Reset to Today

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004.

Content Options:

Content Options

View Options:

Alternative versions

  1. Point in time
    2005-07-01

PRU 3.1 1Credit risk management systems and controls

Application

PRU 3.1.1G

PRU 3.1 applies to an insurer unless it is:

  1. (1)

    a non-directive friendly society; or

  2. (2)

    an incoming EEA firm; or

  3. (3)

    an incoming Treaty firm.

PRU 3.1.2G

PRU 3.1 applies to:

  1. (1)

    an EEA-deposit insurer; and

  2. (2)

    a Swiss general insurer;

only in respect of the activities of the firm carried on from a branch in the United Kingdom.

Purpose

PRU 3.1.3G

This section provides guidance on how to interpret PRU 1.4 insofar as it relates to the management of credit risk.

PRU 3.1.4G

Credit risk is incurred whenever a firm is exposed to loss if another party fails to perform its financial obligations to the firm, including failing to perform them in a timely manner. It arises from both on and off balance sheet items. For contracts for traded financial instruments, for example the purchase and sale of securities or over the counter derivatives, risks may arise if the firm's counterparty does not honour its side of the contract. This constitutes counterparty risk, which can be considered a subset of credit risk. Another risk is issuer risk, which could potentially result in a firm losing the full price of a market instrument since default by the issuer could result in the value of its bonds or stocks falling to nil. In insurance firms, credit risk can arise from premium debtors, where cover under contracts of insurance may either commence before premiums become due or continue after their non-payment. Credit risk can also arise if a reinsurer fails to fulfil its financial obligation to repay a firm upon submission of a claim.

PRU 3.1.5G

Credit risk concerns the FSA in a prudential context because inadequate systems and controls for credit risk management can create a threat to the regulatory objectives of market confidence and consumer protection by:

  1. (1)

    the erosion of a firm's capital due to excessive credit losses thereby threatening its viability as a going concern;

  2. (2)

    an inability of a firm to meet its own obligations to depositors, policyholders or other market counterparties due to capital erosion.

PRU 3.1.6G

Appropriate systems and controls for the management of credit risk will vary with the scale, nature and complexity of the firm's activities. Therefore the material in this section is guidance. A firm should assess the appropriateness of any particular item of guidance in the light of the scale, nature and complexity of its activities as well as its obligations as set out in Principle 3 to organise and control its affairs responsibly and effectively.

Requirements

PRU 3.1.7G

High level requirements for prudential systems and controls, including those for credit risk, are set out in PRU 1.4. In particular:

  1. (1)

    PRU 1.4.19R (2) requires a firm to document its policy for credit risk, including its risk appetite and how it identifies, measures, monitors and controls that risk;

  2. (2)

    PRU 1.4.19R (2) requires a firm to document its provisioning policy. Documentation should describe the systems and controls that it intends to use to ensure that the policy is correctly implemented;

  3. (3)

    PRU 1.4.18 R requires it to establish and maintain risk management systems to identify, measure, monitor and control credit risk (in accordance with its credit risk policy), and to take reasonable steps to ensure that its systems are adequate for that purpose;

  4. (4)

    In line with PRU 1.4.11 G, the ultimate responsibility for the management of credit risk should rest with a firm's governing body. Where delegation of authority occurs the governing body and relevant senior managers should approve and periodically review systems and controls to ensure that delegated duties are being performed correctly.

Credit risk policy

PRU 3.1.8G

PRU 1.4.18 R requires a firm to establish, maintain and document a business plan and risk policies. They should provide a clear indication of the amount and nature of credit risk that the firm wishes to incur. In particular, they should cover for credit risk:

  1. (1)

    how, with particular reference to its activities, the firm defines and measures credit risk;

  2. (2)

    the firm's business aims in incurring credit risk including:

    1. (a)

      identifying the types and sources of credit risk to which the firm wishes to be exposed (and the limits on that exposure) and those to which the firm wishes not to be exposed (and how that is to be achieved, for example how exposure is to be avoided or mitigated);

    2. (b)

      specifying the level of diversification required by the firm and the firm's tolerance for risk concentrations (and the limits on those exposures and concentrations); and

    3. (c)

      drawing the distinction between activities where credit risk is taken in order to achieve a return (for example, lending) and activities where credit exposure arises as a consequence of pursuing some other objective (for example, the purchase of a derivative in order to mitigate market risk);

  3. (3)

    how credit risk is assessed both when credit is granted or incurred and subsequently, including how the adequacy of any security and other risk mitigation techniques is assessed;

  4. (4)

    the detailed limit structure for credit risk which should:

    1. (a)

      address all key risk factors, including intra-group exposures and indirect exposures (for example, exposures held by related and subsidiary undertakings);

    2. (b)

      be commensurate with the volume and complexity of activity;

    3. (c)

      be consistent with the firm's business aims, historical performance, and its risk appetite;

  5. (5)

    procedures for:

    1. (a)

      approving new or additional exposures to counterparties;

    2. (b)

      approving new products and activities that give rise to credit risk;

    3. (c)

      regular risk position and performance reporting;

    4. (d)

      limit exception reporting and approval; and

    5. (e)

      identifying and dealing with problem exposures caused by the failure or the downgrading of a counterparty;

  6. (6)

    the methods and assumptions used for the stress testing and scenario analysis required by PRU 1.2 (Adequacy of financial resources), including how these methods and assumptions are selected and tested;

  7. (7)

    the allocation of responsibilities for implementing the credit risk policy and for monitoring adherence to, and the effectiveness of, the policy.

Counterparty assessment

PRU 3.1.9G

The firm should make a suitable assessment of the risk profile of the counterparty. The factors to be considered will vary according to both the type of credit and the counterparty being considered. This may include:

  1. (1)

    the purpose of the credit, the duration of the agreement and the source of repayment;

  2. (2)

    an assessment and continuous monitoring of the credit quality of the counterparty;

  3. (3)

    an assessment of the claims payment record where the counterparty is a reinsurer;

  4. (4)

    an assessment of the nature and amount of risk attached to the counterparty in the context of the industrial sector or geographical region or country in which it operates, as well as the potential impact on the counterparty of political, economic and market changes; and

  5. (5)

    the proposed terms and conditions attached to the granting of credit, including ongoing provision of information by the counterparty, covenants attached to the facility as well as the adequacy and enforceability of collateral, security and guarantees.

PRU 3.1.10G

It is important that sound and legally enforceable documentation is in place for each agreement that gives rise to credit risk as this may be called upon in the event of a default or dispute. A firm should therefore consider whether it is appropriate for an independent legal opinion to be sought on documentation used by the firm. Documentation should normally be in place before the firm enters into a contractual obligation or releases funds.

PRU 3.1.11G

Where premium payments are made via brokers or intermediaries, the firm should describe how it monitors and controls its exposure to those brokers and intermediaries. In particular, the policy should identify whether the risk of default by the broker or intermediary is borne by the firm or the policyholder.

PRU 3.1.12G

Any variation from the usual credit policy should be documented.

PRU 3.1.13G

A firm involved in loan syndications or consortia should not rely on other parties' assessment of the credit risks involved. It will remain responsible for forming its own judgement on the appropriateness of the credit risk thereby incurred with reference to its stated credit risk policy. Similarly a firm remains responsible for assessing the credit risk associated with any insurance or reinsurance placed on its behalf by other parties.

PRU 3.1.14G

Where a credit scoring approach or other counterparty assessment process is used, the firm should periodically assess the particular approach taken in the light of past and expected future counterparty performance and ensure that any statistical process is adjusted accordingly to ensure that the business written complies with the firm's risk appetite.

PRU 3.1.15G

In assessing its contingent exposure to a counterparty, the firm should identify the amount which would be due from the counterparty if the value, index or other factor upon which that amount depends were to change.

Credit risk measurement

PRU 3.1.16G

A firm should measure its credit risk using a robust and consistent methodology which should be described in its credit risk policy; the appropriate method of measurement will depend upon the nature of the credit product provided. The firm should consider whether the measurement methodologies should be backtested and the frequency of such backtesting.

PRU 3.1.17G

A firm should also be able to measure its credit exposure across its entire portfolio or within particular categories such as exposures to particular industries, economic sectors or geographical areas.

PRU 3.1.18G

Where a firm is a member of a group that is subject to consolidated reporting, the group should be able to monitor credit exposures on a consolidated basis. See PRU 8 (Group risk).

PRU 3.1.19G

A firm should have the capability to measure its credit exposure to individual counterparties on at least a daily basis.

Risk monitoring

PRU 3.1.20G

A firm should implement an effective system for monitoring its credit risk which should be described in its credit risk policy.

PRU 3.1.21G

A firm should have a system of management reporting which provides clear, concise, timely and accurate credit risk reports to relevant functions within the firm. The reports could cover exceptions to the firm's credit risk policy, non-performing exposures and changes to the level of credit risk within the firm's credit portfolio. A firm should have procedures for taking appropriate action according to the information within the management reports, such as a review of counterparty limits, or of the overall credit policy.

PRU 3.1.22G

Individual credit facilities and overall limits should be periodically reviewed in order to check their appropriateness for both the current circumstances of the counterparty and the firm's current internal and external economic environment. The frequency of review should be appropriate to the nature of the facility.

PRU 3.1.23G

A firm should utilise appropriate stress testing and scenario analysis of credit exposures to examine the potential effects of economic or industry downturns, market events, changes in interest rates, changes in foreign exchange rates, changes in liquidity conditions and changes in levels of insurance losses where relevant.

Problem exposures

PRU 3.1.24G

A firm should have systematic processes for the timely identification, management and monitoring of problem exposures. These processes should be described in the credit risk policy.

PRU 3.1.25G

A firm should have adequate procedures for recovering exposures in arrears or that have had provisions made against them. A firm should allocate responsibility, either internally or externally, for its arrears management and recovery.

Provisioning

PRU 3.1.26G

PRU 1.4.19R (2) requires a firm to document its provisioning policy. A firm's provisioning policy can be maintained either as a separate document or as part of its credit risk policy.

PRU 3.1.27G

At intervals that are appropriate to the nature, scale and complexity of its activities a firm should review and update its provisioning policy and associated systems.

PRU 3.1.28G

In line with PRU 3.1.6 G, the FSA recognises that the frequency with which a firm reviews its provisioning policy once it has been established will vary from firm to firm. However, the FSA expects a firm to review at least annually whether its policy remains appropriate for the business it undertakes and the economic environment in which it operates.

PRU 3.1.29G

In line with PRU 1.4.12 G, the provisioning policy referred to in PRU 3.1.26 G must be approved by the firm's governing body or another appropriate body to which the firm's governing body has delegated this responsibility.

PRU 3.1.30G

In line with PRU 1.4.24 G, the FSA may request a firm to provide it with a copy of its current provisioning policy.

PRU 3.1.31G

Provisions may be general (against the whole of a given portfolio), specific (against particular exposures identified as bad or doubtful) or both. The FSA expects contingent liabilities (for example guarantees) and anticipated losses to be recognised in accordance with accepted accounting standards at the relevant time, such as those embodied in the Financial Reporting Standards issued by the Accounting Standards Board.

Risk mitigation

PRU 3.1.32G

A firm may choose to use various credit risk mitigation techniques including the taking of collateral, the use of letters of credit or guarantees, or counterparty netting agreements to manage and control their counterparty exposures. The use of such techniques does not obviate the need for thorough credit analysis and procedures. The reliance placed by a firm on risk mitigation should be described in the credit risk policy.

PRU 3.1.33G

A firm should consider the legal and financial ability of a guarantor to fulfil the guarantee if called upon to do so.

PRU 3.1.34G

A firm should monitor the validity and enforceability of its collateral arrangements.

PRU 3.1.35G

The firm should analyse carefully the protection afforded by risk mitigants such as netting agreements or credit derivatives, to ensure that any residual risk is identified, measured, monitored and controlled.

Record keeping

PRU 3.1.36G

Prudential records made under PRU 1.4.53 R should include appropriate records of:

  1. (1)

    credit exposures, including aggregations of credit exposures, as appropriate, by:

    1. (a)

      groups of connected counterparties;

    2. (b)

      types of counterparty as defined, for example, by the nature or geographical location of the counterparty;

  2. (2)

    credit decisions, including details of the decision and the facts or circumstances upon which it was made; and

  3. (3)

    information relevant to assessing current counterparty and risk quality.

PRU 3.1.37G

Credit records should be retained as long as they are needed for the purpose described in PRU 3.1.36 G (subject to the minimum three year retention period). In particular, a firm should consider whether it is appropriate to retain information regarding counterparty history such as a record of credit events as well as a record indicating how credit decisions were taken.