On July 5, 2011, the FDIC, FRB, OCC and OTS (collectively the “Agencies”) jointly issued guidance (the “Guidance”) to clarify supervisory expectations and sound practices for an effective counterparty credit risk (“CCR”) management framework. The Guidance discusses board and senior management responsibilities, management reporting, risk management and risk measurement. The Guidance is intended for banking organizations with large derivatives portfolios and not for banks with less than $1 billion in assets with limited derivative exposure, especially noncomplex exposures that are typical for community banks.
The Guidance notes that CCR is a multidimensional form of risk, affected by both the exposure to and credit quality of a counterparty. The Agencies state that the financial crisis of 2007-2009 revealed weaknesses in many CCR policies, such as their timeliness and exposure aggregation capabilities and inadequate measurement of correlation risks. To address these weaknesses the Guidance emphasizes several areas where banking organizations can improve monitoring and management of counterparty exposure limits and concentration risks.
The Guidance emphasizes that CCR policy and risk tolerance must first be clearly articulated by the board of directors or a board-level committee. This articulation should create a framework for establishing exposure limits and concentrations. Senior management must be responsible for implementing a risk measurement and management framework consistent with the banking organization’s risk tolerance. At a minimum, the Agencies state, the guidelines should outline CCR management standards that conform to the Guidance and policies should contain a detailed, clear escalation process for review and approval of policy exceptions.
The Guidance also stresses that banking organizations should have a management reporting structure that includes concentration analysis and CCR stress testing results. Senior management needs to have access to appropriate CCR reporting metrics that assess significant issues related to risk management, which they should review monthly. The Guidance states that risk management functions need to have full independence from CCR related trading operations, adequate resources, and sufficient authority.
Banking organizations should employ a range of risk metrics to judge their various CCR exposures. The Guidance suggests several areas of CCR exposure that should be measured and assessed. The Guidance additionally provides aggregation principles for sound CCR policies. Moreover, the Agencies state, management needs to identify, quantify, and monitor CCR concentrations in several areas. The Guidance also provides standards for stress-testing frameworks, credit valuation adjustments, wrong-way risk, and systems infrastructure.
The Agencies note that banking organizations need to impose formalized policies and procedures which place meaningful limits on exposures as part of a CCR management framework. The Guidance provides criteria for a sound limit system and review of exceptions. Banking organizations also must ensure adequate margin and collateral “haircut” guidelines, as set forth in the Guidance. Moreover, the Guidance provides criteria for validating CCR models, creating close-out policies, and managing legal risk. Finally, the Agencies state that the Guidance is not “all-inclusive” and that banking organizations should incorporate industry best practices into their policies.