FR Doc 07-811

[Federal Register: February 28, 2007 (Volume 72, Number 39)]
[Notices]
[Page 9083-9193]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr28fe07-132]

[[Page 9083]]

-----------------------------------------------------------------------

Part II

Department of the Treasury

-----------------------------------------------------------------------

Office of the Comptroller of the Currency

Office of Thrift Supervision

-----------------------------------------------------------------------

Federal Reserve System

-----------------------------------------------------------------------

Federal Deposit Insurance Corporation

-----------------------------------------------------------------------

Proposed Supervisory Guidance for Internal Ratings-Based Systems for
Credit Risk, Advanced Measurement Approaches for Operational Risk, and
the Supervisory Review Process (Pillar 2) Related to Basel II
Implementation; Notice

[[Page 9084]]

-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

[Docket No. OCC-2007-0004]

FEDERAL RESERVE SYSTEM

[Docket No. OP-1277]

FEDERAL DEPOSIT INSURANCE CORPORATION

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

[No. 2007-06]

Proposed Supervisory Guidance for Internal Ratings-Based Systems
for Credit Risk, Advanced Measurement Approaches for Operational Risk,
and the Supervisory Review Process (Pillar 2) Related to Basel II
Implementation

AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC);
Board of Governors of the Federal Reserve System (Board); Federal
Deposit Insurance Corporation (FDIC); and Office of Thrift Supervision,
Treasury (OTS) (collectively, the Agencies).

ACTION: Proposed supervisory guidance with request for public comment.

-----------------------------------------------------------------------

SUMMARY: The Agencies are publishing for comment three documents that
set forth proposed supervisory guidance for implementing proposed
revisions to the risk-based capital standards in the United States (New
Advanced Capital Adequacy Framework or proposed framework). These
proposed revisions, which would implement the ``International
Convergence of Capital Measurement and Capital Standards: A Revised
Framework,'' published in June 2004 by the Basel Committee on Banking
Supervision (Basel II), in the United States, were published in the
Federal Register on September 25, 2006 as a notice of proposed
rulemaking (NPR or proposed rule). The proposed framework outlined in
the NPR would require some and permit other qualifying banks to
calculate their regulatory risk-based capital requirements using an
internal ratings-based (IRB) approach for credit risk and the advanced
measurement approaches (AMA) for operational risk (together, the
advanced approaches); it also provides guidelines for the supervisory
review process (Pillar 2). The proposed supervisory guidance documents
provide additional detail for the advanced approaches and the
supervisory review process that should help banks satisfy the
qualification requirements in the NPR.

DATES: Comments on the three proposed supervisory guidance documents
must be submitted on or before May 29, 2007.

ADDRESSES:
OCC: You must include OCC and Docket Number OCC-2007-0004 in your
comment. You may submit comments by any of the following methods:
Agency Web site: http://www.occ.treas.gov. Click on

``Contact the OCC,'' scroll down and click on ``Comments on Proposed
Regulations.''
E-mail address: regs.comments@occ.treas.gov.
Fax: (202) 874-4448.
Mail: Office of the Comptroller of the Currency, 250 E
Street, SW., Mail Stop 1-5, Washington, DC 20219.
Hand Delivery/Courier: 250 E Street, SW., Attn: Public
Information Room, Maila Stop 1-5, Washington, DC 20219.
Instructions: All submissions received must include the agency name
(OCC) and docket number for this proposed notice. In general, OCC will
enter all comments received into the docket without change, including
any business or personal information that you provide.
You may review comments and other related materials by any of the
following methods:
Viewing Comments Personally: You may personally inspect
and photocopy comments at the OCC's Public Information Room, 250 E
Street, SW., Washington, DC. You can make an appointment to inspect
comments by calling (202) 874-5043.
Viewing Comments Electronically: You may request e-mail or
CD-ROM copies of comments that the OCC has received by contacting the
OCC's Public Information Room at: regs.comments@occ.treas.gov.
Docket: You may also request available background
documents and project summaries using the methods described above.
Board: You may submit comments, identified by Docket No. OP-1277,
by any of the following methods:
Agency Web site: http://www.federalreserve.gov Follow the instructions for submitting comments at http://www.federalreserve.gov/.

Federal eRulemaking Portal: http://www.regulations.gov.

Follow the instructions for submitting comments.
docket number in the subject line of the message.
Fax: (202) 452-3819 or (202) 452-3102.
Mail: Jennifer J. Johnson, Secretary, Board of Governors
of the Federal Reserve System, 20th Street and Constitution Avenue,
NW., Washington, DC 20551.
All public comments are available from the Board's Web site at
http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as

submitted, unless modified for technical reasons. Accordingly, your
comments will not be edited to remove any identifying or contact
information. Public comments also may be viewed electronically or in
paper form in Room MP-500 of the Board's Martin Building (20th and C
Streets, NW.) between 9 a.m. and 5 p.m. on weekdays.
FDIC: You may submit comments by any of the following methods:
Agency Web Site: http://www.fdic.gov/regulations/laws/federal.
Follow instructions for submitting comments on the Agency Web

Site.
E-mail: Comments@FDIC.gov. Include ``Basel II Supervisory
Guidance'' in the subject line of the message.
Mail: Robert E. Feldman, Executive Secretary, Attention:
Comments, Federal Deposit Insurance Corporation, 550 17th Street, NW.,
Washington, DC 20429.
Hand Delivery/Courier: Guard station at the rear of the
550 17th Street Building (located on F Street) on business days between
7 a.m. and 5 p.m. (EST).
Federal eRulemaking Portal: http://www.regulations.gov.

Follow the instructions for submitting comments.
Public Inspection: All comments received will be posted without
change to http://www.fdic.gov/regulations/laws/federal including any

Follow the instructions for submitting comments.
2007-06 in the subject line of the message, and include your name and
telephone number in the message.
Fax: (202) 906-6518.

[[Page 9085]]

Mail: Regulation Comments, Chief Counsel's Office, Office
of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552,
Attention: No. 2007-06.
Hand Delivery/Courier: Guard's Desk, East Lobby Entrance,
1700 G Street, NW., from 9 a.m. to 4 p.m. on business days, Attention:
Regulation Comments, Chief Counsel's Office, Attention: No. 2007-06.
Instructions: All submissions received must include the agency name
and document number. All comments received will be posted without
change to http://www.ots.treas.gov/pagehtml.cfm?catNumber=67&an=1,

including any personal information provided.
Docket: For access to the docket to read background documents or
comments received, go to http://www.ots.treas.gov/pagehtml.cfm?catNumber=67&an=1.
In addition, you may inspect comments

at the Public Reading Room, 1700 G Street, NW., by appointment. To make
an appointment for access, call (202) 906-5922, send an e-mail to
public.info@ots.treas.gov, or send a facsimile transmission to (202)

906-7755. (Prior notice identifying the materials you will be
requesting will assist us in serving you.) We schedule appointments on
business days between 10 a.m. and 4 p.m. In most cases, appointments
will be available the next business day following the date we receive a
request.

FOR FURTHER INFORMATION CONTACT:
OCC: IRB guidance: Fred Finke, Senior Basel Policy Liaison (202-
874-4468 or fred.finke@occ.treas.gov); AMA guidance: Mark O'Dell,
Deputy Comptroller for Operational Risk (202-874-4316 or
mark.odell@occ.treas.gov); or guidance on supervisory review: Akhtarur

Siddique, Lead Expert (202-874-4665 or
akhtarur.siddique@occ.treas.gov); Office of the Comptroller of the

Currency, 250 E Street, SW., Washington, DC 20219.
Board: IRB guidance: Sabeth Siddique, Assistant Director, Credit
Risk Section (202-452-3861); AMA guidance: Stacy Coleman, Assistant
Director, Operational Risk Section (202-452-2934) or Connie Horsley,
Senior Supervisory Financial Analyst, Operational Risk Section (202-
452-5239); or guidance on supervisory review: David Palmer, Senior
Supervisory Financial Analyst, Credit Risk Section (202-452-2904);
Board of Governors of the Federal Reserve System, 20th Street and
Constitution Avenue, NW., Washington, DC 20551. Users of
Telecommunication Device for Deaf (TTD) only, call (202) 263-4869.
FDIC: IRB guidance: Pete Hirsch, Chief, Large Bank Supervision
(202-898-6751 or phirsch@fdic.gov), Curtis Wong, Senior Examination
Specialist, Planning and Program Development Section (202-898-7327 or
cwong@fdic.gov); AMA guidance: Mark S. Schmidt, Regional Director (678-

916-2189 or maschmidt@fdic.gov), Alfred Seivold, Senior Examination
Specialist, Large Bank Supervision (415-808-8248 or aseivold@fdic.gov);
or guidance on supervisory review: Bobby Bean, Chief, Capital Markets
Policy Section (202-898-3575 or bbean@fdic.gov), Gloria Ikosi, Senior
Quantitative Risk Analyst, Capital Markets Policy Section (202-898-3997
or gikosi@fdic.gov); Federal Deposit Insurance Corporation, 550 17th
Street, NW., Washington, DC 20429.
OTS: IRB guidance: David Tate, Manager, Examination Quality Review
(202-906-5717); AMA guidance: Eric Hirschhorn, Senior Financial
Economist, Credit Policy (202-906-7350); or guidance on supervisory
review: Sonja White, Senior Project Manager, Capital Policy (202-906-
7857); Office of Thrift Supervision, 1700 G Street, NW., Washington, DC
20552.

SUPPLEMENTARY INFORMATION: The Agencies issued an NPR on September 25,
2006,\ 1\ which seeks comment on the New Advanced Capital Adequacy
Framework that revises the existing general risk-based capital
standards as applied to large, internationally active U.S. banks.\2\
The public comment period on the NPR closes on March 26, 2007.\3\ The
proposed framework would implement Basel II in the United States.
---------------------------------------------------------------------------

\1\ See 71 FR 55830 (Sept. 25, 2006).
\2\ For simplicity, and unless otherwise noted, the term
``banks'' is used here to refer to banks, savings associations, and
bank holding companies. The terms ``bank holding company'' and
``BHC'' refer only to bank holding companies regulated by the Board
and do not include savings and loan holding companies regulated by
the OTS. For a detailed description of the institutions covered by
this notice, refer to part I, section 1, of the NPR.
\3\ See 71 FR 77518 (Dec. 26, 2006).
---------------------------------------------------------------------------

As described in the NPR, Basel II sets forth a three-pillar
framework encompassing regulatory risk-based capital requirements
(Pillar 1); supervisory review of capital adequacy (Pillar 2); and
market discipline through enhanced public disclosures (Pillar 3). The
proposed framework outlined in the NPR for Pillar 1 would require some
and permit other qualifying banks to calculate their regulatory risk-
based capital requirements using the IRB approach for credit risk and
the AMA for operational risk.\4\ The NPR also requires a process for
the supervisory review of capital adequacy under Pillar 2, and outlines
requirements for enhanced public disclosures under Pillar 3.\5\ The NPR
describes the qualification process and provides qualification
requirements for obtaining supervisory approval for use of the advanced
approaches.\6\ The qualification requirements are written broadly to
accommodate the many ways a bank may design and implement robust credit
and operational risk measurement and management systems, and to permit
industry practice to evolve.
---------------------------------------------------------------------------

\4\ While Basel II provides several approaches for calculating
regulatory risk-based capital requirements under Pillara1, only the
advanced approaches are proposed for implementation in the United
States.
\5\ Supervisory expectations pertaining to a bank's public
disclosures are not part of this notice.
\6\ See part III, section 22 of the NPR.
---------------------------------------------------------------------------

The proposed supervisory guidance documents are companion guidance
to the September 2006 NPR and, as such, are designed to be consistent
with the proposed rule and do not address any public comments since the
NPR was issued. They provide additional detail that should help banks
satisfy the qualification requirements in the NPR. However, the
publication of these guidance documents for comment does not imply that
the outcome of the NPR has already been determined. As part of the
regulatory rulemaking process, the proposed guidance documents are
subject to change as needed based on, among other things, the public
comments on the guidance and the Agencies' decisions regarding any
final rule.
The Agencies believe that the proposed supervisory guidance
documents are necessary to supplement the proposed framework with
standards to promote safety and soundness and encourage comparability
across banks. A bank's primary Federal supervisor will review the
bank's framework relative to the qualification requirements in the NPR
to determine whether the bank may apply the advanced approaches and has
complied with the proposed rule in determining its regulatory capital
requirements.
In August 2003, the Agencies issued an advance notice of proposed
rulemaking (ANPR), which described the proposed revisions to the
existing risk-based capital framework in general terms and sought
public comment.\7\ The content of the ANPR was based, in large part, on
the April 2003 version of the Basel II framework.\8\ Contemporaneously
with the ANPR, the Agencies also issued for public

[[Page 9086]]

comment two proposed supervisory guidance documents relating to the
proposed framework.\9\ The first proposed 2003 guidance document
described supervisory views on the credit risk measurement and
management systems that should be implemented by banks that adopt the
IRB approach for computing risk-based capital requirements for
corporate credit risk exposures. The second proposed 2003 guidance
document provided supervisory views on the operational risk measurement
and management systems that should be implemented by banks that adopt
the AMA for computing risk-based capital requirements for operational
risk, including their operational risk management, data elements, and
quantification processes. In October 2004, the Agencies also issued for
public comment proposed supervisory guidance on IRB systems for retail
credit risk exposures.\10\
---------------------------------------------------------------------------

\7\ See 68 FR 45900 (Aug. 4, 2003).
\8\ See The New Basel Capital Accord (April 2003) (available at
http://www.bis.org).

\9\ See 68 FR 45949 (Aug. 4, 2003).
\10\ See 69 FR 62748 (Oct. 27, 2004), and 70 FR 423 (Jan. 4,
2005) (correction).
---------------------------------------------------------------------------

The first guidance document presented in this notice sets forth
proposed supervisory guidance on IRB systems for credit risk covering
the wholesale and retail exposure categories, as well as guidance on
the equity and securitization exposure categories (IRB Guidance). Under
the IRB framework, banks would use internal estimates of certain risk
components as key inputs in the determination of their regulatory risk-
based capital requirement for credit risk. As mentioned above, the
Agencies previously published proposed supervisory guidance on a bank's
IRB systems for corporate and retail exposures in 2003 and 2004,
respectively. Since the release of those documents, the Agencies have
continued to refine the proposals based on insights gained from public
comment and the collective efforts of the interagency IRB working
groups. The IRB Guidance updates and consolidates the previously
proposed supervisory guidance on corporate and retail exposures. It
also provides new guidance on systems a bank may need to differentiate
the risk of other credit exposure types, such as equity and
securitization exposures, as well as to recognize the benefits of
financial collateral in mitigating counterparty credit risk in certain
transactions or to use the double default treatment for certain
wholesale exposures.
The IRB Guidance is structured somewhat differently from the
proposed supervisory guidance issued in 2003 and 2004. Those guidance
documents contained four chapters covering corporate ratings and retail
segmentation systems, quantification, data management and maintenance,
and controls, with discussion of validation and stress testing
contained within the rating and segmentation and quantification
chapters. The structure of the IRB Guidance generally follows the key
components of a bank's advanced systems for credit risk outlined in the
NPR. Chapter 1 provides guidance on governance of a bank's overall
advanced systems for credit risk. Chapters 2 through 5 cover the
components of a bank's IRB systems for wholesale and retail exposures.
Chapters 6 and 7 provide guidance on data management and maintenance
and the control and validation framework. Chapter 8 provides guidance
on stress testing. Chapters 9 through 11 provide guidance on the other
systems a bank may need to differentiate risk in certain transactions
subject to counterparty credit risk, equity exposures, and
securitization exposures.
The IRB Guidance supplements the NPR and provides additional
context and detail to help banks meet the qualification requirements in
the NPR relevant to a bank's systems and processes for credit risk.
Thus, the guidance should be read alongside the NPR to obtain a full
perspective of the underlying requirements in the proposed rule. The
guidance does not contain additional proposed requirements that are not
in the NPR. Chapters 5, 9, 10, and 11, are being issued for the first
time and supplement the detailed discussion of those topics in the NPR.
Similar to the previously proposed corporate and retail guidance, the
IRB Guidance contains supervisory standards (designated with an ``S'')
that highlight important elements of a bank's advanced systems for
credit risk. The supervisory standards contained in the previously
proposed corporate and retail guidance documents have been consolidated
and updated and new supervisory standards are proposed.
The second guidance document in this notice sets forth proposed
supervisory guidance on the AMA for operational risk (AMA Guidance),
updating the proposed AMA Guidance published in 2003. Since the
issuance of that proposed AMA Guidance, the Agencies have revised the
guidance to clarify issues and simplify, wherever possible, supervisory
standards. The revisions are based on insights gained from public
comment and the collective efforts of the interagency AMA working
group. Under the AMA framework, a bank would rely on internal estimates
of its operational risk exposure to generate its regulatory risk-based
capital requirement for operational risk. The AMA Guidance provides
additional context and detail to help a bank meet the qualification
requirements outlined in the NPR relevant to operational risk.
Some of the specific revisions to the AMA Guidance include: (1)
Clarifying the roles of a bank's board of directors and management in
developing and overseeing the implementation of the bank's AMA
framework; (2) expanding standard 5 to address the integration of the
bank's operational risk management, data and assessment, and
quantification processes into the bank's existing risk management
decision-making processes; (3) expanding and clarifying operational
risk quantification standards both to reflect the evolution of industry
practices, as well as to address supervisory concerns; (4) clarifying
supervisory expectations regarding the use of scenario analysis, the
key elements used to support operational risk management and
measurement, and eligible operational risk offsets (see standards 20,
24, and 26, respectively); (5) adding standard 25 that discusses how
frequently a bank must recalculate its estimate of operational risk
exposure and its risk-based capital requirement for operational risk;
(6) adding standard 27 that a bank must employ a unit of measure that
is appropriate for its range of business activities and the variety of
operational loss events to which it is exposed; (7) expanding the
discussion on dependence modeling in standard 28; and (8) adding a
section that discusses a bank's use, in certain limited circumstances,
of an alternative quantification system to estimate its operational
risk exposure.
The Agencies recognize that a bank required to adopt an AMA
framework may have developed an implementation plan using the proposed
supervisory standards in the 2003 proposed AMA Guidance to assess its
status in meeting the requirements proposed in the ANPR and to
determine additional work needed to comply with those requirements. The
table below maps the current proposed supervisory standards to those in
the 2003 proposed AMA Guidance.

Comparison of Current Proposed AMA Supervisory Standards to the 2003
Proposed AMA Supervisory Standards
------------------------------------------------------------------------
2003 Proposed
Current Proposed Standard Number Standard
Number
------------------------------------------------------------------------
1....................................................... 1

[[Page 9087]]

2....................................................... 8
3....................................................... 11
4....................................................... 2
5....................................................... 3
6....................................................... 4
7....................................................... 5
8....................................................... 6
9....................................................... 7
10...................................................... 9, 10
11...................................................... 12
12...................................................... 13, 14
13...................................................... 15
14...................................................... 16
15...................................................... 17
16...................................................... 18
17...................................................... 19
18...................................................... 20
19...................................................... 21
20...................................................... 24
21...................................................... 22
22...................................................... 23
23...................................................... 25
24...................................................... 27
25...................................................... New
26...................................................... 28
27...................................................... New
28...................................................... 29
29...................................................... 30
30...................................................... 26
31...................................................... 31
32...................................................... 32, 33
------------------------------------------------------------------------

The third document sets forth proposed supervisory guidance on the
supervisory review process (Pillar 2) in the New Advanced Capital
Adequacy Framework. The process of supervisory review described in this
proposed guidance document reflects a continuation of the longstanding
approach employed by the Agencies in their supervision of banks.
However, new methods for calculating regulatory risk-based capital
requirements--such as those in the proposed framework--and development
of improved risk monitoring and management tools within the industry
often bring changes in the relative emphasis placed on the various
aspects of supervisory review. This proposed guidance document
highlights aspects of existing supervisory review that are being
augmented or more clearly defined to support the proposed framework.
Under the framework, in determining the extent to which banks should
hold capital in excess of regulatory minimums, supervisors would
consider the combined implications of a bank's compliance with
qualification requirements for regulatory risk-based capital standards,
the quality and results of its internal capital adequacy assessment
process (ICAAP), and supervisory assessment of its risk management
processes, control structure, and other relevant information relating
to its risk profile and capital position. The ICAAP (while not
mandating the determination of economic capital) should, to the extent
possible, identify and measure material risks, which may include (but
should not necessarily be limited to) credit risk, market risk,
operational risk, interest rate risk, and liquidity risk, and account
for concentrations within and among risk types.
The Agencies solicit comment on all aspects of the supervisory
guidance documents. In addition, the Agencies believe an important goal
for any regulatory capital system is to achieve a measure of
consistency in the capital requirements assigned to exposures with
similar risk profiles held by different banks. The Agencies seek
comment on the extent to which this proposed supervisory guidance will
promote that objective.

Paperwork Reduction Act

A. Request for Comment on Proposed Information Collection

In accordance with the requirements of the Paperwork Reduction Act
of 1995, the Agencies may not conduct or sponsor, and the respondent is
not required to respond to, an information collection unless it
displays a currently valid Office of Management and Budget (OMB)
control number. The Agencies are requesting comment on a proposed
information collection. The Agencies are also giving notice that the
proposed collection of information has been submitted to OMB for review
and approval.
Comments are invited on:
(a) Whether the collection of information is necessary for the
proper performance of the Agencies' functions, including whether the
information has practical utility;
(b) The accuracy of the estimates of the burden of the information
collection, including the validity of the methodology and assumptions
used;
(c) Ways to enhance the quality, utility, and clarity of the
information to be collected;
(d) Ways to minimize the burden of the information collection on
respondents, including through the use of automated collection
techniques or other forms of information technology; and
(e) Estimates of capital or start up costs and costs of operation,
maintenance, and purchase of services to provide information.
Comments should be addressed to:
OCC: Communications Division, Office of the Comptroller of the
Currency, Public Information Room, Mail stop 1-5, Attention: 1557-NEW,
250 E Street, SW., Washington, DC 20219. In addition, comments may be
sent by fax to (202) 874-4448, or by electronic mail to
regs.comments@occ.treas.gov. You can inspect and photocopy the comments

at the OCC's Public Information Room, 250 E Street, SW., Washington, DC
20219. You can make an appointment to inspect the comments by calling
(202) 874-5043.
Board: You may submit comments, identified by FR 4199, by any of
the following methods:
Agency Web Site: http://www.federalreserve.gov Follow the instructions for submitting comments at http://www.federalreserve.gov/.

Federal eRulemaking Portal: http://www.regulations.gov.

Follow the instructions for submitting comments.
Fax: (202) 452-3819 or (202) 452-3102.
Mail: Jennifer J. Johnson, Secretary, Board of Governors
of the Federal Reserve System, 20th Street and Constitution Avenue,
NW., Washington, DC 20551.
All public comments are available from the Board's Web site at
http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as

submitted, except as necessary for technical reasons. Accordingly, your
comments will not be edited to remove any identifying or contact
information. Public comments may also be viewed electronically or in
paper form in Room MP-500 of the Board's Martin Building (20th and C
Streets, NW.) between 9 a.m. and 5 p.m. on weekdays.
FDIC: You may submit comments by any of the following methods:
Agency Web Site: http://www.fdic.gov/regulations/laws/federal.
Follow instructions for submitting comments on the Agency Web

[[Page 9088]]

Federal eRulemaking Portal: http://www.regulations.gov.

Follow the instructions for submitting comments.
Public Inspection: All comments received will be posted without
change to http://www.fdic.gov/regulations/laws/federal including any

personal information provided. Comments may be inspected and
photocopied in the FDIC Public Information Center, 3501 North Fairfax
Drive, Room E-1002, Arlington, VA 22226, between 9 a.m. and 5 p.m.
(EST) on business days. Paper copies of public comments may be ordered
from the Public Information Center by telephone at (877) 275-3342 or
(703) 562-2200.
A copy of the comments may also be submitted to the OMB desk
officer for the Agencies: By mail to U.S. Office of Management and
Budget, 725 17th Street, NW., 10235, Washington, DC 20503 or
by facsimile to 202-395-6974, Attention: Federal Banking Agency Desk
Officer.
OTS: Information Collection Comments, Chief Counsel's Office,
Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552;
send a facsimile transmission to (202) 906-6518; or send an e-mail to
infocollection.comments@ots.treas.gov. OTS will post comments and the

related index on the OTS Internet site at http://www.ots.treas.gov. In

addition, interested persons may inspect the comments at the Public
Reading Room, 1700 G Street, NW., by appointment. To make an
appointment, call (202) 906-5922, send an e-mail to
public.info@ots.treas.gov, or send a facsimile transmission to (202)

906-7755.

B. Proposed Information Collection

Title of Information Collection: Proposed Basel II Interagency
Supervisory Guidance for IRB, AMA, and the Supervisory Review Process.
Frequency of Response: Event-generated.
Affected Public:
OCC: National banks.
Board: State member banks, bank holding companies, affiliates and
certain non-bank subsidiaries of bank holding companies, commercial
lending companies owned or controlled by foreign banks, and Edge and
agreement corporations.
FDIC: Insured nonmember banks and certain subsidiaries of these
entities.
OTS: Savings associations and certain of their subsidiaries.
Abstract: The notice sets forth three proposed supervisory guidance
documents for implementing proposed revisions to the risk-based capital
standards in the United States (New Advanced Capital Adequacy
Framework). The proposed guidance documents concern (1) the internal
ratings-based systems for credit risk (IRB), (2) the advanced
measurement approaches for operational risk (AMA), and (3) the
supervisory review process (Pillar II).
The Agencies believe that the documentation, prior approvals, and
disclosures included in the proposed IRB and AMA guidance are directly
related to the information collection requirements found in the Basel
II notice of proposed rulemaking (NPR) published in the Federal
Register on September 25, 2006 (71 FR 55830). More specifically, the
information collection aspects of the proposed IRB and AMA guidance tie
to the following sections of the NPR: 21, 22, 44, 53, and 71. The
Agencies believe that the burden estimates developed for the NPR
adequately cover the additional specificity contained in the proposed
IRB and AMA guidance.
For the proposed Pillar II portion of the guidance, the Agencies
believe that paragraphs 25, 31, 35, 37, and 42 impose new information
collection requirements that were beyond the scope of the burden
estimates developed for the NPR. The agencies burden estimates for
these additional information collection requirements are summarized
below. Note that the estimated number of respondents listed below
include both institutions for which the Basel II risk-based capital
requirements are mandatory and institutions that may be considering
opting-in to Basel II (despite the lack of any formal commitment by
most of these latter institutions).
Estimated Burden:

OCC

Number of Respondents: 52.
Estimated Burden per Respondent: 140 hours.
Total Estimated Annual Burden: 7,280 hours.

Board

Number of Respondents: 15.
Estimated Burden per Respondent: 420 hours.
Total Estimated Annual Burden: 6,300 hours.

FDIC

Number of Respondents: 19.
Estimated Burden per Respondent: 420 hours.
Total Estimated Annual Burden: 7,980 hours.

OTS

Number of Respondents: 4.
Estimated Burden per Respondent: 420 hours.
Total Estimated Annual Burden: 1,680 hours.
The proposed supervisory guidance documents follow:

Proposed Supervisory Guidance on Internal Ratings-Based Systems for
Credit Risk

Table of Contents

Introduction

I. Purpose
II. Scope of Guidance

Chapter 1: Advanced Systems for Credit Risk

Rule Requirements

I. Overview
II. Governance of Advanced Systems

Chapter 2: Wholesale Risk Rating Systems

Rule Requirements

I. Overview
II. Credit Rating Assignment Techniques
A. Expert Judgment
B. Models
C. Constrained Judgment
D. Rating Overrides
III. Definition of Default
IV. Independence of the Wholesale Risk Rating Process
V. IRB Risk Rating System Architecture
A. Two-Dimensional Risk-Rating System
B. Other Considerations

Chapter 3: Retail Segmentation Systems

Rule Requirements

I. Overview
II. Definition of Default
III. Retail Segmentation Architecture
A. Criteria for Retail Segmentation
B. Assignment of Exposures to Retail Segments

Chapter 4: Quantification

Rule Requirements

I. Overview
A. Stages of the Quantification Process
B. General Standards for Sound Quantification
II. Probability of Default (PD)
A. Data
B. Estimation
C. Mapping
D. Application
III. Expected Loss Given Default (ELGD) and Loss Given Default (LGD)
A. Data
B. Estimation
C. Mapping
D. Application
IV. Exposure at Default (EAD)
A. Data
B. Estimation
C. Mapping
D. Application
V. Maturity (M)
VI. Special Cases and Applications
A. Loan Sales
B. Multiple Legal Entities
Appendix A: Illustrations of the Quantification Process for
Wholesale

[[Page 9089]]

Portfolios
Appendix B: Illustrations of the Quantification Process for Retail
Portfolios

Chapter 5: Wholesale Credit Risk Protection

Rule Requirements

Chapter 6: Data Management and Maintenance

Rule Requirements

I. Overview
II. General Data Requirements
A. Life Cycle Tracking for Wholesale Exposures
B. Rating Assignment Data for Wholesale Exposures
C. Segmentation Data for Retail Exposures
D. Outsourced Activities
E. Asset Sales
III. Data Applications
A. Validation and Refinement
B. Applying IRB System Improvements Historically
C. Calculating Risk-Based Capital Ratios and Reporting to the
Public
D. Supporting Risk Management
IV. Managing Data Quality and Integrity
A. Documentation and Definitions
B. Electronic Storage and Access
Appendix A: Data Elements for Wholesale and Retail Exposures
A. Examples of Data Elements for Wholesale Exposures
B. Examples of Data Elements for Retail Exposures
Appendix B: Applying Risk Rating System Improvements Historically

Chapter 7: Controls and Validation

Rule Requirements

I. Overview
II. Reviews of the IRB System
III. Consistency Between IRB Systems and Risk Management Processes
IV. Internal Audit
V. Validation Activities
A. General Validation Requirements
B. Validation Activities
C. Minimum Frequency of Validation

Chapter 8: Stress Testing of Risk-Based Capital Requirements

Rule Requirements

Chapter 9: Counterparty Credit Risk Exposure

Rule Requirements

I. Overview
II. Transactions with Counterparty Credit Risk
III. Definitions
IV. Netting
V. Determination of Eligibility for EAD Adjustment
VI. Methods for Determining EAD
A. Methodologies for Repo-style Transactions and Eligible Margin
Loans
B. EAD for OTC Derivative Contracts
C. Internal Models Methodology
VII. Defaulted Counterparties

Chapter 10: Risk-Weighted Assets for Equity Exposures

Rule Requirements

I. Overview
II. Definition of Banking Book Equities
III. Applying the Framework
IV. Using Internal Models for Equity Exposures
V. Quantification of Equity Exposures
A. Reference Data
B. External Data
C. Estimation
VI. Validation of Internal Models for Equity Exposures
VII. Consistency Between Internal Models Used for Equity Exposures
and Risk Management Processes

Chapter 11: Securitizations

Rule Requirements

I. Overview
II. Scope of Application
III. General Principles of the Securitization Framework
A. Risk Transference
B. Implicit Support
C. Servicer Cash Advances
D. Clean-up Calls
E. Maximum Capital Requirements for Securitization Exposures
IV. Hierarchy of Approaches
V. IRB Approaches for Securitization Exposures
A. Ratings-Based Approach
B. Internal Assessment Approach
VI. Internal Credit Assessment Process in the IAA
VII. Validation of IAA
A. Supervisory Formula Approach
VIII. Early Amortization Provisions
IX. Data Management Requirements
A. Data Elements
Appendix A: Description of the Supervisory Formula Approach (SFA).
Appendix B: Examples of Data Elements for Securitization Exposures
Attachment A: The NPR Qualification Requirements Related to the IRB
Framework
Attachment B: Supervisory Standards
Attachment C: Acronym List

Introduction

I. Purpose

1. This proposed guidance (``guidance''), published jointly by the
U.S. Federal banking agencies \1\ provides supervisory guidance for
U.S. banks, thrifts, and bank holding companies (``banks'') that adopt
the Advanced Internal Ratings-Based Approach (``IRB'' or ``IRB
framework'') for calculating minimum regulatory risk-based capital
(``risk-based capital'') requirements for credit risk under the Basel
II capital regulation.
---------------------------------------------------------------------------

\1\ The Federal banking agencies are: The Board of Governors of
the Federal Reserve System; the Federal Deposit Insurance
Corporation; the Office of the Comptroller of the Currency; and the
Office of Thrift Supervision; and will collectively be referred to
as ``the Agencies,'' ``supervisors,'' or ``regulators'' in this
guidance.
---------------------------------------------------------------------------

2. This guidance supplements the notice of proposed rulemaking
(``NPR'' or ``proposed rule'') published in the Federal Register on
September 25, 2006.\2\ The NPR proposes a regulatory framework within
which all banks subject to the proposed rule must develop their IRB
systems. The NPR contains qualification requirements that each bank
subject to the proposed rule must meet to the satisfaction of its
primary Federal supervisor before using its IRB systems to calculate
risk-based capital requirements. As stated in the preamble to the NPR,
the qualification requirements for these systems are written in broad
terms to accommodate the many ways a bank may design and implement a
robust internal risk measurement and management system and to permit
industry practice to evolve. As a supplement to the NPR, this guidance
provides supervisory standards and additional detail on credit risk
measurement and management systems that will assist banks in satisfying
the requirements in the NPR.
---------------------------------------------------------------------------

\2\ 71 FR 55830 (Sept. 25, 2006).
---------------------------------------------------------------------------

II. Scope of Guidance

3. The focus of this guidance is on wholesale, retail, equity, and
securitization exposures. A bank subject to the IRB framework for
credit risk in the NPR is required to have systems for determining
risk-based capital requirements for its wholesale and retail exposures.
The wholesale category includes corporate exposures (for example,
exposures to companies and banks, as well as commercial real estate
exposures and other types of specialized lending), sovereign exposures,
and other non-retail exposures. The retail category includes
residential mortgage exposures, qualifying revolving exposures (QRE),
and other retail exposures.
4. A bank may also need systems to differentiate the risk of other
exposure types, such as equity and securitization exposures, as well as
to recognize the benefits of financial collateral in mitigating
counterparty credit risk in certain transactions or to use double
default treatment for certain wholesale exposures.
5. In aggregation, the IRB systems and other systems for
differentiating credit risk are defined in the NPR and in this guidance
as a bank's ``advanced systems.'' This guidance covers advanced systems
for all of a bank's credit-related exposure types. A bank's advanced
systems also include its systems for determining risk-based capital
requirements for its operational risk exposures under the proposed
Advanced Measurement Approaches (``AMA'') framework, which is the
subject of a separate supervisory

[[Page 9090]]

guidance document. Certain banks subject to the proposed rule may also
be required to calculate risk-based capital requirements for their
market risk exposures.
6. As described in separate guidance relating to supervisory review
(Pillar 2), in addition to meeting qualification requirements for
regulatory risk-based capital standards, a bank must have a rigorous
process for assessing its overall capital adequacy in relation to its
risk profile and a comprehensive strategy for maintaining an
appropriate level of capital. This process (while not mandating the
determination of economic capital) should, to the extent possible,
identify and measure material risks, which may include (but should not
necessarily be limited to) credit risk, market risk, operational risk,
interest rate risk, and liquidity risk, and account for concentrations
within and among risk types. One of the main objectives of the internal
capital adequacy assessment process is to identify the extent to which
banks need to hold capital above regulatory minimums, in order to
address risks not adequately captured by minimum regulatory capital
requirements.
7. A primary objective of the IRB framework is to make the risk-
based capital requirements more sensitive to credit risk. In general,
the IRB framework incorporates recent developments in risk management
and banking supervision. Under this framework, banks use their own
internal risk rating and segmentation systems, as well as their
quantification processes, to generate estimates of risk parameters that
are inputs to the calculation of the risk-based capital requirements.
Data that support accurate and reliable credit risk measurements, as
well as rigorous management oversight and controls, including
continuous monitoring and validation, are crucial to the prudent
application of the IRB framework.
8. This guidance, which is written for supervisors and bankers,
describes the important elements and characteristics of a bank's
advanced systems for credit risk. Toward this end, this guidance
designates certain of those elements as supervisory standards denoted
by the prefix ``S.'' These supervisory standards generally implement or
clarify the requirements in the NPR and, whenever possible, are
principle-based to provide banks with flexibility in implementing the
framework. However, when prudential concerns or the need for
standardization outweigh the benefits of flexibility, the supervisory
standards are specified in greater detail. Furthermore, nothing in this
guidance should be interpreted as weakening, modifying, or superseding
the safety and soundness principles articulated in the Agencies''
existing statutes, regulations, or guidance. The standards are
contained within each chapter with a full compilation of the standards
provided in Attachment B.
9. Supervisors will consider this guidance in evaluating banks'
advanced systems for credit risk. This guidance assumes that readers
are familiar with the proposed framework for calculating risk-based
capital requirements for credit risk articulated in the NPR.
10. The conceptual framework outlined in this guidance is not
intended to dictate the precise manner by which banks should meet the
qualification and other requirements in the NPR. Supervisors will
determine compliance with the qualification requirements by evaluating,
on an individual bank basis, the extent to which banks meet the
substance and spirit of those requirements as they relate to each of
the components of a bank's advanced systems for credit risk. However,
evaluating each qualification requirement individually is not
sufficient to determine a bank's overall compliance. The components of
a bank's advanced systems for credit risk should complement and
reinforce one another to ensure the accuracy of risk measurements. As
part of the supervisory review of a bank's advanced systems,
supervisors will analyze the extent to which a bank's advanced systems
incorporate the substance and spirit of the standards outlined in this
guidance.
11. The structure of this guidance generally follows the key
components of the advanced systems for credit risk. Chapter 1 provides
guidance on governance of a bank's overall advanced systems. Chapters 2
through 7 cover the components of a bank's IRB systems for wholesale
and retail exposures. Chapter 8 provides guidance on stress testing.
Chapters 9 through 11 provide guidance on the other systems a bank may
need to differentiate risk for certain transactions subject to
counterparty credit risk, equity exposures, and securitization
exposures and supplements the detailed discussion of these exposure
types in the NPR. The data standards and control framework provided in
Chapters 6 and 7, respectively, of this guidance generally apply to
these other systems as well.
12. To aid the reader, the applicable NPR qualification
requirements are listed at the front of each chapter, as well as listed
together in Attachment A. Also, certain NPR requirements, such as
definitions, are either repeated in this guidance or paraphrased to
provide context. However, readers must look to the NPR for the exact
proposed rule requirements.
13. What follows is a brief description of each chapter:

Chapter 1: Advanced Systems for Credit Risk

The chapter provides a discussion of the governance and system and
process requirements for a bank's advanced systems for credit risk. It
also outlines the key components of a bank's advanced systems for
credit risk.

Chapter 2: Wholesale Risk Rating Systems

A key component of an IRB system for wholesale exposures is the
risk rating system. This chapter describes the design and operation of
wholesale risk rating systems. Banks should use the principles outlined
in this chapter when designing and operating wholesale risk rating
systems.

Chapter 3: Retail Segmentation Systems

A key component of an IRB system for retail credit exposures is the
segmentation system, which groups retail exposures into segments
according to risk characteristics. This segmentation is the retail
portfolio analogue of assigning ratings to exposures in wholesale
portfolios. This chapter describes the design and operation of an IRB
segmentation system. The retail framework provides banks with
substantial flexibility to use the retail segmentation that is most
appropriate for their activities.

Chapter 4: Quantification

Another key component of an IRB system is a quantification process
that assigns numerical values to the key risk parameters that are used
as inputs to the IRB risk-based capital formulas. This chapter provides
guidance on the quantification process for wholesale and retail
exposures. These risk parameters are probability of default (``PD''),
expected loss given default (``ELGD''), loss given default (``LGD''),
and exposure at default (``EAD''), and for wholesale exposures only,
the effective remaining maturity (``M''). The quantification of these
risk parameters should be the result of a disciplined process as
described in this chapter. The chapter also includes specific examples
for both wholesale rating systems and retail segmentation systems in
the two appendices.

Chapter 5: Wholesale Credit Risk Protection

This chapter supplements the detailed discussion of credit risk
mitigation in

[[Page 9091]]

the NPR by providing guidance on how banks may recognize contractual
arrangements for exposure-level credit protection (eligible guarantees
and eligible credit derivatives) that transfer risk to one or more
third parties. Each of these forms of credit protection must meet
certain specific standards of eligibility, as articulated in the NPR,
for recognition of the associated risk mitigation.

Chapter 6: Data Management and Maintenance

A bank must have advanced data management and maintenance systems
that support credible and reliable risk parameter estimates. This
chapter describes how a bank should collect, maintain, and manage the
data needed to support the other IRB system components for wholesale
and retail exposures (e.g., risk rating and segmentation systems, the
quantification process, and validation and other control processes), as
well as the bank's broader risk management and reporting needs.

Chapter 7: Controls and Validation

A bank must have a system of controls that ensures that the
components of the IRB system are functioning effectively. This chapter
provides guidance on the important elements of an effective control
environment, including independent review processes, a comprehensive
validation process (evaluation of developmental evidence, ongoing
monitoring, and outcomes analysis), and an internal audit review and
reporting process.

Chapter 8: Stress Testing of Risk-Based Capital Requirements

Banks must conduct stress testing analysis of their advanced
systems for credit risk as part of the risk-based capital management
process. Stress testing analysis is a means of understanding how
economic downturns, as described by stress scenarios, cause migration
across ratings or segments and the concomitant change in required risk-
based capital. This chapter discusses considerations for conducting
stress testing analyses.

Chapter 9: Counterparty Credit Risk Exposure

For certain transactions subject to counterparty credit risk, banks
may be allowed to recognize the risk mitigating effect of financial
collateral through an adjustment to EAD. This chapter supplements the
detailed discussion of counterparty credit risk in the NPR by
describing some of the elements of counterparty credit risk mitigation,
providing information to aid banks in choosing among the alternative
methods to calculate EAD for these transactions, and providing some
descriptions and illustrative examples of acceptable modeling practices
for the estimation of EAD under the alternative methods.

Chapter 10: Risk-Weighted Assets for Equity Exposures

This chapter supplements the detailed discussion of equity
exposures provided in the NPR. It provides guidance on determining
risk-based capital requirements for equity exposures held in the
banking book for banks subject to the Market Risk Rule and for all
equity exposures for banks not subject to the Market Risk Rule.

Chapter 11: Securitization Exposures

A securitization exposure is any exposure whose credit risk
reflects the tranching of risk of one or more underlying exposures.
This chapter describes the concepts, eligibility, and mechanics
associated with applying the three approaches for calculating risk-
based capital requirements for securitization exposures.

Chapter 1: Advanced Systems for Credit Risk

Rule Requirements

Part III, Section 22(a)(2): The systems and processes used by a
bank for risk-based capital purposes [in the NPR] must be consistent
with the bank's internal risk management processes and management
information reporting systems.
Part III, Section 22(a)(3): Each bank must have an appropriate
infrastructure with risk measurement and management processes that meet
the qualification requirements [in the NPR] and are appropriate given
the bank's size and level of complexity. Regardless of whether the
systems and models that generate the risk parameters necessary for
calculating a bank's risk-based capital requirements are located at any
affiliate of the bank, the bank itself must ensure that the risk
parameters and reference data used to determine its risk-based capital
requirements are representative of its own credit risk and operational
risk exposures.
Part III, Section 22(j)(1): The bank's senior management must
ensure that all components of the bank's advanced systems function
effectively and comply with the qualification requirements [in the
NPR].
Part III, Section 22(j)(2): The bank's board of directors (or a
designated committee of the board) must at least annually evaluate the
effectiveness of, and approve, the bank's advanced systems.
Part III, Section 22(k): Documentation. The bank must adequately
document all material aspects of its advanced systems.

I. Overview

1. This chapter provides a discussion of the governance and system
and process requirements for a bank's advanced systems for credit risk.
Board of directors and senior management oversight is critical to
ensure that the design and function of the advanced systems are
appropriate. Regardless of the specifics of a bank's advanced systems
for credit risk, a bank should have a rigorous credit risk management
infrastructure that complements these systems.
2. A bank subject to the framework for credit risk in the NPR is
required to have an internal ratings-based system (``IRB system'') for
determining risk-based capital requirements for its wholesale and
retail exposures.
S 1-1 An IRB system must have five interdependent components that
enable an accurate measurement of credit risk and risk-based capital
requirements.
3. The components of an IRB system are:
A risk rating and segmentation system that differentiates
risk by assigning ratings to individual wholesale obligors and
exposures and individual retail exposures to segments;
A quantification process that translates the risk
characteristics of wholesale obligors and exposures and segments of
retail exposures into numerical risk parameters that are used as inputs
to the IRB risk-based capital formulas. These risk parameters are
probability of default (``PD''), expected loss given default
(``ELGD''), loss given default (``LGD''), and exposure at default
(``EAD''), and for certain wholesale exposures only, the effective
remaining maturity (``M'');
A data management and maintenance system that supports the
IRB system;
Oversight and control mechanisms that ensure the IRB
system is functioning effectively and producing accurate results; and
An ongoing process that validates the accuracy of the risk
rating assignments, segmentations, and the risk parameters.
4. If applicable, a bank will also need systems to differentiate
risk for other credit exposure types, such as for equity and
securitization exposures, as well as to recognize the benefits of
financial collateral in mitigating counterparty credit risk in certain
transactions or to

[[Page 9092]]

use double default treatment for certain wholesale exposures.
5. In aggregation, the IRB system and other systems for
differentiating credit risk are defined in the NPR and in this guidance
as a bank's ``advanced systems'' for credit risk. Chapters 2 through 7
of this guidance provide supplemental guidance on IRB systems for
wholesale and retail exposures. Chapter 8 provides banks with guidance
on conducting stress testing analyses of their advanced systems for
credit risk. Chapters 9 through 11 cover additional systems a bank may
need to have for other credit exposure types.

II. Governance of Advanced Systems

S 1-2 Senior management must ensure that all of the components of
the bank's advanced systems for credit risk function effectively and
comply with the qualification requirements in the NPR.
6. Senior management should provide ongoing, active oversight of
the advanced systems outlined in this supervisory guidance, and
articulate the expectations for the technical and operational
performance of the advanced systems, including the control framework.
To provide effective oversight of the advanced systems, senior
management should have extensive knowledge of the advanced systems'
policies, underwriting standards, lending practices, account management
activities, and collection and recovery practices. Senior management
should understand how these factors affect all of the components of the
advanced systems.
7. The scope and depth of risk management reports should be
sufficient for senior management to monitor the performance of the
components of the advanced systems. Detailed reports should include,
but are not limited to, the following topics:
Risk profile by rating for wholesale exposures and by
segment for retail exposures;
Migration across ratings and segments with emphasis on
unexpected results;
Updates to the quantification performance results;
Validation results;
Comparative analysis of risk-based and internal capital
assessments; and
Control process assessments.
S 1-3 The board of directors or its designated committee must at
least annually evaluate the effectiveness of, and approve, the bank's
advanced systems.
8. The board of directors or its designated committee should at
least annually ensure that management has appropriate processes and
controls in place that support effective advanced systems for credit
risk. The board should be provided with information that will enable it
to conclude, with reasonable assurance, that management has appropriate
processes and controls in place that support effective advanced systems
for credit risk. To allow for ongoing monitoring, the board should be
provided with reports summarizing the design and performance of the
advanced systems. The board's strategic direction and oversight is
essential to effective advanced systems.
S 1-4 Each bank (including each depository institution) must ensure
that the risk parameters and reference data used to determine its risk-
based capital requirements are representative of its own credit risk.
9. Each bank must have an appropriate infrastructure with risk
measurement and management processes that meet the qualification
requirements in the NPR. Each bank's advanced systems for credit risk
should also incorporate the supervisory standards in this guidance.
This infrastructure must be appropriate given the bank's size and level
of complexity. Regardless of whether the systems and models that
generate the risk parameters necessary for calculating a bank's risk-
based capital requirements are located at any affiliate of the bank,
the bank must ensure that the risk parameters and reference data used
to determine its risk-based capital requirements are representative of
the bank's credit risk profile.
10. While some organizations may conduct rating, segmentation,
quantification, and validation activities on a consolidated basis, each
bank subject to the capital requirements for advanced systems must
determine its risk-based capital requirements for credit risk on a
stand-alone basis and hold its own separate risk-based capital in
proportion to the risk exposure of its portfolios. Specifically, the
PD, ELGD, LGD, and EAD estimates used to determine risk-based capital
levels must be applied to exposures at the exposure or segment level,
and risk-based capital requirements for each relevant bank should be
based on the proportionate share of each exposure or segment owned by
such bank.
11. The board of directors should ensure that senior management at
each bank confirm, through periodic evaluations, that risk parameters
assigned to its credit exposures are appropriate on a stand-alone
basis, and that the control and validation standards in Chapter 7 of
this guidance are met.
S 1-5 Banks should establish specific accountability for the
overall performance of their advanced systems for credit risk.
12. An individual or group of individuals should be responsible for
the design and operation of the overall advanced systems. This
accountability includes oversight for all of the components of the
advanced systems for credit risk, regardless of which organizational
units perform those processes. Authority and key responsibilities
should be thoroughly documented and responsible individuals should be
held accountable for the performance of the advanced systems.
S 1-6 A bank's advanced systems should be transparent.
13. Banks must adequately document all material aspects of their
advanced systems. Adequate documentation will ensure transparency of a
bank's advanced systems. A bank demonstrates the transparency of its
advanced systems by comprehensively documenting all the systems''
components. Transparency through documentation is important so that
third parties, such as a bank's supervisors and auditors, are able to
understand, evaluate, and assess the effectiveness of the bank's
advanced systems.
14. Documentation should encompass, but is not limited to, the
internal risk rating and segmentation systems, risk parameter
quantification processes, data collection and maintenance processes,
and model design, assumptions, and validation results. The guiding
principle governing documentation is that it should support the
requirements for the quantification, validation, and control and
oversight mechanisms as well as the bank's broader credit risk
management and reporting needs. Documentation is critical to the
supervisory oversight process.

Chapter 2: Wholesale Risk Rating Systems

Rule Requirements

[[Page 9093]]

rating system must have at least seven discrete rating grades for non-
defaulted obligors and at least one rating grade for defaulted
obligors. Unless the bank has chosen to directly assign ELGD and LGD
estimates to each wholesale exposure, the bank must have an internal
risk rating system that accurately and reliably assigns each wholesale
exposure to loss severity rating grades (reflecting the bank's estimate
of the ELGD and LGD of the exposure). A bank employing loss severity
rating grades must have a sufficiently granular loss severity grading
system to avoid grouping together exposures with widely ranging ELGDs
or LGDs.
Part III, Section 22(b)(4): The bank's internal risk rating policy
for wholesale exposures must describe the bank's rating philosophy
(that is, must describe how wholesale obligor rating assignments are
affected by the bank's choice of the range of economic, business, and
industry conditions that are considered in the obligor rating process).
Part III, Section 22(b)(5): The bank's internal risk rating system
for wholesale exposures must provide for the review and update (as
appropriate) of each obligor rating and (if applicable) each loss
severity rating whenever the bank receives new material information,
but no less frequently than annually.

I. Overview

1. This chapter describes the design and operation of IRB risk
rating systems for wholesale exposures. Banks will have latitude in
designing and operating wholesale risk rating systems, subject to four
broad principles:
Two-dimensional risk rating system--Banks must be able to make
meaningful and consistent differentiations among credit exposures along
two dimensions--obligor default risk and loss severity in the event of
a default.
Rank order risks--Banks must rank obligors by their likelihood of
default, and wholesale exposures (e.g., loans, facilities) by the loss
severity expected in the event of default.
Quantification--The risk rating system must be designed to
facilitate quantification of obligor ratings in terms of PD and loss
severity in terms of ELGD and LGD.
Accuracy--The risk rating system must be designed to ensure that
ratings are accurate, so that obligors within a rating grade have
similar default risk and wholesale exposures within a loss severity
rating grade have similar risk of loss in the event of default.

II. Credit Rating Assignment Techniques

2. In general, a credit rating is a summary indicator of the
relative risk of a credit exposure. Credit ratings can take many forms.
Regardless of the form, meaningful credit ratings share two
characteristics:
They group exposures to discriminate among possible
outcomes.
They rank the perceived level of credit risk.
3. Banks have used credit ratings of various types for a variety of
purposes. Some ratings are intended to rank obligors by risk of default
and some are intended to rank wholesale exposures by expected loss,
which incorporates risk of default and loss severity. Only risk rating
systems that distinguish probability of default from loss given default
meet the two-dimensional requirements for the IRB framework.
4. Banks use different techniques, such as expert judgment and
models, to assign credit risk ratings. How ratings are assigned is
important because different techniques will require different
validation processes and control mechanisms to ensure the integrity of
the rating system. Validation and controls are discussed in Chapter 7
of this guidance. Some rating assignment techniques are described
below; any of these techniques--expert judgment, models, constrained
judgment, or a combination thereof--could be acceptable in an IRB
system, provided the bank meets the qualification requirements in the
NPR and the substance and spirit of the standards outlined in this
guidance.

A. Expert Judgment

5. Historically, banks have used expert judgment to assign ratings
to wholesale exposures. With this technique, an individual weighs
relevant information and reaches a conclusion about the appropriate
risk rating. The rater makes informed judgments based on knowledge
gained through experience and training.
6. The key feature of expert-judgment systems is flexibility. The
prevalence of judgmental rating systems reflects the view that the
determinants of default are too complicated to be captured by a single
quantitative model. The quality of management is often cited as an
example of a risk determinant that is difficult to assess using a
quantitative model. In order to foster internal consistency, banks
employing expert judgment rating systems should provide narrative
guidelines that set out specific quantitative and qualitative rating
criteria for each rating grade. However, the expert should decide how
much weight to give to each of these criteria in assigning a risk
rating grade to an obligor.
7. The flexibility possible in the assignment of judgmental ratings
has implications for how the accuracy of the ratings is reviewed. One
goal of the ratings review validation process is to confirm that raters
followed policy. However, two individuals exercising judgment can use
the same information to support different ratings. Thus, individuals
reviewing an expert judgment rating system should have sufficient
credit expertise and a thorough knowledge of how the bank's rating
methodology and policies should be applied.

B. Models

8. In recent years, models have been developed to assign ratings to
wholesale exposures. In a model-based approach, inputs are numeric and
provide quantitative and qualitative information about an obligor. The
inputs are combined using mathematical equations to produce a number
that is translated into a categorical rating. An important feature of
models is that the rating is perfectly replicable by another party,
given the same inputs.
9. Models to assign wholesale ratings typically are statistically
derived or based on expert-judgment techniques.
10. Some models are the result of statistical optimization, in
which well-defined mathematical criteria are used to choose the model
that has the closest fit to the observed data. Numerous techniques can
be used to build statistical models; regression is one widely
recognized example. Such models are often referred to as scoring models
or scorecards, because they produce a single number, or ``score,'' as
an output that may be related, for example, to the estimated
probability of default of each individual obligor in a portfolio.
Regardless of the specific statistical technique used, a knowledgeable
independent reviewer should exercise judgment in evaluating the
reasonableness of a model's development, including its underlying
logic, and the methods used to handle the data.
11. In other cases, banks have built rating models by asking their
experts to decide what weights to assign to critical variables in the
models. Drawing on their experience, the experts first identify the
observable variables that affect the likelihood of default. They then
reach agreement on the weights to be assigned to each of the variables.
Unlike statistical optimization, the experts are not necessarily using
clear,

[[Page 9094]]

consistent criteria to select the weights attached to the variables.
Indeed, expert-judgment model building is often a practical choice when
there is not enough data to support a statistical model building.
Despite its dependence on expert judgment, this method can be called
model-based as long as the resulting equation, most likely with linear
weights, is used to rate the credits. Once the equation is set, the
model can be replicated, a feature shared with statistically derived
models. However, while some banks refer to these types of expert-
derived models as ``scorecards,'' they are not scoring models in the
conventional use of the term. The term scoring model or scorecard is
customarily reserved for a rating model derived using strictly
statistical techniques, as described in the preceding paragraph.
Generally, independent credit experts use judgment to evaluate the
reasonableness of the development of these expert-derived models.

C. Constrained Judgment

12. The alternatives described above present the extremes; in
practice, banks use risk rating systems that combine models with
judgment. Two approaches are common.
Judgmental systems with quantitative guidelines or model results as
inputs. Individuals exercise judgment about risks subject to policy
guidelines containing quantitative criteria such as minimum values for
particular financial ratios. Banks develop quantitative criteria to
guide individuals in assigning ratings, but the criteria may need to be
augmented with additional information.
One version of this constrained judgment approach features a model
output as one among several criteria that an individual may consider
when assigning ratings. The individual assigning the rating is
responsible for prioritizing the criteria, reconciling conflicts
between criteria, and, if warranted, overriding some criteria. Even if
individuals incorporate model results as one of the factors in their
ratings, they will exercise judgment in deciding what weight to attach
to the model result. The appeal of this approach is that the model
combines many pieces of information into a single output, which
simplifies analysis, while the rater retains flexibility regarding the
use of the model output.
Model-based ratings with judgmental overrides. When banks use
rating models, individuals are permitted to override the results under
certain conditions and within tolerance levels for frequency. Credit-
rating systems in which individuals can override models raise many of
the same issues presented separately by pure judgment and model-based
systems. If overrides are rare, the system can be evaluated largely as
if it is a model-based system. If, however, overrides are prevalent,
the system will be evaluated more like a judgmental system.

D. Rating Overrides

13. Regardless of the rating assignment technique in use, banks
should define, within their IRB rating system documentation, what
constitutes a ratings override. A judgmental override occurs when
judgment is used to reject a rating suggested by an objective rating
process, such as a model or scorecard. A policy override occurs
whenever a rating is assigned in a manner that deviates from the bank's
approved rating policy and procedures. Overrides should be specifically
identified, monitored, and analyzed to evaluate their impact on the
bank's IRB rating system.

III. Definition of Default

S 2-1 Banks must identify obligor defaults in accordance with the
IRB definition of default.
14. The consistent identification of defaults is fundamental to any
IRB risk rating system. For IRB purposes, a bank's wholesale obligor is
in default if, for any wholesale exposure of the bank to the obligor,
the bank has:
Placed the exposure on non-accrual status consistent with
the Call Report Instructions or the Thrift Financial Report (``TFR'')
and the TFR Instruction Manual;
Taken a full or partial charge-off or write-down on the
exposure due to the distressed financial condition of the obligor; or
Incurred a credit-related loss of 5 percent or more of the
exposure's initial carrying value in connection with the sale of the
exposure or the transfer of the exposure to the held-for-sale,
available-for-sale, trading account, or other reporting category.
15. Partial charge-offs or write-downs for reasons not related to
the distressed financial condition of the obligor do not trigger the
default definition. For example, taking a write-down or charge-off to
reflect forgiveness of a minor fee for relationship purposes unrelated
to financial distress does not trigger the default definition.
16. An obligor in default remains in default until the bank has
reasonable assurance of repayment and performance for all contractual
principal and interest payments on all exposures of the bank to the
obligor (other than exposures that have been fully written-down or
charged-off).

IV. Independence of the Wholesale Risk Rating Process

S 2-2 Banks should demonstrate that their wholesale risk rating
processes are sufficiently independent to produce objective ratings.
17. Independence in the rating process helps to ensure the
integrity of ratings. Banks can promote more independence by
implementing a variety of controls and reporting structures. For
example, a bank could structure its organizational reporting lines so
that the credit approval and the rating assignment decisions are
separate from each other. Banks that separate the credit approval
process from the rating assignment/review functions are often better
able to manage the conflicts that arise between loan volume and credit
quality goals. Banks should be aware of the full range of potential
conflicts and should develop effective controls to mitigate any
conflicts that might arise.
18. However, banks that choose to maintain less separation in
organizational reporting lines between credit approval and rating
assignment should strengthen controls and consider conducting a post-
closing review process. A post-closing review provides an independent
review of a rating that has been assigned by those who are not fully
independent of the approval process. Any post-closing review, which
serves to ensure that the initial rating is appropriate, should be
conducted shortly after a credit is originated. The less independent
the rating process is, the more rigorous the post-closing review should
be.
19. Whether ratings integrity is achieved by creating structural
independence in reporting lines or through a combination of other
control processes, a bank should demonstrate that its rating processes
ensure integrity in ratings throughout the economic cycle.

V. IRB Risk Rating System Architecture

A. Two-Dimensional Risk-Rating System

S 2-3 IRB risk rating systems must have two dimensions obligor
default and loss severity corresponding to PD (obligor default), and
ELGD and LGD (loss severity).
20. Regardless of the type of rating system(s) used by a bank, the
IRB framework imposes some specific requirements. The first requirement
is that an IRB risk rating system must be two-dimensional. Banks will
assign obligor ratings, which will be associated with a PD. They will
also assign either

[[Page 9095]]

a loss severity rating(s), which will be associated with ELGD and LGD
estimates, or ELGD and LGD estimates directly to each wholesale
exposure.
21. The process of assigning the obligor rating and either loss
severity ratings or ELGD/LGD values--hereafter referred to as the
rating system--is discussed below, and the process of quantifying the
PD, ELGD and LGD risk parameters is discussed in Chapter 4.
Obligor Ratings
S 2-4 Banks must assign discrete obligor rating grades.
22. While banks may use models to estimate probabilities of default
for individual obligors, the IRB framework requires banks to group the
obligors into discrete rating grades. Each obligor rating grade, in
turn, must be associated with a single PD.
S 2-5 The obligor rating system must rank obligors by likelihood of
default.
23. For example, if a bank uses a rating system based on a 10-point
scale, with 1 representing obligors of highest financial strength and
10 representing defaulted obligors, rating grades 2 through 9 should
represent groups of ever-increasing risk. In a rating system in which
risk increases with the rating grade, an obligor with a rating grade 4
is riskier than an obligor with a rating grade 2, but need not be twice
as risky.
S 2-6 Banks must assign an obligor to only one rating grade.
24. As noted above, the IRB framework requires that the obligor
rating be distinct from the loss severity rating, which is assigned to
the wholesale exposure. The obligor rating should focus on the
obligor's ability and willingness to service any obligation and to
follow through on any commitments it has with the bank to avoid
default. For example, in a 1-to-10 rating system, where risk increases
with the number rating grade, an otherwise defaulted obligor with a
fully cash-secured transaction should be rated 10--defaulted--
regardless of the remote expectation of loss on a specific exposure.
Conversely, a nondefaulted obligor whose financial condition warrants
the highest investment grade rating should be rated 1, even if the
bank's transactions are subordinate to other creditors and unsecured.
Since the obligor rating is assigned to the obligor and not to its
individual exposures, the bank must ensure that all the exposures to
the same obligor bear the obligor's rating grade.
25. At the bottom of any IRB rating scale is at least one default
rating grade. Once an obligor is in default on any exposure to the
subject bank, the obligor rating grade associated with all of its
exposures to that bank will be the default rating grade--even for those
exposures of the obligor that have not triggered any element of the
definition of default.
Ratings Philosophy and Expected Ratings Migration
S 2-7 A bank's rating policy must describe its ratings philosophy
and how quickly obligors are expected to migrate from one rating grade
to another in response to economic cycles.
S 2-8 In assigning an obligor to a rating grade, a bank should
assess the risk of obligor default over a period of at least one year
taking into account the possibility of adverse economic conditions.
26. The term rating philosophy is used to describe how obligor
rating assignments are affected by a bank's choice of the range of
economic, business, and industry conditions that are considered in the
rating process. It establishes the bank's philosophy on the manner in
which it rates credits and the scenarios under which ratings would be
expected to change. In assigning an obligor rating grade, banks must
consider both the current risk characteristics of the obligor and the
impact that adverse economic, business, and industry conditions could
have on the obligor's ability to repay; however, nothing in this
guidance requires any specific rating philosophy be employed.
27. Rating grades should group obligors that are expected to share
similar default frequencies. The rating assignment for an obligor may
be based upon a combination of obligor-specific (idiosyncratic) risk
characteristics and the general economic, business, and industry
(systematic) risk characteristics or conditions that obligors in the
rating may experience.
28. The time horizon used for the assignment of obligors to rating
grades should be one year or longer. The obligor rating should reflect
the obligor's ability as evidenced by its financial capacity, as well
as its willingness to service any obligation and to follow through on
any commitments it has with the bank to avoid default. The time horizon
chosen for the rating assignment process should be appropriate to the
business line or geography for which the respective obligor rating
system will be used.
29. That general description, however, still leaves open different
possible implementations, depending upon what range of future
systematic risk conditions the bank considers when making a rating
assignment and the weight given to those conditions. In practice, it
appears that most banks have adopted a rating philosophy where an
obligor's rating would have some sensitivity to changes in economic
conditions. Regardless of the approach taken, banks should document
their choice of economic, business, and industry conditions considered
in each risk rating system and the expected frequency of rating changes
over economic cycles. Such differences have important implications for
validation and other aspects of the operation of rating systems, and
therefore should be clearly articulated and well understood. A bank
should also understand the effects of ratings migration on its risk-
based capital requirements and ensure that sufficient capital is
maintained during all phases of the economic cycle.
30. A bank's ratings philosophy can be empirically demonstrated
through an analysis of how its obligors migrate across rating grades as
economic and industry conditions change. While individual obligor
ratings may change due to changes in obligor-specific risk
characteristics, the average migration observed through time is likely
to reveal how sensitive rating assignments are to systematic risk
changes. Rating systems in which obligor ratings are more closely
linked at a given point in time to particular economic conditions are
more likely to be associated with higher overall average rates of
rating migration than are other systems. Ratings that respond primarily
to obligor-specific (idiosyncratic) changes may be less sensitive to
changes in economic and industry conditions, and be more stable
throughout the economic cycle.
Obligor-Rating Granularity
S 2-9 Banks must have at least seven discrete obligor rating grades
for non-defaulted obligors and at least one rating grade for defaulted
obligors.
31. A risk rating system's grades should be sufficiently numerous
to ensure that management can meaningfully differentiate risk in the
portfolio, without being so numerous that they limit the system's
practical use. To determine the appropriate number of rating grades
beyond the minimum seven non-default rating grades, each bank should
perform its own internal analysis.
S 2-10 Banks should justify the number of obligor rating grades
used in its risk rating system and the distribution of obligors across
those grades.
32. Some portfolios may have a majority of obligors assigned to
only a few of the available rating grades. The mere existence of a
concentration of exposures in a rating grade (or rating

[[Page 9096]]

grades) does not, by itself, reflect weakness in a rating system. For
example, banks focused on a particular type of lending, such as asset-
based lending, may lend to obligors having similar default risk. Banks
with focused lending activities may use the minimum number of obligor
rating grades, while banks with a broad range of lending activities
should have more rating grades. However, banks with a high
concentration of obligors in a particular rating grade should perform a
thorough analysis that supports such a concentration.
33. A concentration of obligors in a rating grade is inappropriate
when the financial strength of those obligors varies considerably. If
such is the case, the following questions should be answered:
Are the criteria for each rating grade clear? Are rating
criteria too vague to allow raters to make clear distinctions?
Ambiguity may be an issue throughout the rating scale or it may be
limited to the most commonly used ratings.
How diverse are the obligors? Is the bank targeting a
narrow segment of obligors with homogeneous risk characteristics?
Are the bank's internal rating categories considerably
broader than those of other lenders?
Recognition of Implied Support
S 2-11 Banks may recognize implied support as a rating criterion
subject to specific supervisory considerations; however, banks should
not rely upon the possibility of U.S. government financial assistance,
except for the financial assistance that the U.S. government has
legally committed to provide.
34. Implied support is support from a third party that is less than
a legally enforceable guarantee. Banks that use implied support as a
ratings criterion typically rely on a wide range of policies and
procedures for its use. As the impact of implied support arrangements
has typically been difficult to quantify, the circumstances under which
banks use such arrangements as a ratings criterion should be limited.
35. Supervisors will assess the appropriateness of a bank's usage
of implied support as a ratings criterion. A bank should recognize
implied support only if the following are true:
The support is from a parent corporation or sovereign;
however, banks should not rely upon the possibility of U.S. government
financial assistance, except for the financial assistance that the U.S.
government has legally committed to provide;
The implied support provider is rated investment grade by
an NRSRO;
The implied support is a factor only in assigning an
obligor rating, not a loss severity rating;
The final rating assigned to the obligor reflects greater
credit risk than the rating assigned to the implied support provider
(the parent corporation or sovereign);
The bank has considered the magnitude of the rating
benefit accorded from the recognition of implied support and the bank
has performed and documented comprehensive due diligence to assess the
parent corporation or sovereign's willingness and capacity to support
the obligor. To assess the willingness to support the obligor, a bank
may consider prior situations where the support provider has supported
the obligor or other obligors under similar circumstances, extended
credit to the obligor at beneficial rates, or made large scale
investments of cash or resources in the obligor. To assess capacity, a
bank should conduct a thorough analysis of the financial position of
the support provider and its ability to provide support including
during periods of financial stress;
There is broad market recognition of the implied support.
This can be evidenced through a number of market indicators including
situations where the external ratings of the parent corporation and
subsidiary are closely linked or the ratings of the parent or sovereign
reflect an expectation of support. It could also include evidence
derived from traded credit spreads of the parent and subsidiary;
For a bank whose rating system design incorporates
external ratings as a tool in assigning an internal rating, the
internal rating does not additionally incorporate implied support when
there is evidence that the external rating has already benefited from
the assumption of support;
The bank has established a stand-alone rating for the
obligor and continues to monitor the stand-alone rating throughout the
term of the exposure;
The bank's internal tracking processes monitor the dollar
volume of credit exposures where implied support is a material
consideration in the rating assignment; and
The provision of significant implied support to a
subsidiary or subsidiaries is incorporated into the parent
corporation's obligor rating.
Loss Severity Ratings
S 2-12 Banks must have a loss severity rating system that is able
to assign loss severity estimates (ELGD and LGD) to each wholesale
exposure.
36. The term loss severity rating system refers to the method by
which a bank assigns loss severity estimates to wholesale exposures.
This assignment can be accomplished through a loss severity rating
process or via direct assignment to each wholesale exposure. A
wholesale exposure's ELGD and LGD estimates are expressed as a
percentage of the estimated EAD of the exposure. Both the ELGD and the
LGD are required inputs into the IRB risk-based capital formulas.
S 2-13 Banks should have empirical support for their loss severity
rating system and the rating system should be capable of supporting the
quantification of ELGD estimates (and LGD estimates if approved for
internal estimates).
37. ELGD and LGD analysis is in the early stages of development
compared to default risk modeling. Over time, banks' methodologies are
expected to evolve. Longstanding banking experience and existing
research on ELGD and LGD, while preliminary, suggests that type of
collateral (in terms of liquidity and marketability), collateral
values, seniority, industry position and whether an exposure is secured
or unsecured are the most commonly used predictors of loss severity.
38. Whether a bank assigns ELGD and LGD values directly or,
alternatively, rates wholesale exposures and then quantifies ELGD and
LGD for the rating grades, the bank should conscientiously identify
characteristics that influence ELGD and LGD. Each of the loss severity
rating categories should be associated with empirically supported ELGD
and LGD estimates. (Even though the grouped exposures have common
characteristics and a common expected ELGD and LGD, realized loss
severity for individual exposures may vary).
Loss Severity Rating/LGD Granularity
S 2-14 Banks must have a sufficiently granular loss severity rating
system to group exposures with similar estimated loss severities or a
process that assigns estimated ELGDs and LGDs to individual exposures.
39. While there is no stated minimum number of loss severity
ratings, the systems that provide ELGD and LGD estimates must be
granular enough to separate wholesale exposures with significantly
varying estimated LGDs. For example, a bank using a loss severity
rating-scale approach that has credit products with a variety of
collateral packages or financing structures should have more ELGD and

[[Page 9097]]

LGD rating grades than those banks with fewer options in their credit
products.
40. Like obligor rating grades, the mere existence of an exposure
concentration in an ELGD or LGD rating grade (or rating grades) does
not, by itself, signify a rating system's weakness. However, banks with
a high concentration within ELGD and LGD rating grades should perform a
thorough analysis that supports such a concentration.

B. Other Considerations

Rating Criteria
S 2-15 Rating criteria should be written, clear, consistently
applied, and include the specific qualitative and quantitative factors
used in assigning ratings.
41. Each obligor and loss severity rating (including ratings with
modifiers such as + or -) should be defined. The definitions should
describe all significant quantitative and qualitative ratings criteria
used to promote consistent application of risk ratings. The ratings
should be sufficiently transparent to allow replication by a third
party. This is particularly important in expert-judgment rating systems
where establishing the transparency of rating assignments is more
challenging. Without clearly defined rating criteria, expert-judgment
rating systems are not sufficiently transparent. A risk rating system
with vague criteria or one defined only by PDs, ELGDs, or LGDs is
neither replicable nor transparent. Transparent criteria promote
accurate and consistent ratings within and across business lines and
geographies, and permit the rating process to be refined over time.
Use of External Rating Tools
42. Banks may use results from external rating tools, such as
vendor default models or agency ratings, as inputs into their internal
rating processes for obligors and wholesale exposures. The validation
standards in this guidance apply to a bank's use of external rating
tools as well as internal ones. Therefore, banks should apply the same
level of rigor to their external tools as to their internal tools. In
addition, any external rating tool employed should be consistent with
the architecture of the bank's IRB rating systems. To verify this
consistency, a bank should analyze and understand:
The predictive ability of the external rating tool;
The factors and criteria used by the external rating tools
to assign ratings; and
The expected effect of using the external rating tool on
the migration of internal ratings.
43. Sole reliance on external rating tools is not appropriate.
Every rating tool has limitations, and banks should have a process to
ensure that accurate ratings are assigned despite such limitations. How
much additional analysis is required will depend on the exposure's
rating, relative size and complexity. Banks should maintain data on the
critical factors underpinning an external rating tool's obligor or loss
severity ratings (as the banks would for any rating assignment
process).
Timeliness of Ratings
S 2-16 Risk ratings must be updated whenever new material
information is received, but in no instance less than annually.
44. A bank should have a policy that ensures that obligor and loss
severity ratings reflect current information. That policy should also
specify minimum financial reporting and collateral valuation
requirements. When loss severity ratings or estimates depend on
collateral values or other factors that change periodically, that
policy should take into account the need to update these factors.
45. Banks' policies may include an alternative timetable for
updating ratings of exposures below a de minimis amount that the bank
determines has no material impact on risk-based capital levels. For
example, some banks use triggering events to prompt them to update
their ratings on de minimis exposures rather than adhering to a
specific timetable.
Multiple Ratings Systems
46. A bank's complexity and sophistication, as well as the size and
range of products offered, will affect the types and number of rating
systems employed. However, each risk rating system should conform to
the standards in this guidance, must be validated for accuracy and
consistency, and should be used consistently. Validation exercises
should produce evidence that the ratings have been applied
consistently.

Chapter 3: Retail Segmentation Systems

Rule Requirements

Part III, Section 22(b)(1): A bank must have an internal risk
rating and segmentation system that accurately and reliably
differentiates among degrees of credit risk for the bank's wholesale
and retail exposures.
Part III, Section 22(b)(3): For retail exposures, a bank must have
a system that groups exposures into segments with homogeneous risk
characteristics and assigns accurate and reliable PD, ELGD, and LGD
estimates for each segment on a consistent basis. The bank's system
must group retail exposures into the appropriate retail exposure
subcategory and must group the retail exposures in each retail exposure
subcategory into separate segments. The bank's system must identify all
defaulted retail exposures and group them in segments by subcategories
separate from non-defaulted retail exposures.
Part III, Section 22(b)(5): The bank's retail exposure segmentation
system must provide for the review and update (as appropriate) of
assignments of retail exposures to segments whenever the bank receives
new material information, but no less frequently than quarterly.

I. Overview

1. This chapter describes the design and operation of an IRB retail
segmentation system. An IRB retail segmentation system groups retail
exposures into segments with homogeneous risk characteristics within
each of the three retail exposure subcategories (residential mortgage
exposures, qualifying revolving exposures (QRE), other retail
exposures). Examples of segmentation techniques include the use of
obligor (such as income and past credit performance) and exposure (such
as product type and loan-to-value) characteristics; or grouping loans
by similar estimated default rates and estimated loss severities. The
segmentation system used for IRB will often differ from segmentation
used for other purposes, such as for marketing and scorecards. The
retail risk parameter estimates that determine risk-based capital
requirements are assigned at the segment level.
2. The retail IRB framework provides banks substantial flexibility
to use the retail segmentation that is most appropriate for their
activities, subject to the following broad principles:
Differentiation of risk--Segmentation should provide
meaningful differentiation of risk. Accordingly, in developing the
segmentation system, banks should select risk drivers that separate
risk distinctly and consistently over time.
Reliable risk characteristics--Segmentation uses borrower
risk characteristics and loan-related risk characteristics that
reliably differentiate a segment's risk from that of other segments and
that perform consistently over time.

[[Page 9098]]

Consistency--The risk drivers used to segment exposures
must be consistent with the predominant risk characteristics the bank
uses to measure and manage credit risk.
Accuracy--The segmentation process should generate
segments that separate exposures by realized performance. It should be
designed so that actual long-run outcomes closely approximate the
retail risk parameters estimated by the bank.
3. Defaulted retail exposures must be segmented separately from
non-defaulted exposures. In addition, retail segments should not cross
national jurisdictions unless the bank can demonstrate that the
exposures in the different jurisdictions have homogeneous risk
characteristics.

II. Definition of Default

S 3-1 Banks must use the IRB definition of default when identifying
defaulted retail exposures.
4. For retail exposures, banks must use the following definition of
default for its IRB system: A retail exposure of a bank is in default
if:
The exposure is 180 days past due, in the case of a
residential mortgage exposure or revolving exposure;
The exposure is 120 days past due, in the case of all
other retail exposures; or
The bank has taken a full or partial charge-off or write-
down of principal on the exposure for credit related reasons.
5. The exposure remains in default until the bank has reasonable
assurance of repayment and performance for all contractual principal
and interest payments on the exposure.
6. For retail exposures, the definition of default is applied to a
particular exposure rather than to the obligor. That is, default by an
obligor on one obligation would not require a bank to consider all
other obligations of the same obligor in default.

III. Retail Segmentation Architecture

A. Criteria for Retail Segmentation

S 3-2 Banks must first place exposures into one of the three retail
exposure subcategories (residential mortgage, QRE, and other retail).
Banks must then separate exposures into segments with homogeneous risk
characteristics.
S 3-3 A retail segmentation system must produce segments that
accurately and reliably differentiate risk and produce accurate and
reliable estimates of the risk parameters.
7. While banks have considerable flexibility in determining retail
segments, they should consider factors affecting the risk
characteristics of both borrowers and loans when determining
segmentation criteria. Statistical modeling, expert judgment, or some
combination of the two may determine the most relevant risk drivers.
8. Examples of acceptable approaches to segmentation include:
Segmenting exposures by common risk drivers that are
relevant and material in determining the loss characteristics of a
particular retail product. For example, a bank may segment mortgage
loans by LTV band, age from origination, geography, and/or origination
channel.
Segmenting exposures by common risk drivers that are
relevant and material in determining the loss characteristics of a
particular borrower population. For example, a bank may segment by
credit bureau score bands, behavior score bands, and/or delinquency
status. In the case of mortgage products, more borrower information may
be available and a bank could include the debt-to-income ratio, current
income, and/or years at present location.
Segmenting by grouping exposures with similar estimated
loss characteristics, such as expected average loss rates, expected
default rates, or expected loss severity rates. Some banks have
developed models that rank order default risk or generate an estimated
default rate, loss severity, and/or exposure at default for individual
exposures. A bank could use such estimates as criteria in their
segmentation system.
9. Each retail segment will have an estimated PD, ELGD, LGD, and
EAD. In some cases, it may be reasonable to use the same risk parameter
estimates for multiple segments. This may occur more frequently for
bank estimates of ELGD and LGD as banks may have less robust historical
data for estimating these IRB risk parameters. In such cases, the bank
should demonstrate that there are no material differences in ELGD or
LGD among those segments. Over time, supervisors expect banks to
develop more precise data and methodologies for determining ELGD and
LGD.
10. Data for certain retail loans are sometimes missing or
incomplete, such as data for purchased loans or loans originated with
policy exceptions. The overall segmentation system should adequately
capture the risk associated with these loans based on the data
available. In some cases, missing or incomplete data itself may be a
significant risk factor used for segmentation purposes.
11. A bank should substantiate the degree of granularity in its
segmentation system and the distribution of exposures across segments.
(Here, ``granularity'' is how finely the portfolio is segmented.)
12. Banks have flexibility in determining the granularity of their
segmentation system. Each bank should perform internal analysis to
determine how granular segments must be to group homogeneous exposures.
For example, a bank using credit score ranges to segment its portfolio
should provide the rationale for the ranges chosen.
13. A concentration of exposures in a segment (or segments) does
not, by itself, reflect a deficiency in the segmentation system. For
example, a bank may lend within a narrow risk range and, therefore,
have a smaller number of segments than a bank that lends across a wider
spectrum of risk. However, a bank with a high concentration of
exposures in a particular segment will be expected to show that the
bank's segmentation criteria are carefully delineated and well-
documented. The bank should be able to demonstrate that there is little
risk differentiation among the exposures within the segment, and that
the segmentation method produces reliable estimates for each of the
risk parameters. A bank should not artificially group exposures into
segments specifically to avoid the 10 percent LGD floor for mortgage
products. A bank should use consistent risk drivers to determine its
retail exposure segmentations and not artificially segment low LGD
loans with higher LGD loans to avoid the floor.
S 3-4 Banks should clearly define and document the criteria for
assigning an exposure to a particular retail segment.
14. Banks should choose risk drivers that accurately reflect an
exposure's risk. Risk drivers selected must be consistent with risk
measures used for credit risk management.
15. The method of segmentation will help determine the risk
parameters, as well as which techniques should be used for validation
and which control mechanisms will best ensure the integrity of the
segmentation system. Described below are some techniques for
determining whether the segmentation was done appropriately:
Statistical Models--Banks may incorporate results of
statistical underwriting models or scoring models directly into their
segmentation process. For example, a bank may use a custom or bureau
credit score as a segmenting criterion. In that case, the bank should
support the choice of the score, and should demonstrate that it has
adequate controls for the credit scoring system.

[[Page 9099]]

Inputs to Models--Banks may incorporate the variables from
a statistical model into their segmentation processes. For example, a
bank that uses a statistical model to predict losses for its mortgage
portfolio could select some or all of the major inputs to that model,
such as debt-to-income and LTV, as segmentation criteria. As part of
its validation and controls for the segmentation system, the bank
should provide an appropriate rationale and empirical evidence for its
choice of the particular set of risk drivers from the loss prediction
model.
Expert Judgment--Banks may combine expert judgment with
statistical analysis in determining segmentation criteria. However,
expert judgment must be well-documented and supported by empirical
evidence demonstrating that the chosen risk factors are reliable
predictors of risk.
16. A bank should be able to demonstrate a strong relationship
between IRB risk drivers and comparable measures used for credit risk
management. Specifically, a bank should demonstrate that the
segmentation system differentiates credit risk across the portfolio and
captures changes in the level and direction of credit risk using
measures that are similar to those used in credit risk management. For
example, even if a bank uses custom scores for underwriting or account
management, generic bureau scores may be used for IRB segmentation
purposes if the bank can demonstrate a relationship between these
measures.
17. Banks should have clear policies to define the criteria for
modifying the segmentation system. Changes in the segmentation system
should be documented and supported to ensure consistency and
historically comparable measurements.

B. Assignment of Exposures to Retail Segments

S 3-5 Banks should develop and document their policies to ensure
that risk-driver information is sufficiently accurate and timely to
track changes in underlying credit quality and that the updated
information is used to assign exposures to appropriate segments.
18. Under the IRB framework, a bank initially assigns retail
exposures to segments based on the risk-driver information available at
the time of origination or acquisition. The bank should then continue
to monitor the risk characteristics of the exposures and assign
exposures to appropriate segments based on refreshed information
gathered by the bank as part of its monitoring process.
19. In accordance with industry practices in retail credit risk
management, a bank should have a well-documented policy on monitoring
and updating information about exposure risk characteristics. The
policy should specify the risk characteristics to be updated and the
frequency of updates for each product type or sub-portfolio within its
retail portfolio. Updating of relevant information on these risk
drivers should be consistent with sound risk management.
S 3-6 The bank's retail exposure segmentation system must provide
for the review and update (as appropriate) of assignments of retail
exposures to segments whenever the bank receives new material
information, but no less frequently than quarterly.
20. Decisions regarding the frequency of obtaining refreshed
information should reflect the specific risk characteristics of
individual segments and/or the potential impact on risk-based capital
levels. The frequency of updates will generally vary for different risk
drivers and for different products. The underlying principle is that,
in every estimation period, retail exposures are assigned to segments
that accurately reflect their risk profile and produce accurate risk
parameters.
21. Banks should assess their approach to updating information and
migrating exposures when validating the segmentation process.

Chapter 4: Quantification

Rule Requirements

Part III, Section 22(c)(1): The bank must have a comprehensive risk
parameter quantification process that produces accurate, timely, and
reliable estimates of the risk parameters for the bank's wholesale and
retail exposures.
Part III, Section 22(c)(2): Data used to estimate the risk
parameters must be relevant to the bank's actual wholesale and retail
exposures, and of sufficient quality to support the determination of
risk-based capital requirements for the exposures.
Part III, Section 22(c)(3): The bank's risk parameter
quantification process must produce conservative risk parameter
estimates where the bank has limited relevant data, and any adjustments
that are part of the quantification process must not result in a
pattern of bias toward lower risk parameter estimates.
Part III, Section 22(c)(4): PD estimates for wholesale and retail
exposures must be based on at least 5 years of default data. ELGD and
LGD estimates for wholesale exposures must be based on at least 7 years
of loss severity data, and ELGD and LGD estimates for retail exposures
must be based on at least 5[aacute]years of loss severity data. EAD
estimates for wholesale exposures must be based on at least 7 years of
exposure amount data, and EAD estimates for retail exposures must be
based on at least 5 years of exposure amount data.
Part III, Section 22(c)(5): Default, loss severity, and exposure
amount data must include periods of economic downturn conditions, or
the bank must adjust its estimates of risk parameters to compensate for
the lack of data from periods of economic downturn conditions.
Part III, Section 22(c)(6): The bank's PD, ELGD, LGD, and EAD
estimates must be based on the definition of default [in the NPR].
Part III, Section 22(c)(7): The bank must review and update (as
appropriate) its risk parameters and its risk parameter quantification
process at least annually.
Part III, Section 22(c)(8): The bank must at least annually conduct
a comprehensive review and analysis of reference data to determine
relevance of reference data to bank exposures, quality of reference
data to support PD, ELGD, LGD, and EAD estimates, and consistency of
reference data to the definition of default contained [in the NPR].

I. Overview

1. Quantification is the process of assigning numerical values to
the key risk parameters that are used as inputs to the IRB risk-based
capital formulas. This chapter provides guidance on the quantification
process for wholesale and retail exposures. For both wholesale and
retail portfolios these risk parameters are the probability of default
(``PD''), expected loss given default (``ELGD''), loss given default
(``LGD''), and exposure at default (``EAD''). Wholesale exposures also
require determination of the exposure's maturity (``M''). Risk
parameters are assigned to each exposure for wholesale portfolios and
to each segment for retail portfolios. Specific quantification issues
related to counterparty credit risk transactions, equity exposures, and
securitization exposures are described in Chapters 9, 10, and 11,
respectively.
2. In any discussions of the IRB system, the risk rating or
segmentation system design and the quantification process should be
considered together. This chapter focuses on quantification given an
existing risk rating or segmentation system design, as covered in
Chapters 2 and 3, respectively.
3. Section I establishes an organizing framework for considering

[[Page 9100]]

quantification and develops general standards that apply to the entire
process. Sections II, III, and IV cover specific supervisory standards
that apply to PD, ELGD and LGD, and EAD respectively. The maturity risk
parameter receives somewhat different treatment in section V, since it
is much less dependent on statistical estimates from historical data.
Special cases and applications for quantification are covered in
section VI.

A. Stages of the Quantification Process

4. For each risk parameter, quantification may be broken down into
four stages: obtaining historical reference data; estimating the
relationship between risk characteristics and the risk parameters in
the reference data; mapping the correspondence between risk
characteristics in the reference data and those in the existing
portfolio; and applying the relationship between risk characteristics
and risk parameters to the existing portfolio. An evaluation of a
bank's quantification process focuses on the overall adequacy of the
bank's approach, including an understanding of how the bank breaks down
the quantification process where applicable into the four stages.
5. Banks are not required to separate the quantification process
into four stages. The four stages are a conceptual framework, and may
serve as a useful analytical and implementation guide. Readers may find
it helpful to refer to the appendices to this chapter, which illustrate
how this four-stage framework can be applied to quantification
approaches in practice. The four stages of quantification are described
below.

Data--First, the bank constructs a reference data set, or source of
data, from which risk parameters can be estimated.

A ``reference data set'' consists of a set of exposures and their
associated identifying information and risk characteristics. Reference
data sets may include internal data, external data, or pooled data from
different internal and external sources. Internal data refers to any
data on exposures held in a bank's existing or historical portfolios,
including data elements or information provided by third parties (e.g.,
data from a credit bureau about one's own customers would be considered
internal data). External data refers to information on exposures held
outside the bank's portfolio, including aggregate industry trends or
economic data.
The reference data is described using a set of observed
characteristics; consequently, the data set contains variables that can
be used for this characterization. For example, risk characteristics
for wholesale exposures include obligor and exposure characteristics
related to the risk parameters, such as agency debt ratings, risk
ratings, financial measures, geographic regions, and the economic
environment and industry/sector trends during the time period of the
reference data. Risk characteristics for retail exposures include
borrower and loan characteristics, such as loan terms, loan-to-value,
credit score, income, debt-to-income, or payment history. A bank may
use more than one reference data set to improve the robustness or
accuracy of the risk parameter estimates.

Estimation--Second, the bank applies statistical techniques to the
reference data to determine the relationship between risk
characteristics and the estimated risk parameter.

The result of this step is a model that ties descriptive risk
characteristics, or drivers, to the risk parameter estimates. In this
context, the term ``model'' is used in the most general sense; a model
may be a simple calculation of historical averages or a more
sophisticated approach based on advanced statistical techniques (e.g.,
regression). This step may include adjustments for differences between
the IRB definition of default and the default definition in the
reference data set, as well as adjustments for data limitations.
More than one estimation technique may be used to generate
estimates of the risk parameters, especially if there are multiple sets
of reference data or multiple sample periods. If multiple estimates are
generated, the bank should have a clear and consistent policy for
reconciling and combining them into a single estimate at the
application stage.

Mapping--Third, the bank creates a link between its portfolio data and
the reference data based on corresponding characteristics.

Variables or characteristics used in the estimation model are
mapped, or linked, to the variables that are available for the existing
portfolio. In order to map effectively, a bank should have reference
data characteristics that allow the construction of rating and
segmentation criteria that are consistent with those used on the bank's
portfolio.
An important element of mapping is making adjustments for
differences between reference data sets and the bank's exposures. The
bank should map each reference data set and each combination of risk
characteristics used in any estimation model.

Application--Fourth, the bank applies the relationship estimated for
the reference data to the actual portfolio data.

The ultimate aim of quantification is to attribute a PD, ELGD, LGD,
and EAD to each exposure within the wholesale portfolio and to each
segment of exposures in the retail portfolio. If multiple data sets or
estimation methods are used, the bank should adopt a means of combining
the various estimates at this stage.
For wholesale portfolios, this step may include adjustments to
default rates or loss rates to ``smooth'' the final risk parameter
estimates. If the estimates are applied to individual transactions, the
bank must in some way aggregate the estimates at the rating level.
For retail portfolios, the bank may simply apply the risk parameter
estimates derived for each segment to the corresponding segment in the
existing portfolio. However the application stage could be more complex
if multiple data sets or estimation methods were used or if the mapping
stage required adjustments.
6. The four-stage quantification process described above outlines a
framework that a bank may use for assigning numerical values to the IRB
key risk parameters. Whether the quantification process explicitly
delineates each aspect of the four stages of quantification for PD,
ELGD, LGD, and EAD, or the quantification process is more integrated,
each aspect of the quantification process for the key risk parameters
should be justified, documented, and subject to monitoring and follow-
up.
7. A number of examples are given in this chapter to aid exposition
and interpretation of specific quantification issues. None of the
examples is sufficiently detailed to incorporate all of the
considerations discussed in this chapter. Moreover, technical progress
in the area of quantification is rapid. Thus, banks should not
interpret a specific example that is consistent with the standard being
discussed, and that resembles the bank's current practice, as being a
``safe harbor.'' Banks should consider this guidance in its entirety
when determining whether systems and practices are adequate.

B. General Standards for Sound Quantification

8. Several core principles apply to the overall quantification
process of risk rating and segmentation systems. Those principles and
the general standards that reflect them are discussed in this
introductory section. Other supervisory

[[Page 9101]]

standards specific to particular stages or risk parameters are
discussed in later sections.
9. The risk parameters should be estimated in a manner consistent
with sound credit risk management practices and the IRB standards. In
addition, a bank should have processes to ensure that these estimates
are independently and thoroughly validated and the results reported to
senior management.
10. Supervisory evaluation of the quantification process requires
consideration of all the standards in this chapter, both general and
specific. Particular practical approaches to quantification may be
highly consistent with some standards, and less so with others. In
assessing a bank's approach, supervisors will weigh the approach's
strengths and weaknesses using all the supervisory standards in this
chapter as a guide.
S 4-1 Banks should have a fully specified process covering all
aspects of quantification (reference data, estimation, mapping, and
application). The quantification process should be fully documented.
11. A fully specified quantification process should describe how
all four stages (data, estimation, mapping, and application) are
addressed for each parameter. The linkages between the bank's
quantification and validation processes should also be explicit.
12. An important aspect of the quantification process is the
appropriate capture and analysis of developmental evidence in support
of techniques applied by the bank. A few examples of such developmental
evidence are:
For reference data--a discussion of how the best available
data are chosen from various sources so that the data include periods
of economic downturn conditions and the portfolio in the reference data
is comparable to the existing portfolio;
For estimation--discussions of why the bank uses various
averaging methods on historical data, how it specifies downturn
estimates, or how it develops predictive models;
For mapping--discussions of how risk characteristics in
the reference data compare with those in the existing portfolio; and
For application--a discussion of the combination of
multiple estimates, aggregations of estimates across exposures, or any
judgmental adjustments.
13. Major decisions in the design and implementation of the
quantification process should be justified and fully documented.
Documentation promotes consistency and allows third parties to review
and replicate the entire process.
S 4-2 Risk parameter estimates must be based on the IRB definition
of default. At least annually, a bank must conduct a comprehensive
review and analysis of reference data to determine the relevance of
reference data to the bank's exposures, quality of reference data to
support risk parameter estimates, and consistency of reference data to
the IRB definition of default.
14. Many different sources of data might be appropriately used in
an estimation model or the quantification process. Regardless of the
data used to derive the risk parameter estimates, such estimates must
reflect the IRB definition of default.
15. As part of its annual review of its reference data, a bank must
assess the consistency of the reference data with the IRB definition of
default. In the early stages of IRB implementation, a bank's internal
historical reference data might not include an element that fully
conforms to the IRB definition of default. In addition, a bank may
change its policies regarding charge-offs or non-accrual. For any
internal or external historical data that are not fully consistent with
the IRB definition of default, a bank must still ensure that the
derived risk parameter estimates are based on the IRB definition of
default. This will likely entail making conservative adjustments to
reflect data discrepancies; larger discrepancies require greater
conservatism.
16. To support quantification and validation of the risk parameter
estimates, one of the elements in a bank's internal data should conform
to the IRB definition of default. The collection of internal data is
discussed in Chapter 6 (Data Management and Maintenance) of this
guidance and validation is discussed in Chapter 7 (Controls and
Validation).
S 4-3 Banks must separately quantify wholesale risk parameter
estimates before adjusting the estimates for the impact of eligible
guarantees and eligible credit derivatives.
17. As discussed in Chapter 5, the benefits of wholesale credit
risk mitigation from eligible guarantees and eligible credit
derivatives are recognized through adjustments to ratings and risk
parameter estimates. However, banks must perform the basic
quantification of the risk parameters separately from the process of
determining an adjustment to an exposure's risk rating assignment
resulting from the credit protection or any adjustments to the risk
parameters for recognition of the credit protection. In quantifying the
impact of the credit protection, banks may make necessary adjustments
to the reference data or mapping process, or may estimate the impact of
the credit protection on the bank's existing portfolio. Chapter 5 deals
with recognized types of contractual arrangements and instruments that
transfer all or part of an exposure's credit risk from the bank to one
or more third parties.
S 4-4 Banks may take into account the risk-reducing effects of
guarantees in support of retail exposures when quantifying the PD,
ELGD, and LGD of the segment.
18. A bank may take into account the risk reducing effects of
guarantees in support of retail exposures in a segment when quantifying
the PD, ELGD, and LGD of the segment, but only for guarantees of
individual retail exposures, or guarantees covering all or a pro rata
portion of all contractual payments due on a group of retail exposures.
(See Example 5 in Appendix B of this chapter.) Insurance in support of
retail exposures, for example private mortgage insurance (``PMI''),
generally would be considered a guarantee.
19. The risk parameters for exposures covered by retail guarantees
should be based on historical experience of exposures with similar
coverage and the expected benefits of the guarantees on future
performance. Segments benefiting from retail guarantees are still
subject to applicable regulatory floors, such as the 10 percent LGD
floor for residential mortgages.
20. Retail guarantees may affect PD or ELGD and LGD. In most cases,
and in particular for PMI, banks reflect the effects of retail
guarantees primarily through the quantification of ELGD and LGD. For
retail exposures, banks may directly reflect the expected benefit of
retail guarantees in the risk parameters, in contrast to the two-step
process that is required for guarantees of wholesale exposures.
21. Banks should monitor and assess potential counterparty risk for
guarantees of retail exposures through tracking and analyzing the
financial strength of each guarantor. When reflecting guarantees of
retail exposures in PD or ELGD and LGD estimates banks should take into
account the credit quality of the guarantor. Other things equal, PD or
ELGD and LGD estimates should be increased if the credit quality of the
guarantor deteriorates. In addition, banks should consider the
potential for additional counterparty risk during economic downturn
conditions.
22. Banks may also choose to incorporate retail guarantee coverage
into their segmentation systems. For example, mortgage loans without
PMI could be placed into different segments than those with PMI.

[[Page 9102]]

23. Since there are a variety of programs for retail guarantees
that provide differing types and levels of coverage, banks
incorporating retail guarantees into the IRB risk parameters should
ensure that their systems are sufficient to estimate the expected
benefits based on the actual amount of coverage within the existing
portfolio, regardless of whether or not they segment by coverage. This
may require exposure-by-exposure tracking over the life of the exposure
to accurately reflect the expected benefits for different forms of
retail guarantees. Banks also should develop appropriate reference data
sets that can be used to estimate the effect on PDs or ELGDs and LGDs
for exposures that are covered by retail guarantees.
S 4-5 Banks may only reflect the risk-reducing benefits of tranched
guarantees of multiple retail exposures by meeting the definition and
operational criteria for synthetic securitizations.
24. Guarantees of multiple retail exposures that do not cover all
or a pro rata portion of all contractual payments due on the underlying
exposures are considered to be tranched. (See Example 5 in Appendix B
of this chapter.)
25. A bank may obtain a reduction in risk-based capital
requirements in the case of such tranched guarantees of multiple retail
exposures, but only through applying the rules for securitization
exposures provided in the NPR. To obtain any benefits, tranched
guarantees of multiple retail exposures must satisfy all aspects of the
definition of synthetic securitization and comply with all requirements
for securitization treatment in the NPR. (Also see Chapter 11
(Securitizations) for additional guidance.)
26. In some cases, the determination of the risk-based capital
benefit for a qualifying tranched guarantee will be relatively
straightforward. For example, the securitization framework provides
three general approaches for determining risk-weighted assets: The
ratings-based approach, the internal assessment approach, and the
supervisory formula approach (``SFA''). A bank can use the RBA if its
exposure is externally rated or has an inferred rating. The SFA may be
employed when external or inferred ratings are not available for
tranching structures. (See Chapter 11 for a more detailed discussion of
the applicability of the various approaches in different
circumstances.)
S 4-6 At a minimum, the quantification process and the resulting
risk parameters must be reviewed annually and updated as appropriate.
27. All material aspects of the quantification process should be
reviewed annually, with adjustments and enhancements made as needed. A
bank should have a well-defined policy for reviewing and updating the
quantification design. New analytical techniques and evolving industry
practice should be taken into account in considering changes to
quantification techniques. The review should evaluate the judgmental
adjustments embedded in the estimates; new data or evolving industry
practice may suggest a need to modify those adjustments. Particular
attention should be given to any changes that may have resulted in a
significant change in the composition of exposures, such as new
business lines, material mergers or acquisitions, and material
divestitures, loan sales or securitizations. Such changes, which raise
questions about the appropriateness of risk ratings, the segmentation
system, and the quantification process, should trigger a review and
revisions as needed.
28. The review process is particularly relevant for the reference
data stage because new data become available frequently. A bank must
ensure continued applicability of the reference data to its existing
exposures, and the reference data should reflect the types of exposures
found in the bank's existing portfolio. Reference data must be of
sufficient quality to support PD, ELGD, LGD, and EAD estimates. A well-
defined and documented process should be in place to ensure that the
reference data are updated as frequently as needed, as fresh data
become available or as portfolio changes make necessary. All data
sources, characteristics, and the overall processes governing data
collection should be fully documented, and that documentation should be
readily available for review.
29. At a minimum, risk parameter estimates must be reviewed at
least annually, and the process for doing so should be documented in
the bank's policy. If the review reveals that risk parameter estimates
should be updated, the updates should be performed promptly and
documented clearly. New data should be incorporated into the risk
parameter estimates using a well-defined process to correctly merge
data sets over time, and the frequency of risk parameter updates and
the process for doing so should be justified and documented in bank
policy.
30. The risk parameter estimates may be particularly sensitive to
changes in the way banks manage exposures. When such changes take
place, the bank should consider them in all steps of the quantification
process. Changes likely to significantly increase a risk parameter
value should prompt increases in the risk parameter estimates. When
changes seem likely to reduce the risk parameter value, estimates
should be reduced only after the bank accumulates a significant amount
of actual experience under the new policy to support the reductions.
31. The mappings of the existing portfolio to the reference data
used in estimation should also be reviewed with sufficient frequency to
ensure that the mappings continue to be appropriate. Mappings should be
reaffirmed at least annually for both internal and external reference
data, regardless of whether the risk rating or segmentation systems
have undergone explicit changes during the period covered by the
reference data set, because the relationship between a bank's existing
exposures and the reference data may change over time. For example, in
wholesale portfolios the relationships between internal rating grades
and external agency ratings may change during the economic cycle
because of differences in expected rating migration. When significant
characteristics have been changed, added, or dropped, the
characteristics of the existing exposures should be newly mapped to the
characteristics of the reference data.
S 4-7 Quantification should be based upon the best available data
for the accurate estimation of the risk parameters.
32. Banks should always use the best available data when
quantifying the risk parameters. In order to derive accurate risk
parameter estimates, banks should incorporate relevant data, whether
such data are internal or external. One objective of the IRB framework
is to encourage further development of credit risk quantification
techniques. Improving the quality, capture, and retention of internal
data is an essential prerequisite for such advances.
33. Internal data refers to any data on exposures existing or
historically held in a bank's own portfolio, including historical
exposure and risk characteristics as well as exposure performance--even
if some data components are purchased from outside sources. For
example, property appraisals purchased from a third-party appraiser for
updating the LTVs of a bank's mortgage exposures are considered
internal data. However, if a bank purchases data on risk
characteristics or performance for exposures outside of its own
portfolio, these data would be considered external.
34. A bank should incorporate relevant external data for
quantifying risk parameters if internal data are

[[Page 9103]]

insufficient to produce accurate and appropriate estimates. For
example, the use of external data may be necessary when internal data
do not provide adequate coverage of economic downturns or when there
are significant data gaps, either for periods of time or for the types
of exposures in the bank's existing portfolio. Banks should demonstrate
that all data used to quantify risk parameters are relevant.
35. A bank should have a process for vetting potential reference
data, whether the data are internal or external. The vetting should
assess whether the data are sufficiently accurate, sufficiently
complete, sufficiently representative, and sufficiently informative of
the bank's existing exposures.
36. Furthermore, a bank should have adequate data to estimate risk
parameters for all exposures on the books, even if some are likely to
be sold or securitized before their long-term credit performance can be
observed.
S 4-8 The sample period for the reference data must meet the
minimum length for each risk parameter by portfolio.
S 4-9 The reference data must include periods of economic downturn
conditions, or the parameter estimates must be adjusted to compensate
for the lack of data from such periods.
37. For PD estimation, a minimum of five years of data are required
for all portfolios. For ELGD, LGD and EAD estimation, a minimum of
seven years of data are required for wholesale portfolios, and five
years of data are required for retail portfolios.
38. This requirement for a minimum of five or seven years of data
should not be taken to imply that reference data sets of this length
are optimal. The range of conditions covered by the sample period may
be as important as its length. Specifically, lack of inclusion of
periods of economic downturn conditions could bias PD, ELGD, LGD, or
EAD estimates downward and lead to unjustifiably lower risk-based
capital requirements.
39. If a bank's reference data do not include periods of economic
downturn conditions, the bank must adjust its risk parameter estimates
to compensate for the lack of these data. Given the particular
importance of periods of economic downturn, a bank may choose to
augment an existing reference data set with additional data from such a
period without including all of the intervening years, if the overall
data set satisfies required minimums, otherwise covers the appropriate
range of economic conditions and is appropriate for the bank's existing
portfolio. Alternatively, a bank may draw more heavily on sub-samples
of its internal portfolio (for example, particular MSAs or geographic
regions) that experienced economic downturn periods, or use appropriate
external data. However, the bank should justify the exclusion of
available internal data for portions of its portfolio and any inclusion
of alternative internal or external data sources, as well as its
weighting assumptions.
40. The minimum data requirement may be met using internal data,
external data, or pooled data combining internal data with similar data
from other sources. However, as noted above, the minimum sample period
for reference data should not be construed as generally providing
optimum results. A longer sample period usually fosters more robust
estimation; for example, a longer sample will include more default
observations for ELGD, LGD or EAD estimation. Banks should consider the
use of additional data when more than the minimum length of historical
data is available. However, the potential increase in precision
afforded by a larger sample should be weighed against the potential for
diminished comparability of older data to the existing portfolio;
striking the correct balance is a matter of judgment. Reference data
must not differ systematically from the existing portfolio in ways that
seem likely to be related to default risk, loss severity, or exposure
at default.
S 4-10 Banks should clearly document how they adjust for the
absence of significant data elements in either the reference data set
or the existing portfolio.
41. Some exposures in the reference data set and the existing
portfolio will have missing data elements, some of which are important
factors for measuring risk. Banks may use a variety of statistical
methods to impute values for the missing factors--provided these
factors are sufficiently correlated to known information about the
exposure. Expertise is required to judge whether such correlations can
be established. Regardless of the approach and level of sophistication,
the bank should have a clear and well-documented process describing how
it treats missing data elements in the estimation and mapping stages.
42. For example, in the development of a default model, missing
data elements can be imputed and the estimates of the missing data
elements input to the model. However, if particular data elements are
missing on significant portions of the population, this may justify the
estimation of separate models where data elements are missing.
S 4-11 Judgmental adjustments to risk parameter estimates, either
upward or downward, may be an appropriate part of the quantification
process, but must not result in an overall bias toward lower risk
parameter estimates.
43. Judgment will inevitably play a role in the quantification
process and may materially affect the estimates. Judgmental adjustments
to estimates are often necessary because of some limitations on
available reference data or because of inherent differences between the
reference data and the bank's existing exposures. The bank must ensure
that adjustments are not biased toward optimistically low risk
parameter estimates. This standard does not prohibit individual
adjustments that result in lower estimates of risk, because both upward
and downward adjustments are expected. Individual adjustments are less
important than broad patterns; consistent signs of judgmental decisions
that lower parameter estimates materially may be evidence of bias. The
bank should also ensure that large judgmental adjustments are well
justified and infrequent, as frequent large adjustments could indicate
a problem with the rating methodology.
44. The reasoning and empirical support for any adjustments, as
well as the mechanics of the process, should be documented. The bank
should conduct sensitivity analysis to demonstrate that the adjustment
procedure is not biased toward reducing risk-based capital
requirements. The analysis should consider the impact of any judgmental
adjustments on estimates and risk-based capital requirements, and
should be fully documented.
S 4-12 Risk parameter estimates should incorporate a degree of
conservatism that is appropriate for the overall rigor of the
quantification process.
45. Estimated values of the risk parameters should be as precise
and accurate as possible. However, estimates are inherently subject to
uncertainty and potential error. Aspects of the quantification process
that are apt to induce uncertainty and error include model error,
differences in default definitions, errors in judgment, and data
deficiencies. A general principle of the IRB framework is that the
assumptions and adjustments embedded in the quantification process
should reflect the degree of uncertainty or potential error inherent in
the process.
46. In practice, a reasonable estimation approach likely will
result in a range of defensible risk parameter values. The choices of
the particular

[[Page 9104]]

assumptions and adjustments that determine the final estimate, within
the defensible range, should reflect the uncertainty in the
quantification process. That is, the more uncertainty in the process,
the more risk-based capital should be required.
47. The degree of conservatism should be related to factors such as
the relevance and depth of the reference data, the quality of the
mapping, the precision of the statistical estimates, and the amount of
judgment used throughout the process. Conservative methodologies should
also be considered for new products, such as new residential mortgage
products. Margins of conservatism need not be added at each step, as
that could produce an excessively conservative result. Instead, the
overall margin of conservatism should adequately account for all
uncertainties and weaknesses. Improvements in the quantification
process (use of better data, estimation techniques, and so on) may
allow risk parameter estimates to become less conservative over time.
S 4-13 Mapping should be based on a comparison of available data
elements that are common to the existing portfolio and each reference
data set.
48. Sound mapping practice uses elements that are available in both
the existing portfolio and the reference data. If a bank chooses to
ignore certain variables or to weight some variables more heavily than
others, those choices should be supported. At least two kinds of
mapping challenges may arise:
First, even if similarly named variables are available in
the historical reference data and the existing portfolio data, they may
not be directly comparable. Hence, a bank should ensure that linked
variables are truly similar. Although adjustments to enhance
comparability can be appropriate, they should be rigorously developed
and documented.
Second, levels of aggregation may vary. The bank's
information systems for its existing exposures might supply more
detail. For example, to apply the estimates derived from the reference
data, the portfolio data could be regrouped to match the coarser
aggregation of the reference data.
49. Mapping should be consistent with the risk rating and
segmentation systems. Levels and ranges of key characteristics for each
rating or segment of the bank's existing exposures should approximate
the values of similar characteristics for the reference data.
50. The standard allows for use of a limited set of common
variables that are predictive of default, loss or exposure risk, in
part to permit flexibility in early years when data may be far from
ideal for some portfolios. Nevertheless, mapping exercises should aim
to provide the greatest possible assurance that it is appropriate to
apply the bank's estimation framework to the existing portfolio of
exposures. In instances where banks rely on a limited set of common
variables, or where those variables are not clearly identical, banks
should compensate by being more conservative in other stages of the
quantification process.
S 4-14 A mapping process should be established for each reference
data set and for each estimation model.
51. Banks should never assume that the rationale for a mapping is
self-evident. Even when reference data are drawn from internal default
and loss experience, a bank should still link the characteristics of
the reference data with those of the existing portfolio. The use of
internal data for reference data purposes does not eliminate the need
for a mapping requirement because changes in bank strategy or external
economic forces may alter the risk characteristics or composition of
the portfolio over time, even within the same wholesale obligor/loss
severity ratings or within the same retail segments.
For example, a wholesale rating system that has been
explicitly designed to replicate external agency ratings may or may not
be effective in producing a replica; formal mapping would be performed.
Indeed, in such a system the kind of analysis involved in mapping may
help identify inconsistencies in the rating process itself.
Similarly for retail portfolios, even if the bank uses the
same segmentation system over time, it should verify that the risk
factors behind the segmentation capture the same types of borrowers in
today's portfolio as they did in the reference data. For example, a
given product offering may attract types of customers that differ over
time in ways that affect risk but are not fully reflected in the risk
factors used for segmentation.
52. Banks often use multiple reference data sets, and then combine
the resulting estimates to get a risk parameter estimate for a
wholesale obligor/loss severity rating or for a retail segment. A bank
that does so should conduct a rigorous mapping process for each data
set.
S 4-15 Banks that combine estimates from internal and external data
or that use multiple estimation methods should have a clear policy
governing the combination process and should examine the sensitivity of
the results to alternative combinations.
53. To ensure that the best available data are used to produce
accurate risk estimates a bank might combine data from multiple sources
and may use multiple estimation methods. Banks often combine internal
data with external data and use data from different sample periods. For
example, for a wholesale portfolio a bank may combine results from
corporate-bond default databases with results from equity-based models
of obligor default.
54. The manner in which the estimates from multiple data sets or
estimation methods are combined is extremely important, since different
combinations will produce different risk parameter estimates. A bank
should investigate risk parameter estimates' sensitivity to different
ways of combining data sets or combining estimation methods. When
results are highly sensitive to how data or estimates are combined, a
bank should make every effort to understand the nature (reasons and
implications) of the instability (including use of statistical tests)
and choose among the alternatives conservatively. A bank should
document why it selected the combination techniques it did, and these
techniques should be subject to appropriate approval and oversight by
management.
S 4-16 The aggregation of risk parameter estimates from individual
exposures within rating grades or segments should be governed by a
clear and well-documented policy.
55. Because different methods of aggregation are possible, a bank
should have a clear and well-supported policy regarding how aggregation
should be accomplished. Banks are required to have a quantification
system in which the rating grades or segments are homogeneous with
regard to risk; in this case, each obligor or exposure within
homogeneous grades or segments would receive equal emphasis in
quantification.
56. For wholesale exposures, rating grade-based mapping naturally
produces an average risk parameter estimate by rating grade.
Conversely, obligor-based or loss severity-based mappings require the
aggregation of the individual risk parameter estimates to the rating
grade level. The bank should document this aggregation and compare the
results of alternative mappings. These mappings are discussed in the
relevant PD and ELGD and LGD sections.
57. If a bank uses a prediction model for a retail portfolio that
assigns a risk parameter estimate to each exposure, it

[[Page 9105]]

should specify and document the process by which it aggregates the
exposure-level risk parameters to assign segment-level estimates.

II. Probability of Default (PD)

A. Data

58. For PD quantification, a minimum of five years of data that
include periods of economic downturn conditions is required; in the
event that such data are not available, a bank must adjust its PD
estimates to compensate for the lack of data from periods of economic
downturn conditions. The data for PD quantification should include
relevant characteristics of both defaulted and non-defaulted exposures
such as information on the exposures at different points in time,
payment history and ultimate disposition.
59. To estimate PD accurately and support the determination of
risk-based capital requirements, a bank must have a comprehensive
reference data set with observations that should be representative of
the bank's existing exposures. For wholesale portfolios the reference
data should map to obligors, and for retail portfolios the reference
data should map to segments of the existing portfolio. Clearly, the
data set used for estimation should be similar to the portfolio to
which such estimates will be applied. The same comparability standard
applies to both internal and external data sets.
60. To ensure ongoing applicability of the reference data, a bank
should assess the characteristics of its existing exposures relative to
the characteristics of exposures in the reference data. Such variables
might include qualitative and quantitative information on the exposure,
internal and external wholesale ratings and rating dates, updated
retail credit scores, corporate lending relationships, retail product
type and loan terms, or geography. A bank should maintain documentation
that fully describes all explanatory variables in the data set,
including any changes to those variables over time. A well-defined and
documented process should be in place to ensure that the reference data
are updated as frequently as is practical, as fresh data become
available or portfolio changes make necessary.
Example
A bank determines that the aggregate national retail mortgage
portfolio has not experienced downturn conditions during the time
horizon for which internal reference data are available. However,
regional sub-portfolios did experience default rates that were
significantly higher than average during the available data history.
Data are available from regional recessions in New England (late 1980s
and 1990 -1995), Texas (1983-1989), and California (1991-1995). The
bank demonstrates that the drivers of significantly higher default
rates in these regional recessions can be extrapolated to the national
portfolio, and the bank justifies and documents the resulting
adjustments that would be necessary in the mapping and application
stages.

B. Estimation

61. Estimation of PD is the process by which risk characteristics
of the reference data are related to default rates for each wholesale
obligor or for each retail segment in the reference portfolio. The
relevant risk characteristics that are predictive of the likelihood of
default are referred to as ``drivers of default.'' Drivers for
wholesale obligors might include financial ratios, management expertise
and industry. Drivers for retail segments might include product, loan
and borrower characteristics such as loan-to-value, credit line
utilization, credit score, or delinquency status. Also, a portfolio
separator such as geographic region, while not a direct driver of
default, might indicate separate relationships of the PD to these
drivers by geographic region.
S 4-17 PD estimates must be empirically based and must represent a
long-run average.
62. The PD is an estimate of the long-run average of one-year
default rates for wholesale rating grades, for segments of non-
defaulted retail exposures where seasoning is not material, or for a
segment of non-defaulted retail exposures in a retail exposure
subcategory for which seasoning effects are not material.
63. PD estimates should represent averages of one-year default
rates over a mix of economic conditions (including economic downturn
conditions) sufficient to provide a reasonable estimate of the one-year
default rate over the economic cycle for the rating grade or retail
segment as specified above. If a bank uses the best available
historical data to estimate PD as the mean of yearly realized default
rates over at least five years, and the bank can empirically support
that this period includes economic downturn conditions, then this is
likely to adequately represent long-run experience. The emphasis should
not solely be on time span; the long-run average concept captures the
breadth, as well as the length, of experience.
64. Estimation generally should treat data from different time
periods similarly. A bank choosing instead to place greater relative
weight on data from particular time periods should empirically
demonstrate that doing so produces a more accurate estimate of future
default behavior for each wholesale rating grade and retail segment in
its existing portfolio. For example, more recent data might be given
more weight in the estimation process if the bank demonstrates that
doing so is more predictive of future default behavior.
65. For a statistical model to satisfactorily produce long-run PD
estimates, the reference data used in the default model must meet the
long-run requirement. A model can be used to relate risk drivers to the
outcome--default or non-default. Drivers might include wholesale
financial ratios, retail borrower credit scores, loan terms, economic
conditions or industry variables. Such a model must be calibrated to
capture the default experience over a reasonable mix of economic
conditions. For example, a Merton-style model's estimate of distance to
default must be calibrated to the default rate using long-run
experience. Whether a PD model is developed internally or by a vendor,
a bank should verify that the model's results have been calibrated to a
long-run average PD.
66. Adjustments that are part of the PD estimation process must not
result in an overall bias toward lower risk parameter estimates. The
bank should rigorously validate, justify, and document such
adjustments.
Example 1
If the bank's internal data history does not include any periods of
economic downturn, the bank may use external data sources that include
an economic downturn period to adjust PD estimates upward. The bank
should justify the assumption that the relationship between the long-
run average PD and the risk drivers observed in the external data
applies to its portfolio. This practice is consistent with this
guidance.
Example 2
A bank uses internal default experience to estimate PDs for its
wholesale portfolio. However, the bank has historically failed to
recognize defaults under the IRB default definition. For example,
exposures sold at a material credit loss were not captured as defaults.
The realized PD using the IRB definition would be higher than that
observed by the bank

[[Page 9106]]

(and LGD rates might differ as well). If the bank made no adjustment
for the missing defaults, its practice would not be acceptable.
S 4-18 Effects of seasoning, when material, must be considered in
the PD estimates for retail portfolios.
67. A bank should determine whether age since origination is a
significant risk factor for its retail exposures on the balance sheet.
If so, then seasoning may be a material risk factor.
68. Material seasoning effects are generally indicated when default
rates of a segment of retail exposures follow a characteristic age
profile, rising for the first several periods following origination.
Seasoning of this type is often significant for longer-maturity
consumer products such as residential mortgages, but may also be
important for shorter-lived portfolios.
69. Additional common indicators of material seasoning effects are
large or rapidly growing portfolio concentrations of unseasoned
exposures where age is a significant risk factor. Such concentrations
could result from a high growth rate of originations, unusually high
prepayment or attrition rates, or high rates of sales or securitization
of seasoned exposures.
70. Even when age is a significant risk factor and default rates
follow a characteristic age profile, seasoning effects may not be
material if a retail exposure subcategory's age distribution is stable
and the age distribution of the portfolio is not concentrated in
unseasoned exposures.
71. The operational definition of material seasoning effects for a
segment of retail exposures is that the annualized cumulative default
rate for that segment materially exceeds the long-run average of one
year default rates.
72. If seasoning effects are material for the retail exposure
subcategory, banks must use a PD that reflects a longer-run horizon and
provides adequate risk-based capital to cover potential credit losses
for its unseasoned segments in that subcategory. Specifically, rather
than the best estimate of the long-run average of 1-year default rates,
the higher PD that must be used is defined as the estimated annualized
cumulative default rate of the segment over the expected remaining life
of the exposures in the segment.\3\
---------------------------------------------------------------------------

\3\ Expected remaining life is the average period from today
until an exposure of a particular type will prepay, pay in full
through normal amortization, or default.
---------------------------------------------------------------------------

73. Estimates of expected remaining life should reflect a long-run
average for exposures in the segment; banks should avoid undue
volatility in their estimates caused by short-term fluctuations in
market factors (such as interest rates). Also, banks may incorporate
discounting of cash flows into their estimates of expected remaining
life if they so choose.
74. Even if the exposures are potentially subject to material
seasoning effects, a bank may use the definition of PD specified in
Paragraph 62 of this chapter for certain exposures that are originated
for sale or securitization, provided that:
The bank credibly demonstrates its ability and intent to
sell or securitize the exposures within a 90-day time frame. It can do
so by:
--An established historical track record of sales or
securitizations for similar exposures; or
--Commitments in the form of forward sales agreements or other
contractual pipeline arrangements that provide reasonable assurances
that the exposures will be sold within 90 days.
The exposures are specifically identified at origination.
The bank monitors sales or securitization market
indicators, including an assessment of counterparty risk, to ensure its
continuing ability to sell or securitize these exposures in a variety
of market conditions.
Exposures that are not sold or securitized within 90 days should be
assigned to segments that fully reflect their risk profile based on
their updated risk characteristics.
75. Banks should note that under the rules for securitization
exposures in the NPR, a bank may need to quantify the IRB risk
parameters for some securitized exposures. For that quantification
process, a bank must meet the quantification requirements for
estimating PDs for retail exposures held on balance sheet, including
the requirements for estimating PD when seasoning effects are material.
76. The account age profile may be tracked by using account age as
a criterion in the segmentation system for the retail exposures or as a
predictive variable in a PD quantification model. Several methods can
be used to account for seasoning in the PD estimates. See example 4 in
Appendix B of this chapter.

C. Mapping

77. Mapping is establishing a linkage between the bank's existing
exposures and the reference obligor data used in the default model.
Hence, mapping involves identifying how drivers of default for the
existing exposures correspond to the reference data's drivers.
Wholesale drivers include financial and nonfinancial variables, and
assigned rating grades; retail segment drivers include exposure and
borrower risk characteristics.
78. Key drivers of default should be factored directly into the
obligor rating or segmentation process. But in some circumstances,
certain effects related to industry, geography, or other factors are
not reflected in wholesale obligor risk rating assignments, retail
segmentation, or default estimation models. In such cases, it may be
appropriate for banks to capture the impact of the omissions by using
different mappings for different business lines or types of exposures.
Supervisors expect this practice to be transitional, and that banks
eventually will incorporate the omitted effects into the wholesale
obligor risk rating, the retail segmentation system or the PD
estimation process as they are uncovered and documented, rather than
adjusting the mapping.
79. Banks may use multiple reference data sets or estimation
methods, and then combine the resulting estimates to get an obligor
rating grade or segment PD. A bank that does so should conduct a
rigorous mapping process for each data set and estimation method. For
example, when using data from a number of wholesale rating agencies,
the mapping should take into consideration differences in the agencies'
rating methods by mapping each agency's obligor rating scale
separately. Similarly, when combining the results from internal
historical data and a default prediction model over a retail portfolio,
the bank should map both the historical long-run PD and the model's
output to the existing portfolio.
Retail Mapping
80. For retail portfolios, mapping involves linking segments in the
reference data to segments in the existing portfolio. If the bank's
segmentation process has been in place for a long time, the mapping
between internal historical data and the existing portfolio data may be
straightforward. However, if the bank's retail segmentation system has
varied over time, the bank should demonstrate a mapping between its
existing segmentation system and the segments in the reference data. In
either case, the bank should demonstrate that the mapping is
appropriate and conduct periodic assessments to verify this.
Example
2ven if similarly named characteristics are available in the
reference data and the existing portfolio data, they may not be
directly comparable. For example, in a retail portfolio of auto loans,
the particular

[[Page 9107]]

types of auto loans (for example, new or used, direct or indirect) may
vary from one application to another. Hence, a bank should ensure that
linked drivers are truly similar in PD estimation. Although adjustments
to enhance comparability can be appropriate, they should be rigorously
developed and documented.
Wholesale Mapping
81. There are two broad approaches to the mapping process for
wholesale portfolios, obligor mapping and rating grade mapping.
82. In obligor mapping, each existing obligor is mapped to the
reference data based on its individual characteristics. For example, if
a bank applies a default model to estimate an obligor-level default
probability, that model uses certain obligor-level variables as inputs.
The values of these variables for each obligor are used as inputs to
the obligor-level default probability estimation model.

Example

In estimating rating grade PDs, a bank relies on observed default
rates on bonds in various agency ratings. To map its internal rating
grades to the agency ratings, the bank identifies variables that
together explain much of the rating variation in the bond sample. The
bank then conducts a statistical analysis of those same variables
within its portfolio of obligors, using a multivariate distance
calculation to assign each portfolio obligor to the external rating
whose characteristics it matches most closely (for example, assigning
obligors to ratings so that the sum of squared differences between the
external rating averages and the obligor's characteristics is
minimized). This practice is broadly consistent with sound mapping
practices.
83. In rating grade mapping, characteristics of the obligors within
an internal rating grade are averaged or otherwise summarized to
construct a ``typical'' or representative obligor for each rating
grade. Then, the bank maps that representative obligor to the reference
data. For example, if the bank uses a model that takes certain
variables as inputs to produce an obligor-level default probability
estimate, a representative value for each input variable would be
determined for each internal rating grade, creating in effect a
``typical obligor'' for a rating grade; the default probability
associated with that typical obligor will serve as the rating grade PD
in the application stage. As an alternative example, a bank maps the
typical obligor from each internal rating grade to a particular
external NRSRO rating based on quantitative and qualitative
characteristics and assigns the realized long-run average one-year
default rate for that external rating to the internal rating grade in
the application stage.

Example

A bank uses rating grade mapping to link portfolio obligors to the
reference data set described by agency ratings. The bank reviews
publicly-rated portfolio obligors within an internal rating grade to
determine the most common agency rating, does the same for all rating
grades, and creates a linkage between internal and agency ratings. The
strength of the linkage is a function of the number of externally rated
obligors within each rating grade, the distribution of those agency
ratings within each rating grade and the similarity of externally rated
obligors in the grade to those not externally rated. This practice is
broadly consistent with sound mapping practices, and, for the reasons
discussed below, may require adjustments and the addition of margins of
conservatism.
84. An acceptable quantification process could include the use of
either a rating grade mapping or obligor mapping approach. However, in
the absence of other compelling considerations, banks should use
obligor mapping because rating grade mapping has the following
drawbacks:
First, default probabilities are nonlinear using many
estimation approaches. As a result, the typical obligor's default
probability using the rating grade mapping approach is often lower than
the mean of the individual obligor default probabilities using the
obligor mapping approach.
Second, a hypothetical obligor with a rating grade's
average characteristics may not represent well the risks presented by
the rating grade's typical obligor, since different types of obligors
might end up in the same grade.
85. A bank electing to use rating grade mapping instead of obligor
mapping should be especially careful in choosing a ``typical'' obligor
for each grade. Doing so generally requires that the bank examine the
actual distribution of obligors within each rating grade, as well as
the characteristics of those obligors. Banks should be aware that
different statistical measures (such as mean, median, or mode) will
produce different results, and may result in materially different PDs
for a particular rating grade. The bank should justify its choice and
should have a clear and consistent policy toward the calculation.
86. In addition to the general requirement to compare elements that
the reference data and portfolio have in common, both obligor and
rating grade mappings should also take into account differences in
rating philosophy (as commonly revealed through analysis of rating
migration) between any ratings embedded in the reference data set and
the bank's own rating regime.

D. Application

87. The application stage produces final PD estimates that will be
used in the determination of risk-based capital requirements. This
stage is expected to be relatively mechanical for most retail
portfolios, except when the bank uses multiple reference data sets or
multiple estimation methods or significantly changes its segmentation
system over time. Judgmental adjustments to the risk parameter
estimates should be rare for retail portfolios.
88. This stage may be somewhat more involved for wholesale
portfolios. After the bank applies the PD estimation method to its
existing exposures using the mapping process, adjustments to the raw
results derived from the estimation stage may be appropriate to obtain
final rating grade PD estimates. For example, the bank might aggregate
individual obligor default probabilities to the rating grade level or
otherwise produce a rating grade PD estimate, or might smooth results
because a rating grade's PD estimate was higher than a lower quality
grade. The bank should explain and support all such adjustments when
documenting its quantification process.
89. The bank must ensure that the PD applied in the determination
of risk-based capital requirements for each wholesale exposure or
retail segment is not less than the regulatory floor of 0.03 percent,
except for exposures to or directly and unconditionally guaranteed by a
sovereign entity, the Bank for International Settlements, the
International Monetary Fund, the European Commission, the European
Central Bank, or a multi-lateral development bank, to which the bank
assigns a rating grade associated with a PD of less than 0.03 percent.

Example

A bank uses external data to estimate long-run average PDs for each
wholesale rating grade. The resulting PD estimate for Grade 2 is
slightly higher than the estimate for Grade 3, even though Grade 2 is
supposedly of higher credit quality. The bank uses statistics to
demonstrate that this anomaly occurred because defaults are rare in the
highest quality rating grades. The bank judgmentally adjusts the PD
estimates for Grades 2

[[Page 9108]]

and 3 to preserve the expected relationship between obligor rating
grade and PD, but demonstrates that total risk-weighted assets across
both rating grades using the adjusted PD estimates are no less than
total risk-weighted assets based on the unadjusted estimates, using a
typical distribution of obligors across the two rating grades. An
adjustment such as given in this example is consistent with this
guidance.

III. Expected Loss Given Default (ELGD) and Loss Given Default (LGD)

90. The ELGD and LGD quantification process is similar to the PD
quantification process. Once a bank identifies and obtains a reference
data set of defaulted exposures and relevant descriptive
characteristics, it selects a technique to estimate the credit-related
economic loss per dollar of EAD for a defaulted wholesale exposure with
a given array of characteristics or for all defaulted exposures in a
reference retail segment. The reference data should then be mapped to
the bank's existing exposures so that the bank can estimate ELGD and
LGD for each wholesale exposure, loss severity rating, or retail
segment, as the case may be. Finally, application adjustments may be
made to obtain final risk parameter estimates.
91. The ELGD is an estimate of the default-weighted average
economic loss (where individual defaults receive equal weight), per
dollar of EAD, the bank expects to incur in the event that the obligor
were to default within a one-year horizon over a mix of economic
conditions, including economic downturn conditions. LGD estimates
reflect the estimate of the economic loss per dollar of EAD that the
bank expects to incur if the obligor were to default within a one-year
horizon during economic downturn conditions. Accordingly, ELGD
estimates incorporate a mix of economic conditions (including economic
downturn conditions) while LGD estimates reflect losses that would
occur during economic downturn conditions (i.e., conditions in which
aggregate default rates are significantly higher than average). LGD
estimates cannot be less than ELGD estimates for a particular wholesale
exposure or retail segment.

A. Data

92. Unlike reference data sets used for PD estimation, data sets
for ELGD and LGD estimation contain only exposures to defaulted
obligors. At least two broad categories of data are necessary to
produce ELGD and LGD estimates.
93. First, factors must be available to group the defaulted
exposures in meaningful ways. Wholesale exposures are grouped by
characteristics that are likely to be important in predicting loss
rates--for example, whether an exposure is secured and the type and
coverage of collateral, the seniority of a claim, economic conditions,
and the obligor's industry. The retail segmentation system may separate
exposures by borrower and exposure risk characteristics predictive of
loss severity or by an ELGD or LGD score--for example, credit score,
business line, credit line utilization for unsecured credit lines, or
loan-to-value for mortgage loans.
94. Although the characteristics identified above have been found
to be significant in academic and industry studies, a bank's
quantification of ELGD and LGD certainly need not be limited to these
variables. For example, a bank might examine many other potential
drivers of loss severity, including geographic location, exposure type,
tenor of the relationship, wholesale obligor size, or retail borrower
wealth.
95. Second, data must be available to calculate the realized
economic loss of each defaulted exposure. Such data may include the
market value of the wholesale exposure at default or the market value
for a pool of charged-off retail exposures, which can be used to proxy
a recovery rate. Alternatively, economic loss may be calculated for
wholesale exposures and retail segments using the EAD (including
principal and accrued but unpaid interest or fees), losses on the sale
of repossessed collateral, direct workout costs, an appropriate
allocation of indirect workout costs, the timing and amount of
subsequent recoveries, and the discount rate appropriate to the risk of
the exposure.
96. Data should be comprehensive. All cash flow data should include
dollar amounts and dates. For example, roll to charge-off or non-
accrual, number of days past due, or bankruptcy status should be
captured if these factors are expected to be significant for ELGD and
LGD. Recovery data should include direct payments from the obligor/
borrower, the sale of the collateral or realized income from the sale
of defaulted exposures. Supportable net realizable value of defaulted
exposures and collateral acquired in default that has yet to be
disposed of can be included as part of the reference data. Cost data
comprise the material direct and indirect costs associated with
workouts and collections.
97. Ideally, loss severity should be measured once all recoveries
and costs have been realized. However, a bank may not resolve a
defaulted wholesale obligation for many years following default. For
practical purposes, banks relying on actual recovery data may choose to
close the period of observation before this final resolution occurs--
that is, at a point in time when most costs have been incurred and when
recoveries are substantially complete. Banks that do so should estimate
the additional costs and recoveries that would likely occur beyond this
period and include them in ELGD and LGD estimates. A bank should
document its choice of the period of observation, and how it estimated
additional costs and recoveries beyond this period.
98. Reference data sets may contain individual loss observations
that are less than 0 percent or greater than 100 percent. However,
extra diligence is required for loss realizations reported to be less
than 0 percent to ensure that economic loss is being measured.\4\
---------------------------------------------------------------------------

\4\ Banks are not required to truncate the loss severity data
used to derive ELGD and LGD parameter estimates. Nonetheless, final
ELGD and LGD estimates should not be negative or zero. Readers are
directed to the discussion of the application stage for ELGD and LGD
in a later section of this guidance for elaboration of related
supervisory expectations regarding ELGD and LGD quantification.
---------------------------------------------------------------------------

Example 1
A bank with internal wholesale data covering the period 1997
through 2003 relies primarily on these data for quantifying its
wholesale risk parameter estimates. The bank will continue to extend
this internal data set as time progresses. Its current policy mandates
that credits be resolved within two years of default, so the data set
contains the most recent data available. Although the existing data set
satisfies the seven-year requirement for ELGD quantification, the bank
is aware that it does not include appropriate economic downturn
conditions for certain portfolios. In comparing its loss estimates with
rates published in external studies that cover longer time periods and
include economic downturn periods for similarly stratified data, the
bank observes that its estimates are systematically lower. To be
consistent with the NPR, the bank must reflect economic downturn
conditions in its ELGD estimates, as such estimates represent the loss
the bank expects to incur in the event that the obligor of the exposure
defaults within a one-year horizon over a mix of economic conditions,
including economic downturn conditions.
Example 2
A bank develops evidence that during the 2001 to 2003 period of
highly

[[Page 9109]]

elevated mortgage prepayments owing to record-low interest rates,
losses were likely deferred in mortgage portfolios because of readily
available refinancing options. The bank also concludes that losses on
foreclosures during this period were limited because housing prices
generally increased throughout the United States despite a recession.
However, the bank notes that a similar (though not as substantial) drop
in interest rates occurred in the early 1990s, during a recession that
was characterized by a sharp drop in property values in many parts of
the country. Because the recent period may have been atypical, the bank
chooses to weigh older data (perhaps from external sources) more
heavily than recent data for ELGD quantification. Such an approach to
weighting the data would be consistent with this guidance.
99. The following examples illustrate how definitions of default in
the reference data that are different from the IRB definition
complicate ELGD estimation.
Example 1
For ELGD estimation, a bank includes in its default database only
exposures that actually experience a loss and excludes exposures for
which no loss was recorded (effectively applying a ``loss given loss''
concept). This practice is not consistent with the NPR because the
bank's default definition is narrower than the IRB definition.
Example 2
A bank relies on two external data sources to estimate ELGD because
it lacks sufficient internal data. Both sources use definitions that
deviate from the IRB definition; one uses ``bankruptcy filing'' to
indicate default while another uses ``missed principal or interest
payment.'' Although the different definitions result in significantly
different loss estimates for the loss severity ratings defined by the
bank, the bank simply combines the external data sources in deriving
its ELGD estimates. The bank's practice is not consistent with the
guidance. The bank should determine the impact on the parameter
estimates of the different definitions used in the reference data sets.
For minor definitional differences, the bank may be able to make
appropriate adjustments during the estimation stage. If the differences
are difficult to quantify, an appropriate level of conservatism should
be applied or the bank should seek other sources of reference data.

B. Estimation

100. Estimation of ELGD and LGD is the process by which
characteristics of the reference data are related to loss severity.
Relevant characteristics for wholesale exposures might include
variables such as seniority, collateral, exposure type, or business
line. For retail portfolios, as discussed in Chapter 3, a common ELGD
or LGD might be applied so long as the estimate is accurate for each
segment and exposures within those segments have homogenous risk
characteristics.
101. In estimating ELGD and LGD, banks should identify drivers of
loss. One estimation approach is to separate the reference defaults
into groups that do not overlap, for example, by business line,
predominant collateral type, or loan-to-value coverage. The ELGD
estimate for each category could then be based on the default-weighted
average economic loss per dollar of EAD, and LGD could be similarly
derived using data from periods of economic downturn conditions. In
most cases, it will not be acceptable to calculate ELGD as the average
of annual loss rates (where loss severity for each year receives equal
weight). Years with a relatively large number of defaults generally
provide richer data for measuring loss severity compared to years when
there are relatively few defaults. Thus, in general, years with a
relatively large number of defaults contribute more information and
should be appropriately weighted when estimating ELGD. In addition, if
years of relatively low default rates typically have relatively low
loss severity rates, then using the average of annual loss rates will
tend to understate ELGD.
102. A statistical model, for example a regression model using data
on loss severity and some quantitative measures of the loss drivers,
could be applied to estimate ELGD or LGD. Any model must meet the
requirements for validation discussed in Chapter 7. Other methods for
estimating ELGD or LGD could also be appropriate.
Example 1
To estimate ELGD, a bank uses only internal data. Although
information on security and seniority is lacking, no adjustments for
the lack of data are made in the estimation or application steps. This
practice is not consistent with the guidance because there is ample
external evidence that security and seniority are relevant in
estimating ELGD. A bank with such limited internal default data must
incorporate external or pooled data.
Example 2
A bank groups observed defaults in the reference data according to
geographic region and collateral. One of the pools has too few
observations to produce a reliable estimate. By augmenting the loss
data with data from similar geographic regions with the same
collateralization, the bank derives an ELGD estimate. Provided the bank
can adequately support the process used to establish the relevance of
the data from other regions, this approach would be consistent with the
guidance.
103. Banks should evaluate adjustments in the ELGD and LGD
estimation process to ensure that they do not result in an overall bias
toward lower estimates of risk.
Example 1
A bank is unable to properly discount a segment's cash flows
because the reference data do not include the dates of recoveries (and
related costs). However, the bank has sufficient internal data to
calculate economic loss for defaulted exposures in another portfolio
segment. The bank can support the assumption that the timing of cash
flows for the two segments is comparable. Using the available data and
informed judgment, the bank adjusts the estimates for the data-poor
segment to reflect how much the measured loss without discounting
should be grossed up to account for the time value of money and the
distressed nature of the assets. This practice is consistent with the
guidance.
Example 2
Collateral is one factor used by a bank to estimate ELGD. Although
the available internal and external data indicate a higher ELGD, the
bank judgmentally assigns a loss estimate of 2 percent for exposures
secured by cash collateral. The bank contends that the lower estimate
is justified because it expects to do a better job of following
policies for monitoring cash collateral in the future. Such an
adjustment is generally not appropriate because it is based on
projections of future performance rather than realized experience. This
practice generally is not consistent with the guidance.
S 4-19 ELGD and LGD estimates must be empirically based and must
reflect the concept of ``economic loss.''
104. ELGD and LGD are based on the concept of economic loss, which
is a broader, more inclusive concept than accounting measures of loss.
Broadly speaking, economic loss incorporates the mark-to-market loss of
value of a defaulted exposure and collateral,

[[Page 9110]]

including material accrued but unpaid interest or fees, and all
material direct and indirect costs of workout and collections, net of
recoveries. Losses, recoveries, and costs should all be discounted to
the time of default. See the fourth paragraph of the LGD definition in
section 2 of the NPR for the definition of economic loss.
105. Banks often estimate loss using data on costs and recoveries
from workouts of defaulted exposures; however, appropriate estimates
may sometimes be developed using market data on defaulted exposures.
106. The scope of cash flows included in recoveries and costs is
meant to be broad. Material recovery costs that can be clearly
attributed to certain exposures, plus material indirect cost items,
must be reflected in the bank's ELGD and LGD assignments for those
exposures. Recovery costs include the costs of running the bank's
collection and workout departments and the cost of outsourced
collection services directly attributable to recoveries during a
particular time or for a particular segment or portfolio, at as
granular a level as possible. Recovery costs also include an
appropriate percentage of other ongoing costs, such as overhead.
107. Recovery costs can be allocated using the same principles and
techniques of cost accounting that are usually used to determine the
profit and loss of activities within any large enterprise. Collection
and workout departments, however, may cover services not 100 percent
attributable to defaulted exposures. For example, the same call center
may manage reminder calls to delinquent retail accounts, many of which
will never default, as well as collection calls. The expenses for these
functions should be differentiated to allocate only collection expenses
attributable to defaulted exposures.
108. When costs cannot be allocated because of data limitations,
the bank may assign those costs using broad averages. For example, the
bank could allocate costs by outstanding dollar amounts of loans,
including accrued but unpaid interest or fees at the time of default,
within each rating grade or segment.
109. All costs, and recoveries should be discounted to the time of
default using the time interval between the date of default and the
date of the realized loss, incurred cost, or recovery; this calculation
should be on a pooled basis for retail exposures. The discount rate
should reflect the costs of holding defaulted assets over the workout
period, including an appropriate risk premium.\5\ As such, an
appropriate discount rate will reflect the uncertainty of recovery cash
flows and the presence of undiversifiable risk.
---------------------------------------------------------------------------

\5\ This implies that the appropriate discount rate for IRB
purposes likely will differ from the interest rate required under
FAS 114 for accounting purposes.
---------------------------------------------------------------------------

S 4-20 ELGD estimates must reflect the expected default-weighted
average economic loss rate over a mix of economic conditions, including
economic downturn conditions.
110. For wholesale exposures, ELGD is the best estimate of the
economic loss per dollar of EAD that would be incurred in the event
that the obligor (or a typical obligor in the applicable loss severity
rating) defaults within a one-year horizon. For retail segments, ELGD
is the best estimate of the economic loss per dollar of EAD that would
be incurred on the segment from exposures that default within a one-
year horizon.
111. ELGD estimates should reflect expected long-run loss
severities and should represent an estimate of the default-weighted
average economic loss as observed over a complete credit cycle. Similar
to PD quantification, loss severity data must include periods of
economic downturn conditions or the bank must adjust its estimates to
compensate for the lack of data from economic downturn conditions.
Economic Downturn LGD
S 4-21 LGD estimates must reflect expected loss severities for
exposures that default during economic downturn conditions, and must be
greater than or equal to ELGD estimates.
112. In addition to ELGD, banks must quantify LGD in a way that
appropriately reflects downturn conditions for each wholesale exposure
and for each retail segment. LGD is an estimate of the percentage of
EAD that would be lost in the event of a default during the one-year
horizon, if that default were to occur during a period of economic
downturn. Under economic downturn conditions default rates are higher
than under more neutral conditions, and LGD estimates must reflect
expected loss rates resulting from downturn conditions.
113. If a bank obtains supervisory approval to use its own
estimates of LGD for an exposure subcategory, it must use internal
estimates of LGD for all exposures within that subcategory. Within
retail, the three subcategories are residential mortgage, QRE, and
other retail, while within wholesale credit the two subcategories are
high-volatility commercial real estate (``HVCRE'') and all other
wholesale.
114. If a bank has not received prior written approval from its
primary Federal supervisor to use internal LGD estimates, the bank must
use the supervisory mapping function. The supervisory mapping function
calculates LGD by taking 92 percent of the ELGD and adding eight
percentage points to that result.
115. The LGD estimate for an exposure or segment may never be less
than the ELGD assigned to that exposure or segment, and must be higher
than ELGD if a higher estimate is appropriate based on robust analysis
of the impact of economic downturn conditions on loss severity. The LGD
for some exposures or segments may be substantially higher than ELGD,
while for others it may not.
S 4-22 A bank may use internal estimates of LGD only if supervisors
have previously determined that the bank has a rigorous and well-
documented process for assessing the effects of economic downturn
conditions on loss severities and for producing LGD estimates
consistent with downturn conditions. The process must appropriately
identify downturn conditions, identify the impact of economic downturn
conditions on loss rates, identify any material adverse correlations
between drivers of default and LGD, and incorporate any identified
correlations and/or downturn impact into the quantification of LGD.
116. In determining whether to approve a bank's use of internal
estimates of LGD for a subcategory of exposure, supervisors will
consider whether the process for generating LGD estimates is consistent
with the supervisory standard above and produces internal estimates of
LGD that are reliable and sufficiently reflective of economic downturn
conditions.
117. To meet the requirements for internal estimates, a bank should
satisfy the following conditions:
The bank should establish policies to govern the process
for identifying downturn conditions and generating LGD estimates. The
policy should address:
--Criteria for identifying downturn conditions;
--The level of product and geographic scope to be used for
identification of economic downturn conditions;
--Data requirements;
--Methods to determine the impact of downturn conditions on loss
severities; and
--Quantification methodologies to produce LGD estimates.
The bank must have a rigorous quantification process
(covering all stages of quantification, including

[[Page 9111]]

reference data, estimation, mapping, and application) for estimating
LGD. The bank must be able to identify economic downturns, determine
the impact of downturn conditions on loss severities, and appropriately
quantify LGD.
118. In principle, quantification of LGD is no different from
quantification of any other IRB risk parameter. The target of the
quantification process is different, but the stages of quantification
(data, estimation, mapping, and application) apply to LGD just as they
do to other risk parameters such as PD and ELGD. However, the details
necessarily differ; the remainder of this section discusses supervisory
standards related to quantification of own-estimates of LGD to reflect
economic downturn conditions.

Identifying Economic Downturn Conditions

119. To identify periods of downturn conditions, the bank should
first articulate both product and geographic scope, since default rates
for different types of exposures in different areas are themselves
likely to differ. At the product level, the highest level of
aggregation is a given IRB subcategory of exposure (i.e., residential
mortgage, QRE, other retail, HVCRE, and all other wholesale). Thus, for
example, downturn conditions for wholesale exposures other than HVCRE
are defined as periods of high default rates for non-HVCRE wholesale
exposures in general. A bank may choose to use lower levels of
aggregation in order to achieve better measurement of actual credit
risk and greater risk sensitivity. For example, a bank with an industry
concentration in a subcategory of exposures (such as corporate
exposures to technology companies) may find that information relating
to a downturn in that industry sector may be more relevant for the bank
than a general downturn affecting many regions or industries.
120. The geographic scope for identification of economic downturn
conditions is the geographic ``footprint'' of the bank within an
exposure subcategory, that is, the geographic area from which exposures
of each type are drawn (or can be expected to be drawn customarily).
This ``footprint'' need not be the same for each subcategory of
exposures. Banks are not required to further subdivide with regard to
geography; for example, if a bank's HVCRE exposures are drawn from two
distinct regions such as the Southeast and the Northeast, they may
define a downturn in HVCRE as a period of significantly above-average
default rates in HVCRE for the two regions jointly, rather than
considering each separately. Nonetheless, as is the case with product
scope, banks are permitted to further subdivide geographically if they
choose to do so.
121. The exception to the ``footprint'' scope is that separate
countries must be treated separately. For example, a bank with
residential mortgage exposures in the United States and Japan must
separately identify the conditions under which residential mortgage
default rates would be significantly higher than average in each
national jurisdiction.
122. Given these requirements for product and geographic scope,
downturn conditions with respect to a wholesale exposure or retail
segment are defined as those conditions under which the aggregate
default rate for the exposure's wholesale or retail exposure
subcategory (or subdivision of such subcategory selected by the bank)
within the related geographic footprint and/or jurisdiction (or finer
subdivision selected by the bank) would be significantly higher than
average.
123. It may be useful to distinguish this definition of economic
downturn from other definitions that might seem reasonable. For
example, an economic downturn for purposes of LGD estimation is not
defined as a period of high loss severity, that is, a period in which
realized losses given default are high. Loss severities may be high
during an economic downturn--indeed, that is the primary motivation for
the separate estimation of economic downturn LGD--but this is not the
defining characteristic; high realized loss severity rates do not
define a downturn. Similarly, economic downturns are not defined as
periods of depressed collateral values, although collateral values may
be low when default rates are high. Finally, economic downturn
conditions for purposes of LGD estimation are not defined as periods of
poor economic performance as determined by other measures such as GDP
growth or other traditional measures of business conditions and
economic climate. Traditional measures of economic activity may indeed
show weakness during periods corresponding to ``economic downturn
conditions'' as defined for purposes of LGD estimation, but a period of
weak economic activity does not in and of itself indicate the existence
of economic downturn conditions as defined in the NPR. Economic
downturn conditions are identified only through reference to default
rates for exposure subcategories within relevant geographic regions.

Estimation of LGD

124. Once relevant downturn conditions are identified, a bank must
determine the impact of such conditions on loss severities and
construct appropriate estimates of LGD under economic downturn
conditions for each wholesale loss severity rating grade or exposure
and each retail segment. LGD should be the empirically based best
estimate of the loss severity as a percentage of exposure if the
obligor were to default during economic downturn conditions. Note that
although estimates are empirically based, the purpose of quantification
is not to measure past patterns and dependencies, but to generate
predictions of likely future outcomes.
125. Banks may choose to focus the quantification process on LGD
directly. However, in many cases it may be more practical to estimate
the extent to which loss rates can be expected to exceed ELGD under
economic downturn conditions, through estimation of the difference
(LGD-ELGD) or estimation of the percentage increase in the loss rate,
or perhaps through some other translation of ELGD into LGD. In that
case, the result of one estimation process--that for ELGD--is used an
input to the LGD estimation process, and any evaluation of the
robustness of LGD estimates would have to adequately consider the
potential modeling error and estimation error introduced by their
reliance on ELGD as a key input.
126. Identification of the impact of economic downturn conditions
on LGD, and incorporation of that impact into LGD estimates, requires
suitable design of all stages of the quantification process. No single
approach is presumed to be correct, and there are many alternative
approaches that, if properly carried out, could satisfy the supervisory
requirements for use of internal estimates of LGD. Several examples,
while not intended to be exhaustive, can serve to illustrate the point.
Example 1
A bank estimates a relationship between loss rates and a set of
independent variables or risk drivers that is robust over periods
covering a wide range of conditions, including economic downturns. The
bank determines that the main impact of an economic downturn on LGD
arises through changes in certain risk drivers (such as collateral
values) under economic downturn conditions. The bank quantifies LGD
through a process similar to a stress test, with the

[[Page 9112]]

identified drivers of loss severity stressed to the values they would
assume under economic downturn conditions, based on historical
observations.
Example 2
A bank conducts rigorous analysis to construct a model linking risk
drivers for LGD to variables that characterize economic downturn
conditions, including underlying economic variables and the way those
variables tend to change in a downturn. The bank uses that model to
directly simulate the impact of downturn conditions on LGD rather than
using downturn values for the variables that tend to determine loss
severity rates under more normal conditions.
Example 3
A bank determines that the impact of economic downturn conditions
on LGD arises from a fundamental change in the relationship between
risk drivers and LGD during a downturn. That is, the bank finds that
loss severities rise in a downturn because certain risk drivers or
variables that have an impact on losses, such as collateral type or
seniority, have a different quantitative influence on loss severity
during a downturn than during other periods. The bank estimates a
relationship between loss severity rates and risk driving variables
using data from periods of economic downturn conditions.
The approaches briefly described in the examples above also require
careful consideration of appropriate mapping, since use of an estimated
relationship between LGD and any other variables or risk drivers would
require mapping of currently observed values of those variables for
exposures, rating grades, or segments to the corresponding values of
those drivers during economic downturn conditions.
Example 4
A bank conducts a rigorous comparison of average recovery rates
with recovery rates observed during appropriately identified downturn
periods, finding that the impact of economic downturn conditions can be
characterized as a fixed, across-the-board reduction in recovery rates.
The bank is able to provide evidence that this relationship is
statistically robust, and superior to other approaches to LGD
quantification. The bank uses the implied, empirically based
adjustments in the application stage of the LGD quantification process
to reflect the impact of economic downturns.

C. Mapping

127. ELGD and LGD mapping follows the same general standards as PD
mapping. A mapping should be plausible and should be based on a
comparison of loss severity-related data elements common to both the
reference data and the existing portfolio. The mapping approach is
expected to be unbiased, such that the exercise of judgment does not
consistently lower ELGD and LGD estimates. The default definitions in
the reference data and the existing portfolio of exposures should be
comparable, as should be the methods of recovery. The mapping process
should be updated regularly, well-documented, and independently
reviewed.
128. Mapping involves matching exposure-specific data elements
available in the existing portfolio to the factors in the reference
data set used to estimate expected loss severity rates. Examples of
factors that influence loss rates include collateral type and coverage,
seniority, industry, and location. Reference data often do not include
workout costs and will often use different discount rates. Judgmental
adjustments for such differences should be well-documented and
empirically based to the extent possible.
129. Different data sets and different approaches to ELGD and LGD
estimation may be appropriate, especially for different business
segments or product lines. Each mapping process must be specified and
documented.

D. Application

130. At the application stage, banks apply the ELGD and LGD
estimation framework to their existing portfolio of credit exposures.
This step might require banks to aggregate retail segment-level ELGD
and LGD estimates derived from more granular reference data into
estimates applicable to broader segments in the existing portfolio, to
aggregate individual wholesale ELGD and LGD estimates into discrete
loss severity ratings, or to combine estimates.
131. The inherent variability of recovery, due in part to
unanticipated circumstances, demonstrates that no exposure type is
risk-free, regardless of structure, collateral type, or collateral
coverage. The existence of recovery risk dictates that the application
stage should result in an ELGD and LGD above 0 percent. As was
discussed in the data section, a data set may include observations with
negative realized loss rates. Although these transactions may be
included in the ELGD and LGD estimation process, no exposure or rating
grade should be assigned an ELGD or LGD estimate that is less than or
equal to zero percent for purposes of risk-based capital calculations.
132. The LGD (i.e., the economic downturn loss estimate) for each
segment of residential mortgage exposures (other than segments of
residential mortgage exposures for which all or substantially all of
the principal of each exposure is directly and unconditionally
guaranteed by the full faith and credit of a sovereign entity) may not
be less than 10 percent.

IV. Exposure at Default (EAD)

133. As EAD quantification is somewhat less advanced than other
areas of quantification, it is addressed in somewhat less detail in
this guidance. Banks should continue to innovate in the area of EAD
estimation, refining and improving practices in EAD measurement.
134. A bank must provide an estimate of EAD for each exposure in
its wholesale portfolio and for each segment in its retail portfolio.
For fixed exposures like term loans, EAD is equal to the carrying value
unless there is an allocated transfer risk reserve for the exposure or
the exposure is held available-for-sale. For variable exposures such as
loan commitments, revolving exposures and other lines of credit, EAD
for each exposure includes the outstanding balance at the point of
capital measurement plus an estimate of net additions to the total
balance due, including estimated future additional advances of funds,
including principal and accrued but unpaid interest and fees that are
likely to occur before and after default assuming that the exposure
were to default within a one-year horizon. The estimate of net
additions must reflect what would be expected during a period of
economic downturn conditions.
135. Refer to Chapter 9 of this guidance and the NPR for guidance
on quantifying EAD for OTC derivative contracts, repo-style
transactions, and eligible margin loans.
136. For retail and wholesale exposures in which only the drawn
balance has been securitized (e.g., a typical credit card
securitization), the bank must reflect its share of the exposures'
undrawn balances in EAD. The undrawn balances of exposures for which
the drawn balances have been securitized must be allocated between the
seller's and investors' interests on a pro rata basis, based on the
proportions of the seller's and investors' shares of the securitized
drawn balances.

[[Page 9113]]

137. A number of methods can be used to estimate EAD. One common
approach is based on loan equivalent exposure (``LEQ''), which is
typically expressed as a percentage of the current total committed but
undrawn amount.\6\ EAD can thus be represented as:
---------------------------------------------------------------------------

\6\ This is frequently referred to as the credit conversion
factor (CCF).
---------------------------------------------------------------------------

EAD = current outstanding + LEQ x (total committed - current
outstanding)

A. Data

138. Like reference data sets used for ELGD and LGD estimation, EAD
data sets typically contain only exposures to defaulted obligors,
although data on troubled non-defaulted obligors also could be
informative in estimation of these parameters. The same reference data
are often used for ELGD, LGD and EAD quantification. In addition to
relevant descriptive characteristics (referred to as ``drivers'') that
can be used in estimation, the reference data must include historical
information on the exposure (both drawn and undrawn amounts) as of some
date prior to default, as well as the drawn exposure at the date of
default.
139. As discussed below under ``Estimation,'' EAD estimates may be
developed using either a cohort method or a fixed-horizon method. The
bank's reference data set should be structured so that it is consistent
with the estimation method the bank applies. Thus, the data should
include information on the total commitment, the undrawn amount, and
the exposure drivers for each defaulted exposure, either at fixed
calendar dates for the cohort method or at a fixed interval prior to
the default date for the fixed-horizon method.
140. The reference data should contain variables that enable the
bank to group the exposures to defaulted obligors in meaningful ways.
Banks should consider how a wide range of obligor and exposure
characteristics affect EAD. Examples include time from origination,
time to expiration or renewal, economic conditions, risk rating
changes, or certain types of covenants. Some potential drivers may be
linked to a bank's credit risk management skills, while others may be
external to the bank.

B. Estimation

141. To derive EAD estimates for lines of credit and loan
commitments, characteristics of the reference data are related to
additional drawings on an exposure up to and after the time a default
event is triggered. Estimates of any additional extensions of credit
expected by a bank subsequent to realization of a default event should
be factored into the quantification of EAD. The estimation process
should be capable of producing a plausible average estimate of draws on
unused available credit (e.g., LEQ) to support the EAD calculation for
each exposure or retail segment.
Example
A bank determines that a business unit forms a homogeneous pool for
the purposes of estimating EAD. That is, although the exposures in this
pool may differ in some respects, the bank determines that the credit
lines share a similar drawdown experience in default. The bank should
provide reasonable support for this pooling through analysis of lending
practices and available internal and external data.
142. Two broad types of estimation methods are used in practice,
the cohort method and the fixed-horizon method.
143. Under the cohort method, a bank groups defaults into discrete
calendar periods, such as a year. A bank may use a longer period if it
provides a more accurate estimate of future gross losses arising from
undrawn exposures. For retail exposures, the bank estimates the
relationship between the balances for defaulted exposures at the start
of the calendar period and at the time at default. For wholesale
exposures, the bank estimates the relationship between the drivers as
of the start of that calendar period and LEQ for each exposure to a
defaulter. For each exposure category or retail segment (that is, for
each combination of exposure drivers identified by the bank), an LEQ
estimate could be based on the mean additional drawing for exposures in
that category or segment as a proportion of the undrawn lines. One
approach to combine results for multiple periods into a single long-run
average would be weighting the period-by-period means by the proportion
of defaults occurring in each period, so that each default receives
equal weight.
144. Under the fixed-horizon method, for each defaulted exposure
the bank compares additional drawdowns to the gross committed but
undrawn amount that existed at a fixed date prior to the date of the
default (the horizon). For example, the bank might base its estimates
on a reference data set that supplies the actual amount outstanding and
any additional extensions along with the drawn and undrawn amounts (as
well as relevant drivers) at a date a fixed number of months prior to
the date of each default, regardless of the actual calendar date on
which the default occurred. Estimates of LEQ for wholesale exposures
are computed from the average drawdown proportions that occur over the
fixed-horizon interval, for whatever combinations of the driving
variables the bank has determined are relevant for explaining and
predicting EAD. LEQs estimated for retail segments are computed from
the increase in balances that occur over the fixed-horizon interval for
the defaults in the segment relative to their credit limits. The time
interval used for the fixed-horizon method should be sufficiently long
to capture the additional drawdowns generated by exposures that default
during the year for which the risk parameters are being estimated. In
particular, the appropriate fixed interval will be influenced by
charge-off policies. For example, using a six-month time interval for
credit card loans would underestimate EAD.
Special Considerations for Retail EAD Estimation
145. Different methods are used to estimate EAD for open credit
lines. The LEQ method outlined in this guidance is one technique
observed in practice. Other methods directly estimate the defaulted
balances for a segment over a one-year window without taking the
committed line limit into account. These other methods may be
acceptable if the bank could show that the size of the line is not
relevant given the other risk factors used in the analysis.
146. EAD for a segment should accurately estimate the total
exposure at default for the segment. Poor segmentation may result in
inaccurate EADs. For example, if loans within a segment do not have
homogenous risk characteristics because larger exposures are more
likely to default than smaller exposures, then estimated EADs may be
biased downward.
S 4-23 Estimates of additional drawdowns must reflect net
additional draws expected during economic downturn periods.
147. Conceptually, banks should approach EAD quantification in a
fashion parallel to LGD quantification with respect to the potential
for volatility over the economic cycle. Specifically, estimates of net
additional drawdowns should reflect what would be expected during
economic downturn periods. Certain exposure types may not exhibit
cyclical EAD variability; in these cases, use of a long-run default-
weighted average draw proportion used to derive EAD in the IRB risk-
based capital calculation is appropriate. But for exposure types for
which drawdowns are expected to be larger when default rates are
significantly higher than average EAD--estimates

[[Page 9114]]

should take into account this cyclical variability. In such cases, the
estimated draw proportion used to derive the EAD input to the risk-
based capital calculation should exceed the long-run default-weighted
average, and should be the bank's estimate of the net additional
drawdown proportion per default expected during economic downturn
conditions. For this purpose, banks may use averages of EADs observed
during economic downturn periods, forecasts based on appropriately
conservative assumptions, or other similar methods.

C. Mapping

148. If the characteristics that drive EAD in the reference data
are the same as those used for the risk rating or segmentation system
of the bank's existing portfolio, mapping may be relatively
straightforward. However, if the relevant characteristics are not
available in a bank's existing portfolio, the bank will encounter the
same mapping complexities that it does when mapping PD, ELGD, and LGD
in similar circumstances.

D. Application

149. In the application stage, the estimated relationship between
risk drivers and EAD is applied to the bank's existing portfolio.
Multiple reference data sets may be used for EAD estimation and
combined at the application stage, subject to the general standards for
using multiple data sets.
S 4-24 Estimates of additional drawdowns prior to default for
individual wholesale exposures or retail segments must not be negative.
150. Analogous to the prior discussion of ELGD and LGD
quantification, reference data sets used for estimation of additional
drawdowns may contain individual negative drawdown observations and
observations that exceed 100 percent of the undrawn line amount.
Regardless, final estimates of additional drawdowns prior to default
for individual wholesale exposures or retail segments must not be
negative.

V. Maturity (M)

151. A bank must assign an effective maturity (``M'') to each
wholesale exposure in its portfolio; this measure is also referred to
as ``average life.'' In general, M is the weighted-average remaining
maturity, measured in years, of the cash flows that the bank expects
under the contractual terms of the exposure, using the undiscounted
amounts of the cash flows as weights. Alternatively, a bank may apply
the nominal remaining maturity, measured in years, of the exposure. M
is a direct calculation; as such it is not subject to the four stages
of the quantification process.
152. The data required to calculate M are the undiscounted amount
and timing of each remaining contractual cash flow, measured in years
from the date of the calculation. Specifically, M is calculated as the
sum of all time-weighted cash flows, where the weights are equal to the
fraction of the total undiscounted cash flow to be received at each
date.
Example
A bank holds an asset with two remaining contractual cash flows. 33
percent of the total remaining contractual cash flow is expected at the
end of one year and the other 67 percent is expected two years from
today. For risk-based capital purposes, M for this asset could be
calculated as: M = (1 x 0.33) + (2 x 0.67) = 1.67; or simply M = 2,
applying the nominal remaining contractual maturity.
153. The relevant cash flows are the future payments the bank
expects to receive from the obligor, regardless of form; they may
include payments of principal, interest, fees, or other types of
payments depending on the structure of the transaction.
154. For exposures with pre-determined cash flow schedules (fixed-
rate loans, for example), the calculation of the weighted-average
remaining maturity is straightforward, using the scheduled timing and
amounts of the individual undiscounted cash flows. Cash flows
associated with other types of credit exposures may be less certain. In
such cases, the bank should establish a method of projecting expected
cash flows. In general, the method used for any exposure should be the
same as the one used by the bank for purposes of valuation or risk
management. The method should be well-documented and subject to
independent review and approval. A bank should demonstrate either that
the method used is standard industry practice, or that it is widely
used within the bank for purposes other than risk-based capital
calculations. A bank may use its best estimate of future interest rates
to compute expected contractual interest payments on a floating-rate
exposure, but it may not consider expected but non-contractually
required returns of principal when estimating M.\7\
---------------------------------------------------------------------------

\7\ Question 31 in the NPR requests comment on the
appropriateness of permitting a bank to consider prepayments when
estimating M, and on the feasibility and advisability of using
discounted (rather than undiscounted) cash flows as the basis for
estimating M.
---------------------------------------------------------------------------

155. To be conservative, a bank may set M equal to the maximum
number of years the obligor could take to fully discharge the
contractual obligation (provided that the maximum is not longer than
five years, as noted below). This maximum will often correspond to the
stated or nominal maturity of the instrument. Banks should make this
conservative choice (maximum nominal maturity) if the timing and
amounts of the cash flows on the exposure cannot be projected with a
reasonable degree of confidence.
156. For repo-style transactions, eligible margin loans and over-
the-counter derivatives contracts subject to qualifying master netting
agreements, the bank may compute a single value of M for the
transactions as a group by weighting each individual transaction's
effective maturity by that transaction's share of the total notional
value subject to the netting agreement, and summing the result across
all of the transactions.
157. For risk-based capital calculations, the value of M for any
exposure is subject to certain upper and lower limits, regardless of
the exposure's actual effective maturity. The value of M should never
exceed 5 years. If an exposure clearly has a greater effective
maturity, the bank may simply use a value of M = 5 rather than
calculating the actual effective maturity.
158. For most exposures, the value of M should be no less than one
year. For certain short-term exposures that are not part of a bank's
ongoing financing of a borrower and that have an original maturity of
less than one year, M must be greater than or equal to one day or to
the nominal or effective remaining maturity.\8\
---------------------------------------------------------------------------

\8\ Section 31(d)(7) of the NPR defines an exposure that is not
part of a bank's ongoing financing of the obligor as one where the
bank (1) has a legal and practical ability not to renew or roll over
the exposure in the event of credit deterioration of the obligor,
(2) makes an independent credit decision at the inception of the
exposure and at every renewal or rollover, and (3) has no
substantial commercial incentive to continue its credit relationship
with the obligor in the event of credit deterioration of the
obligor.
---------------------------------------------------------------------------

VI. Special Cases and Applications

A. Loan Sales

S 4-25 Quantification of the risk parameters should appropriately
recognize the risk characteristics of exposures that were removed from
reference data sets through loan sales or securitizations.
159. Loan sales and securitizations can pose substantial
difficulties for quantification. For example, PDs might appear
disproportionately low if loans are sold before their inherent long-
term

[[Page 9115]]

risk becomes manifest. Upwardly adjusting risk parameter estimates to
account for sales or securitization would be particularly important for
a bank that sells off primarily exposures that are performing poorly
(for example, delinquent loans).
160. When risk parameter estimates use internal historical data as
reference data sets and the potential bias created by loan sales and
securitizations is material, the bank should identify, by detailed risk
characteristics, the loans sold out of the pool or portfolio. Any
potential bias caused by removing these loans should be corrected.
161. For banks with a history of regularly selling or securitizing
loans of particular types, long-run performance data may be available
from the servicers or trustees. Alternatively, banks may be able to
estimate the performance of the loans sold or securitized by
constructing comparable reference data sets with similar risk drivers
using internal historical data from retained pools or external data.

B. Multiple Legal Entities

162. Some banks have various portfolios that are centrally managed,
even though the exposures are held by multiple legal entities. Certain
activities, including ratings activities, segmentation and
quantification, can be conducted across multiple legal entities.
However, each bank member of the consolidated group must separately
ensure that risk parameters assigned to its credit exposures are
appropriate on a standalone basis. For example, if a particular bank
within the banking group holds exposures with characteristics not
representative of the broader consolidated organization (such as credit
card loans originated through a specific marketing channel or mortgage
loans in a certain location), the bank must ensure the quantification
process produces PDs, ELGDs, LGDs, and EADs that reflect the risk
associated with the exposures within that legal entity.
163. Each bank (including each depository institution) within a
banking group that has centrally managed quantification processes
should perform periodic evaluations to confirm that its risk-based
capital requirements accurately reflect its risk profile.

Appendix A: Illustrations of the Quantification Process for Wholesale
Portfolios

This appendix provides examples to show how the logical framework
described in this guidance, with its four stages (data, estimation,
mapping, and application), applies when analyzing quantification
practices. The framework is broadly applicable--for PD, ELGD, LGD or
EAD; using internal, external, or pooled reference data; for simple or
complex estimation methods--although the issues and concerns that arise
at each stage depend on a bank's approach. These examples are intended
only to illustrate the logic of the four-stage IRB quantification
framework, and should not be taken to endorse the particular techniques
presented in the examples.

Example 1: PD Quantification From Bond Data

A bank establishes a correspondence between its internal
rating grades and external rating agency grades; the bank has
determined that its Grade 4 is equivalent to \3\4\Ba and \1\4\B on the
Moody's scale.
The bank regularly obtains published estimates of mean
default rates for publicly rated Ba and B obligors in North America
from 1970 through 2002.
The Ba and B historical default rates are weighted 75/25,
and the result is a preliminary PD for the bank's internal Grade 4
exposures.
However, the bank then increases the PD by 10 percent to
account for the fact that the Moody's definition of default differs
from the IRB definition.
The bank makes a further adjustment to ensure that the
resulting rating grade PD is greater than the PD attributed to Grade 3
and less than the PD attributed to Grade 5.
The result is the final PD estimate for Grade 4.
Process Analysis for Example 1:
Data--The reference data set consists of issuers of publicly rated
debt in North America over the period 1970 through 2002. The data
description is very basic: Each issuer in the reference data is
described only by its rating (such as Aaa, Aa, A, Baa, and so on).
Estimation--The bank could have estimated default rates itself
using a database purchased from Moody's, but since these estimates
would just be the mean default rates per year for each rating grade,
the bank could just as well (and in this example does) use the
published historical default rates from Moody's; in essence, the
estimation step has been outsourced to Moody's. The 10 percent
adjustment of PD is part of the estimation process in this case because
the adjustment was made prior to the application of the agency default
rates to the internal portfolio data.
Mapping--The bank's mapping is an example of a rating grade
mapping; internal Grade 4 is linked to the 75/25 mix of Ba and B. Based
on the limited information presented in the example, this step should
be explored further. Specifically, the bank should justify the
appropriateness of the 75/25 mix.
Application--Although the application step is relatively
straightforward in this case, the bank does make the adjustment of the
Grade 4 PD estimate to give it the desired relationship to the adjacent
rating grades. This adjustment is part of the application stage because
it is made after the adjusted agency default rates are applied to the
internal rating grades.

Example 2: PD Quantification Using a Merton-Type Equity-Based Model

A bank obtains a 20-year database of North American firms
with publicly-traded equity, some of which defaulted during the 20-year
period.
The bank uses the Merton approach to modeling equity in
these firms as a contingent claim, constructing an estimate of each
firm's distance-to-default at the start of each year in the
database.\9\ The bank then ranks the firm-years within the database by
distance-to-default, divides the ordered observations into 15 equal
groups or buckets, and computes a mean historical one-year default rate
for each bucket. That default rate is taken as an estimate of the
applicable PD for any obligor within the range of distance-to-default
values represented by each of the 15 buckets.
---------------------------------------------------------------------------

\9\ The term ``Merton approach'' is meant to include any
structural credit risk model that values equity as a contingent
claim, as promulgated in the seminal work of Merton and Black and
Scholes.
---------------------------------------------------------------------------

The bank next looks at all obligors with publicly-traded
shares within each of its internal rating grades, applies the same
Merton-type model to compute distance-to-default at quarter-end, sorts
these observations into the 15 buckets from the previous step, and
assigns the corresponding PD estimate.
For each internal rating grade, the bank computes the mean
of the individual obligor default probabilities and uses that average
as the rating grade PD.
Process Analysis for Example 2
Data--The reference data set consists of the North American firms
with publicly-traded equity in the acquired database. The reference
data are described in this case by a single variable, specifically an
identifier of the specific distance-to-default range from the Merton
model (one of the 15 possible in this case) into which a firm falls in
any year.
Estimation--The estimation step is simple: The average default rate
is calculated for each distance-to-default

[[Page 9116]]

bucket. Since the data cover 20 years and a wide range of economic
conditions, including downturn conditions, the resulting estimates
satisfy the long-run average requirement.
Mapping--The bank maps selected portfolio obligors to the reference
data set using the distance-to-default generated by the Merton model.
However, not all obligors can be mapped, since not all have traded
equity. This introduces an element of uncertainty into the mapping that
requires additional analysis by the bank: Were the mapped obligors
representative of other obligors in the same rating grade? The bank
should demonstrate comparability between the publicly-traded portfolio
obligors and those not publicly traded. It may be appropriate for the
bank to make conservative adjustments to its ultimate PD estimates to
compensate for the uncertainty in the mapping. The bank also should
perform further analysis to demonstrate that the implied distance-to-
default for each internal rating grade represented long-run
expectations for obligors assigned to that rating grade; this could
involve computing the Merton model for portfolio obligors over several
years of relevant history that span a wide range of economic
conditions.
Application--The final step is aggregation of individual obligors
to the rating grade level through calculation of the mean for each
rating grade, and application of this rating grade PD to all obligors
in the grade. The bank might also choose to modify PD assignments
further at this stage, combining PD estimates derived from other
sources, introducing an appropriate degree of conservatism, or making
other adjustments.

Example 3: ELGD Quantification From Internal Default Data

For each wholesale exposure in its portfolio, a bank
records collateral coverage as a percentage, as well as which of four
types of collateral applies.
A bank has retained data on all defaulted exposures since
1995. For each defaulted exposure in the database, the bank has a
record of the collateral type within the same four broad categories.
However, collateral coverage is only recorded at three levels (low,
moderate, or high) depending on the ratio of collateral to EAD.
The bank also records the timing and discounted value of
recoveries net of workout costs for each defaulted exposure in the
database.Cash flows are tracked from the date of default to a
``resolution date,'' defined as the point at which the remaining
balance is less than 5 percent of the EAD. A recovery percentage is
computed, equal to the value of recoveries discounted to the date of
default, divided by the exposure at default.
For each cell (each of the 12 combinations of collateral
type and coverage), the bank computes a simple arithmetic mean realized
loss severity percentage as the mean of one minus the recovery
percentage. One of the categories has a mean realized loss severity
percentage of less than zero (recoveries have exceeded exposure on
average), so the bank sets the loss rate at zero.
The bank assigns each exposure in the existing portfolio
to one of the 12 cells based on collateral type and coverage. As its
ELGD, the bank applies the mean historical realized loss severity
percentage for that cell plus an additional five percentage points to
account for the bank's relatively small number of default
observations--in relation to the total number of defaults in the
reference data--from years with the largest default rates.
Process Analysis for Example 3
Data--The reference data is the collection of defaults and
associated loss amounts from the bank's historical portfolio. The
reference data are described by the two categorical variables (level of
collateral coverage and type of collateral). It would be important to
determine whether the defaults over the past few years are comparable
to defaults from the existing portfolio. One would also want to ask why
the bank ignores potentially valuable information by converting the
continuous data on collateral coverage into a categorical variable.
Estimation--Conceptually, the bank is using a loss severity model
in which 12 binary variables--one for each loan coverage/type
combination--explain the percentage loss. The coefficients on the
variables are just the arithmetic mean realized loss figures from the
reference data.
Mapping--Mapping in this case is fairly straightforward, since all
the relevant characteristics of the reference data are also in the data
system for the existing portfolio. However, the bank should determine
whether the variables are being recorded in the same way (for example,
using the same definitions of collateral types), otherwise some
adjustment might be appropriate.
Application--The bank is able to apply the loss severity model by
simply plugging in the relevant values for the existing portfolio (or
what amounts to the same thing, looking up the cell mean). The bank's
assignment of zero ELGD for one of the cells merits special attention;
while the bank represented this assignment as conservative, the
adjustment does not satisfy the supervisory requirement that ELGD must
exceed zero. A larger upward adjustment is necessary. Finally, the
upward adjustment of the mean historical realized loss severity
percentages to account for the relatively small influence of downturn
conditions on the realizations may be appropriate but should be the
outcome of a well-documented decision process supported by empirical
analysis.

Appendix B: Illustrations of the Quantification Process for Retail
Portfolios

Example 1: Quantification of Segment PD

A bank that has been making indirect installment loans through
furniture stores for a number of years. Seven years of internal data
history are available, over a period that includes economic downturn
conditions. The bank has segmented this portfolio over the entire
period in a consistent manner: By bureau score, internal behavioral
score and monthly disposable income. In addition, realized loss
severities for this portfolio have demonstrated significant cyclical
variability over the period covered by the bank's data history.
The bank can empirically show that the participating furniture
retailers, underwriting criteria, and collection practices have
remained reasonably stable over the seven-year period, and the
definition of default has been consistent with the IRB definition.
However, there are frequent changes in the bank's products and in the
borrowing population that affect the risk characteristics of its loans.
Therefore, in quantifying PD the bank assigns more weight to recent
data within the seven-year history. The segment PD is calculated as a
weighted-average of the seven annual realized historical default rates
with the assigned weights progressively lower for the earlier years of
the sample.
Process Analysis for Example 1
As discussed in the main chapter text, quantification processes
need not be explicitly structured as four stages. The four-stage
structure is a conceptual framework, and an analytical and
implementation guide. However, as in other wholesale and retail
examples, this bank's quantification process for PD can be interpreted
in terms of the four-stage framework:

[[Page 9117]]

Data--The bank's own seven-year historical data serve as the
reference data.
Estimation--Estimation consists of calculating a weighted-average
of the annual default rates for each segment in the reference data.
Mapping--Mapping consists primarily of ensuring that the
segmentation schemes and the definition of default are consistent for
the reference data and the bank's existing portfolio.
Application--Application is a matter of using the PD estimate
derived from the reference data for each segment of the existing
portfolio in the risk-based capital formulas.

Example 2: Quantification of PD for First-lien Mortgages

For the past four years, a mortgage lender has begun
making loans in a geographic region that has experienced relatively
lower default rates than the bank had experienced previously. The bank
has fourteen years of internal data history. The bank has analyzed
external mortgage data over the same time period and has identified
risk characteristics that vary by geographic region (e.g., volatility
of house prices in a region). Analysis of the internal reference data
also indicates the importance of these geographic risk factors.
The recent four-year period does not include economic
downturn conditions, so the bank uses its full fourteen years of data
history to reflect downturn conditions. To estimate the PD parameter
over a long run of data history that is also comparable to the current
portfolio, the bank develops a statistical model of the PD based on the
combined internal and external performance history. The variables used
as PD predictors include geographic risk factors such as the volatility
of employment and house prices in the region. The model also includes
borrower risk characteristics (credit score, debt-to-income ratio) and
loan risk characteristics (loan-to-value ratio and tenor). Models are
built for each major product type, such as fixed-rate and adjustable-
rate mortgages (FRM and ARM). The model results are robust according to
standard statistical diagnostic tests, and the models have continued to
perform satisfactorily in validations outside the development sample.
Process Analysis for Example 2
Data--The existing portfolio of first-lien mortgages is segmented
by region, LTV, credit score, tenor, mortgage type (fixed-rate or ARM),
and debt-to-income ratio. For a given segment, the bank has historical
data from its own portfolio. The reference data consist of fourteen
years of internal performance history for loans originated between 1990
and 2003. However, only four years of those internal data cover loans
for the region of the country where the bank currently has a
substantial mortgage portfolio. The internal data are supplemented by
external mortgage data over the full fourteen year history (1990-2003).
Estimation--The bank builds a set of statistical models for
different product types in the portfolio (e.g., FRM and ARM). The
models estimate segment PD as a function of the loan-to-value ratio,
credit score, debt-to-income ratio, loan tenor, and measures the
volatility of regional employment and house prices. The model is
estimated on both the internal and external data.
Mapping--Since the bank shifted a significant amount of its first-
lien mortgage business to a different region of the country with
generally lower default rates starting only in 2000, the bank has only
four years of internal historical data (2000-2003) reflecting the
performance of its mortgage business in the new region. Its older
internal data from 1990 to 1999 represent credit performance in higher-
risk regions. Therefore, the bank does not have sufficient historical
data representing its current mortgage business to map directly,
segment by segment, to estimate the PDs of the existing portfolio on
the basis of the long-run average of the annual default rates of the
comparable segments in the reference data.
Instead, the bank has adopted the technique of building default
prediction statistical models, based on internal and external data from
the entire fourteen year history (before and since the change in the
regional focus of the business in 2000) and using as causal, or
independent, variables the risk drivers of mortgage default, including
regional risk factors.
In this framework, mapping consists of ensuring that the
segmentation systems and definition of default for the two data
historical data sets and the existing portfolio are all consistently
applied in the process of deriving the values of the risk drivers used
as inputs to the statistical models for each segment of the existing
portfolio.
Application--Application consists of using the estimated segment
PDs produced by the statistical models as inputs into the residential
mortgage formula for risk-based capital.

Example 3A: PD Estimation in Dollar Terms

The text defines both the historical default rate and estimated PD
in unit, or account, terms. That is, the number of defaults in a
segment as a proportion of the number of exposures on the balance sheet
at the beginning of the time period under analysis.
Many banks, however, prefer to, or have historically
calculated the default rate in terms of dollar losses. This example
shows that it is possible to derive PDs from dollar loss rates that
will equal the required unit-or account-based default rates. However, a
bank choosing to derive a default rate or PD in this manner must
segment its portfolio properly and in a sufficiently granular manner,
and must ensure that its estimates of EAD are accurate. A credit card
bank directly measures its average dollars of economic loss for each
segment and uses the percentage of dollars defaulted, rather than the
percentage of loans defaulted, to derive the estimate of PD.
Specifically, the ratio employed is the gross dollar loss divided by
the exposure at default (EAD) over a one-year time horizon. The bank
estimates EAD for a segment as the current outstanding balances plus
the expected drawdowns on open lines (including accrued but unpaid
interest and fees at the time of default) if all accounts in the
segment default.
The bank uses the appropriate IRB definition of default.
The bank segments exposures by size of credit line and
credit line utilization as well as by credit score.
The bank regularly validates the accuracy of the EAD
estimates and the consistency of the percentage-of-dollars-defaulted
measure with the account-based default rate.
Process Analysis for Example 3A
Data--The historical reference data consist of measurements of the
outstanding dollar balances and open credit lines for each segment at
the beginning of the year. For accounts that defaulted over the
following year, the gross defaulted balances (including accrued
interest and fees) are also measured. The bank also tracks the number
of accounts open at the beginning of the year in each segment and the
number that default.
Estimation--The bank's PD parameter is estimated as the long-run
average of the one-year realized default rates in dollar terms, that is
the gross balances of defaulted loans divided by the estimated EAD.
The following table shows two segments of card exposures, both with

[[Page 9118]]

estimated default rates of 1 percent as measured from a single year of
the historical reference data in the required manner in terms of
numbers of accounts. In this case, the portfolio was segmented by
average outstanding dollar balance and by average credit line per
account. In addition, the EADs were estimated separately and accurately
\10\ at the segment level, with the result that the dollar-denominated
default rate (gross dollar loss / EAD) is equal to the unit-or account-
measured PD.
---------------------------------------------------------------------------

\10\ In this example, EADs are estimated by way of the LEQ
ratio. As discussed in the main chapter text, this is only one
method of estimating EAD currently in use.
[GRAPHIC] [TIFF OMITTED] TN28FE07.000

However, banks that attempt to estimate default rates or PDs in
dollar terms from their historical reference data are often not as
accurate as the example above, and they arrive at incorrect values.
Most often, this results from insufficiently granular segmentation and
consequent inaccuracy in the estimation of EADs.
Because of the difficulties often encountered in dollar-denominated
default and PD estimates, banks that choose this method should
periodically demonstrate, as part of the validation of their PD
quantification, that the dollar-derived PDs are essentially equal to
those derived using an account-based definition.
Mapping--Mapping involves linking segments in the reference data to
segments in the existing portfolio based on the same drivers of default
risk and drawdowns.
Application--Application is generally a straightforward process,
linking the estimates from segments in the reference data to segments
in the existing portfolio.

Example 3B: Another Case of Dollar Estimates of PD

Once again, a bank prefers to calculate default rates or PDs in
dollar terms. However, this example is based on fixed loans rather than
revolving lines of credit such as the credit cards in the previous
example. Because of a critical segmentation factor, the dollar-based
default rates will rarely if ever equal the correct unit- or account-
based rates.
Using the cohort method for EAD discussed in the main
chapter text, a bank calculates default rates or PDs as the accumulated
gross dollar losses for each segment over the course of a year divided
by the total outstanding dollar balances of the segment at the
beginning of the year.\11\
---------------------------------------------------------------------------

\11\ For simplicity, we assume no amortization of principal over
the course of the year.
---------------------------------------------------------------------------

The bank uses the appropriate IRB definition of default.
The bank's segmentation is not particularly granular and
uses few risk drivers, such that the average balance for those accounts
defaulting tended to be much greater than those that did not.
Process Analysis for Example 3B
Data--The bank has 5 years of internal data history for this
particular portfolio, including numbers and dollar balances of accounts
at the beginning of each year and the number and dollar balances of
defaulted accounts in the course of each year. The data include
economic downturn conditions.
Estimation--Because of the inadequate degree of granularity, the
average January 1 dollar balances of accounts that ultimately defaulted
at any time within the following year typically exceeded the beginning
balances of accounts that did not default. In this case, the dollar-
denominated PD (gross dollar losses divided by total beginning
outstanding balances) consistently overestimated the correct (unit-
based) PD. (See first line of table below, representing a single year
in the historical reference data.) Conversely, if the beginning
balances of accounts that ultimately defaulted were smaller than those
that did not default within the following year, an unusual situation,
this measure consistently underestimated PD. (See second line of
table.)
[GRAPHIC] [TIFF OMITTED] TN28FE07.001

Mapping and Application--Since the estimation stage using this
approach is very likely to be flawed, the quantification should not
proceed to the mapping and application stages. Rather, the bank should
revise its estimation to employ the required unit-or account-based
methods of calculating historical default rates and of estimating PDs
before proceeding to mapping and application.

Example 4: PD Quantification With Adjustments for Seasoning

Realized default rates for a bank's credit card portfolio
exhibit a characteristic time profile by age--a seasoning curve.''
Using data from the past five years, including economic downturn
conditions, the bank estimates the shapes of a family of ``seasoning
curves for specific products, loan characteristics, and borrower credit
quality at origination.
The bank presents analyses indicating that the seasoning
curves can be reasonably specified by borrower credit quality at
origination, and the bank regularly analyzes new cohorts to capture any
changes in the curves over changing economic and market environments.
Systematic changes are incorporated into new seasoning curves.

[[Page 9119]]

The portfolio is segmented by borrower, product, and loan
characteristics, including account age, or ``time on books.''
Process Analysis for Example 4
Data--The reference data consists of five years of portfolio
history, including economic downturn conditions. Supplemental data from
earlier periods for similar products, borrower credit quality at
origination, and loan type permit the estimation of annualized default
rates over the remaining expected life of the loans.
Estimation--It is necessary to calculate two different PDs for each
segment of the portfolio: (1) The long-run average of one-year default
rates from the historical reference data, in the same manner as for
wholesale PDs, and (2) the estimated annualized cumulative default rate
(``ACDR'') over the remaining expected life of the loans in the
segment.
If the ACDR is larger than the long-run average of one-year rates,
then seasoning effects for this segment are deemed to be material, and
the ACDR must be used as the estimated segment PD. \12\
---------------------------------------------------------------------------

\12\ If the bank intends to sell or securitize the exposures in
the segment within a 90-day time frame, the ``wholesale'' PD can be
used even if the ACDR is greater than the long-run average. See the
main chapter text for more details.
---------------------------------------------------------------------------

For example, if the expected remaining life for a segment of cards
that has been on the books for one year, based on historical data for
defaults and attrition, is six years, and the estimated cumulative
default rate over that period is five percent, the ACDR = 5/6 = 0.833.
If, for the same segment, the five-year average of annual default rates
from the historical reference data set is 0.75, then seasoning effects
are deemed to be material and the bank must use 0.833 as the PD
estimate for the coming (2nd) year.
Mapping--The segmentation of the existing portfolio is the same as
that employed for the reference data. This makes the mapping
straightforward along the lines of product and loan characteristics and
borrower credit quality.
Application--At the application stage, either the ACDR or the long-
run average default rate estimated from the reference data is applied
as the estimated PD to the segments in the existing portfolio
respectively, depending on whether or not seasoning effects are deemed
to be material.

Example 5: Guarantees for retail exposures

Guarantees on individual retail exposures

The following are examples of retail guarantees that would qualify
under Standard 4-4:
Consider an exposure of $85,000 secured by property valued
at $100,000. The guarantee covers all losses up to $85,000.
The guarantee covers a pre-specified dollar amount of
losses less than $85,000, for example a first loss position of $20,000.
The guarantee covers a pre-specified pro rata (or
proportional) share of all losses, for example up to 20 percent of the
$85,000 exposure, or $17,000.
The guarantee covers a pre-specified pro-rata or
proportional share of losses, but the pre-specified pro rata share is
defined in terms of the value of the property that secures the
exposure. For example, in the case of the exposure cited above, the
guarantee covers losses up to 12 per cent of the value of the
collateral, or $12,000. (This case represents traditional Private
Mortgage Insurance (PMI) for first lien residential mortgages, where
insurance is typically required for loan-to-value (``LTV'') ratios
above 80 percent; for LTVs up to 85 percent, the typical requirement is
for PMI in an amount equal to 12 percent of the value of the property.)

Guarantees of Multiple Retail Exposures

Guarantees of multiple retail exposures that involve tranching of
the aggregate credit risk of the underlying exposures do not qualify
under Standard 4-4. Such guarantees may qualify for treatment as
synthetic securitizations (provided they meet all other requirements
for securitization treatment) as specified in Standard 4-5 and
succeeding paragraphs. Other guarantees of multiple retail exposures
where there is no tranching of the aggregate credit risk, such as those
in the following examples, may qualify under Standard 4-4:
In some cases, a guarantee covers multiple retail
exposures; however, coverage for each individual exposure meets all the
requirements of Standard 4-4 and succeeding paragraphs and is
consistent with any one of the four examples above. Furthermore, there
are no additional limits, caps, or restrictions of any kind pertaining
to the aggregate coverage. Such guarantees would meet the requirements
as guarantees of individual retail exposures.
--Consider a guarantee that covers multiple retail exposures, with
a total exposure amount of $9.5 million secured by 100 residential
properties each with a value of $100,000, thus an aggregate value of
$10 million. The guarantee covers losses on each exposure up to an
amount that will reduce the LTV on each exposure considered separately
to 90 percent.
Other guarantees on multiple retail exposures qualify
under Standard 4-4, but only if they cover all or a pro rata, or
proportional, share of all payments due on the aggregate exposure
amount.
--Consider the same multiple-exposure retail pool as before. There
are 100 retail exposures with an aggregate exposure amount of $9.5
million. The guarantee covers all losses on the underlying exposures up
to the full $9.5 million aggregate exposure amount.
--Once again, consider the pool of multiple retail exposures above.
In this case, the guarantee covers a pro rata share of losses, for
example 20 percent of the $9.5 million aggregate exposure, or $1.9
million. (Alternatively, if the guarantee coverage had been pre-
specified as a dollar amount, say the first $1.9 million of losses,
rather than a pro rata share of the aggregate losses, that guarantee
would not reflect the benefits of retail credit risk mitigation
treatment. Such guarantees of multiple retail exposures would need to
meet the requirements set forth in Standard 4-5 in order to qualify for
securitization treatment.)

Chapter 5: Wholesale Credit Risk Protection

Rule Requirements

Part III, Section 22(e): Double default treatment. A bank must
obtain the prior written approval of [AGENCY] under section 34 [of the
NPR] to use the double default treatment.
Part IV, Section 33: Guarantees and Credit Derivatives: PD
Substitution and LGD Adjustment Treatments
Part IV, Section 34: Guarantees and Credit Derivatives: Double
Default Treatment
1. This chapter supplements the detailed discussion of credit risk
mitigation in the NPR by providing guidance on how banks may recognize
contractual arrangements for exposure-level credit protection--eligible
guarantees and eligible credit derivatives--that transfer risk to one
or more third parties. Each of these forms of credit protection must
meet certain specific standards of eligibility, as articulated in the
NPR, for recognition of the associated risk mitigation.
2. An important aspect of either of these types of credit
protection is that they are implemented at the exposure-

[[Page 9120]]

level, reducing credit risk faced by the bank due to a specific
exposure to an individual obligor. Banks may use similar mitigants--for
example, portfolio credit derivatives--to transfer credit risk
associated with groups of exposures or whole portfolios. While such
contracts may make a valuable contribution to broader risk management
within the bank, and may be appropriately considered in an assessment
of overall capital adequacy, their effects are not recognized for IRB
calculations of risk-based capital requirements except in limited
circumstances.
3. Exceptions are made for certain types of basket credit
derivatives and securitization exposures. In addition, banks may
recognize the benefits in IRB calculations of pool-level guarantees (or
credit derivatives) that are the functional equivalent of an exposure-
by-exposure guarantee provided the following minimum conditions are
met:
The guarantee is an eligible guarantee.
The contractual provisions of the guarantee must identify
the specific exposures in the pool to which the guarantee applies.
The guarantee must cover all or a pro-rata share of the
pool's aggregate credit losses in a manner that ensures each individual
exposure is provided the same level of loss protection under the
guarantee.
The guarantee must not contain cap provisions,
deductibles, or other payout limitations that would effectively limit
coverage.
Once a bank demonstrates that the pool-level guarantee is the
functional equivalent of an exposure-by-exposure guarantee, the
benefits may be recognized in the IRB calculations using the credit
risk mitigation framework as provided in the NPR and this document.
This requires that the bank calculate its risk-based capital
requirement for the pool on an exposure-by-exposure basis, as if the
guarantee were applied at the level of each individual exposure.
S 5-1 Risk-based capital benefits are only recognized for credit
protection that transfers credit risk to third parties.
4. Banks may recognize the risk-based capital benefits of credit
protection associated with eligible guarantees and eligible credit
derivatives from third parties. A bank may recognize the benefits of
credit protection from a parent or sister company only if (a) the
credit protection provider has the ability to fulfill its obligations
to the bank independent of the financial support of the bank, and (b)
the internal risk rating assigned to the affiliate fully excludes any
support that is or may be derived from bank operations. Under no
circumstances may a bank receive a risk-based capital benefit from
credit protection from an internal department of the bank or from the
bank's own subsidiary. Banks often manage credit risk through internal
transactions that, while possibly structured in ways similar to
guarantees or credit derivatives, do not in themselves result in a
reduction of credit risk at the consolidated level. Such credit
protection purchased internally may not be recognized for IRB purposes.
Once the bank reliably demonstrates that the credit risk is ultimately
transferred to a third party, for example through a matched offsetting
contract, credit protection may be realized from the third party
provider. However, if this protection provider is an affiliate, all of
the above limitations apply.
5. For wholesale exposures, credit risk mitigation from eligible
guarantees and eligible credit derivatives is recognized through one of
three mutually exclusive approaches. The approaches are identified by
the primary mechanism through which risk mitigation is recognized: PD
substitution, LGD adjustment, or the recognition of double-default
benefits. Recognition is at the exposure level, so a bank may select
among the three alternative approaches for each wholesale exposure,
subject to the NPR and to relevant elements of the bank's internal
policies and procedures.
6. If a bank chooses to recognize credit protection through PD
substitution, it substitutes the PD associated with the internal rating
grade assigned to the protection provider in place of the PD of the
obligor in the capital calculation. However, if the bank determines
that this substitution overstates the degree of risk mitigation, a
lesser adjustment may be made by using a PD associated with any
internal rating grade inferior to that of the protection provider. Note
that in either case, the PD applied is one that is associated with one
of the bank's internal rating grades, determined in accordance with the
bank's established processes for quantifying the default risk of those
grades. Similar considerations apply in the case of double-default
treatment; the PD for the protection provider used in the capital
calculation should be the PD for an internal rating grade assigned to
the protection provider.
7. Under the LGD adjustment approach, the bank modifies the LGD
assigned to the hedged exposure to reflect the risk mitigating effects
of the credit protection, subject to limitations on the resulting risk
weight as specified in the NPR. In determining the magnitude of any LGD
adjustment, the bank should apply the general approach to IRB
quantification developed elsewhere in this guidance; quantification of
LGD adjustments for credit protection should reflect a rigorous
application of standards no different from those that apply to LGD
quantification generally.
8. The NPR specifies various criteria that must be met in order for
a bank to apply the double default treatment. Among those requirements
are that a bank must have policies and processes to detect excessive
correlation between the creditworthiness of the protection provider and
the obligor for the hedged exposure. For example, the creditworthiness
of a protection provider and an obligor would be excessively correlated
if the obligor derives a high proportion of its income or revenue from
transactions with the protection provider. Similarly, excessive
correlation could arise from exposure to a common risk factor or set of
risk factors, such as industry or region; in some cases a bank may be
able to leverage other components of the bank's internal credit risk
management processes to identify such dependence on common risk
factors.
9. A bank's choice among these approaches for reflecting the impact
of credit protection for a given exposure should be made in accordance
with specific criteria contained in a bank's credit policy. In addition
to the specific eligibility requirements in the NPR and general
consideration of the credit protection provider's ability and
willingness to perform under the agreement, the criteria should include
an assessment of the effect of the payout structure of the credit
protection on the level and timing of recoveries. In some cases, the
nature of the contractual arrangement reduces the likelihood that the
bank will experience an obligor default (as defined within the IRB
framework); in such cases, PD substitution (or double-default
treatment, if applicable) is often more appropriate. In other cases,
notably those in which the protection is likely to come into effect
only after a default has occurred, it is more likely that the
appropriate adjustment should be made through LGD.
10. A bank recognizing risk mitigation from eligible guarantees or
eligible credit derivatives should also have policies that ensure
adequate control of any residual risks related to the use of such forms
of credit protection.
S 5-2 Banks must ensure that credit protection for which risk-based
capital

[[Page 9121]]

benefits are claimed represents unconditional and legally binding
commitments to pay on the part of the guarantors or counterparties.
11. As specified in the NPR, forms of written third-party support
that are conditional or are not legally binding are not recognized as
credit risk mitigation. Refer to Standard 2-11 in the Wholesale Risk
Rating Systems chapter of this guidance regarding the use of implied
support as a rating criterion.
12. In some instances, an eligible credit derivative may
incorporate a reference asset that differs from the underlying asset
for which a bank has acquired credit protection. A bank may recognize
an eligible credit derivative that hedges an exposure that is different
from the credit derivative's reference exposure used for determining
the derivative's cash settlement value, deliverable obligation, or
occurrence of a credit event only if:
The reference exposure ranks pari passu (that is, equal)
or junior to the hedged exposure; and
The reference exposure and the hedged exposure share the
same obligor (that is, the same legal entity) and legally enforceable
cross-default or cross-acceleration clauses are in place.
13. In such cases, a bank should evaluate and document the
relationship between the reference asset and the hedged exposure to
ensure that the reference asset is a reasonable proxy for the hedged
exposure and is likely to behave in a similar manner upon the
occurrence of a credit event.

Chapter 6: Data Management and Maintenance

Rule Requirements

Part III, Section 22(i)(1): A bank must have data management and
maintenance systems that adequately support all aspects of its advanced
systems and the timely and accurate reporting of risk-based capital
requirements.
Part III, Section 22(i)(2): A bank must retain data using an
electronic format that allows timely retrieval of data for analysis,
validation, reporting, and disclosure purposes.
Part III, Section 22(i)(3): A bank must retain sufficient data
elements related to key risk drivers to permit adequate monitoring,
validation, and refinement of its advanced systems.

I. Overview

1. Banks using the IRB framework for risk-based capital purposes
must have advanced data management and maintenance systems that support
credible and reliable risk parameter estimates. This chapter describes
how a bank should collect, maintain, and manage the data needed to
support the other IRB system components for wholesale and retail
exposures (e.g., risk rating and segmentation systems, the
quantification process, and validation and other control processes), as
well as the bank's broader risk management and reporting needs.
Additional detail specific to wholesale and retail exposures is
provided in the appendices to this chapter.
2. While this chapter specifically addresses data management and
maintenance systems for wholesale and retail exposures, the framework
outlined in this chapter generally applies to all of a bank's advanced
systems for credit risk as described in Chapter 1 of this guidance. In
addition, specific data requirements for securitizations are described
in Chapter 11.
3. Banks may implement different data management and maintenance
systems for wholesale and retail exposures. Within a bank, moreover,
such data systems and processes may differ across business lines and
countries. Therefore, the data structures and practices, and the
precise data elements to be collected will be dictated by the features
and methodology of the IRB system employed by each bank.
4. Reference data requirements related to IRB quantification, which
are discussed in Chapter 4 of this guidance, describe the minimum
requirements for historical default and loss reference data using the
best available data for quantification, inclusive of internal, external
or pooled data sets. Best available data should include historical
performance information necessary to accurately estimate risk
parameters for exposures in the bank's existing portfolio. Reference
data for quantification are likely to comprise a smaller subset of the
internal data elements cited in this chapter because the objectives of
ongoing internal data management cover a wider range of purposes, such
as the development of risk ratings or segmentation and the validation
of the IRB system. Data histories built from the internal data
maintenance framework described in this chapter will gain growing
significance in the risk parameter estimation process over time.

II. General Data Requirements

S 6-1 Banks must collect and maintain sufficient data to support
their IRB systems.
5. While banks have substantial flexibility in designing their data
management systems, the underlying principle in this guidance is that
the data systems should be of sufficient depth, scope, and reliability
to implement and evaluate the IRB system. The systems should be able to
support the bank's ability to:
Track obligors of wholesale exposures and to track
wholesale exposures throughout their life cycle from origination to
disposition;
Capture all rating assignment data for wholesale
portfolios, which include the significant quantitative and qualitative
factors used to assign the obligor and loss severity ratings;
Capture exposure and borrower characteristics and
performance history for retail exposures over a historical time period;
Capture all data for retail exposures necessary to develop
the segmentation system and to assign exposures to segments;
Develop internal risk parameter estimates;
Validate risk parameter estimates;
Validate the IRB system and processes;
Refine the IRB system;
Calculate risk-based capital ratios; and
Produce internal and public reports.
6. Data management and maintenance systems should enable banks to
undertake necessary changes in their IRB systems and improve methods of
credit risk management over time. Systems should be capable of
providing detailed historical data and capturing new data elements for
enhancing an IRB system. Given the importance of developing robust data
histories in this process and the costs associated with collecting
additional data at a later date, banks should err on the side of
collecting not only data that they are currently using but also data
that may potentially be useful to their IRB models or in validation
processes.

A. Life Cycle Tracking for Wholesale Exposures

S 6-4 For wholesale exposures, banks must collect, maintain, and
analyze essential data for obligors and exposures. This should be done
throughout the life and disposition of the credit exposure.
7. Using a life cycle or ``cradle to grave'' concept for each
obligor and exposure supports front-end validation, backtesting, system
refinements, and risk parameter estimates. A depiction of life-cycle
tracking follows:

[[Page 9122]]

[GRAPHIC] [TIFF OMITTED] TN28FE07.002

8. Data elements must be recorded at origination and whenever the
rating is reviewed, regardless of whether the rating is changed. Data
elements associated with current and past ratings must be retained.
These elements include:
Key borrower and exposure characteristics;
Ratings for obligors and exposures;
Key factors used to assign the ratings;
Person responsible for assigning the rating and model(s)
used in that assignment;
Date rating assigned; and
Overrides to the rating and authorizing individual.
At disposition, data elements should include:
Nature of disposition: Renewal, repayment, loan sale,
default, restructuring;
For defaults: Exposure, actual recoveries, source of
recoveries, costs of workouts and timing of recoveries and costs;
Guarantor support;
Sale price for loans sold; and
Other key elements that the bank deems necessary.
See Appendix A for examples of data elements that banks should
collect and maintain under an IRB data management framework for
wholesale exposures.

B. Rating Assignment Data for Wholesale Exposures

S 6-3 Banks must capture and maintain all significant factors used
to assign obligor and loss severity ratings.
9. Assigning a rating to an obligor requires the systematic
collection of various borrower characteristics, both quantitative and
qualitative, because these factors are critical to validating the
rating system. Obligors are rated using various methods, as discussed
in Chapter 2. Each of these methods presents different challenges for
input collection. For example, in judgmental rating systems, the
qualitative factors used in the rating decision have not traditionally
been explicitly recorded. For purposes of the IRB framework, to the
extent qualitative factors play an important role in assigning ratings,
banks should maintain these factors in a readily available database for
validation purposes and to facilitate analysis to help banks improve
the rating system over time.
10. For loss severity estimates, banks should record the basic
structural characteristics of exposures and the factors used in
developing the loss severity rating or LGD estimate. These often
include the seniority of the credit, the amount and type of collateral,
the most recent collateral valuation date and the collateral's fair
value.
11. Banks should also track any overrides of the obligor or loss
severity rating. Tracking overrides separately allows banks to identify
whether the outcome of such overrides suggests either problems with
rating criteria or too much discretion to adjust the ratings.
12. Historical data, including rating histories on wholesale
exposures, may be lost or irretrievable; for example, when exposures
are acquired through mergers, acquisitions, or portfolio purchases.
Banks are encouraged, whenever practical, to collect any missing
historical data on rating assignment drivers and to re-rate the
acquired obligors and exposures for prior periods. When retrieving
historical data is not practical, banks may attempt to create a rating
history by carefully mapping the legacy system and the new rating
structure. Mapped ratings should be reviewed for accuracy. The level of
effort placed on filling gaps in data should be commensurate with the
size and significance of the exposures to be incorporated into the
bank's IRB system.

C. Segmentation Data for Retail Exposures

S 6-4 For retail exposures, banks must collect and maintain all
essential data elements used in segmentation systems and the
quantification process. The data must cover a period of at least five
years and must include a period of economic downturn conditions, or the
bank must adjust its estimates of risk parameters to compensate for the
lack of data from periods of economic downturn conditions.
13. Banks should maintain a minimum five-year exposure-level
history of the entire retail portfolio, including all exposures and
lines that were open at any time during this period. The standard above
establishes key risk drivers used in the segmentation system and in the
quantification of the risk parameters. However, banks should retain
additional data elements that are used in their internal credit risk
management systems. (See Appendix A of this chapter for examples of
retail data elements.)
14. For retail exposures, if the most recent period of economic
downturn conditions occurred more than five years ago, banks should
retain additional data to cover the downturn period. These data need
not cover the period between the downturn period and the most recent
five-year period. These data may be in the form of representative
statistical samples of the portfolio rather than data from all
exposures. The method of any sampling should be statistically sound and
well-documented.
15. Banks should gather and retain disposition data, including
recovery data on defaulted exposures (e.g., date and dollar value of
recoveries and collection expenses) sufficient to develop ELGD, LGD,
and EAD estimates for retail exposures. For many banks, information
related to recoveries and

[[Page 9123]]

collection expenses currently exists only at an aggregate level. These
banks should develop interim solutions and a plan to improve exposure-
level data availability.
16. For retail exposures, historical segmentation data can be lost
or irretrievable; for example, when exposures are acquired through
mergers, acquisitions, or portfolio purchases. In these cases, as an
interim measure, banks should seek to obtain data from external sources
to supplement internal data shortfalls. Alternatively, the reference
data sometimes may be drawn from other sections of the portfolio, but
only when the business lines, and exposure and borrower characteristics
are sufficiently similar (for examples, see Chapter 3).

D. Outsourced Activities

S 6-5 Banks should ensure that outsourced activities performed by
third parties are supported by sufficient data to meet IRB
requirements.
17. Certain processes, such as loan servicing, broker and
correspondent origination, collection, and asset management, may be
outsourced to or otherwise involve third parties. The necessary data
capture and oversight of risk management standards for these portfolios
and processes should be carried out as if they were conducted
internally.

E. Asset Sales

S 6-6 Banks should maintain data to allow for a thorough review of
asset sale transactions.
18. It is important that banks be able to quantify the impact of
asset sale activity on its IRB system. Documentation for these
transactions should be sufficient for supervisors to determine how
asset sale activity affects the integrity of the IRB system and the
resulting risk-based capital calculation. For retail, asset sales may
involve exposures from a variety of portfolio segments, and sale
pricing may not be available at a granular level. A bank should be able
to quantify the effect of removing a portion of the loans or other
exposures from segments and the effect of such asset sale activity on
risk parameter estimation.

III. Data Applications

A. Validation and Refinement

19. The data elements collected by banks should facilitate meeting
the validation standards described in Chapter 7. These standards
include validating the bank's IRB system processes, including the
``front end'' aspects, such as assigning ratings or risk drivers used
for segmentation, so that issues can be identified early. The data
should support efforts to identify whether raters and models are
following rating criteria and policies and whether ratings are
consistent across portfolios. In addition, data should support the
validation of risk parameters, particularly the comparison of realized
outcomes with estimates. For backtesting risk parameters, data on
default and disposition characteristics should be thorough.
20. Data for validation should be rich in scope and depth in order
to provide insights on the performance of the IRB system. This can
contribute to a learning environment in which refinements can be made
to the systems. These potential refinements include enhancements to
rating assignment controls, segmentation design, processes, criteria or
models, IRB system architecture, and risk parameter estimates.

B. Applying IRB System Improvements Historically

21. To maintain a consistent series of information for credit risk
monitoring and validation purposes, banks should be able to take
improvements they make to their risk rating systems for wholesale
exposures and segmentation systems for retail exposures and apply them
historically. Moreover, banks are encouraged to retain data beyond the
minimum requirements because they should have robust historical
databases containing key risk drivers and performance components over
as long a historical period and as many variables as possible to
facilitate the development and validation of better models and methods.
See Appendix B for an example as to how a bank could apply new
information to improve its risk rating system.

C. Calculating Risk-Based Capital Ratios and Reporting to the Public

22. Data retained by the bank will be essential for risk-based
capital calculations and public reporting under the Pillar 3
disclosures. These uses underscore the need for a well-defined data
management framework and strong controls over data integrity. Total
exposures should be tied to systems of record and documentation should
be maintained for this process for all reporting periods. Control
processes and data elements themselves should also be subject to
periodic verification and testing by internal auditors. Supervisors
should rely on these processes and should also perform testing as
circumstances warrant.
23. This guidance should also be considered with the Proposed
Agency Information Collections published by the Agencies on September
25, 2006 for public comment along with the NPR. The notice contained
information collection templates (FFIEC 101) and information about the
components of reporting entities' risk-based capital, risk-weighted
assets by type of credit risk exposure under the IRB framework,
including templates for credit risk and definitions of the data
elements contained therein. These templates will assist banks in
determining their data retention needs related to the risk-based
capital requirements for credit risk under the IRB framework.

D. Supporting Risk Management

24. The information that can be gleaned from more extensive data
collection will support a broad range of risk management activities.
Risk management functions will rely on accurate and timely data to
track credit quality, make informed portfolio risk mitigation
decisions, and perform portfolio stress tests. Obligor and loss
severity risk rating and segmentation data will be used to support such
operations as internal capital allocation models, pricing models, ALLL
calculations, and performance management measures. Summaries of these
are included in reports to banks' boards of directors, regulators, and
in public disclosures.

IV. Managing Data Quality and Integrity

S 6-7 Banks should develop policies and controls around the
integrity of the data maintained both internally and through third
parties.
25. Because data are collected at so many different stages
involving a variety of groups and individuals, ensuring the quality of
the data poses numerous challenges. For example:
Qualitative risk-rating variables will have subjective
elements and will be open to interpretation;
Exposures will be acquired through mergers and purchases,
but without an adequate and easily retrievable institutional rating
history; and
Data purchased from or maintained through third parties
may not have controls similar to the bank's controls.
Bank policies and controls should address these potential
challenges. Specifically, banks should have policies employing change
control management processes and practices to ensure the integrity of
the data. In addition, banks should seek reasonable assurances from
significant third-party providers concerning the integrity of the data.

[[Page 9124]]

A. Documentation and Definitions

S 6-8 Banks should document the process for delivering, retaining,
and updating inputs to the data warehouse and ensuring data integrity.
S 6-9 Banks must maintain detailed documentation of changes to the
data elements supporting the IRB system.
26. Given the many challenges presented by data for an IRB system,
the management of data should be formalized and banks should develop
comprehensive definitions for their data elements. Fully documenting
how the bank's flow of data is managed provides a means of evaluating
whether the data management framework is functioning as intended.
Moreover, banks should be able to communicate to persons developing or
delivering various data the precise definition of the items intended to
be collected. Consequently, a ``data dictionary'' and/or a ``data
standards manual'' would ensure consistent inputs from business units
and data vendors and would allow third parties (e.g., IRB system review
process, auditors, or banking supervisors) to evaluate data quality and
integrity.
27. When changes are made to the IRB system and the supporting data
elements, the source of any significant changes in the risk-based
capital requirements should be documented. Therefore, it would be
desirable to use change control management processes.

B. Electronic Storage and Access

S 6-10 Banks must retain data using an electronic format that
allows timely retrieval of data for analysis, validation, reporting,
and disclosure purposes.
28. To meet the significant data management challenges presented by
the validation and control features of the IRB system, banks must store
their data electronically. Banks will have a variety of storage
techniques and potentially a variety of systems to create their data
warehouses and data marts. The data architecture should be designed to
be scalable to allow for growth in portfolios, data elements, history,
and product scope. IRB data requirements can be achieved by melding
together existing accounting, servicing, processing, workout and risk
management systems, provided the linkages between these systems are
well-documented and include sufficient edit and integrity checks to
ensure that the data can be used reliably.
29. Banks lacking electronic databases for wholesale exposures
would be forced to resort to manual reviews of paper files for ongoing
backtesting and ad hoc ``forensic'' data mining and would be unable to
perform that work in the timely and comprehensive manner required of
the IRB system. Forensic mining of paper files to build an initial data
warehouse from the bank's credit history is encouraged. Paper research
may sometimes be necessary to identify data elements or factors not
originally considered significant in estimating the risk of a
particular class of obligor or exposure. The time and expense of this
recovery effort highlights the importance of collecting a broad array
of variables during the initial design of the IRB data system.

Appendix A: Data Elements for Wholesale and Retail Exposures

For illustrative purposes, the following section provides examples
of the kinds of data elements banks should collect under an IRB data
management and maintenance framework first for wholesale exposures and
second for retail exposures.

A. Examples of Data Elements for Wholesale Exposures

General Descriptive Obligor and Exposure Data
The data below could be from an exposure record or from various
sources within the data warehouse. Data maintained for guarantors would
be the same as that maintained for obligors.
Obligor/Guarantor Data
General data: name, address, industry;
ID number (unique for all related parent/sub
relationships);
Rating, date, and rater; and
PD corresponding to rating.
General Exposure Characteristics
Exposure amounts: committed, outstanding;
Exposure type: term, revolver, bullet, amortizing, etc.;
Purpose: acquisition, expansion, liquidity, inventory,
working capital etc.;
Covenants;
Exposure ID number;
Origination and maturity dates;
Last renewal date;
Obligor ID link;
Rating, date and rater;
ELGD;
LGD; and
EAD.
Rating Assignment Data
The data below provide an example of the categories and types of
data that banks should retain in order to continually validate and
improve rating systems. These data items should tie directly to the
documented criteria that the bank employs when assigning ratings. For
example, rating criteria often include ranges of leverage or cash flow
for a particular obligor rating. In addition, banks are encouraged to
develop and record quantitative representations of qualitative factors
(such as management effectiveness) in numeric form. For example, a 1
may signify exceptionally strong management and a 5 very weak
management. The rating data elements should be sufficient for
evaluating the factors driving the rating decisions.
Quantitative factors in obligor ratings
Asset and sale size; and
Key ratios used in rating criteria:
--Profitability;
--Cash flow;
--Leverage;
--Liquidity; and
--Other relevant factors.
Qualitative factors in obligor ratings
Quality of earnings and cash flow;
Management effectiveness, reliability;
Strategic direction, industry outlook, position;
Country factors and political risk; and
Other relevant factors.
Third-party obligor ratings
Public debt rating and trend; and
External credit model score and trend.

Rating Notations

Flag for overrides or exceptions; and
Authorized individual who can change rating.
Key exposure factors in ELGD and LGD ratings
Seniority;
Collateral type (cash, marketable securities, AR, stock,
RE, etc.);
Collateral value and valuation date;
Advance rates, LTV;
Industry; and
Geography.

Rating Notations

Flag for overrides or exceptions; and
Authorized individual who can change rating.
Final disposition data
Many banks maintain subsidiary systems for their problem exposures
with details recorded, at times manually, on systems that are not
linked to the bank's central exposure or risk management systems. The
unlinked

[[Page 9125]]

data are a significant hindrance in developing reliable risk parameter
estimates.
In advanced systems, the ``grave'' portion of obligor and exposure
tracking is essential for producing and validating risk parameter
estimates and is an important feedback mechanism for adjusting and
improving these estimates over time. Essential data elements are
outlined below.
Obligor/guarantor
Default date; and
Circumstances of default (e.g., nonaccrual, bankruptcy
chapters 7-11, nonpayment).
Exposure
Outstandings at default; and
Amounts undrawn and outstanding plus time series prior to
and through default.
Disposition
Amounts recovered and dates (including source: cash,
collateral, guarantor, etc.);
Collection cost and dates;
Discount factors to determine economic cost of collection;
Final disposition (e.g., restructuring or sale);
Sales price, if applicable; and
Accounting items (charge-offs to date, purchased
discounts).

B. Examples of Data Elements for Retail Exposures

Data Elements at Origination
Customer identifiers, such as borrower name;
External credit bureau attributes;
Application attributes, such as income and financial
information;
Credit scores, including custom scores or generic scores;
Other underwriting data used in the origination process;
Score overrides and policy exceptions;
Origination channel, such as a third-party vendor,
telemarketing, direct mail, or Internet;
Product type and loan terms, such as line amount, interest
rate, payment terms, balance transfer amount, and reward programs;
Collateral characteristics, such as appraised value,
geographic location, and loan-to-value; and
Guarantees or other credit risk mitigants, such as PMI.
Ongoing Data Elements
Refreshed credit bureau attributes;
Payment history and performance characteristics, including
payments, draws, fees, NSF checks, delinquency, overlimit status, and
utilization;
Collections activity, including workout or forbearance
programs, restructurings, payment deferrals, re-aging and other similar
programs;
Behavior scores;
Transaction-level information;
Account management activities, such as line increase or
decrease programs, pricing adjustments, changes in payment requirements
or fee structures, and reward programs;
Updated borrower information; and
Updated collateral information.
Collection and recovery information
Default date;
Loss severity information;
Circumstances of default (e.g., nonaccrual, bankruptcy
chapters 7-11, nonpayment);
Outstandings at default;
Amounts undrawn and outstanding plus time series prior to
and through default;
Amounts recovered and dates (including source: cash,
collateral, guarantor, etc.);
Collection cost and timing;
Discount factors to determine economic cost of collection;
Final disposition (e.g., restructuring or sale);
Sales price, if applicable; and
Accounting items (charge-offs to date, purchased
discounts).

Appendix B: Applying Risk Rating System Improvements Historically

In the example below for wholesale exposures, a bank experiences
unexpected and rapid migrations and defaults in its rating grade 4
category during 2006. Analysis of the actual financial condition of
borrowers that defaulted compared with those that did not suggests that
the debt-to-EBITDA range for its expert judgment criteria of 3.0 to 5.5
is too broad. Research indicates that rating grade 4 should be
redefined to include only borrowers with debt-to-EBITDA ratios of 3.0-
4.5 and that rating grade 5 should be 4.5-6.5. In 2007, the change is
initiated, but prior years' numbers are not recast (see Exhibit A).
Consequently, a break in the series prevents the bank from evaluating
credit quality changes over several years and from identifying whether
applying the new rating criteria historically provides reasonable
results.
[GRAPHIC] [TIFF OMITTED] TN28FE07.003

[[Page 9126]]

Recognizing the need to provide senior managers and board members
with a consistent risk trend, the new criteria are applied historically
to obligors in rating grades 4 and 5 (see Exhibit B). The original
ratings assigned to the rating grades are maintained along with
notations describing what the grade would be under the new rating
criteria. If the precise weight an expert has given one of the
redefined criteria is unknown, banks are expected to make estimates on
a best efforts basis. After the retroactive reassignment process, the
bank observes that the mix of obligors in rating grade 5 declined
somewhat over the past several years while the mix in rating grade 4
increased slightly. This contrasts with the trend identified before the
retroactive reassignment. The result is that the multiyear transition
statistics for rating grades 4 and 5 provide risk managers a clearer
picture of risk.
[GRAPHIC] [TIFF OMITTED] TN28FE07.004

This example is based on applying ratings historically using data
already collected by the bank. However, for some risk rating system
refinements, banks may in the future identify drivers of default or
loss that might not have been collected for borrowers or exposures in
the past. That is why banks are encouraged to collect data that they
believe may serve as stronger predictors of default in the future. For
example, certain elements of a borrower's cash flow might currently be
suspected of overstating the operational health of a particular
industry. In the future, should a bank decide to reduce the weight
given to cash flow for this overstatement, resulting in a downgrade of
many obligor ratings, the bank that collected these data could apply
this rating change to prior years. This would provide a consistent
picture of risk over time and also present opportunities to validate
the new criteria using historical data. Recognizing that banks will not
be able to anticipate fully the data they might find useful in the
future, banks are expected to reassign rating grades on a best efforts
basis when practical.

Chapter 7: Controls and Validation

Rule Requirements

Part III, Section 22(a)(2): The systems and processes used by a
bank for risk-based capital purposes under [the NPR] must be consistent
with the bank's internal risk management processes and management
information reporting systems.
Part III, Section 22(j)(2): The bank's board of directors (or a
designated committee of the board) must at least annually evaluate the
effectiveness of, and approve, the bank's advanced systems.
Part III, Section 22(j)(3): A bank must have an effective system of
controls and oversight that:
(i) Ensures ongoing compliance with the qualification requirements
[in the NPR];
(ii) Maintains the integrity, reliability, and accuracy of the
bank's advanced systems; and
(iii) Includes adequate governance and project management
processes.
Part III, Section 22(j)(4): The bank must validate, on an ongoing
basis, its advanced systems. The bank's validation process must be
independent of the advanced systems' development, implementation, and
operation, or the validation process must be subjected to an
independent review of its adequacy and effectiveness. Validation must
include:
(i) The evaluation of the conceptual soundness of (including
developmental evidence supporting) the advanced systems;
(ii) An on-going monitoring process that includes verification of
processes and benchmarking; and
(iii) An outcomes analysis process that includes backtesting.
Part III, Section 22(j)(5): The bank must have an internal audit
function independent of business-line management that at least annually
assesses the effectiveness of the controls supporting the bank's
advanced systems and reports its findings to the bank's board of
directors (or a committee thereof).

I. Overview

1. A bank must have a system of controls that ensures that the
components of the IRB system are functioning effectively. This chapter
provides guidance on the essential elements of an effective control
environment for an IRB system for wholesale and retail exposures,
including independent review processes, a comprehensive validation
process, and an internal audit review and reporting process.
2. While this chapter specifically addresses the control framework
supporting a bank's IRB systems for wholesale and retail exposures, the
framework outlined in this chapter generally applies to all of a bank's
advanced systems for credit risk as described in Chapter 1 of this
guidance.

[[Page 9127]]

In addition, specific validation requirements for certain counterparty
credit risk transactions, equity exposures, and securitization
exposures are provided in Chapters 9, 10, and 11, respectively.
S 7-1 Banks must have an effective system of controls that ensures
ongoing compliance with the qualification requirements, maintains the
integrity, reliability, and accuracy of the IRB system, and includes
adequate governance and project management processes.
3. An accurate and reliable IRB system will allow bank management
to make informed risk management and capital management decisions.
While banks have flexibility in determining how integrity in the IRB
system is achieved, the control framework that supports the IRB system
should be constructed to ensure that the IRB system's design and
performance are effective and that it continues to operate as intended.
4. The specific IRB-system controls, as outlined in this chapter as
well as in Chapter 1 of this guidance, should be part of a broader
control infrastructure that embodies more generic control principles
such as dual controls, separation of duties, and appropriateness of
incentives that enable prudential corporate oversight.
S 7-2 Control processes should be independent and transparent to
supervisors and auditors.
5. The objective of independence is to ensure the integrity of the
IRB system. When independence is not fully achieved, there should be
compensating controls to confirm that actions and conclusions are not
compromised.
6. Independence can be achieved structurally with organizational
separation, or functionally, through policy and/or incentive based
separation. For example, reviews performed by individuals who are not
structurally independent could be acceptable as functionally
independent reviews if the structure does not inhibit an objective
evaluation. In these cases, job responsibilities and reporting
relationships should be assessed to determine if they present any
inherent conflicts that could impede conducting an effective review.
Banks should consider a variety of factors when designing a control
structure to adequately address independence, including:
Expertise and experience of individuals conducting control
activities;
Potential for conflicts of interest and influence that
could compromise the effectiveness of controls;
Incentives for individuals that perform critical reviews;
Separation of duties (individuals should not review their
own work); and
Fully documenting all aspects of the control structure to
ensure it can be understood and evaluated by supervisors and auditors.

II. Reviews of the IRB System

S 7-3 The annual assessment of the IRB system presented to the
board of directors should be supported by the bank's comprehensive and
independent reviews of the IRB system.
7. As discussed in Chapter 1, the bank's board of directors must at
least annually evaluate the effectiveness of, and approve, the bank's
advanced systems for credit risk. To do so, the board should be
provided with information that would enable it to conclude, with
reasonable assurance, that management has appropriate processes and
controls in place that support an effective IRB system. This
information should include results from the bank's comprehensive and
independent reviews of the IRB system.
8. The bank's independent review process may be tailored to the
bank's management and oversight framework. The objective of these
reviews should be to evaluate compliance with the requirements in the
NPR and this supervisory guidance and to measure the effectiveness of
the IRB system's design and operation. The review should include all
components of the IRB system:
Risk rating and segmentation systems;
Quantification process, particularly the selection of
reference data sets and risk parameter estimation techniques;
Ongoing validation process;
Data management and maintenance system that supports the
IRB system; and
Control infrastructure supporting the IRB system.
9. Responsibility for the review process could be distributed
across multiple areas or housed within one unit, so long as the bank
can demonstrate that the review process provides a comprehensive and
objective assessment of the areas reviewed. Individuals performing the
reviews should possess the requisite technical skills and expertise.
10. Validation will encompass some of the IRB system review
standards described above. However, to the extent that validation or
other control functions do not address a component of the IRB system or
if they do not meet the independence requirements, a separate
independent review of business-line management, risk management, and
internal audit should be conducted as applicable. The validation
activities, which are the evaluation of conceptual soundness (including
developmental evidence), ongoing monitoring (i.e., process verification
and benchmarking), and outcomes analysis (backtesting), are described
in more detail later in this chapter.
S 7-4 Validation activities must be conducted independently of the
advanced systems' development, implementation, and operation, or
subjected to an independent assessment of their adequacy and
effectiveness.
11. The developmental evidence supporting risk rating and
segmentation systems' design and quantification is generally compiled
by the systems' designers. This evidence should be subject to an
ongoing substantive independent assessment by qualified staff. This
independent review should be conducted at the time of system
development and then updated whenever significant changes in
methodology, data, or implementation occur.
12. Furthermore, when process verification, benchmarking, or
outcomes analysis (backtesting) activities are not completed by
individuals independent of the risk rating and segmentation systems'
design or use, these activities must be the focus of an ongoing
substantive independent assessment. Responsibility for the assessment
of developmental evidence and ongoing validation may be drawn from a
variety of organizational structures provided functional independence
and sufficient expertise are demonstrated.

III. Consistency Between IRB Systems and Risk Management Processes

S 7-5 The systems and processes used by a bank for risk-based
capital purposes must be consistent with the bank's internal risk
management processes and management information reporting systems.
13. The systems and processes a bank uses for risk-based capital
purposes must be consistent with the bank's internal credit risk
management processes and management information reporting systems such
that data from the latter system and processes can be used to verify
the reasonableness of the risk parameter inputs the bank uses for risk-
based capital purposes.
14. The wholesale risk ratings used for risk-based capital purposes
should be consistent with those used to guide day-to-day wholesale
credit risk management activities. Wholesale risk ratings for IRB
purposes should be

[[Page 9128]]

incorporated into and be consistent with a bank's credit risk
management, internal capital assessment and planning, and corporate
governance processes. The different uses and applications of the risk
rating systems' outputs should promote greater accuracy and consistency
of ratings across an organization. Banks should demonstrate that
ratings used for IRB purposes are consistent with the bank's internal
credit risk management processes.
15. The risk drivers used for IRB retail segmentation should be
consistent with those used to guide day-to-day retail credit risk
management activities. Risk drivers for IRB segmentation purposes
should correspond to risk drivers used as part of the overall credit
risk management of business lines. Banks should demonstrate that the
risk drivers used for IRB segmentation purposes are consistent with
those used in its day-to-day planning, execution, and monitoring of
retail lending activities. However, the IRB segmentation criteria do
not have to be identical to those used in credit risk management.
16. Risk parameters used for credit risk management should be
consistent with the IRB risk parameters. Banks will be afforded some
flexibility in their use of estimated risk parameters, since the
estimates prescribed for risk-based capital purposes may not be
appropriate for other uses. For example, the PDs used to estimate loan
loss allowances could reflect current economic conditions that are
different from the long-term averages appropriate for risk-based
capital calculations. While risk parameters used for internal risk
management purposes could be different from those used for risk-based
capital purposes, banks should be able to demonstrate that the IRB
measures of credit risk are consistent with similar measures used in
internal credit risk management.

IV. Internal Audit

S 7-6 Internal audit must, at least annually, assess the
effectiveness of the controls supporting the IRB system and report its
findings to the board of directors (or a committee thereof).
17. A bank must have an internal audit function that is independent
of business line management and that assesses at least annually the
effectiveness of the controls supporting the IRB system and reports its
findings to the board of directors (or its designated committee). At
least annually, internal audit should review the validation process
including procedures, responsibilities, appropriateness of results,
timeliness, and responsiveness to findings. Further, internal audit
should evaluate the depth, scope, and quality of the independent review
processes and conduct appropriate testing to ensure that the
conclusions of these reviews are well founded.

V. Validation Activities

18. Validation is an ongoing process that includes the review and
monitoring activities that verify the accuracy of the risk rating and
segmentation systems and the quantification process. The components of
validation include evaluation of conceptual soundness (including
developmental evidence), ongoing monitoring, and outcomes analysis.

A. General Validation Requirements

S 7-7 A bank's validation policy should cover the key aspects of
risk rating and segmentation systems and the quantification process.
19. The validation policy should be approved by the bank's senior
management, and should:
Describe the validation process;
Outline the documentation requirements;
Assign responsibilities;
Outline the process for corrective actions; and
Be updated periodically to incorporate new developments in
validation practices and to ensure that validation methods remain
appropriate.
S 7-8 Validation must assess the accuracy of the risk rating and
segmentation systems and the quantification process.
20. The accuracy of risk rating and segmentation systems and the
quantification process is measured by determining whether the:
Assignment of exposures to risk ratings or segments has
been implemented as designed;
Performance data show that the risk rating or segmentation
systems adequately differentiate risk over time;
Migration of wholesale risk ratings is consistent with the
bank's rating philosophy;
Retail segmentation system separates exposures into stable
and homogeneous segments; and
Actual default, loss severity, and exposure experience of
each rating grade or segment is consistent with risk parameter
estimates.
21. Some differences between observed outcomes for individual
ratings or specific retail segments and the estimated risk parameters
are expected. Risk parameter estimates should reflect a degree of
conservatism appropriate for the inherent uncertainty in the bank's
quantification process. As such, observed outcomes should not
consistently or significantly exceed risk parameter estimates. This
applies to each of the following:
Actual long-run average default rates for each rating
grade or segment and the assigned PD estimates;
Actual long-run average economic loss rates on defaulted
exposures and the assigned ELGD estimates;
The economic loss rates on defaulted exposures during
actual economic downturn conditions and the assigned LGD estimates; and
The exposure size of defaulted exposures during actual
economic downturn conditions and the assigned EAD estimates.
Bias that results in a reduction of risk-based capital requirements
should receive immediate attention from management.
S 7-9 Validation processes for risk rating and segmentation
systems, and the quantification process must include the evaluation of
conceptual soundness, ongoing monitoring, and outcomes analysis.
22. Validation should be designed to give the greatest possible
assurances of the accuracy of the risk rating and segmentation systems
and the quantification process. Three activities must be carried out:
Evaluating conceptual soundness using developmental
evidence--determining whether the approach is sound;
Ongoing monitoring--verifying the process and comparing
results to other sources of data or estimates (benchmarking); and
Outcomes analysis--comparing actual outcomes with
estimates by backtesting and other methods.
These integral, ongoing activities must evaluate both internally
and externally developed risk rating and segmentation systems, models,
and the quantification process.
23. Validation processes, especially outcomes analysis, should
recognize that realized outcomes for default, loss severity, and
additional drawdowns can vary in a systematic fashion with the economic
cycle. Thus, realized outcomes for a given risk parameter can vary
around the estimate of long run average. A bank's validation policy
should specify how realized outcomes are expected to vary with the
economic cycle given the design of the IRB system. For example, given a
bank's obligor rating system design, a bank might expect realized
defaults to be systematically below the PD estimate during good states
of the economic cycle and systematically above the PD

[[Page 9129]]

estimate during bad states of the economic cycle. This should be
specified in the policy documentation. Realized outcomes for loss
severity are not directly comparable with LGD estimates unless an
economic downturn is experienced. Nonetheless, outcomes analysis for
conditions less severe than an economic downturn can shed light on the
validity of the LGD quantification process.

B. Validation Activities

Evaluating Conceptual Soundness using Developmental Evidence
24. Developmental evidence is the primary mechanism used to
evaluate the conceptual soundness of the IRB system. The developmental
evidence for risk rating and segmentation systems, and the
quantification process should include documentation and empirical
evidence supporting the methods used and the variables selected in the
design and quantification of the IRB system. Where models are used, the
evidence should include documentation and a description of the logic
that supports the model and an analysis of any statistical model-
building techniques.
25. Developmental evidence supporting the risk rating system should
include the reasons the system was selected over other systems. Other
developmental evidence should at a minimum describe the bank's obligor
ratings approach and ratings philosophy, the mapping methodology, and
the use and design of facility ratings or loss severity estimates.
26. In supporting the segmentation system, developmental evidence
should describe the statistical design of the segmentation system and
the selection of risk drivers. Additionally, it should explain why the
system was selected over other segmentation approaches.
27. Developmental evidence supporting a bank's quantification
process should address each aspect of the quantification process,
whether the process explicitly delineates the four stages of
quantification or implicitly incorporates the stages.
28. Developmental evidence is more persuasive when it includes
empirical evidence. Developmental evidence in support of any model used
in the risk rating and segmentation systems or the quantification
process should include documentation and a discussion of the logic that
supports the model, an analysis of any model-building techniques,
sensitivity analysis (analysis of outcome sensitivity with respect to
model input changes and model breakdown points), and an assessment of
forecast quality. Models should be supported by evidence that they work
well across reference data sets. Use of a ``holdout'' sample is a good
model-building practice to ensure that a model is robust. It is
possible to perform several out-of-sample tests by varying the holdout
samples.
29. Empirical developmental evidence for a judgmental rating system
will likely be derived differently than such evidence for a model-
driven system. One approach to capture empirical developmental evidence
for analysis might entail having qualified, independent raters rate
credits from prior periods. Ideally, the raters would not be familiar
with the circumstances of the disposition of the credits (e.g.,
default, downgrade, upgrade, paid as agreed, etc.) and would only use
information available to the original rater(s) at the time the credits
were underwritten and subsequently reviewed. These retrospective
ratings could then be compared to the outcomes to determine whether the
ratings adequately differentiate risk. Conducting such tests may be
difficult if historical data sets do not include a sufficient amount of
the information actually used when a rating was assigned. Careful
consideration should be given to future data needs and anticipated uses
for validation, even if some variables are not used in the current
model.
S 7-10 Banks must evaluate the developmental evidence supporting
the risk rating and segmentation systems and the quantification
process.
30. Evaluating developmental evidence involves assessing how well
the risk rating and segmentation systems and the quantification process
are designed and constructed. The review of developmental evidence
should determine whether:
Risk rating systems can be expected to accurately assess
obligor and facility risk;
Segmentation systems can be expected to separate exposures
into segments with homogenous risk characteristics and to allow for the
accurate measurements of risk within segments over time; and
The quantification process can be expected to accurately
estimate PDs, ELGDs, LGDs, and EADs.
31. Developmental evidence should be reviewed whenever the bank
makes material changes in its risk rating and segmentation systems or
quantification process.
32. Evaluation of developmental evidence includes comparisons of a
bank's implemented framework with alternatives considered in the
development process and the reason the bank selected the chosen
framework. For retail portfolios, data may be available on alternative
risk drivers for segmentation, and developmental evidence should
include the empirical analysis conducted to choose between risk
drivers.
33. The development of risk rating and segmentation systems and the
quantification process requires developers to exercise informed
judgment. Whether the developmental evidence is sufficient will itself
be a matter of expert opinion. Even if a system is model-based, an
evaluation of developmental evidence will entail judging the merits of
the model-building technique. Expert judgment is essential to the
evaluation of the risk rating and segmentation systems and the
quantification process development. Experts should be able to draw
conclusions about the likelihood of the satisfactory performance of an
implemented system.
Ongoing Monitoring: Process Verification and Benchmarking
34. The second component of the validation process for risk rating
and segmentation systems and the quantification process is ongoing
monitoring. The objective of ongoing monitoring is to confirm that the
processes were implemented appropriately and continue to perform as
intended. Such analysis involves process verification and benchmarking.
S 7-11 Banks must conduct ongoing process verification of the risk
rating and segmentation systems and the quantification process to
ensure proper implementation and operation.
35. Process verification encompasses a range of activities that are
used to assess whether all internal risk rating and segmentation
processes, as well as all quantification processes, are being used,
monitored, and updated as designed and intended. It includes
determining that data essential to these processes have appropriate
integrity, and that all elements of these processes continue to be
appropriate to the nature of the bank's exposures. Process verification
should also ensure that identified deficiencies are corrected.
36. Verification activities will vary depending on the risk rating
and segmentation systems and quantification approaches and their
related guidelines. Verification that data are accurate and complete is
important for all IRB systems and applies to both internal and external
data, including the data provided by a third party.
37. For models-based risk rating and segmentation, verification
includes an evaluation of the automated assignment

[[Page 9130]]

processes, such as verification of the correct computer coding of the
model and data inputs. For expert-judgment and constrained-judgment
risk rating systems, verification includes an evaluation of whether the
rater adhered to the rating policy and criteria, given the information
available to the rater and the documented rationale for the rating
decisions.
38. Process verification of risk rating and segmentation systems
includes monitoring and analysis of overrides. An override is a generic
term that may have different meanings in different contexts. Two types
of overrides are discussed below.
``Judgmental overrides'' occur when judgments are made to
reject the decision of an objective process, such as a model or
scorecard, which rates a wholesale obligor, assigns an exposure to
loss-severity rating grade, or assigns an exposure to a retail segment;
judgmental overrides are an explicit component of such a rating
system's design. As a matter of policy in a constrained judgment rating
system for wholesale lending, a rater is generally allowed to adjust or
override the results of a statistical rating model. For retail lending,
the assignment of an exposure to a segment could be overridden, but
such overrides generally are rare.
``Policy overrides'' refer to exceptions to bank policy
with regard to risk rating assignment or segmentation. In the case of
pure models-based rating and segmentation systems, an override would be
considered to override policy. In a constrained judgment model, a
policy override would occur when a rating is assigned by judgmental
decision that does not conform to the bank's rating criteria. Overrides
outside of policy are expected to be rare.\13\
---------------------------------------------------------------------------

\13\ Another common use of overrides in retail lending, not
included in this context, relates to underwriting decisions. ``Low
side'' overrides approve applications that would normally be
rejected and ``high side'' overrides reject applications that would
normally be approved.
---------------------------------------------------------------------------

39. Frequent overrides may call into question aspects of the risk
rating or segmentation system. Overrides and adjustments should be
monitored and the performance of ratings that have been adjusted or
overridden should be tracked for both the validation of rating and
segmentation systems and the IRB system as a whole. Banks should have a
policy addressing criteria for judgmental overrides and tolerance
levels for policy overrides. The frequency of overrides will depend
upon the portfolio, the risk rating and segmentation design, and a
bank's practices.
S 7-12 Banks must benchmark their risk rating and segmentation
systems, and their risk parameter estimates.
40. Benchmarking is using alternative methods or alternative data
to draw inferences about the appropriateness of ratings, segments, risk
parameter estimates or model outputs before outcomes are actually
known. Benchmarking is a useful validation method that can be applied
to all rating, segmentation, and quantification processes.
41. Benchmarking allows a bank to compare the consistency of its
risk parameter estimates with those of other estimation techniques and
data sources. Benchmarking can be a valuable diagnostic tool for
uncovering potential weaknesses in a bank's quantification process.
While benchmarking allows for inferences about the accuracy of the risk
rating and segmentation systems, and the risk parameter estimates, it
does not substitute for backtesting. When differences are observed in
the benchmarking exercise, this does not necessarily indicate that the
risk rating and segmentation systems, or the risk parameter estimates,
are in error. A benchmark is merely an alternative measure, and the
difference may be due to different data or methods. Nevertheless, when
differences are revealed, proper benchmarking requires the bank to
investigate the source of the differences and whether the extent of the
difference is appropriate. This investigative process may identify ways
in which a bank can improve its risk rating and segmentation systems,
and the quantification process.
42. To benchmark risk ratings and segmentation, a bank must at a
minimum establish a process in which a representative sample of its
internal ratings, portfolio segmentation, and risk parameters are
compared to results from another source for the same exposures.
Examples of other sources include independent internal raters such as
loan review, external corporate rating agencies, or retail credit
bureau models, and alternative internally developed credit risk models
(``challenger models'').
43. Benchmarking of a risk rating, regardless of the rating
approach, customarily asks whether another rater or rating method
attaches a comparable rating to a particular obligor or exposure.
Benchmarking of a segmentation system customarily asks whether other
risk drivers or other segmentation methods provide similar risk
separation and assessments of the portfolio risk distribution.
44. Benchmarking of quantification generally involves comparing
different choices made in the four stages of quantification. Such
benchmarking compares:
Reference data with data from other data sources;
Estimates of risk parameters with estimates developed by
alternative methods using the same reference data;
Mappings with alternative mappings that would be expected
to provide similar results; and
Adjustments at the application stage with alternatives.
45. Benchmarking activities can be accomplished in a number of ways
and at different levels of aggregation. Some benchmarking activities
are conducted more frequently than others; for example, a bank
benchmarks a system to evaluate its performance more frequently than it
benchmarks the system to determine whether to renovate it completely,
an activity that must be considerably more thorough. Examples of
benchmarking activities for risk rating and segmentation systems, and
the quantification process are listed below:
Risk Ratings or Segmentation Benchmarking
On an ongoing basis, analyzing the characteristics of
obligors or exposures that have been assigned the same wholesale risk
rating or retail segment, and comparing the distribution of the
portfolio by these ratings or segments between different time periods.
Periodically re-rating a sample of wholesale credits
previously rated under the bank's standard method; examples of
benchmark ratings include alternate individual raters in a judgmental
system, an alternative internally developed rating model, or third-
party credit or debt ratings.
Periodically comparing the separation power of the IRB
retail segmentation to alternative segmentations used in credit risk
management and comparing the risk parameter estimates derived from the
IRB retail segmentation with an alternative segmentation.
Quantification Benchmarking
On an ongoing basis, comparing a bank's PD, ELGD, LGD, and
EAD estimates with available alternative risk estimates, such as
business line loss forecasts or allowance methodologies. Within retail
portfolios, vintage analyses (tracking loss rates over the life of the
loan, given the same origination time and borrower characteristics) can
be compared between different origination periods.
Periodically comparing a bank's PD, ELGD, LGD, and EAD
estimates with

[[Page 9131]]

risk parameter estimates derived from alternative choices at some
step(s) of the quantification process, such as different reference data
sources, different estimation models, etc.
Outcomes Analysis
S 7-13 Banks must analyze outcomes and must develop statistical
methods to backtest their risk rating and segmentation systems and the
quantification process.
46. The third component of the validation process is outcomes
analysis, which is the comparison of risk parameter estimates and model
results with actual outcomes. Although banks are expected to employ all
the components of the validation process, the data to perform
comprehensive outcomes analysis on the existing portfolio may not be
available in the early stages of implementation and may be difficult
when a bank's process for assessing risks changes significantly.
Therefore, banks may at times need to rely more heavily on other
validation activities such as developmental evidence, process
verification, and benchmarking.\14\
---------------------------------------------------------------------------

\14\ For wholesale risk rating systems, banks face the challenge
of how to measure the system's performance when backtesting is not
conclusive. Because of the rarity of defaults in most years and the
bunching of defaults in a few years, the other parts of the
validation process will assume greater importance. If risk rating
and segmentation processes are developed in a learning environment
in which banks attempt to change and improve them, backtesting may
be delayed even further. In its early stages, the validation of risk
rating and segmentation systems will depend on bank management's
exercising informed judgment about the strength of the systems, not
simply on empirical tests.
---------------------------------------------------------------------------

47. Backtesting is the statistical comparison of estimates to
realized outcomes. Banks must back-test their risk parameter estimates
by regularly comparing actual portfolio or rating grade/segment-level
default rates, loss severities, and exposure-at-default experience with
the PD, ELGD, LGD, and EAD estimates on which risk-based capital
calculations are based. Backtesting indicates the combined
effectiveness of the assignment of exposures to wholesale obligor and
loss severity ratings or to retail segments and the quantification of
the risk parameters attached to those ratings or segments.
S 7-14 Banks should establish ranges around the estimated values of
risk parameter estimates and model results in which actual outcomes are
expected to fall and have a validation policy that requires them to
assess the reasons for differences and that outlines the timing and
type of remedial actions taken when results fall outside expected
ranges.
48. Banks have considerable flexibility in developing statistical
tests to back-test the performance of their risk rating and
segmentation systems and the accuracy of their quantification process.
Regardless of the backtesting method used, the bank should establish
expected ranges for validation results. Backtesting often will not
identify the specific reasons for discrepancies between expectations
and outcomes. Rather, it will indicate only that further investigation
is necessary.
49. When establishing expected ranges, banks should consider
relevant elements of a bank's risk rating or segmentation systems that
may affect outcomes, for example whether the system is designed to
measure risk parameter estimates at a point in time, through the cycle,
or at stressed periods. Also, changes in economic or market conditions
and portfolio composition between the historical data and data from the
present period can lead to differences between outcomes and risk
parameter estimates.
50. In establishing expected ranges, a bank should consider which
elements of its risk rating or segmentation system, and the
quantification process, are most likely to affect outcomes of the risk
parameter estimates. However, determining expected ranges can be
difficult if a bank has changed its method of quantifying risk
parameters and the estimates were calculated by a different method than
the outcomes. If so, it may be appropriate to recalculate historical
estimates in a manner consistent with the new method. If a bank adjusts
final risk parameter estimates to be conservative, it may be
appropriate to do its backtesting on the unadjusted estimates.
51. Differences in realized default, loss severity, or exposure
rates from expected ranges may point to issues in the reference data,
estimation, mapping or application elements of quantification. They may
also indicate potential problems in other parts of the risk rating or
segmentation system. The bank's validation policy should describe (at
least in broad terms) the types of responses that should be considered
when actual outcomes fall outside the expected ranges. If the
discrepancies demonstrate a systematic tendency to decrease risk-based
capital requirements, the nature and source of the bias requires even
more detailed scrutiny.

C. Minimum Frequency of Validation

S 7-15 Each of the three activities in the validation process
should be conducted often enough to ensure the ongoing integrity,
reliability, and accuracy of the IRB risk rating and segmentation
systems, and the quantification process.
S 7-16 Developmental evidence must be updated whenever significant
changes in methodology, data, or implementation occur. Other validation
activities must be ongoing and must not be limited to a point in time.
52. Process verification, benchmarking, and backtesting activities
should be conducted often enough to ensure ongoing integrity of the
risk rating and segmentation systems, and the quantification process.
For example, during high-default periods, banks should analyze realized
default and loss severity rates more frequently, perhaps quarterly.
They should document the results of validation, report them to
appropriate levels of senior risk management, and take action as
appropriate.

Chapter 8: Stress Testing of Risk-Based Capital Requirements

Rule Requirements

Part III, Section 22(j)(6): The bank must periodically stress test
its advanced systems. The stress testing must include a consideration
of how economic cycles, especially downturns, affect risk-based capital
requirements (including migration across rating grades and segments and
the credit risk mitigation benefits of double default treatment).
1. Under the IRB framework, changes in borrower credit quality will
lead to changes in the risk-based capital requirements. Because credit
quality typically improves or deteriorates in conjunction with economic
conditions, risk-based capital requirements may also vary with the
economic cycle. During an economic downturn, risk-based capital
requirements typically increase as obligors or exposures migrate toward
lower credit quality risk ratings or segments.
2. Stress testing analysis is a means of understanding how economic
cycles, especially downturns, as represented by stress scenarios, will
affect risk-based capital requirements through migration across risk
ratings or segments, effects on double default treatment, and through
effects on other relevant aspects of a bank's advanced systems.\15\
---------------------------------------------------------------------------

\15\ Stress testing is a general term that can be applied to
different types of analysis, depending on the purpose of the
exercise. Examples of stress testing that have a different purpose
than contemplated here include a stress test of bank solvency and a
stress test of an individual obligor.
---------------------------------------------------------------------------

S 8-1 Banks must conduct and document stress testing of their
advanced systems as part of managing risk-based capital.

[[Page 9132]]

3. Supervisors expect that banks will manage their risk-based
capital position so that they remain at least adequately capitalized
during all phases of the economic cycle. A bank that is able to
accurately estimate risk-based capital levels during a downturn can be
more confident of appropriately managing risk-based capital. Stress
testing analysis consists of identifying a stress scenario and then
translating that scenario into its effect on the levels of key
performance measures, including risk-based capital ratios.
4. Banks should use a range of scenarios and methods when stress
testing to manage risk-based capital. Scenarios may be historical,
hypothetical, or model-based. Key variables specified in a scenario
could include, for example, interest rates, transition matrices
(ratings and score-band segments), asset values, credit spreads, market
liquidity, economic growth rates, inflation rates, exchange rates, or
unemployment rates. A single scenario may apply to the entire
portfolio, or a number of scenarios may apply to various sub-
portfolios. The severity of the stress scenario should be consistent
with the periodic economic downturns experienced in the bank's market
areas. Such scenarios may be less severe than those used for other
purposes, such as testing a bank's solvency.
5. Given a scenario, a bank then estimates the effect of the
scenario on risk-weighted assets and its future capital ratios relative
to the risk-based capital minimums. Estimating capital ratios includes
estimating levels of capital (the numerator of the ratio) as well as
measures of risk-weighted assets (the denominator).
6. For example, suppose the scenario for both a retail and a
wholesale portfolio is a specific historical recession. For the retail
portfolio, score-band transition matrices observed during the recession
could be used to quantify migration between segments and thus supply
the new distribution of segments expected for the current portfolio,
given the scenario. For the wholesale portfolio, internal or rating
agency ratings transition matrices observed during the recession could
be used to quantify ratings migration, and thus supply the distribution
of rating grades. The distribution of segments and rating grades would
allow the calculation of risk-weighted assets that would be expected
during the recession scenario. Transitions into default would allow
banks to estimate the effects of credit losses on income and capital.
As part of this analysis, the bank should ensure that the rating
philosophy (as revealed by rating migration patterns) of the rating
agency, or any other source of ratings, associated with the recession
transition matrix is consistent with the bank's rating system, or
appropriate adjustments should be made for differences in rating
philosophy.
7. The scope of this estimation exercise should be broad and
include all material portfolios under the framework for advanced
systems. The time horizon of the stress testing analysis should be
consistent with the specifics of the scenario and should be long enough
to measure the material effects of the scenario on key performance
measures. For example, if a scenario such as a historical recession
materially affected income and segment or ratings migration over two
years, the appropriate time horizon is at least two years.
8. The bank's management of risk-based capital should also take
into account the effect of a bank's discretionary actions on risk-based
capital levels. For example, a bank's plan to reduce dividends in the
face of lowered income would, if implemented, affect retained earnings
and the capital accounts. Such discretionary actions should be
consistent with the bank's documented risk-based capital management
policy. Because discretionary plans may or may not be implemented, a
bank should estimate the relevant capital ratios both with and without
these actions.

Chapter 9: Counterparty Credit Risk Exposure

Rule Requirements

Part III, Section 22(d): Counterparty credit risk model. A bank
must obtain the prior written approval of [AGENCY] under section 32 [of
the NPR] to use the internal models methodology for counterparty credit
risk.
Part IV, Section 32: Counterparty Credit Risk

I. Overview

1. This chapter supplements the detailed discussion of counterparty
credit risk in the NPR by describing some of the elements of
counterparty credit risk mitigation, providing information that may aid
banks in choosing among the alternative methods to calculate EAD for
these transactions, and providing some descriptions and illustrative
examples of acceptable modeling practices for estimation of EAD under
the alternative methods.

II. Transactions With Counterparty Credit Risk

2. Transactions with counterparty credit risk are those where the
credit risk exposure varies with a market variable such as an interest
rate or security price. For certain transactions subject to
counterparty credit risk where there is financial collateral, a bank
may be allowed to recognize the risk mitigating effect of that
collateral through an adjustment to EAD.
3. As provided in the NPR, transactions with counterparty credit
risk for which a bank may adjust EAD rather than LGD include:
Repo-style transactions including repurchase and reverse
repurchase agreements, and securities lending and securities borrowing
transactions;
Eligible margin loans; and
Over-the-counter (``OTC'') derivatives transactions.
4. Several methods are available to calculate EAD depending on the
type of transaction, presence of eligible collateral, legal agreements
surrounding a transaction, the operational capability of a bank, and
the modeling capability of a bank:
A collateral haircut approach that includes standard
supervisory haircuts or the bank's own estimates of the haircuts--
applied to individual repo-style transactions, eligible margin loans,
and single-product groups of such transactions subject to a qualifying
master netting agreement (netting set). Additionally, the haircut
approach is available to recognize financial collateral in the current
exposure methodology for OTC derivatives;
A simple VaR methodology--applied to single-product
netting sets of repo-style transactions and eligible margin loans;
A current exposure methodology for OTC derivatives; and
An internal models methodology available for all three
transaction types.
5. Supervisor approval is required for all methods except the
collateral haircut approach using standard supervisory haircuts and the
current exposure methodology for OTC derivatives. To receive approval,
a bank should demonstrate to its primary Federal supervisor:
Internal operational processes used to determine the
eligibility of transactions for the method chosen;
Internal processes used to determine the regulatory and
legal ability to net transactions in bankruptcy;
Appropriate model validation and backtesting procedures;
Appropriate internal controls for counterparty credit
risk;
Appropriate collateral management processes, which, at a
minimum, determine whether collateral meets the definition of financial
collateral; and

[[Continued on page 9133]]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]
]

[[pp. 9133-9182]] Proposed Supervisory Guidance for Internal Ratings-Based Systems
for Credit Risk, Advanced Measurement Approaches for Operational Risk,
and the Supervisory Review Process (Pillar 2) Related to Basel II
Implementation

[[Continued from page 9132]]

[[Page 9133]]

Adequacy of the modeling techniques used and how the
models meet qualification requirements.
6. If a transaction qualifies for one of the EAD adjustment
approaches and the bank elects to use one of the EAD adjustment methods
for the transaction, collateral may only be taken into account in the
estimation of EAD and may not also affect the other parameters, such as
LGD. For eligible transactions, the capital requirement is based on an
estimate of the PD of the counterparty and LGD for an unsecured
exposure to the counterparty. The EAD is adjusted to reflect a net
exposure amount. Credit exposures that do not qualify for the EAD
adjustment approach as discussed in this section must follow the IRB
approach described elsewhere in this guidance. For those transactions,
(i) the LGD for each individual transaction can be adjusted, based on
the collateral for the transaction; and (ii) except for the current
exposure methodology for OTC derivatives, netting cannot be considered
in determining either EAD or PD.

III. Definitions

7. A repo-style transaction is a repurchase or reverse repurchase
transaction, or a securities borrowing or securities lending
transaction, including a transaction in which the bank acts as agent
for a customer and indemnifies the customer against loss, provided
that:
The transaction is based solely on liquid and readily
marketable securities or cash;
The transaction is marked to market daily and subject to
daily margin maintenance requirements;
The transaction is executed under an agreement that
provides the bank the right to accelerate, terminate, and close-out the
transaction on a net basis and to liquidate or set off collateral
promptly upon an event of default (including upon an event of
bankruptcy, insolvency, or similar proceeding) of the counterparty,
provided that, in any such case, any exercise of rights under the
agreement will not be stayed or avoided under applicable law in the
relevant jurisdictions; \16\ and
---------------------------------------------------------------------------

\16\ Where all transactions under the agreement are (i) executed
under U.S. law and (ii) constitute ``securities contracts'' or
``repurchase agreements '' under section 555 or 559, respectively,
of the Bankruptcy Code (11 U.S.C. 555 or 559), qualified financial
contracts under section 11(e)(8) of the Federal Deposit Insurance
Act (12 U.S.C. 1821(e)(8)), or netting contracts between or among
financial institutions under sections 401-407 of the Federal Deposit
Insurance Corporation Improvement Act of 1991 (12 U.S.C. 4401-4407)
or the Federal Reserve Board's Regulation EE (12 CFR Part 231), this
requirement is deemed to be met.
---------------------------------------------------------------------------

The bank has conducted and documented sufficient legal
review to conclude with a well-founded basis that the agreement
mentioned above meets these requirements and is legal, valid, binding,
and enforceable under applicable law in the relevant jurisdictions.
8. An eligible margin loan is an extension of credit where:
The credit extension is collateralized exclusively by debt
or equity securities that are liquid and readily marketable;
The collateral is marked to market daily and the
transaction is subject to daily margin maintenance requirements;
The extension of credit is conducted under an agreement
that provides the bank the right to accelerate and terminate the
extension of credit and to liquidate or set off collateral promptly
upon an event of default (including upon an event of bankruptcy,
insolvency, or similar proceeding) of the counterparty, provided that,
in any such case, any exercise of rights under the agreement will not
be stayed or avoided under applicable law in the relevant
jurisdictions; and
The bank has conducted and documented sufficient legal
review to conclude with a well-founded basis that the agreement
mentioned above meets these requirements and is legal, valid, binding,
and enforceable under applicable law in the relevant jurisdictions.
9. An OTC derivative contract is a derivative contract that is not
traded on an exchange that requires the daily receipt and payment of
cash-variation margin.
A derivative contract means a financial contract whose
value is derived from the values of one or more underlying assets,
reference rates, or indices of asset values or reference rates.
Derivative contracts include interest rate derivative contracts,
exchange rate derivative contracts, equity derivative contracts,
commodity derivative contracts, credit derivatives, and any other
instrument that poses similar counterparty credit risk.
Derivative contracts also include unsettled securities,
commodities, and foreign exchange transactions with a contractual
settlement or delivery lag that is longer than the lesser of the market
standard for the particular instrument or 5 business days. This would
include, for example, agency mortgage-backed securities transactions
conducted in the To-Be-Announced market.
10. Financial collateral is the following set of financial
instruments in which the bank has a perfected, first priority security
interest or the legal equivalent:
Cash on deposit with the bank (including cash held for the
bank by a third-party custodian or trustee);
Gold bullion;
Long-term debt securities that have an applicable external
rating of one category below investment grade or higher (e.g., at least
BB-);
Short-term debt instruments that have an applicable
external rating of at least investment grade (e.g., at least A-3);
Equity securities that are publicly traded;
Convertible bonds that are publicly traded; and
Money market mutual fund shares and other mutual fund
shares if a price for the shares is publicly quoted daily.

IV. Netting

S 9-1 All transactions with a counterparty subject to a qualifying
master netting agreement constitute a netting set and may be treated as
a single exposure, otherwise each transaction shall have its risk-based
capital requirement calculated on a standalone basis.
11. Counterparty credit risk may be calculated at the level of a
netting set. Consistent with the industry's general practice for
computing exposures to counterparty credit risk, a bank can estimate
the exposure amount or EAD, and calculate the associated capital
requirement on the basis of one or more defined bilateral ``netting
sets.'' A ``netting set'' is a group of transactions with a single
counterparty that are subject to a legally enforceable bilateral
netting agreement that meets the requirements to be a qualifying master
netting agreement or qualifying cross product master netting agreement
under the terms of the NPR. If a transaction with a counterparty is not
subject to a qualifying master netting agreement, it comprises its own
netting set and the EAD will need to be calculated for that transaction
on its own. The total exposure amount or EAD for a given counterparty
is the sum of the exposure amounts or EADs of the individual netting
sets with that counterparty.
12. Cross-product netting allows for banks using the internal
models methodology to recognize bilateral netting arrangements across
repo-style transactions, eligible margin loans, and OTC derivatives. To
recognize cross-product netting for risk-based capital purposes:
Transactions must be conducted under a qualifying master
netting agreement;
A bank must be able to effectively integrate the risk-
mitigating effects of cross-product netting into its risk

[[Page 9134]]

management and other information technology systems; and
The bank must obtain the prior written approval of its
primary Federal supervisor.
13. Netting other than on a bilateral basis, such as netting across
transactions entered into by affiliates (known as cross-affiliate
netting), is not recognized for the purposes of calculating risk-based
capital requirements.

V. Determination of Eligibility for EAD Adjustment

S 9-2 Banks should have an appropriately documented process for
determining whether transactions are eligible for an EAD adjustment
approach if they choose to use an EAD adjustment approach.
14. The process for determining if a transaction is eligible for an
EAD adjustment approach should consider whether the transaction meets
the definition of a repo-style transaction, eligible margin loan, or
OTC derivative. In addition, it must consider the operational
requirements for tracking the exposures of such transactions. To
determine which EAD adjustment approach to apply, the bank should
consider the treatment for similar transactions, the need for
regulatory approval, operational and legal requirements, and the scope
and complexity of the bank's business in each of the areas. In
addition, banks should consider whether transactions otherwise eligible
for the EAD adjustment approach are subject to the automatic stay under
the U.S. Bankruptcy Code or similar provisions under other applicable
bankruptcy law.

VI. Methods for Determining EAD

15. There are three EAD-based methodologies--a collateral haircut
approach, a simple VaR methodology, and an internal model methodology--
that a bank may use instead of an ELGD/LGD estimation methodology to
recognize the benefits of financial collateral in mitigating the
counterparty credit risk associated with repo-style transactions and
eligible margin loans. For OTC derivative contracts, there are two EAD-
based methodologies--the current exposure methodology and an internal
models methodology. The current exposure methodology for calculating
EAD for an OTC derivative contract or set of OTC derivative contracts
subject to a qualifying master netting agreement is similar to the
methodology in the general risk-based capital rules.\17\ If the OTC
derivative is collateralized and the internal models methodology is
used, the collateral is recognized within that approach. If the OTC
derivative contract is collateralized and the current exposure
methodology is used, the bank may use either the ELGD/LGD estimation
methodology to recognize the benefits of financial collateral or the
collateral haircut approach. Table 1 illustrates which EAD estimation
methodologies may be applied to particular types of exposure.
---------------------------------------------------------------------------

\17\ The general risk-based capital rules are in 12 CFR part 3,
Appendix A (national banks), 12 CFR part 208, Appendix A (state
member banks), 12 CFR part 225, Appendix A (bank holding companies),
12 CFR part 325, Appendix A (state non-member banks), and 12 CFR
part 567 (savings associations).
\18\ Only repo-style transactions and eligible margin loans
subject to a single-product qualifying master netting agreement are
eligible for the simple VaR methodology.
\19\ In conjunction with the current exposure methodology.

Table 1
----------------------------------------------------------------------------------------------------------------
Models approach
Current exposure Collateral haircut ---------------------------------------
methodology approach Simple VaR \18\ Internal models
methodology methodology
----------------------------------------------------------------------------------------------------------------
OTC derivative.................. Yes............... No................ No................ Yes.
Recognition of collateral for No................ Yes \19\.......... No................ Yes.
OTC derivatives.
Repo-style transaction.......... No................ Yes............... Yes............... Yes.
Eligible margin loan............ No................ Yes............... Yes............... Yes.
Cross-product netting set....... No................ No................ No................ Yes.
----------------------------------------------------------------------------------------------------------------

S 9-3 Banks must use the same method for determining risk-based
capital requirements for all similar transactions.
16. Banks must use the same method for similar transactions, but
may use different methods for different transaction types. A bank may
use a separate methodology for agency securities lending transactions--
that is, repo-style transactions in which the bank, acting as agent for
a customer, lends the customer's securities and indemnifies the
customer against loss--and all other repo-style transactions.
S 9-4 The method for calculating EAD for transactions subject to
counterparty credit risk should be appropriate for the risk, extent,
and complexity of the bank's activity.
17. Banks that are engaged in prime brokerage, market making, and
other sophisticated securities financing and repurchase activities
should consider using the VaR model approach or the internal models
approach. Banks that do not engage in such activities but are
principally using repurchase agreements and other financial contracts
for liquidity, cash management, and other risk management purposes may
use a collateral haircut approach for eligible margin loans and repo-
style transactions, and the current exposure methodology for OTC
derivatives.

A. Methodologies for Repo-Style Transactions and Eligible Margin Loans

18. Under any of the available methodologies for repo-style
transactions and eligible margin loans, a bank can recognize the risk
mitigating effect of financial collateral that secures a repo-style
transaction, eligible margin loan, or single-product netting set of
such transactions subject to a qualifying master netting agreement
through an adjustment to EAD rather than ELGD and LGD. The bank may use
a collateral haircut approach or one of two models approaches: A simple
VaR methodology (for single-product netting sets of repo-style
transactions or eligible margin loans) or an internal models
methodology (the internal models methodology is described under the
methods for OTC derivatives, but may be applied to repo-style
transactions and margin loans as well). Figure 1 illustrates the
methodologies available for eligible margin loans and repo-style
transactions.

[[Page 9135]]

[GRAPHIC] [TIFF OMITTED] TN28FE07.005

Collateral Haircut Approach
19. Under the collateral haircut approach, a bank would set EAD
equal to the sum of three quantities:
The value of the exposure less the value of the
collateral;
The sum across all securities of (i) the absolute value of
the net position in a given security (where the net position in a given
security equals the sum of the current market values of the particular
security the bank has lent, sold subject to repurchase, or posted as
collateral to the counterparty minus the sum of the current market
values of that same security the bank has borrowed, purchased subject
to resale, or taken as collateral from the counterparty); multiplied by
(ii) the market price volatility haircut appropriate to that security;
and
The sum across all currencies different from the
settlement currency of (i) the absolute value of the net position of
both cash and securities in a given currency; multiplied by (ii) the
haircut appropriate to that currency mismatch.
To determine the appropriate haircuts, a bank could choose to use
standard supervisory haircuts or its own estimates of haircuts.
20. For purposes of the collateral haircut approach, a ``given
security'' would include, for example, all securities with a single
Committee on Uniform Securities Identification Procedures (``CUSIP'')
number and would not include securities with different CUSIP numbers,
even if issued by the same issuer with the same maturity date.

Standard Supervisory Haircuts

21. If a bank chooses to use standard supervisory haircuts, it
would use an eight percent haircut for each currency mismatch and the
haircut appropriate to each security in Table 2 below. The haircuts in
the table assume a 10 business-day holding period (appropriate for
eligible margin loans). These haircuts must be multiplied by the square
root of \1/2\ to convert the standard supervisory haircuts from the 10
business-day holding period to the 5 business-day holding period
appropriate for repo-style transactions. A bank would be required to
adjust the supervisory haircuts upward to a holding period longer than
10 business days for eligible margin loans or 5 business days for repo-
style transactions to take into account collateral illiquidity. To
convert the haircut to a holding period longer than 10 business days,
the haircut should be multiplied by the square root of the ratio of the
actual holding period to the 10 business day minimum holding period. As
an example, assume a bank that uses standard supervisory haircuts has
extended an eligible margin loan of $100 that is collateralized by 5-
year U.S. Treasury notes with a market value of $100. The value of the
exposure less the value of the collateral would be zero, and the net
position in the security ($100) times the supervisory haircut (.02)
would be $2. There is no currency

[[Page 9136]]

mismatch. Therefore, the EAD of the exposure would be $0 + $2 = $2.
---------------------------------------------------------------------------

\20\ The market price volatility haircuts in Table 2 are based
on a 10-business-day holding period.
\21\ Residual maturity refers to the residual contractual
maturity of the debt security. For example, the remaining maturity
to call dates or reset dates for floating rate notes should not be
used for the residual maturity.
\22\ The proposed rule defines a ``main index'' as the S&P 500
Index, the FTSE All-World Index, and any other index approved by the
bank's primary Federal supervisor for purposes of the rule.

Table 2.--Standard Supervisory Market Price Volatility Haircuts \20\
----------------------------------------------------------------------------------------------------------------
Issuers exempt
External rating grade category for debt Residual maturity for debt from the 3 b.p. Other issuers
securities securities\21\ floor
----------------------------------------------------------------------------------------------------------------
Two highest investment grade rating < =1 year....................... .005 .01
categories for long-term ratings/highest
investment grade rating category for short-
term ratings.
>1 year, <=5 years............. .02 .04
>5 years....................... .04 .08
Two lowest investment grade rating categories < =1 year....................... .01 .02
for both short- and long-term ratings.
>1 year, <=5 years............. .03 .06
>5 years....................... .06 .12
One rating category below investment grade... All............................ .15 .25
Main index equities \22\ (including convertible bonds) and gold.......15 .....
Other publicly-traded equities (including convertible bonds)..........25 .....
Mutual funds.....................................Highest haircut applicable to any security in
which the fund can invest
Cash on deposit with the bank (including a certificate of deposit issue0 by
the bank).
----------------------------------------------------------------------------------------------------------------

Own Estimates of Haircuts

22. With the prior written approval of the bank's primary Federal
supervisor, a bank may calculate security type and currency mismatch
haircuts using its own internal estimates of market price volatility
and foreign exchange volatility. When a bank calculates its own
estimates haircut on a TN-day holding period, which is
different from the minimum holding period for the transaction type, the
applicable haircut (HM) is calculated using the following
square root of time formula:
[GRAPHIC] [TIFF OMITTED] TN28FE07.006

where

(i) TM = 5 for repo-style transactions and 10 for
eligible margin loans;
(ii) TN = holding period used by the bank to derive
HN and
(iii) HN = haircut based on the holding period
TN.

Requirements for the Use of Internally Estimated Haircuts

23. A bank must meet the following eligibility requirements to use
internal estimates of collateral haircuts:
The bank must use a 99th percentile one-tailed confidence
interval, a minimum five-business-day holding period for repo-style
transactions, and a minimum 10-business-day holding period for eligible
margin loans;
The bank must adjust holding periods upward where and as
appropriate to take into account the illiquidity of an instrument;
The bank must select a historical observation period for
calculating haircuts of at least one year;
The bank must update its data sets and re-compute haircuts
no less frequently than quarterly and must reassess its data sets and
haircuts whenever market prices change materially; and
The bank generally must estimate individually the
volatilities of each security and foreign exchange rate separately, and
may not take into account the correlations between them.
Simple VaR Methodology
24. With the prior written approval of its primary Federal
supervisor, a bank may estimate EAD for repo-style transactions and
eligible margin loans subject to a qualifying master netting agreement
using a VaR model. Under the simple VaR methodology, a bank's EAD for
the transactions subject to such a netting agreement would be equal to
the value of the exposures minus the value of the collateral plus a
VaR-based estimate of the potential future exposure (``PFE'').
25. The VaR model must estimate the PFE as the bank's empirically-
based, best estimate of the 99th percentile, one-tailed confidence
interval for an increase in the value of the net collateralized
exposure ([Sigma]E-[Sigma]C) over a 5-business-day holding period for
repo-style transactions or over a 10-business-day holding period for
eligible margin loans using a minimum one-year historical observation
period of price data on the instruments that the bank has lent, sold
subject to repurchase, posted as collateral, borrowed, purchased
subject to resale, or taken as collateral. In cases where the
underlying collateral is less liquid, a longer time period may be
appropriate.
S 9-5 Banks that use the VaR model approach for single product
netting sets of repo-style transactions or eligible margin loans must
conduct rigorous and regular backtesting to validate its model.
26. The qualifying requirements for the use of such a model are
less stringent than the qualification requirements for the internal
model methodology described below. In principle, the VaR model
generally should meet the quantitative and qualitative criteria for
recognition of internal market risk models set out in the Market Risk
Amendment (``MRA''). The main ongoing qualification requirement for
using the simple VaR model is that the bank must validate its VaR model
by establishing and maintaining a rigorous and regular backtesting
regime to ensure the validity of the model the bank uses. A backtesting
regime that is conducted once every quarter to compare values of one,
five, and/or ten day 99 percent VaRs with changes in market values of
representative portfolios would be appropriate and generally would be a
part of a regular program of backtesting.

[[Page 9137]]

27. In general, the repo-style backtest should include the
backtesting of several representative portfolios that compares the one
day 99 percent VaR figure with the change in market value for each
portfolio tested. The representative portfolios could be based on
actual counterparty portfolios, hypothetical portfolios, or a
combination of real and hypothetical portfolios that are designed to
test specific aspects of the model, or specific risk factors.

B. EAD for OTC Derivative Contracts

28. A bank may use either the current exposure methodology or the
internal models methodology to determine the EAD for OTC derivative
contracts. Figure 2 illustrates the possible methodologies for the
calculation of EAD for OTC derivatives.
[GRAPHIC] [TIFF OMITTED] TN28FE07.007

Current Exposure Methodology
29. The current exposure methodology for determining EAD for OTC
derivative contracts is similar to the methodology set forth in the
general risk-based capital rules, in that the EAD for an OTC derivative
contract would be equal to the sum of the bank's current credit
exposure and potential future exposure (``PFE'') on the derivative
contract. The proposal's conversion factor (``CF'') matrix used to
compute PFE is based on the matrices in the general risk-based capital
rules, with two exceptions:
The CF for credit derivatives that are not used to hedge
the credit risk of exposures subject to an IRB risk-based capital
requirement is specified to be 5.0 percent for contracts with
investment grade reference obligors and 10.0 percent for contracts with
non-investment grade obligors. The CFs for credit derivative contracts
do not depend on the remaining maturity of the contract; and
Floating/floating basis swaps are not exempt from the CF
for interest rate derivative contracts.
30. A bank may reflect the credit risk mitigating effects of
financial collateral by adjusting the ELGD and LGD of the contract or
exposure. Alternatively, if the transaction is subject to daily
marking-to-market and re-margining, the bank may adjust the EAD of the
contract using the collateral haircut approach for repo-style
transactions and eligible margin loans. A bank applying the collateral
haircut approach to OTC derivatives must use a 10-business-day minimum
holding period.

[[Page 9138]]

C. Internal Models Methodology

31. The internal models methodology for the calculation of EAD can
be applied to repo-style transactions, eligible margin loans, and OTC
derivatives. The internal models methodology requires a risk model that
captures counterparty credit risk and estimates EAD at the level of a
``netting set,'' that is, transactions with a single counterparty that
are subject to a qualifying master netting agreement. A transaction not
subject to a qualifying master netting agreement is considered to be
its own netting set and EAD must be calculated for each such
transaction individually. A bank may use the internal model methodology
for OTC derivatives (collateralized or uncollateralized) and single-
product netting sets thereof, for eligible margin loans and single-
product netting sets thereof, or for repo-style transactions and
single-product netting sets thereof. A bank may choose to use the
internal models methodology for one or two of these three types of
exposures and not the other types. As described in paragraph 12 of this
chapter, in cases where a bank has been approved by its primary Federal
supervisor to incorporate the effects of cross-product netting
agreements in their internal models methodology, the bank may use the
internal models methodology for combinations of repo-style
transactions, eligible margin loans, and OTC derivatives conducted
under a qualifying cross-product netting agreement.
32. Banks use several measures to manage their exposure to
counterparty credit risk, including peak exposure (``PE''), expected
exposure (``EE''), and expected positive exposure (``EPE''). PE is the
maximum exposure estimated to occur on a future date at a high level of
statistical confidence. Banks often use PE when measuring counterparty
credit risk exposure against counterparty credit limits. EE is the
probability-weighted average exposure to a counterparty estimated to
exist at any specified future date, whereas EPE is the time-weighted
average of individual expected exposures to a counterparty where the
weights are the proportion of the time interval that an individual
exposure represents.
33. Effective EPE, described below, is to be used in the
calculation of EAD under the internal models methodology. EAD is
calculated as a multiple of effective EPE.
34. EE and EPE may not capture additional risk arising from the
replacement of existing short-term positions over the one year horizon
used for risk-based capital requirements (that is, rollover risk) or
may underestimate the exposures of eligible margin loans, repo-style
transactions, and OTC derivatives with short maturities. For this
reason, a netting set's ``effective EPE'' will be used as the basis for
calculating EAD for counterparty credit risk. Effective EPE is the
time-weighted average of effective EE over one year where the weights
are the proportion that an individual effective EE represents in a one-
year time interval. If all contracts in a netting set mature before one
year, effective EPE is the average of effective EE until all contracts
in the netting set mature. Effective EE is defined as:

Effective EEtk = max (Effective EEtk-1,
EEtk)

where exposure is measured at future dates t1, t2, t3, * * * and
effective EEt0 equals current exposure. Under the internal
models methodology, a measure that is more conservative than effective
EPE for every counterparty (for example, a measure based on peak
exposure) can be used in place of effective EPE with prior approval of
the primary Federal supervisor.
35. The internal model methodology scales effective EPE using a
multiplier, termed ``alpha.'' Alpha is set at 1.4; a bank's primary
Federal supervisor has the flexibility to raise this value in
appropriate situations. With approval of the primary Federal
supervisor, a bank may use its own estimate of alpha as described
below, subject to a floor of 1.2.
36. The maturity adjustment for transactions under the internal
models methodology is described in the NPR. This maturity formula for M
is based on the effective credit duration of the counterparty exposure.
A bank that uses an internal model to calculate a one-sided credit
valuation adjustment can use the effective credit duration estimated by
such a model for maturity, M, if the bank can demonstrate to its
primary Federal supervisor that the effective credit duration used by
the bank gives the same value for M as the maturity formula for
Counterparty Credit Risk (``CCR'') described in the NPR.
A Description of the Modeling Process for Effective Expected Positive
Exposure
37. The basis of the calculation is to forecast, based on observed
price movements, the range of possible values that a portfolio of
transactions with a counterparty that constitute a netting set can take
in the future and assign probabilities to those possible values. This
is the statistical probability distribution of the market values for
the portfolio. There are many possible methods for making this forecast
ranging from Monte Carlo simulation to using an analytic formula.
38. The process generally starts with a calculation of the current
market value of the transactions with a counterparty that are in a
netting set. Cases where the current market value of the netting set is
positive represent an exposure to the counterparty (the counterparty
owes the bank money). Cases where the current market value is negative
do not represent exposures to the counterparty since the bank owes the
counterparty money. To determine the current exposure, the market value
of collateral posted by the counterparty is subtracted from the current
market value of the netting set. If this difference is negative the
current exposure is zero.
39. The distribution of exposures on a future date can also include
the exposure reducing effect of financial collateral. In cases where
financial collateral is held, the distribution of market values of the
positions and the collateral held against the netting set is calculated
together and cases of negative combined market values of transactions
and collateral are set to zero since they do not represent a credit
exposure if the counterparty were to default (the counterparty has
posted more collateral than it owes the bank, or the bank owes the
counterparty).
40. The bank will have to determine for which future dates to
calculate probability distributions of the market value of transactions
in the netting set. These should be chosen to accurately reflect the
cashflows of transactions in a netting set.
41. For these future dates (e.g., 1, 3, 5, and 10 days in the
future and every month out to one year \23\) the bank will calculate
the distribution of market values for the netting set.
---------------------------------------------------------------------------

\23\ These example dates are given to clarify the meaning of
future dates, they do not represent a requirement. As described in
paragraph 47 of this chapter, as well as in the NPR, a large number
of future dates may be computationally burdensome, and the number of
future dates will depend explicitly on a trade off between the
ability to calculate effective EPE in an expeditious manner and the
accuracy of the computation.
---------------------------------------------------------------------------

42. Expected exposure (``EE'') is defined as the expected value of
the probability distribution of credit risk exposures to a counterparty
at any specified future date before the maturity date of the longest
term transaction in the netting set. Banks will need to convert from
market values of transactions to credit risk exposures to make this
calculation. When the transactions in a netting set have a

[[Page 9139]]

positive value, the counterparty owes money to the bank and there is a
credit risk exposure equal to the positive market value of the
transactions. When the transactions have a negative market value, the
bank owes the counterparty money and there is no credit risk exposure.
Generally, banks will start by calculating the probability distribution
of the market value of the transactions in a netting set with a
counterparty on a future date. To convert from a probability
distribution of market values to a probability distribution of credit
risk exposures, cases where the market value is negative should
correspond to a credit risk exposure of zero, and cases where the
market value is positive should correspond to a credit risk exposure
equal to the market value of the transactions. This means that expected
exposure includes in the probability weighted average a value of zero
for all cases where the market value, including the effect of
collateral, is negative.
43. Effective expected exposure on a future date is the greater of
expected exposure on that date or effective expected exposure on the
previous future date. Effective expected exposure is calculated
recursively, and the value for the first future date should be the
greater of the expected exposure calculated on that date or the current
exposure. This means that effective expected exposure is not allowed to
decline as one moves to future dates that are further in the future,
and that effective expected exposure will always be greater than or
equal to current exposure.
44. Effective expected positive exposure then takes the time-
weighted average of effective expected exposures. For example, if
effective expected exposure is calculated each month for the first six
months as 5, 6, 6, 6, 7 and 7 in order, and each quarter for the second
half of the year as 7 and 7, respectively, then those first six monthly
values would each get a weight of 1/12 and the quarterly observations
in the second half of the year would each get a weight of 1/4 in the
average. Effective expected positive exposure using these values at
these dates would be 6.583.
45. If the longest maturity contract in the netting set was less
than a year then the effective expected positive exposure only includes
the effective expected exposures out to the longest maturity and the
time-weighted average only goes out to the longest maturity. For
example, if the longest maturity contract in the netting set is 5
months and the effective expected exposures are calculated for each
month for those five months as (3, 3, 4, 4, 6), each monthly
calculation would get a weight of 1/5 and the effective expected
positive exposure would be 4. The zero exposure values for months six
through twelve would not be included in the average nor would the
average be computed over a full year.
Requirements for the Internal Models Methodology
S 9-6 Banks must meet certain qualifying criteria that consist of
operational requirements, modeling standards, and model validation
requirements before receiving their primary Federal supervisor's
approval to use the internal models method.
46. Banks must have the systems capability to estimate EE on a
daily basis. While this does not require the bank to report EE daily,
or even to estimate EE daily, the bank must be able to demonstrate that
it is capable of performing the estimation daily.
47. Banks must estimate EE at enough future time points to
accurately reflect all future cash flows of contracts in the netting
set. In order to accurately reflect the exposure arising from a
transaction, the model should incorporate those contractual provisions,
such as reset dates, that can materially affect the timing,
probability, or amount of any payment. The requirement reflects the
need for an accurate estimate of effective EPE. However, in order to
balance the ability to calculate exposures with the need for
information on a timely basis, the number of time points is not
specified. Supervisors will assess the tradeoff between the computation
requirements of more future time points against the need for the
ability to perform timely assessments of counterparty credit risk in
determining the number of time points that banks should use in
establishing a counterparty's EE profile. EE should be calculated for
enough future dates to accurately reflect the timing of cash flows.
This accuracy should be subject to the bank's internal review process.
48. Banks must have been using an internal model that broadly meets
the minimum standards to calculate the distributions of exposures upon
which the EAD calculation is based for a period of at least one year
prior to approval. This requirement is to ensure that the bank has
integrated the modeling into its counterparty credit risk management
process.
49. Bank models must account for the non-normality of exposure
distribution where appropriate. Non-normality of exposures means that
high loss events occur more frequently than would be expected on the
basis of a normal distribution, the statistical term for which is
leptokurtosis. In many instances, there may not be a need to account
for this. The characteristics of leptokurtosis will have a greater
proportional effect on the measures of peak exposure (or some high
threshold percentile measure) than on the measure of expected exposure
used here. However, the bank should adjust its EAD measure
appropriately when the underlying distribution of the market risk
factors displays a significant degree of leptokurtosis.
50. Banks must measure, monitor, and control both current exposure
to counterparties and counterparty credit risk over the whole life of
the contracts in a netting set with a counterparty. The bank should
exercise active management of both existing exposure and exposure that
could change in the future due to market moves.
51. Banks must measure and manage current exposures gross and net
of collateral held, where appropriate. The bank must estimate expected
exposure for OTC derivatives contracts both with and without the
effects of collateral agreements.
52. Banks must have procedures to identify, monitor, and control
specific wrong way risk throughout the life of an exposure. Wrong way
risk in this context is the risk that future exposure to a counterparty
will be high when the counterparty's probability of default is also
high.
53. The data used by banks should be adequate for the measurement
and modeling of the exposures. In particular, current exposures must be
calculated on the basis of current and accurate market data. When
historical data are used to estimate model parameters, at least three
years of data that cover a wide range of economic conditions must be
used. This requirement reflects the longer horizon for counterparty
credit risk exposures compared to market risk exposures. The data
should be updated at least quarterly or more frequently when conditions
warrant. Banks are also encouraged to incorporate model parameters
based on forward-looking measures.
S 9-7 Banks that use the internal models methodology for
counterparty credit risk transactions must establish initial model
validation and ongoing model review procedures. The model review should
consider whether the inputs and risk factors as well as the model
outputs are appropriate. The review of outputs should include a
backtesting regime that compares the model's output with realized
exposures.

[[Page 9140]]

54. Because counterparty exposures are driven by movements in
market variables, the validation of an EPE model is similar to the
validation of a VaR model that is used to measure market risk. A
validation of either type of model compares forecasted changes in value
to realized changes. However, the EPE simulation model forms an average
of credit exposures over a 1-year time horizon, whereas a market risk
VaR typically forms an estimate of value changes. These differences
make backtesting internal models used to measure counterparty credit
risk more difficult to conduct and reliably interpret than backtesting
VaR models used to measure market risk.
55. The pricing models used to calculate counterparty credit risk
exposure for a given scenario of future shocks to market risk factors
should be tested as part of the model validation process. These pricing
models may be different from those used to calculate VaR over a short
horizon. Pricing models should account for the nonlinearity of option
value with respect to market risk factors where appropriate.
56. Historical backtesting on representative counterparty
portfolios should be part of the model validation process. The
representative portfolio should be held fixed over the backtesting
interval. A bank should conduct such backtesting on a number of
representative counterparty portfolios (actual or hypothetical) looking
back an appropriate time period. These representative portfolios should
be chosen based on their sensitivity to the material risk factors and
correlations to which the firm is exposed. It would appropriate to
conduct such backtests once each quarter.
57. Starting at a particular historical date, the backtest would
use the internal model to forecast each portfolio's probability
distribution of exposure at various time horizons. Using historical
data on movements in market risk factors, the backtest then computes
the actual exposures that would have occurred on each portfolio at each
time horizon assuming no change in the portfolio's composition. These
realized exposures would then be compared with the model's forecast
distribution at various time horizons. The above should be repeated for
several historical dates covering a wide range of market conditions
(e.g., rising rates, falling rates, quiet markets, volatile markets).
Significant differences between the realized exposures and the model's
forecast distribution could indicate a problem with the model or the
underlying data.

Modeling Requirements for the Internal Models Method

Time Horizon
58. The time horizon over which the time-weighted average of
effective expected exposures is taken for the calculation of effective
expected positive exposure is one year or the longest maturity of any
transaction in a netting set, whichever is shorter. Examples are
provided in paragraphs 44 and 45. Banks which receive approval to
incorporate the effect of collateral agreements using the shortcut
method described below may also use a shorter time horizon than one
year.
Recognition of Collateral
59. With the prior written approval of its primary Federal
supervisor, a bank may fully incorporate into its internal model the
effect of a collateral agreement that requires receipt of collateral
when exposure to the counterparty increases. Banks may not capture the
effects of agreements that require receipt of collateral when
counterparty credit quality deteriorates. A bank may use a shortcut
method where the effective EPE is equal to the lesser of:
The threshold, defined as the exposure amount at which the
counterparty is required to post collateral under the collateral
agreement, if the threshold is positive, plus an add-on that reflects
the potential increase in exposure over the margin period of risk. The
add-on is computed as the expected increase in the netting set's
exposure beginning from current exposure of zero over the margin period
of risk. The margin period of risk is defined in the NPR. The minimum
margin period of risk is 5 business days for repo-style transactions
and 10 business days for other transactions when liquid collateral is
posted under a daily margin maintenance requirement. This period should
be extended to cover any additional time between margin calls, any
potential close out difficulties, and the time to sell out collateral,
particularly if it is illiquid; or
Effective EPE without a collateral agreement.

Risk Management and Modeling

60. The modeling approval requirements reflect the need for
accurate and timely estimates of EAD, secure contractual rights for
collateral and netting, sound management of counterparty credit risk
using appropriate risk measures, consideration of risks that are
outside of models when managing risk, and an operational system that
facilitates the management of counterparty credit risk using the
appropriate models and tools.
61. The use of effective EPE for determining risk-based capital
requirements does not necessitate the use of effective EPE for setting
counterparty exposure limits. Peak exposure may be, and often is, a
more appropriate measure to limit counterparty exposures. However, the
probability distributions of future exposures that are used for the
effective EPE calculation should be the same as those used for risk
management and limit setting. This underlying distribution of future
exposures should be used for one year at the bank prior to the bank
being approved to use internal models for its risk-based capital
calculation, but not necessarily to calculate EPE or Effective EPE.
62. Banks should estimate the probability distribution of future
exposures out to the longest remaining maturity of any contract with a
counterparty, even though Effective EPE for risk-based capital purposes
is calculated over one year. The exposures beyond one year must be
monitored and controlled by the bank.
63. The bank should exercise active management of both existing
exposure and exposure that could change in the future due to market
moves. The bank should measure, monitor, and control the exposure to a
counterparty over the whole life of all contracts in the netting set,
in addition to accurately measuring and actively monitoring the current
exposure to counterparties.
Alternative Models for Counterparty Credit Risk
64. Banks that opt to use the internal models method can choose to
model EAD for some transactions using a model different than an alpha
(of 1.4 or higher) times effective EPE. The bank must receive approval
of its primary Federal supervisor in such cases, and must demonstrate
to its supervisor that the alternative model is more conservative than
effective EPE multiplied by an alpha of 1.4 for each counterparty. This
demonstration is necessary to receive initial approval, and should be
demonstrated to the primary Federal supervisor whenever circumstances
change. For example, banks may already have a peak exposure model for
some transactions that is more conservative than effective EPE
multiplied by 1.4. Rather than develop an Effective EPE model, the bank
may choose to continue to use the peak exposure model for these
transactions for a period of time, while adopting an effective EPE
model for other transactions. The bank would have to

[[Page 9141]]

demonstrate that it meets the qualification requirements to use an
internal model for the peak exposure model and that the model results
in a conservative EAD.
65. Cases where a bank might opt to use a more conservative model
than alpha times effective EPE include transactions for which the bank
has legacy models, new business lines, and structured transactions that
are not expected to comprise an ongoing business and the conservative
model is less computationally intensive.
66. Alternative models for counterparty credit risk should be
applied to all similar transactions.
Own Estimates of Alpha
67. The value of alpha for a bank using internal models of EPE is
1.4 unless (i) the primary Federal supervisor raises the value of alpha
in appropriate circumstances based on the bank's specific
characteristics of counterparty credit risk or (ii) the bank meets the
requirements outlined in the NPR and has supervisory approval to use
its own estimate of alpha. A bank with sufficiently sophisticated
models that can perform the necessary credit and market risk
simulations and that has supervisory approval to do its own estimate of
alpha may use the greater of that estimated alpha or 1.2.
68. For banks that receive supervisory approval to model alpha,
[GRAPHIC] [TIFF OMITTED] TN28FE07.008

Where:

ULCCR = the bank's own internal estimate of the 99.9
percentile unexpected losses from CCR over a one-year time horizon,
and
ULBII = the measure of unexpected losses from CCR using
the Basel II risk-based capital requirement, but with the EAD
component of that requirement calculated using an alpha set equal to
1.0.

69. The estimate of alpha is calculated as the ratio of the bank's
internal measure of unexpected losses due to counterparty credit risk
at a one-year 99.9 percent confidence level (numerator) to the estimate
of losses using the internal model method in the NPR, but with alpha
set equal to one (denominator). This ratio must be run at least
quarterly, and evidence of the stability of this estimate over a
quarter should be presented to the bank's primary Federal supervisor.
70. The numerator is determined considering the PD, EAD, and LGD
together to determine unexpected losses. A simulation, or other model,
which considers the variation of PD and EAD together should be used to
determine the distribution of counterparty credit losses. The estimate
of unexpected losses at a one-year 99.9 percent confidence level should
capture the correlation of a counterparty's PD with exposure, the
effect of concentrated exposures, the proportion of a counterparty
exposure that is accounted for by a market risk factor, and the
correlation of exposures across counterparties.
71. The bank should provide a description of the sources of model
risk for the calculation of the numerator. The primary Federal
supervisor will review the models to determine if the internally
estimated alpha is acceptable, if any adjustment to the internally
estimated alpha is necessary, or if the models used to estimate alpha
need to be adjusted.
72. If a bank uses a conservative internal model to determine EAD
for some transactions, the primary Federal supervisor may require the
bank to remove these transactions from both the numerator and
denominator for the purposes of estimating alpha.
Counterparty Credit Risk Mitigation Using Credit Derivatives
73. Under the internal models method, the reference instrument
underlying a credit derivative that pays the bank on the default of a
counterparty may be entered as a short exposure into a netting set of
the counterparty that credit protection is purchased on. The reference
instrument underlying the credit derivative should also be entered as a
long exposure into the netting set of the seller of the credit
protection. The purchase of a credit derivative on a counterparty
exposure transfers the risk of the instrument referenced in the credit
derivative contract from the counterparty to the seller of the credit
derivative.
74. Banks may apply the PD substitution approach, the LGD
adjustment approach, or (if applicable) the double default treatment to
a CCR exposure hedged by an eligible guarantee or eligible credit
derivative.

VII. Defaulted Counterparties

75. Operational or settlement errors do not necessarily trigger a
default event for PD assignment purposes. However, if a credit-related
charge-off occurs as the result of a counterparty's failure to perform
on a financial contract, this would constitute a default event for
risk-based capital purposes and the PDs for all exposures to that
obligor should be adjusted to the value of one.

Chapter 10: Risk-Weighted Assets for Equity Exposures

Rule Requirements

Part III, section 22(g): Equity exposures model. A bank must obtain
the prior written approval of [AGENCY] under section 53 [of the NPR] to
use the internal models approach for equity exposures.
Part VI: Risk-Weighted Assets for Equity Exposures

I. Overview

1. This chapter supplements the detailed discussion of equity
exposures in the NPR. It describes supervisory guidance for determining
risk-based capital requirements for equity exposures held in the
banking book for banks subject to the Market Risk Rule and for all
equity exposures for banks not subject to the Market Risk Rule.

II. Definition of Banking Book Equities

2. Equity exposure means:
A security or instrument (whether voting or non-voting)
that represents a direct or indirect ownership interest in, and a
residual claim on, the assets and income of a company, unless:
--The issuing company is consolidated with the bank under Generally
Accepted Accounting Principles (``GAAP'');
--The bank is required to deduct the ownership interest from Tier 1
or Tier 2 capital under the NPR;
--The ownership interest is redeemable;
--The ownership interest incorporates a payment or other similar
obligation on the part of the issuing company (such as an obligation to
pay periodic interest); or
--The ownership interest is a securitization exposure.
A security or instrument that is mandatorily convertible
into a security or instrument described in the first bullet of this
definition;
An option or warrant that is exercisable for a security or
instrument described in the first bullet of this definition; or
Any other security or instrument (other than a
securitization exposure) to the extent the return on the security or
instrument is based on the performance of a security or instrument
described in the first bullet of this definition.

III. Applying the Framework

3. Under the proposed framework for equity exposures in the NPR, a
bank would have the option to use either a simple risk-weight approach
(``SRWA'') or an internal models approach (``IMA'') for equity
exposures that are not

[[Page 9142]]

exposures to an investment fund. A bank would use a look-through
approach for equity exposures to an investment fund. Under the SRWA, a
bank would generally assign a 300 percent risk weight to publicly-
traded equity exposures and a 400 percent risk weight to non-publicly-
traded equity exposures. Certain equity exposures to sovereigns,
multilateral institutions, and public sector enterprises would have a
risk weight of 0 percent, 20 percent, or 100 percent. Also, community
development equity exposures, as well as hedged equity exposures that
meet specified conditions are risk weighted at 100 percent. Non-
significant equity exposures (i.e., exposures that aggregate to an
amount that is less than or equal to 10 percent of the bank's Tier 1
plus Tier 2 capital) are also risk weighted at 100 percent.
4. The ``adjusted carrying value'' of an equity exposure is:
For the on-balance sheet component of an equity exposure,
the bank's carrying value of the exposure reduced by any unrealized
gains on the exposure that are reflected in such carrying value but
excluded from the bank's Tier 1 and Tier 2 capital; and
For the off-balance sheet component of an equity exposure,
the effective notional principal amount of the exposure, the size of
which is equivalent to a hypothetical on-balance sheet position in the
underlying equity instrument that would evidence the same change in
fair value (measured in dollars) for a given small change in the price
of the underlying equity instrument, minus the adjusted carrying value
of the on-balance sheet component of the exposure as calculated in the
previous bullet.
5. Publicly-traded equity exposures can be hedged to reduce their
risk-based capital requirement. However, private equities cannot be
hedged to reduce their risk-based capital requirement.
S 10-1 Banks must apply the same methodology to like instruments.
6. A bank may apply (i) the SRWA to private equity exposures and
the IMA to public equities, or (ii) the IMA to all equity exposures, or
(iii) the SRWA to all equity exposures. As described further in the
NPR, the IMA provides for the application of SRWA risk weights for
those equity exposures that would qualify for a risk weight between
zero and 100 percent.
7. Equity exposures in investment funds must use one of three look-
through approaches (where the fund holdings are treated as if
proportionally held directly by the bank) to determine risk-based
capital requirements under this framework. The three approaches are:
The full look-through approach;
The simple modified look-through approach; or
The alternative modified look-through approach.
8. There is a risk-weighted asset floor of 7 percent of the
adjusted carrying value of a bank's exposure to an investment fund. A
zero percent risk weight can still be applied to a particular exposure
class within an investment fund; the 7 percent floor applies to an
investment fund, not its constituents.
9. A bank may use the full look-through approach only if the bank
is able to compute a risk-weighted asset amount for each of the
exposures held by the investment fund (calculated under the proposed
rule as if the exposures were held directly by the bank). Under this
approach, a bank would set the risk-weighted asset amount of the bank's
equity exposure to the investment fund equal to the greater of:
(i) The product of
(A) the aggregate risk-weighted asset amounts of the exposures held
by the fund as if they were held directly by the bank and
(B) the bank's proportional ownership share of the fund; and
(ii) 7 percent of the adjusted carrying value of the bank's equity
exposure to the investment fund.
10. Under the simple modified look-through approach, a bank may set
the risk-weighted asset amount for its equity exposure to an investment
fund equal to the adjusted carrying value of the equity exposure
multiplied by the highest risk weight in Table L of the NPR that
applies to any exposure the fund is permitted to hold under its
prospectus, partnership agreement, or similar contract that defines the
fund's permissible investments. The bank may exclude derivative
contracts that are used for hedging, not speculative purposes, and do
not constitute a material portion of the fund's exposures. A bank may
not assign an equity exposure to an investment fund to an aggregate
risk weight of less than 7 percent under this approach.
11. Under the alternative modified look-through approach, a bank
may assign the adjusted carrying value of an equity exposure to an
investment fund on a pro rata basis to different risk-weight categories
in Table L of the NPR according to the investment limits in the fund's
prospectus, partnership agreement, or similar contract that defines the
fund's permissible investments. If the sum of the investment limits for
all exposure classes within the fund exceeds 100 percent, the bank must
assume that the fund invests to the maximum extent permitted under its
investment limits in the exposure class with the highest risk weight
under Table L, and continues to make investments in the order of the
exposure class with the next highest risk-weight under Table L until
the maximum total investment level is reached. If more than one
exposure class applies to an exposure, the bank must use the highest
applicable risk weight. A bank may exclude derivative contracts held by
the fund that are used for hedging, not speculative, purposes and do
not constitute a material portion of the fund's exposures. The overall
risk weight assigned to an equity exposure to an investment fund under
this approach may not be less than 7 percent.

IV. Using Internal Models for Equity Exposures

S 10-2 If a bank chooses to use an internal model, it must produce
reliable estimates of the potential loss in the bank's portfolio from
equity holdings under stress market conditions.
12. To qualify to use the IMA to calculate risk-based capital
requirements for equity exposures, a bank must receive prior written
approval from its primary Federal supervisor. To receive such approval,
the bank must demonstrate to its primary Federal supervisor's
satisfaction that the bank meets the following criteria:
The bank must have a model that:
--Assesses the potential decline in value of its modeled equity
exposures;
--Is commensurate with the size, complexity, and composition of the
bank's modeled equity exposures; and
--Adequately captures both general market risk and idiosyncratic
risk.
The bank's model must produce an estimate of potential
losses for its modeled equity exposures that is no less than the
estimate of potential losses produced by a VaR methodology employing a
99.0 percent, one-tailed confidence interval of the distribution of
quarterly returns for a benchmark portfolio of equity exposures
comparable to the bank's modeled equity exposures using a long-term
sample period.
The number of risk factors and exposures in the sample and
the data period used for quantification in the bank's model and
benchmarking exercise must be sufficient to provide confidence in the
accuracy and robustness of the bank's estimates.
The bank's model and benchmarking process must incorporate

[[Page 9143]]

data that are relevant in representing the risk profile of the bank's
modeled equity exposures, and must include data from at least one
equity market cycle containing adverse market movements relevant to the
risk profile of the bank's modeled equity exposures. If the bank's
model uses a scenario methodology, the bank must demonstrate that the
model produces a conservative estimate of potential losses on the
bank's modeled equity exposures over a relevant long-term market cycle.
If the bank employs risk factor models, the bank must demonstrate
through empirical analysis the appropriateness of the risk factors
used.
Daily market prices must be available for all modeled
equity exposures, either direct holdings or proxies.
The bank must be able to demonstrate, using theoretical
arguments and empirical evidence, that any proxies used in the modeling
process are comparable to the bank's modeled equity exposures and that
the bank has made appropriate adjustments for differences. The bank
must derive any proxies for its modeled equity exposures and benchmark
portfolio using historical market data that are relevant to the bank's
modeled equity exposures and benchmark portfolio (or, where not, must
use appropriately adjusted data), and such proxies must be robust
estimates of the risk of the bank's modeled equity exposures.
13. No one particular type of model is preferred or required.
Appropriate internal models may include either traditional VaR models
(e.g., historical simulation, variance/covariance, or Monte Carlo
simulation) or scenario analysis ``stress tests.'' These models are
subject to the validation framework outlined in Chapter 7 of this
guidance.
14. The use of either single or multi-factor models is permitted,
provided that the factors are sufficient to capture all material risks
of a bank's equity holdings. Risk factors should correspond to the
appropriate equity market characteristics (e.g., public, private, large
cap, small cap, industry sectors) in which the bank holds significant
positions.

V. Quantification of Equity Exposures

A. Reference Data

15. The data used to represent return distributions or depict
stress scenarios should reflect as long a sample period for which data
are available and meaningful in representing the risk profile of equity
holdings. In the case of VaR models, the data used should be sufficient
to provide statistically reliable and robust loss estimates and should
include at least one equity market cycle containing adverse market
movements relevant to the risk profile of the bank's specific holdings.
In the case where the internal model uses a scenario or stress test
methodology, the bank should demonstrate that the shock employed
provides a conservative estimate of potential losses over a relevant
long-term market or business cycle.
16. In constructing VaR models estimating potential quarterly
losses, banks should use quarterly data to the extent practicable.
Where estimates based on shorter time periods are converted to a
quarterly equivalent, the conversion should be made through the use of
an analytically appropriate method supported by empirical evidence, and
should be applied through a well-developed and well-documented thought
process and analysis. In general, time horizon conversions should be
applied conservatively and consistently over time. Furthermore, where
only limited data are available or where technical limitations are such
that estimates from any single method will be of uncertain quality,
banks should add appropriate margins of conservatism.

B. External Data

17. It is recognized that there are significant challenges
associated with deriving market-based measures of risk for both
privately-held and publicly-traded equities where objectively-
determined market prices may not be readily available. Accordingly,
banks with significant equity holdings with these characteristics may
need to use external data in modeling the risks associated with these
holdings.
18. Banks should be able to demonstrate that the external data
adequately capture the risks of the underlying equity portfolio.
Documentation should identify the relevant factors (e.g., business
lines, balance sheet characteristics, geographic location, company age,
industry sector and subsector, operating characteristics) used in
mapping the external data to the bank's individual equity exposures.

C. Estimation

19. Banks will have discretion to recognize and estimate empirical
correlations, provided that the bank's system for measuring
correlations is sound and empirically supported. When calculating
correlations, consideration should be given to data consistency,
relevant time period, and the volatility of correlations under stressed
market conditions. The appropriateness of correlation assumptions and
estimation techniques should be discussed in model documentation.
20. Survivorship bias is a particularly important issue in cases
where banks choose to use databases of actual returns of equity
exposures. Internal data on private equity exposure returns may reflect
only those private equity exposures that have experienced positive
returns and were exited successfully (i.e., where a true market price
has been revealed). In short, the returns on investments that have
achieved success measure only the winners--as opposed to the entire
population of relevant private equities (including those that failed).
This imparts an upward bias on the ex-ante returns expected by banks.
Accordingly, banks that choose to use actual return statistics for
individual private equity exposures or private equity funds, whether
provided by external vendors or internally generated databases, should
fully understand how these statistics are computed and, where
necessary, should make adjustments to account for any selection biases
that may be present.

VI. Validation of Internal Models for Equity Exposures

S 10-3 Banks must validate internal models used for equity
exposures.
21. The developmental evidence provided for a VaR model should
include a discussion of the results from a rigorous and comprehensive
stress testing of the model and estimation procedure. This stress test
should be applied to volatility computations and make use of either
hypothetical or historical scenarios that reflect worst-case losses
given underlying positions. Stress tests should provide information
about the effect of tail events beyond the level of confidence assumed
in the internal models approach.
22. For purposes of evaluating the capital requirements produced by
a bank's internal model methodology, banks should demonstrate that non-
VaR based internal models for equity exposures (e.g., a stress scenario
analysis) provide risk estimates and capital requirements that are at
least as conservative as those produced by a 99 percent VaR over one
quarter for a benchmark portfolio. The benchmark portfolio should have
sufficient data to calculate a one quarter 99 percent VaR. To
demonstrate this, the bank should run their internal model on the
benchmark portfolio and show that the internal model produces a capital
amount for the benchmark portfolio that is at least as great as the one
quarter 99 percent VaR for the benchmark portfolio. Banks that choose a
scenario

[[Page 9144]]

analysis ``stress-test''-type model or some other form of non-VaR-based
model do not have to run a VaR model in parallel, but banks should be
able to compare their internal model to the VaR for the benchmark
portfolio.
23. For VaR models, model validation through backtesting must be
conducted on a regular basis. Banks using such models should construct
and maintain appropriate databases on the actual quarterly performance
of their equity exposures, as well as on the estimates derived using
their internal models. Banks should also backtest the volatility
estimates used within their internal models and the appropriateness of
any external data used in the model. Banks will have data available on
different equity exposures at different frequencies. For example, price
data for public equities may be available daily, and price data for
private equities may be available on a monthly or quarterly basis.
Banks can divide their equity portfolio into several smaller portfolios
based on data availability and conduct backtesting on the smaller
portfolios. When sufficient data are available, banks should employ
statistical-based measures of the accuracy of their VaR models.

VII. Consistency Between Internal Models Used for Equity Exposures and
Risk Management Processes

S 10-4 Internal models used to calculate risk-based capital
requirements for equity exposures must be consistent with models used
in the bank's risk management processes and management information
reporting systems.
24. The internal model should be fully integrated into the bank's
risk management infrastructure. It should, when appropriate, be used to
establish equity price risk limits, to evaluate alternative
investments, and to measure and assess equity portfolio performance
(including the risk-adjusted performance). The bank should demonstrate
the internal model's role in risk management (using investment
committee minutes, for example).

Chapter 11: Securitizations

Rule Requirements

Part III, Section 22(f): Securitization exposures. A bank must
obtain the prior written approval of [AGENCY] under section 44 [of the
NPR] to use the internal assessment approach for securitization
exposures to ABCP programs.
Part V: Risk-Weighted Assets for Securitization Exposures

I. Overview

1. This chapter supplements the detailed discussion of the
framework for securitization exposures in the NPR. It describes the
concepts, eligibility criteria, and mechanics associated with applying
each of the three allowed approaches--the ratings-based approach
(``RBA''), the internal assessment approach (``IAA''), and the
supervisory formula approach (``SFA''). It also discusses related
topics, such as risk transference, implicit support, early amortization
provisions, and control and validation. This guidance applies to a bank
regardless of its role in the securitization--investor or originator.
S 11-1 Banks must use the securitization framework for any
exposures that involve the tranching of credit risk (with the exception
of a tranched guarantee that applies only to an individual retail
exposure).
2. The securitization framework relies principally on one of two
sources of information, where available: (1) An assessment of the
securitization exposure's external credit risk ratings or (2) the IRB
risk-based capital requirement and expected loss of the underlying
exposures as if the exposures had not been securitized. See section 2
of the NPR for the definition of a securitization exposure.
3. To determine risk-weighted assets for securitization exposures,
a bank must: (1) Identify all securitization exposures subject to the
framework, (2) assign each exposure to an approach according to the
specified hierarchy, and (3) calculate risk-weighted assets (or
required deductions from capital) according to the requirements for the
applicable approach.
S 11-2 Banks should develop written implementation policies and
procedures describing the allowed approaches, methods of application,
and designated responsibilities for complying with the securitization
framework.
4. In addition to the IRB requirements, originating banks should
maintain specific securitization policies and procedures including the
appropriate accounting treatment for the securitization exposure (FASB
140, FIN 46R), pooling and servicing agreements for each securitization
exposure (to assess compliance with risk transference and recourse
requirements, waterfall structure, trigger requirements for early
amortization structures), and contractual arrangements related to risk
mitigation of the securitization exposure (net interest margin
transactions, mitigating residual interest exposure).
5. Certain basic risk management practices are also important to
the framework's implementation. The central component is a full written
description, or implementation guide, detailing each step in the
process. The guide should include all key processes, such as methods of
identifying exposures, selecting approaches, documenting approvals and
data elements, and establishing responsibility for oversight and
quality control. The remainder of this chapter expands on how to apply
the various approaches, as well as supervisory guidance regarding
eligibility and sound risk management practices.

II. Scope of Application

6. Tranching of credit risk is the structuring of cash flows and
credit exposure so that an investor's share of the credit losses differ
from its pro rata interest in the underlying exposures. Another
characteristic of a securitization exposure is that payments to the
various parties depend on performance of the underlying exposures, as
opposed to an obligation of the entity originating those exposures.
7. Examples of securitization exposures include asset-backed
securities, mortgage-backed securities (including those issued by
Fannie Mae and Freddie Mac),\24\ stripped mortgage-backed securities,
credit enhancements and liquidity facilities to asset-backed commercial
paper (``ABCP'') programs, collateralized debt obligations (``CDO''),
loan participation agreements that include a tranching of payments such
as last-in and first-out, guarantees and credit derivatives that
provide tranched (i.e., non-proportional) credit protection against a
pool of credit exposures, reserve accounts, and other retained residual
interests.
---------------------------------------------------------------------------

\24\ Fannie Mae and Freddie Mac mortgage-backed pass-through
securities are to be treated as securitization transactions even
though the risk of the securitized mortgage pool has not been
tranched among investors.
---------------------------------------------------------------------------

8. Since securitization transactions may be structured in a variety
of ways, the economic substance of the transaction rather than its
legal form should guide both the designation of exposures and the
calculation of risk-based capital requirements.

III. General Principles of the Securitization Framework

A. Risk Transference

S 11-3 Securitization transactions must transfer credit risk to at
least one

[[Page 9145]]

third party to qualify for treatment under the securitization
framework.
9. Securitization exposures must meet all of the risk transference
requirements imposed by Generally Accepted Accounting Principles
(``GAAP'') and regulatory requirements. In this regard, banks should
continue to use published supervisory guidance related to risk
transference, recourse, and other activities that constitute implicit
recourse.
10. For an exposure to qualify for treatment under the
securitization framework, the transaction must meet the requirements
outlined in Statement of Financial Accounting Standards No. 140 and
must transfer credit risk from the originator of the underlying
exposures to at least one third party. In synthetic securitizations,
credit risk mitigants are often used to transfer the credit risk of the
underlying exposures, which generally remain on the bank's balance
sheet. In order to exclude the underlying exposures from risk-based
capital requirements, banks must comply with the operational
requirements for recognition of credit risk mitigants in synthetic
securitizations set forth in section 41 of the NPR. When the
transaction does not qualify for GAAP sales treatment, does not satisfy
the risk transference requirement, contains an ineligible clean-up
call, or the bank has tainted the transaction by providing implicit
support to the transaction,\25\ the bank must include the underlying
exposures in the calculation of risk-based capital requirements as if
the securitization transaction did not occur. For example, transactions
reported as GAAP sales that do not transfer credit risk to third
parties, such as transfers of assets subject to credit-enhancing
representations and warranties, require the bank to include the
underlying exposures in the calculation of risk-based capital as if the
transfer had not occurred.
---------------------------------------------------------------------------

\25\ In addition, as discussed in the NPR, if a bank provides
implicit support to any securitization, the bank's primary Federal
supervisor may require the bank to hold risk-based capital against
the underlying exposures of some or all of the bank's other
securitizations.
---------------------------------------------------------------------------

B. Implicit Support

S 11-4 Banks that provide implicit support to securitization
transactions must hold risk-based capital as if the underlying assets
had not been securitized, and must deduct from Tier 1 capital any
after-tax gain-on-sale resulting from the securitization.
11. Implicit support is credit support provided by a bank in excess
of its contractual obligation under the original terms of the
transaction. The issuer provides such support often to maintain access
to funding and/or to protect its reputation in the market. Providing
implicit support violates the risk transference principles inherent in
a securitization transaction and, for risk-based capital purposes,
requires that the bank treat the underlying securitized assets as if
the securitization transaction had not occurred.\26\ For example, banks
are considered to have provided implicit support when they either:
---------------------------------------------------------------------------

\26\ A bank that provides implicit support is also subject to
related disclosure requirements in section 42(h) of the NPR.
---------------------------------------------------------------------------

Sell assets to a securitization trust or other special-
purpose entity (SPE) at a discount from the price specified in the
securitization documents (typically par value);
Purchase assets from a securitization trust or other SPE
at an amount greater than fair value;
Exchange performing assets for nonperforming assets; or
Provide credit enhancements beyond contractual
requirements.
12. Policies governing securitization activities should explicitly
refer to the issue of implicit support, and include criteria for
identifying and reporting instances of implicit support. An independent
risk management or review group should systematically monitor
securitization transactions to identify actions that constitute implied
support and ensure appropriate regulatory capital treatment is applied.

C. Servicer Cash Advances

13. The risk-based capital requirement for servicer cash advances
generally will be calculated using either the RBA or SFA. The RBA can
be used if the bank can assign an inferred rating to the servicer cash
advance based upon a rated subordinated tranche. If the RBA is not
available, and the bank can compute the risk parameter estimates for
the SFA, the bank can apply the SFA.
14. A bank is not required to hold risk-based capital against the
undrawn portion of an eligible servicer cash advance facility. An
eligible servicer cash advance is a servicer cash advance facility in
which:
The servicer is entitled to full reimbursement of advances
(except that a servicer may be obligated to make non-reimbursable
advances if any such advance with respect to any underlying exposure is
limited to an insignificant amount of the outstanding principal balance
of the underlying exposure);
The servicer's right to reimbursement is senior in right
of payment to all other claims on the cash flows from the underlying
exposures of the securitization; and
The servicer has no legal obligation to, and does not,
make advances to the securitization if the servicer concludes that the
advances are unlikely to be repaid. The advance is made only after
expected repayment is supported by a credit assessment that is
consistent with prudent lending standards.
15. If these conditions are not satisfied, a bank that provides a
servicer cash advance facility must determine its risk-based capital
requirement for the undrawn portion of the facility in the same manner
as the bank would determine its risk-based capital requirement for any
other undrawn securitization exposure.

D. Clean-Up Calls

16. A clean-up call is a contractual provision that permits a bank
to call securitization exposures before their stated maturity date. In
a traditional securitization, a clean-up call is generally accomplished
by repurchasing the remaining securitization exposures once the amount
of underlying exposures or outstanding securitization exposures fall
below a specified level and it becomes uneconomical to maintain the
transaction. In the case of a synthetic securitization, the clean-up
call may take the form of a clause that extinguishes the credit
protection once the amount of underlying exposures has fallen below a
specified level. An originating bank may exclude securitized exposures
from its risk-weighted assets calculated in connection with a
securitization that has a clean-up call only if the clean-up call is an
eligible clean-up call as defined in the NPR. The following are
required criteria for an eligible clean-up call:
The exercise of the clean-up call is solely at the
discretion of the servicer;
The clean-up call is not structured to avoid allocating
losses to securitization positions held by investors, or otherwise
structured to provide credit enhancements to the securitization; and
The clean-up call is only exercisable for traditional
securitizations when 10 percent or less of the principal amount of
underlying exposures or securitization exposures are outstanding, or
for synthetic securitization transactions, when 10 percent or less of
the principal amount of the original reference portfolio is
outstanding.
S 11-5 A clean-up call constitutes implicit support if, in
exercising the call, the bank provides support in

[[Page 9146]]

excess of its contractual obligation to provide support to the
securitization.
17. The ultimate determination of whether the exercise of a clean-
up call constitutes implicit support depends on the facts. If the bank
affects a clean-up call on terms that differ from contractual
provisions, the following actions will point to a finding of implicit
support:
Exercising a clean-up call that serves as the functional
equivalent of a credit enhancement; or
Purchasing assets from a trust or other SPE at an amount
greater than fair value.

E. Maximum Capital Requirements for Securitization Exposures

S 11-6 The maximum risk-based capital requirement for all
securitization exposures held by a bank associated with a single
securitization transaction is the amount of risk-based capital plus
expected losses that would have been required had the underlying
exposures not been securitized.
18. Unless one or more of the underlying exposures does not meet
the definition of a wholesale, retail, securitization, or equity
exposure, the total risk-based capital requirement for all
securitization exposures held by a single bank associated with a single
securitization--including any risk-based capital requirement that
relates to an early amortization provision, but excluding any capital
requirements that relate to the bank's gain-on-sale or CEIOs (and any
accrued interest receivables (``AIR'') that meet the definition of a
CEIO) associated with the securitization--cannot exceed the sum of (i)
the bank's total risk-based capital requirement for the underlying
exposures as if the bank directly held the underlying exposures; and
(ii) the bank's total expected credit loss for the underlying
exposures.
19. If a bank has multiple securitization exposures to an ABCP
program that provide overlapping coverage of the underlying exposures,
such as when a bank provides a program-wide credit enhancement and
multiple pool-specific liquidity facilities, the bank is not required
to hold duplicative risk-based capital against the overlapping
position. Instead, the bank may limit its capital requirement for the
overlapping positions to the single applicable treatment that results
in the highest capital requirement. However, if different banks have
overlapping exposures to an ABCP program, each bank must hold capital
against the entire amount of its exposure.
20. When a bank sponsors an ABCP program and is required to
consolidate the program as a variable interest entity under GAAP solely
because it qualifies as a primary beneficiary, it may exclude the
consolidated ABCP program assets from risk-weighted assets. However,
the decision to exclude the consolidated program from risk-weighted
assets does not exempt the bank from holding risk-based capital against
any exposures to that program in accordance with the overall
securitization framework.

IV. Hierarchy of Approaches

S 11-7 Banks must follow the specified hierarchy of approaches to
determine risk-weighted asset amounts for all securitization exposures.
21. The first step in determining the risk-weighted asset amount
for a securitization exposure for either an investing or originating
bank is to deduct entirely from Tier 1 capital all increases in capital
due to after tax gain-on-sale income from the transaction. In addition,
any CEIOs, including any AIRs that meet the definition of a CEIO, must
be deducted 50 percent from Tier 1 capital and 50 percent from Tier 2
capital.\27\ If the amount deductible from Tier 2 capital exceeds the
amount of actual Tier 2 capital, the excess must be deducted from Tier
1 capital.
---------------------------------------------------------------------------

\27\ For specific guidance on the treatment of AIRs see the
Interagency Advisory on the Regulatory Capital Treatment of Accrued
Interest Receivable Related to Credit Card Securitizations, dated
May 17, 2002, and the Interagency Advisory on the Accounting
Treatment of Accrued Interest Receivable Related to Credit Card
Securitizations, dated December 4, 2002.
---------------------------------------------------------------------------

22. Next, the bank applies one of the three approaches for
determining risk-weighted assets: The RBA, the IAA, or the SFA. The RBA
and the IAA calculate risk-weighted assets using supervisory tables
based on external or inferred ratings. Subject to specific conditions,
the SFA may be used for securitization exposures when the IAA or RBA is
not available. Securitization exposures that do not qualify for one of
these three approaches are deducted from regulatory capital.
23. Banks must apply the three approaches according to the
following hierarchy:
1. RBA--If the securitization exposure is not required to be
deducted and qualifies for the RBA, the bank must apply the RBA.\28\ In
general, an originating bank qualifies to use the RBA if its retained
securitization exposure has at least two external ratings or an
inferred rating based on at least two external ratings, while an
investing bank qualifies to use the RBA if its securitization exposure
has one or more external or inferred ratings.
---------------------------------------------------------------------------

\28\ Regardless of any other provision, the risk weight for a
non-credit enhancing interest-only residential mortgage backed
security (e.g., FNMA IO Strip), may not be less than 100 percent.
---------------------------------------------------------------------------

2. IAA or SFA--If a securitization exposure is not required to be
deducted, does not qualify for the RBA, and is an exposure to an ABCP
program, the bank may apply either the IAA or the SFA. However, the
bank must consistently use either the IAA or the SFA when this type of
exposure would be eligible for both approaches.
3. SFA--If the securitization exposure is not required to be
deducted, does not qualify for the RBA, and is not an exposure to an
ABCP program, the bank may apply the SFA if it is able to calculate, on
an ongoing basis, the SFA risk parameters.
24. When a securitization exposure does not qualify for the RBA,
IAA, or SFA, a bank is required to deduct the exposure 50 percent from
Tier 1 capital and 50 percent from Tier 2 capital. If the amount
deductible from Tier 2 capital exceeds the bank's actual Tier 2
capital, however, the bank must deduct the shortfall amount from Tier 1
capital.
25. The following diagram illustrates the hierarchy for the
treatment of a securitization exposure for either an investing or
originating bank:

[[Page 9147]]

[GRAPHIC] [TIFF OMITTED] TN28FE07.009

V. IRB Approaches for Securitization Exposures

A. Ratings-Based Approach

26. Banks may use the RBA to determine the appropriate risk weight
for a securitization exposure if the exposure is externally rated, or
for a non-rated exposure for which a rating can be inferred. The
appropriate risk weight is multiplied by the securitization exposure
amount to arrive at the appropriate risk-weighted asset amount.
S 11-8 In order to use the RBA, the securitization exposure must be
externally rated by an NRSRO, or be eligible for an inferred rating.
27. For a bank to utilize the RBA, the securitization exposure must
be rated by an NRSRO as defined in the NPR.
28. A rating may be inferred if the subject securitization exposure
is senior to another securitization exposure in the transaction (that
is backed by the same underlying obligations and is issued by the same
issuer) that has an external rating from an NRSRO. The applicable
rating to be applied for an inferred rating is the current rating of
the subordinate rated tranche. Inferred ratings should be updated at
least annually, or more frequently when warranted, so that any changes
in the external rating or characteristics of the rated exposure are
reflected in a timely manner. An inferred rating cannot be derived from
a proxy securitization exposure (e.g., a similarly structured but
separate securitization exposure).
S 11-9 The securitization transaction must have an external rating
assigned by an NRSRO that fully reflects the credit risk associated
with timely repayment of principal and interest.
29. When a securitization exposure is structured, the originating
bank can elect to have the securitization transaction placed in the
NRSRO's monitoring/surveillance program that requires a periodic review
of the financial performance of the underlying exposures. By placing
the securitization exposure in the NRSRO monitoring program, the
integrity of the credit rating is maintained for the life of the
securitization exposure, and thereby ensures that the credit rating
fully reflects the entire amount of credit risk

[[Page 9148]]

with regard to all payments owed to the holder of the exposure.
Securitization exposures receiving a rating only at origination are not
eligible for the RBA. The external rating must take into account and
reflect the entire amount of credit risk exposure the bank has with
regard to all payments owed to it. If the bank is owed both principal
and interest, the rating must fully reflect the credit risk associated
with timely repayment of both. With certain securitization exposures,
such as combination bonds, which generally are combinations of a
subordinated, unrated securitization exposure and a highly rated
principal-only strip, the principal component of the bond often
receives a higher rating than the interest component. A rating
structure such as this does not qualify as a full credit exposure
rating, and therefore the RBA is not available. In the event that a
rating does not capture the full credit exposure, the bank may use the
SFA if applicable, or deduct.
30. When a bank has used the RBA (or IAA) to calculate its risk-
based capital requirement for a securitization exposure whose external
or inferred rating (or IAA rating) reflects the credit enhancement of a
credit risk mitigation (``CRM'') technique, a bank may not obtain
additional risk-based capital recognition of the CRM technique through
the securitization CRM rules in section 46 of the NPR.
31. When a credit risk mitigant is not obtained by the SPE but
rather is obtained by a bank separately to protect itself against
losses on a specific securitization exposure (e.g., ABS tranche), the
bank may use the applicable securitization CRM treatment to recognize
the hedge as outlined in section 46 of the NPR.
S 11-10 Banks should document the factors that support their use of
the RBA.
32. Factors the bank should document include the identification of
the NRSROs, type of underlying exposures (e.g., wholesale, retail),
seniority of the securitization exposure, pool granularity, and
placement of reference tranches in the waterfall for inferred ratings.
33. Senior securitization exposures supported by granular pools
receive special treatment under the RBA. Only one tranche may be
considered ``senior'' for each transaction. In a traditional
securitization where all tranches above the first-loss piece are rated,
the most highly rated position would be treated as the senior tranche.
However, when several tranches share the same rating, only the most
senior tranche in the cash waterfall, according to security provisions
in the indenture, would be treated as the senior position. In a
synthetic securitization, a super-senior tranche would be treated as
the senior tranche. Eligible servicer cash advances are not considered
in the seniority assignment for the RBA.
34. Pool granularity refers to the number of different underlying
exposures. The RBA considers the impact of pool granularity on credit
risk by assigning higher risk-weight percentages to non-granular pools.
Securitizations of retail exposures contain a significant number of
underlying exposures and will be considered granular for risk-weighting
purposes.

B. Internal Assessment Approach

Overview
35. A bank's exposures to ABCP conduit programs (i.e., liquidity
facilities and credit enhancements) are considered securitization
exposures for which the bank must hold risk-based capital. Where ABCP
exposures qualify for the RBA approach, the RBA must be used to
calculate risk-weighted assets. However, exposures such as ABCP
liquidity facilities and credit enhancements are generally unrated.
Subject to qualification standards, a bank may use either the IAA or
the SFA; however, one approach must be used consistently for all the
bank's exposures to ABCP programs.
36. To qualify for the use of the IAA, a bank must at a minimum
demonstrate that its ABCP program meets specific operational
requirements set forth in the NPR. A bank may apply the IAA to
exposures related to ABCP programs and to exposures to programs that
are similarly structured, which could include structured investment
vehicles, tender option bonds, and variable note programs, as long as
they meet the NPR's definition of an ABCP program. The bank must
demonstrate that it has met the qualification standards for each asset
class for which it has exposure.
37. The IAA requires a bank to use an internal credit assessment
(``ICA'') framework that maps or corresponds directly to NRSRO rating
criteria for a similar asset class. For example, if the pool of assets
consists of credit card receivables, the bank's credit assessment for a
liquidity facility or credit enhancement extended to the pool should be
based on the NRSRO's rating criteria for credit card receivables. In
order to use the IAA, the bank's ICA process should at a minimum (a)
identify reliable historical loss rates on the underlying exposures,
(b) map internal ratings to specific ratings of the NRSRO, as well as
validate the mapping process to ensure its integrity and accuracy, and
(c) document the criteria used to arrive at the ICA rating. See section
44(a)(1) of the NPR for a complete list of the criteria a bank's ICA
process must meet in order for the bank to obtain approval from its
supervisor to use the IAA.
38. After assigning an internal rating based on the appropriate ICA
framework, the bank calculates risk-weighted assets by applying the
applicable risk weights from the RBA tables to the amounts of the ABCP
program exposures. Consistent with the RBA, the applicable risk-weight
assignment requires three additional inputs--the seniority of the
exposure, an assessment of pool granularity, and whether the ICA is a
long- or short-term rating. Pool granularity is based on the number of
underlying exposures, with exposures to a single obligor aggregated.
ABCP liquidity facilities would be considered senior exposures provided
they meet the definition of a senior securitization exposure in the
NPR.
39. For example, the ICA for a $10 million (maximum contractual
value) liquidity facility has an ICA that is equivalent to a long-term
external rating of ``AA.'' Using the RBA tables, a risk weight of 8
percent is applicable, resulting in risk-weighted assets of $800,000
provided (1) the position is senior exposure, (2) the pool is granular,
and (3) there is a long-term rating (e.g., ``AA''). If it is determined
that the pool is non-granular, the risk weight is 25 percent, or risk-
weighted assets of $2.5 million.
40. The IAA's reliance on an NRSRO's rating methodology and ratings
criteria for the applicable asset class does not reduce the level of
analysis, review, and due diligence that the bank should conduct as
part of the initial purchase decision, and regularly thereafter.
41. The systems and processes used by the bank for risk-based
capital purposes must be consistent with the bank's internal risk
management processes and management information reporting systems. For
example, the conduit's ICA ratings process should be linked to the
required seller-provided credit enhancement levels, establishment of
transaction dynamic trigger levels, tracking of individual obligor
exposure levels, and establishment of concentration levels. Also, the
risk management systems should capture the market (interest rate
mismatch), liquidity (commercial paper maturity laddering, extendable
funding products) and operational (integration of servicer and investor
reporting) risks associated with the conduit activities.

[[Page 9149]]

VI. Internal Credit Assessment Process in the IAA

S 11-11 Banks' internal credit assessment processes should be
comprehensive, transparent, independent, well-defined, and fully
documented.
42. The ICA process should address the full range of activities,
including pre-purchase analysis of the proposed transaction,
verification of the seller's representation of the assets' risk
characteristics, the assignment of internal credit assessments, and on-
going validation to ensure the integrity of the process and rating
accuracy.
43. The bank must have an effective system of controls and
oversight that ensures compliance with these operational requirements
and maintains the integrity and accuracy of the internal credit
assessments. The bank must have an internal audit function independent
from the ABCP program business line and internal credit assessment
process that assesses at least annually whether the controls over the
internal credit assessment process function as intended.
44. Banks should be able to demonstrate that these assessments
accurately capture and quantify the risk inherent in these exposures.
To facilitate transparency, banks should have (1) approved policies and
procedures, (2) a written and detailed summary of the processes,
including the roles and responsibilities of relevant parties, and (3)
management information reports on items such as pool status, usage of
liquidity and/or credit enhancement facilities, and other risk
management issues (e.g. level of losses relative to seller-provided
credit protection or proximity to termination events).
45. The bank should clearly document its processes for determining
the required level of seller-provided credit enhancement, including the
level of historical losses and the NRSRO's stress factor used to
establish equivalency to a specific external rating. The bank should be
able to demonstrate that the pool's loss estimate is empirically based,
credible, and predictive of expected losses. Historical and current
information on delinquencies, charge-offs, recoveries, dilution,\29\
and obligor and geographic concentrations should be maintained to
support these estimates.
---------------------------------------------------------------------------

\29\ Dilution is the reduction of the asset receivable due to
customer returns of sold goods, warranty claims, disputes between
the seller and its customers, and other factors. Sellers are
generally required to establish a reserve to cover a multiple of
historical dilution. The adequacy of the dilution reserve is
reviewed at the inception of the transaction and may or may not be
incorporated in the seller-provided credit enhancement for the pool
of assets sold to the conduit.
---------------------------------------------------------------------------

46. The time horizon for historical losses should be consistent
with the number of years used in the NRSRO's external rating criteria.
For instance, with respect to the performance of a pool that is
comprised of trade receivables, the program administrator should use at
least three years of loss data when determining the required level of
credit enhancement.
47. When adjustments are made to an internal credit assessment that
are based on factors not included in the NRSRO's rating criteria,
written rationale and support should be available. In addition, the
bank should be able to provide evidence that the adjustments were
subject to an appropriate approval process.
48. When reviewing the seller's risk profile, the sponsoring bank
(or program administrator) should analyze both the credit risks of the
underlying assets and the seller's risk profile. The transaction
summary provided by the seller should include information on the
default risk of the underlying assets, including historical loss
characteristics, concentrations, delinquencies, and payment history. In
addition, the bank should assess the quality of the seller's
underwriting practices as an indicator of the future performance of the
underlying assets.
49. The assessment of the seller's risk profile should include past
and expected financial performance and condition (e.g., leverage, cash
flow, and interest coverage), the seller's current market position,
expected future competitiveness, and debt rating.
50. Credit and investment policies should include the following:
Well-defined underwriting standards for purchased assets; the minimum
requirements for a seller's credit quality; limits on transaction size;
limits on concentrations for obligors, asset types, or geographic
exposure; required structural features; procedures for monitoring and
reporting pool performance; and required levels of liquidity and credit
support.
51. The bank should maintain a transaction summary to support each
ABCP program exposure. The summary should include the following: The
structure of the pool transaction; the type and details of the bank's
support for the program or pool; a profile of the seller (asset
originator); the criteria used to determine the eligibility of assets;
the risk characteristics of the purchased assets (e.g., credit quality
and tenor); dilution risk; statistics on the historical performance of
the underlying assets and other similar asset pools; and termination
events.\30\
---------------------------------------------------------------------------

\30\ Termination events, also referred to as ``dynamic'' or
wind-down triggers, are used to mitigate the occurrence of losses
due to a deteriorating asset pool or an event that may hinder the
conduit's ability to repay maturing commercial paper. Pool-specific
triggers include the insolvency or bankruptcy of the seller/servicer
of assets, a downgrade of the seller's credit rating below a certain
rating grade, or the deterioration of the asset pool to the point
where charge-offs, delinquencies, or dilution reaches predetermined
levels. Program-wide triggers include the conduit's failure to repay
maturing commercial paper or draws on the program-wide credit
enhancement that exceed a certain amount.
---------------------------------------------------------------------------

52. When the liquidity facility and either transaction specific or
program-wide credit enhancement overlap, banks are required to hold
capital only once for any overlap. However, banks must allocate the
program-wide credit enhancement overlap across pools that results in
the highest risk-based capital requirement. For example, assume an ABCP
program is made up of a pool of credit card receivables, a pool of loan
receivables, and a pool of trade receivables. The bank has issued
liquidity facilities for $400,000 for each pool and a $120,000 program-
wide credit enhancement facility. The liquidity facilities for the
credit card and loan pools are internally-rated as ``AAA,'' with the
trade receivables' pool rated as ``A+.'' The credit enhancement is
rated ``A.'' The appropriate risk-based capital charge for the
liquidity facility and credit enhancement is detailed in the table
below.

Pool Summary

--------------------------------------------------------------------------------------------------------------------------------------------------------
Purchase Pool LF Internal
Conduit funding authorization balance coverage LF tenor credit ass. NRSRO equivalent
--------------------------------------------------------------------------------------------------------------------------------------------------------
Credit Card........................... $400,000 $0 $400,000 366 day.................. 2 ``AAA''
Account Rec........................... 400,000 250,000 400,000 366 day.................. 2 ``AAA''
Trade Rec............................. 400,000 300,000 400,000 366 day.................. 3 ``A+''
-----------------------------------------------------------------------------------------------------------------

[[Page 9150]]

Total............................. 1,200,000 550,000 1,200,000
Credit Enhancement.................... 120,000 ........... ........... ......................... 4 ``A''
--------------------------------------------------------------------------------------------------------------------------------------------------------

Overlap and Risk-Weighted Assets

--------------------------------------------------------------------------------------------------------------------------------------------------------
LF exposure CE exposure
amount net of amount net of
overlap LF RWA overlap CE RWA Total RWA
adjustment adjustment
--------------------------------------------------------------------------------------------------------------------------------------------------------
Credit Card.............................................. $0 $0 $120,000 $24,000 $24,000
Account Rec.............................................. * 250,000 ** 17,500 0 0 17,500
Trade Rec................................................ 300,000 30,000 0 0 30,000
----------------------------------------------------------------------------------------------
Total Risk-Weighted Assets........................... ................. $47,500 ................. $24,000 $71,500
--------------------------------------------------------------------------------------------------------------------------------------------------------
* $250,000 - 0 = $250,000.
** (LF - CE Overlap) x RWA% for respective NRSRO equivalent rating ($250,000 x 7% = $17,500).

53. Using the same underlying exposures as in the above example,
the bank has issued liquidity facilities for $400,000 for each pool and
a $120,000 credit enhancement facility. However, the credit enhancement
in this example is transaction specific, allocated at $40,000 per
transaction. The liquidity facilities for the credit card and loan
pools are internally-rated as ``AAA,'' with the trade receivables''
pool rated as ``A+.'' The credit enhancement is rated ``A.'' The
appropriate risk-based capital charge for the liquidity facility and
credit enhancement is detailed in the table below.

Pool Summary

Overlap and Risk-Weighted Assets

--------------------------------------------------------------------------------------------------------------------------------------------------------
LF exposure
amount net of CE exposure
overlap LF RWA amount of overlap CE RWA Total RWA
adjustment adjustment
--------------------------------------------------------------------------------------------------------------------------------------------------------
Credit Card.............................................. $0 $0 $40,000 $8,000 $8,000
Account Rec.............................................. * 210,000 ** 14,700 40,000 *** 8,000 22,700
Trade Rec................................................ 260,000 26,000 40,000 8,000 34,000
----------------------------------------------------------------------------------------------
Total Risk-Weighted Assets........................... ................. $40,700 ................. $24,000 $64,700
--------------------------------------------------------------------------------------------------------------------------------------------------------
* $250,000 - 40,000 = $210,000.
** (LF - CE Overlap) x RWA% for respective NRSRO equivalent rating ($210,000 x 7% = $14,700).
*** CE x RWA% for respective NRSRO equivalent rating ($40,000 x 20% = $8,000).

S 11-12 Banks should analyze the servicer's capabilities and
document the analysis in the internal assessment.
54. The analysis should consider the servicer's data systems, data
capabilities (or consider the capabilities of the servicer's data
systems), excess capacity, collections processes, reliance on vendors
or other service bureaus, and backup servicing arrangements. A separate
rating for the servicer may also be assigned, and should consider the
servicer's financial position, operating capabilities, historical pool
performance, and other criteria such as a publicly available NRSRO
servicer rating report.

VII. Validation of IAA

S 11-13 The bank must validate its ICA process on an ongoing basis
and at least annually the ICA process and results must be subject to
the full range of the bank's IRB validation activities.
55. The bank should review the relationship between the credit
assessment process and the NRSRO's current rating criteria to ensure
that internal credit assessments are appropriately aligned to external
ratings and reflect the NRSRO's rating criteria.
56. The robustness of the validation process should be consistent
with the complexity and volume of the bank's activities. Validation
should consider the relevance and appropriateness of the NRSRO rating
methodologies to the purchased assets, the integrity of the mapping
process and its application to the bank's ABCP program exposures, and
the quality of the bank's risk

[[Page 9151]]

management and internal controls in this business line.
57. Developmental evidence is particularly relevant to the IAA. A
bank should be able to provide evidence to support the integrity of its
ICA process. Written documentation should include, but is not limited
to: (1) How the process is consistent with the NRSRO's rating criteria
to which the bank is mapping assessments, (2) the process for verifying
the seller's estimates of historical loss for the purchased assets, and
(3) the methodology used to assess the risk characteristics of the
asset seller, the servicer, and program administrator (when not the
bank). The bank should be able to support that its process is complete
and that its ICAs are accurate based on their design and
implementation.
58. Process verification should focus on whether the policies and
procedures are sufficiently detailed to support transparency and
replication of the assessments, as well as the extent to which the
process operates as designed. The process review should include (1)
quantifying risk across the spectrum of the bank's exposures, and (2)
evaluating the completeness, accuracy, and applicability of the data
that supports the securitization framework.
59. The bank should perform backtesting or outcomes analysis on the
ICA ratings. This should also include tracking the financial
performance of the underlying exposures including the ICA rating for
the securitization exposure. At a minimum, the review process should be
performed annually, or more frequently when there are significant
changes in the NRSRO's rating criteria or the performance of the
underlying assets warrants an adjustment to the bank's internal
assessment. Performance analysis should cover not only the level of
excess spread, but also trends and volatility in excess spread
components such as interest and fee revenues, bond coupons, payment
rates, loss rates, and other variable components affecting
securitization performance.

A. Supervisory Formula Approach

Overview
60. The SFA may be available to determine the risk-based capital
requirement for unrated securitization exposures when an external
rating is not available or cannot be inferred, or when the bank chooses
not to use, or does not qualify to use, the IAA.\31\ The SFA
calculation relies, in large part, on the risk-based capital
requirement that would be assessed had the exposures underlying the
securitization not been securitized. The SFA relies on this calculation
as its starting point since securitizing a pool of exposures does not
change the overall amount of credit risk, but merely changes how credit
risk is distributed to the holders of the securitization exposures.
Regulatory overrides, based on supervisory judgment, have been added to
this pure model-based assessment of credit risk to ensure that (1) a
minimum regulatory capital requirement is assessed on all
securitization exposures, (2) tranches with insufficient credit
enhancement are assessed a dollar-for-dollar capital requirement, and
(3) model discontinuities are minimized.
Common Unrated Securitization Exposures Subject to the SFA
61. The SFA provides banks a means of calculating risk-based
capital requirements for unrated securitization exposures. The SFA
allows for a more risk sensitive capital requirement for higher
quality, unrated securitization positions that lie above the
KIRB boundary, provided the bank has access to the
information necessary to parameterize the SFA. Regardless of the
information the bank has on the underlying securitized exposures and
the securitization structure, CEIOs, including any AIRs that meet the
definition of a CEIO, will remain subject to deduction.
---------------------------------------------------------------------------

\31\ The exposure may be related to a conduit program, but the
bank does not meet the operational standards to use the IAA. Under
this scenario, banks may use the SFA.
---------------------------------------------------------------------------

62. Banks could use the SFA to determine risk-based capital
requirements for the following common unrated securitization exposures:
Unrated credit enhancements, including cash collateral,
and spread accounts;
Unrated CDO equity tranches;
Other unrated retained or purchased subordinated
securities from traditional or synthetic securitizations;
Loans sold or serviced with recourse when the risk
retained is of a different priority than the risk transferred;
Loan participations and syndications when there is other
than a pro-rata form of distribution;
Unrated securitization exposures resulting from a bank's
participation in the FHLB Mortgage Partnership Finance Program or
Mortgage Purchase Program;
Unrated exposures resulting from pool-level mortgage
insurance programs;
Senior synthetic securitization exposures when a rating
cannot be inferred;
MBS/ABS retained by the originator with less than two
external ratings; and
ABCP credit enhancements and liquidity facilities for
which the bank has not received approval to use the IAA, or chooses for
any reason not to use it.
The above is intended to provide examples of securitization
exposures that would be subject to the SFA; however, there are likely
additional securitization exposures that could be evaluated with the
SFA. As the securitization market evolves, additional structures may
emerge that will be subject to the SFA.
Implementation of the SFA
63. Banks are required to provide seven inputs when implementing
the SFA. These inputs include:
The amount of underlying exposures (UE);
The sum of the IRB capital requirement and expected loss
on the underlying exposures, divided by UE (KIRB);
The effective number of underlying exposures (N);
The exposure-weighted average loss given default of the
underlying exposures (EWALGD);
The percentage of the tranche of interest the bank owns
(TP);
The thickness of the tranche of interest (T) in relation
to UE; and
The credit enhancement level for the tranche of interest
(L).
64. To use the SFA the bank must have these inputs to calculate the
capital requirement on the underlying exposures. The first four inputs
(UE, N, EWALGD, and KIRB) require the bank to have a
detailed knowledge of the characteristics of the underlying securitized
exposures. The remaining three inputs (TP, T and L) require detailed
knowledge of the structural features of the securitization.
65. Since the calculation of KIRB requires detailed
knowledge of the underlying exposures, the SFA may be difficult for an
investor in an unrated securitization exposure to implement. For
example, if a bank provides credit enhancement to wholesale exposures
originated and securitized by another party, the bank as credit
enhancer may not have access to the data to accurately derive the
inputs necessary (e.g., and PD, LGD, M and EAD) to calculate
KIRB. In this situation, the bank as credit enhancer would
not be able to use the SFA to compute regulatory capital requirements
on the unrated securitization exposure, and would be required to deduct
the exposure from regulatory capital.
66. Banks must also be prepared to update the SFA inputs quarterly.
Because the output of the SFA is

[[Page 9152]]

predicated upon KIRB, any changes in the quality of the
underlying exposures will result in a change in the SFA capital
requirement. For example, deterioration in the collateral values of the
underlying exposures would likely result in increased values for EWALGD
and KIRB, which would generate a higher SFA capital
requirement for each securitization tranche. Additionally, the
prepayment of smaller exposures in a pool may lead to a more
concentrated, riskier pool as N decreases.

Calculation of KIRB

67. KIRB represents the ratio of (i) the IRB capital
requirement plus the expected credit losses of the underlying exposures
had they not been securitized to (ii) UE, which is discussed below. All
underlying exposures should be included in the calculation of
KIRB, including assets in reserve accounts. The counterparty
credit risk charge associated with derivative instruments should also
be reflected in the numerator of KIRB, while the EAD of
derivatives should be reflected in the denominator. The calculation of
KIRB should also reflect the effects of any credit risk
mitigant that is applied on the underlying exposures that benefits all
the securitization exposures. CEIOs, including any AIRs that meet the
definition of a CEIO, should not be included in the calculation of
KIRB.
68. When banks have established a valuation allowance other than an
ALLL or liability reserve on an underlying exposure, both the numerator
and denominator of KIRB should be calculated using the gross
amount of the exposure without the specific provision. In this
situation, the valuation allowance can be used to reduce the amount of
deduction from capital associated with the securitization exposure. A
detailed application of this treatment appears in Example 2 of this
chapter's Appendix A.
Calculation of UE
69. The amount of underlying exposures (UE) is the EAD of any
underlying wholesale and retail exposures (including the amount of any
funded spread accounts, cash collateral accounts, and other similar
funded credit enhancements) plus the amount of any underlying exposures
that are securitization exposures plus the adjusted carrying value of
any underlying equity exposures. For purposes of the SFA, the amount of
an on-balance sheet securitization exposure is: (i) The bank's carrying
value, if the exposure is held-to-maturity or for trading; or (ii) the
bank's carrying value minus any unrealized gains and plus any
unrealized losses on the exposure, if the exposure is available-for-
sale. The amount of an off-balance sheet securitization exposure is the
notional amount of the exposure. For a commitment, such as a liquidity
facility extended to an ABCP program, the notional amount may be
reduced to the maximum potential amount that the bank currently would
contractually be required to fund. For an OTC derivative contract that
is not a credit derivative, the notional amount is the EAD of the
derivative contract as calculated in section 32 of the NPR.
Calculation of N and EWALGD
70. Although the SFA can be used for a pool containing only one
asset, the SFA generally yields higher risk-based capital requirements
for highly concentrated, non-granular pools. Therefore, the effective
number of exposures (N) weights each exposure by its size to account
for the higher risk in more highly concentrated, non-granular pools.
When calculating N, multiple exposures to the same borrower are
considered a single exposure. A sample calculation of N is included in
Appendix A.
71. The exposure-weighted average loss given default (EWALGD) is
the LGD of each exposure weighted by the size of each exposure. The
weighting process is designed to give the LGD of larger exposures more
weight in determining the EWALGD of the overall pool. A sample
calculation of exposure-weighted EWALGD is also included in Appendix A.
72. For retail securitizations, banks are not required to calculate
N and EWALGD. The two SFA variables-- h and v --requiring N and EWALGD
as inputs, are reduced to 0 for securitizations where all underlying
exposures are retail exposures.
73. A simplified method of calculating N and EWALGD is also
available for securitizations as long as the size of the largest
exposure is known with certainty and is no larger than 3 percent of the
entire pool. In this case, banks may set EWALGD = 50% and N can be
calculated as:
[GRAPHIC] [TIFF OMITTED] TN28FE07.010

Where:

C1 is the largest exposure in the pool;
Cm is the share of the pool composed by the
``m'' largest underlying exposures; and
``m'' is selected by the bank.

Alternatively, if only C1 is available and is no more
than .03, a bank may set EWALGD at 50% and N at 1/C1. When
determining N and EWALGD for a particular non-retail securitization,
banks should document which methodology for calculating N and EWALGD is
applied.
74. The remaining three required inputs necessary to implement the
SFA--the percentage of the tranche of interest the bank owns (TP), that
tranche's credit enhancement level (L), and that tranche's thickness
(T)--require the bank to understand the securitization's structure and
loss prioritization. Banks should document the amount of the tranche
they own relative to the outstanding issuance of the tranche in order
to accurately calculate TP. Additionally, banks should document their
understanding of the securitization's structure and loss prioritization
in order to accurately calculate L and T.
75. Banks must also update their calculations of TP, L and T on an
ongoing basis. For example, payments to senior tranches in a particular
structure may result in increases in L for junior tranche holders.
Increasing defaults or loss severity in the underlying exposures may
reduce L and T. Additionally, a bank's decision to mitigate its
exposure through a partial sale of a particular tranche will reduce TP.

Calculation of T, L, and TP

76. T is the ratio of the amount of the tranche of interest to UE.
L is the sum of (i) T to (ii) UE, for all tranches subordinate to the
tranche of interest. The current outstanding principal balance or
notional amount of the tranche of interest should be used when
calculating T. TP is the ratio of the amount of the bank's
securitization exposure to the amount of the tranche that contains the
securitization

[[Page 9153]]

exposure. L should be measured without any consideration of the effects
of tranche-specific credit enhancement (e.g., third party guarantees or
collateral that benefit only the tranche of interest).
77. UE must equal the sum of the individual thickness levels of
each tranche. Therefore, credit enhancement based upon future cash
flows, such as excess spread, CEIOs, non-credit enhancing IOs, or the
subordination of fees in the cash flow waterfall, should be excluded
for purposes of calculating L and T. Both L and T should include only
funded reserve and spread accounts. Derivatives embedded in
securitization structures should be measured based only upon current
mark-to-market value, if positive, without regard to potential future
exposure.
78. Cash advances made by a servicer to an SPE to cover delinquent
or late payments on the underlying exposures should be included in the
calculation of L and T. When a servicer makes a cash advance to an SPE,
it puts money into the SPE in order to pay down investor tranches; the
pay-down of investor tranches does not bring any corresponding
reduction in the principal balance of the underlying exposures.
Therefore, in order for the sum of the tranches to equal UE, servicer
cash advances should be considered in the calculation of L and T.
Servicer cash advances that are not considered credit enhancing can be
assumed to be the most senior securitization exposure in a
securitization, with L calculated accordingly. For servicer cash
advances that are in any way credit enhancing, the calculation of L
should reflect the advance's degree of subordination.
79. Refer to this chapter's Appendix A ``Description of the
Supervisory Formula Approach (SFA),'' for further details.
Special Considerations for Re-securitizations
80. Re-securitizations, such as CDO-squared, represent a new
securitization in which the underlying exposures are themselves
securitization interests and present a unique challenge in the
calculation of UE, N, EWALGD and KIRB. As a general rule,
banks holding securitization exposures in re-securitizations should not
``look through'' to the exposures underlying the securitized
securitization tranches when calculating UE, N, EWALGD and
KIRB and must set EWALGD equal to 100 percent for re-
securitizations.
81. For example, if a bank holds an unrated securitization exposure
in which the underlying exposures consist entirely of rated
securitization interests, the bank first would sum the exposure amounts
associated with these rated securitization interests to obtain UE.
Next, the bank would use the RBA to determine KIRB for these
rated securitization interests, applying dollar-for-dollar capital to
those exposures rated below BB-. Since the RBA risk weights include
expected losses, no additional adjustment to KIRB for
expected losses is necessary. After determining KIRB, the
bank calculates the effective number of exposures based upon the
relative size of the underlying securitization tranches included in the
re-securitization pool, without ``looking through'' to the exposures
underlying the securitized tranches. Next, the bank would assume that
EWALGD equals 100 percent. At this point, the bank would have
sufficient information on the underlying exposures to apply the SFA to
the unrated re-securitization tranche of interest.
Pool Level Mortgage Insurance
82. Certain transactions may incorporate pool insurance as a form
of credit enhancement for a pool of mortgage loans. Pool insurance can
take various forms but generally provides insurance coverage for the
pool of loans up to a maximum amount (a ``stop loss'' level) and can
include loss coverage for each loan within the pool. The extent of
coverage is negotiable and may result in 100 percent loss coverage on
defaulted loans, or modified pool insurance that results in lower or
variable levels of coverage on defaulted loans using loan-to-value
limits, for example.
83. The credit risk mitigation benefits of pool insurance may be
recognized in determining the appropriate risk-based capital
requirement. Pool insurance that covers all or a pro rata share of all
losses in a pool is recognized in the retail segmentation process (see
Chapter 4, S 4-4 and accompanying text). Pool insurance that
incorporates a tranching of credit risk is addressed in the
securitization framework. In circumstances where a securitization
structure with external credit ratings benefits from pool level
insurance, such ratings incorporate the effects of credit risk
mitigation and would, under the securitization framework (RBA), provide
a method for the assessment of the appropriate capital requirement. For
unrated securitization transactions, the credit risk mitigation effect
of the pool insurance would need to be assessed under the SFA
framework. The pool insurance and its application to the pool assets
should be fully documented. Specifically, the documentation should
describe and support the quantification of the credit risk that is
being absorbed by the pool insurance, and detail how cash proceeds from
the pool insurance are applied within the waterfall structure to effect
a reduction in credit risk.
84. For securitization exposures where the underlying exposures
benefit from guarantees such as pool level mortgage insurance, the bank
may be able to utilize the synthetic securitization rules to calculate
the benefit of the guarantee. The bank should ensure that
securitizations for which the SFA or synthetic securitization is
applied have reasonably strict contractual loss prioritization rules
embedded into the deal. The following example outlines the process for
calculating the capital requirement for a securitization that contains
a pool level credit risk mitigant with a stop loss level:
Example
Pool level insurance covers the first $8 of loss on a $100 retail
mortgage loan pool.

Step Process

1. Calculate the risk-based capital requirement for the underlying
exposures according to the retail IRB rules: EL estimation, retail
segmentation, PD and LGD estimation, and the retail risk-weight
function;
2. Use the risk-based capital requirement from step 1 to determine
KIRB and then use the SFA to calculate the risk-based
capital requirement on the $92 senior position (where the $8 first loss
coverage of the insurance is treated as a junior tranche);
3. Calculate the risk-based capital requirement on the $8 position
as if it were a direct exposure to the insurer using the guarantor's
PD, the bank's estimate of the guarantor's ELGD and LGD, and the
corporate risk-weight function. The PD of the guarantor is subject to
the 3 basis point wholesale floor; and
4. The total risk-weight capital requirement is the sum of the
capital requirements in steps 2 and 3.
Loss Prioritization
S 11-14 Banks should document the securitization structure and loss
prioritization.
85. A bank may use the SFA only if it can calculate each of the SFA
input parameters on an ongoing basis. For the purpose of calculating L,
the credit enhancement level for the tranche of interest, this
requirement implies that bank must be able to calculate how the pool's
credit losses will be allocated among the deal's various tranches not
only at the deal's inception, but over

[[Page 9154]]

time. Otherwise, the SFA may not be used.
86. For some transactions, the allocation of credit losses among
tranches may depend on certain contingencies, such as the specific
timing of credit losses over the life of the deal, the possibility that
subordinated tranches may amortize prior to full retirement of senior
tranches, the speed at which reserve accounts will be built up through
retained excess spread, or structural features whereby the losses
allocated to a particular tranche may depend on how these losses are
distributed among the exposures in the underlying pool. The existence
of such contingencies does not automatically disqualify a bank from
using the SFA to compute the capital charge for an unrated
securitization exposure. However, the structure of the transaction
should be sufficiently clear cut to enable the bank to determine the
loss prioritization associated with each potential contingency.
Furthermore, the calculation of L should address contingencies in a
manner that is demonstrably conservative, for example, by calculating L
to reflect those contingencies that are least favorable to the bank. In
all cases, the calculation of L must comply with applicable rules for
recognizing credit enhancements (e.g., unfunded reserve accounts may
not be recognized).

VIII. Early Amortization Provisions

87. In addition to holding capital against any retained interest in
a securitization transaction, originating banks are required to hold
capital against the investors' interest (both drawn and undrawn
balances) in a securitization that includes one or more underlying
exposures in which the borrower is permitted to vary the drawn amount
within an agreed limit under a line of credit and that contains an
early amortization feature. The likelihood of triggering an early
amortization increases as the level of excess spread declines.
Accordingly, a bank would be required to hold increasing amounts of
risk-based capital as the probability of an early amortization event
increases. Total risk-based capital requirements for securitization
transactions subject to the early amortization capital requirement
continue to be limited by the maximum capital requirement discussed
earlier. Policies should also address the use of early amortization
clauses, including realistic consideration of contingency funding
plans, capital plans, and reporting systems necessary to monitor and
assess the risk and likelihood of an early amortization event.
88. For an originating bank, the risk-weighted asset amount for the
investors' interest in the securitization is equal to the product of
the following four quantities: (1) The investors' interest EAD; (2) the
appropriate conversion factor; (3) KIRB; and 12.5. Under the
securitization framework, the investors' interest is made up of the
investors' drawn balances and the EAD associated with the investors'
undrawn lines. The undrawn balances of the securitized exposures would
be allocated between the seller's and investors' interests on a pro
rata basis, based on the proportions of the seller's and investors'
shares of the securitized drawn balances.
89. Once the transaction's structure has been determined, the level
of excess spread must also be considered in determining the applicable
credit conversion factor for uncommitted credit lines. To determine the
capital to be held against the investors' interest in a securitization
of uncommitted retail exposures, the bank should compare the three-
month average excess spread to the point at which the bank is required
to trap excess spread as required by the structure. When the
transaction does not require excess spread to be trapped, the trapping
point is 4.5 percent. For securitization trusts that issue several
series with spread capture points that vary (e.g., credit card master
trust structures), the trapping point for this provision would be the
most conservative series in the trust. The bank should divide the
excess spread level by the trapping point, and then reference Table 8
in section 47 of the NPR to determine which conversion factor is
applicable.

IX. Data Management Requirements

A. Data Elements

S 11-15 Banks should retain the specific data elements necessary to
calculate the appropriate securitization risk-based capital
requirement.
90. Reporting systems should produce, at least monthly, information
that captures overall securitization activity, as well as specific data
elements of individual transactions. Performance tracking should
include vintage performance, cash collections, cash flow sensitivity,
covenant compliance, and, when applicable, potential for early
amortization events. Accounting methods, residual valuation methods,
and regulatory reporting requirements should be in writing and
consistently applied. The valuation assumptions for retained interests
and servicing assets or liabilities should be conservative, fully
documented, and reviewed by senior management on a regular basis.
Accurate and timely risk-based capital calculations should be
maintained that include the recognition and reporting of any recourse
obligation resulting from securitization transactions.
91. Refer to this chapter's Appendix B, ``Data Elements for
Securitization Exposures,'' for further details on the data elements
that a bank's reporting systems should electronically capture and
store.

Appendix A: Description of the Supervisory Formula Approach (SFA)

This appendix provides illustrative examples to demonstrate how the
framework described in this guidance applies to different
securitization exposures. The examples provide insight into the SFA
capital calculation and the KIRB boundary, as well as the
supervisory capital add-ons, in addition to its application to products
which represent tranched cover.
The supervisory formula capital requirement for a given unrated
securitization exposure is calculated as UE * TP multiplied by the
greater of: (i) .0056 [middot] T, or (ii) S[L + T]-S[L] where:

[[Page 9155]]

[GRAPHIC] [TIFF OMITTED] TN28FE07.011

RWA are determined when the supervisory formula output is
multiplied by 12.5.
The factor (i) above imposes a 56 basis point minimum or floor IRB
risk-based capital requirement per dollar of tranche exposure.
Regulators have imposed this floor because the supervisory formula
regularly produces a risk-based capital requirement of nearly zero for
high quality tranches that, nonetheless, have positive credit risk. The
floor is equivalent to the RBA risk-based capital requirement for an
externally rated AAA securitization exposure, which lessens the
potential regulatory capital arbitrage opportunities that could arise.
Factor (ii) represents the supervisory formula, which derives
capital for the tranche in question by computing capital for the
tranche of interest and all tranches beneath it (S[L + T]) and
subtracting from that the capital for all tranches beneath the tranche
of interest (S[L]). For tranches with credit enhancement levels below
KIRB (Y <= KIRB), the supervisory formula assigns
a dollar-for-dollar capital requirement.
For tranches with greater credit enhancement levels (Y >
KIRB), the supervisory formula produces a risk-based capital
requirement that is a blend of credit risk modeling and supervisory
judgment. The function K[Y] represents a pure model-based estimate of
the underlying securitized pool's aggregate systematic or non-
diversifiable credit risk that is attributable to a first-loss position
covering loss up to and including Y. Because the tranche of interest
covers losses over a specified range (defined in terms of L and T), its
systematic risk can be represented as K[L + T] - K[L].
Unquestionably, the supervisory formula appears very complex, but
actually the mechanics are algebraic in nature and merely require the
user to determine certain inputs and solve. To better understand the
components of the supervisory formula, it is best to begin with the
model-based estimate of credit risk, the K[Y] term. This estimate of
risk is given by the following equation:
[GRAPHIC] [TIFF OMITTED] TN28FE07.012

[[Page 9156]]

where [beta][Y;a,b] is shorthand for the Beta distribution. For the
purpose of calculating the supervisory formula, it is sufficient to
know that the Beta distribution, when suitably transformed and
normalized, can be used to model the loss distribution given that the
systematic risk factor is at the 99.9th percentile. Even more
concretely, the Beta distribution evaluated at the specified parameters
is a number which can be readily calculated in Excel using the betadist
(L,a,b) function.
The model used to estimate the non-diversifiable risk in the pool
of exposures is developed from the class of credit value-at-risk (CVaR)
models known as asymptotic single risk factor models (ASRF models). In
essence, ASRF models simplify the many forces that may affect a pool of
exposures by assuming that there is only one ``risk factor'' that
causes credit losses to be correlated across exposures. Alternatively,
one can think of the single risk factor as a random variable
encompassing the many possible states of economic activity--from very
good to very bad. Under the ASRF assumptions, CVaR for a portfolio is
equal to the portfolio's expected credit losses over the modeling
horizon given a very bad state of the economy. (The pattern of losses
that result when the risk factor takes on a specific value is also
known as the conditional loss distribution.) The SFA calculates the
capital necessary to cover credit losses over a one-year horizon when
the risk factor is at the 99.9th percentile i.e., when economic
conditions are as bad as the worst year in 1000 years. This is
consistent with the approach applied throughout Basel II and the manner
in which KIRB is calculated.
The techniques commonly used to estimate the potential loss
experience in ASRF models depend on the relationship between the risk
factor and credit losses. In some cases, it is necessary to simulate
the pattern of potential losses that can result when the risk factor
takes on high value--also known as Monte Carlo simulation. Monte Carlo
techniques, while commonly used, require significant computing
resources. In other cases, it may be possible to characterize this
pattern of losses with an appropriate functional form. In language that
is slightly more rigorous, it is possible to approximate the
conditional loss distribution. Gordy and Jones (2003) undertook the
task of specifying this ``reasonable functional form,'' which became
the basis for the supervisory formula.\32\
---------------------------------------------------------------------------

\32\ For those familiar with calculus, Gordy and Jones
approximate the marginal amount of credit risk associated with an
arbitrarily small slice of a tranche. From this, it is possible to
calculate the risk-based capital requirements by integrating an
appropriately parameterized approximation, which behaves similarly
to a cumulative density function. Note that since integration yields
the capital requirement for exposure up to and including the tranche
of interest, it is necessary to subtract any subordinate exposures'
capital requirements.
---------------------------------------------------------------------------

Most of the expressions that comprise the supervisory formula arise
due to the effort to describe the shape of the conditional loss
function. Expressions (3) through (9), discussed below, are used to
parameterize K[Y].
[GRAPHIC] [TIFF OMITTED] TN28FE07.013

Note that
[GRAPHIC] [TIFF OMITTED] TN28FE07.014

is the probability of default for one exposure in the pool when the
risk factor is at the 99.9th percentile. Therefore,
[GRAPHIC] [TIFF OMITTED] TN28FE07.015

is the conditional probability that the exposure performs. Assuming
that the exposures are conditionally independent, multiplying the
probability of performance together N times (the effective number of
exposures) yields the cumulative conditional probability that every
exposure performs, or h.
a and b are defined entirely in terms of g and c, defined below.
They are used to simplify the notation of the Beta distribution.
[GRAPHIC] [TIFF OMITTED] TN28FE07.016

c is the approximation of the mean parameter for the ``fitting
function'' and is given by:
[GRAPHIC] [TIFF OMITTED] TN28FE07.017

The ``fitting function'' approximates the pool's conditional loss
distribution. This approximation is necessary to avoid using simulation
or numerical methods to solve for K[Y] as previously mentioned.
However, note that h (the cumulative conditional probability that every
exposure performs) is likely to be small in most cases. Consequently, C
will be approximately equal to KIRB under normal
circumstances.
g is the precision parameter for the fitting function and is
determined by c, f and v. This term arises from the processes through
which Gordy and Jones approximate the conditional loss distribution.
[GRAPHIC] [TIFF OMITTED] TN28FE07.018

f is an approximation of the variance of the fitting function:
[GRAPHIC] [TIFF OMITTED] TN28FE07.019

Each securitization has rules governing how payments are disbursed
to the tranches, often called the cash flow ``waterfall.'' These rules
can be quite complex and the supervisory formula must handle the
spectrum of different arrangements. In the model, the waterfall is
represented by the tranche structure with the most junior tranche
suffering losses up to its entire position before more senior tranches
are affected. This simplification, while useful for modeling purposes,
may not accurately describe the structure of a specific securitization.
v is the variance of the conditional loss distribution:
[GRAPHIC] [TIFF OMITTED] TN28FE07.020

[[Page 9157]]

In the portion of expression (1) related to the supervisory add-on
the terms are included to prevent exploitation of inadequacies in the
model's stylized representation of a securitization. The add-on applies
primarily to positions with credit enhancement just above
KIRB and its quantitative effect diminishes rapidly the
farther Y is from KIRB. Returning to expression (1) we can
extract the supervisory add-on portion:
[GRAPHIC] [TIFF OMITTED] TN28FE07.021

where
[GRAPHIC] [TIFF OMITTED] TN28FE07.022

Notice that expressions (3) through (10) do not change for a given
securitization. In other words, since these expression do not contain
information which is tranche-specific, the results from expressions (3)
through (10) can be used when calculating S[Y] for any tranche of a
given securitization if Y > KIRB.

Example 1: Comprehensive SFA Calculation

Because of the complexities associated with applying the SFA, a
comprehensive example has been developed to aid in application.

Transaction Summary

A six-tranche, privately placed securitization with 10 underlying
wholesale exposures will be used to illustrate the basic application of
the SFA. Since none of the six tranches are externally rated, and the
securitization does not meet the definition of an ABCP conduit, neither
the RBA nor the IAA is applicable.
Table 1 below identifies the characteristics of the ten underlying
exposures in the securitized pool.

Table 1.--Underlying Wholesale Exposure Characteristics
----------------------------------------------------------------------------------------------------------------
Principal
Exposure bal