Credit risk is incurred whenever a firm is exposed to loss if another party fails to perform its financial obligations to the firm, including failing to perform them in a timely manner. It arises from both on and off balance sheet items. For contracts for traded financial instruments, for example the purchase and sale of securities or over the counter derivatives, risks may arise if the firm's counterparty does not honour its side of the contract. This constitutes counterparty risk, which can be considered a subset of credit risk. Another risk is issuer risk, which could potentially result in a firm losing the full price of a market instrument since default by the issuer could result in the value of its bonds or stocks falling to nil. In insurance firms, credit risk can arise from premium debtors, where cover under contracts of insurance may either commence before premiums become due or continue after their non-payment. Credit risk can also arise if a reinsurer fails to fulfil its financial obligation to repay a firm upon submission of a claim.
Credit risk concerns the FSA in a prudential context because inadequate systems and controls for credit risk management can create a threat to the regulatory objectives of market confidence,3 consumer protection and financial stability3by:
Appropriate systems and controls for the management of credit risk will vary with the scale, nature and complexity of the firm's activities. Therefore the material in this section is guidance. A firm should assess the appropriateness of any particular item of guidance in the light of the scale, nature and complexity of its activities as well as its obligation as set out in Principle 3 to organise and control its affairs responsibly and effectively.
High level requirements for prudential systems and controls, including those for credit risk, are set out in SYSC 14. In particular:
SYSC 14.1.19R (2) requires a firm to document its provisioning policy. Documentation should describe the systems and controls that it intends to use to ensure that the policy is correctly implemented;
SYSC 14.1.18 R requires it to establish and maintain risk management systems to identify, measure, monitor and control credit risk (in accordance with its credit risk policy), and to take reasonable steps to ensure that its systems are adequate for that purpose; or
in line with SYSC 14.1.11 G, the ultimate responsibility for the management of credit risk should rest with a firm's governing body. Where delegation of authority occurs the governing body and relevant senior managers should approve and periodically review systems and controls to ensure that delegated duties are being performed correctly.
SYSC 14.1.18 R requires a firm to establish, maintain and document a business plan and risk policies. They should provide a clear indication of the amount and nature of credit risk that the firm wishes to incur. In particular, they should cover for credit risk:
how, with particular reference to its activities, the firm defines and measures credit risk;
the firm's business aims in incurring credit risk including:
identifying the types and sources of credit risk to which the firm wishes to be exposed (and the limits on that exposure) and those to which the firm wishes not to be exposed (and how that is to be achieved, for example how exposure is to be avoided or mitigated);
drawing the distinction between activities where credit risk is taken in order to achieve a return (for example, lending) and activities where credit exposure arises as a consequence of pursuing some other objective (for example, the purchase of a derivative in order to mitigate market risk);
how credit risk is assessed both when credit is granted or incurred and subsequently, including how the adequacy of any security and other risk mitigation techniques is assessed;
the detailed limit structure for credit risk which should:
be commensurate with the volume and complexity of activity; and
be consistent with the firm's business aims, historical performance, and its risk appetite;
approving new or additional exposures to counterparties;
approving new products and activities that give rise to credit risk;
regular risk position and performance reporting;
limit exception reporting and approval; and
identifying and dealing with the problem exposures caused by the failure or downgrading of a counterparty;
the methods and assumptions used for the stress testing and scenario analysis required by GENPRU 1.2 (Adequacy of financial resources), including how these methods and assumptions are selected and tested; and
the allocation of responsibilities for implementing the credit risk policy and for monitoring adherence to, and the effectiveness of, the policy.
The firm should make a suitable assessment of the risk profile of the counterparty. The factors to be considered will vary according to both the type of credit and the counterparty being considered. This may include:
the purpose of the credit, the duration of the agreement and the source of repayment;
an assessment and continuous monitoring of the credit quality of the counterparty;
an assessment of the nature and amount of risk attached to the counterparty in the context of the industrial sector or geographical region or country in which it operates, as well as the potential impact on the counterparty of political, economic and market changes; and
the proposed terms and conditions attached to the granting of credit, including ongoing provision of information by the counterparty, covenants attached to the facility as well as the adequacy and enforceability of collateral, security and guarantees.
It is important that sound and legally enforceable documentation is in place for each agreement that gives rise to credit risk as this may be called upon in the event of a default or dispute. A firm should therefore consider whether it is appropriate for an independent legal opinion to be sought on documentation used by the firm. Documentation should normally be in place before the firm enters into a contractual obligation or releases funds.
Where premium payments are made via brokers or intermediaries, the firm should describe how it monitors and controls its exposure to those brokers and intermediaries. In particular, the policy should identify whether the risk of default by the broker or intermediary is borne by the firm or the policyholder.
A firm involved in loan syndications or consortia should not rely on other parties' assessment of the credit risks involved. It will remain responsible for forming its own judgement on the appropriateness of the credit risk thereby incurred with reference to its stated credit risk policy. Similarly a firm remains responsible for assessing the credit risk associated with any insurance or reinsurance placed on its behalf by other parties.
Where a credit scoring approach or other counterparty assessment process is used, the firm should periodically assess the particular approach taken in the light of past and expected future counterparty performance and ensure that any statistical process is adjusted accordingly to ensure that the business written complies with the firm's risk appetite.
A firm should measure its credit risk using a robust and consistent methodology which should be described in its credit risk policy; the appropriate method of measurement will depend upon the nature of the credit product provided. The firm should consider whether the measurement methodologies should be backtested and the frequency of such backtesting.
A firm should also be able to measure its credit exposure across its entire portfolio or within particular categories such as exposures to particular industries, economic sectors or geographical areas.
A firm should implement an effective system for monitoring its credit risk which should be described in its credit risk policy.
A firm should have a system of management reporting which provides clear, concise, timely and accurate credit risk reports to relevant functions within the firm. The reports could cover exceptions to the firm's credit risk policy, non-performing exposures and changes to the level of credit risk within the firm's credit portfolio. A firm should have procedures for taking appropriate action according to the information within the management reports, such as a review of counterparty limits, or of the overall credit policy.
Individual credit facilities and overall limits should be periodically reviewed in order to check their appropriateness for both the current circumstances of the counterparty and the firm's current internal and external economic environment. The frequency of review should be appropriate to the nature of the facility.
A firm should utilise appropriate stress testing and scenario analysis of credit exposures to examine the potential effects of economic or industry downturns, market events, changes in interest rates, changes in foreign exchange rates, changes in liquidity conditions and changes in levels of insurance losses where relevant.
A firm should have systematic processes for the timely identification, management and monitoring of problem exposures. These processes should be described in the credit risk policy.
At intervals that are appropriate to the nature, scale and complexity of its activities a firm should review and update its provisioning policy and associated systems.
In line with SYSC 15.1.6 G, the FSA recognises that the frequency with which a firm reviews its provisioning policy once it has been established will vary from firm to firm. However, the FSA expects a firm to review at least annually whether its policy remains appropriate for the business it undertakes and the economic environment in which it operates.
Provisions may be general (against the whole of a given portfolio), specific (against particular exposures identified as bad or doubtful) or both. The FSA expects contingent liabilities (for example guarantees) and anticipated losses to be recognised in accordance with accepted accounting standards at the relevant time, such as those embodied in the Financial Reporting Standards issued by the Accounting Standards Board.
A firm may choose to use various credit risk mitigation techniques including the taking of collateral, the use of letters of credit or guarantees, or counterparty netting agreements to manage and control their counterparty exposures. The use of such techniques does not obviate the need for thorough credit analysis and procedures. The reliance placed by a firm on risk mitigation should be described in the credit risk policy.
A firm should consider the legal and financial ability of a guarantor to fulfil the guarantee if called upon to do so.
Prudential records made under SYSC 14.1.53 R should include appropriate records of:
credit exposures, including aggregations of credit exposures, as appropriate, by:
credit decisions, including details of the decision and the facts or circumstances upon which it was made; and
information relevant to assessing current counterparty and risk quality.
Credit records should be retained as long as they are needed for the purpose described in SYSC 15.1.36 G (subject to the minimum three year retention period). In particular, a firm should consider whether it is appropriate to retain information regarding counterparty history such as a record of credit events as well as a record indicating how credit decisions were taken.