Reports and guidance documents; availability, etc.: Retail credit risk for regulatory capital; internal ratings-based systems use; comment request,


[Federal Register: October 27, 2004 (Volume 69, Number 207)]


[Page 62747-62776]

From the Federal Register Online via GPO Access []


[[Page 62747]]

Part II

Department of the Treasury

Office of the Comptroller of the Currency

Federal Reserve System

Federal Deposit Insurance Corporation

Department of the Treasury

Office of Thrift Supervision

Internal Ratings-Based Systems for Retail Credit Risk for Regulatory Capital; Notice

[[Page 62748]]


Office of the Comptroller of the Currency

[Docket No. 04-22]


[Docket No. OP-1215]



Office of Thrift Supervision

[No. 2004-48]

Internal Ratings-Based Systems for Retail Credit Risk for Regulatory Capital

AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC); Board of Governors of the Federal Reserve System (Board); Federal Deposit Insurance Corporation (FDIC); and Office of Thrift Supervision, Treasury (OTS).

ACTION: Proposed supervisory guidance with request for comment.

SUMMARY: The OCC, Board, FDIC, and OTS (Agencies) are publishing for industry comment a document that sets forth proposed supervisory guidance for banks, savings associations, and bank holding companies (banking organizations) that would use the internal-ratings-based (IRB) approach to determine their regulatory capital requirements for retail credit exposures. The Agencies described the IRB approach in general terms in an advance notice of proposed rulemaking (ANPR) in August 2003 and expect to issue a notice of proposed rulemaking (NPR) in 2005 that would comprehensively implement the IRB approach and other elements of the International Convergence of Capital Measurement and Capital Standards: A Revised Framework, which was adopted by the Basel Committee on Banking Supervision in June 2004 (Basel II Framework). Under the IRB approach, banking organizations would use internal estimates of certain risk parameters as key inputs in the determination of their regulatory capital requirements. The Agencies intend for this guidance to provide banking organizations, in anticipation of the NPR, with a description of the current views of the Agencies regarding (and an opportunity for interested persons to comment on) the components and characteristics of a qualifying IRB credit risk measurement, data maintenance, segmentation, and quantification framework for retail exposures.

DATES: Comments must be submitted on or before January 25, 2005.

ADDRESSES: Comments should be directed to:

OCC: Office of the Comptroller of the Currency, 250 E Street SW., Mail stop 1-5, Washington, DC 20219, Attention: Docket No. [04-22], Fax number (202) 874-4448 or Internet address: Comments may be inspected and photocopied at the OCC's Public Information Room, 250 E Street, SW., Washington, DC. You may submit comments, identified by docket number [04-22], by any of the following methods:

Federal eRulemaking Portal:

Follow the instructions for submitting comments.

OCC Web Site: Click on ``Contact

the OCC,'' scroll down and click on ``Comments on Proposed Regulations.''

E-mail address: Please include docket number [04-22] in the subject line of the message.

Fax: (202) 874-4448.

Mail: Office of the Comptroller of the Currency, 250 E Street, SW., Public Reference Room, Mail Stop 1-5, Washington, DC 20219.

Hand Delivery/Courier: 250 E Street, SW., Attn: Public Reference Room, Mail Stop 1-5, Washington, DC 20219

Board: You may submit comments, identified by Docket No. OP-1215, by any of the following methods:

Agency Web Site: Follow the instructions for submitting comments on the generalinfo/foia/ProposedRegs.cfm.

Federal eRulemaking Portal:

Follow the instructions for submitting comments.

E-mail: Include docket number in the subject line of the message.

Fax: (202) 452-3819 or (202) 452-3102.

Mail: Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, NW., Washington, DC 20551.

All public comments are available from the Board's Web site at generalinfo/foia/ProposedRegs.cfm as

submitted, except as necessary for technical reasons. Accordingly, your comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper form in Room MP-500 of the Board's Martin Building (20th and C Streets, NW.) between 9 a.m. and 5 p.m. on weekdays.

FDIC: You may submit comments by any of the following methods:

Federal eRulemaking Portal:

Follow the instructions for submitting comments.

Agency Web site: laws/


Mail: Robert E. Feldman, Executive Secretary, Attention: Comments/Legal ESS, Federal Deposit Insurance Corporation, 550 17th Street, NW., Washington, DC 20429.

Hand Delivered/Courier: The guard station at the rear of the 550 17th Street Building (located on F Street), on business days between 7 a.m. and 5 p.m.


Public Inspection: Comments may be inspected and photocopied in the FDIC Public Information Center, Room 100, 801 17th Street, NW., Washington, DC, between 9 a.m. and 4:30 p.m. on business days.

Instructions: Submissions received must include the agency name and title for this notice. Comments received will be posted without change to laws/federal/propose.html,

including any personal information provided.

OTS: You may submit comments, identified by No. 2004-48, by any of the following methods:

Federal eRulemaking Portal:

Follow the instructions for submitting comments.

E-mail: Please include No. 2004-48 in the subject line of the message, and include your name and telephone number in the message.

Fax: (202) 906-6518.

Mail: Regulation Comments, Chief Counsel's Office, Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552, Attention: No. 2004-48.

Hand Delivery/Courier: Guard's Desk, East Lobby Entrance, 1700 G Street, NW., from 9 a.m. to 4 p.m. on business days, Attention: Regulation Comments, Chief Counsel's Office, Attention: No. 2004-48.

Instructions: All submissions received must include the agency name and docket number or Regulatory Information Number (RIN) for this rulemaking. All comments received will be posted without change to,

[[Page 62749]]

including any personal information provided.

Docket: For access to the docket to read background documents or comments received, go to

cfm?catNumber=67&an=1. In addition, you may inspect comments at the Public Reading Room, 1700 G Street, NW., by appointment. To make an appointment for access, call (202) 906-5922, send an e-mail to, or send a facsimile transmission to (202)

906-7755. (Prior notice identifying the materials you will be requesting will assist us in serving you.) We schedule appointments on business days between 10 a.m. and 4 p.m. In most cases, appointments will be available the next business day following the date we receive a request.


OCC: Mitchell Stengel, Senior Expert, Basel Credit Risk Modeling, Risk Analysis, (202) 874-5250; Daniel L. Pearson, National Bank Examiner, Credit Risk, (202) 874-5170; and Ron Shimabukuro, Special Counsel, Legislative and Regulatory Activities Division, (202) 874- 5190, Office of the Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.

Board: Sabeth Siddique, Manager, (202) 452-3861, Division of Banking Supervision and Regulation; Mark E. Van Der Weide, Senior Counsel, (202) 452-2263, Legal Division, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, NW., Washington, DC 20551; and William W. Lang, Vice President, Supervision, Regulation and Credit, Federal Reserve Bank of Philadelphia, (215) 574- 7225. For users of Telecommunications Device for the Deaf (``TDD'') only, contact (202) 263-4869.

FDIC: Peter Hirsch, Basel II Project Manager, (202) 898-6751, Jon Eagar, Senior Examiner, (801) 263-3090, ext. 4726, Division of Supervision and Consumer Protection; Michael B. Phillips, Counsel, (202) 898-3581, Legal Division, Federal Deposit Insurance Corporation, 550 17th Street, NW., Washington, DC 20429.

OTS: Fred Phillips-Patrick, Manager, Credit Risk, (202) 906-7295, Supervision Policy; Karen Osterloh, Special Counsel, (202) 906-6639, Chief Counsel's Office, Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552.

SUPPLEMENTARY INFORMATION: The Agencies issued an ANPR on August 4, 2003, which sought comment on a substantially revised capital adequacy framework for large and internationally active U.S. banking organizations. See 68 FR 45900. The content of the ANPR was based in large part on the April 2003 version of the Basel II Framework.\1\ Specifically, the ANPR described significant elements of the IRB approach for computing credit risk capital requirements and the Advanced Measurement Approaches for computing operational risk capital requirements (AMA approach). Under the ANPR, certain banking organizations would be required to adopt the IRB and AMA approaches (core banks) and other banking organizations that met certain criteria would have the ability to adopt the IRB and AMA approaches on a voluntary basis (opt-in banks). Under the IRB and AMA approaches outlined in the ANPR, core banks and opt-in banks would use internal estimates of certain risk components as key inputs in the determination of their regulatory capital requirements.

\1\ See The New Basel Capital Accord (April 2003) (available at The Basel II Framework sets out both a

Foundation and Advanced IRB approach. However, for purposes of domestic U.S. implementation, the ANPR only proposed adoption of the Advanced IRB approach.

Contemporaneously with the ANPR, the Agencies also issued for public comment two proposed supervisory guidance documents relating to the revised capital framework. See 68 FR 45949. The first document provided proposed supervisory guidance on IRB systems for corporate credit risk. This document described then-existing supervisory views on the credit risk measurement and management systems of banking organizations that intended to adopt the IRB approach for computing capital requirements for corporate credit risk exposures. The second document provided proposed supervisory guidance on AMA approaches for operational risk.

In June 2004, the Basel Committee on Banking Supervision published a further revised version of the Basel II Framework.\2\ In light of the timetable for implementation of the Basel II Framework on an international basis and the complexity and long-term operational planning and program implementation needs of the core banks and opt-in banks, the Agencies are publishing for comment the following proposed IRB retail guidance document. The issuance of this document, together with the proposed IRB supervisory guidance on corporate credit risk and the proposed AMA supervisory guidance on operational risk, is part of an effort by the Agencies to gather as much industry feedback from interested parties as possible before the issuance of the NPR, which the Agencies expect will propose a revised capital adequacy standard based on the Basel II Framework for large and internationally active U.S. banking organizations. Issuing this proposed guidance before the formal issuance of the NPR will facilitate both (i) public input on the qualifying standards and infrastructure requirements for IRB and AMA and (ii) understanding of current Agency thinking for those banking organizations that expect to be core banks or opt-in banks and have sought additional guidance so that they may voluntarily begin operational planning to qualify for use of the IRB and AMA approaches at the earliest possible time.

\2\ See International Convergence of Capital Measurement and Capital Standards (June 2004) (available at The

Basel Committee on Banking Supervision is a committee of banking supervisory authorities that was established by the central bank governors of the Group of Ten countries in 1975. It consists of senior representatives of bank supervisory authorities and central banks from Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain, Sweden, Switzerland, the United Kingdom, and the United States.

Banking organizations should note, however, that this retail IRB guidance, like the proposed corporate IRB guidance and the proposed AMA operational risk guidance, is only a proposal. Although these three proposed guidance documents reflect the views of the Agencies at the time of issuance concerning the elements of an appropriate IRB and AMA risk management infrastructure for core and opt-in banks, the guidance documents are subject to substantial change based on comments submitted by banking organizations and other interested parties, further analysis by the Agencies, results of a Quantitative Impact Study, evolution of the Basel II Framework, and technological advances in the risk measurement and management disciplines.

The proposed retail guidance, like the proposed corporate IRB guidance and the proposed operational risk AMA guidance, includes many supervisory standards that ultimately may become part of the NPR rule text as proposed minimum qualifying requirements for use of the IRB and AMA approaches. The Agencies included these standards in the proposed guidance documents in order to provide banking organizations with coherent and comprehensive guidance as to the current views of the Agencies on the elements of an IRB and AMA risk management infrastructure. The proposed guidance documents do not reflect any final decisions by the Agencies about the content of the final rule, and no such decisions will be made by the Agencies prior to a full evaluation of the comments on the future NPR.

[[Page 62750]]

Request for Comments

The Agencies request comment on whether any of the standards set forth in this proposed retail IRB guidance should be revised, deleted, or supplemented, and which of these standards should be (1) mandatory minimum qualifying criteria for use of the retail IRB approaches, or (2) criteria for supervisory guidance purposes only.

We seek comment on all other aspects of the following proposed retail guidance document as well, including (1) the important supervisory expectations (referred to as supervisory standards in the guidance document) that are designated in the document by the prefix ``RS;'' (2) the methodology for the estimation of the three IRB segment-level credit risk parameters; and (3) the framework for the evaluation and oversight of retail exposure credit risk, which includes provisions covering segmentation, quantification, data maintenance, and control and oversight mechanisms.

In particular, the Agencies are interested in industry comment on the following issues:

  1. Qualifying Revolving Exposures (QRE) Volatility Requirement. This proposed retail IRB guidance does not set forth criteria for defining what will constitute a ``low'' ratio of loss rate volatility to average loss rate for the purpose of qualification for QRE capital treatment. (See paragraphs 160 to 164 of the proposed guidance.) In developing the NPR, the Agencies will consider various options for addressing this concern and will provide additional information regarding QRE capital treatment. The Agencies seek comment on ways to implement the low volatility requirement for QRE sub-portfolios.

  2. Definition of Default. This proposed retail IRB guidance (paragraph 98) stipulates that a retail exposure will be considered in default if any one of three ``loss recognition events'' occurs. One of these three events is that ``The exposure is put on non-accrual status.''

    The Agencies acknowledge that there is not a requirement for placing delinquent retail exposures on nonaccrual status for either Call Report/Thrift Financial Report purposes or for GAAP. Nonetheless, many banks choose to put certain retail loans on nonaccrual and report these as such on their Call Reports/Thrift Financial Reports and financial statements.

    The Agencies invite comment on this particular element of the proposed definition of default, including detailed explanations of why banking organizations favor or oppose the inclusion of nonaccrual status in the definition of default.

  3. Loss Given Default (LGD) Estimation. When the loss severity of a retail portfolio exhibits significant cyclical variability, this proposed retail IRB guidance states that a bank must estimate an LGD that reflects periods of high credit losses for the particular portfolio (e.g., mortgages). The period of high credit losses may be different for each retail portfolio. (See standard RS-22 and paragraph 127.) The Agencies invite comment on various issues related to estimating LGD for such periods:

    How should ``periods of high credit losses'' (also referred to as periods when credit losses are ``substantially higher than average'') for a portfolio be defined?

    What methods could be used to estimate an LGD appropriate to such periods?

    Should the LGD adjustment for high credit losses reflect the likely LGD when credit losses are high at the product or portfolio level for the particular bank (legal entity), or for a nationally diversified portfolio?

    How will a bank ensure that the LGD will reflect any unique or predictive risk characteristics of individual segments or small groups of segments if the period of high credit losses is defined at an aggregated level?

    If segments are defined across multiple legal entities, how will the banking organization ensure that the capital levels accurately reflect the unique risk of assets held by each legal entity?

    The Agencies, through the Basel Committee on Banking Supervision, are undertaking additional work to clarify LGD estimation.

  4. Criteria for Assigning Exposures to Retail Categories. Because each risk category has its own risk-weight function, assignment to different risk categories results in different capital requirements. A variety of loan types, especially real estate loans, could be placed in more than one retail or corporate IRB risk category. The Agencies request comment on whether the criteria for assigning exposures to retail categories are appropriate for the credit risk of the exposures. For example, is four units the appropriate limit on the number of units in a residential property to meet the definition of a residential mortgage loan? In addition, are small business loans appropriately categorized based on whether they are primarily or partially secured by residential real estate?

    Paperwork Reduction Act

    Each of the Agencies is subject to the Paperwork Reduction Act of 1995 (PRA).\3\ The rulemaking initiated by the ANPR likely will impose requirements for core and opt-in banks, either in the regulations themselves or as part of interagency implementation guidance, that are covered by the PRA. This proposed retail IRB guidance describes the current views of the Agencies as to the components and characteristics of a qualifying IRB credit risk measurement, data maintenance, segmentation, and quantification framework for retail exposures. It is important that banking organizations recognize in reviewing the proposed guidance that it is subject to substantial change based on the comments received during the rulemaking process, further analysis by the Agencies, evolution of the Basel II Framework, and other developments.

    \3\ 44 U.S.C. 3501 et seq.

    Commenters on this proposed retail IRB guidance are asked to provide any estimates that they can reasonably determine about the time, effort, and financial resources that will be required to develop and maintain the plans, reports, and records discussed in the proposed guidance. Commenters also are requested to specify whether the described capital and methodological standards would necessitate the acquisition or development or new compliance/information systems or the significant modification of existing compliance/information systems.

    The Agencies also invite comment on:

    (1) Whether the collections of information contained in the proposed guidance are necessary for the proper performance of each agency's functions, including whether the information has practical utility;

    (2) What would be an accurate estimate of the burden of the proposed information collections;

    (3) Ways to enhance the quality, utility, and clarity of the information to be collected;

    (4) Ways to minimize the burden of the information collections on respondents, including the use of automated collection techniques or other forms of information technology; and

    (5) Estimates of capital or start-up costs and costs of operation, maintenance, and purchases of services to provide information.

    Respondents/recordkeepers are not required to respond to any collection of information unless it displays a currently valid Office of Management and Budget (OMB) control number.

    [[Page 62751]]

    The Agencies have issued the proposed retail IRB guidance to seek public input on the content of the guidance and information collection methods used in the guidance. The Agencies have made no determination regarding the information to be collected, if any. When the Agencies have developed a firm proposal, they will follow the standard process to seek public comment on the information collection and to obtain OMB approval.

    The Agencies will use any comments received to evaluate the burden attendant to the approach set forth in the proposed retail IRB guidance. Comments on the collections of information should be sent to:

    OCC: John Ference or Camille Dixon, OCC Clearance Officer, Office of the Comptroller of the Currency, 250 E Street, SW., Mail Stop 8-4, Attention: 1557-IRBG, Washington, DC 20219. Comments also may be sent by electronic mail to

    Board: Cindy Ayouch, Federal Reserve Board Clearance Officer, (202) 452-3829, Division of Research and Statistics, Board of Governors of the Federal Reserve System, 20th and C Streets, NW., Mail Stop 41, Washington, DC 20551. Comments also may be sent by electronic mail to

    FDIC: Leneta Gregorie, Counsel, (202) 898-3907, Legal Division, Federal Deposit Insurance Corporation, 550 17th Street, NW., Washington, DC 20429. Comments also may be sent by electronic mail to

    OTS: Marilyn K. Burton, OTS Clearance Officer, (202) 906-6467, Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552. Comments also may be sent by electronic mail to

    The text of the proposed IRB retail guidance document follows:

    Proposed Supervisory Guidance on Internal Ratings-Based Systems for Retail Credit Risk

    Table of Contents

    1. Introduction

      1. Background B. Scope of Retail Guidance C. Definition of Retail Exposures D. Quantifying Retail Exposure Credit Risk E. Supervisory Expectations

    2. Retail Risk Segmentation Systems for IRB

      1. Overview B. Criteria for Retail Segmentation C. Retail Risk Segmentation Architecture

  5. Migration of Exposures Between Retail Segments

  6. Frequency of Changes to the Segmentation System

  7. Segmentation and the Recognition of the Risk Mitigation Benefits of Guarantees and Insurance D. Validation Process

  8. Segmentation Systems' Developmental Evidence

  9. Ongoing Monitoring

  10. Back-testing of the Segmentation System

    1. Quantification of IRB Systems

    1. Introduction

  11. The Four Stages of the Quantification Process

  12. Integration of the Four Stages

  13. General Standards for Sound IRB Quantification B. Quantification of the IRB Risk Parameters

  14. Quantification of Probability of Default (PD)

    1. Data

    2. Estimation

  15. Seasoning

    1. Mapping

    2. Application

  16. Quantification of Loss Given Default (LGD)

    1. Data

    2. Estimation

    3. Mapping

    4. Application

  17. Quantification of Exposure at Default (EAD)

    1. Introduction

    2. Data

    3. Estimation d.Mapping e.Application C. Quantification: Special Cases and Applications

  18. Small Business Exposures

  19. Retail Leases

  20. Purchased Retail Receivables

  21. Loan Sales

  22. Securitization and Undrawn Balances

  23. Multiple Legal Entities

  24. QRE Treatment Qualification

  25. Stress Testing D. Validation

  26. Introduction

  27. Developmental Evidence

  28. Ongoing Process Verification and Benchmarking

  29. Back-Testing

    1. Data Maintenance

    1. Overview B. General Data Requirements

  30. Standards for Refreshed Data

  31. Loan Sales

  32. Validation and Refinement

  33. Data Standards for Outsourced Activities

  34. Calculating Capital Ratios and Reporting to the Public C. Managing Data Quality and Integrity

  35. Documentation and Definitions

  36. Data Access and Scalability

  37. Data Gaps

    1. Control and Oversight Mechanisms

      1. Overview B. Controls Over Lending Activities C. Accountability D. Independent Review of Retail IRB Processes E. Transparency F. Use of Risk Estimates G. Internal and External Audit H. Corporate Oversight

      Appendix A: Process Analysis Examples

      Appendix B: Technical Examples

      List of Acronyms

    2. Introduction

      1. Background

  38. This document provides supervisory guidance for banks, thrifts, and bank holding companies that adopt the advanced internal-ratings- based (``IRB'') approach for determining regulatory risk-based capital requirements for retail exposures (``banks'').\4\ As described in the preamble to the Federal Register publication of this guidance, this document reflects the current views of the Federal banking agencies (``agencies'') and is subject to change based on comments submitted by the banking industry and other interested parties, further analysis by the agencies, results of the fourth quantitative impact study, and technological advances in the risk measurement and management disciplines. This retail guidance includes some supervisory standards that ultimately may become part of the minimum IRB qualifying requirements that would be proposed as part of the notice of proposed rulemaking (``NPR'') that the agencies intend to issue for public comment in 2005 to comprehensively implement the IRB approach. It was necessary to include these standards in this proposed guidance document in order to provide banks with coherent and comprehensive guidance as to the current views of the agencies on the elements of a retail IRB risk management infrastructure.

    \4\ Throughout this guidance, the term ``banks'' generally refers to banks, thrifts, and bank holding companies adopting the IRB approach.

  39. A central objective of the IRB framework is to enhance the risk sensitivity of the minimum regulatory capital requirements. Under the retail IRB approach, banks assign risk parameters to pools of exposures with similar risk characteristics, that is, to risk segments, rather than to individual exposures (as in the corporate portfolio). These parameters are then used for the determination of minimum regulatory capital. Supervisors will rely on banks, subject to minimum standards, to use internal risk management systems to differentiate segments of retail exposures by the credit risk they pose and to quantify the risk parameters for each segment. Adequate data to support accurate and reliable credit risk measurements, as well as rigorous management oversight and controls, including continual monitoring and

    [[Page 62752]]

    validation, are crucial to the prudent application of the IRB capital framework.

  40. This guidance, which is written for supervisors and banks, describes the components and characteristics of an IRB credit risk measurement and management framework for retail exposures. The guidance explains how to measure the risk of retail exposures, maintain data on them, segment them, and quantify each segment's risk. The guidance should help foster accountability, transparency, and oversight and control mechanisms in the IRB capital framework.

  41. With these goals in mind, this guidance sets forth retail supervisory standards for an IRB credit risk system. These standards are highlighted in bold and designated by the prefix ``RS.'' To enable banks to implement the framework flexibly whenever possible, these regulatory standards typically take the form of general principles rather than specific requirements. However, when the need for uniformity outweighs the benefits of flexibility (often for reasons of prudence), the guidance provides more detailed and specific expectations. Banks would be expected to have credit risk management practices that are consistent with the substance and spirit of the standards in this guidance. Furthermore, nothing in this guidance should be interpreted as weakening, modifying, or superseding the safety and soundness principles articulated in the existing statutes, regulations, or guidance of the agencies.

  42. In general, this IRB retail guidance neither dictates the precise manner by which banks should seek to meet the supervisory standards nor provides comprehensive technical guidance on how to meet the standards. This document assumes that readers are familiar with the proposed IRB approach for the calculation of minimum regulatory capital requirements in the International Convergence of Capital Measurement and Capital Standards, published by the Basel Committee on Banking Supervision in June 2004 (``Basel II'').

  43. Under the retail IRB approach, banks first segment retail exposures and then quantify the risk of each segment by estimating each segment's probability of default (PD), loss given default (LGD), and exposure at default (EAD). Consistent with many retail lenders' internal risk management practices, a bank may also choose to indirectly obtain an estimate of PD by first obtaining estimates of average dollar loss rates and loss severity. These quantitative estimates of risk must be consistent with those used for internal risk management purposes.

    1. Scope of Retail Guidance

  44. For the purposes of this guidance, the terms ``retail exposure'' and ``retail loan'' are intended to include retail leases as well as loans.

  45. When the terms ``models'' and ``models-based'' are used in this guidance, they refer to banks'' use of various types of statistical modeling techniques solely for the purpose of estimating the risk parameters PD, LGD, and EAD for IRB retail segments.

  46. The agencies expect that this guidance and the standards set forth below would apply to most retail exposures of banks. Although banks can designate some retail exposures as nonmaterial and, thus, not subject to the retail IRB approach, the aggregate amount of these nonmaterial retail exposures must be small as a percentage of the bank's total retail exposures, and the aggregate amount of credit risk in the nonmaterial retail portfolios must be a small percentage of the bank's total amount of retail exposure credit risk. A bank must maintain adequate documentation to support its nonmaterial determinations. Subject to supervisory review, banks will determine minimum capital requirements for a nonmaterial retail portfolio according to the risk-based capital standards for non-IRB banks.

  47. Some banking organizations have retail portfolios that are centrally managed, even though the exposures are held by multiple legal entities. Certain activities, including segmentation and quantification, can be conducted across multiple legal entities within the United States, subject to limitations discussed in chapter III and chapter V. However, each legal entity subject to IRB capital requirements must document its minimum regulatory capital requirements on a standalone basis and hold its own separate minimum regulatory capital in proportion to the risk exposure of its portfolios. Specifically, the PD, LGD, and EAD estimates used to determine minimum regulatory capital levels must be applied to exposures at the segment level, and capital requirements for each relevant legal entity should be based on the proportionate share of each segment owned by such legal entity. Furthermore, the board of directors of each such legal entity must ensure that capital calculations accurately reflect the risk profile of their individual banks.

  48. While the general principles of retail segmentation, quantification, and data maintenance will apply to all portfolios, special issues may arise in the case of portfolios outside the United States. Cross-border issues for retail and other portfolios will be addressed in future documents.

    1. Definition of Retail Exposures

  49. An exposure is a retail exposure for IRB purposes if both of the following conditions are met:

    The exposure is managed as part of a pool of similar exposures rather than as an individual exposure; and

    With the exception of small business loans (see below), the obligor is an individual.

  50. Within this general definition, there are three retail risk categories, each with specific qualifying criteria:

    Residential mortgage loans secured by one- to four-family residential properties. Includes first and subsequent liens, term loans, lines of credit, and legally binding commitments to lend. This includes business loans if the loans are primarily secured by one- to four-family residential properties. No limit on the size of the exposure.

    Qualifying revolving exposures (QREs) whose outstanding amount fluctuates, determined largely by the borrower's decisions to borrow and repay, up to a pre-established limit. Must be revolving, unsecured, and unconditionally cancelable by the bank; maximum exposure, $100,000. Includes most credit cards to individuals (but not those issued on behalf of a business) and overdraft lines on individual checking accounts. Also included are overdraft protection programs, commonly referred to bounced-check protection programs, that advise customers of an amount up to which overdrafts may be paid.\5\ To qualify for QRE status, a sub-portfolio must display low volatility of loss rates relative to its average level of loss rates.

    \5\ This sentence is intended to capture bounced-check protection programs and reflects the reporting and capital standards proposed in the draft Interagency Guidance on Overdraft Protection Programs that was published for comment in the Federal Register on June 7, 2004 (69 FR 31858). However, it should be noted that once the Interagency Guidance on Overdraft Protection Programs is finalized, this draft guidance may be amended to reflect changes in that guidance.

    Other retail--general and small business. ``General'' applies to all retail exposures to individuals that do not fall into either of the two previous categories or into the ``small business'' category described immediately below. No limit on size of exposure. ``Small business'' applies to small loans of any kind to individuals or companies for business purposes. However, if a small business loan is primarily secured by 1-4 family residential property, it should

    [[Page 62753]]

    be included in the residential mortgage category above. For small business loans, total exposure to a single borrower is limited to $1 million, on a fully consolidated basis, although supervisors may allow amounts slightly above the limit.

  51. Private banking exposures must meet the requirements stated above, including the requirement that they must be managed as part of a pool of similar exposures, to be considered under retail IRB. Otherwise, they would fall under corporate IRB.

  52. Each of the three retail risk categories has a separate risk- weight function. These functions differ from one another only by the supervisor-specified asset value correlation. The unexpected loss capital requirement (K) per dollar of EAD for each retail segment of non-defaulted assets is calculated using the following general formula:


    where N is the cumulative standard normal distribution, N-\1\ is the inverse cumulative standard normal distribution, R is the asset value correlation, and 0.999 is the ``solvency standard'' chosen by the supervisors.\6\ For residential mortgages, R is specified as 0.15, for qualifying revolving exposures, R is specified as 0.04, and for other retail exposures, R varies between 0.03 and 0.16, based on the following formula:

    \6\ That is, minimum regulatory capital for covering unexpected losses, K, is set to equal the estimated level of unexpected losses corresponding to the 99.9th percentile of the loss distribution for the bank's credit portfolios.


  53. Minimum capital requirements for defaulted retail exposures are determined separately. See chapter III for a detailed discussion.

  54. Risk-weighted assets (RWA) for each segment are calculated as 12.5 x K x EAD.

  55. The expected dollar loss on a segment (EL) is defined as PD x LGD x EAD. The overall level of expected losses in the retail and certain other portfolios is used in the calculation of a regulatory capital adjustment.

    1. Quantifying Retail Exposure Credit Risk

  56. There are two distinct phases in the process of determining the minimum regulatory capital requirements for the credit risk of retail exposures. In the first phase, credit risk segmentation, a bank assigns every individual retail exposure to a segment or pool with homogeneous risk characteristics. These characteristics, often referred to as ``primary risk drivers'' (such as loan-to-value ratios and credit scores), are reliable predictors of loan performance over time that allow banks to effectively sort exposures into homogeneous segments. To segment risk in this way, bankers must have a thorough understanding of how a retail exposure's risk drivers affect the risk parameters (PD, LGD, and EAD).

  57. In the second phase, quantification, a bank statistically estimates the three risk parameters, PD, LGD, and EAD, for each retail segment. Historical data are used to create ``reference segments'' whose subsequent credit performance has been observed and included in the data set. The central assumption of this phase is that the estimated relationship between the particular set of risk drivers and the credit performance of the reference segments will hold for the segments that make up the existing portfolio. Once the risk parameters are quantified for existing retail exposure segments, the bank then calculates the minimum regulatory capital requirements based on the appropriate IRB formulas.

  58. Each phase has its own validation challenges. In phase one, the bank must determine whether the assignment of retail exposures to segments effectively separates exposures by characteristics that remain significant drivers of risk over time. In phase two, the bank must determine whether the risk parameter estimates are accurate and representative of the risk in the existing portfolio.

  59. A robust and detailed data maintenance system should support implementation of the IRB segmentation and quantification process as well as their dynamic development. Management oversight and control mechanisms over the entire IRB retail credit risk system (including segmentation, quantification, and supporting data maintenance) should ensure conservative, verifiable, and accurate estimates of the segment- level credit risk parameters.

  60. In summary, IRB banks will be expected to construct and maintain a retail credit system comprising four interdependent components corresponding to the four chapters of this guidance. The four chapters are organized as follows: chapter II, ``Segmentation''; chapter III, ``Quantification''; chapter IV, ``Data Maintenance''; and chapter V, ``Control and Oversight Mechanisms.''

    1. Supervisory Expectations

  61. Taken together, segmentation, quantification, data maintenance, and control and oversight mechanisms provide a framework for defining and improving evaluation of retail credit risk and determining minimum regulatory capital. Supervisors expect that banks will continue to refine their credit risk systems using regular reviews and updates.

  62. All aspects of the risk segmentation system and the quantification processes must be subject to thorough, independent, and well-documented validation. Banks should use a variety of validation approaches; no single approach can conclusively validate the risk segmentation and quantification methods. Three broad types of useful tools include evaluating the developmental evidence or logic of the system; ongoing monitoring of system implementation and reasonableness (verification and benchmarking); and comparing realized outcomes with predictions (back-testing).

  63. A rigorous framework of control and oversight mechanisms must govern the entire IRB implementation. The framework must be characterized by independence, transparency, and accountability; must ensure that the IRB implementation standards discussed in this guidance are met; and must ensure that related bank policies are followed. The control and oversight mechanisms must also include independent technical validation of all quantitative aspects of the risk segmentation and quantification systems.

  64. For IRB systems to work successfully, they need the active

    [[Page 62754]]

    support and oversight of the board of directors and senior management to ensure that the various components fit together seamlessly and that incentives are in place to extend the system rigorously across business line, risk management, and other control groups.

  65. The proposed regulatory minimum capital requirements are predicated on a bank's internal systems being sufficiently advanced to allow a full and accurate assessment of its risk exposure. The IRB framework demands more rigorous validation work and controls than supervisors have required in the past. When properly implemented, the new framework will better align minimum capital requirements with risk.

  66. Supervisors will evaluate compliance with the four components of a retail IRB system and how well the various components of a bank's retail IRB system complement and reinforce one another to achieve the overall objective of accurately determining minimum required regulatory capital for retail exposures. In performing their evaluation, supervisors will exercise considerable supervisory judgment in evaluating both the individual components and the overall IRB framework.

    1. Retail Risk Segmentation Systems for IRB

    1. Overview

  67. This chapter describes the design and operation of a qualifying retail risk segmentation system. IRB retail risk segments are pools of exposures within the three retail risk categories that contain exposures with similar risk characteristics.

  68. The retail IRB framework is intended to provide banks with substantial flexibility to use the retail portfolio segmentation they believe is most appropriate for their activities, subject to the following broad standards:

    The goal of segmentation is to provide meaningful differentiation of risk, with each pool composed of exposures with homogeneous risk characteristics Accordingly, in developing the risk segmentation system, banks should consider the chosen risk drivers' ability to separate risk consistently over time and the overall robustness of the bank's approach to segmentation.

    Segmentation must use relevant borrower risk characteristics (such as credit score, delinquency, or debt-to-income ratio) and loan-related risk characteristics (such as loan-to-value or product type) that reliably differentiate a segment's risk from that of other segments and that perform consistently over time.

    Risk drivers for segmentation should be consistent with the predominant risk characteristics used by the bank for internal credit risk measurement and management.

    The segmentation system should generate pools that separate exposures by realized performance. It should be designed so that actual long-run outcomes closely approximate the retail IRB risk parameters estimated by the bank.

    In general, segments should not cross national jurisdictions.

    IRB banks must have ongoing validation processes for risk segmentation systems that include the evaluation of developmental evidence or logic of the system, ongoing monitoring, and back-testing. Validation for the risk segmentation system is ultimately tied to validation of the bank's quantification of IRB risk parameters. This aspect of validation is discussed in chapter III.

  69. The IRB retail risk parameter estimates that determine minimum required capital are assigned at the segment level.

    1. Criteria for Retail Segmentation

    RS-1: Banks must segment exposures into pools with homogeneous risk characteristics. Banks must separately segment exposures in each distinct product line within each of the three retail risk categories (mortgage, QRE, and other).

  70. Examples of acceptable approaches to segmentation include:

    Banks may segment exposures by common risk drivers that are deemed relevant and material in determining the loss characteristics of a particular retail product. For example, a bank may segment mortgage loans by LTV band, age from origination, geography, origination channel, and credit score. Statistical modeling, expert judgment, or some combination of the two may determine the most relevant risk drivers.

    Alternatively, banks could segment by grouping loans with similar loss characteristics, such as similar average loss rates or similar PDs. (Those loss parameters would be estimated in accordance with the techniques outlined in chapter III.)

  71. While banks have considerable flexibility in determining IRB retail risk segments, they should consider factors affecting both borrower risk characteristics (such as credit score) and loan-related risk characteristics (such as LTV) when determining segmentation criteria.

  72. Each retail risk segment will typically be associated with a separate PD, LGD, and EAD. In some cases, it may be reasonable to use the same LGD estimate for multiple segments. In such cases, the bank must demonstrate that there are no material differences in LGD among those segments. Over time, supervisors expect banks to develop more precise data and methodologies for determining LGDs.

  73. There may be situations in which data for certain retail loans are missing or incomplete, such as data for purchased loans or loans originated as policy exceptions. The overall segmentation system should adequately consider the risk associated with these loans based on data availability. In some cases, missing or incomplete data by itself may be a significant risk factor for segmentation purposes.

    RS-2: Defaulted assets must be segmented on the basis of risk characteristics predictive of loss and recovery rates.

  74. The IRB capital calculation for defaulted assets requires banks to provide a ``best estimate'' of the losses on these loans. (See chapter III for details.) Since, by definition, defaulted assets have PDs equal to 1, these best estimates of losses will depend solely on banks' estimates of losses given current conditions. To produce these best estimates, banks must segment defaulted assets separately from non-defaulted assets, and base the segmentation on those characteristics that are most predictive of current loss and recovery rates. This segmentation should provide meaningful differentiation so that individual loans within each defaulted segment do not have material differences in their expected loss severity.

    RS-3: A retail IRB risk segmentation system must produce segments within each retail risk category that adequately differentiate risk and produce reliable estimates of the IRB risk parameters.

  75. A bank must support the degree of granularity in its segmentation system and the distribution of exposures across segments. Granularity refers to how finely the portfolio is segmented into differentiated risk pools.

  76. Banks have considerable flexibility in determining the granularity of their risk segmentation. Each bank must perform its own internal analysis to determine the appropriate degree of granularity in order to achieve the goal of producing homogeneous risk segments. For example, a bank using credit score ranges to segment its portfolio must provide the rationale for the ranges chosen.

    [[Page 62755]]

  77. A concentration of exposures in a segment (or segments) does not, by itself, reflect a deficiency in the segmentation system. For example, a bank may lend within a narrow risk band and, therefore, have a smaller number of risk segments than a bank that lends across a wider range of risk bands. However, a bank with a high concentration of exposures in a particular risk segment will be expected to document that the bank's segmentation criteria are carefully delineated and well documented. The bank should be able to demonstrate that there is little risk differentiation among the exposures within the segment, and that the segmentation method produces reliable estimates of IRB risk parameters.

    RS-4: Banks must clearly define and document the criteria for assigning an exposure to a particular retail risk segment. The risk factors used for IRB risk segmentation purposes must be consistent with internal methods of assessing credit risk for retail exposures.

  78. The method of risk segmentation will help determine the risk parameters as well as which techniques should be used for validation and which control mechanisms will best ensure the integrity of the risk segmentation system. To assist the discussion of segmentation requirements, described below are some alternative techniques for determining appropriate segmentation.

    Banks may incorporate results of statistical underwriting models or scoring models directly into their risk segmentation process. For example, a bank may use a custom or bureau credit score as a segmenting criterion. In that case, the bank must validate the choice of the score, as well as demonstrate that its credit scoring system has adequate controls.

    Banks may incorporate the variables from a statistical model into their risk segmentation processes. For example, a bank that uses a statistical model to predict losses for its mortgage portfolio could select some or all of the major inputs to that model, such as debt-to-income and LTV, as segmentation criteria. As part of its validation and controls for the IRB segmentation system, the bank must provide an appropriate rationale and empirical evidence for its choice of the particular set of risk drivers from the loss prediction model.

    Banks may combine expert judgment with statistical analysis in determining appropriate segmentation criteria. However, expert judgment of this type must be well documented and supported by empirical evidence demonstrating that the chosen risk factors are reliable predictors of risk.

  79. A bank must be able to demonstrate a strong relationship between IRB risk drivers and comparable measures used for credit risk management. Specifically, a bank should demonstrate that the IRB segmentation system differentiates credit risk across the portfolio and captures changes in the level and direction of credit risk that are similar to measures used in credit risk management. For example, even if a bank uses custom scores for underwriting or account management, generic bureau scores may be used for IRB segmentation purposes if the bank can demonstrate a strong correlation between these measures.

    1. Retail Risk Segmentation Architecture

    Migration of Exposures Between Retail Segments

    RS-5: Banks must develop and document their policies to ensure that risk driver information is sufficiently accurate and timely to track changes in underlying credit quality and to migrate exposures between segments.

  80. Under the IRB framework, a bank initially assigns retail exposures to segments based on the information about their risk drivers available at the time of origination or acquisition. The bank must then continue to monitor the risk characteristics of the exposures and migrate exposures to new segments, as necessary, based on refreshed information gathered by the bank as part of its monitoring process.

  81. Banks must choose risk drivers that accurately reflect the risk of an exposure. Risk drivers selected should be consistent with risk measures used for credit risk management.

  82. In accordance with industry practices in retail credit risk management, a bank must have a well-documented policy on monitoring and updating information on exposure risk characteristics and on migrating exposures between segments. The policy should specify the risk characteristics to be updated and the frequency of updates for each product type or sub-portfolio within its retail portfolio. Updating of relevant information on these risk drivers must be consistent with sound risk management.

  83. Decisions regarding frequency of obtaining refreshed information should reflect the specific risk characteristics of individual segments and/or the materiality of the potential impact on capital. The frequency of updates and of migration will generally differ for different risk drivers and for different products. The underlying principle is that, in every period, retail exposures are assigned to segments that accurately reflect their risk profile and produce accurate IRB risk parameters.

  84. Banks are expected to assess their approach to updating information and migrating exposures as part of the validation of the segmentation process. Frequency of Changes to the Segmentation System

    RS-6: Banks must review their segmentation system at least annually and have clear policies to define the criteria for modifying the system.

  85. Banks must review their segmentation system to ensure that it maintains adequate risk separation. Changes in the segmentation system should be documented and supported to ensure consistency and obtain historically comparable measurements. Segmentation and the Recognition of the Risk Mitigation Benefits of Guarantees and Insurance

    RS-7: Banks that design their risk segmentation systems to realize the benefits of guarantees or other risk mitigants must be able to support their approach.

  86. Retail exposures may have guarantees or insurance, such as private mortgage insurance (PMI) and government guarantees for residential mortgages. (See chapter III for a more detailed discussion of PMI.) A bank's risk segmentation system may reflect such guarantees, as may its risk parameter estimates. For example, loans with similar risk characteristics, including the same type of guarantee, could be pooled together.

    1. Validation Process

    RS-8: Banks must validate that their retail IRB risk segmentation process separates exposures into segments with homogeneous risk characteristics that generate reliable long-run estimates of the IRB risk parameters.

  87. Banks must ensure that the actual performance of their segments is consistent with the expectations underlying the assignment of exposures to segments as set forth in their documentation. Over time, performance data should validate the manner in which the bank differentiated the portfolio by segment, and the actual loss characteristics of each segment should be consistent with its estimated IRB risk parameters.

    RS-9: The ongoing validation process must include the review of

    [[Page 62756]]

    developmental evidence, ongoing monitoring, and back-testing.

  88. The ongoing process to confirm and ensure the performance of the segmentation system consists of:

    The evaluation of developmental evidence;

    Ongoing monitoring of system implementation and reasonableness; and

    Back-testing (comparing actual to predicted outcomes).

  89. IRB banks are expected to employ all of the components of this process. However, back-testing of segmentation may be difficult if a bank's process for modeling risks is evolving significantly. Therefore, banks may at times need to rely more heavily on developmental evidence and quality control tests to assure themselves and other interested parties that their segmentation systems are sufficiently accurate. Segmentation Systems' Developmental Evidence

  90. Developmental evidence helps determine whether the segmentation system can be expected to differentiate effectively between pools of exposures by the credit risk they pose. To evaluate developmental evidence, experts make a reasonable assessment of the quality of the segmentation system by analyzing its design and construction.

    For example, developmental evidence in support of statistical techniques used in the segmentation process, such as scoring models or underwriting models, must include documentation and discussion of their logical foundations and an analysis of the statistical model-building techniques.

    The developmental evidence will be more persuasive when it includes empirical evidence of how well the segmentation system has differentiated pools of exposures in the past, including evidence that it worked effectively outside the development sample.

    Empirical developmental evidence of a segmentation system would also include evidence of how the system compares with other systems. These other systems could include other internal segmentation systems as well as external systems whose performance can be charted against industry benchmarks. Ongoing Monitoring

  91. The second source of analytical support for the validity of a bank's risk segmentation system is the ongoing analysis to confirm that the system continues to group loans into pools with similar loss characteristics. The bank must develop a monitoring process to evaluate its system's ability to segment by risk and to apply this process consistently over time. The bank must document its approach to monitoring and the results of this analysis. The bank must also generate reports to senior management on the functioning of the segmentation system.

  92. Specific verification activities will depend on the segmentation approach. For retail lending, statistical models will be an important part of the segmentation process, and the bank must verify that the data used by these models are accurate and complete. Back-Testing of the Segmentation System

    RS-10: Banks must establish internal tolerance limits for differences between expected and realized outcomes that require appropriate managerial review.

  93. Back-testing is comparing realized outcomes with each segment's expected performance. For retail IRB systems, back-testing is a means of assessing whether the bank's method of segmentation and its techniques for estimating IRB risk parameters combined to work effectively. Accordingly, back-testing is a conceptual bridge between the segmentation system discussed in this chapter and the quantification of the IRB risk parameters discussed in chapter III. Because these two processes are so closely linked, a more complete discussion of back-testing is deferred until chapter III.

    1. Quantification of IRB Systems

    1. Introduction

  94. The IRB framework requires banks to assign to each segment of the retail portfolio specific numerical values for each of the three risk parameters: probability of default (PD), loss given default (LGD), and exposure at default (EAD).\7\ Under the IRB framework, these numerical values are inserted into the appropriate formula (set forth in the introduction) to determine the minimum required regulatory capital for each segment.

    \7\ A note on units of measurement: PD and LGD are measured as rates (percentages or decimals). EAD is a dollar amount, representing estimated exposure at default. Therefore PD x LGD x EAD will represent the dollar amount of expected losses (EL).

  95. Quantification is the process by which these numerical values for each retail segment are determined. The risk parameters must be estimated in a manner consistent with sound risk management practice, quantitative techniques, and supervisory standards. In addition, a bank must ensure that these estimates remain valid over time. Since quantification occurs at the segment level, it is founded on the retail risk segmentation system presented in chapter II.

  96. Conceptually, the quantification process can be broken into four stages: obtaining historical reference data; using the historical reference data to estimate relationships between the risk characteristics of the borrowers and loans on the one hand and observed outcomes (such as default rate, loss severity rate, or tendency to make additional draws on credit card lines prior to default) on the other; mapping the correspondence between the reference data and the existing portfolio's data; and applying the relationship between reference data and parameters to the portfolio's data in order to generate IRB risk parameters for the bank's existing retail segments.

  97. In addition, the estimated values of the risk parameters (PD, LGD, and EAD) must be independently and thoroughly validated and the results reported to senior management.

  98. The chapter is organized as follows: Section A, ``Introduction,'' establishes the organizing framework for IRB quantification and develops general standards that apply to the entire process. Section B, ``Quantification of the IRB Risk Parameters,'' covers specific supervisory standards that apply to the quantification of the three risk parameters, PD, LGD, and EAD. Section C, ``Quantification: Special Cases and Applications,'' addresses a variety of special cases and applications of the retail quantification standards and procedures (for example, small business exposures, loan purchases, purchased retail receivables, and retail leases). Section D, ``Validation,'' discusses how a bank should validate the segmentation and quantification processes.

  99. A number of general examples are given in the text of this chapter to aid exposition and interpretation. Some relevant implementation examples covering the four stages of the full quantification process are presented in ``Appendix A: Process Analysis Examples.'' The guidance concludes with a number of examples of technical issues specific to retail quantification in ``Appendix B: Technical Examples.'' The Four Stages of the Quantification Process

  100. Stage one--obtaining reference data. The bank assembles historical data that are used to estimate the retail IRB risk parameters. The reference data must closely resemble the bank's existing portfolio. Banks must use the best historical data available for quantifying

    [[Page 62757]]

    the retail IRB risk parameters. Over time, IRB banks will be expected to rely primarily on internal data for most of their retail portfolios, but supplemental external data may also be used when necessary. Banks may use more than one reference data set to improve the robustness or precision of the parameters. Reference data sets should include data on product type, borrower characteristics, and loan payment performance. Reference data for PD quantification includes some loans that later defaulted. Reference data sets for LGD and EAD quantification will consist solely of defaulted loans and the resulting recovery streams from internal historical data.

  101. Important considerations in the choice and construction of a reference data set include:

    Comparability of the reference data to the existing credit portfolio, including consistency of risk segmentation criteria, underwriting standards, and definitions of default and loss.

    The appropriate inclusion of periods of portfolio stress.

  102. The reference data set should also include the following:

    External factors relevant to the reference data that might affect the parameter estimates should be recorded, for example, the geographic concentration, the economic environment, and industry trends during the time period of the reference data.

    All borrower and loan characteristics that are used to estimate risk parameters must be included, as well as all variables necessary to redevelop and validate the estimation approach.

    The definition of default and methods of measuring loss that were in use at the time must be in the reference data set. The data must include collection costs, gain or loss on sale of collateral, date of default, etc.

  103. When it is not possible to use consistent segmentation criteria for both the reference and existing portfolio, reasonably close proxy characteristics must be found.

  104. Stage two--estimation. The bank applies analytical or statistical methods to the reference data to estimate a relationship between the borrower and loan risk characteristics embodied in the reference data and the outcomes of interest (defaults, loss severity, additional draws on unused lines prior to default). In other words, the bank uses empirical techniques to estimate the segment values of the risk parameters, PD, LGD, and EAD, as a function of the borrower and loan risk characteristics of the counterpart segment in the reference data. The risk parameter estimates may rely on relatively simple analysis of default rate or loss rate statistics from the reference data, or they may be a result of regression or other statistical estimation and classification techniques. This step may include adjustments for seasoning effects. A bank may use more than one technique to generate risk parameter estimates from the reference data if doing so improves robustness and accuracy of the estimates. If multiple estimates are generated, the bank must have a clear and consistent policy on reconciling the different estimates.

  105. Stage three--mapping. The bank establishes a close correspondence between the portfolio data and the reference data. The risk segmentation criteria for the reference data set should match closely the criteria for the existing portfolio. In addition, if any other characteristics of the reference data and the existing portfolio are used to estimate the risk parameters, they should correspond closely in both data sets. For many retail portfolios, mapping will be a relatively mechanical process for banks using quantitative criteria to segment and model risk. If the quantitative characteristics are equally valid and provide comparable measures, mapping will simply mean applying these characteristics to the existing portfolio. In some cases, mapping may be more challenging. For example, if a bank undertakes a major new effort to expand its offering of products on the Internet, and the bank has little internal data on exposures offered this way, the bank may need to augment its reference data with external data.

  106. Stage four--application. The bank applies the relationship estimated for the reference data to the actual portfolio data. The ultimate aim of quantification is to generate the risk parameter estimates for each segment of retail exposures within the existing portfolio. In the application stage, the bank often simply applies the risk parameter estimates calculated for each segment of retail exposures in the reference data to the corresponding segment in the existing portfolio. If the bank incorporates multiple data sets or estimation methods for the risk parameters, or if the mapping stage required adjustment to ensure a close match of the reference data and the existing portfolio data, the application stage could be more complex. Integration of the Four Stages

  107. While the four-stage quantification described above is a useful conceptual approach, banks may satisfy supervisory standards without explicitly dividing the quantification process into four stages. In particular, the mapping and application stages may be fairly mechanical applications of the quantitative risk segmentation criteria to the existing portfolio. An example of a seamless approach to the four stages of quantification is provided in example 1 of appendix A.

  108. In general, the mapping and application stages will represent relatively straightforward processes when:

    The bank relies on quantitative segmentation criteria (for example, credit score, LTV, debt-to-income ratio), and these criteria represent relatively stable risk drivers over time. For example, if a bank uses a custom credit score, the score values must represent similar risk over the relevant time period.

    There are no major new product offerings, or changes in underwriting standards or other policies that require alternative risk segmentation criteria.

  109. The complexity of the mapping and application stages will depend on the availability of data and the consistency over time of factors such as product offerings and underwriting standards. For some banks or product types, it will be necessary to work through all four stages for one or more risk parameters. In those cases, a bank should use most or all of the detail, complexities, and contingencies concerning the mapping and application stages spelled out in the remainder of this chapter.

  110. Finally, while the four stages of quantification can sometimes be streamlined (because a bank's data history is extensive, for example), validation should not be streamlined. Even when a bank is able to take a straightforward approach, it must use the full validation process as prescribed in the last section of this chapter. General Standards for Sound IRB Quantification

  111. Several core standards apply to all elements of the overall IRB retail quantification process; these general standards are discussed in this section. Other supervisory standards, specific to particular risk parameters, are discussed in the subsequent sections. When evaluating retail IRB quantification, supervisors will consider all of these standards, both general and specific. Particular practical approaches to retail quantification may be highly consistent with some standards and less so with others. In any particular case, an ultimate assessment relies on the judgment of supervisors to weigh the

    [[Page 62758]]

    strengths and weaknesses of a bank's chosen approach, using these supervisory standards as a guide.

    RS-11: Banks must have a fully specified process covering all aspects of retail quantification. The quantification process must be fully documented and updated periodically.

  112. A fully specified quantification process must describe how all four stages (data, estimation, mapping, and application) are implemented for each risk parameter. The quantification process should be periodically reviewed and updated to ensure that it incorporates new data, analytical techniques, and evolving industry practice.

  113. Documentation promotes consistency and allows third parties to review and replicate the entire process. Examples of third parties that might make use of the documentation include internal reviewers of the quantification model and risk segmentation system, internal validation teams within an independent function, and bank supervisors.

  114. Major decisions in the design and implementation of the quantification process should be justified and fully documented. A bank should have a well-defined policy for reviewing and updating the segmentation and quantification design. Particular attention should be given to new business lines or portfolios in which the distribution of retail exposures among segments is believed to have changed substantially. A material merger, the acquisition or sale of loans, and substantial account attrition or growth clearly raise questions about the continued applicability of the process and should trigger a review and possible updating.

  115. At a minimum, the risk parameter estimates must be updated at least quarterly and more frequently if deemed necessary for accurate credit risk management. New data should be incorporated into the risk parameter estimates using a well-defined process to correctly merge data sets over time. The frequency of updates and the process for doing so must be justified and documented in bank policy.

  116. The bank must ensure that the use of judgment in the design of the quantification system does not produce unduly low risk parameter estimates.

  117. Aspects of the quantification process that are apt to introduce greater uncertainty and potential error include the following:

    Uncertainty when there are substantial changes in the bank's product offerings, target customer base, or underwriting standards;

    Deficiencies or gaps in available data;

    The possibility of model error; and

    Mergers or acquisitions where the MIS for the acquired assets does not match the MIS for existing assets.

  118. The more uncertain the bank's estimates are as a result of any of the causes cited in the previous two paragraphs, the greater should be the margin of conservatism around those estimates, although these margins need not be added at each step.

    RS-12: Quantification must be based upon the best available data for the accurate estimation of IRB risk parameters.

  119. Given the bank-specific basis of assigning retail exposures to segments, over time banks are expected to regard internal data as the primary source of information for estimating IRB risk parameters. However, banks are permitted to use external data for quantification, provided a strong similarity can be demonstrated (1) between the bank's process of assigning exposures to a segment and the process used by the external data source, and (2) between the bank's internal credit risk profile for a given set of risk drivers and that of the external data.

  120. The bank must have a process for vetting potential reference data, whether the data are internal or external. The vetting should assess whether the data are sufficiently accurate, sufficiently complete, and sufficiently representative of the bank's existing exposures. Furthermore, the bank must have adequate data to estimate risk parameters for all loans on the books as if they were held to maturity, even if some loans are likely to be sold or securitized before their long-term credit performance can be observed. (See Section C, RS-27 of this chapter.)

  121. One objective of the IRB framework is to encourage further development of credit risk quantification techniques. Improving the quality, capture, and retention of internal data is an essential prerequisite for such advances.

  122. For new products it is likely that banks will need to supplement internal data with external sources. It may also be possible to accumulate internal data through the testing of new products by offering loans to a limited number of consumers and observing the performance.

  123. In the case of mergers or purchased portfolios, the data for the newly acquired segments may not be compatible with the purchasing bank's MIS. In such cases it may be necessary to gather data on borrower and loan characteristics from a combination of internal and external sources. Historical data on the purchased portfolios, if available from external sources, would allow the incorporation of borrower and loan risk characteristics data into the purchasing bank's internal database. The risk parameters can then be estimated by combining historical data from the purchased portfolio (if available) with internal reference data.

  124. Differences in economic conditions between the reference data's sample period and the present period should be monitored. In addition, the bank needs to consider any changes in trend behavior by consumers or small businesses that might affect the relevance of the historical data to the present period. For example, the bank may need to monitor actual or anticipated changes in consumer behavior due to changes in bankruptcy law or other factors.

  125. A well-defined and documented process should be in place to ensure that the reference data are updated as frequently as needed, as fresh data become available or as portfolio changes make necessary. All data sources, characteristics, and the overall processes governing data collection and maintenance must be fully documented, and that documentation should be readily available for review by supervisors.

    RS-13: The sample period for the reference data must be at least five years and must include periods of portfolio stress.

  126. In general, the bank should use all relevant historical data available, though the bank may weight some periods more heavily if it can demonstrate that the weighted data are likely to produce more accurate risk parameter estimates. Newer reference data, for example, may receive greater weight because of possible changes in bank products, underwriting standards, policies, and strategies. On the other hand, unusual recent circumstances in the bank's internal portfolio composition or in the historical period may make the recent data less applicable than the older data. If the reference data include data from beyond five years (to capture a period of stress or for other valid reasons), the reference data need not cover all of the intervening years.

  127. Example: During the 2001 to 2003 period of highly elevated mortgage prepayments owing to record low interest rates, losses may have been deferred in mortgage portfolios because of readily available refinancing options. Also, losses on foreclosures during this period were limited because housing prices generally increased throughout

    [[Page 62759]]

    the United States despite a recession. A similar (though not as substantial) drop in interest rates occurred in the early 1990s. That recession, however, was characterized by a sharp drop in property values in many parts of the country. In a case like this, where the recent period has been atypical, a bank may choose to weight the older data (perhaps from external sources) more heavily than the recent data.

  128. When a bank does not have sufficient historical data to encompass a period of stress for a particular portfolio, other sources of data covering stressed periods will be required. The bank may be able to select sub-samples of its internal portfolio that experienced stressed periods (for example, particular MSAs or geographic regions); see example 1 of appendix B. The bank may also use external data from industry sources.

    RS-14: Mapping must be based on a robust comparison of available data elements that are common to the existing portfolio and each reference data set.

  129. Sound mapping practice uses all key common elements available in the data. A mapping should be plausible and should be consistent with the risk segmentation system established by the bank. Levels and ranges of key characteristics for each segment of the existing portfolio's retail exposures should approximate the values of similar characteristics for the reference data.

  130. A bank that uses multiple reference data sets should conduct a rigorous mapping process for each data set. (Some common mapping challenges are discussed in example 2, appendix B.)

  131. The use of internal data for reference data purposes does not eliminate the need for a mapping requirement because changes in bank strategy (such as marketing, underwriting standards, or account management practices) or products may alter the risk characteristics or composition of the portfolio over time, even within the same pools of a risk segmentation system.

    RS-15: Mappings must be reviewed regularly and updated as necessary.

  132. Mappings should be reaffirmed regularly for both internal and external reference data, regardless of whether the risk segmentation criteria have undergone explicit changes during the period covered by the reference data set. Changes in borrower risk characteristics, products, and bank policies (for example, target population, underwriting standards, or collection policies) are quite typical in retail lines of business, so it is imperative that banks review all mappings regularly. When significant characteristics have been changed, added, or dropped, a new mapping must be established between the characteristics of the existing portfolio and characteristics of the reference data.

    RS-16: Banks that combine estimates from internal and external data or that use multiple estimation methods must have a clear policy governing the combination process and should examine the sensitivity of the results to alternative combinations.

  133. To improve the accuracy of its estimates, a bank might combine data from multiple sources and may use multiple estimation methods. The manner in which the estimates from multiple data sets or estimation methods are combined is extremely important, since different combinations will produce different parameter estimates for each segment. The bank should investigate parameter estimates' sensitivity to different ways of combining data sets or combining estimation methods. When results are highly sensitive to how data or estimates are combined, the bank should choose among the alternatives conservatively. A bank must document why it selected the combination techniques it did, and these techniques must be subject to appropriate approval and oversight by management.

    RS-17: A bank must have a clear, well-documented policy for addressing the absence of significant data elements in either the reference dataset or the existing portfolio.

  134. Some exposures in the reference data set and the existing portfolio will have missing data elements, some of which are important factors for measuring risk. Banks may segment these exposures separately for estimating the risk parameters. Alternatively, they may use a variety of statistical methods to impute values for the missing data points--provided these points can be sufficiently correlated to known information about the exposure. Expertise is required to judge whether such correlations can be established. Regardless of the approach and level of sophistication, the bank must have a clear and well-documented process describing how it treats missing data elements in the estimation and mapping stages.

    1. Quantification of the IRB Risk Parameters

    RS-18: For estimating the IRB retail risk parameters, qualifying banks must use the IRB definition of default.

  135. For retail exposures, banks must use the following definition of default for IRB: A retail exposure will be considered in default for IRB purposes when any one of the following loss recognition events occurs:

    Loss recognition as embodied in the Federal Financial Institutions Examination Council (FFIEC) Uniform Retail Credit Classification and Account Management Policy. All residential mortgages and revolving credits must be recognized as defaults at 180 days past due, and all other retail loans must be recognized as defaults at 120 days past due.

    A partial or full charge-off is taken against the exposure.

    The exposure is put on non-accrual status.

  136. For retail exposures (as opposed to wholesale exposures), the definition of default is applied to a particular loan rather than to the obligor. That is, default by an obligor on one obligation would not require a bank to treat all other obligations of the same obligor as defaulted.

  137. In the early stages of IRB implementation, a bank's historical reference data might not fully conform to the IRB definition of default. In addition, a bank may change its policies regarding charge- offs or placing loans on non-accrual. In such cases, a bank should make conservative adjustments to reflect such discrepancies. Quantification of Probability of Default (PD)

  138. For a given segment, the PD represents an estimate of the long-run average of one-year default rates. The one-year default rate (or default frequency) is the number of accounts that default at any time within a one-year period divided by the number of accounts open at the beginning of the year. (To figure in the calculation, an account must be open at the beginning of the period.) For unseasoned loans where seasoning effects are material, upward adjustments to the PD estimates will be necessary (as described in paragraphs 109 through 112). Data

  139. A bank must have a comprehensive reference data set that maps to the existing portfolio on a segment-by-segment basis. The same comparability standards apply to both internal and external data sources. All data sources must meet the minimum five-year requirement and include a period of economic stress. See example 4, appendix B for an example of a reference data set.

    [[Page 62760]]


  140. Estimation of PD is the process by which characteristics of the reference data are related to the default frequencies for each segment of exposures in the reference portfolio. The relevant characteristics that help to determine the PDs are referred to as ``drivers of default.'' Drivers of default might include product, loan and borrower characteristics such as loan-to-value, credit line utilization, credit score, or delinquency status. Also, a portfolio separator such as geographic region, while not a direct driver of default, might indicate separate relationships by geographic region of the PD to these drivers. These drivers could be criteria for the assignment of exposures to pools in the risk segmentation system. A statistical model developed to estimate the PD would incorporate such drivers directly into the PD estimation.

    RS-19: Estimates of PD must be empirically based and must represent the average over time of segment default frequencies on an account basis. The effects of seasoning, prepayments, and attrition must be considered in the PD estimates.

  141. PD estimates should capture average expected default rates for a segment given its risk characteristics. PD estimates should represent averages of default rates measured over a sufficiently long time period to provide accurate estimates. The estimation period must include periods of economic distress.

  142. When estimating PDs, a bank may give equal weight to each sample period or it may weight recent data more heavily if it can demonstrate that doing so is more predictive of future default behavior.

  143. If the bank calculates an average PD over time by weighting each year's segment-level PD by the number of loans or volume of outstanding balances, the estimated PD may be lower or higher than the estimated PD from an unweighted average. For example, if lending typically declines during periods of stress, this weighting will tend to lessen the impact of the stress periods on the weighted average. A bank using such an approach would be expected to empirically demonstrate that such an approach produces a more accurate estimated PD for its existing portfolio. See example 2 of appendix A for an example of the quantification of a models-based PD consistent with a long-run average.

  144. Different methods of measuring and tracking exposures, defaults, and losses are common in credit risk management. Banks are required to produce an estimate equivalent to the one-year account default rate. See example 3 in appendix B.

  145. Some banks may choose to derive a PD based on the average expected dollar loss rate. A bank may use this method as long as it produces an accurate PD on an account basis as defined in paragraph 101. See example 3 in appendix A. Seasoning

  146. Seasoning poses a challenge for banks quantifying the default rate for retail exposures when the default rate follows a characteristic account age profile, typically rising for the first several periods following origination and then falling. Seasoning is an issue for longer-maturity consumer products such as residential mortgages, but it may also be important for shorter-lived portfolios. In addition, accounting for seasoning is particularly significant for portfolios that are growing rapidly through new originations or for banks that systematically sell or securitize loans before they reach the peak of the seasoning curve. In both cases, banks should factor seasoning into their quantification to provide adequate capital to cover future needs.

  147. For segments containing unseasoned loans, a bank should assign a higher PD estimate that reflects the annualized cumulative default rate over the segments' expected remaining life.\8\ For seasoned loans, the bank should use the long-run average of one-year PDs.

    \8\ If the bank can demonstrate that seasoning does not have a material effect on PD, the bank can use the long-run average of one- year PDs.

  148. The account age profile may be tracked by using account age as a criterion in the risk segmentation system or as a predictive variable of the PD parameter. Several methods can be used to account for seasoning in the PD estimates. See example 4 in appendix A.

  149. Periods of unusual prepayments or other types of account attrition have the potential to materially alter the estimated historical default rates for some retail exposures. PD estimates must be developed in such a way that they are not distorted by periods of unusual prepayment activity or other types of account attrition in the reference data sets. Mapping

  150. Mapping is establishing a correspondence between the existing portfolio and the reference data--that is, it is identifying how the existing portfolio's product, loan, and borrower risk characteristics relate to the reference data's characteristics. Mapping enables a bank to determine how risk parameter estimates from the reference data should apply to the existing portfolio. For banks with a consistent, long-term process of risk segmentation, PD mapping may consist simply of adopting the long-run average PD estimates from the historical data. However, if the bank's internal risk segmentation has varied over time, the bank must demonstrate a discernable link between its existing segmentation system and the long-run PD estimates produced from the reference data.

  151. In some business lines, products, or cross-sections of the portfolio, certain drivers of default may not be available in the risk segmentation system. Drivers are most likely to be missing as banks transition to an IRB system or when a bank acquires a portfolio. In such cases, the bank should modify its mapping process accordingly. Supervisors expect this practice to be temporary, however, and as the requisite data become available, banks should incorporate the omitted effects into the risk segmentation system. Application

  152. In the application stage, the bank applies the PD estimates to the risk segments of the existing portfolio to calculate minimum regulatory capital. This should be a relatively mechanical process for most retail portfolios.

    RS-20: PD estimates for all retail segments cannot be less than 0.03 percent (3 basis points) Quantification of Loss Given Default (LGD)

  153. LGD is defined as the segment's credit-related economic losses net of discounted recoveries divided by the segment's exposure at default, all measured during a period of high credit losses for the particular portfolio (e.g., mortgages, credit cards). The LGD estimation process is similar to the PD estimation process. The bank identifies a reference data set, which must include periods of portfolio stress. Once the bank obtains these data sets, it should select a technique to estimate the credit-related economic loss per dollar of exposure for all defaulted loans in each reference segment. The bank's reference data should then be mapped to the bank's existing retail segments, so that the model can be applied to generate an estimate of the LGD for each segment in the existing portfolio. Data

  154. Unlike reference data sets used for PD estimation, data sets for LGD

    [[Page 62761]]

    estimation contain only defaulted exposures.

  155. In order to calculate economic loss, the reference data sets must include all relevant data for quantifying LGD. This would include the exposure at the time of default (including principal plus unpaid but capitalized interest and fees), recoveries, and material collection and workout expenses. The data should contain the circumstances of default, for example, roll to charge-off or bankruptcy leading to charge-off, if they are significant factors for LGD. Recovery data should include the income and timing of recoveries including direct payments from the consumer, the sale of the collateral, or realized income from the sale of defaulted loans. For defaulted loans and collateral still on the balance sheet, the estimated current market value can be used to proxy the recovery amount. Cost data comprise the material direct and indirect costs associated with workouts and collections, including the dates when the various costs were incurred.

  156. The same minimum history of five years for the LGD reference data set is required, or longer to include a period of portfolio stress. Although a bank may use internal or external data, most banks will eventually be expected to collect and maintain sufficient internal data.

  157. In the LGD calculation, all material credit-related losses must be captured, whether or not those losses are ultimately charged to the ALLL. Material credit-related losses are broadly defined to include any material losses associated with a defaulted loan, including write- off of unpaid interest or fees, write-downs of repossessed collateral, and any similar losses. Estimation

  158. Banks must determine an accurate LGD parameter for each segment. As discussed in chapter II, banks may estimate and apply a common LGD over a range of risk segments within a particular product type, where appropriate.

    RS-21: The estimates of LGD must reflect the concept of ``economic loss.''

  159. For estimating LGD, the definition of loss is based on the concept of economic loss, which is a broader, more inclusive concept than accounting measures of loss. Economic loss incorporates the mark- to-market loss of value of the defaulted loan and collateral plus all direct and indirect costs of workout and collections, net of recoveries (including late fees and interest). Losses, recoveries, and costs should all be discounted to the time of default.

  160. The scope of cash flows included in recoveries and costs is meant to be broad. Workout and collection costs that can be clearly attributed to certain segments of loans, plus indirect cost items, must be reflected in the bank's LGD assignments for those exposures. Recovery costs include the costs of running the bank's collection and workout departments and the cost of outsourced collection services directly attributable to recoveries during a particular time or for a particular segment of loans, at as granular a level as possible. Recovery costs also include an appropriate percentage of other ongoing costs, such as corporate overhead.

  161. These recovery costs can be allocated using the same principles and techniques of cost accounting that are usually used to determine the profit and loss of activities within any large enterprise. Collection and workout departments, however, may cover services not 100 percent attributable to defaulted loans. For example, the same call center may manage reminder calls to delinquent accounts, many of which will never default, as well as collection calls. The expenses for these functions should be differentiated to allocate only collection expenses attributable to defaulted loans.

  162. When costs can't be allocated because of data limitations, the bank may assign those costs using broad averages. (For example, the bank could allocate costs by outstanding dollar amounts of loans, including unpaid interest and fees at the time of default, within each segment.)

  163. All losses, costs, and recoveries should be discounted to the time of default if realization of those material costs and recoveries is significantly delayed. The discount rate should be applied to the time interval between the date of default and the date of the realized loss, incurred cost, or recovery, on a pooled basis. A bank must establish a discount rate that reflects the time value of money and the opportunity cost of funds to apply to recoveries and costs. The discount rate, which should reflect the distressed nature of the asset, should usually exceed the contract interest rate for newly originated products as of the date of default. Within the retail portfolio, the discounting process will be particularly important in the case of residential mortgages because foreclosure laws in many states allow considerable time to pass between default and recovery.

    RS-22: The estimated LGD must reflect loss severities during periods of high credit losses.

  164. A bank must estimate an LGD for each segment that reflects economic downturn conditions where necessary to capture the relevant risks. The LGD cannot be less than the long-run default-weighted average LGD calculated on the basis of the average economic loss of all observed defaults within the data source for that retail segment. In addition, a bank must take into account the potential for the LGD to be higher than the default-weighted average during a period when credit losses for a particular portfolio (e.g., mortgages) are substantially higher than average. For certain types of exposures, loss severities may not exhibit such cyclical variability, and LGD estimates may not differ materially (or possibly at all) from the long-run default- weighted average. However, for other exposures, this cyclical variability in loss severities may be significant, and banks will need to incorporate it into their LGD estimates. For this purpose, banks may use averages of loss severities observed during periods of high credit losses for that product, forecasts based on appropriately conservative assumptions, or other similar methods.

  165. The LGD of an asset does not change with its actual default. The assigned LGD should already reflect a default loss experience predicated on a period of high credit losses. However, once an asset actually defaults, the bank must construct its best estimate of expected losses for it based on current economic circumstances and risk characteristics. For this purpose, banks can group defaulted loans into segments. (See chapter II.) The amount, if any, by which the LGD on the defaulted asset segment exceeds the bank's best estimate of the current expected loss rate on the segment represents the capital requirement (K) for that segment. The agencies are considering the possible establishment of an appropriate capital requirement floor for defaulted assets. When the best estimate of expected loss on a defaulted asset is less than the sum of specific provisions and partial charge-offs, that asset will attract supervisory scrutiny and must be justified by the bank.

  166. Examples 5, 6, and 7 in appendix B present some issues related to LGD estimation. Mapping

  167. LGD mapping follows the same general standards as PD mapping. The default and loss definitions and loss severity risk drivers in the reference data and the existing portfolio of retail exposures must be comparable. Some common challenges in mapping are presented in example 2, appendix B.

    [[Page 62762]]

    The mapping process must be updated regularly, well documented, and independently reviewed. Application

  168. At the application stage, banks apply the LGD estimation framework to their existing portfolio of exposures. Doing so might require banks to aggregate individual segment-level LGD estimates into broader averages or to combine estimates.

  169. LGD may be particularly sensitive to changes in the way banks manage retail credits. For example, a change in policy regarding collection practices or loan sales may have a significant impact on the quantification of LGD. When such changes take place, the bank should consider them in all steps of the quantification process. If a bank's policy changes seem likely to reduce LGD, estimates should be reduced only after the bank accumulates a significant amount of actual experience under the new policy to support the reductions; on the other hand, policy changes that are likely to increase LGD should be reflected in the estimates in a timely fashion.

    RS-23: IRB banks have a minimum LGD of 10 percent for residential mortgages.

  170. This floor is based on the view that LGDs, if appropriately estimated, are unlikely to fall below this level during periods of high credit losses. During the initial two-year implementation period of the IRB framework, the LGDs for retail residential mortgages cannot be set below 10 percent. During this transition period, the agencies will review the potential need for continuation of this floor. Mortgages guaranteed by a sovereign government are exempt from this floor.\9\

    \9\ This exemption applies to VA-guaranteed and FHA-insured mortgages.

    RS-24: If banks choose to reflect the risk-mitigating effect of private mortgage insurance (PMI) for residential mortgages in their risk estimates, they must do so by incorporating these insurance benefits into the quantification of segment-level LGD.

  171. In calculating losses for LGD estimation, the amount of expected PMI benefits would be deducted from the losses otherwise incurred by the bank on defaulted mortgages.

  172. Banks may choose to incorporate loan-level PMI coverage into their risk segmentation. For example, loans with similar risk characteristics, including the same type of PMI coverage, could be placed in a single segment. In any case, banks will need accurate PMI coverage data in both the reference and existing-portfolio data sets. This would generally require loan-by-loan tracking of PMI over the life of the loan, since loans on which the lender requires PMI coverage at origination (generally because of LTVs greater than 80 percent) often drop coverage when current LTV falls below 80 percent. Pool-level mortgage insurance is treated under the IRB securitization framework or under the general IRB credit risk mitigation rules.

  173. Banks with substantial PMI-covered residential mortgages should monitor the senior unsecured debt ratings of the PMI companies. If the rating of any PMI company falls below AA, banks should accordingly adjust the LGD to take into account the elevated counterparty risk for all mortgages insured by that company. Quantification of Exposure at Default (EAD) Introduction

    RS-25: The bank must provide an estimate of EAD for each segment in its retail portfolio.

  174. For an individual retail exposure, EAD is the gross amount due at default, which is the amount by which regulatory capital would be reduced if the exposure were to be fully written off. This includes all accrued, but unpaid, interest and fees. EAD for defaulted assets includes any partial write-offs that have already been incurred. EAD for a segment is the sum of the EADs of all the loans in the segment. For fixed exposures such as term loans and installment loans, each loan's EAD is no less than the principal balance outstanding.\10\ For revolving exposures and other lines of credit such as credit cards, overdrafts on checking accounts, and home equity lines of credit, each loan's EAD includes the outstanding balance plus estimated net additions to balances for loans defaulting over the following year. These additions consist of future principal increases including capitalized future interest and fees.

    \10\ For all loans, the LGD calculation includes all unpaid interest and fees in the measure of economic loss.

  175. For purchased loans, the EAD is set equal to the purchase price. For example, if a bank buys a retail portfolio consisting of exposures with $100 million face value at a 5 percent discount, the initial EAD for the purchasing bank is $95 million. (Example 8 in appendix B illustrates the effect of the purchase discount on EAD and LGD.)

  176. To estimate the net additional draws, many banks estimate a loan equivalent exposure (LEQ) as the percentage of the total authorized but undrawn lines expected to be drawn down by borrowers that default. Thus, the estimated dollar value of the additional drawdown before default can be represented as:

    Net additional draws =

    LEQ * (total authorized line - present outstanding balance)

    EAD for the segment can then be represented as:

    EAD = Present outstandings + Net additional draws

    It is the LEQ that must be estimated, since the total authorized line and the amount presently outstanding are known. The estimation of the LEQ is the focus of this section of the guidance.

  177. A bank quantifies its EAD by working through the four stages of quantification: the bank must develop a reference data set; it must estimate an EAD for segments in the reference data set with a given array of characteristics; it must map its existing portfolio to the reference data; and by applying the mapping, it must generate an EAD estimate for each segment in the existing portfolio. Data

  178. In order to estimate LEQ for an entire segment, EAD reference data sets contain only defaulted loans. In many cases, the same reference data may be used for both LGD and EAD. In addition to relevant descriptive characteristics that can be used in estimation, the reference data must include historical information on drawn and undrawn exposures prior to default, as well as the drawn exposure at the date of default.

  179. As discussed below under ``Estimation,'' LEQ estimates of potential draws may be developed using either a cohort method or a fixed-horizon method. The bank's reference data set should be structured so that it is consistent with the estimation method that the bank applies. Estimation

  180. To derive LEQ estimates for each segment, characteristics of the reference data are related to additional drawings preceding a default event. The estimation process should be capable of producing an average estimate of draws on unused lines to support the EAD calculation for each segment. Two broad types of estimation methods are used in practice: the cohort method and the fixed-horizon method. Regardless of the method used, the LEQ estimates must accurately capture the potential exposure to losses from loans defaulting over the coming year.

    [[Page 62763]]

  181. Under the cohort method, a bank groups defaults into discrete calendar periods, typically one year. A bank may use a longer period if it provides a more accurate estimate of total future losses arising from undrawn exposures. The bank then estimates the relationship between the balances for defaulted loans at the start of the calendar period and the balances at the time of default.

  182. Under the fixed-horizon method, the bank bases its estimates on a reference data set that supplies the actual exposure at default for each defaulted loan along with the drawn and undrawn amounts at a fixed interval prior to default. Estimates of LEQ are computed from the increase in balances that occur over the fixed-horizon interval for the defaults in the segment. The time interval used for the fixed-horizon method must be sufficiently long to capture the additional exposures generated by loans that default during the year for which the risk parameters are being estimated. In particular, the appropriate fixed interval will be influenced by charge-off policies. For example, using a six-month time interval for credit card loans would underestimate EAD.

    RS-26: The estimated LEQ must reflect estimated net additional draws during periods of high credit losses.

  183. The LEQ cannot be less than the long-run default-weighted average for that retail segment. The LEQ must reflect net additional draws observed during periods of high credit losses if these are systematically higher than the default-weighted average. For this purpose, banks may use averages of LEQs observed during periods of high credit losses for that product, forecasts based on appropriately conservative assumptions, or other similar methods. Mapping

  184. If the characteristics that drive EAD in the reference data are the same as those used for the risk segmentation system of the bank's existing retail portfolio, mapping may be relatively straightforward. However, if the relevant characteristics are not available in a bank's existing portfolio risk segmentation system, the bank will encounter the same mapping complexities that it does when mapping PD and LGD in similar circumstances. Application

  185. In the application stage, the estimated relationship between risk drivers and LEQ is applied to the bank's existing portfolio. With the exception of portfolios purchased at a discount, the estimated EAD must be at least as large as the currently drawn amount in each segment; therefore, LEQs cannot be negative. Multiple reference data sets may be used for LEQ estimation and combined at the application stage, subject to the general standards for using multiple data sets.

  186. EAD may be particularly sensitive to changes in the way banks manage retail credits. For example, a change in policy regarding line increases or decreases for particular segments may have a significant impact on LEQ. When such changes take place, the bank should consider them when making its estimates--and it should do so from a conservative point of view. Policy changes likely to significantly increase LEQ should prompt immediate increases in LEQ estimates. If a bank's policy changes seem likely to reduce LEQ, estimates should be reduced only after the bank accumulates a significant amount of actual experience under the new policy to support the reductions.

    1. Quantification: Special Cases and Applications

    Small Business Exposures

  187. Certain exposures to a company or to an individual for business purposes can be included in the ``other retail'' category for IRB purposes provided they meet the following conditions:

    A small business loan must be managed by the bank on a segmented basis, where credit scoring is often a key component of the underwriting decision process, and the bank must estimate risk parameters for segments of such loans with similar risk characteristics. (If the small business exposures are rated and managed as individual exposures, they will fall under the corporate standards and requirements.)

    The total of all of the bank's exposures to a single business (whether in the name of the business or in the name(s) of the proprietor(s) for business purposes) cannot exceed $1 million.

    Revolving exposures to an individual can be treated as QREs, even if used for business purposes. However, revolving exposures to businesses will be treated as ``other retail'' if they meet the criteria above.

  188. Small business exposures qualifying for retail treatment are subject to all the standards applicable to other retail exposures. Retail Leases

  189. The minimum capital requirement for retail leases is the sum of (1) the credit risk capital requirement on the discounted lease payment stream plus (2) 8% of the residual value of the leased asset:

    The lease payment credit risk is determined by estimating PD and LGD in the same manner as retail loan exposures; EAD equals the discounted remaining lease payment stream.

    The risk of the residual value is the bank's exposure to loss arising from potential decline in the fair value of the leased asset below the estimate at the time of lease inception. Purchased Retail Receivables

  190. Purchased retail receivables are treated the same as other categories of retail exposures, except for the effects of dilution. Dilution effects refer to the potential reduction in receivable balances caused by cash or non-cash credits granted to the receivables' obligor(s). Examples include offsets for the return of goods sold and discounts given for prompt payment. If dilution poses a material risk, banks should estimate an expected (long-run average) one-year dilution rate (as a percentage of the receivables amount.) The minimum regulatory capital requirement for dilution risk is determined according to the corporate risk weight formula.

  191. When refundable purchase price discounts, collateral, or partial guarantees provide first dollar loss protection for purchased retail receivables, banks may treat these as first dollar loss protection under the IRB securitization framework and use that framework for the calculation of minimum capital requirements for the purchased retail receivables. Alternatively, the bank may choose to treat EAD as the purchase price. Loan Sales

    RS-27: Quantification of the IRB risk parameters must be adjusted appropriately to recognize the risk characteristics of exposures that were removed from reference data sets through loan sales or securitizations.

  192. Banks must estimate the risk parameters for all loans on the books as if they were held to maturity, even if some loans are likely to be sold or securitized before their long-term credit performance can be observed. Loan sales and securitizations, however, can pose substantial difficulties for quantification. For example, PDs might appear disproportionately low if loans are sold before their historical performance patterns become manifest. Adjusting the risk parameter estimation to correct for sales or securitization would be particularly important for a bank that sells off primarily credits that are performing poorly (for example, delinquent loans).

  193. If the potential bias in the parameter estimates created by loan

    [[Page 62764]]

    sales and securitizations is material, the bank must identify, by detailed risk characteristics, the loans sold out of the pool or portfolio when using internal historical data as reference data sets for quantification purposes.

  194. For banks with a history of regularly selling or securitizing loans of particular types, long-run performance data should be available from the servicers or trustees. Alternatively, banks may be able to construct appropriate reference data sets with risk characteristics comparable to the loans sold or securitized by using internal historical data from retained pools or external data. Securitization and Undrawn Balances

  195. For QREs, home equity lines of credit (HELOCs), and other retail products where the drawn balances of certain accounts in the portfolio have been securitized, the IRB risk parameters and minimum capital requirements shall be determined as follows:

    For the seller's interest in securitized receivables, the risk parameters and minimum capital requirements must be determined as stipulated in this chapter.

    The potential additions to the balances prior to default for all of the accounts with securitized balances must be determined in accordance with the section of this chapter on EAD. These additions must be allocated between the seller's (originating bank's) and investors' shares on a pro rata basis, in the same proportions as the drawn balances of the accounts.

    For the seller's interest in the undrawn balances, the risk parameters and capital requirements must be determined as stipulated in this chapter.

    For the investors' interest in the undrawn balances, minimum regulatory capital will be determined according to the IRB rules for securitizations. Multiple Legal Entities

  196. In those cases where quantification is conducted across portfolios that are held by two or more legal entities, segmentation must meet all the standards set forth in Chapter II. Exposures assigned to a single segment must share homogeneous risk characteristics, regardless of whether the exposures are held on the books of a single or multiple legal entities, to ensure that the risk parameters accurately reflect the risk of the exposures held by that entity. For example, if a particular institution within the banking group holds loans with unique or predictive characteristics (such as credit card loans originated through a specific marketing channel or mortgage loans in a certain location), the segmentation system must be designed to incorporate these characteristics to ensure that PDs, LGDs and EADs for each entity are accurately stated. The following standards also apply:

    The risk parameters for each segment are determined on a segment-wide basis in the same manner described in the preceding sections of this chapter.

    Capital requirements for each legal entity should be based on the pro-rata share of the EAD exposure for each segment that is owned by that entity.

    Periodic validation should be conducted to confirm that minimum capital requirements determined through this approach are not materially different from those that would be determined on a separate entity basis. QRE Treatment Qualification

  197. To qualify for QRE treatment, in addition to the other requirements listed in chapter I, banks must demonstrate that their revolving portfolios are characterized by low volatility of loss rates relative to average loss rates, particularly for low PD bands.

  198. Specifically, [sigma]LR/LR must be ``relatively low,'' where LR is the average loss rate, and [sigma]LRis the volatility, or the standard deviation of the average loss rate over time.

  199. The average loss rate and the standard deviation should be calculated over a sufficiently long time period to be representative of the performance of the portfolio over both good and stressful economic environments.

  200. There is no fixed threshold for what constitutes a ``low ratio'' of [sigma]LRto LR. Banks will be expected to develop and document policies for their thresholds, and to compare ratios across portfolios that meet all the remaining qualifications for QRE treatment. In addition, they should compare the ratios to those of their other retail portfolios and their corporate and bank portfolios. Banks must retain data on their loss rates.

  201. If the ratio of loss rate volatility to average loss rates is not sufficiently low, the portfolio will be subject to treatment as ``other retail'' rather than as QRE. Supervisors will review the relative volatility of loss rates across the QRE sub-portfolios, as well as the aggregate QRE portfolio, and intend to share information on the typical characteristics of QRE loss rates across jurisdictions. Stress Testing

  202. Stress-testing analysis indicates the effect of economic downturns on credit quality and the resulting effect on capital requirements. Under the new framework, changes in borrower credit quality will lead to changes in the required IRB regulatory capital charge. Since credit quality changes typically reflect changing economic conditions, required regulatory capital may also vary with the economic cycle. During an economic downturn, regulatory capital requirements could increase if exposures migrate toward lower credit quality segments as a result of higher unemployment and lower incomes.

  203. Supervisors expect that banks will manage their regulatory capital position so that they remain adequately capitalized during all phases of the economic cycle. A bank that is able to credibly estimate regulatory capital levels during a downturn can be more confident of appropriately managing regulatory capital. Stress testing is one tool for that estimation, by means of projecting the levels of key performance measures in an economic downturn.

  204. Stress testing is a general term that can be applied to different types of analysis, depending on the purpose of the exercise. To cite an example that differs from the type of stress testing considered here, a bank might want to shed light on how it would fare during an extreme scenario that threatens its continued existence. Still another type of stress testing evaluates the effect of an adverse scenario (such as a significant increase in unemployment) on the credit quality of a group of borrowers.

  205. Banks are encouraged to use a range of scenarios when stress testing to manage regulatory capital. Scenarios may be historical, judgmental, or model-based. Key variables specified in a scenario could include interest rates, score-band segment transition matrices, asset values, growth rates, and unemployment rates. A bank may choose to have a single scenario that applies to the entire portfolio, or it may identify scenarios specific to the various portfolio segments. The severity of the stress scenario should be consistent with the periodic economic downturns experienced in the United States. Such scenarios may be less severe than those used for other purposes, such as testing a bank's solvency.

  206. Given a scenario, a bank then estimates the effect of the scenario on risk-weighted assets and its future capital ratios relative to the regulatory minimums. Estimating capital ratios includes estimating levels of capital (the numerator of the ratio) as well as measures of risk-weighted assets (the denominator). Suppose the scenario for a large retail portfolio segment is a specific historical recession (for

    [[Page 62765]]

    example, the national unemployment rates of 1980 to 1985). Score-band transition matrices observed during the recession could be used to quantify migration between segments and thus supply the new distribution of segments expected for the current portfolio, given the scenario. This would allow the calculation of risk-weighted assets that would be expected in the recession scenario. Default rates would allow the estimation of the effects on bank income and the consequent capital effects of credit losses.

  207. The scope of this estimation exercise should be broad and include all material portfolios under IRB. The time horizon of the stress-testing analysis should be consistent with the specifics of the scenario and should be long enough to measure the material effects of the scenario on key performance measures. For example, if a scenario such as a historical recession has material income and segment migration effects over two years, the appropriate time horizon is at least two years.

  208. The stress-testing exercise should also take into account a bank's discretionary actions that affect regulatory capital levels. For example, a bank's plan to reduce dividends in the face of lowered income would, if implemented, affect retained earnings and the capital accounts. Holding more than the minimum regulatory capital requirements during normal economic conditions is a key discretionary action. Such discretionary actions must be consistent with the bank's documented regulatory capital management policy. Because discretionary plans may or may not be implemented, a bank should estimate the relevant capital ratios both with and without these actions.

    1. Validation


  209. Validation consists of a wide range of activities intended to assure that the risk segmentation method and the risk quantification process are logical and sound and that the segment-level forecasts of PD, LGD and EAD are accurate.

  210. It is often rather difficult to disentangle the effects of the risk segmentation system from those of the quantification process, in particular with respect to validation. Some aspects of the validation of the risk segmentation system can be assessed independently; those have been discussed in chapter II. However, to a very significant degree, the accuracy, logic, and statistical powers of the segmentation system are inextricably intertwined with the accuracy and validity of the risk parameters estimated on the basis of that segmentation. Therefore, most of the discussion that follows applies to both the risk segmentation system and the risk parameter quantification process.

  211. The units that develop and test the segmentation and quantification processes should conduct the types of ongoing validation discussed below. In addition, there must be independent review conducted by a separate unit. See chapter V for details.

    RS-28: A validation process must cover all aspects of IRB retail quantification.

  212. Validation of the risk quantification process should focus on the three estimated segment-level retail IRB parameters, PD, LGD, and EAD. Although the established validation process should result in an overall assessment of IRB quantification for each parameter, it also must cover each of the four stages of the quantification process as described in preceding sections of this chapter (data, estimation, mapping, and application). Validation of the risk segmentation system should focus on the design and the ongoing ability of the system to divide exposures into stable and homogeneous segments that separate exposures effectively by risk. The process must be updated periodically to incorporate new developments in validation practices and to ensure that validation methods remain appropriate. Documentation must be updated whenever validation methods change.

    RS-29: A bank must establish policies for all aspects of validation. A bank must comprehensively validate risk segmentation and quantification at least annually, document the results, and report its findings to senior management.

  213. A full and comprehensive annual validation is a minimum for effective risk management under IRB. More frequent validation may be appropriate for certain parts of the IRB system and in certain circumstances; for example, during high-default periods, banks should compute realized default and loss severity rates more frequently. They must document the results of validation and report them to appropriate levels of senior risk management.

    RS-30: Banks must use a variety of validation approaches or tools; no single validation tool can completely and conclusively assess IRB quantification. A bank's validation processes must include the evaluation of logic, ongoing monitoring, and the comparison of estimated parameter values with actual outcomes.

  214. Banks must have processes designed to give reasonable assurances of their quantification systems' accuracy. The ongoing process to confirm and ensure accuracy consists of:

    The evaluation of developmental evidence (evaluation of logic) or the evaluation of the conceptual soundness of the approach to quantification;

    Ongoing monitoring of system implementation and reasonableness (verification and benchmarking); and

    Back-testing (comparing actual with predicted outcomes).

  215. IRB banks are expected to employ all of the components of this process. However, the data to perform comprehensive back-testing may not be available in the early stages of implementing an IRB segmentation and quantification process. In addition, back-testing may be difficult if a bank's process for modeling risks is evolving significantly. Therefore, banks may at times need to rely more heavily on developmental evidence, quality control tests, and benchmarking to assure themselves and other interested parties that their quantification processes are likely to be accurate. Developmental Evidence

    RS-31: Banks must evaluate the developmental evidence, or logic, involved with the development of the risk segmentation system and the quantification process.

  216. Evaluating logic is essential in validating the risk segmentation system and all four stages of the quantification process. Developing a risk segmentation system and quantification process requires banks to adopt methods, choose characteristics, and make adjustments; each of these actions requires judgment. Validation should ensure that these judgments are plausible and informed and that they reflect as much as possible evolving industry practice and the latest theoretical developments and empirical techniques in the risk management field.

  217. Evaluating developmental evidence involves making a reasonable assessment of the quality of the quantification process by analyzing the design and construction of the four stages of quantification. Developmental evidence is intended to answer these questions: Could the risk segmentation system be expected to accurately measure the risk within each segment and to separate the risk between segments? Could the quantification process be expected to accurately estimate PDs, LGDs, and EADs? That evidence will have to be revisited whenever the bank changes its quantification process or its risk

    [[Page 62766]]

    segmentation system. Since risk analysis at advanced banks is constantly evolving, the evaluation of developmental evidence is likely to be an important ongoing part of the process.

  218. Generally, the evaluation of developmental evidence will include a body of expert opinion. Developmental evidence in support of the risk segmentation system includes the statistical design of the segmentation in separating exposures into stable and homogeneous segments and the selection and combination of default risk drivers. Developmental evidence in support of techniques used in the quantification process must include information on the logic that supports the methods chosen for the four stages of quantification. The developmental evidence will be more persuasive when it includes empirical evidence on the power of the segmentation system to separate exposures by risk and the accuracy of the quantification process. The sufficiency of the developmental evidence will itself be a matter of informed expert opinion, and experts should be able to draw conclusions about whether an IRB system would be likely to perform satisfactorily. Ongoing Process Verification and Benchmarking

    RS-32: Banks must conduct ongoing process verification on the developed risk segmentation system and quantification process to ensure proper implementation.

  219. The second source of analytical support for the validity of a bank's IRB systems is the ongoing analysis to confirm that the process continues to perform as intended. Such analysis involves process verification and benchmarking.

  220. Verification activities address the question: Are methods of separating exposures into segments and quantifying risk parameters being used, monitored, and updated as designed?

  221. Risk segmentation and quantification process verification also includes monitoring of model overrides. If individuals have the ability to override models, the bank should have both a policy stating the tolerance for overrides and a monitoring system for identifying the occurrence of and reasons for overrides. The performance of overrides should be tracked separately.

    RS-33: Banks must benchmark their risk quantification estimates against other sources.

  222. A bank must also assess whether it has quantified the risk parameters on the reference data accurately by comparing those estimates with alternative PD, LGD, and EAD estimates from internal and industry sources, a process broadly described as benchmarking. Benchmarking should also include the comparison of the quantification results derived from different risk segmentation criteria.

  223. Benchmarking allows a bank to compare the robustness of its estimates with those of other estimation techniques and data sources. Results of benchmarking exercises can be a valuable diagnostic tool in checking for potential weaknesses in a bank's risk quantification system. A bank should investigate the sources of substantial discrepancies between its IRB risk parameters and those observed in the benchmarking exercise. Back-Testing

    RS-34: Banks must develop statistical tests to back-test their IRB risk quantification processes. Banks must establish tolerance limits for differences between expected and actual outcomes, and banks must have a validation policy that requires and outlines remedial actions to be taken when policy tolerances are exceeded.

  224. A bank must back-test its risk parameter estimates by regularly comparing actual segment-level default rates, loss severities, and exposure-at-default experience from its portfolio with its PD, LGD, EL, and EAD estimates. However, back-testing is only one element of the broader validation process, and often it will not permit identification of the specific reasons for discrepancies between expectations and outcomes. Rather, it will indicate only that further investigation is necessary.

  225. Random chance and many other factors will make discrepancies between realized outcomes and those predicted by the estimated risk parameters inevitable. Even for segments with a large number of exposures, unexpected changes in aggregate economic conditions can lead to differences between realized and predicted outcomes. However, if these discrepancies are unduly large, the bank should analyze the discrepancies to determine the cause. If the discrepancies demonstrate a systematic tendency to decrease regulatory capital, the nature and source of the bias requires even more detailed scrutiny.

  226. Banks have wide flexibility in developing statistical tests to back-test their retail risk parameter quantification and retail risk segmentation systems. Regardless of the back-testing method used, the bank should establish thresholds or accuracy tolerance levels for validation results. Results that breach thresholds should bring an appropriate response; that response should depend on the results and should not necessarily be to change the design of the segmentation system or the quantification of the risk parameter estimates. The bank's validation policy should describe (at least in broad terms) the types of required responses when relevant action thresholds are crossed.

    1. Data Maintenance

    1. Overview

  227. Banks adopting the IRB approach for retail exposures must use advanced data maintenance practices to support their risk segmentation systems, quantification processes, validation, and control and oversight mechanisms described in this guidance. Timely, accurate, and reliable data are the foundation for retail credit risk management, and IRB status reinforces the importance of both data and the means to store, retrieve, and use them.

  228. IRB banks will implement different risk segmentation systems and quantification processes, and therefore their supporting data structure and elements will differ. Within a bank, moreover, risk segmentation and quantification processes may differ across business lines and countries. Therefore, the data structures and practices adopted will be unique to each bank.

  229. While banks will have substantial flexibility in the specific design of their data maintenance systems, the underlying principle in this guidance is that the data systems must be of sufficient depth, scope, and reliability to implement and evaluate the IRB retail credit risk system. The system must be able to do the following:

    Develop a risk segmentation system and assign retail exposures to segments;

    Develop a quantification process and assign risk parameter estimates to segments;

    Validate the IRB risk segmentation system criteria and architecture;

    Validate the IRB risk parameter estimates;

    Produce internal and public reports; and

    Support the overall retail credit risk management process.

  230. Data maintenance systems must enable banks to undertake necessary changes in their IRB systems and to improve methods in credit risk management over time. This will require that systems be capable of providing detailed historical data and new data elements for enhanced model development and new product testing.

  231. This chapter covers retail IRB data requirements and systems

    [[Page 62767]]

    comprising the loan characteristics specific to the bank's exposures, the credit characteristics of the bank's borrowers, and the performance history of the bank's exposures. It is expected that over time historical data sets used for risk segmentation and reference data for quantification discussed in chapters II and III will be constructed primarily from these internal data, but they may be supplemented by external data when necessary.

    1. General Data Requirements

    RS-35: The bank must collect and maintain sufficient data to support its IRB retail credit risk system.

  232. Banks must develop data systems capable of supporting their risk segmentation systems and quantification processes. Given the risk segmentation criteria and quantification components that are necessary for the IRB retail credit risk system, the bank must establish historical databases at the individual loan level.

  233. At a minimum, the bank must maintain loan and borrower risk characteristics that significantly affect origination decisions (for example, credit score, collateral type, loan-to-value ratio), as well as ongoing characteristics that significantly affect account management decisions (for example, refreshed credit scores, utilization, payment history), whether or not those are used directly in the segmentation system.

  234. The bank must maintain data history at the loan level for all loans in the portfolio on performance components (for example, balance and payment history) and loan disposition (for example, prepayment, default, recoveries) necessary for PD, LGD, and EAD quantification.

  235. Data necessary to support segmentation systems and quantification processes may vary by business line and by country or wherever the key drivers of risk are unique to the portfolio, different data elements are available, or different measurements of loss are appropriate.

  236. As discussed in chapter III, banks must use the best available data for the development of risk segmentation systems and for historical reference data sets used in risk parameter quantification.

  237. Given the bank-specific basis of assigning retail exposures to segments, over time internal data should become the primary source of information for estimating IRB risk parameters. Banks using external data for quantification must demonstrate a strong link between (a) the bank's process of assigning exposures to a segment and the process used by the external data source and (b) the bank's internal risk profile and the composition of the external data.

  238. Internal data refer to data on the historical loan and risk characteristics and the performance of loans in a bank's own portfolio--even if some input components are purchased from outside sources. Property appraisals purchased from a third-party appraiser for updating LTVs of the bank's mortgage exposures would be internal data on loan characteristics. Credit scores purchased from a credit bureau for borrowers with existing exposures would be internal data on borrower characteristics. However, if a bank purchases extensive data on borrower and loan risk characteristics and the performance of other banks' portfolios (for example, about a new product with which the bank has no experience), such data would be considered external.

  239. External data may provide more accurate estimates of the risk parameters, particularly during the early years of IRB implementation. Banks should document the use of external data and retain those data in accordance with all of the requirements for internal data. It is expected that banks will improve the quality of their internal data over time.

    RS-36: Banks must retain all significant data elements used in the IRB retail credit risk system for at least five years and must include a period of portfolio stress. This data requirement applies to all loans and lines that were open at any time during this period.

  240. Banks must retain a minimum five-year loan-level history of the entire portfolio. The standard above establishes the minimum requirement for banks to retain significant data elements (key risk drivers) used in the risk segmentation system or in the quantification of the risk parameters (PD, LGD, and EAD). However, it is expected that banks will retain additional data elements used in their internal credit risk management systems.

  241. If the most recent period of portfolio stress occurred more than five years ago, banks must retain additional data to cover the stress period. These data may be in the form of representative statistical samples of the portfolio, rather than data from all loans. In addition, these data need not cover the period between the stress period and the most recent five-year period. The method of any sampling should be statistically sound and well documented.

  242. Banks must gather and retain disposition data, including recovery data on defaulted loans (for example, date and dollar value of recoveries and collection expenses) sufficient to develop LGD and EAD estimates. For many banks, information related to recoveries and collection expenses currently exists only at an aggregate level. These banks should develop interim solutions and a plan to improve data availability.

  243. Banks must retain data on losses (including recoveries, expenses, and dates) incurred in their revolving portfolios for at least five years or longer to include a period of high credit losses, in sufficient detail to calculate the average loss rates and the volatility of those loss rates over time. These parameters are necessary to determine eligibility for QRE capital treatment (see chapter III).

  244. Banks are encouraged to retain data beyond the minimum requirements because they will need robust historical databases containing key risk drivers and performance components over as long a historical period as possible to facilitate the development and validation of new, more advanced methods.

  245. A data structure designed to create a historical data warehouse at the loan level may take many forms. For example, the loan- level data may be collected and stored at the business line, while segment-level data inputs may be stored in a centralized database. Ultimately, the objective is for the bank to be able to access loan- level data, as needed, using a structure that is sufficiently robust to support validation and improvements in the IRB system. Standards for Refreshed Data

    RS-37: Banks must retain refreshed data elements related to key credit risk drivers, performance components, and loan disposition consistent with advanced credit risk management standards and commensurate with the risk and size of the program.

  246. Maintaining up-to-date information is necessary to support a more risk-sensitive and accurate capital computation. This information may consist of refreshed information on segmentation criteria such as credit scores, as well as refreshed performance indicators such as payment history. In documenting its segmentation approach, a bank must specify the time frames for updating data elements involved with the capital calculation.

  247. For many retail products, banks update key loan and borrower risk characteristics and performance metrics monthly for account management and risk measurement purposes. For other portfolios or other data elements, data may be refreshed less frequently. Data

    [[Page 62768]]

    elements should be updated with a frequency necessary for the reliable measurement of credit risk for the particular portfolio or business line and consistent with advanced credit risk management practices. Loan Sales

    RS-38: Banks must maintain data to allow for a thorough review of asset sale transactions.

  248. Asset sales may involve exposures from a variety of portfolio segments, and sale pricing may not be available at a granular level. It is important that the bank be able to quantify the impact of removing a portion of loans from risk segments across the portfolio and the effect of asset sale activity on loss mitigation strategies. Documentation for these transactions should be sufficient for supervisors to determine how asset sale activity affects the integrity of the IRB risk segmentation method, quantification, and the resulting capital calculations. Validation and Refinement

    RS-39: Retained data must be sufficient to support IRB validation requirements.

  249. Data should be sufficient to facilitate the back-testing, benchmarking, ongoing monitoring, and developmental evidence aspects of the validation process described in chapters II and III. Data Standards for Outsourced Activities

    RS-40: Banks must ensure that outsourced activities performed by third-party vendors are supported by sufficient data to meet IRB requirements.

  250. Certain processes, such as loan servicing, broker or correspondent origination, collection, and asset management, may be outsourced to or otherwise involve third parties. The necessary data capture and oversight of risk management standards for these portfolios and processes must be carried out as if they were conducted internally. Calculating Capital Ratios and Reporting to the Public

    RS-41: At each reporting period, aggregate exposures across all risk segments must be reconciled to ensure that all exposures are accounted for appropriately.

  251. Data retained by the bank will be essential for regulatory risk-based capital calculations and public reporting under the Pillar 3 disclosures. These uses underscore the need for a well-defined data maintenance framework and strong controls over data integrity. Total exposures should be tied to systems of record, and documentation should be maintained for this process for all reporting periods.

    1. Managing Data Quality and Integrity

    Documentation and Definitions

    RS-42: Banks must develop and document the process for ensuring data integrity and for delivering, retaining, and updating inputs to the IRB data warehouse. Also, banks must develop comprehensive definitions for the data elements used for each credit group or business line (a ``data dictionary'').

  252. Banks must formalize how they manage data. The full documentation of a bank's data management provides a means of evaluating whether the data maintenance framework is functioning as intended. Moreover, banks must be able to communicate precise definitions of the items to be collected. Consequently, every bank should develop a ``data dictionary'' to ensure consistent inputs from business units and data vendors and to allow third parties (such as auditors or bank supervisors) to evaluate data quality and integrity.

    RS-43: Banks must maintain detailed documentation on changes over time to the risk segmentation system and the quantification process, including data elements, method, and supporting processes.

  253. When changes are made to risk segmentation systems or the quantification processes, the bank must be able to determine how these changes affect capital calculations. Detailed documentation is necessary for the bank to identify the sources of any significant changes in the capital charges under IRB. Data Access and Scalability

    RS-44: Banks must store data in a format that allows timely retrieval for analysis and validation of risk segmentation methods and parameter quantification processes. Data systems must be scalable to accommodate the growing needs of the business lines, the centralized data functions, and risk analysis over time.

  254. Banks may have a variety of storage techniques and systems to create their data warehouses and data marts. IRB data standards can be achieved by unifying existing accounting, servicing, processing, and workout and risk management systems, provided the linkages between these systems are well documented and include sufficient edit and integrity checks to ensure that the data can be used reliably. The data architecture must be designed to be scalable to allow for growth in portfolios, data elements, history, and product scope. Data Gaps

    RS-45: If data gaps occur, banks must specify interim measures to quantify IRB risk parameters and must establish a plan to meet the data maintenance standards.

  255. A data gap is the absence of key data elements necessary for the design and application of the bank's risk segmentation system, for the quantification of the risk parameters, or for validation of the segmentation and quantification systems. One common cause of data gaps is a merger or acquisition. Merging or acquiring banks must develop a plan for creating an integrated IRB system. Data gaps may also arise as banks make the transition to full implementation of IRB systems.

  256. As an interim measure, banks should seek to obtain data from external sources to supplement internal data shortfalls. Alternatively, the reference data sometimes may be drawn from other sections of the portfolio, but only when the business lines and loan and borrower characteristics are sufficiently similar. The bank must document any transitional steps and should take an appropriately conservative approach to quantification when data gaps exist.

  257. The level of effort placed on filling data gaps should be commensurate with the current and anticipated volume of exposures to be incorporated into the bank's IRB system.

    1. Control and Oversight Mechanisms

    1. Overview

  258. Risk management processes and controls, which are the foundation of retail lending activities, are essential to product development, pricing, underwriting, account management activities, portfolio performance forecasting, and economic capital modeling and long-term capital planning. Banks will use similar processes and controls to ensure the accuracy of their segmentation, quantification, and regulatory capital levels.

    RS-46: IRB banks must implement an effective system of controls and oversight.

  259. This system must include controls over lending activities, independent review, transparency, accountability, use of risk parameter estimates for internal risk management purposes, internal and external audit, and board and senior management oversight. Banks will have flexibility in

    [[Page 62769]]

    how these elements are combined, provided they incorporate sufficient checks and balances to ensure that the credit risk management system is functioning properly.

  260. IRB banks must have controls and oversight to ensure the integrity of the risk segmentation system and the accuracy of the risk parameter estimates used for determining regulatory capital under the IRB framework. Table 5.1 lists the key components of an IRB control and oversight system. These controls can be combined or structured to reinforce one another in a variety of different ways.

    Table 5.1.--Control and Oversight Mechanisms

    Controls over retail lending

    A structure and system of management activities.

    and controls must be established to ensure credit quality and data integrity. Accountability.................... Responsibilities and lines of authority should be documented in bank policy. Independent review................ An independent review process must evaluate the integrity of the IRB risk segmentation system and quantification process. Transparency...................... The IRB retail credit risk system must be sufficiently transparent to enable third parties to understand key aspects of the segmentation system and quantification process. Use of risk estimates............. IRB risk parameter estimates must be consistent with internal risk measurements that are used to guide risk management activities and financial management. Internal and external audit....... Internal and external audit must assess the effectiveness of control and oversight mechanisms and overall compliance with the IRB standards. Board and senior management

    Ultimate responsibility for the oversight.

    performance of the IRB retail credit risk system rests with senior management and the board.

    1. Controls Over Lending Activities

    RS-47: Banks must have an independent risk management function that provides oversight of retail lending activities.

  261. An independent risk management function is not directly involved in the credit decision process. The group's staff members should be compensated principally on how effectively they manage credit risk. The risk management function should be responsible for setting credit policies and ensuring that credit standards are followed. Retail credit review and compliance management are functions that should augment and support risk management activities.

    RS-48: Banks must have an effective loan review function for retail credit portfolios.

  262. An effective loan review for retail credit is an essential control for all IRB banks. Loan review must be independent of the lending process. The numbers, experience, and knowledge of personnel in loan review should be commensurate with the complexity and risk of the bank's retail loan portfolios.

  263. The scope of reviews should provide an assessment of the quality of risk management and quantity of risk in retail loan portfolios. The frequency of reviews should be based on the risk and size of the portfolios. Reports should clearly identify any concerns. Banks should have a process for timely resolution of issues and weaknesses identified by loan review.

    RS-49: A quality control function must confirm that all retail lending activities follow established policies.

  264. The purpose of quality control is to provide ongoing assurance that all retail lending activities adhere to the bank's policies and procedures. The quality control program should monitor and evaluate the integrity of credit origination, account management, and collection activities and should provide timely feedback to senior management. Without strong quality control systems governing all aspects of the lending process, the IRB retail credit risk system can be significantly compromised.

  265. The quality control function should be formally established and operate independently of the loan production process, collections, and servicing functions. The quality control program should have established operating procedures and stated requirements for sample size and selection. Coverage of this function should include statistically valid samples.

  266. The quality control function should generate monthly reports to appropriate levels of management, outlining findings and identifying policy exceptions. This information should be used to address weaknesses in lending activities. The function should seek corrective action as necessary.

    RS-50: Management information systems (MIS) must be sufficiently comprehensive to monitor and measure credit quality and performance and to allow proactive and effective risk management.

  267. Comprehensive MIS is needed to support risk management. Reports should measure risk for each stage of the life-cycle for retail loans and provide early warning of changes in risk profiles. Front-end reporting generally includes score distribution, score overrides, exception reporting, and other pertinent borrower and collateral information. Ongoing portfolio MIS should provide information about the overall risk profile, portfolio performance, and the direction of risk, including score distributions, changes in score distributions, early default analysis, and vintage analysis. Collection reporting should include delinquency roll rates, static pool cash collection analysis, and data on volumes and performance for workouts and loss mitigation programs. Banks must have a process to ensure that reports are accurate and consistent.

    RS-51: Adequate controls and monitoring systems must be in place to effectively supervise all third parties involved in the lending process.

  268. Vendor management should include a process to identify, monitor, manage, and control the risks posed by third-party providers. Vendor arrangements should be established based on adequate due diligence and should include written contracts that outline duties, obligations, and responsibilities of both parties. Banks are expected to provide ongoing oversight for third-party arrangements to ensure that activities are conducted in a safe and sound manner and in compliance with the law. Underlying controls should be the same as if the bank were conducting the activity directly.

  269. Banks frequently use third parties such as brokers, dealers, and correspondents in the loan origination process. While these sources of new loans provide positive benefits, they also warrant strong oversight. For loans that involve brokers and dealers, banks should ensure that adequate controls, such as loan verification activities, credit scoring, and the collateral valuation process, exist over loan

    [[Page 62770]]

    processing. Strong control processes over brokers and dealers can help ensure that underwriting decisions are based on reliable information. For correspondent originations, banks should have adequate monitoring systems in place to ensure that loans meet the bank's internal underwriting requirements.

    1. Accountability

    RS-52: Bank policies must identify individuals responsible for all aspects of the retail IRB credit risk system.

  270. Responsibilities and lines of authority should be documented in bank policy. Personnel should have the tools and resources necessary to carry out their responsibilities, and their performance should be evaluated against clear and specific objectives. Individuals should be held accountable for complying with applicable policies and ensuring that those aspects of the IRB system that are within their control are unbiased and accurate.

    1. Independent Review of Retail IRB Processes

    RS-53: Banks must have a comprehensive, independent review process that is responsible for ensuring the integrity of the IRB risk segmentation system and quantification process.

  271. The review process should be independent of the individuals who develop the underlying segmentation systems and perform quantification activities. The activities of this review process could be distributed across multiple areas or housed within one unit. Organizations will choose a structure that fits their management and oversight framework. For example, the independent review might be conducted by loan review or other similar units, subject to the independence requirement above. Individuals performing the reviews should possess the requisite technical skills and expertise.

  272. The review should be conducted at least annually and should encompass all aspects of the process, including:

    Compliance with policies and procedures;

    Design and effectiveness of the segmentation system;

    Quantification process and accuracy of parameter estimates;

    Model development, use, and validation;

    Adequacy of data systems and controls; and

    Adequacy of staff skills and experience.

  273. The review process should identify any weaknesses, make recommendations, and ensure corrective action. Significant findings of IRB reviews must be reported to senior management and the board.

    1. Transparency

    RS-54: IRB banks must have a transparent retail IRB process.

  274. Transparency is the ability of third parties, such as loan reviewers, auditors, and supervisors, to understand the design, operations, and accuracy of the risk segmentation system and quantification process for retail IRB.

  275. Transparency in the risk segmentation system and quantification process may be achieved through documentation that covers the following:

    The segmentation design, including selection of risk drivers, use of refreshed information, and granularity of segmentation;

    Parameter estimates and the processes used for their estimation, including significant adjustments and assumptions;

    Data requirements;

    Documentation for model development, implementation, and validation; and

    Specific responsibilities of and performance standards for individuals and units involved in the retail IRB process and its oversight.

    1. Use of Risk Estimates

    RS-55: Retail IRB risk parameter estimates must be consistent with risk estimates used to guide day-to-day retail risk management activities.

  276. Banks must demonstrate that IRB segmentation and IRB risk parameter estimates are consistent with those used by bank management in its planning, execution, and oversight of retail lending activities. Risk drivers for IRB segmentation purposes should correspond to risk drivers used as part of the overall risk management of the lines of business. IRB risk parameter estimates of PD, LGD, and EAD should be incorporated in credit risk management, internal capital allocation, and corporate governance. Banks should compare actual default rates with PD and actual dollar loss rates with internal forecasts for each of the retail IRB products.

    1. Internal and External Audit

    RS-56: Internal and external audit must annually evaluate compliance with the retail IRB capital regulations and supervisory guidance.

  277. Internal audit should report to the board and management on the bank's compliance with the retail IRB standards, including ones applicable to the segmentation system and estimation of the IRB risk parameters. This report will allow the board and management to affirm that the risk segmentation system, the quantification process, and the surrounding controls are in compliance with IRB standards. This will be critical for public disclosure and ongoing review by supervisors. As part of its review of control mechanisms, internal audit should evaluate the depth, scope, and quality of the independent review and quality control functions.

  278. As part of the process of certifying financial statements, external auditors should, to the extent appropriate under applicable auditing and professional standards, ascertain whether the IRB system is measuring credit risk appropriately and confirm that the bank's regulatory capital position is fairly presented. Auditors should also evaluate, to the extent appropriate under these standards, the bank's internal control functions relating to regulatory capital and its compliance with the risk-based capital regulation and supervisory guidance.

    1. Corporate Oversight

    RS-57: The full board or a designated committee of the board must review and approve key elements of the IRB system.

    RS-58: Senior management must ensure that all components of the IRB system, including controls, are functioning as intended and comply with the risk-based capital regulation and supervisory guidance.

  279. Senior management's oversight is expected to be more active than that of the board of directors. Senior management must have an extensive understanding of credit policies, underwriting standards, and account management activities (including collections) and must understand how these factors affect the IRB risk segmentation system, risk-parameter estimates, and data maintenance requirements.

  280. The depth and frequency of information provided to the board and senior management must be commensurate with their oversight responsibilities and the condition of the bank. The board should be provided with periodic high-level reports summarizing the performance of the retail IRB credit risk system. Senior management should receive more detailed reports covering topics such as:

    Risk profile by retail portfolio;

    Actual losses by risk segment compared with the IRB risk parameter estimates (PD, LGD, and EAD), with emphasis on unexpected results;

    Changing portfolio trends and risks;

    [[Page 62771]]

    Reports measuring changes in regulatory and economic capital;

    Reports generated by the independent review function, quality control, audit, and other control units; and

    Results of capital stress testing.

  281. Although all of a bank's controls must function smoothly, independently, and in concert with the others, the direction and oversight provided by the board and senior management is critical to ensuring that the IRB system is functioning properly.

  282. For retail portfolios that are managed across legal entities, the board of directors and senior management of each insured depository institution must have sufficient information about its exposures to accurately assess and report on its own risk.

  283. Senior management should confirm that activities conducted across multiple legal entities meet the following conditions:

    Products are managed centrally using consistent policies;

    Segments that cross multiple legal entities meet the requirements of chapter II to ensure that they have homogeneous risk characteristics;

    Exposures outside the United States are not grouped with domestic exposures; and

    Validation and back-testing activities include the additional step of ensuring that minimum capital requirements for each entity are accurate.

    Appendix A: Process Analysis Examples

    Example 1: A Seamless Application of the Four Stages of Quantification (See Paragraph 70)

    Consider a bank that has been making indirect installment loans through furniture stores for a number of years. Seven years of internal data history are available, over a period including a significant recession. The bank has segmented this portfolio over the whole period in a consistent manner: by bureau score, internal behavioral score, and monthly disposable income. In addition, LGDs for this portfolio have demonstrated significant cyclical variability over the period covered by the bank's data history.

    The bank can empirically show that the participating furniture retailers, underwriting criteria, and collection practices have remained reasonably stable over the seven-year period, and the definition of default has been consistent with the IRB definition. However, there are frequent changes in the bank's products and in the borrowing population that affect the risk characteristics of its loans, so the bank uses only the most recent seven-year data history as new data become available (assuming that the data includes a period of recession).

    The PD is calculated as the average of the seven annual PDs. The LGD is the loss severity observed during periods when credit losses for this type of product have been high. The EAD for non-defaulted loans is calculated as the outstanding loan amount at the time of capital measurement plus any accrued but unpaid interest and fees.

    In this example, the four stages have not been explicitly mentioned or applied. Nonetheless, at the level of detail presented (which is clearly somewhat simplified), the quantification appears to satisfy most of the standards in the chapter (subject, of course, to validation).

    If the bank desires, it can put its quantification into the following four-stage framework:

    1. The bank's own historical data serve as the reference data;

    2. Estimation consists of calculating the historical average PD, the recessionary LGD, and the outstanding balance by segment;

    3. Mapping consists primarily of ensuring that the segmentation schemes and the definition of default are consistent between the reference data portfolios and the bank's existing portfolios; and

    4. Application is a matter of using the risk parameter estimates from the reference portfolios for each segment of the existing portfolios in the regulatory capital formulas.

      Thus, as discussed in the main chapter text, the four stages of quantification are not intended as a set of rigid requirements that must be followed in every detail in all circumstances. Rather, they should be seen as a conceptual framework, and as an analytical and implementation guide for those institutions whose data histories, institutional circumstances, or unusual complexities require the greater detail and specificity.

      Example 2: Quantification of the PD for First-Lien Mortgages (See Paragraph 106)

    5. For the past four years a mortgage portfolio has been concentrated in a less risky geographic region than the historical portfolio, whose data history goes back several more years. The bank analyzes external mortgage data by geographic region over the same time period to identify regional differences in default rates. Analysis of the reference data indicates similar regional differences.

    6. The recent four-year period does not include a period of stress, so the bank uses its full internal data history to encompass a period of stress. To estimate the PD parameter over a long run of data history that is also comparable to the current portfolio, the bank develops a statistical model of the PD over combined internal and external performance history. The variables used as PD predictors included geographic region, loan and borrower risk characteristics, loan-to-value ratios, and lagged mortgage foreclosure rates by region. With this model the bank claims that it is able to fully utilize its 13-year history of internal data as well as take into account the effects of the more recent geographic change in its portfolio.

      Process Analysis for Example 2:

      Data--The existing portfolio of first-lien mortgages is segmented by LTV, credit score, tenor, fixed-rate vs. ARM, and debt- to-income ratio. For a given segment, the bank has good historical data from its own portfolio. The reference data consist of nine years of lifetime internal performance history for loans originated between 1990 and 1999, which are concentrated within the riskier geographic region, plus four years of recent internal history (2000- 2003). The internal data is supplemented by external regional mortgage data over the full 13-year history (1999-2003).

      Estimation--The bank builds a statistical model that estimates PD as a function of regional foreclosure rates for the previous two quarters, the loan-to-value ratio, credit score, debt-to-income ratio, loan tenor, and geographic region, and it builds separate models by product type (e.g., fixed-rate vs. ARM). A similar model of LGD is estimated using a regression model that incorporates economic factors. An LGD estimate reflective of periods of high credit losses in the mortgage market is produced by stressing the economic factors in the model. The model results are robust in terms of the standard statistical diagnostic tests. The model has continued to perform satisfactorily in validations outside the development sample.

      Mapping--Since the 1990-1999 period, the bank has shifted much of its first-lien mortgage business to a different region of the country, one that historically has experienced lower default rates. The bank segments its portfolio by region and borrower and loan characteristics utilized in the model to produce a long-run average PD estimate by region, so as to take the lower regional default rates into account. An ``economic downturn'' LGD is also calculated by the same segmentation. Therefore, in mapping from the reference data to its existing portfolio data the bank assigns the average PD and the economic downturn LGD per segment of exposures in the existing portfolio, as estimated by the models.

      Application--The bank will now apply the regression models to its existing portfolio to estimate the PD and LGD values for each segment in the first-lien mortgage portfolio. It will measure EAD for non-defaulted loans as the present outstanding balance per segment plus any accrued but unpaid interest and fees. Then it will enter the three risk parameters into the IRB mortgage formula to assess the minimum required regulatory capital for each segment.

      Example 3: PD Estimation From Dollars Defaulted and Present Portfolio Value (See Paragraph 108)

      Paragraph 101 defines PD in terms of accounts, not dollars: the number of defaulted accounts during the course of a year divided by the number of accounts open at the beginning of the year. This example discusses issues involved with methods that attempt to derive PD from dollar loss rates. If a bank chooses to derive a PD in this manner, the bank will need to consider a variety of factors to ensure that the PD estimate is an accurate reflection of the expected rate of defaults on an account basis.

    7. A credit card bank directly measures its average dollars of economic losses for each segment and uses the percentage of dollars defaulted, rather than as the percentage of loans defaulted, as the estimate of PD.

      [[Page 62772]]

      Specifically, the ratio employed is the gross loss divided by the exposure at default. The gross loss (before recovery) is directly measured on a segment of accounts over a one-year time horizon. The bank estimates exposure at default (EAD) for a segment as the current outstanding balances plus the expected drawdowns on open balances if all accounts default (including accrued but unpaid interest and fees at the time of default).

    8. The bank's risk segmentation system separates exposures by size of credit line and credit line utilization as well as by credit score. If the segmentation appropriately controls for current balances and credit lines, then it should produce accurate estimates of both PD and EAD. The bank regularly validates the accuracy of the EAD estimates and the consistency of the percentage-of-dollars- defaulted measure with the account default rate.

      Process Analysis for Example 3:

      Data--The historical reference data consist of measurements of the outstanding dollar balances and open credit lines at the beginning of the year. For accounts that defaulted over the following year the gross defaulted balances are also measured. The aggregate dollar amounts are measured for each segment.

      Estimation--The bank's dollar PD parameter is estimated as the long-run average of the one-year PDs. Each one-year PD is measured as the gross balances of defaulted loans divided by the estimated EAD. The following example illustrates why granular segmentation by balance and credit line can be important. In the first row of the following table, all loans with account PD equal to 1% are grouped together in a single segment. Using an estimatedLEQ of 0.7 derived from historical reference data, the Gross Loss / ED measure equal 1% and is equivalent to the account PD. In the second row of the table however, although all loans with account PD equal to 1% are still included in the segment, the Gross Loss/EAD measure has fallen to 0.94% and is therefore no longer an acceptable proxy for the account PD.

      Average Average

      Estimated balance credit Number Total

      Total percent Estimated

      Gross loss/ Account PD


      line per accounts in outstanding undrawn drawdown EAD Gross loss EAD account account segment balance lines





      2,000 $450,000 $750,000

      70% $975,000 $9,750

      1.0% 1.0%...............................



      2,000 $570,000 $950,000

      70% $1,235,000 $11,550


      The reason for this discrepancy can be found in the granularity of the bank's segmentation process. By grouping together all loans with account PD equal to 1%, the bank is combining loans with significantly different average balances per account and average credit lines. They are also using an estimate for LEQ (0.7) based on historical data for particular portfolios of loans with PD equal to 1% that is not accurate for portfolios with different distributions of loans by outstanding balances and credit lines.

      This can be seen by looking at a finer segmentation of the portfolios. In the table below, the segment from the top row in the previous table is divided more finely, by average balance and credit line. The historically estimated LEQs differ significantly between the segments, and the 0.7 LEQ in the previous table represents a weighted average of the two different segment values. Because the LEQ estimate is the weighted average of the two segment LEQs, then as long as the distribution of accounts between the two segments remains steady the Gross Loss/EAD measure shown in the first table equals 1% and is equivalent to the account PD.

      Average Average

      Estimated balance credit Number Total

      Total percent Estimated

      Gross loss/ Account PD


      line per accounts in outstanding undrawn drawdown EAD Gross loss EAD account account segment balance lines





      1,000 $150,000 $250,000

      90% $375,000 $3,750

      1.0% 1.0%...............................



      1,000 $300,000 $500,000

      60% $600,000 $6,000


      Weighted Aggregated 1% PD Segment

      Average LEQ




      2,000 $450,000 $750,000

      70% $975,000 $9,750


      In the next table, the larger segment (from the second row in the first table above) is divided into two finer segments in the same manner as previously. In fact, the average balances, average lines, and LEQs are all the same as in the previous case. The only change is in the proportion of accounts in each segment. However, by using the LEQ of 0.7 derived from the coarser segmentation, the bank estimated Gross Loss/EAD as 0.94 in the second row of the first table. The finer, more accurate, weighted LEQ of 0.62 produces a Gross Loss/EAD measure of 1.0%, equivalent to the account PD.

      Segmentation by PD, Balance and Credit Line

      Estimated Average Average Number Total

      Total percent Estimated

      Gross loss/ Account PD

      balance per credit line accounts in outstanding undrawn drawdown EAD Gross loss EAD account per account segment balance lines





      200 $30,000 $50,000

      90% $75,000


      1.0% 1.0%...............................



      1,800 $540,000 $900,000

      60% $1,080,000 $10,800


      Weighted Aggregated 1% PD Segment

      Average LEQ




      2,000 $570,000 $950,000

      62% $1,155,000 $11,500


      [[Page 62773]]

      Thus we see that, with the proper segmentation criteria and sufficiently granular segmentation, the Gross Dollar Loss/EAD measure can produce a PD that is equivalent to the correct account PD. If a bank were to use the coarser segmentation shown in the first table (i.e., all accounts with account PD=1), the bank would have to carefully monitor the changes in distribution of accounts within this broader segment and update the weighted average LEQ on a timely basis. Given how rapidly portfolio composition can change in credit card markets, this may be a challenging task.

      Note: Another method of calculating the PD from dollar measurements used at some institutions is to estimate the PD for a segment as the accumulated gross losses at the end of a one-year period divided by the outstanding balances at the beginning of the year. This does not provide an estimate equivalent to an account default rate if initial balances on accounts that eventually default are significantly different from those that do not default, which is generally the case. Consider the examples in the following table. (For simplicity, these examples assume there is no amortization of principal over the year.)

      Average Average Number

      Total beginning beginning

      Gross Losses/ Number total defaulted Account PD beginning balance non- balance Total gross beginning accounts accounts

      outstanding defaulted defaulted losses outstanding balances accounts accounts




      2.0% $1,000,000


      $750 $15,000

      1.5% 1000


      2.0% $1,000,000


      $1,250 $25,000


      As shown in the table, if balances on accounts that default are higher than balances on those that do not (which is the more common situation), then the Gross Losses/Outstanding Balances measure will overestimate PD. Conversely, if defaulted accounts have lower balances, the Gross Loss/Outstanding Balances measure will underestimate PD.

      Mapping--To develop a risk segmentation system that produces homogeneous and stable segments, the bank identifies the drivers of both default risk and drawdowns and then segments by these drivers. The mapping would involve linking segments in the reference data to segments in the present portfolio using the same risk segmentation system. However, during recessionary periods, the bank monitors changes in the market and economic environment that could change the relationships between default risk and drawdowns and the underlying drivers of these risks. If there were systematic changes, then the risk segmentation system would need to be updated.

      Application--The application is generally a straightforward, direct application of estimates from segments in the reference data to segments in the existing portfolio. Estimates would be adjusted if the default risk were expected to change systematically from previous periods, for example, because of a trend toward higher credit lines.

      Example 4: PD Quantification With Adjustments for Seasoning (See Paragraphs 109-112)

    9. PDs for a bank's credit card portfolio exhibit a characteristic time profile by age--a seasoning curve. As a result of the bank's analyses, the shape of this seasoning curve has been established by specific products and borrower credit quality at origination utilizing data from vintages over the last five years. The bank regularly analyzes new vintages to capture changes in the characteristic time profile of PDs over changing economic and market environments. Systematic changes are incorporated into new seasoning curves.

    10. The risk segmentation system criteria for seasoned and unseasoned loans include updated account age, or ``time on books.''

    11. For unseasoned loans, if seasoning effects are material, the PD is estimated as an annualized cumulative default rate over the remaining expected life of the loans. For seasoned loans the PD should simply be measured as a long-run average of the one-year- ahead PDs.

      Process Analysis for Example 4:

      Data--The main reference data consists of five years (or more) of portfolio history. Segments are defined by updated borrower, product, and loan characteristics including account age. Supplemental reference data consist of vintage analyses of similar products originated within the same time period, providing seasoning curves specific to borrower credit quality at origination, product, and loan type. Given the level of the annualized default rate observed in the early history of a cohort, the historical seasoning curves should indicate the trend that PDs follow over the remaining expected life of the loans.

      The bank presents analyses indicating that the seasoning curve can be reasonably specified by borrower credit quality at origination and carefully monitors new cohorts for any deviation of the time profile of one-year PDs from the corresponding seasoning curve.

      Estimation--For seasoned loans, a long-run average PD is calculated for each segment by updated borrower, product, and loan characteristics, including loan age. For unseasoned loans, the PD is the estimated annualized cumulative default rate over the remaining expected life of the loans.

      Mapping--The risk segmentation system of the present portfolio is the same as that employed for the reference data. This makes the mapping straightforward along the lines of refreshed borrower credit quality. However, the bank should ensure while mapping that the product characteristics in the reference data are mapped to equivalent product characteristics in the present portfolio.

      Application--At the application stage, the long-run PD estimated from the reference data may simply be applied to the matching segments in the existing portfolio.

      Appendix B: Technical Examples

      Example 1 From General Standards (See Paragraph 91 and Standard RS- 13)

      The following example illustrates one possible solution when sufficient internal historical data is not available for an entire portfolio. The bank may be able to identify sub-samples within its portfolio that experienced increased default rates during the available length of history, even though the aggregate portfolio may not have realized such a trend. For example, data may be available from local or regional recessions in New England (late 1980s and 1990-1995), Texas (1983-1989), or California (1991-1995). The bank must be able to demonstrate that the drivers of high default rates in these regional recessions can be extrapolated to the entire portfolio as well as justify and document any resulting adjustments that would be necessary in the mapping and application stages.

      Example 2 From General Standards (See Paragraphs 93 and 130 and Standard RS-14)

      At least two common types of mapping challenges may arise in regard to PD, LGD, and/or EAD quantification:

    12. First, even if similarly named characteristics are available in the reference data and portfolio data, they may not be directly comparable. For example, in a portfolio of auto loans, the particular types of auto loans (for example, new or used, direct or indirect) may vary from one application to another. Hence, a bank should ensure that linked characteristics are truly similar. Although adjustments to enhance comparability can be appropriate, they must be rigorously developed and documented.

    13. Second, levels of aggregation may vary. For example, the reference data may only broadly identify collateral types--say, broad categories of automakers. The bank's information systems for its portfolio might supply more detail such as auto makes and models plus the age and condition of vehicles. To apply the estimates derived from the reference data, the bank may regroup the existing portfolio in order to match broader aggregations in the reference data.

      Example 3 From the PD Estimation Standards (See Paragraph 107)

      The following examples illustrate possible PD estimation methods that might appear in bank practice and potential problems with some methods:

      [[Page 62774]]

      Example 3a: Adjustments When PDs Are Measured Over a Shorter Time Horizon and Then Annualized

      In practice the account default rate may be estimated at a monthly or quarterly rate and ``annualized'' to produce the equivalent yearly default rate. However, this annualized rate may not be accurate over a one-year horizon if the bank does not track loans that migrate within the year. For example, consider a segment with very high credit quality--call it the ``superprime'' segment. Over the year, many accounts that default have first migrated to lower credit quality segments at stages during the year. So, annualizing the quarterly default rate for the ``superprime'' portfolio would be an underestimate of the true one-year default rate. The PD should be measured from actual portfolio performance of all loans in the bucket over a full one-year horizon.

      The following example presents this issue. The quarterly transition rates between the three non-default rating classes (``superprime,'' ``prime,'' and ``subprime'') and the transition rates into default are listed below:

      Beginning of quarter





      End of Quarter:





















      A particular segment is 100% superprime at the beginning of a one-year time horizon. Over each quarter some accounts migrate into lower quality states with correspondingly higher default rates. As a result of this migration, the population distribution among the rating classes changes over each quarter. The Superprime, Prime, and Subprime columns of the following table show the changing distribution for these loans that were all superprime as of January 1. For example, at the end of the second quarter, only 88% of the surviving loans remain superprime, 9% are now prime, and 2% are subprime.

      The last column represents the cumulative default rate for these formerly Superprime loans. That is, at the end of the second quarter 0.26% will have defaulted; at the end of the third quarter, 0.49% will have defaulted, and at the end of the year, a total of 0.77% of the original all-Superprime segment will have defaulted, which is substantially higher than four times the quarterly default rate, or 0.4%.\11\

      \11\ The cumulative default rate is the sum of the defaults at the end of the previous period plus new defaults during the period just ended. The new defaults are determined as the sum of the proportions of loans in each rating category times the respective default rate for that category. For example, at the end of the second quarter, the new defaults equal the 94% of the loans that were still Superprime at the beginning of the period times the Superprime default rate of 0.1% plus the 5% of loans that had become Prime times the Prime default rate of 1%; plus the 1% of loans that had become Subprime times the Subprime default rate of 2%. This yields a default rate during the second quarter of 0.25%, which is added to the 0.1% default rate from the end of the first quarter to produce a cumulative rate of 0.26% at the end of the second quarter.




      Default Time

      (percent) (percent) (percent) (percent)

      January 1.......................................




      0 End of Quarter 1................................




      0.10 End of Quarter 2................................




      0.26 End of Quarter 3................................





      End of Quarter 4................................





      Note that this illustration assumes that the transitions from one quarter to the next are the same for each quarter throughout the year. In practice, they may vary from quarter to quarter for many reasons.

      Example 3b: Portfolio Growth and the Timing of Default Measurements

      The method and timing of the measurement of portfolio growth and defaulted accounts for a pool can also bias the PD estimates. Defaulted accounts would be measured at year-end and should not include accounts opened within the year. The total number of accounts should be measured at the beginning of the year. When the total number of accounts is measured concurrently with the number of defaulted accounts, if the total pool size increases (decreases) substantially over the one-year observation period, the PD could be underestimated (overestimated) substantially.

      In the following example, the portfolio shows four alternative growth rates over one year: (1) The portfolio shrinks by 5 percent, (2) the portfolio shrinks by 10 percent, (3) the portfolio grows by 5 percent, or (4) the portfolio grows by 10 percent:

      The portfolio starts at the beginning of the year with 1 million accounts and $100 million in outstanding balances, or an average of $100 per account. For simplicity it is assumed that the PD and average account balance remain constant over the year while the number of accounts changes.

      Total portfolio accounts


      PD front PD from end of Annual portfolio growth rate -------------------------------- defaulted by start of year year portfolio Start of year End of year end of year portfolio (percent)

      -5%............................. 1,000,000




      2.1 -10%............................ 1,000,000




      2.2 5%.............................. 1,000,000 1,050,000



      1.9 10%............................. 1,000,000 1,100,000




      Note: It is assumed that all 20,000 defaults that occurred during the year were accounts that were part of the portfolio on January 1. The Other Retail risk weight curve was used for this example, and LGD is assumed to be 90% in all four cases.

      [[Page 62775]]

      This example shows clearly how the use of the end-of-year portfolio size, rather than the number of accounts that were open at the beginning of the year, produces significant misestimation of PD, which should equal 2.0% in all four cases.

      Example 4 From the PD Estimation Standards (See Paragraph 102)

      A bank uses the last five years of internal default history to estimate a long-run average PD for each pool of retail exposures. However, it recognizes that the internal experience does not include any years of portfolio stress. To remedy this and still take advantage of its experience, the bank uses external loss data to adjust the PD estimates upward in the years of economic downturn or systematic economic stress. (An example of an external data source would be historical mortgage default data purchased from a vendor.). Using the external data, the bank creates an index by calculating the ratio between each year's mortgage default rate per pool and the long-run average rate per pool of exposures over the last five years, both from the external data. The bank assumes that the relationship observed in the external data applies to its own mortgage portfolio, and it uses the index to adjust the estimates for the internal data accordingly. If the bank rigorously validates, justifies, and documents these adjustments, it would satisfy the standard.

      Example 5 From the LGD Estimation Standards (See Paragraphs 127- 129)

      A bank determines that a business unit forms a homogeneous pool for the purposes of estimating loss severity. That is, although the loans in this pool may differ in some respects, the bank determines that they share a similar loss experience in default. The bank must provide reasonable support for its claim through an analysis of lending practices and available internal data. If it does so convincingly, a common pool across a business unit is consistent with the standard.

      Example 6 From the LGD Estimation Section (See Paragraphs 127-129)

      A bank divides observed defaults in the reference pool according to geographic region and loan-to-value in a mortgage portfolio. One of the pools has too few observations to produce a reliable estimate. By augmenting the loss data in this pool with data from other pools (for example, neighboring geographic regions with the same LTV), the bank calculates an estimate of the severity. The bank must validate, justify, and document the accuracy of this proxy value.

      In another example, a bank segments its default data in a credit card business unit by a number of borrower, loan, and product characteristics. Although the available internal historical evidence indicates a higher LGD, the bank judgmentally assigns a loss severity of 70 percent to a particular prime pool. The bank justifies this reduction in the LGD by claiming that it will do a better job of following policies for monitoring credit card performance in the future, for example, repricing accounts to generate more income and monitoring lines for problem accounts. Such an LGD adjustment is not appropriate because it is based on anticipated future performance rather than realized performance.

      Example 7 From the LGD Estimation Standards (See Paragraphs 127- 129)

      Timing of Defaults and Recoveries.

      A bank measures recovery rates over time for a business line by loan characteristics. The recoveries are measured as an aggregate stream of cash inflows monthly or quarterly from all defaulted loans on book and not based on recoveries from a fixed group of defaulted loans. Collection costs are assessed as a proportion of the defaulted balances. Therefore loss severity rates are measured in the aggregate as:


      where all dollar values are measured concurrently.

      If defaulted balances are approximately constant over time, this method does not create any problems. However, when defaulted balances change over time, the bank should adjust for changes in the volume of defaulted accounts, since the use of recoveries from a prior group of defaulted accounts could underestimate the loss severity when aggregate defaulted balances were higher in a previous period, and overestimate them when defaulted balances were lower in a previous period.

      The following example demonstrates how the loss severity can be underestimated during periods of decreased defaulted balances when the loss severity is measured as the present defaulted balances minus recoveries from the previous period's defaulted balances (using a fixed 30 percent recovery rate) divided by the current period's defaulted balances.\*\


      $Recoveries 30% Measured loss Portfolio balances (EAD)

      default Defaulted net discounted severity (True rate balances recovery rate LGD = 70%)

      $1,000,000............................................ 2.00% $20,000


      70% 1,000,000.............................................

      1.80 18,000


      67 1,000,000.............................................

      1.60 16,000


      66 1,000,000.............................................

      1.20 12,000



      [[Page 62776]]

      Thus, while an accurate measure of LGD would remain constant at 70% over the entire four-year period, this example shows how the use of the current year's defaulted balances, during a period when these balances are trending downward, leads to underestimates of LGD that grow more significant each year.

      Example 8: The Effect of the Purchase Discount on EAD and LGD (see paragraph 138)

      Suppose a bank buys a QRE portfolio at a 5 percent discount. Assuming that PD and recoveries remain unchanged, EAD and LGD both change because of the discount. The discount does not act as a reserve against EL or as a capital offset against UL. For the purchasing bank, the newly purchased portfolio is initially put on the books (EAD) at the discounted price the bank paid. The EL and UL numbers would change from those of a portfolio bought or originated at par as follows:

      Recoveries..................................................... $50 Asset face value............................................... 100 Asset correlation..............................................

      4 PD.............................................................


      No discount 5% discount



      $95 Loss = EAD -recovery........................


      45 LGD = Loss/EAD..............................


      47.4 EL = PD x LGD x EAD.........................


      2.25 UL (capital) per $ of EAD...................


      4.61 IRB capital = UL per $ x EAD................



      List of Acronyms

      ALLL Allowance for loan and lease loss

      EAD Exposure at default

      EL Expected loss

      FFIEC Federal Financial Institutions Examination Council

      GAAP Generally Accepted Accounting Principles

      HELOC Home Equity Line of Credit

      IRB Advanced internal ratings-based approach (Basel II)

      K Unexpected loss capital requirement

      LEQ Loan equivalent exposure

      LGD Loss given default

      LTV Loan-to-value ratio

      MIS Management Information Systems

      PD Probability of default

      PMI Private Mortgage Insurance

      QIS Quantitative Impact Study

      QRE Qualifying revolving retail exposures

      R Asset value correlation (AVC)

      RS Retail Standard

      RWA Risk-weighted assets

      UL Unexpected loss

      Dated: October 15, 2004. Julie L. Williams, Acting Comptroller of the Currency.

      By order of the Board of Governors of the Federal Reserve System.

      Dated: October 15, 2004. Jennifer J. Johnson, Secretary of the Board.

      By order of the Board of Directors.

      Dated at Washington, DC, this day of October 18, 2004. Robert E. Feldman, Executive Secretary.

      By the Office of Thrift Supervision.

      Dated: October 14, 2004. James T. Gilleran, Director.

      [FR Doc. 04-23771 Filed 10-26-04; 8:45 am]

      BILLING CODE 4810-33-P