Updated 25/12/2024
In force

Initial Legal Act
Amendments
Search within this legal act

Article 23 - General

Article 23

General

1.   In order to assess the institution’s compliance with the requirements regarding the assignment of obligors or exposures to grades or pools laid down in Articles 169, 171, 172 and 173 of Regulation (EU) No 575/2013, competent authorities shall verify both of the following:

(a)

the adequacy of the definitions, processes and criteria used by the institution for assigning or reviewing the assignment of exposures to grades or pools, including the treatment of overrides, in accordance with Article 24;

(b)

the integrity of the assignment process as referred to in Article 173 of Regulation (EU) No 575/2013, including the independence of the assignment process, as well as the reviews of the assignment, in accordance with Article 25.

2.   For the purposes of the verification under paragraph 1, competent authorities shall apply all of the following methods:

(a)

review the institution’s relevant internal policies and procedures;

(b)

review the roles and responsibilities of units responsible for origination and renewal of exposures and units responsible for the assignment of exposures to grades or pools;

(c)

review the relevant minutes of the institution’s internal bodies, including the management body, or committees;

(d)

review the institution’s internal reports regarding the performance of the assignment process;

(e)

review the relevant findings of the internal audit or of other control functions of the institution;

(f)

review the progress reports on the efforts made by the institution to correct shortcomings in the assignment or the review process and to mitigate risks detected during audits;

(g)

obtain written statements from or interview the relevant staff and senior management of the institution;

(h)

review the criteria used by the personnel responsible for human judgement in the assignment of exposures to grades or pools.

3.   For the purposes of the verification under paragraph 1, competent authorities may also apply any of the following additional methods:

(a)

review the functional documentation of the relevant IT systems;

(b)

conduct sample testing and review documents relating to the characteristics of an obligor and to the origination and maintenance of the exposures;

(c)

perform their own tests on the data of the institution or require the institution to perform specific tests;

(d)

review other relevant documents of the institution.