The New Framework for Large Exposure Management
Banking Exposure Limits Rules
The new supervisory framework for measuring and controlling large exposures was published by the Basel Committee on Banking Supervision ("BCBS") in 2014.1 In response, the local Hong Kong SAR version of the BCBS framework, the Banking (Exposure Limits) Rules (“BELR”), has been finalised and came into effect starting from 1 July 2019. To allow extra time for Authorized Institutions ("AIs") to comprehend their system and processes for compliance, the HKMA has given a six-month grace period which ends December 2019 regarding the updated rules on single counterparty (or group of linked counterparties) and connected party exposures limits.
With less than two months' time till the end of grace period, all AIs now should grasp the time to review and assess their risk management and reporting practice, in order to address in the remaining gaps against the relevant requirements. In addition, the new return MA(BS)28 for large exposure reporting, which supersedes the old MA(BS)1D, will be in place for the new reporting position at the end of March 2020. This may pose a challenge for AIs and stretch the limits of their resources.
Important Highlights of the Updates
BELR Part 7 introduced the new concept of Economic Dependence ("ED"), which aims to capture and control AIs' exposures to an inter-related group of borrowers more appropriately. It may require AIs to take additional efforts in conducting internal credit review assessment, as AIs will now be required to assess the economic/ business relationships between counterparties, in addition to the existing rules regarding controlling interest factor. This new requirement will necessitate that AIs redesign their client KYC and assessment processes, while also assessing the impact of the grouping logic ex post.
The exposure measurement calculation has also been adjusted. It is now more aligned with the approach under the Banking Capital Rules - in which recognised Credit Risk Mitigation ("CRM") introduced in BCBS framework is allowed. Moreover, the new updates also require AIs to follow a risk transfer mechanism where the amount of CRM protected exposure shall be counted as exposure to the collateral issuer or guarantee provider. Besides, AIs will need to assess the impact resulting from the change of scope for exempted exposures. In particular, some AIs might have specific concerns over the removal of the exemption for interbank exposures (except intraday exposures) as it could lead to a surge in exposures to their bank counterparties.
Although many AIs have completed or almost completed the changes needed to ensure compliance, some (especially overseas incorporated AIs / Branches) may still struggle to interpret the new rules and design the new processes needed to ensure a smooth transition and full compliance before the end of the grace period. Common challenges include:
- Grouping of Linked Counterparties
- Exposure Calculation and Reporting
- Limit Control
Grouping of Linked Counterparties
The HKMA has issued an additional code of practice2 to give more nuanced guidance regarding the logic for identifying and capturing ED between counterparties. As a good starting point, AIs will need to spend significant resources to examine and enhance their current KYC and client assessment processes to ensure that the ED relationship can be captured and recorded adequately, and to define the scope of the appropriate information to be collected. An enhancement of the KYC and client assessment process can include actions like developing new checklists and questionnaires as well as training relevant staff in their use.
The storage and treatment of the collected ED information are as important as the above process enhancement. AIs may want to use this new BELR initiative as an opportunity to revisit their current database / customer information storage, and explore opportunities to automate the grouping processes, thereby reducing the possibility of manual error in grouping.
Exposure Calculation and Reporting
AIs may find sourcing the correct data and adopting a risk transfer mechanism for CRM covered exposure challenging. This may be especially difficult for category A AIs for which a broader range of collateral is considered. Another challenge may be fragmented data sources on customer, exposure, and collateral as it hinders the efficient consolidation and aggregation necessary for monitoring the exposure limits and reporting the new MA(BS)28 return. In particular, AIs with considerable exposures to investment structures should be aware of the effort required when adopting the Look-through approach in assigning exposures for the underlying assets.
Even with the right data, AIs may continue to struggle to streamline their processes to automate the calculation and reporting of exposures. Unless appropriate action is taken, manual processes or workarounds could be introduced, which can make the final exposure calculation vulnerable to human error.
Under the BELR updates, AIs may need to be more careful before granting new credit limits – this is especially the case as the new ED relationship can potentially expand the size of a LC group and lead to breach of the group limit. The risk transfer mechanism per CRM could also result in certain protection providers bearing too much indirect exposure, leaving little room for the front office to acquire more business. This requires careful consideration when assigning and executing limit control on counterparties across different business or risk managers.
Due to the removal of the exemption for interbank exposures, AIs now need to take into consideration the exposure incurred from certain treasury related activities (e.g. interbank placement), which are more volatile in nature. It may be challenging to set internal limits for different business units which serve bank and non-bank counterparties separately and to monitor the changing exposure from a bank-wide perspective accurately.
With the end of the grace period approaching, AIs must properly assess the progress of their BELR implementation and bring in sufficient resources to achieve the full compliance target. It will require bank-wide collaboration between departments such as Risk, Finance, Front Lines, IT, Compliance etc. Below summarise some key actions that AIs should take before the end of grace period:
- Prioritise the grouping of LC after considering the exposure size
- Assess the readiness of exposure calculation under new set of requirements
- Revisit the current set of limit, including limits to bank counterparties
- Investigate system enhancement or automation opportunities for reporting of MA(BS)28
Meeting these requirements may pose different kinds of challenges to different organisations. Deloitte can help you chart a path that is most suited to your organisation specific needs.