The institutions shall document the design and operational details of its rating systems. The documentation shall provide evidence of compliance with the requirements in this Section, and address topics including portfolio differentiation, rating criteria, responsibilities of parties that rate obligors and exposures, frequency of assignment reviews, and management oversight of the rating process.

The institution shall document the rationale for and analysis supporting its choice of rating criteria. An institution shall document all major changes in the risk rating process, and such documentation shall support identification of changes made to the risk rating process subsequent to the last review by the competent authorities. The organisation of rating assignment including the rating assignment process and the internal control structure shall also be documented.

The institutions shall document the specific definitions of default and loss used internally and ensure consistency with the definitions set out in this Regulation.

Where the institution employs statistical models in the rating process, the institution shall document their methodologies. This material shall:

An institution shall demonstrate to the satisfaction of the competent authority that the requirements of this Article are met, where an institution has obtained a rating system, or model used within a rating system, from a third-party vendor and that vendor refuses or restricts the access of the institution to information pertaining to the methodology of that rating system or model, or underlying data used to develop that methodology or model, on the basis that such information is proprietary.