subject to ADIinitiated limit reductions, blocked from further drawdowns or subject to other types of collection activity at the reference date; and
data that has been affected by product profile transformation over the observation period, unless that data has been mitigated effectively for such changes. APRA expects an ADI to demonstrate a detailed understanding of the impact of product profile transformation on EAD reference datasets and estimates, and confirm that the impact is immaterial or has been mitigated effectively within its estimation process. Effective mitigation would not include:
setting floors to CCF or EAD observations;
using borrower-level estimates that do not cover the relevant product profile transformation options or inappropriately combine products with very different characteristics (such as revolving and non-revolving products);
adjusting only material observations affected by product profile transformation; and
excluding observations affected by product profile transformation (thereby potentially distorting the representativeness of the remaining data).
Where an ADI estimates CCFs directly, APS 113 (Attachment D, paragraph 99) requires those estimates to be quarantined effectively from the potential effects of the region of instability associated with facilities that are close to being fully drawn down at the reference date. In meeting this requirement, the ADI could use another estimation method that avoids the instability issue or switch to the other method as the region of instability is approached. Including limit utilisation as a driver in the model could quarantine much of the portfolio from this issue. Ineffective mitigation approaches include capping and flooring the reference data, and omitting observations that are judged to be affected.
APS 113 (Attachment D, paragraph 93) requires an ADI to use EAD estimates that are appropriate for an economic downturn if those estimates are more conservative than the long-run default-weighted average EAD. In this context, default-weighted average means weighted by the count of defaults. In calibrating EAD estimates to an economic downturn, the ADI could consider the cyclical nature, if any, of the drivers of its EAD models, internal data from previous downturns or external data.
Where EAD estimates are based on alternative measures of central tendency (such as the median or a higher percentile estimate) or on data from a downturn period, APRA expects an ADI to confirm that those estimates do not fall below the long-run defaultweighted average EAD for similar facilities.
Expected loss estimation
APS 113 (Attachment D, paragraph 102) requires an ADI to construct its best estimate of EL for each defaulted exposure based on current economic conditions and the facility’s status. In meeting this requirement, an ADI could use provisions for defaulted exposures (inclusive of forward-looking adjustments and overlays) as its best estimate of EL.
Chapter 7 - Validation of rating systems and risk estimates
APS 113 (Attachment D, paragraph 104) requires validation to be undertaken on an annual basis by personnel that are independent from those responsible for the development of an ADI’s rating systems and risk estimates. Independence would be supported by a separation of reporting lines and assessed based on outcomes and actions. To maintain independence, an ADI would usually avoid cross-validation whereby two separate departments validate their respective rating systems alternately.
Where there is early intervention by the validation function during the development process, an ADI would ensure that such intervention does not put the independence of validation into question. The validation function would independently report on its activities to senior management and the relevant governance committee.
An ADI would generally ensure that the validation function has sufficient authority, stature and influence to challenge the work of the development function effectively.
Where independent validation has been delegated to an external party, the internal validation function would usually still retain full and ultimate responsibility for validation activities.
An ADI would typically establish an overarching validation framework to facilitate robust and consistent validation analysis of its rating systems and risk estimates. In this context, validation analysis includes activities undertaken by the monitoring and validation functions to verify that the rating systems and risk estimates are sound and performing as expected, and to identify and assess potential limitations and weaknesses.
Good practice is for the validation framework to address the following elements:
roles and responsibilities: the roles and responsibilities of an ADI’s monitoring and validation functions and other key stakeholders would be clearly defined. For example, the independent validation function would usually evaluate new rating systems and risk estimates, and any changes, prior to implementation. Ongoing validation of the rating systems post implementation, which includes monitoring as well as periodic review, would typically be a joint responsibility of the monitoring and validation functions;
validation tasks and methodologies: the validation function would usually undertake its own analysis of material aspects of the ADI’s rating systems and risk estimates. This could include reviewing developmental evidence, replicating testing and conducting additional analysis as necessary. Validation tasks would be reviewed periodically to ensure that they continue to meet their objectives, and improved in line with changing industry practice and data availability. Certain validation tasks could be automated in order to provide the ADI with more capacity to focus on insights and commentary, and improve the timeliness of analysis and reporting;
performance metrics and tolerance thresholds: the validation framework would include defined criteria for conducting additional analysis and undertaking remedial actions such as redevelopment or recalibration;
scope and depth of analysis: validation analysis would usually include both quantitative and qualitative assessment. The level of scrutiny applied by the validation function would be commensurate with the materiality, complexity, uncertainty and performance of the ADI’s rating systems and risk estimates. Validation analysis would typically bring together available information from a range of sources in order to provide a holistic view of the effective functioning of the rating systems and risk estimates;
[7]
For example, the validation function could leverage insights from the credit assurance function about the effectiveness of credit risk assessment and the ongoing operational integrity and consistency of internal ratings.
validation review cycle: the review cycle would recognise that validation is a continuous process. It would generally include a helicopter view of the ADI’s validation work at least annually and additional analysis at a more granular level. The validation framework would usually address the prioritisation and frequency of validation activities. The framework would recognise that validation analysis might need to be undertaken out of cycle in response to emerging issues or special circumstances;
reporting: mechanisms for reporting validation results, management responses and remediation efforts would be clearly documented. Meaningful summary information on validation results and remedial actions would be provided to senior management, governance committees and other relevant stakeholders on a regular basis. The ADI would ensure that it responds appropriately to validation findings. There would be an established process for the independent validation function to escalate issues that are not being addressed promptly; and
documentation: the validation framework would establish standards for documenting validation analysis. Effective challenge of an ADI’s rating systems and risk estimates would be documented thoroughly. The scope, methodology and limitations of validation analysis would be recorded. Where component ratings are aggregated into an overall validation rating, the ADI would clearly document the aggregation method employed.
Validation analysis
Validation analysis would generally comprise an evaluation of the following elements:
design and construction: this would include a review of logic, conceptual soundness, methodology, risk drivers, rating philosophy, judgement and qualitative adjustments, limitations, weaknesses and key assumptions;
quality of data inputs and outputs: this would include an assessment of the representativeness of data, treatment of outliers and missing data, accuracy and completeness of data inputs, data cleansing and controls governing data capture;
performance: this would usually comprise an assessment of risk-ranking ability and backtesting results to verify the accuracy and suitability of model outputs. Where backtesting is inconclusive (such as because of too few defaults or no mix of high and low default periods), the ADI would consider other means of demonstrating the validity of its ratings and risk estimates. Analysis of rating system performance would be undertaken at a range of different levels (such as risk grade, intuitive risk segment, portfolio and rating system levels). The performance and applicability of group models would be assessed at a local level;
[8]
This could include benchmarking analysis, scenario and sensitivity testing, reviewing the relevance of developmental logic and assessing whether the rating system is operating as intended.
conservative adjustments: this would include an assessment of how conservative adjustments applied to internal rating systems and risk estimates are expected to mitigate limitations with the methodology and/or data;
implementation: this would usually include quality assurance of the computer code, and ensuring that implementation is consistent with development documentation and is subject to robust change control processes;
use: this would include analysis of the accuracy and consistency of ratings (such as recommended re-grades), overrides, aged ratings, aged financial information, technical defaults, unrated exposures and feedback received from users. An assessment of overrides would consider the implications of override rates for the validity of the rating systems and the appropriateness of rating policies;
documentation: this would include an assessment of the quality of documentation against internal standards; and
management reporting: this would include a review of the effectiveness of reporting to senior management, governance committees and other key stakeholders.
Good practice is for an ADI to evaluate, as part of ongoing validation, many of the elements evaluated at initial validation of the rating systems and risk estimates. For example, in addition to assessing performance, data quality and usage, ongoing validation may include a re-assessment of design and construction elements, and key limitations and assumptions.
Validation analysis would generally lead to an overall opinion about the adequacy of an
ADI’s rating systems and risk estimates. The validation opinion would form the basis of recommendations in respect of (ongoing) approval, enhancements, and conditions or constraints on usage to mitigate known limitations.
Validation analysis would generally incorporate all IRB exposures in a given portfolio at the reference date, including any modelling exclusions. Exposures would not be excluded for being below a certain size threshold; however, this would not preclude testing at different levels based on exposure size.
The validation of PD estimates for corporate, sovereign, financial institution and SME retail exposures is expected to be performed on a borrower basis. Analysis at a more aggregated level, such as borrower group or rating event could also be undertaken as a supplement but not as a replacement (acknowledging that a group rating is often assigned using consolidated financial information on the basis of cross-collateralisation or cross-guarantees).
Chapter 8 - Recognition of collateral, and receivables
Recognition of collateral
Eligible financial receivables
APS 113 (Attachment E, paragraph 4) details the operational criteria that must be met in order for an ADI to recognise financial receivables under the FIRB approach. One requirement is that the ADI must maintain a continuous monitoring process over the financial receivables taken as collateral. This process would include, as appropriate, monitoring over:
aging reports;
control of trade documents;
borrowing base certificates;
audit of collateral;
confirmation of accounts;
control of the proceeds of accounts paid; and
analyses of dilution and regular financial analysis of both the obligor and the receivables’ obligors. Good practice is for this to occur when a small number of large receivables are taken as collateral.
Compliance with loan covenants, environmental restrictions and other legal requirements would generally be reviewed on a regular basis.
In order to assess the credit risk of the financial receivables taken as collateral, an ADI could assess the obligor and the type of customers with whom it transacts, amongst other factors. Where the ADI relies on the obligor to review the credit risk of its customers, it would generally review the quality of the obligor’s credit policies.
Eligible commercial or residential real estate
APS 113 (Attachment E, paragraph 5) details the operational criteria that must be met in order for an ADI to recognise commercial and residential real estate under the FIRB approach. One requirement is the valuation of such properties at least annually. In order to satisfy this requirement, statistical methods of valuing collateral (such as reference to house price indices and sampling) could be used to update estimates or to identify collateral that may have declined in value and require re-appraisal. A formal valuation by a qualified professional is generally expected to be undertaken when information indicates that the value of collateral may have materially declined relative to general market prices, or when a credit event such as default occurs. Further guidance on prudent practice for determining security value is provided in APG 220.
Purchased receivables
For purchased receivables that qualify for the top-down approach, APS 113 requires an ADI to use methods and data for estimating PD, LGD and expected long-run average loss rates that comply with the risk quantification standards for retail exposures.
Risk quantification is expected to reflect all information available to an ADI regarding the quality of the underlying receivables, including data for similar pools provided by the seller, the ADI or external sources. An ADI would determine whether the data provided by the seller is consistent with the expectations agreed upon by both parties concerning the type, volume and ongoing quality of receivables purchased. Where this is not the case, APRA expects the ADI to obtain and rely upon more relevant data.
To qualify for the top-down approach for default risk, APS 113 (Attachment F, paragraph 21) requires an ADI to closely control and monitor the pools of receivables and overall lending relationship. This would generally include the following:
legal certainty: the structure of the facility under which the receivables are purchased would ensure that, in all foreseeable circumstances, the ADI has effective ownership and control of the cash remittances from the receivables, including incidences of seller or servicer distress and bankruptcy. When borrowers make payments directly to a seller or service, the ADI would verify regularly that all payments are forwarded to it within the contractually agreed terms. Ownership over the receivables and cash receipts would be protected against bankruptcy stays or legal challenges that could materially delay the ADI’s ability to liquidate or assign the receivables or retain control over cash remittances;
monitoring systems: the ADI would be able to monitor both the quality of the receivables and the financial condition of the seller and servicer. In particular:
the ADI would assess the correlation between the quality of the receivables and the financial condition of both the seller and servicer. The ADI would have in place internal policies and procedures that provide adequate safeguards to protect against such contingencies, including the assignment of an internal rating for each seller and servicer;
the ADI would have clear and effective policies and procedures for determining seller and servicer eligibility. The ADI or its agent would conduct periodic reviews of sellers and servicers in order to verify the accuracy of reports from the seller or servicer, detect fraud or operational weaknesses, and verify the quality of the seller’s credit policies and the servicer’s collection policies and procedures. The findings of those reviews would be documented;
the ADI would have the ability to assess the characteristics of the pools of receivables including over-advances, history of the seller’s arrears, bad debts and bad debt allowances, payment terms and potential contra-accounts;
the ADI would have effective policies and procedures for monitoring, on an aggregate basis, single-borrower concentrations both within and across pools of receivables; and
the ADI would receive timely and sufficiently detailed reports of the aging of receivables and dilution to ensure compliance with the ADI’s eligibility criteria and underwriting policies governing purchased receivables, and provide an effective means with which to monitor and confirm the seller’s terms of sale (such as invoice date aging) and dilution;
effective workout systems: the ADI would have policies and procedures for the early detection and control of a deterioration in the seller’s financial condition and the quality of receivables. In particular:
the ADI would normally have clear and effective policies, procedures and information systems to monitor compliance with all contractual terms of the facility (such as covenants, advancing formulas, concentration limits, early amortisation triggers), as well as policies governing advance rates and eligibility of the receivables. The ADI’s systems would generally track covenant violations and waivers as well as exceptions to established policies and procedures;
to limit inappropriate draws, the ADI would usually have policies and procedures for detecting, approving, monitoring and correcting overadvances; and
the ADI would have policies and procedures for managing financially weakened sellers or servicers or deterioration in the quality of pools of receivables. This could include early termination triggers in revolving facilities and other covenant protections, a structured and disciplined approach to managing covenant violations, and policies and procedures for initiating legal action and managing problem receivables;
effective systems for controlling collateral, credit availability and cash: the ADI would have policies and procedures governing the control of receivables, cash and credit. Those policies and procedures would generally:
specify all material elements of the receivables purchase program, including advance rates, eligible collateral, documentation, concentration limits and how cash remittances are managed. The elements would usually take account of all material relevant factors, including the seller’s and servicer’s financial condition, risk concentrations and trends in the quality of the receivables, and the seller’s customer base; and
ensure that funds are only advanced against specified supporting collateral and documentation (such as servicer attestations, invoices, shipping documents etc); and
compliance with the ADI’s internal policies and procedures: given the reliance on monitoring and control systems to limit credit risk, the ADI would usually have an internal process for assessing compliance with all critical policies and procedures including:
regular audits of all critical phases of the ADI’s receivables purchase program;
verification of the separation of duties between the assessment of the seller or servicer and the assessment of the obligor, and between the assessment of the seller or servicer and the field audit of the seller or servicer; and
evaluations of back office operations with particular focus on its independence, qualifications, experience, staffing levels and supporting systems.
Attachment A – IRB asset class flowchart
This flowchart provides an indicative mapping of IRB asset classes using the requirements in APS 113.
Attachment B – IRB asset class mapping
While there is no direct linkage between the IRB and standardised asset classes, Table 9 provides an indicative mapping. The table excludes standardised asset classes that could map to any IRB asset class, such as exposures through a third party.
Table 9. Indicative mapping to standardised asset classes
Description of segment |
Exposures to sovereigns |
Exposures to banks |
Exposures to non-bank financial institutions |
Covered bond exposures |
Exposures that are not secured by real estate |
Exposures for which residential real estate is the predominant real estate collateral |
Exposures for which commercial real estate is the predominant real estate collateral |
Exposures that relate to land acquisition for development and construction purposes, or the development and construction of real estate, but are not materially dependent on real estate income for repayment |
Exposures to domestic public sector entities |
Subordinated debt |
Project finance exposures |
Object finance exposures |
Commodities finance exposures |
Owner-occupied principal-andinterest loans |
Owner-occupied interest-only loans |
Investment loans secured by finished residential real estate |
Borrowers with five or more mortgaged investment properties |
Investment loans secured by residential real estate under construction or land upon which residential real estate will be constructed |
Exposures that are not secured by real estate |
Exposures for which residential real estate is the predominant real estate collateral |
Exposures for which commercial real estate is the predominant real estate collateral |
Exposures that relate to land acquisition for development and construction purposes, or the |
development and construction of residential or commercial real estate |
QRR exposures |
Other retail exposures |
Attachment C – LGD calculation examples
The numerical examples in this Attachment illustrate the calculation of realised LGD before collection costs under the change-in-balance and discounted write-off approaches.
Example 1: Write-off
A defaulted facility has a post-default contractual interest rate of 1 per cent per month, which keeps accruing post default, and an exposure at default of $100. The customer makes a postdefault drawdown of $10 in month 3 and is charged a $1 fee. The entire balance is written off after 6 months.
101 | 102 | 114 | 115 | 116 |
10 | ||||
1 | 1 | 1 | 1.1 | 1.2 |
1 | ||||
0.99 | 0.98 | 0.97 | 0.96 | 0.95 |
0 | 0 | -9.7 | 0 | 0 |
0 | 0 | -1 | 0 | 0 |
Example 2: Full recovery
A defaulted facility has a post-default contractual interest rate of 1 per cent per month, which keeps accruing post default, and an exposure at default of $100. The customer makes a post-default drawdown of $10 in month 3 and is charged a $1 fee. The entire balance is recovered after 6 months. Note that even though the calculated LGD in this example is -1 per cent, it would be set to 0 per cent according to paragraph 118 of this PPG.
Default | 1 | 2 | 3 | 4 | 5 |
100 | 101 | 102 | 114 | 115 | 116 |
10 | |||||
1 | 1 | 1 | 1.1 | 1.2 | |
1 | |||||
1 | 0.99 | 0.98 | 0.97 | 0.96 | 0.95 |
0 | 0 | 0 | -9.7 | 0 | 0 |
-1% | |||||
0 | 0 | 0 | -1 | 0 | 0 |
-1% |
Attachment D - Initial IRB approval
General expectations for IRB approval
APRA expects an ADI seeking approval to use an IRB approach for regulatory capital purposes to demonstrate that the:
use of risk-based capital and associated risk-adjusted performance measurement permeates the management of its business; and
Board and senior management are willing and able to incorporate the quantification of risk into management processes and decision-making.
A qualifying risk-adjusted performance based management system would generally include the elements in Table 10.
Table 10. Elements of a qualifying management system
IRB application process
An ADI would usually engage with APRA in advance of submitting a formal application for IRB approval. Initial engagement with APRA would typically include discussions about the ADI’s readiness for IRB approval given the proposed scope of application, implementation plan, internal rating systems and risk estimates to be used for regulatory capital purposes, and experience with internal credit risk measurement and management.
APRA expects an ADI’s formal application for IRB approval to contain theinformation in Table 11. To the extent possible, supporting documentation contained in an ADI’s formal IRB application would have been developed for internal purposes rather than IRB approval. Any summary documents requested by APRA are intended to be tools aimed at guiding APRA to the appropriate source documents such as policies, internal reports and Board briefing material. APRA expects the ADI to use cross-referencing extensively to avoid undue repetition or duplication in the documentation.
During the application process, an ADI would commence parallel reporting under an IRB approach in accordance with the timeliness and quality control requirements of the relevant reporting standards. Prior to IRB approval, APRA expects the ADI to complete at least two quarters of parallel reporting based on rating systems and risk estimates that produce credible results.
Table 11. IRB application documentation
Phased roll-out
APS 113 (paragraph 48) permits an ADI to adopt a phased roll-out of an IRB approach for material asset classes, sub-asset classes or business units subject to approval from APRA. An example of a phased roll-out approach that would be acceptable to APRA is the implementation of an IRB approach for some credit portfolios ahead of other portfolios, where:
the ADI has a credible plan for all material credit portfolios to be ultimately brought under the IRB approach;
APRA is confident that the period from initial approval to the full roll-out of an IRB approach would be no more than two years. The ADI’s IRB approval might be revoked if APRA forms the view that the roll-out period would exceed two years. At least 50 per cent of any expected regulatory capital benefit from initial IRB approval would usually become available only after the full roll-out of an IRB approach;
the initial approval covers the larger part of the ADI’s aggregate credit exposures;
the selection of portfolios for initial IRB approval is not motivated by ‘cherrypicking’ (in other words, the motivation is not to arbitrage between the IRB and standardised approaches); and
the ADI submits a single application to APRA covering all portfolios and is able to demonstrate, at the time of initial approval for any portfolios to be ultimately brought under an IRB approach, that:
the rating systems and risk estimates meet the key design and quantification requirements of APS 113;
the rating systems and risk estimates have been implemented and all exposures have been rated based on the latest rating systems under standard credit risk management control processes;
a validation and control framework (consisting of policies, procedures and resourcing) encompassing both quantitative and qualitative aspects of ratings and rating processes is in place;
at least two quarters of parallel reporting have been completed;
at least one cycle of annual validation and control processes applied to the latest rating systems and risk estimates has been completed; and
clear and achievable project timelines for closing outstanding gaps are in place.