CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
effectiveness and soundness of the IRB system. The problem is how<br />
to ensure and enforce independence. A control function can generally<br />
be regarded as independent if the following conditions are met:<br />
· The staff of the control function should not have any tasks to<br />
perform that fall within the scope of the activities that the control<br />
function is assigned to monitor and control;<br />
· The control function should be organisationally separate from the<br />
activities it is assigned to monitor and control. The head of the<br />
control function should be subordinated to a person who has no<br />
responsibility for the activities that are being monitored and<br />
controlled.<br />
· The head of the control function should report directly to the<br />
management body (both supervisory and management functions)<br />
and/or the audit committee.<br />
· The remuneration of the control function staff should not be<br />
linked to the performance of the activities that the control<br />
function is assigned to monitor and control.<br />
386. There is no single way to achieve independence, but rather different<br />
options. One option is to make the CRCU depend directly on the<br />
Management body (management function). Another option could be<br />
to maintain a separation between the control functions and the<br />
commercial area/relationship managers, up to the level of the<br />
responsible member of senior management.<br />
387. Whatever option is adopted by the institution, part of the duties of<br />
Internal Audit should be to determine the ‘real’ degree of<br />
independence of the CRC function.<br />
388. A strict separation between the commercial function and the CRC<br />
unit (but not the CRC function) could have undesirable effects. For<br />
example, models developed by risk managers without the<br />
contribution of relationship managers could be rejected by the latter,<br />
or staff from the commercial lines could be tempted to force some of<br />
the model’s inputs (especially qualitative inputs) in order to ‘adjust’<br />
the model’s outcome to their assessments (affecting the use test).<br />
Consequently, staff from the credit risk control unit and commercial<br />
department should cooperate actively in the development of the<br />
model. In order to ensure the desired independence after model<br />
development is complete, the exchange of information could best be<br />
through committees.<br />
3.6.3. Role of Internal Audit<br />
389. The Internal Audit function reviews whether the institution’s control<br />
systems for internal ratings and related parameters are robust<br />
(Annex VII, Part 4, Paragraph 130). As part of its review of control<br />
mechanisms, Internal Audit will evaluate the depth, scope, and<br />
quality of the Credit Risk Control function’s work. Internal Audit will<br />
also conduct tests to ensure that Credit Risk Control function’s<br />
Page 92 of 123