Article 293
Requirements for the risk management system
1.
An institution shall comply with the following requirements:
(a)
it shall meet the qualitative requirements set out in Part Three, Title IV, Chapter 5;
(b)
it shall conduct a regular programme of back-testing, comparing the risk measures generated by the model with realised risk measures, and hypothetical changes based on static positions with realised measures;
(c)
(d)
the management body and senior management shall be involved in the risk control process and shall ensure that adequate resources are devoted to credit and counterparty credit risk control. In this regard, the daily reports prepared by the independent risk control unit established in accordance Article 287(1)(a) shall be reviewed by a level of management with sufficient seniority and authority to enforce both reductions of positions taken by individual traders and reductions in the overall risk exposure of the institution;
(e)
the internal risk measurement exposure model shall be integrated into the day-to-day risk management process of the institution;
(f)
the risk measurement system shall be used in conjunction with internal trading and exposure limits. In this regard, exposure limits shall be related to the institution's risk measurement model in a manner that is consistent over time and that is well understood by traders, the credit function and senior management;
(g)
an institution shall ensure that its risk management system is well documented. In particular, it shall maintain a documented set of internal policies, controls and procedures concerning the operation of the risk measurement system, and arrangements to ensure that those policies are complied with;
(h)
an independent review of the risk measurement system shall be carried out regularly in the institution's own internal auditing process. This review shall include both the activities of the business trading units and of the independent risk control unit. A review of the overall risk management process shall take place at regular intervals (and no less than once a year) and shall specifically address, as a minimum, all items referred to in Article 288;
(i)
the on-going validation of counterparty credit risk models, including back-testing, shall be reviewed periodically by a level of management with sufficient authority to decide the action that will be taken to address weaknesses in the models.
2.
Competent authorities shall take into account the extent to which an institution meets the requirements of paragraph 1 when setting the level of alpha, as set out in Article 284(4). Only those institutions that comply fully with those requirements shall be eligible for application of the minimum multiplication factor.
3.
An institution shall document the process for initial and on-going validation of its CCR exposure model and the calculation of the risk measures generated by the models to a level of detail that would enable a third party to recreate, respectively, the analysis and the risk measures. That documentation shall set out the frequency with which back testing analysis and any other on-going validation will be conducted, how the validation is conducted with respect to data flows and portfolios and the analyses that are used.
4.
An institution shall define criteria with which to assess its CCR exposure models and the models that input into the calculation of exposure and maintain a written policy that describes the process by which unacceptable performance will be identified and remedied.
5.
An institution shall define how representative counterparty portfolios are constructed for the purposes of validating an CCR exposure model and its risk measures.
6.
The validation of CCR exposure models and their risk measures that produce forecast distributions shall consider more than a single statistic of the forecast distribution.