©2003 Firm Name/Legal Entity

While preparing for Basel II implementation...

Maciej MajewskiPartnerDeloitte & Touche Sp. z o.o.

20 października 2004 roku

What Credit Risk Officer should be aware of?

On 26 June 2004 the Basel Committee, after many consultations and analyses, presented the final version of the New Capital Accord.

It is aimed at maintaining the current level of the capital (Pillar I) in the system, with simultaneous consideration of:

1. The better approach to the evaluation of the credit risk (e.g. use of internal ratings-based methods);

2. The operational risk (NCA introduces capital requirements with respect to this risk);

3. Importance of the control exercised by the regulator (Pillar II) and provision of appropriate information on the risk management methods to external recipients (Pillar III).

The Committee has no formal power with respect to supervisions responsible for setting up local regulations but most of them (Group of Ten countries, EU countries, etc.) have already decided to implement Basel II. For implementation in the European Union, this will require a new Capital Adequacy Directive, CAD3 (starting December 2006), to overwrite the existing rules and to extend the scope of the new Basel regime to all credit institutions and investment firms.

20062004 2005 2007 2008 2009 2010 2011

Transition1

2012

Are you aware of a limited time left in order to meet Basel II implementation requirements?

Earliest date for

Foundation IRB

Data set with 5 years

of history (PD) and IRB retail (PD/LGD/EAD)

Data set with 7 years of history

(PD,LGD, EAD) – IRB advanced

non-retail

Op

era

tion

al ri

sk

Cre

dit

ris

k

Systemsin place and

operating for Basic,

Standard and AMA

approaches

5 years of data

required for AMA

Transition

3 years data required for Advanced Measurement Approaches

2 years of data required for IRB before entering transition period

The timetable for implementing the IRB approaches for credit and operational risk capital is tight given the amount of work that still needs to be undertaken:

Key:

1. Transition: During the transition period the data requirements for the IRB and AMA approaches will be relaxed. This is conditional on banks making steady progress during this period.

PD – Probability of Default

LGD – Loss Given Default

EAD – Exposure at Default

At the end of 2005 Bank will have to start calculating capital requirement

using IRB approach and current Accord

Use credit scoring (rating) system for 3 years before

the transition process

Have you checked your compliance with Basel II requirements in the area of Credit Risk?

1. Does your segmentation and methodologies allow for proper risk identification?

2. Does your organizational structure reflect proper Credit Risk Management functions?

3. Have you introduced a default definition?

4. Do you perform PD/LGD/EAD/ estimations?

5. Are you able to satisfy the supervisor that your credit risk assessment model / procedure has a good predictive power and that regulatory capital requirements will not be distorted as a result of its use?

6. Do you have detailed review procedures to ensure your systems and controls are adequate to serve as the basis for the IRB approach?

7. Are you also aware that for the duration of non compliance, supervisors may require to hold additional capital under Pillar 2?

Compliance

Gap Analysis

Have you checked your compliance with Basel II requirements in the area of Operational Risk?

1. Have you identified and defined operational risk in your organisation?

2. Have you developed operational risk management strategy and set up organizational structure that reflects proper Operational Risk Management functions?

3. Does your segmentation allow for proper identification of operational risk categories and can you map Bank’s business and gross income to business lines defined by Basel II?

4. Do you apply adequate risk quantification methods and management tools?

5. Do you have in place operational risk measurement system and capital calculator?

6. Have you ensured proper operational risk mitigation tool?

7. Have you implied operational risk limits and thresholds?

Compliance

Gap Analysis

Are you able to evidence your compliance with the minimum standards in the following area?

IT solutions

supporting credit

process

Default definition

Minimum number of borrower

rating grades

Independent credit

risk control unit

Basic indicator,

standardised method,

AMA

PD estimation

sCapital

calculation engine

Internal rating system

Operating proceduresManageme

nt oversight

of the rating

process

Quantification

techniques: KRI,

scorecard, self-

assessment

Segmentation by asset

classes

EAD, M calculation

Group approach/ business

lines

RORAC

Collateral Management

RAROC,

Responsibilities of

parties that rate

borrowers and

facilities

Operational risk

definition, segmentati

on, categories

Haircuts

Do you realize the complexity in closing of any identified gap?

Independent credit risk

control unit

Does your Independent credit risk control unit cover the following responsibilities?

• Testing and monitoring of credit assessment models in order to improve their performance; therefore, emphasis is to be placed on default cases which should be examined thoroughly before and after the event of default (in non-retail customers). The testing and monitoring will help detect the models’ weaknesses;

• Preparation and analysis of summary reports from the Bank’s rating system which should include historical default data sorted by rating at the time of default and one year prior to default, grade

migration analyses and the monitoring of trends in key rating criteria;

• Implementing procedures which would verify whether the rating definitions are consistently applied across departments and geographic areas;

• Reviewing and documenting any changes to the rating process, including the rationale for the changes;

• Reviewing/documenting the rating criteria or individual rating parameters in order to evaluate whether they remain predictive of risk; and

• Supervising any models used in the rating process.

Are you aware of costs scale and structure related to Basel II requirements implementation?

Other costs40%

IT costs60%

Credit risk85%

Operational risk15%

A significant portion of outlays is assigned for investments related to credit risk. Operational risk investments account for only 15%.A significant portion of outlays is assigned for investments related to credit risk. Operational risk investments account for only 15%.

Do you realise what are your benefits from Basel II implementation?

You manage your

Bank

in accordance with

Best Practi

ce

You are

well evaluated by

external rating

agencies

You are recognized

by

your customers

and investors

Your local and

international regulators

have appreciatio

n for your effort

Your capital

level

is adequate

to

the level of

bared riskShareholder Value

We can help you!

Services for Banks related to the Basel II requirements:

• Costs and benefits analysis of implementing various Basel II approaches.

• Assessment of readiness for implementation of Pillar I requirements – for all approaches to credit risk operational risk and market risk.

• Assessment of Pillar II and Pillar III compliance.

• Assessment of data availability in information systems for selected approaches to credit, operational and market risks.

• Development and implementation of strategy to close gaps in the area of credit, operational and market risk management.

• Development and implementation of Basel II solutions: e.g. proper scoring/rating methodologies, calculation packs for PD, LGD and EAD, operation risk management tools - loss database, KRI (key risk indicators), process maps, risk maps, self-assessment processes.

• IT systems for Basel II selection and implementation support.

Other services for Banks related to the Basel II:

• Credit risk management organizational structure design.

• Credit and collection processes reengineering.

• Design of operational risk management organizational structure, including description of roles and responsibilities.

• Development of operational risk management strategy.

• Design and implementation of unexpected losses (economic capital) and expected losses calculations covering all risk types, i.e. credit, operational and market risk.

• Design and implementation of the strategy/financial planning process based on RAROC and EVA concepts (including FTP and ABC methodologies).

• Selection and implementation of IT infrastructure supporting calculation and reporting of risk-based profitability.

Member ofDeloitte Touche TohmatsuDeloitte & Touche Sp. z o.o.