Turn off time travelling

This chapter sets out the minimum requirements for banks to use the internal ratings-based approach, including requirements for initial adoption and for ongoing use.

This version has been removed on 08 Dec 2022 | View current version
Effective as of: 01 Jan 2023 | Last update: 27 Mar 2020
Status: (View changes)



This chapter presents the minimum requirements for entry and on-going use of the internal ratings-based (IRB) approach. The minimum requirements are set out in the following 11 sections:


Composition of minimum requirements


Compliance with minimum requirements


Rating system design


Risk rating system operations


Corporate governance and oversight


Use of internal ratings


Risk quantification


Validation of internal estimates


Supervisory loss-given-default (LGD) and exposure at default (EAD) estimates


Requirements for recognition of leasing


Disclosure requirements


The minimum requirements in the sections that follow cut across asset classes. Therefore, more than one asset class may be discussed within the context of a given minimum requirement.

Section 1: composition of minimum requirements


To be eligible for the IRB approach a bank must demonstrate to its supervisor that it meets certain minimum requirements at the outset and on an ongoing basis. Many of these requirements are in the form of objectives that a qualifying bank’s risk rating systems must fulfil. The focus is on banks’ abilities to rank order and quantify risk in a consistent, reliable and valid fashion.


The overarching principle behind these requirements is that rating and risk estimation systems and processes provide for a meaningful assessment of borrower and transaction characteristics; a meaningful differentiation of risk; and reasonably accurate and consistent quantitative estimates of risk. Furthermore, the systems and processes must be consistent with internal use of these estimates. The Committee recognises that differences in markets, rating methodologies, banking products, and practices require banks and supervisors to customise their operational procedures. It is not the Committee’s intention to dictate the form or operational detail of banks’ risk management policies and practices. Each supervisor will develop detailed review procedures to ensure that banks’ systems and controls are adequate to serve as the basis for the IRB approach.


The minimum requirements set out in this chapter apply to all asset classes unless noted otherwise. The standards related to the process of assigning exposures to borrower or facility grades (and the related oversight, validation, etc) apply equally to the process of assigning retail exposures to pools of homogenous exposures, unless noted otherwise.


The minimum requirements set out in this chapter apply to both foundation and advanced approaches unless noted otherwise. Generally, all IRB banks must produce their own estimates of probability of default (PD)1 and must adhere to the overall requirements for rating system design, operations, controls, and corporate governance, as well as the requisite requirements for estimation and validation of PD measures. Banks wishing to use their own estimates of LGD and EAD must also meet the incremental minimum requirements for these risk factors included in CRE36.83 to CRE36.111.

1 Footnote

Section 2: compliance with minimum requirements


To be eligible for an IRB approach, a bank must demonstrate to its supervisor that it meets the IRB requirements in this document, at the outset and on an ongoing basis. Banks’ overall credit risk management practices must also be consistent with the evolving sound practice guidelines issued by the Committee and national supervisors.


There may be circumstances when a bank is not in complete compliance with all the minimum requirements. Where this is the case, the bank must produce a plan for a timely return to compliance, and seek approval from its supervisor, or the bank must demonstrate that the effect of such non-compliance is immaterial in terms of the risk posed to the institution. Failure to produce an acceptable plan or satisfactorily implement the plan or to demonstrate immateriality will lead supervisors to reconsider the bank’s eligibility for the IRB approach. Furthermore, for the duration of any non-compliance, supervisors will consider the need for the bank to hold additional capital under the supervisory review process standard (SRP) or take other appropriate supervisory action.

Section 3: rating system design


The term “rating system” comprises all of the methods, processes, controls, and data collection and IT systems that support the assessment of credit risk, the assignment of internal risk ratings, and the quantification of default and loss estimates.


Within each asset class, a bank may utilise multiple rating methodologies/systems. For example, a bank may have customised rating systems for specific industries or market segments (eg middle market, and large corporate). If a bank chooses to use multiple systems, the rationale for assigning a borrower to a rating system must be documented and applied in a manner that best reflects the level of risk of the borrower. Banks must not allocate borrowers across rating systems inappropriately to minimise regulatory capital requirements (ie cherry-picking by choice of rating system). Banks must demonstrate that each system used for IRB purposes is in compliance with the minimum requirements at the outset and on an ongoing basis.

Rating dimensions : standards for corporate, sovereign and bank exposures


A qualifying IRB rating system must have two separate and distinct dimensions:


the risk of borrower default; and


transaction-specific factors.


The first dimension must be oriented to the risk of borrower default. Separate exposures to the same borrower must be assigned to the same borrower grade, irrespective of any differences in the nature of each specific transaction. There are two exceptions to this. Firstly, in the case of country transfer risk, where a bank may assign different borrower grades depending on whether the facility is denominated in local or foreign currency. Secondly, when the treatment of associated guarantees to a facility may be reflected in an adjusted borrower grade. In either case, separate exposures may result in multiple grades for the same borrower. A bank must articulate in its credit policy the relationship between borrower grades in terms of the level of risk each grade implies. Perceived and measured risk must increase as credit quality declines from one grade to the next. The policy must articulate the risk of each grade in terms of both a description of the probability of default risk typical for borrowers assigned the grade and the criteria used to distinguish that level of credit risk.


The second dimension must reflect transaction-specific factors, such as collateral, seniority, product type, etc. For exposures subject to the foundation IRB approach, this requirement can be fulfilled by the existence of a facility dimension, which reflects both borrower and transaction-specific factors. For example, a rating dimension that reflects expected loss (EL) by incorporating both borrower strength (PD) and loss severity (LGD) considerations would qualify. Likewise a rating system that exclusively reflects LGD would qualify. Where a rating dimension reflects EL and does not separately quantify LGD, the supervisory estimates of LGD must be used.


For banks using the advanced approach, facility ratings must reflect exclusively LGD. These ratings can reflect any and all factors that can influence LGD including, but not limited to, the type of collateral, product, industry, and purpose. Borrower characteristics may be included as LGD rating criteria only to the extent they are predictive of LGD. Banks may alter the factors that influence facility grades across segments of the portfolio as long as they can satisfy their supervisor that it improves the relevance and precision of their estimates.


Banks using the supervisory slotting criteria are exempt from this two-dimensional requirement for these exposures. Given the interdependence between borrower/transaction characteristics in exposures subject to the supervisory slotting approaches, banks may satisfy the requirements under this heading through a single rating dimension that reflects EL by incorporating both borrower strength (PD) and loss severity (LGD) considerations. This exemption does not apply to banks using the general corporate foundation or advanced approach for the specialised lending (SL) sub-class.

Rating dimensions: standards for retail exposures


Rating systems for retail exposures must be oriented to both borrower and transaction risk, and must capture all relevant borrower and transaction characteristics. Banks must assign each exposure that falls within the definition of retail for IRB purposes into a particular pool. Banks must demonstrate that this process provides for a meaningful differentiation of risk, provides for a grouping of sufficiently homogenous exposures, and allows for accurate and consistent estimation of loss characteristics at pool level.


For each pool, banks must estimate PD, LGD, and EAD. Multiple pools may share identical PD, LGD and EAD estimates. At a minimum, banks should consider the following risk drivers when assigning exposures to a pool:


Borrower risk characteristics (eg borrower type, demographics such as age/occupation).


Transaction risk characteristics, including product and/or collateral types (eg loan to value measures, seasoning,2 guarantees; and seniority (first vs. second lien)). Banks must explicitly address cross‑collateral provisions where present.


Delinquency of exposure: Banks are expected to separately identify exposures that are delinquent and those that are not.

1 Footnote

Rating structure : standards for corporate, sovereign and bank exposures


A bank must have a meaningful distribution of exposures across grades with no excessive concentrations, on both its borrower-rating and its facility-rating scales.


To meet this objective, a bank must have a minimum of seven borrower grades for non-defaulted borrowers and one for those that have defaulted. Banks with lending activities focused on a particular market segment may satisfy this requirement with the minimum number of grades.


A borrower grade is defined as an assessment of borrower risk on the basis of a specified and distinct set of rating criteria, from which estimates of PD are derived. The grade definition must include both a description of the degree of default risk typical for borrowers assigned the grade and the criteria used to distinguish that level of credit risk. Furthermore, “+” or “-” modifiers to alpha or numeric grades will only qualify as distinct grades if the bank has developed complete rating descriptions and criteria for their assignment, and separately quantifies PDs for these modified grades.


Banks with loan portfolios concentrated in a particular market segment and range of default risk must have enough grades within that range to avoid undue concentrations of borrowers in particular grades. Significant concentrations within a single grade or grades must be supported by convincing empirical evidence that the grade or grades cover reasonably narrow PD bands and that the default risk posed by all borrowers in a grade fall within that band.


There is no specific minimum number of facility grades for banks using the advanced approach for estimating LGD. A bank must have a sufficient number of facility grades to avoid grouping facilities with widely varying LGDs into a single grade. The criteria used to define facility grades must be grounded in empirical evidence.


Banks using the supervisory slotting criteria must have at least four grades for non-defaulted borrowers, and one for defaulted borrowers. The requirements for SL exposures that qualify for the corporate foundation and advanced approaches are the same as those for general corporate exposures.

Rating structure: standards for retail exposures


For each pool identified, the bank must be able to provide quantitative measures of loss characteristics (PD, LGD, and EAD) for that pool. The level of differentiation for IRB purposes must ensure that the number of exposures in a given pool is sufficient so as to allow for meaningful quantification and validation of the loss characteristics at the pool level. There must be a meaningful distribution of borrowers and exposures across pools. A single pool must not include an undue concentration of the bank’s total retail exposure.

Rating criteria


A bank must have specific rating definitions, processes and criteria for assigning exposures to grades within a rating system. The rating definitions and criteria must be both plausible and intuitive and must result in a meaningful differentiation of risk.


The grade descriptions and criteria must be sufficiently detailed to allow those charged with assigning ratings to consistently assign the same grade to borrowers or facilities posing similar risk. This consistency should exist across lines of business, departments and geographic locations. If rating criteria and procedures differ for different types of borrowers or facilities, the bank must monitor for possible inconsistency, and must alter rating criteria to improve consistency when appropriate.


Written rating definitions must be clear and detailed enough to allow third parties to understand the assignment of ratings, such as internal audit or an equally independent function and supervisors, to replicate rating assignments and evaluate the appropriateness of the grade/pool assignments.


The criteria must also be consistent with the bank’s internal lending standards and its policies for handling troubled borrowers and facilities.


To ensure that banks are consistently taking into account available information, they must use all relevant and material information in assigning ratings to borrowers and facilities. Information must be current. The less information a bank has, the more conservative must be its assignments of exposures to borrower and facility grades or pools. An external rating can be the primary factor determining an internal rating assignment; however, the bank must ensure that it considers other relevant information.

Rating criteria: exposures subject to the supervisory slotting approach


Banks using the supervisory slotting criteria must assign exposures to their internal rating grades based on their own criteria, systems and processes, subject to compliance with the requisite minimum requirements. Banks must then map these internal rating grades into the five supervisory rating categories. The slotting criteria tables in the supervisory slotting approach chapter (CRE33) provide, for each sub-class of SL exposures, the general assessment factors and characteristics exhibited by the exposures that fall under each of the supervisory categories. Each lending activity has a unique table describing the assessment factors and characteristics.


The Committee recognises that the criteria that banks use to assign exposures to internal grades will not perfectly align with criteria that define the supervisory categories; however, banks must demonstrate that their mapping process has resulted in an alignment of grades which is consistent with the preponderance of the characteristics in the respective supervisory category. Banks should take special care to ensure that any overrides of their internal criteria do not render the mapping process ineffective.

Rating assignment horizon


Although the time horizon used in PD estimation is one year (as described in CRE36.63), banks are expected to use a longer time horizon in assigning ratings.


A borrower rating must represent the bank’s assessment of the borrower’s ability and willingness to contractually perform despite adverse economic conditions or the occurrence of unexpected events. The range of economic conditions that are considered when making assessments must be consistent with current conditions and those that are likely to occur over a business cycle within the respective industry/geographic region. Rating systems should be designed in such a way that idiosyncratic or industry-specific changes are a driver of migrations from one category to another, and business cycle effects may also be a driver.


PD estimates for borrowers that are highly leveraged or for borrowers whose assets are predominantly traded assets must reflect the performance of the underlying assets based on periods of stressed volatilities.

2 FAQs

Given the difficulties in forecasting future events and the influence they will have on a particular borrower’s financial condition, a bank must take a conservative view of projected information. Furthermore, where limited data are available, a bank must adopt a conservative bias to its analysis.

Use of models


The requirements in this section apply to statistical models and other mechanical methods used to assign borrower or facility ratings or in estimation of PDs, LGDs, or EADs. Credit scoring models and other mechanical rating procedures generally use only a subset of available information. Although mechanical rating procedures may sometimes avoid some of the idiosyncratic errors made by rating systems in which human judgement plays a large role, mechanical use of limited information also is a source of rating errors. Credit scoring models and other mechanical procedures are permissible as the primary or partial basis of rating assignments, and may play a role in the estimation of loss characteristics. Sufficient human judgement and human oversight is necessary to ensure that all relevant and material information, including that which is outside the scope of the model, is also taken into consideration, and that the model is used appropriately.


The burden is on the bank to satisfy its supervisor that a model or procedure has good predictive power and that regulatory capital requirements will not be distorted as a result of its use. The variables that are input to the model must form a reasonable set of predictors. The model must be accurate on average across the range of borrowers or facilities to which the bank is exposed and there must be no known material biases.


The bank must have in place a process for vetting data inputs into a statistical default or loss prediction model which includes an assessment of the accuracy, completeness and appropriateness of the data specific to the assignment of an approved rating.


The bank must demonstrate that the data used to build the model are representative of the population of the bank’s actual borrowers or facilities.


When combining model results with human judgement, the judgement must take into account all relevant and material information not considered by the model. The bank must have written guidance describing how human judgement and model results are to be combined.


The bank must have procedures for human review of model-based rating assignments. Such procedures should focus on finding and limiting errors associated with known model weaknesses and must also include credible ongoing efforts to improve the model’s performance.


The bank must have a regular cycle of model validation that includes monitoring of model performance and stability; review of model relationships; and testing of model outputs against outcomes.

Documentation of rating system design


Banks must document in writing their rating systems’ design and operational details. The documentation must evidence banks’ compliance with the minimum standards, and must address topics such as portfolio differentiation, rating criteria, responsibilities of parties that rate borrowers and facilities, definition of what constitutes a rating exception, parties that have authority to approve exceptions, frequency of rating reviews, and management oversight of the rating process. A bank must document the rationale for its choice of internal rating criteria and must be able to provide analyses demonstrating that rating criteria and procedures are likely to result in ratings that meaningfully differentiate risk. Rating criteria and procedures must be periodically reviewed to determine whether they remain fully applicable to the current portfolio and to external conditions. In addition, a bank must document a history of major changes in the risk rating process, and such documentation must support identification of changes made to the risk rating process subsequent to the last supervisory review. The organisation of rating assignment, including the internal control structure, must also be documented.


Banks must document the specific definitions of default and loss used internally and demonstrate consistency with the reference definitions set out in CRE36.68 to CRE36.76.


If the bank employs statistical models in the rating process, the bank must document their methodologies. This material must:


Provide a detailed outline of the theory, assumptions and/or mathematical and empirical basis of the assignment of estimates to grades, individual obligors, exposures, or pools, and the data source(s) used to estimate the model;


Establish a rigorous statistical process (including out-of-time and out-of-sample performance tests) for validating the model; and


Indicate any circumstances under which the model does not work effectively.


Use of a model obtained from a third-party vendor that claims proprietary technology is not a justification for exemption from documentation or any other of the requirements for internal rating systems. The burden is on the model’s vendor and the bank to satisfy supervisors.

Section 4: risk rating system operations

Coverage of ratings


For corporate, sovereign and bank exposures, each borrower and all recognised guarantors must be assigned a rating and each exposure must be associated with a facility rating as part of the loan approval process. Similarly, for retail, each exposure must be assigned to a pool as part of the loan approval process.


Each separate legal entity to which the bank is exposed must be separately rated. A bank must have policies acceptable to its supervisor regarding the treatment of individual entities in a connected group including circumstances under which the same rating may or may not be assigned to some or all related entities. Those policies must include a process for the identification of specific wrong way risk for each legal entity to which the bank is exposed. Transactions with counterparties where specific wrong way risk has been identified need to be treated differently when calculating the EAD for such exposures (see CRE53.48 of the counterparty credit risk chapters of the credit risk standard).

Integrity of rating process : standards for corporate, sovereign and bank exposures


Rating assignments and periodic rating reviews must be completed or approved by a party that does not directly stand to benefit from the extension of credit. Independence of the rating assignment process can be achieved through a range of practices that will be carefully reviewed by supervisors. These operational processes must be documented in the bank’s procedures and incorporated into bank policies. Credit policies and underwriting procedures must reinforce and foster the independence of the rating process.


Borrowers and facilities must have their ratings refreshed at least on an annual basis. Certain credits, especially higher risk borrowers or problem exposures, must be subject to more frequent review. In addition, banks must initiate a new rating if material information on the borrower or facility comes to light.


The bank must have an effective process to obtain and update relevant and material information on the borrower’s financial condition, and on facility characteristics that affect LGDs and EADs (such as the condition of collateral). Upon receipt, the bank needs to have a procedure to update the borrower’s rating in a timely fashion.

Integrity of rating process: standards for retail exposures


A bank must review the loss characteristics and delinquency status of each identified risk pool on at least an annual basis. It must also review the status of individual borrowers within each pool as a means of ensuring that exposures continue to be assigned to the correct pool. This requirement may be satisfied by review of a representative sample of exposures in the pool.



For rating assignments based on expert judgement, banks must clearly articulate the situations in which bank officers may override the outputs of the rating process, including how and to what extent such overrides can be used and by whom. For model-based ratings, the bank must have guidelines and processes for monitoring cases where human judgement has overridden the model’s rating, variables were excluded or inputs were altered. These guidelines must include identifying personnel that are responsible for approving these overrides. Banks must identify overrides and separately track their performance.

Data maintenance


A bank must collect and store data on key borrower and facility characteristics to provide effective support to its internal credit risk measurement and management process, to enable the bank to meet the other requirements in this document, and to serve as a basis for supervisory reporting. These data should be sufficiently detailed to allow retrospective re-allocation of obligors and facilities to grades, for example if increasing sophistication of the internal rating system suggests that finer segregation of portfolios can be achieved. Furthermore, banks must collect and retain data on aspects of their internal ratings as required by the disclosure requirements standard (DIS).

Data maintenance: for corporate, sovereign and bank exposures


Banks must maintain rating histories on borrowers and recognised guarantors, including the rating since the borrower/guarantor was assigned an internal grade, the dates the ratings were assigned, the methodology and key data used to derive the rating and the person/model responsible. The identity of borrowers and facilities that default, and the timing and circumstances of such defaults, must be retained. Banks must also retain data on the PDs and realised default rates associated with rating grades and ratings migration in order to track the predictive power of the borrower rating system.


Banks using the advanced IRB approach must also collect and store a complete history of data on the LGD and EAD estimates associated with each facility and the key data used to derive the estimate and the person/model responsible. Banks must also collect data on the estimated and realised LGDs and EADs associated with each defaulted facility. Banks that reflect the credit risk mitigating effects of guarantees/credit derivatives through LGD must retain data on the LGD of the facility before and after evaluation of the effects of the guarantee/credit derivative. Information about the components of loss or recovery for each defaulted exposure must be retained, such as amounts recovered, source of recovery (eg collateral, liquidation proceeds and guarantees), time period required for recovery, and administrative costs.


Banks under the foundation approach which utilise supervisory estimates are encouraged to retain the relevant data (ie data on loss and recovery experience for corporate exposures under the foundation approach, data on realised losses for banks using the supervisory slotting criteria).

Data maintenance: for retail exposures


Banks must retain data used in the process of allocating exposures to pools, including data on borrower and transaction risk characteristics used either directly or through use of a model, as well as data on delinquency. Banks must also retain data on the estimated PDs, LGDs and EADs, associated with pools of exposures. For defaulted exposures, banks must retain the data on the pools to which the exposure was assigned over the year prior to default and the realised outcomes on LGD and EAD.

Stress tests used in assessment of capital adequacy


An IRB bank must have in place sound stress testing processes for use in the assessment of capital adequacy. Stress testing must involve identifying possible events or future changes in economic conditions that could have unfavourable effects on a bank’s credit exposures and assessment of the bank’s ability to withstand such changes. Examples of scenarios that could be used are:


economic or industry downturns;


market-risk events; and


liquidity conditions.


In addition to the more general tests described above, the bank must perform a credit risk stress test to assess the effect of certain specific conditions on its IRB regulatory capital requirements. The test to be employed would be one chosen by the bank, subject to supervisory review. The test to be employed must be meaningful and reasonably conservative. Individual banks may develop different approaches to undertaking this stress test requirement, depending on their circumstances. For this purpose, the objective is not to require banks to consider worst-case scenarios. The bank’s stress test in this context should, however, consider at least the effect of mild recession scenarios. In this case, one example might be to use two consecutive quarters of zero growth to assess the effect on the bank’s PDs, LGDs and EADs, taking account – on a conservative basis – of the bank’s international diversification.


Whatever method is used, the bank must include a consideration of the following sources of information. First, a bank’s own data should allow estimation of the ratings migration of at least some of its exposures. Second, banks should consider information about the impact of smaller deterioration in the credit environment on a bank’s ratings, giving some information on the likely effect of bigger, stress circumstances. Third, banks should evaluate evidence of ratings migration in external ratings. This would include the bank broadly matching its buckets to rating categories.


National supervisors may wish to issue guidance to their banks on how the tests to be used for this purpose should be designed, bearing in mind conditions in their jurisdiction. The results of the stress test may indicate no difference in the capital calculated under the IRB rules described in this section of this Framework if the bank already uses such an approach for its internal rating purposes. Where a bank operates in several markets, it does not need to test for such conditions in all of those markets, but a bank should stress portfolios containing the vast majority of its total exposures.

Section 5: corporate governance and oversight

Corporate governance


All material aspects of the rating and estimation processes must be approved by the bank’s board of directors or a designated committee thereof and senior management.3 These parties must possess a general understanding of the bank’s risk rating system and detailed comprehension of its associated management reports. Senior management must provide notice to the board of directors or a designated committee thereof of material changes or exceptions from established policies that will materially impact the operations of the bank’s rating system.

1 Footnote

Senior management also must have a good understanding of the rating system’s design and operation, and must approve material differences between established procedure and actual practice. Management must also ensure, on an ongoing basis, that the rating system is operating properly. Management and staff in the credit control function must meet regularly to discuss the performance of the rating process, areas needing improvement, and the status of efforts to improve previously identified deficiencies.


Internal ratings must be an essential part of the reporting to these parties. Reporting must include risk profile by grade, migration across grades, estimation of the relevant parameters per grade, and comparison of realised default rates (and LGDs and EADs for banks on advanced approaches) against expectations. Reporting frequencies may vary with the significance and type of information and the level of the recipient.

Credit risk control


Banks must have independent credit risk control units that are responsible for the design or selection, implementation and performance of their internal rating systems. The unit(s) must be functionally independent from the personnel and management functions responsible for originating exposures. Areas of responsibility must include:


Testing and monitoring internal grades;


Production and analysis of summary reports from the bank’s rating system, to include historical default data sorted by rating at the time of default and one year prior to default, grade migration analyses, and monitoring of trends in key rating criteria;


Implementing procedures to verify that rating definitions are consistently applied across departments and geographic areas;


Reviewing and documenting any changes to the rating process, including the reasons for the changes; and


Reviewing the rating criteria to evaluate if they remain predictive of risk. Changes to the rating process, criteria or individual rating parameters must be documented and retained for supervisors to review.


A credit risk control unit must actively participate in the development, selection, implementation and validation of rating models. It must assume oversight and supervision responsibilities for any models used in the rating process, and ultimate responsibility for the ongoing review and alterations to rating models.

Internal and external audit


Internal audit or an equally independent function must review at least annually the bank’s rating system and its operations, including the operations of the credit function and the estimation of PDs, LGDs and EADs. Areas of review include adherence to all applicable minimum requirements. Internal audit must document its findings.

Section 6: use of internal ratings


Internal ratings and default and loss estimates must play an essential role in the credit approval, risk management, internal capital allocations, and corporate governance functions of banks using the IRB approach. Ratings systems and estimates designed and implemented exclusively for the purpose of qualifying for the IRB approach and used only to provide IRB inputs are not acceptable. It is recognised that banks will not necessarily be using exactly the same estimates for both IRB and all internal purposes. For example, pricing models are likely to use PDs and LGDs relevant to the life of the asset. Where there are such differences, a bank must document them and demonstrate their reasonableness to the supervisor.


A bank must have a credible track record in the use of internal ratings information. Thus, the bank must demonstrate that it has been using a rating system that was broadly in line with the minimum requirements articulated in this document for at least the three years prior to qualification. A bank using the advanced IRB approach must demonstrate that it has been estimating and employing LGDs and EADs in a manner that is broadly consistent with the minimum requirements for use of own estimates of LGDs and EADs for at least the three years prior to qualification. Improvements to a bank’s rating system will not render a bank non-compliant with the three-year requirement.

Section 7: risk quantification

Overall requirements for estimation (structure and intent)


This section addresses the broad standards for own-estimates of PD, LGD, and EAD. Generally, all banks using the IRB approaches must estimate a PD4 for each internal borrower grade for corporate, sovereign and bank exposures or for each pool in the case of retail exposures.

1 Footnote

PD estimates must be a long-run average of one-year default rates for borrowers in the grade, with the exception of retail exposures as set out in CRE36.81 and CRE36.82. Requirements specific to PD estimation are provided in CRE36.77 to CRE36.82. Banks on the advanced approach must estimate an appropriate LGD (as defined in CRE36.83 to CRE36.88) for each of its facilities (or retail pools). For exposures subject to the advanced approach, banks must also estimate an appropriate long-run default-weighted average EAD for each of its facilities as defined in CRE36.89 and CRE36.90. Requirements specific to EAD estimation appear in CRE36.89 to CRE36.99. For corporate, sovereign and bank exposures, banks that do not meet the requirements for own-estimates of EAD or LGD, above, must use the supervisory estimates of these parameters. Standards for use of such estimates are set out in CRE36.128 to CRE36.145.


Internal estimates of PD, LGD, and EAD must incorporate all relevant, material and available data, information and methods. A bank may utilise internal data and data from external sources (including pooled data). Where internal or external data is used, the bank must demonstrate that its estimates are representative of long run experience.


Estimates must be grounded in historical experience and empirical evidence, and not based purely on subjective or judgmental considerations. Any changes in lending practice or the process for pursuing recoveries over the observation period must be taken into account. A bank’s estimates must promptly reflect the implications of technical advances and new data and other information, as it becomes available. Banks must review their estimates on a yearly basis or more frequently.


The population of exposures represented in the data used for estimation, and lending standards in use when the data were generated, and other relevant characteristics should be closely matched to or at least comparable with those of the bank’s exposures and standards. The bank must also demonstrate that economic or market conditions that underlie the data are relevant to current and foreseeable conditions. For estimates of LGD and EAD, banks must take into account CRE36.83 to CRE36.99. The number of exposures in the sample and the data period used for quantification must be sufficient to provide the bank with confidence in the accuracy and robustness of its estimates. The estimation technique must perform well in out-of-sample tests.


In general, estimates of PDs, LGDs, and EADs are likely to involve unpredictable errors. In order to avoid over-optimism, a bank must add to its estimates a margin of conservatism that is related to the likely range of errors. Where methods and data are less satisfactory and the likely range of errors is larger, the margin of conservatism must be larger. Supervisors may allow some flexibility in application of the required standards for data that are collected prior to the date of implementation of this Framework. However, in such cases banks must demonstrate to their supervisors that appropriate adjustments have been made to achieve broad equivalence to the data without such flexibility. Data collected beyond the date of implementation must conform to the minimum standards unless otherwise stated.

Definition of default


A default is considered to have occurred with regard to a particular obligor when either or both of the two following events have taken place.


The bank considers that the obligor is unlikely to pay its credit obligations to the banking group in full, without recourse by the bank to actions such as realising security (if held).


The obligor is past due more than 90 days on any material credit obligation to the banking group.5 Overdrafts will be considered as being past due once the customer has breached an advised limit or been advised of a limit smaller than current outstandings.

1 Footnote

The elements to be taken as indications of unlikeliness to pay include:


The bank puts the credit obligation on non-accrued status.


The bank makes a charge-off or account-specific provision resulting from a significant perceived decline in credit quality subsequent to the bank taking on the exposure.6


The bank sells the credit obligation at a material credit-related economic loss.


The bank consents to a distressed restructuring of the credit obligation where this is likely to result in a diminished financial obligation caused by the material forgiveness, or postponement, of principal, interest or (where relevant) fees.


The bank has filed for the obligor’s bankruptcy or a similar order in respect of the obligor’s credit obligation to the banking group.


The obligor has sought or has been placed in bankruptcy or similar protection where this would avoid or delay repayment of the credit obligation to the banking group.

1 Footnote

National supervisors will provide appropriate guidance as to how these elements must be implemented and monitored.


For retail exposures, the definition of default can be applied at the level of a particular facility, rather than at the level of the obligor. As such, default by a borrower on one obligation does not require a bank to treat all other obligations to the banking group as defaulted.


A bank must record actual defaults on IRB exposure classes using this reference definition. A bank must also use the reference definition for its estimation of PDs, and (where relevant) LGDs and EADs. In arriving at these estimations, a bank may use external data available to it that is not itself consistent with that definition, subject to the requirements set out in CRE36.78. However, in such cases, banks must demonstrate to their supervisors that appropriate adjustments to the data have been made to achieve broad equivalence with the reference definition. This same condition would apply to any internal data used up to implementation of this Framework. Internal data (including that pooled by banks) used in such estimates beyond the date of implementation of this Framework must be consistent with the reference definition.


If the bank considers that a previously defaulted exposure’s status is such that no trigger of the reference definition any longer applies, the bank must rate the borrower and estimate LGD as they would for a non-defaulted facility. Should the reference definition subsequently be triggered, a second default would be deemed to have occurred.



The bank must have clearly articulated and documented policies in respect of the counting of days past due, in particular in respect of the re-ageing of the facilities and the granting of extensions, deferrals, renewals and rewrites to existing accounts. At a minimum, the re-ageing policy must include: (a) approval authorities and reporting requirements; (b) minimum age of a facility before it is eligible for re-ageing; (c) delinquency levels of facilities that are eligible for re-ageing; (d) maximum number of re-ageings per facility; and (e) a reassessment of the borrower’s capacity to repay. These policies must be applied consistently over time, and must support the ‘use test’ (ie if a bank treats a re-aged exposure in a similar fashion to other delinquent exposures more than the past-due cut off point, this exposure must be recorded as in default for IRB purposes).

Treatment of overdrafts


Authorised overdrafts must be subject to a credit limit set by the bank and brought to the knowledge of the client. Any break of this limit must be monitored; if the account were not brought under the limit after 90 to 180 days (subject to the applicable past-due trigger), it would be considered as defaulted. Non-authorised overdrafts will be associated with a zero limit for IRB purposes. Thus, days past due commence once any credit is granted to an unauthorised customer; if such credit were not repaid within 90 to 180 days, the exposure would be considered in default. Banks must have in place rigorous internal policies for assessing the creditworthiness of customers who are offered overdraft accounts.

Definition of loss for all asset classes


The definition of loss used in estimating LGD is economic loss. When measuring economic loss, all relevant factors should be taken into account. This must include material discount effects and material direct and indirect costs associated with collecting on the exposure. Banks must not simply measure the loss recorded in accounting records, although they must be able to compare accounting and economic losses. The bank’s own workout and collection expertise significantly influences their recovery rates and must be reflected in their LGD estimates, but adjustments to estimates for such expertise must be conservative until the bank has sufficient internal empirical evidence of the impact of its expertise.

Requirements specific to PD estimation : corporate, sovereign and bank exposures


Banks must use information and techniques that take appropriate account of the long-run experience when estimating the average PD for each rating grade. For example, banks may use one or more of the three specific techniques set out below: internal default experience, mapping to external data, and statistical default models.


Banks may have a primary technique and use others as a point of comparison and potential adjustment. Supervisors will not be satisfied by mechanical application of a technique without supporting analysis. Banks must recognise the importance of judgmental considerations in combining results of techniques and in making adjustments for limitations of techniques and information. For all methods listed below, banks must estimate a PD for each rating grade based on the observed historical average one-year default rate that is a simple average based on number of obligors (count weighted). Weighting approaches, such as EAD weighting, are not permitted.


A bank may use data on internal default experience for the estimation of PD. A bank must demonstrate in its analysis that the estimates are reflective of underwriting standards and of any differences in the rating system that generated the data and the current rating system. Where only limited data are available, or where underwriting standards or rating systems have changed, the bank must add a greater margin of conservatism in its estimate of PD. The use of pooled data across institutions may also be recognised. A bank must demonstrate that the internal rating systems and criteria of other banks in the pool are comparable with its own.


Banks may associate or map their internal grades to the scale used by an external credit assessment institution or similar institution and then attribute the default rate observed for the external institution’s grades to the bank’s grades. Mappings must be based on a comparison of internal rating criteria to the criteria used by the external institution and on a comparison of the internal and external ratings of any common borrowers. Biases or inconsistencies in the mapping approach or underlying data must be avoided. The external institution’s criteria underlying the data used for quantification must be oriented to the risk of the borrower and not reflect transaction characteristics. The bank’s analysis must include a comparison of the default definitions used, subject to the requirements in CRE36.68 to CRE36.73. The bank must document the basis for the mapping.


A bank is allowed to use a simple average of default-probability estimates for individual borrowers in a given grade, where such estimates are drawn from statistical default prediction models. The bank’s use of default probability models for this purpose must meet the standards specified in CRE36.33.


Irrespective of whether a bank is using external, internal, or pooled data sources, or a combination of the three, for its PD estimation, the length of the underlying historical observation period used must be at least five years for at least one source. If the available observation period spans a longer period for any source, and this data are relevant and material, this longer period must be used. The data should include a representative mix of good and bad years.

Requirements specific to PD estimation: retail exposures


Given the bank-specific basis of assigning exposures to pools, banks must regard internal data as the primary source of information for estimating loss characteristics. Banks are permitted to use external data or statistical models for quantification provided a strong link can be demonstrated between: (a) the bank’s process of assigning exposures to a pool and the process used by the external data source; and (b) between the bank’s internal risk profile and the composition of the external data. In all cases banks must use all relevant and material data sources as points of comparison.


One method for deriving long-run average estimates of PD and default-weighted average loss rates given default (as defined in CRE36.83) for retail would be based on an estimate of the expected long-run loss rate. A bank may (i) use an appropriate PD estimate to infer the long-run default-weighted average loss rate given default, or (ii) use a long-run default-weighted average loss rate given default to infer the appropriate PD. In either case, it is important to recognise that the LGD used for the IRB capital calculation cannot be less than the long-run default-weighted average loss rate given default and must be consistent with the concepts defined in CRE36.83.


Irrespective of whether banks are using external, internal, pooled data sources, or a combination of the three, for their estimation of loss characteristics, the length of the underlying historical observation period used must be at least five years. If the available observation spans a longer period for any source, and these data are relevant, this longer period must be used. The data should include a representative mix of good and bad years of the economic cycle relevant for the portfolio. The PD should be based on the observed historical average one-year default rate.

Requirements specific to own-LGD estimates : standards for all asset classes


A bank must estimate an LGD for each facility that aims to reflect economic downturn conditions where necessary to capture the relevant risks. This LGD cannot be less than the long-run default-weighted average loss rate given default calculated based on the average economic loss of all observed defaults within the data source for that type of facility. In addition, a bank must take into account the potential for the LGD of the facility to be higher than the default-weighted average during a period when credit losses are substantially higher than average. For certain types of exposures, loss severities may not exhibit such cyclical variability and LGD estimates may not differ materially from the long-run default-weighted average. However, for other exposures, this cyclical variability in loss severities may be important and banks will need to incorporate it into their LGD estimates. For this purpose, banks may make reference to the averages of loss severities observed during periods of high credit losses, forecasts based on appropriately conservative assumptions, or other similar methods. Appropriate estimates of LGD during periods of high credit losses might be formed using either internal and/or external data. Supervisors will continue to monitor and encourage the development of appropriate approaches to this issue.


In its analysis, the bank must consider the extent of any dependence between the risk of the borrower and that of the collateral or collateral provider. Cases where there is a significant degree of dependence must be addressed in a conservative manner. Any currency mismatch between the underlying obligation and the collateral must also be considered and treated conservatively in the bank’s assessment of LGD.


LGD estimates must be grounded in historical recovery rates and, when applicable, must not solely be based on the collateral’s estimated market value. This requirement recognises the potential inability of banks to gain both control of their collateral and liquidate it expeditiously. To the extent that LGD estimates take into account the existence of collateral, banks must establish internal requirements for collateral management, operational procedures, legal certainty and risk management process that are generally consistent with those required for the foundation IRB approach.


Recognising the principle that realised losses can at times systematically exceed expected levels, the LGD assigned to a defaulted asset should reflect the possibility that the bank would have to recognise additional, unexpected losses during the recovery period. For each defaulted asset, the bank must also construct its best estimate of the expected loss on that asset based on current economic circumstances and facility status. The amount, if any, by which the LGD on a defaulted asset exceeds the bank’s best estimate of expected loss on the asset represents the capital requirement for that asset, and should be set by the bank on a risk-sensitive basis in accordance with CRE31.3. Instances where the best estimate of expected loss on a defaulted asset is less than the sum of specific provisions and partial charge-offs on that asset will attract supervisory scrutiny and must be justified by the bank.

Requirements specific to own-LGD estimates: additional standards for corporate and sovereign exposures


Estimates of LGD must be based on a minimum data observation period that should ideally cover at least one complete economic cycle but must in any case be no shorter than a period of seven years for at least one source. If the available observation period spans a longer period for any source, and the data are relevant, this longer period must be used.

Requirements specific to own-LGD estimates: additional standards for retail exposures


The minimum data observation period for LGD estimates for retail exposures is five years. The less data a bank has, the more conservative it must be in its estimation.

Requirements specific to own-EAD estimates : standards for all asset classes


EAD for an on-balance sheet or off-balance sheet item is defined as the expected gross exposure of the facility upon default of the obligor. For on-balance sheet items, banks must estimate EAD at no less than the current drawn amount, subject to recognising the effects of on-balance sheet netting as specified in the foundation approach. The minimum requirements for the recognition of netting are the same as those under the foundation approach. The additional minimum requirements for internal estimation of EAD under the advanced approach, therefore, focus on the estimation of EAD for off-balance sheet items (excluding transactions that expose banks to counterparty credit risk as set out in CRE51). Banks using the advanced approach must have established procedures in place for the estimation of EAD for off-balance sheet items. These must specify the estimates of EAD to be used for each facility type. Banks’ estimates of EAD should reflect the possibility of additional drawings by the borrower up to and after the time a default event is triggered. Where estimates of EAD differ by facility type, the delineation of these facilities must be clear and unambiguous.


Under the advanced approach, banks must assign an estimate of EAD for each eligible facility. It must be an estimate of the long-run default-weighted average EAD for similar facilities and borrowers over a sufficiently long period of time, but with a margin of conservatism appropriate to the likely range of errors in the estimate. If a positive correlation can reasonably be expected between the default frequency and the magnitude of EAD, the EAD estimate must incorporate a larger margin of conservatism. Moreover, for exposures for which EAD estimates are volatile over the economic cycle, the bank must use EAD estimates that are appropriate for an economic downturn, if these are more conservative than the long-run average. For banks that have been able to develop their own EAD models, this could be achieved by considering the cyclical nature, if any, of the drivers of such models. Other banks may have sufficient internal data to examine the impact of previous recession(s). However, some banks may only have the option of making conservative use of external data. Moreover, where a bank bases its estimates on alternative measures of central tendency (such as the median or a higher percentile estimate) or only on ‘downturn’ data, it should explicitly confirm that the basic downturn requirement of the framework is met, ie the bank’s estimates do not fall below a (conservative) estimate of the long-run default-weighted average EAD for similar facilities.


The criteria by which estimates of EAD are derived must be plausible and intuitive, and represent what the bank believes to be the material drivers of EAD. The choices must be supported by credible internal analysis by the bank. The bank must be able to provide a breakdown of its EAD experience by the factors it sees as the drivers of EAD. A bank must use all relevant and material information in its derivation of EAD estimates. Across facility types, a bank must review its estimates of EAD when material new information comes to light and at least on an annual basis.


Due consideration must be paid by the bank to its specific policies and strategies adopted in respect of account monitoring and payment processing. The bank must also consider its ability and willingness to prevent further drawings in circumstances short of payment default, such as covenant violations or other technical default events. Banks must also have adequate systems and procedures in place to monitor facility amounts, current outstandings against committed lines and changes in outstandings per borrower and per grade. The bank must be able to monitor outstanding balances on a daily basis.


Banks’ EAD estimates must be developed using a 12-month fixed-horizon approach; ie for each observation in the reference data set, default outcomes must be linked to relevant obligor and facility characteristics twelve months prior to default.


As set out in CRE36.66, banks’ EAD estimates should be based on reference data that reflect the obligor, facility and bank management practice characteristics of the exposures to which the estimates are applied. Consistent with this principle, EAD estimates applied to particular exposures should not be based on data that comingle the effects of disparate characteristics or data from exposures that exhibit different characteristics (eg same broad product grouping but different customers that are managed differently by the bank). The estimates should be based on appropriately homogenous segments. Alternatively, the estimates should be based on an estimation approach that effectively disentangles the impact of the different characteristics exhibited within the relevant dataset. Practices that generally do not comply with this principle include use of estimates based or partly based on:


SME/midmarket data being applied to large corporate obligors.


Data from commitments with ‘small’ unused limit availability being applied to facilities with ‘large’ unused limit availability.


Data from obligors already identified as problematic at reference date being applied to current obligors with no known issues (eg customers at reference date who were already delinquent, watchlisted by the bank, subject to recent bank-initiated limit reductions, blocked from further drawdowns or subject to other types of collections activity).


Data that has been affected by changes in obligors’ mix of borrowing and other credit-related products over the observation period unless that data has been effectively mitigated for such changes, eg by adjusting the data to remove the effects of the changes in the product mix. Supervisors should expect banks to demonstrate a detailed understanding of the impact of changes in customer product mix on EAD reference data sets (and associated EAD estimates) and that the impact is immaterial or has been effectively mitigated within each bank’s estimation process. Banks’ analyses in this regard should be actively challenged by supervisors. Effective mitigation would not include: setting floors to credit conversion factor (CCF)/EAD observations; use of obligor-level estimates that do not fully cover the relevant product transformation options or inappropriately combine products with very different characteristics (eg revolving and non-revolving products); adjusting only ‘material’ observations affected by product transformation; generally excluding observations affected by product profile transformation (thereby potentially distorting the representativeness of the remaining data).


A well-known feature of the commonly used undrawn limit factor (ULF) approach7 to estimating CCFs is the region of instability associated with facilities close to being fully drawn at reference date. Banks should ensure that their EAD estimates are effectively quarantined from the potential effects of this region of instability.


An acceptable approach could include using an estimation method other than the ULF approach that avoids the instability issue by not using potentially small undrawn limits that could approach zero in the denominator or, as appropriate, switching to a method other than the ULF as the region of instability is approached, eg a limit factor, balance factor or additional utilisation factor approach.8 Note that, consistent with CRE36.94, including limit utilisation as a driver in EAD models could quarantine much of the relevant portfolio from this issue but, in the absence of other actions, leaves open how to develop appropriate EAD estimates to be applied to exposures within the region of instability.


Common but ineffective approaches to mitigating this issue include capping and flooring reference data (eg observed CCFs at 100 per cent and zero respectively) or omitting observations that are judged to be affected.

2 Footnotes

EAD reference data must not be capped to the principal amount outstanding or facility limits. Accrued interest, other due payments and limit excesses should be included in EAD reference data.


For transactions that expose banks to counterparty credit risk, estimates of EAD must fulfil the requirements set forth in the counterparty credit risk standards.

Requirements specific to own-EAD estimates: additional standards for corporate and sovereign exposures


Estimates of EAD must be based on a time period that must ideally cover a complete economic cycle but must in any case be no shorter than a period of seven years. If the available observation period spans a longer period for any source, and the data are relevant, this longer period must be used. EAD estimates must be calculated using a default-weighted average and not a time-weighted average.

Requirements specific to own-EAD estimates: additional standards for retail exposures


The minimum data observation period for EAD estimates for retail exposures is five years. The less data a bank has, the more conservative it must be in its estimation.

Requirements for assessing effect of guarantees : standards for corporate and sovereign exposures where own estimates of LGD are used and standards for retail exposures


When a bank uses its own estimates of LGD, it may reflect the risk-mitigating effect of guarantees through an adjustment to PD or LGD estimates. The option to adjust LGDs is available only to those banks that have been approved to use their own internal estimates of LGD. For retail exposures, where guarantees exist, either in support of an individual obligation or a pool of exposures, a bank may reflect the risk-reducing effect either through its estimates of PD or LGD, provided this is done consistently. In adopting one or the other technique, a bank must adopt a consistent approach, both across types of guarantees and over time.


In all cases, both the borrower and all recognised guarantors must be assigned a borrower rating at the outset and on an ongoing basis. A bank must follow all minimum requirements for assigning borrower ratings set out in this document, including the regular monitoring of the guarantor’s condition and ability and willingness to honour its obligations. Consistent with the requirements in CRE36.46 and CRE36.47, a bank must retain all relevant information on the borrower absent the guarantee and the guarantor. In the case of retail guarantees, these requirements also apply to the assignment of an exposure to a pool, and the estimation of PD.


In no case can the bank assign the guaranteed exposure an adjusted PD or LGD such that the adjusted risk weight would be lower than that of a comparable, direct exposure to the guarantor. Neither criteria nor rating processes are permitted to consider possible favourable effects of imperfect expected correlation between default events for the borrower and guarantor for purposes of regulatory minimum capital requirements. As such, the adjusted risk weight must not reflect the risk mitigation of “double default.”


In case the bank applies the standardised approach to direct exposures to the guarantor, the guarantee may only be recognised by treating the covered portion of the exposure as a direct exposure to the guarantor under the standardised approach. Similarly, in case the bank applies the foundation IRB approach to direct exposures to the guarantor, the guarantee may only be recognised by applying the foundation IRB approach to the covered portion of the exposure. Alternatively, banks may choose to not recognise the effect of guarantees on their exposures.


There are no restrictions on the types of eligible guarantors. The bank must, however, have clearly specified criteria for the types of guarantors it will recognise for regulatory capital purposes.


The guarantee must be evidenced in writing, non-cancellable on the part of the guarantor, in force until the debt is satisfied in full (to the extent of the amount and tenor of the guarantee) and legally enforceable against the guarantor in a jurisdiction where the guarantor has assets to attach and enforce a judgement. The guarantee must also be unconditional; there should be no clause in the protection contract outside the direct control of the bank that could prevent the protection provider from being obliged to pay out in a timely manner in the event that the original counterparty fails to make the payment(s) due. However, under the advanced IRB approach, guarantees that only cover loss remaining after the bank has first pursued the original obligor for payment and has completed the workout process may be recognised.


In case of guarantees where the bank applies the standardised approach to the covered portion of the exposure, the scope of guarantors and the minimum requirements as under the standardised approach apply.


A bank must have clearly specified criteria for adjusting borrower grades or LGD estimates (or in the case of retail and eligible purchased receivables, the process of allocating exposures to pools) to reflect the impact of guarantees for regulatory capital purposes. These criteria must be as detailed as the criteria for assigning exposures to grades consistent with CRE36.25 and CRE36.26, and must follow all minimum requirements for assigning borrower or facility ratings set out in this document.


The criteria must be plausible and intuitive, and must address the guarantor’s ability and willingness to perform under the guarantee. The criteria must also address the likely timing of any payments and the degree to which the guarantor’s ability to perform under the guarantee is correlated with the borrower’s ability to repay. The bank’s criteria must also consider the extent to which residual risk to the borrower remains, for example a currency mismatch between the guarantee and the underlying exposure.


In adjusting borrower grades or LGD estimates (or in the case of retail and eligible purchased receivables, the process of allocating exposures to pools), banks must take all relevant available information into account.

Requirements for assessing effect of credit derivatives: standards for corporate and sovereign exposures where own estimates of LGD are used and standards for retail exposures


The minimum requirements for guarantees are relevant also for single-name credit derivatives. Additional considerations arise in respect of asset mismatches. The criteria used for assigning adjusted borrower grades or LGD estimates (or pools) for exposures hedged with credit derivatives must require that the asset on which the protection is based (the reference asset) cannot be different from the underlying asset, unless the conditions outlined in the foundation approach are met.


In addition, the criteria must address the payout structure of the credit derivative and conservatively assess the impact this has on the level and timing of recoveries. The bank must also consider the extent to which other forms of residual risk remain.

Requirements for assessing effect of guarantees and credit derivatives: standards for banks using foundation LGD estimates


The minimum requirements outlined in CRE36.100 to CRE36.111 apply to banks using the foundation LGD estimates with the following exceptions:


The bank is not able to use an 'LGD-adjustment' option; and


The range of eligible guarantees and guarantors is limited to those outlined in CRE32.23.

Requirements specific to estimating PD and LGD (or EL) for qualifying purchased receivables


The following minimum requirements for risk quantification must be satisfied for any purchased receivables (corporate or retail) making use of the top-down treatment of default risk and/or the IRB treatments of dilution risk.


The purchasing bank will be required to group the receivables into sufficiently homogeneous pools so that accurate and consistent estimates of PD and LGD (or EL) for default losses and EL estimates of dilution losses can be determined. In general, the risk bucketing process will reflect the seller’s underwriting practices and the heterogeneity of its customers. In addition, methods and data for estimating PD, LGD, and EL must comply with the existing risk quantification standards for retail exposures. In particular, quantification should reflect all information available to the purchasing bank regarding the quality of the underlying receivables, including data for similar pools provided by the seller, by the purchasing bank, or by external sources. The purchasing bank must determine whether the data provided by the seller are consistent with expectations agreed upon by both parties concerning, for example, the type, volume and on-going quality of receivables purchased. Where this is not the case, the purchasing bank is expected to obtain and rely upon more relevant data.


A bank purchasing receivables has to justify confidence that current and future advances can be repaid from the liquidation of (or collections against) the receivables pool. To qualify for the top-down treatment of default risk, the receivable pool and overall lending relationship should be closely monitored and controlled. Specifically, a bank will have to demonstrate the following:


Legal certainty (see CRE36.116).


Effectiveness of monitoring systems (see CRE36.117)


Effectiveness of work-out systems (see CRE36.118)


Effectiveness of systems for controlling collateral, credit availability, and cash (see CRE36.119)


Compliance with the bank’s internal policies and procedures (see CRE36.120 and CRE36.121)


Legal certainty: the structure of the facility must ensure that under all foreseeable circumstances the bank has effective ownership and control of the cash remittances from the receivables, including incidences of seller or servicer distress and bankruptcy. When the obligor makes payments directly to a seller or servicer, the bank must verify regularly that payments are forwarded completely and within the contractually agreed terms. As well, ownership over the receivables and cash receipts should be protected against bankruptcy ‘stays’ or legal challenges that could materially delay the lender’s ability to liquidate/assign the receivables or retain control over cash receipts.


Effectiveness of monitoring systems: the bank must be able to monitor both the quality of the receivables and the financial condition of the seller and servicer. In particular:


The bank must:


assess the correlation among the quality of the receivables and the financial condition of both the seller and servicer; and


have in place internal policies and procedures that provide adequate safeguards to protect against such contingencies, including the assignment of an internal risk rating for each seller and servicer.


The bank must have clear and effective policies and procedures for determining seller and servicer eligibility. The bank or its agent must conduct periodic reviews of sellers and servicers in order to verify the accuracy of reports from the seller/servicer, detect fraud or operational weaknesses, and verify the quality of the seller’s credit policies and servicer’s collection policies and procedures. The findings of these reviews must be well documented.


The bank must have the ability to assess the characteristics of the receivables pool, including:




history of the seller’s arrears, bad debts, and bad debt allowances;


payment terms; and


potential contra accounts.


The bank must have effective policies and procedures for monitoring on an aggregate basis single-obligor concentrations both within and across receivables pools.


The bank must receive timely and sufficiently detailed reports of receivables ageings and dilutions to:


ensure compliance with the bank’s eligibility criteria and advancing policies governing purchased receivables; and


provide an effective means with which to monitor and confirm the seller’s terms of sale (eg invoice date ageing) and dilution.


Effectiveness of work-out systems: an effective programme requires systems and procedures not only for detecting deterioration in the seller’s financial condition and deterioration in the quality of the receivables at an early stage, but also for addressing emerging problems pro-actively. In particular:


The bank should have clear and effective policies, procedures, and information systems to monitor compliance with (a) all contractual terms of the facility (including covenants, advancing formulas, concentration limits, early amortisation triggers, etc) as well as (b) the bank’s internal policies governing advance rates and receivables eligibility. The bank’s systems should track covenant violations and waivers as well as exceptions to established policies and procedures.


To limit inappropriate draws, the bank should have effective policies and procedures for detecting, approving, monitoring, and correcting over-advances.


The bank should have effective policies and procedures for dealing with financially weakened sellers or servicers and/or deterioration in the quality of receivable pools. These include, but are not necessarily limited to, early termination triggers in revolving facilities and other covenant protections, a structured and disciplined approach to dealing with covenant violations, and clear and effective policies and procedures for initiating legal actions and dealing with problem receivables.


Effectiveness of systems for controlling collateral, credit availability, and cash: the bank must have clear and effective policies and procedures governing the control of receivables, credit, and cash. In particular:


Written internal policies must specify all material elements of the receivables purchase programme, including the advancing rates, eligible collateral, necessary documentation, concentration limits, and how cash receipts are to be handled. These elements should take appropriate account of all relevant and material factors, including the seller’s/servicer’s financial condition, risk concentrations, and trends in the quality of the receivables and the seller’s customer base.


Internal systems must ensure that funds are advanced only against specified supporting collateral and documentation (such as servicer attestations, invoices, shipping documents, etc).


Compliance with the bank’s internal policies and procedures: given the reliance on monitoring and control systems to limit credit risk, the bank should have an effective internal process for assessing compliance with all critical policies and procedures, including:


Regular internal and/or external audits of all critical phases of the bank’s receivables purchase programme.


Verification of the separation of duties:


between the assessment of the seller/servicer and the assessment of the obligor; and


between the assessment of the seller/servicer and the field audit of the seller/servicer.


A bank’s effective internal process for assessing compliance with all critical policies and procedures should also include evaluations of back office operations, with particular focus on qualifications, experience, staffing levels, and supporting systems.

Section 8: validation of internal estimates


Banks must have a robust system in place to validate the accuracy and consistency of rating systems, processes, and the estimation of all relevant risk components. A bank must demonstrate to its supervisor that the internal validation process enables it to assess the performance of internal rating and risk estimation systems consistently and meaningfully.


Banks must regularly compare realised default rates with estimated PDs for each grade and be able to demonstrate that the realised default rates are within the expected range for that grade. Banks using the advanced IRB approach must complete such analysis for their estimates of LGDs and EADs. Such comparisons must make use of historical data that are over as long a period as possible. The methods and data used in such comparisons by the bank must be clearly documented by the bank. This analysis and documentation must be updated at least annually.


Banks must also use other quantitative validation tools and comparisons with relevant external data sources. The analysis must be based on data that are appropriate to the portfolio, are updated regularly, and cover a relevant observation period. Banks’ internal assessments of the performance of their own rating systems must be based on long data histories, covering a range of economic conditions, and ideally one or more complete business cycles.


Banks must demonstrate that quantitative testing methods and other validation methods do not vary systematically with the economic cycle. Changes in methods and data (both data sources and periods covered) must be clearly and thoroughly documented.


Banks must have well-articulated internal standards for situations where deviations in realised PDs, LGDs and EADs from expectations become significant enough to call the validity of the estimates into question. These standards must take account of business cycles and similar systematic variability in default experiences. Where realised values continue to be higher than expected values, banks must revise estimates upward to reflect their default and loss experience.


Where banks rely on supervisory, rather than internal, estimates of risk parameters, they are encouraged to compare realised LGDs and EADs to those set by the supervisors. The information on realised LGDs and EADs should form part of the bank’s assessment of economic capital.

Section 9: supervisory LGD and EAD estimates


Banks under the foundation IRB approach, which do not meet the requirements for own-estimates of LGD and EAD, above, must meet the minimum requirements described in the standardised approach to receive recognition for eligible financial collateral (as set out in the credit risk mitigation section of the standardised approach, CRE22). They must meet the following additional minimum requirements in order to receive recognition for additional collateral types.

Definition of eligibility of commercial and residential real estate as collateral


Eligible commercial and residential real estate collateral for corporate, sovereign and bank exposures are defined as:


Collateral where the risk of the borrower is not materially dependent upon the performance of the underlying property or project, but rather on the underlying capacity of the borrower to repay the debt from other sources. As such, repayment of the facility is not materially dependent on any cash flow generated by the underlying commercial or residential real estate serving as collateral;9 and


Additionally, the value of the collateral pledged must not be materially dependent on the performance of the borrower. This requirement is not intended to preclude situations where purely macro-economic factors affect both the value of the collateral and the performance of the borrower.

1 Footnote

In light of the generic description above and the definition of corporate exposures, income producing real estate that falls under the SL asset class is specifically excluded from recognition as collateral for corporate exposures.10

1 Footnote

Operational requirements for eligible commercial or residential real estate


Subject to meeting the definition above, commercial and residential real estate will be eligible for recognition as collateral for corporate claims only if all of the following operational requirements are met.


Legal enforceability: any claim on collateral taken must be legally enforceable in all relevant jurisdictions, and any claim on collateral must be properly filed on a timely basis. Collateral interests must reflect a perfected lien (ie all legal requirements for establishing the claim have been fulfilled). Furthermore, the collateral agreement and the legal process underpinning it must be such that they provide for the bank to realise the value of the collateral within a reasonable timeframe.


Objective market value of collateral: the collateral must be valued at or less than the current fair value under which the property could be sold under private contract between a willing seller and an arm’s-length buyer on the date of valuation.


Frequent revaluation: the bank is expected to monitor the value of the collateral on a frequent basis and at a minimum once every year. More frequent monitoring is suggested where the market is subject to significant changes in conditions. Statistical methods of evaluation (eg reference to house price indices, sampling) may be used to update estimates or to identify collateral that may have declined in value and that may need re-appraisal. A qualified professional must evaluate the property when information indicates that the value of the collateral may have declined materially relative to general market prices or when a credit event, such as default, occurs.


Junior liens: In some member countries, eligible collateral will be restricted to situations where the lender has a first charge over the property.11 Junior liens may be taken into account where there is no doubt that the claim for collateral is legally enforceable and constitutes an efficient credit risk mitigant. Where junior liens are recognised the bank must first take the haircut value of the collateral, then reduce it by the sum of all loans with liens that rank higher than the junior lien, the remaining value is the collateral that supports the loan with the junior lien. In cases where liens are held by third parties that rank pari passu with the lien of the bank, only the proportion of the collateral (after the application of haircuts and reductions due to the value of loans with liens that rank higher than the lien of the bank) that is attributable to the bank may be recognised.

1 Footnote

Additional collateral management requirements are as follows:


The types of commercial and residential real estate collateral accepted by the bank and lending policies (advance rates) when this type of collateral is taken must be clearly documented.


The bank must take steps to ensure that the property taken as collateral is adequately insured against damage or deterioration.


The bank must monitor on an ongoing basis the extent of any permissible prior claims (eg tax) on the property.


The bank must appropriately monitor the risk of environmental liability arising in respect of the collateral, such as the presence of toxic material on a property.

Requirements for recognition of financial receivables : definition of eligible receivables


Eligible financial receivables are claims with an original maturity of less than or equal to one year where repayment will occur through the commercial or financial flows related to the underlying assets of the borrower. This includes both self-liquidating debt arising from the sale of goods or services linked to a commercial transaction and general amounts owed by buyers, suppliers, renters, national and local governmental authorities, or other non-affiliated parties not related to the sale of goods or services linked to a commercial transaction. Eligible receivables do not include those associated with securitisations, sub-participations or credit derivatives.

Requirements for recognition of financial receivables: legal certainty


The legal mechanism by which collateral is given must be robust and ensure that the lender has clear rights over the proceeds from the collateral.


Banks must take all steps necessary to fulfil local requirements in respect of the enforceability of security interest, eg by registering a security interest with a registrar. There should be a framework that allows the potential lender to have a perfected first priority claim over the collateral.


All documentation used in collateralised transactions must be binding on all parties and legally enforceable in all relevant jurisdictions. Banks must have conducted sufficient legal review to verify this and have a well-founded legal basis to reach this conclusion, and undertake such further review as necessary to ensure continuing enforceability.


The collateral arrangements must be properly documented, with a clear and robust procedure for the timely collection of collateral proceeds. Banks’ procedures should ensure that any legal conditions required for declaring the default of the customer and timely collection of collateral are observed. In the event of the obligor’s financial distress or default, the bank should have legal authority to sell or assign the receivables to other parties without consent of the receivables’ obligors.

Requirements for recognition of financial receivables: risk management


The bank must have a sound process for determining the credit risk in the receivables. Such a process should include, among other things, analyses of the borrower’s business and industry (eg effects of the business cycle) and the types of customers with whom the borrower does business. Where the bank relies on the borrower to ascertain the credit risk of the customers, the bank must review the borrower’s credit policy to ascertain its soundness and credibility.


The margin between the amount of the exposure and the value of the receivables must reflect all appropriate factors, including the cost of collection, concentration within the receivables pool pledged by an individual borrower, and potential concentration risk within the bank’s total exposures.


The bank must maintain a continuous monitoring process that is appropriate for the specific exposures (either immediate or contingent) attributable to the collateral to be utilised as a risk mitigant. This process may include, as appropriate and relevant, ageing reports, control of trade documents, borrowing base certificates, frequent audits of collateral, confirmation of accounts, control of the proceeds of accounts paid, analyses of dilution (credits given by the borrower to the issuers) and regular financial analysis of both the borrower and the issuers of the receivables, especially in the case when a small number of large-sized receivables are taken as collateral. Observance of the bank’s overall concentration limits should be monitored. Additionally, compliance with loan covenants, environmental restrictions, and other legal requirements should be reviewed on a regular basis.


The receivables pledged by a borrower should be diversified and not be unduly correlated with the borrower. Where the correlation is high, eg where some issuers of the receivables are reliant on the borrower for their viability or the borrower and the issuers belong to a common industry, the attendant risks should be taken into account in the setting of margins for the collateral pool as a whole. Receivables from affiliates of the borrower (including subsidiaries and employees) will not be recognised as risk mitigants.


The bank should have a documented process for collecting receivable payments in distressed situations. The requisite facilities for collection should be in place, even when the bank normally looks to the borrower for collections.

Requirements for recognition of other physical collateral


Supervisors may allow for recognition of the credit risk mitigating effect of certain other physical collateral when the following conditions are met:


The bank demonstrates to the satisfaction of the supervisor that there are liquid markets for disposal of collateral in an expeditious and economically efficient manner. Banks must carry out a reassessment of this condition both periodically and when information indicates material changes in the market.


The bank demonstrates to the satisfaction of the supervisor that there are well established, publicly available market prices for the collateral. Banks must also demonstrate that the amount they receive when collateral is realised does not deviate significantly from these market prices.


In order for a given bank to receive recognition for additional physical collateral, it must meet all the standards in CRE36.131 and CRE36.132, subject to the following modifications:


With the sole exception of permissible prior claims specified in the footnote to CRE36.131, only first liens on, or charges over, collateral are permissible. As such, the bank must have priority over all other lenders to the realised proceeds of the collateral.


The loan agreement must include detailed descriptions of the collateral and the right to examine and revalue the collateral whenever this is deemed necessary by the lending bank.


The types of physical collateral accepted by the bank and policies and practices in respect of the appropriate amount of each type of collateral relative to the exposure amount must be clearly documented in internal credit policies and procedures and available for examination and/or audit review.


Bank credit policies with regard to the transaction structure must address appropriate collateral requirements relative to the exposure amount, the ability to liquidate the collateral readily, the ability to establish objectively a price or market value, the frequency with which the value can readily be obtained (including a professional appraisal or valuation), and the volatility of the value of the collateral. The periodic revaluation process must pay particular attention to “fashion-sensitive” collateral to ensure that valuations are appropriately adjusted downward of fashion, or model-year, obsolescence as well as physical obsolescence or deterioration.


In cases of inventories (eg raw materials, work-in-process, finished goods, dealers’ inventories of autos) and equipment, the periodic revaluation process must include physical inspection of the collateral.


General Security Agreements, and other forms of floating charge, can provide the lending bank with a registered claim over a company’s assets. In cases where the registered claim includes both assets that are not eligible as collateral under the foundation IRB and assets that are eligible as collateral under the foundation IRB, the bank may recognise the latter. Recognition is conditional on the claims meeting the operational requirements set out in CRE36.128 to CRE36.144.

Section 10: requirements for recognition of leasing


Leases other than those that expose the bank to residual value risk (see CRE36.147) will be accorded the same treatment as exposures collateralised by the same type of collateral. The minimum requirements for the collateral type must be met (commercial or residential real estate or other collateral). In addition, the bank must also meet the following standards:


Robust risk management on the part of the lessor with respect to the location of the asset, the use to which it is put, its age, and planned obsolescence;


A robust legal framework establishing the lessor’s legal ownership of the asset and its ability to exercise its rights as owner in a timely fashion; and


The difference between the rate of depreciation of the physical asset and the rate of amortisation of the lease payments must not be so large as to overstate the credit risk mitigation attributed to the leased assets.


Leases that expose the bank to residual value risk will be treated in the following manner. Residual value risk is the bank’s exposure to potential loss due to the fair value of the equipment declining below its residual estimate at lease inception.


The discounted lease payment stream will receive a risk weight appropriate for the lessee’s financial strength (PD) and supervisory or own-estimate of LGD, whichever is appropriate.


The residual value will be risk-weighted at 100%.

Section 11: disclosure requirements


In order to be eligible for the IRB approach, banks must meet the disclosure requirements set out in the disclosure requirements standard (DIS). These are minimum requirements for use of IRB: failure to meet these will render banks ineligible to use the relevant IRB approach.