CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
systems” (Annex VII, Part 4, Paragraph 127). It thus appears that<br />
the two broad functions of model review and model development and<br />
selection could be performed by the same unit. A rationale for this<br />
structure could be found in the skills and experience of people who<br />
design or select models, which sometimes make them the only ones<br />
able to review and validate models. Furthermore, the separation of<br />
the two units could be burdensome, especially in smaller institutions.<br />
364. The coexistence of both functions in the same unit should not be<br />
seen as an obstacle; any potential for lack of objectivity should be<br />
offset with rigorous controls, administered by the Internal Audit, to<br />
prevent bias from affecting the rating process.<br />
3.6.1. Role of the management body<br />
Hierarchy of responsibility/level of decision<br />
365. Sound internal governance requires that the decisionmaking process<br />
be clearly stated within each institution, in terms of hierarchy and<br />
level of responsibility.<br />
· The management body (both supervisory and management<br />
functions), as the body responsible for policymaking, guidance,<br />
and monitoring of the company’s strategy, should be responsible<br />
for approving all material aspects of the overall Risk Control<br />
System.<br />
· The management body (management function) should ensure<br />
that all components of the IRB system, including controls, are<br />
functioning as intended.<br />
· The credit risk control function is ultimately responsible for proper<br />
functioning of the rating systems; it submits rating systems to<br />
the management body (management function) for approval;<br />
· The Internal Audit should provide an assessment of the overall<br />
adequacy of the internal control system and of the credit risk<br />
control function.<br />
Management body and Senior Management<br />
366. The management body, (both supervisory and management<br />
functions) should be responsible for approving all material aspects of<br />
the overall Risk Control System, including:<br />
· Risk management strategies and policies regarding the internal<br />
rating system (including all material aspects of the rating<br />
assignment and risk parameter estimation processes);<br />
· The organisational structure of the control functions;<br />
· Specifying acceptable risk (using IRB results to define the credit<br />
risk profile of the institution).<br />
Page 87 of 123