CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
357. Annex VII, Part 4, Paragraphs 123 to 126 use the terms ‘board of<br />
directors’ and ‘senior management.’ The use of these terms is not<br />
intended to advocate any particular board structure, recognising that<br />
there are significant differences in legislative and regulatory<br />
frameworks across EU countries regarding the structure and<br />
functions of the management body referred to in the CRD.<br />
358. Within an institution there are two distinct functions that must be<br />
fulfilled: supervision and management. Roughly half of all EU<br />
member states have a onetier board structure in which both<br />
functions are performed within the board of directors. The<br />
supervisory function is performed by the nonexecutive directors and<br />
the management function is performed by the executive directors.<br />
The other half of EU members states have a twotier board structure.<br />
In a majority of these member states, the supervisory function is<br />
performed by the board of directors and the management function is<br />
performed by the managing director together with some key<br />
executives. (Both the managing director and the key executives are<br />
appointed by the board of directors.) This executive group, including<br />
the managing director, is usually called the ‘senior management.’<br />
359. When the term ‘management body’ is used in this paper, it is meant<br />
to encompass both onetier and twotier board structures. The<br />
guidelines always make clear which function (supervisory,<br />
management, or both) is being referred to.<br />
360. Annex VII, Part 4, Paragraph 127 refers to the ‘Credit Risk Control<br />
Unit’ (CRCU). It is useful at this point to distinguish between the<br />
organisational part and the functional part (the Credit Risk Control<br />
function) of this term. As part of the internal control function, the<br />
Credit Risk Control function should be independent from the business<br />
lines it monitors and controls. It is designed and implemented to<br />
address the risks that the institution identifies through the risk<br />
assessment process.<br />
361. Large, complex, and sophisticated institutions should establish a risk<br />
control function to monitor each of the material risks (within material<br />
business lines) to which the institution is exposed. The risk control<br />
function should report to the management body (management<br />
function) and other relevant staff.<br />
362. Although in most cases the organisational part of the CRCU and the<br />
CRC function would be identical (and consequently the CRCU would<br />
encompass only people responsible for fulfilling the Credit Risk<br />
Control function), the CRCU could, as an organisational unit,<br />
encompass both people responsible for the design of the model and<br />
people responsible for the independent review of the model.<br />
363. As far as the design of the rating models is concerned, the CRD<br />
affirms that the CRCU “shall be responsible for the design or<br />
selection, implementation, oversight and performance of the rating<br />
Page 86 of 123