Credit risk management systems and controls for insurers

Part

SYSC Senior Management Arrangements, Systems and Controls sourcebook

Chapter

Credit risk management systems and controls for insurers

Printed on: 15/10/2024

Rulebook at: 01/07/2009

SYSC 15

Credit risk management systems and controls for insurers

SYSC 15.1

Application

31/12/2006

SYSC 15.1.1

SYSC 15.1 applies to an insurer unless it is:

(1) a non-directive friendly society; or
(2) an incoming EEA firm; or
(3) an incoming Treaty firm.

31/12/2006

SYSC 15.1.2

SYSC 15.1 applies to:

(1) an EEA-deposit insurer; and
(2) a Swiss general insurer;

only in respect of the activities of the firm carried on from a branch in the United Kingdom.

31/12/2006

SYSC 15.1.2A

This section does not apply to an incoming ECA provider acting as such.

01/11/2007

Purpose

SYSC 15.1.3

This section provides guidance on how to interpret SYSC 14 insofar as it relates to the management of credit risk.

31/12/2006

SYSC 15.1.4

Credit risk is incurred whenever a firm is exposed to loss if another party fails to perform its financial obligations to the firm, including failing to perform them in a timely manner. It arises from both on and off balance sheet items. For contracts for traded financial instruments, for example the purchase and sale of securities or over the counter derivatives, risks may arise if the firm's counterparty does not honour its side of the contract. This constitutes counterparty risk, which can be considered a subset of credit risk. Another risk is issuer risk, which could potentially result in a firm losing the full price of a market instrument since default by the issuer could result in the value of its bonds or stocks falling to nil. In insurance firms, credit risk can arise from premium debtors, where cover under contracts of insurance may either commence before premiums become due or continue after their non-payment. Credit risk can also arise if a reinsurer fails to fulfil its financial obligation to repay a firm upon submission of a claim.

31/12/2006

SYSC 15.1.5

Credit risk concerns the FSA in a prudential context because inadequate systems and controls for credit risk management can create a threat to the regulatory objectives of market confidence and consumer protection by:

(1) the erosion of a firm's capital due to excessive credit losses thereby threatening its viability as a going concern;
(2) an inability of a firm to meet its own obligations to depositors, policyholders or other market counterparties due to its capital erosion.

31/12/2006

SYSC 15.1.6

Appropriate systems and controls for the management of credit risk will vary with the scale, nature and complexity of the firm's activities. Therefore the material in this section is guidance. A firm should assess the appropriateness of any particular item of guidance in the light of the scale, nature and complexity of its activities as well as its obligation as set out in Principle 3 to organise and control its affairs responsibly and effectively.

31/12/2006

Requirements

SYSC 15.1.7

High level requirements for prudential systems and controls, including those for credit risk, are set out in SYSC 14. In particular:

(1) SYSC 14.1.19R (2) requires a firm to document its policy for credit risk, including its risk appetite and how it identifies, measures, monitors and controls that risk;
(2) SYSC 14.1.19R (2) requires a firm to document its provisioning policy. Documentation should describe the systems and controls that it intends to use to ensure that the policy is correctly implemented;
(3) SYSC 14.1.18 R requires it to establish and maintain risk management systems to identify, measure, monitor and control credit risk (in accordance with its credit risk policy), and to take reasonable steps to ensure that its systems are adequate for that purpose; or
(4) in line with SYSC 14.1.11 G, the ultimate responsibility for the management of credit risk should rest with a firm's governing body. Where delegation of authority occurs the governing body and relevant senior managers should approve and periodically review systems and controls to ensure that delegated duties are being performed correctly.

31/12/2006

Credit risk policy

SYSC 15.1.8

SYSC 14.1.18 R requires a firm to establish, maintain and document a business plan and risk policies. They should provide a clear indication of the amount and nature of credit risk that the firm wishes to incur. In particular, they should cover for credit risk:

(1) how, with particular reference to its activities, the firm defines and measures credit risk;
(2) the firm's business aims in incurring credit risk including:

(a) identifying the types and sources of credit risk to which the firm wishes to be exposed (and the limits on that exposure) and those to which the firm wishes not to be exposed (and how that is to be achieved, for example how exposure is to be avoided or mitigated);
(b) specifying the level of diversification required by the firm and the firm's tolerance for risk concentrations (and the limits on those exposures and concentrations); and
(c) drawing the distinction between activities where credit risk is taken in order to achieve a return (for example, lending) and activities where credit exposure arises as a consequence of pursuing some other objective (for example, the purchase of a derivative in order to mitigate market risk);

(3) how credit risk is assessed both when credit is granted or incurred and subsequently, including how the adequacy of any security and other risk mitigation techniques is assessed;
(4) the detailed limit structure for credit risk which should:

(a) address all key risk factors, including intra-group exposures and indirect exposures (for example, exposures held by related and subsidiary undertakings);
(b) be commensurate with the volume and complexity of activity; and
(c) be consistent with the firm's business aims, historical performance, and its risk appetite;

(5) procedures for:

(a) approving new or additional exposures to counterparties;
(b) approving new products and activities that give rise to credit risk;
(c) regular risk position and performance reporting;
(d) limit exception reporting and approval; and
(e) identifying and dealing with the problem exposures caused by the failure or downgrading of a counterparty;

(6) the methods and assumptions used for the stress testing and scenario analysis required by GENPRU 1.2 (Adequacy of financial resources), including how these methods and assumptions are selected and tested; and
(7) the allocation of responsibilities for implementing the credit risk policy and for monitoring adherence to, and the effectiveness of, the policy.

31/12/2006

Counterparty assessment

SYSC 15.1.9

The firm should make a suitable assessment of the risk profile of the counterparty. The factors to be considered will vary according to both the type of credit and the counterparty being considered. This may include:

(1) the purpose of the credit, the duration of the agreement and the source of repayment;
(2) an assessment and continuous monitoring of the credit quality of the counterparty;
(3) an assessment of the claims payment record where the counterparty is a reinsurer;
(4) an assessment of the nature and amount of risk attached to the counterparty in the context of the industrial sector or geographical region or country in which it operates, as well as the potential impact on the counterparty of political, economic and market changes; and
(5) the proposed terms and conditions attached to the granting of credit, including ongoing provision of information by the counterparty, covenants attached to the facility as well as the adequacy and enforceability of collateral, security and guarantees.

31/12/2006

SYSC 15.1.10

It is important that sound and legally enforceable documentation is in place for each agreement that gives rise to credit risk as this may be called upon in the event of a default or dispute. A firm should therefore consider whether it is appropriate for an independent legal opinion to be sought on documentation used by the firm. Documentation should normally be in place before the firm enters into a contractual obligation or releases funds.

31/12/2006

SYSC 15.1.11

Where premium payments are made via brokers or intermediaries, the firm should describe how it monitors and controls its exposure to those brokers and intermediaries. In particular, the policy should identify whether the risk of default by the broker or intermediary is borne by the firm or the policyholder.

31/12/2006

SYSC 15.1.12

Any variation from the usual credit policy should be documented.

31/12/2006

SYSC 15.1.13

A firm involved in loan syndications or consortia should not rely on other parties' assessment of the credit risks involved. It will remain responsible for forming its own judgement on the appropriateness of the credit risk thereby incurred with reference to its stated credit risk policy. Similarly a firm remains responsible for assessing the credit risk associated with any insurance or reinsurance placed on its behalf by other parties.

31/12/2006

SYSC 15.1.14

Where a credit scoring approach or other counterparty assessment process is used, the firm should periodically assess the particular approach taken in the light of past and expected future counterparty performance and ensure that any statistical process is adjusted accordingly to ensure that the business written complies with the firm's risk appetite.

31/12/2006

SYSC 15.1.15

In assessing its contingent exposure to a counterparty, the firm should identify the amount which would be due from the counterparty if the value, index or other factor upon which that amount depends were to change.

31/12/2006

Credit risk measurement

SYSC 15.1.16

A firm should measure its credit risk using a robust and consistent methodology which should be described in its credit risk policy; the appropriate method of measurement will depend upon the nature of the credit product provided. The firm should consider whether the measurement methodologies should be backtested and the frequency of such backtesting.

31/12/2006

SYSC 15.1.17

A firm should also be able to measure its credit exposure across its entire portfolio or within particular categories such as exposures to particular industries, economic sectors or geographical areas.

31/12/2006

SYSC 15.1.18

Where a firm is a member of a group that is subject to consolidated reporting, the group should be able to monitor credit exposures on a consolidated basis. See SYSC 12, INSPRU 6.1 and GENPRU 3.

31/12/2006

SYSC 15.1.19

A firm should have the capability to measure its credit exposure to individual counterparties on at least a daily basis.

31/12/2006

Risk monitoring

SYSC 15.1.20

A firm should implement an effective system for monitoring its credit risk which should be described in its credit risk policy.

31/12/2006

SYSC 15.1.21

A firm should have a system of management reporting which provides clear, concise, timely and accurate credit risk reports to relevant functions within the firm. The reports could cover exceptions to the firm's credit risk policy, non-performing exposures and changes to the level of credit risk within the firm's credit portfolio. A firm should have procedures for taking appropriate action according to the information within the management reports, such as a review of counterparty limits, or of the overall credit policy.

31/12/2006

SYSC 15.1.22

Individual credit facilities and overall limits should be periodically reviewed in order to check their appropriateness for both the current circumstances of the counterparty and the firm's current internal and external economic environment. The frequency of review should be appropriate to the nature of the facility.

31/12/2006

SYSC 15.1.23

A firm should utilise appropriate stress testing and scenario analysis of credit exposures to examine the potential effects of economic or industry downturns, market events, changes in interest rates, changes in foreign exchange rates, changes in liquidity conditions and changes in levels of insurance losses where relevant.

31/12/2006

Problem exposures

SYSC 15.1.24

A firm should have systematic processes for the timely identification, management and monitoring of problem exposures. These processes should be described in the credit risk policy.

31/12/2006

SYSC 15.1.25

A firm should have adequate procedures for recovering exposures in arrears or that have had provisions made against them. A firm should allocate responsibility, either internally or externally, for its arrears management and recovery.

31/12/2006

Provisioning

SYSC 15.1.26

SYSC 14.1.19R (2) requires a firm to document its provisioning policy. A firm's provisioning policy can be maintained either as a separate document or as part of its credit risk policy.

31/12/2006

SYSC 15.1.27

At intervals that are appropriate to the nature, scale and complexity of its activities a firm should review and update its provisioning policy and associated systems.

31/12/2006

SYSC 15.1.28

In line with SYSC 15.1.6 G, the FSA recognises that the frequency with which a firm reviews its provisioning policy once it has been established will vary from firm to firm. However, the FSA expects a firm to review at least annually whether its policy remains appropriate for the business it undertakes and the economic environment in which it operates.

31/12/2006

SYSC 15.1.29

In line with SYSC 14.1.12 G, the provisioning policy referred to in SYSC 15.1.26 G must be approved by the firm's governing body or another appropriate body to which the firm's governing body has delegated this responsibility.

31/12/2006

SYSC 15.1.30

In line with SYSC 14.1.24 G, the FSA may request a firm to provide it with a copy of its current provisioning policy.

31/12/2006

SYSC 15.1.31

Provisions may be general (against the whole of a given portfolio), specific (against particular exposures identified as bad or doubtful) or both. The FSA expects contingent liabilities (for example guarantees) and anticipated losses to be recognised in accordance with accepted accounting standards at the relevant time, such as those embodied in the Financial Reporting Standards issued by the Accounting Standards Board.

31/12/2006

Risk mitigation

SYSC 15.1.32

A firm may choose to use various credit risk mitigation techniques including the taking of collateral, the use of letters of credit or guarantees, or counterparty netting agreements to manage and control their counterparty exposures. The use of such techniques does not obviate the need for thorough credit analysis and procedures. The reliance placed by a firm on risk mitigation should be described in the credit risk policy.

31/12/2006

SYSC 15.1.33

A firm should consider the legal and financial ability of a guarantor to fulfil the guarantee if called upon to do so.

31/12/2006

SYSC 15.1.34

A firm should monitor the validity and enforceability of its collateral arrangements.

31/12/2006

SYSC 15.1.35

The firm should analyse carefully the protection afforded by risk mitigants such as netting agreements or credit derivatives, to ensure that any residual risk is identified, measured, monitored and controlled.

31/12/2006

Record keeping

SYSC 15.1.36

Prudential records made under SYSC 14.1.53 R should include appropriate records of:

(1) credit exposures, including aggregations of credit exposures, as appropriate, by:

(a) groups of connected counterparties; or
(b) types of counterparty as defined, for example, by the nature or geographical location of the counterparty;

(2) credit decisions, including details of the decision and the facts or circumstances upon which it was made; and
(3) information relevant to assessing current counterparty and risk quality.

31/12/2006

SYSC 15.1.37

Credit records should be retained as long as they are needed for the purpose described in SYSC 15.1.36 G (subject to the minimum three year retention period). In particular, a firm should consider whether it is appropriate to retain information regarding counterparty history such as a record of credit events as well as a record indicating how credit decisions were taken.

31/12/2006