Maintenance Act, 1998
R 385
Banks Act, 1990 (Act No. 94 of 1990)RegulationsRegulations relating to Banks' Financial Instrument TradingChapter 7 : Use of Internal Models25. Qualitative standards |
(1) | A bank shall use models with risk-management systems that are conceptually sound and that are implemented with integrity. The extent to which a bank meets the qualitative criteria set out in subregulation (2) may influence the level at which the Registrar will set the multiplication factor referred to in regulation 27(10). Only a bank whose model is in full compliance with the said qualitative criteria shall be eligible to apply for the minimum multiplication factor. |
(2) | The qualitative criteria are as follows: |
(a) | A bank shall operate an independent risk-control unit that is responsible for the design and implementation of the risk-management system. The risk-control unit shall produce and analyse daily reports from the output of the bank's risk-measurement model, including an evaluation of the relationship between measurements of risk exposure and trading limits. This risk-control unit shall be independent from business trading units and shall report directly to a senior manager in the bank; |
(b) | the risk-control unit shall conduct a regular back-testing programme, that is, an ex-post comparison of the risk measurement generated by the internal model against actual daily changes in portfolio value over longer periods of time, including hypothetical changes based on static positions; |
(c) | the board of directors and senior management shall be actively involved in the risk-control process and shall regard risk control as an essential aspect of the business to which significant resources shall be devoted. In this regard, the daily reports prepared by the independent risk-control unit shall be reviewed by a manager with sufficient seniority and authority to enforce both reductions of positions taken by individual traders and reductions in the bank's overall risk exposure; |
(d) | a bank's internal risk-measurement model shall be closely integrated into the day-to-day risk-management process of a bank. The output shall accordingly be an integral part of the process of planning, monitoring and controlling a bank's market risk profile; |
(e) | the risk-measurement system shall incorporate internal trading and exposure limits. In this regard, trading limits shall be related to the bank's risk-measurement model in a manner that is consistent over time and that is well understood by both traders and senior management; |
(f) | a routine and rigorous programme of stress testing shall be in place as a supplement to the risk analysis based on the day-to-day output of the bank's risk-measurement model. The results of stress testing shall be reviewed periodically by senior management and shall be reflected in the policies and limits set by management and the board of directors. When stress tests reveal particular vulnerability to a given set of circumstances, prompt steps shall be taken to manage those risks timeously and appropriately (for example, by hedging against that outcome or reducing the size of the bank's exposures); |
(g) | a bank shall have a routine procedure in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operation of the risk-measurement system. A bank's risk-measurement system shall be well documented, for example, through a risk-management manual that describes the basic principles of the risk-management system and that provides an explanation of the empirical techniques used to measure market risk; |
(h) | an independent review of the risk-measurement system shall be carried out regularly in the bank's own internal auditing process. This review shall include both the activities of the business trading units and of the independent risk-control unit. A review of the overall risk-management process shall take place at regular intervals (ideally not less than once a year) and should specifically address, as a minimum, the— |
(i) | adequacy of the documentation of the risk-management system and process; |
(ii) | organisation of the risk-control unit; |
(iii) | integration of market-risk measures into daily risk management; |
(iv) | approval process for risk-pricing models and valuation systems used by front-office and back-office personnel; |
(v) | validation of any significant change in the risk-measurement process; |
(vi) | scope of market risks captured by the risk-measurement model; |
(vii) | integrity of the management-information system; |
(viii) | accuracy and completeness of position data; |
(ix) | verification of the consistency, timeliness and reliability of data sources used to run internal models, including the independence of such data sources; |
(x) | accuracy and appropriateness of volatility and correlation assumptions; |
(xi) | accuracy of valuation of risk-transformation calculations; and |
(xii) | verification of the model's accuracy through frequent back-testing, as described in paragraph (b) above. |