This document is an excerpt from the EUR-Lex website
Document 32024R1085
Commission Delegated Regulation (EU) 2024/1085 of 13 March 2024 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards on the assessment methodology under which competent authorities verify an institution’s compliance with the requirements to use internal models for market risk
Commission Delegated Regulation (EU) 2024/1085 of 13 March 2024 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards on the assessment methodology under which competent authorities verify an institution’s compliance with the requirements to use internal models for market risk
Commission Delegated Regulation (EU) 2024/1085 of 13 March 2024 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards on the assessment methodology under which competent authorities verify an institution’s compliance with the requirements to use internal models for market risk
C/2024/1678
OJ L, 2024/1085, 17.6.2024, ELI: http://data.europa.eu/eli/reg_del/2024/1085/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
Official Journal |
EN L series |
2024/1085 |
17.6.2024 |
COMMISSION DELEGATED REGULATION (EU) 2024/1085
of 13 March 2024
supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards on the assessment methodology under which competent authorities verify an institution’s compliance with the requirements to use internal models for market risk
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (1), and in particular Article 325az(8), first subparagraph, point (b), and third subparagraph, thereof,
Whereas:
(1) |
Institutions are only allowed to use internal models for market risk if they comply with the requirements laid down in Regulation (EU) No 575/2013. Institutions should not only comply with those requirements when they apply for permission to use those internal models, but also when they use those models, and when they apply for material extensions or changes to such internal models. It is therefore appropriate to lay down that competent authorities, when they verify whether institutions comply with those requirements, apply the same criteria and the same assessment methodology to each of those phases. However, for reasons of efficiency and to reduce administrative burdens, competent authorities, when assessing compliance by institutions that have already been granted permission to use such alternative internal models, should not be required to reassess such permission. They should rather only assess compliance with those rules that are relevant to the scope of the assessment concerned, and build, in each case, on the conclusions from previous assessments. |
(2) |
To ensure that institutions comply on a continuous basis with the requirements laid down in Regulation (EU) No 575/2013, competent authorities should evaluate the overall quality of the solutions, systems and approaches implemented by an institution, and request constant improvements and adaptations to changed circumstances. |
(3) |
To ensure harmonisation and comparability of supervisory practices across different jurisdictions, competent authorities’ assessment of whether institutions comply with the requirements laid down in Regulation (EU) No 575/2013 should comply with prescriptive assessment techniques. Competent authorities should, however, be able to take into account the nature, size and complexity of an institution’s structure and business model, the complexity of the alternative internal models, the nature of the financial products those models cover, the quality of information provided by the institution concerned, and the resources they have at their disposal. Competent authorities should therefore, when they assess whether an institution complies with the requirements laid down in Regulation (EU) No 575/2013, be granted a certain discretion, enabling them to carry out additional checks and to apply the most appropriate methods for verifying compliance with particular requirements. In addition, to enable competent authorities to conduct that assessment in a proportionate manner, and given the broad range of financial products available in trading activities, it is necessary to lay down categories of financial products of increasing level of complexity, on which competent authorities should base their assessment. |
(4) |
To ensure sufficient in-house understanding of the alternative internal model, including outsourced operations, it is necessary to lay down that, despite any outsourcing of some risk tools, IT systems, and risk management solutions, all key tasks, activities or functions related to the internal model are to be conducted by the risk control unit referred to in Article 325bi(1), point (b), of Regulation (EU) No 575/2013. For the same reasons, those rules should also require that the risk control unit implements adequate controls and performs quality and validation tests for any outsourced solution, that full documentation on those controls and test is available in all cases, and that competent authorities assess any tools and IT solutions obtained from third party vendors in a manner similar to cases where they have been fully developed via internal processes. |
(5) |
Governance and operational aspects play a central role in the proper functioning of the alternative internal model. The methodology to verify whether an institution complies with the requirements laid down in Regulation (EU) No 575/2013 (‘assessment methodology’) should therefore comprehensively assess those governance and operational aspects, including the trading desk set-up, the role of the senior management and the management body, the risk-control unit, and the independent review of the alternative internal model itself. |
(6) |
The assessment methodology relating to governance aspects should take into account that certain institutions that ask for permission to use the alternative internal model approach already obtained approval, before Regulation (EU) No 575/2013 was amended by Regulation (EU) 2019/876 of the European Parliament and of the Council (2), to use an internal model to calculate the own funds requirements for market risk. It is therefore necessary to lay down assessment rules that are similar to those laid down in the past for those aspects that were not amended by Regulation (EU) 2019/876, and to introduce new rules that cover new provisions introduced by that Regulation, including the trading desk requirements laid down in Article 104b of Regulation (EU) No 575/2013. |
(7) |
To enable competent authorities to assess compliance with the requirements for the validation and review of alternative internal models, institutions should perform the internal validation of the model at least annually. While initial validation should cover all methodologies applied throughout the internal model, it is appropriate to lay down, in consideration of staff and resources constraints, that the annual validation focuses on at least the main issues detected either in previous internal validations or previous internal audit reviews, and on any changes or new methodologies introduced in the alternative internal model. |
(8) |
Trading activities and financial markets are evolving constantly and rapidly. To enable competent authorities to take those characteristics into account when assessing whether institutions comply with the requirements laid down in Regulation (EU) No 575/2013, the assessment methodology should contain qualitative and procedural standards with regard to the formal approval by the institution of new financial instruments and products, and their introduction in the trading area. Standards for a formal new product approval policy are necessary to ensure that the introduction of new financial instruments and products, which may pose additional risk factors or require methodological changes to the internal risk measurement models, is fully compatible with the comprehensive control and validation. |
(9) |
The quality of data and the accuracy of risk estimation and of calculation of own funds requirements for market risk are highly dependent on the reliability of the IT systems used for that purpose. Equally, the continuity and consistency of the risk management processes and the calculation of own funds requirements for market risk can only be ensured where such IT systems are safe, secure, and reliable, and where the IT infrastructure is sufficiently robust. It is therefore necessary that, when assessing the market risk internal models, competent authorities also check the reliability of the institution’s IT systems and the robustness of the IT infrastructure used for the internal models. |
(10) |
One of the novelties of the new market risk framework laid down in Part Three, Title IV, Chapter 1b, of Regulation (EU) No 575/2013 is the determination of own funds requirements on the basis of expected shortfall measures. It is necessary to ensure that institutions actively monitor the accuracy of those figures. It is therefore appropriate to require institutions to directly back-test their expected shortfall measures as part of the internal back-testing programme required by Article 325bj of Regulation (EU) No 575/2013. As there is not yet an established methodology among market participants for back-testing an expected shortfall measure, no specific methodology should be prescribed, and institutions should be left free to take into account the evolution of new techniques and best practices in that regard, in line with the qualitative requirements set out in Article 325bi of that Regulation. |
(11) |
Internal-risk measurement models can only considered to be implemented with integrity, as referred to in Article 325bi(1) of Regulation (EU) No 575/2013, where all regulatory requirements are met. In addition, several building blocks of the Basel reforms in the area of market risk have been implemented in Union law by means of delegated acts, inter alia, Commission Delegated Regulation (EU) 2022/2058 (3), Commission Delegated Regulation (EU) 2022/2059 (4), Commission Delegated Regulation (EU) 2022/2060 (5), Commission Delegated Regulation (EU) 2023/1577 (6), Commission Delegated Regulation (EU) 2023/1578 (7) and Commission Delegated Regulation (EU) 2024/397 (8). It follows that competent authorities should consider whether institutions comply with the requirements laid down Regulation (EU) No 575/2013, taking into account those delegated acts. To ensure a comprehensive assessment of compliance of market risk internal models, it is necessary to specify techniques for competent authorities to assess institutions’ compliance with aspects covered both by the Regulation (EU) No 575/2013 and by those delegated regulations. For that reason, competent authorities should examine specific documentation that institutions are required to produce. |
(12) |
The back-testing and the profit and loss attribution requirements provide a solid basis for a critical monitoring of the performance of the internal-risk measurement model. It is therefore necessary to lay down assessment rules to consider the results of those tests. In relation to back-testing, it should be ensured that overshootings are critically analysed to identify potential weaknesses in the model, and that institutions monitor whether the changes in the portfolios’ values are driven by modellable or by non-modellable risk factors. Furthermore, in light of the profit and loss attribution test results, competent authorities should assess the accuracy of the pricing functions employed by the institution, as their accuracy is essential for a sound calculation of the own funds requirements. |
(13) |
In order to ensure the consistent application of the requirements laid down in Article 325bh of Regulation (EU) No 575/2013, it is necessary to further specify those requirements. Whether institutions comply with those requirements should be assessed on the basis of the broad risk factor categories referred to in Table 2 of Article 325bd of Regulation (EU) No 575/2013. It is therefore necessary, for each of those categories, to lay down how competent authorities are to assess whether basis risk is captured, and whether the treatment of curves and surfaces in the internal risk-measurement model is sound. |
(14) |
Due to the fast changing and evolving nature of financial markets, unreliable, inaccurate, incomplete, or outdated data result in errors in the risk estimation and in the calculation of own funds requirements, including in market risk models. In the context of risk management processes of an institution, such erroneous data may also lead to poor management decisions. Consequently, to ensure the reliability and high quality of data and their proper use in the internal processes and the processes for the calculation of own funds requirements, the way data are collected and stored and the procedures for such collecting and storing should be well documented, including a full description of the characteristics, quality checks, automatic filters, and specific sources of daily data. Competent authorities, when they assess market risk internal models, should therefore give particular attention to the quality and reliability of the data used for modelling purposes, and to the processes applied to ensure that such quality and reliability are maintained. |
(15) |
To ensure a correct calculation of the own funds requirements, competent authorities, when they assess the overall quality of the data, should assess whether the approach employed by the institution to proxy time series is sound. The assessment methodology should therefore verify that the requirements set out in Regulation (EU) No 575/2013 governing the usage of proxies are complied with. Where relevant, the rules laid down in that assessment methodology should differ depending on whether the time series for which a proxy has been used relates to a risk factor that passed the modellability assessment, or to a risk factor that did not. |
(16) |
In relation to the internal default risk model, and more in particular Articles 325bn, 325bo, 325bp of Regulation (EU) No 575/2013, it is necessary that the assessment methodology ensures that those risk models lead to accurate results. The rules laid down in the assessment methodology should therefore cover all aspects affecting the outcome of those models, including the scope of the positions captured by those models, the estimates of default probabilities and losses given default, the choice of systematic risk factors to simulate the default of issuers, and all modelling assumptions made by the institution, including any copula assumption made for simulating the default of multiple issuers. |
(17) |
Risks stemming from climate change and broader environmental issues are changing the risk picture for the financial sector and are expected to become even more prominent. Considering the importance of those risk drivers, competent authorities should verify that institutions consider those risk drivers in their stress testing programmes referred to in Article 325bi(1), point (g), Regulation (EU) No 575/2013. In that context, institutions have already taken steps to include environmental risks in their stress testing programmes. However, to ensure that institutions have sufficient time to fully reflect those risks in their stress testing programmes, competent authorities should assess compliance of institutions with any requirements related to climate change and broader environmental related aspects only as of 1 January 2025. Similarly, in light of the complexity of the implementation of the expected shortfall direct backtesting, institutions should be given an additional period before competent authorities assess their compliance in this area. Hence, the related date of application of the assessment should be set to start as of 1 January 2026. |
(18) |
This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Banking Authority. |
(19) |
The European Banking Authority has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Banking Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council (9), |
HAS ADOPTED THIS REGULATION:
CHAPTER 1
GENERAL PROVISIONS
Article 1
Structure of the assessment
1. When verifying an institution’s compliance with the requirements set out in Articles 325bh, 325bi, 325bn, 325bo, and 325bp of Regulation (EU) No 575/2013, competent authorities shall assess:
(a) |
the governance aspects, in accordance with Chapter 2 of this Regulation; |
(b) |
aspects relating to the internal risk-measurement model used to compute the expected shortfall measure and the stress scenario risk measure, in accordance with Chapter 3 of this Regulation; |
(c) |
aspects relating to the internal default risk model used to compute the additional own funds requirement for default risk, in accordance with Chapter 4 of this Regulation. |
For the purposes of the first subparagraph, competent authorities shall apply the principles related to proportionality in accordance with Article 2, the quality of the documentation in accordance with Article 3, and the outsourcing arrangements in accordance with Article 4.
2. A competent authority that identifies, as part of the assessment performed in accordance with this Regulation, significant deficiencies in the internal risk-measurement model in relation to some product classes in a given trading desk, or that cannot confirm that that model has a proven track record of being reasonably accurate in measuring the risks corresponding to those product classes, may do either of the following:
(a) |
require the institution to remove the positions corresponding to those product classes from that trading desk; |
(b) |
refuse to grant permission to calculate the own funds requirements in accordance with the internal model approach for that trading desk. |
3. A competent authority that comes to the conclusion that product classes in a given trading desk are booked back-to-back with those of another entity of the group that is outside the scope of the highest level of consolidation within the Union, and that such back-to-back booking hinders the competent authority to assess whether the internal risk-measurement model has a proven track record of being reasonably accurate in measuring risks corresponding to those product classes, may do either of the following:
(a) |
require the institution to remove the positions corresponding to those product classes from that trading desk; |
(b) |
refuse to grant the permission to calculate the own funds requirements in accordance with the internal model approach for that trading desk. |
4. Where the market risk of positions corresponding to some product classes is transferred to another entity of the group that is outside the scope of the highest level of consolidation within the Union, and where the effects of such a transfer de facto resemble those of positions booked back-to-back, the competent authority may apply paragraph 3.
Article 2
Proportionality – product categories and model complexities
Competent authorities shall apply the assessment methodology set out in this Regulation in a manner that is proportionate to the size and complexity of the trading activities included in the internal model, based on the following categories of financial instruments in increasing order of complexity:
(a) |
simple instruments without optionality; |
(b) |
instruments, other than those referred to in point (a), without path-dependent features, on a single underlying, including indices, with a continuous payoff in the same currency as the underlying; |
(c) |
instruments with path-dependent features, instruments on multiple underlyings, instruments with payoffs in currencies that are different to that of the underlying, and any other instruments that are not referred to in points (a) or (b). |
Article 3
Quality and auditability of documentation
Competent authorities shall verify that the documentation submitted by an institution in support of its application for permission to use an internal model for the calculation of own funds requirements for market risk is of sufficient quality and is sufficiently detailed and accurate to allow for examination by qualified third parties.
Competent authorities shall in particular verify that:
(a) |
the documentation concerned is approved at the appropriate management level of the institution with sufficient authority delegated by the management body for the purposes of internal models; |
(b) |
the institution has established policies which ensure high-quality standards for internal documentation, including internal accountability to ensure that the documentation concerned is complete, consistent, accurate, updated, approved in accordance with point (a), and secure; |
(c) |
the documentation set out in the policies referred to in point (b) provides for the identification of the type of document, the author, the reviewer, the authorising agent, the owner, the dates of development and approval, the version number, and the history of amendments; |
(d) |
the institution accurately and diligently documents the policies, procedures, and methodologies it applies pursuant to this Regulation; |
(e) |
the documentation concerned is sufficiently detailed to enable qualified third parties to understand all aspects of the internal risk-measurement model. |
Article 4
Outsourcing
1. Competent authorities shall verify that the outsourcing by an institution of any tasks, activities or functions related to the design, implementation, and validation of internal models does not prevent or hinder the application of the assessment methodology set out in this Regulation.
2. For the purposes of paragraph 1, competent authorities shall verify whether:
(a) |
tasks and responsibilities reserved for the risk control unit are not outsourced; |
(b) |
the senior management and the management body are actively involved in the supervision of any tasks outsourced by the institution, and in the acquisition of any IT risk management tool solutions from third parties; |
(c) |
the institution itself has sufficient knowledge about any outsourced tasks, activities or functions and of the structure of any data and methodologies obtained from a third party, and is able to verify the quality of the work performed by the third party to which it outsources its tasks, as well as the results of that work; |
(d) |
the internal audit and the ongoing monitoring by the institution of any outsourced tasks, activities and functions are not limited or inhibited by such outsourcing; |
(e) |
full access to all relevant information is granted to competent authorities. |
3. Competent authorities shall verify that third parties involved in the development of methodologies for assessing market risk used by the institution are not involved in the initial or ongoing internal validation of the model by the institution.
4. For the purposes of paragraphs 1, 2 and 3, competent authorities shall review the outsourcing agreement between the institution and the third party. Where appropriate, competent authorities may also:
(a) |
interview or require the submission of written statements from any of the following:
|
(b) |
review other relevant documents of the institution or the third party. |
CHAPTER 2
ASSESSMENT OF QUALITATIVE REQUIREMENTS
Article 5
Overview of the assessment of qualitative requirements
When assessing an institution’s compliance with the qualitative requirements set out in Article 325bi of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
verify whether the institution has a clear organisational structure for the governance and management of the market risk model, including well defined, transparent and appropriate lines of responsibility; |
(b) |
verify whether the decision-making process of the institution regarding all aspects of market risk internal models is clearly established in the institution’s internal documentation; |
(c) |
verify, in accordance with Article 6:
|
(d) |
verify, in accordance with Article 7, whether the set-up of the trading desks for which the institution is in the process of being granted the approval, or has already obtained the approval, is adequate; |
(e) |
assess, in accordance with Article 8, the internal governance and oversight of the institution in relation to the risk control unit; |
(f) |
assess, in accordance with Article 9, whether the internal policy is adequate for the introduction of new products; |
(g) |
verify, in accordance with Article 10, whether the internal model is reviewed independently; |
(h) |
assess:
|
(i) |
assess, in accordance with Article 13, the adequacy of the internal regular reporting; |
(j) |
assess:
|
(k) |
assess:
|
(l) |
assess, in accordance with Article 19, the adequacy of the IT systems; |
(m) |
verify, in accordance with Article 20, whether the internal risk-measurement model, including any pricing model, has a proven track record of being reasonably accurate in measuring risks, and does not differ significantly from the models that the institution uses for its internal risk management. |
For the purposes of point (a), competent authorities shall take into account the nature and size of the institution, and the scale and complexity of its activities.
Article 6
Assessment of the adequacy of the composition and role of the management body and senior management
1. When assessing the adequacy of the composition and the role of the senior management and the management body as referred to in Article 325bi(1), point (c), of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
verify whether the institution, in its documentation of the risk management system, describes:
|
(b) |
verify whether the senior management is constituted of members that represent the highest hierarchical levels below the management body, and has defined responsibility for the proper functioning of the internal model for market risk; |
(c) |
verify whether the composition of any internal committee structure established by the management body to support its decision-making is adequate, as required by paragraph 2; |
(d) |
verify whether the role of the senior management is adequate, as required by paragraph 3; |
(e) |
verify whether the role of the management body, and of the committees constituting the internal committee structure referred to in point (c), are adequate, as required by paragraph 4. |
Where an institution’s management body delegates any of its tasks to an internal committee, competent authorities shall, in the context of those delegated tasks, make the assessments required by this Regulation at the level of the internal committee designated by the management body.
2. For the purposes of paragraph 1, first subparagraph, point (c), competent authorities shall verify whether:
(a) |
for each committee of the internal committee structure, the management body has clearly set out its mandate, hierarchy, reporting lines, permanent members, frequency of meetings, and levels of responsibility; |
(b) |
the internal committee structure has a committee that assesses any new product, proposes those products to the senior management for approval, and monitors those products and whether the risk control unit, and any other function of the institution that is affected by the introduction of a new product, are represented in such committee; |
(c) |
the governance underpinning the internal committee structure allows for the effective and timely control of all internal position limits referred to in Article 325bi(1), point (b), of Regulation (EU) No 575/2013; |
(d) |
the governance underpinning the internal committee structure ensures active involvement of the management body in the risk-control process as required by Article 325bi(1), point (c), of Regulation (EU) No 575/2013; |
(e) |
as part of the internal documentation, the institution has documented all aspects referred to in point (a). |
3. For the purposes of paragraph 1, first subparagraph, point (d), competent authorities shall verify whether:
(a) |
the senior management of the institution takes appropriate corrective actions where weaknesses of the internal risk-measurement model or the internal default risk model are identified by any of the following:
|
(b) |
the senior management of the institution is informed of, and follows up on, the recommendations made by the internal audit, the risk control unit, the validation function, in relation to the internal risk-measurement model or the internal default risk model; |
(c) |
the senior management of the institution is able to ensure the overall quality of the institution’s governance of the valuation of positions included in the internal risk-measurement model or the internal default risk model. |
4. For the purposes of paragraph 1, first subparagraph, point (e), competent authorities shall verify whether the management body:
(a) |
on the basis of a proposal from the risk control unit, approves all relevant policies and procedures related to the implementation of the internal model, including the appropriate organisational structure, to ensure that the internal model is implemented with integrity; |
(b) |
on the basis of a proposal from the risk control unit and after due consideration of the conclusions and recommendations resulting from the validation process, approves the methodologies for assessing market risk applied in the internal model; |
(c) |
on the basis of an assessment from the risk control unit and after due consideration of the conclusions and recommendations resulting from the validation process, approves any new products; |
(d) |
on the basis of a proposal from the risk control unit, approves and updates the internal position limits; |
(e) |
on the basis of a proposal from the risk control unit laying down and assessing the acceptable level of risk, approves the acceptable level of risk, the internal capital allocation and the budget by trading desk; |
(f) |
adopts the approval procedure for breaches of internal position limits; |
(g) |
approves or requires corrective actions in relation to breaches of the internal position limits escalated by the risk control unit in accordance with Article 16(1), point (b); |
(h) |
on the basis of a proposal from the risk control unit:
|
Article 7
Assessment of whether trading desks comply with Article 104b of Regulation (EU) No 575/2013
When assessing whether trading desks comply with Article 104b of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
review the business strategy referred to in Article 104b of that Regulation as documented in the internal policies of the institution under Article 325bi(1), point (e), of that Regulation, and verify whether:
|
(b) |
verify whether transactions between trading desks are consistent with the business strategies of those trading desks and that those transactions are not performed to:
|
(c) |
review the organisational structure referred to in Article 104b(2), point (b), of Regulation (EU) No 575/2013 and the annual business plan referred to in Article 104b(2), point (e), of that Regulation, as documented in the internal policies of the institution under Article 325bi(1), point (e), of that Regulation; |
(d) |
verify whether for each trading desk, the institution has identified one or two head dealers, and that where two head dealers have been appointed, they either have roles, responsibilities, and authorities that are clearly separated, or one has ultimate oversight over the other; |
(e) |
review the reports referred to in Article 104b(2), points (d) and (f), of Regulation (EU) No 575/2013, and verify whether all aspects referred to in those points are complied with; |
(f) |
verify whether the institution duly documents and justifies cases where a dealer is assigned to more than one trading desk as referred to in Article 104b(3) of Regulation (EU) No 575/2013, and, for that purpose:
|
(g) |
verify whether the rationale for the inclusion of the trading desks in the scope of the alternative internal model approach meets all of the following conditions:
|
(h) |
verify whether the business strategy entails that at least 10 % of the own funds requirements for market risk are calculated in accordance with the internal model approach. |
For the purposes of point (a)(i), competent authorities shall verify whether the business strategy specifies how much of the trading activities are customer driven, and whether the business strategy entails trade origination and structuring, or execution of services, or both.
For the purposes of point (b), competent authorities may, where appropriate, require the institution to provide a sample of transactions between trading desks, including between trading desks for which the institution computes the own funds requirements with the internal model approach and trading desks for which the institution uses the standardised approach.
Article 8
Assessment of the internal governance and oversight of the institution in relation to the risk control unit
1. When assessing the internal governance and oversight of the institution in relation to the risk control unit referred to in Article 325bi(1), point (b), of Regulation (EU) No 575/2013, competent authorities shall verify whether that risk control unit:
(a) |
is completely separate and independent from the personnel and the management functions responsible for the trading business areas; |
(b) |
is duly represented in the institution’s decision-making bodies and is involved in the decision-making process where any of the following issues are on the agenda:
|
(c) |
is adequate, is proportionate to the size of the institution and the risks of the business, and has the resources necessary to perform its tasks effectively; |
(d) |
has sufficiently experienced, qualified and trained staff to undertake all relevant activities for the effective risk management of the internal model and for monitoring and challenging the actions of other units, in particular of the trading business units; |
(e) |
is responsible for the outcome of the calculations based on the internal-risk measurement model and the internal default risk model. |
2. For the purposes of paragraph 1, point (a), competent authorities shall verify whether:
(a) |
the risk control unit is composed of one or more separate organisational structures in the institution’s organisational chart; |
(b) |
the heads of the risk control unit or units are senior managers of the institution; |
(c) |
the staff and the senior management responsible for the risk control unit are not responsible for any trading business activities; |
(d) |
senior managers of the risk control unit and those responsible for business areas have different reporting lines to the management body of the institution; |
(e) |
the variable remuneration of the staff and senior management responsible for the risk control unit is not linked to the performance of the tasks related to trading business areas under their supervision in a way that hinders or impedes their independence. |
3. For the purposes of paragraph 1, point (b), competent authorities shall take into account:
(a) |
the documented view of the risk control unit when either the management body or the relevant committee of the internal committee structure discuss any of the issues referred to in paragraph 1, point (b); |
(b) |
the minutes of the institution’s management body or relevant committee of the internal committee structure, and the action points reflected therein; |
(c) |
the reports of the risk control unit about internal position limits, and any decisions regarding limit breaches; |
(d) |
information provided by the staff and senior management of the institution, where appropriate. |
For the purposes of point (b), competent authorities shall assess the degree of involvement of the risk control unit when the institution’s management body or relevant committee of the internal committee structure discuss any of the issues referred to in paragraph 1, point (b). Competent authorities shall identify cases where the view of the risk control unit and the final decision taken by either the management body or the relevant committee of the internal committee structure diverge.
Article 9
Assessment of the new product policy
When assessing whether the internal policies referred to in Article 325bi(1), point (e), of Regulation (EU) No 575/2013 are adequate for the introduction of any new product, including new financial instruments, activities, markets, booking locations or business lines, competent authorities shall verify whether:
(a) |
the risk control unit has documented a new product policy and the management body has approved that policy, including a definition of ‘new product’; |
(b) |
the internal committee structure has a committee (‘new product committee’) that assesses, controls and monitors all issues arising from the introduction of new products, including, where relevant:
|
(c) |
the management body, based on an assessment by the new product committee, authorises the trading of new products; |
(d) |
where the management body delegates the authorisation task to the new product committee:
|
(e) |
without the specific approval from the new product committee, the business areas are not authorised to trade new products before the issues referred to in point (b) are addressed; |
(f) |
in the specific cases where traders are allowed to trade new products that do not comply with point (b), the new-product committee approves the transactions on an individual basis and within the limits referred to in point (d)(i); |
(g) |
the new product committee meets frequently enough to evaluate and approve any new product transaction and to monitor all the issues referred to in point (b) that those transactions may pose; |
(h) |
transactions are monitored individually until all issues referred to in point (b) have been fully addressed and, based on an assessment by the new product committee, the management body confirms that the transactions are fully incorporated into all relevant IT systems and controlled via the regular risk-management system; |
(i) |
all new products, regardless of their degree of incorporation into the IT systems, are computed both in the internal risk-measurement model and in the daily changes to the portfolio’s value used for back-testing and profit and loss attribution test purposes. |
Article 10
Independent review of the internal risk-measurement model
1. When assessing the independent review of the internal risk-measurement models in accordance with Article 325bi(1), point (h), of Regulation (EU) No 575/2013, competent authorities shall verify whether:
(a) |
the reviewer is independent; |
(b) |
the resources assigned to the review are appropriate; |
(c) |
the process established within the institution to address the recommendations made by the reviewer is adequate; |
(d) |
the reviewer reviews the internal risk-measurement models on at least an annual basis, and includes the conclusions of that review in a report submitted to the senior management and the management body; |
(e) |
the report referred to in point (d) provides sufficient information to the senior management and the management body of the institution on all elements referred to in Article 325bi(2) and Article 325bp(7) of Regulation (EU) No 575/2013, and identifies the areas in the annual work plan that require a more detailed compliance analysis of those elements; |
(f) |
the review is adequate, proportionate to the size and the complexity of the portfolios concerned, and effective in identifying shortcomings. |
2. For the purposes of paragraph 1, competent authorities shall verify whether:
(a) |
the review is proportionate to the nature, size, and complexity of the institution’s business and organisational structure, and in particular to the complexity of the internal models and their implementation; |
(b) |
the reviewer has resources that are adequate to undertake all relevant activities, and sufficiently experienced and qualified staff; |
(c) |
the reviewer is not, nor has been involved in any aspect of the design and implementation of the internal model subject to review; |
(d) |
the reviewer is independent from the staff and management function responsible for the business and risk control units; |
(e) |
the variable remuneration of the staff and management responsible for the review is not linked to the performance of the tasks related to the institution’s trading business areas in a way that hinders or impedes their independence. |
3. Competent authorities shall examine the latest and other relevant reports produced by the reviewer and verify that the remediation of the issues identified in those reports is relevant, material, and credible.
Article 11
Assessment of the validation of any internal risk measurement models, and of the outcome of such validation
1. When assessing whether any internal risk-measurement models are adequately validated, as referred to in Article 325bj of Regulation (EU) No 575/2013, competent authorities shall verify whether:
(a) |
the validation process is conducted by staff that is not nor has been involved in any way in the development of the internal model subject to validation; |
(b) |
the validation process is conducted with sufficient resources, including experienced and qualified staff; |
(c) |
the variable remuneration of the staff and senior managers responsible for the validation process is not dependent on the performance of the tasks related to the institution’s risk control or business areas in a way that hinders or impedes their independence; |
(d) |
all necessary corrective measures resulting from the validation process are reflected in the validation report referred to in paragraph 2, and implemented in a timely manner; |
(e) |
a decision-making process is in place to ensure that the senior management of the institution takes into account the findings and recommendations resulting from the validation process; |
(f) |
the reviewer referred to in Article 10(1), point (a), regularly assesses the compliance with the conditions referred to in Article 10(1), points (e) and (f). |
2. When assessing the outcome of the validation process, competent authorities shall:
(a) |
verify whether the recommendations, findings, and conclusions of the validation process are included in a validation report that identifies and describes:
|
(b) |
verify whether the conclusions, findings and recommendations of the validation report are directly communicated to, and considered by, the management body of the institution before that management body approves a model to be applied for the calculation of own funds requirements and before any subsequent changes in the methodologies are applied; |
(c) |
verify whether any remedial measure proposed by the validation functions is documented in the validation report and is accompanied by a timeline that is adequate for fixing the identified deficiencies; |
(d) |
verify whether an escalation process is included in the internal policies of the institution for those remedial measures that are overdue, and whether, based on evidence from the past, that process is followed; |
(e) |
assess the overall quality of the outcome of the validation process by comparing the deficiencies identified in the assessment of the internal model in accordance with this Regulation with the deficiencies identified by the validation unit in the validation process. |
Article 12
Assessment of the adequacy of the scope and completeness of the internal validation
1. When assessing whether the scope of the internal validation referred to in Article 325bj of Regulation (EU) No 575/2013 is adequate, competent authorities shall verify whether the internal validation:
(a) |
critically reviews all aspects of the methodologies and pricing functions used for capital purposes, including those applied to new products, thereby taking account of strengths and weaknesses compared to any alternative methodologies; |
(b) |
verifies:
|
(c) |
verifies whether the distributional and any other relevant stochastic assumptions and parameters of the underlying stochastic processes, including volatility and correlation, are well justified, including with regard to:
|
(d) |
assesses the soundness of any empirical correlations used both within and across the broad categories of risk factors to calculate the unconstrained expected shortfall measure referred to in Article 325bh(2) of Regulation (EU) No 575/2013; |
(e) |
assesses the correlation assumptions made in the calculation of the own funds requirements for default risk, including:
|
(f) |
assesses the assumptions made to obtain estimates of default probabilities and losses given default to compute own funds requirements for default risk; |
(g) |
assesses the assumptions made in relation to the modelling of hedges in the computation of own funds requirement for default risk as referred to in Article 325bo of Regulation (EU) No 575/2013; |
(h) |
analyses the results of the stress testing programme, including the results relating to default risk, and extracts relevant conclusions, if any, around methodological flaws or weaknesses stemming from particular market scenarios; |
(i) |
applies and analyses the results obtained for the hypothetical portfolios referred to in Article 325bj(3), point (c), of Regulation (EU) No 575/2013 to ensure that the internal model can account for structural features, including, where relevant, the following:
|
(j) |
verifies the robustness of the implementation of the internal risk measurement model in IT systems, and ensures that all business and support units apply methodologies consistently and for all relevant geographic areas; |
(k) |
verifies the appropriateness and materiality of the proxies by assessing:
|
2. When assessing the completeness of the internal validation process, competent authorities shall verify whether:
(a) |
for the internal validation conducted when the model is initially developed, the institution has performed and documented a complete validation process for all methodologies applied in the internal model; |
(b) |
for the periodic internal validation, the institution has conducted a complete validation, or has done the validation on areas to be validated following the changes referred to in paragraph 3 on:
|
3. For the purposes of paragraph 2, point (b), competent authorities shall:
(a) |
verify whether the internal policies of the institution ensure that the internal periodic validation is performed at least annually, and each time significant structural changes in the market or changes to the composition of the portfolio occur that may lead to the internal model no longer being adequate, including the following:
|
(b) |
verify whether the internal periodic validation is based on a work plan, approved by the management body, and that that work plan sets out:
|
(c) |
assess how the work plan referred to in point (b) ensures that a comprehensive and risk-oriented internal validation process is performed, and that relevant aspects are not omitted from the scope of the internal validation. |
Article 13
Assessment of the adequacy of reporting
When assessing the adequacy of the reports referred to in Article 104b(2), points (d) and (f), and Article 325bi(1), point (b), of Regulation (EU) No 575/2013, competent authorities shall verify:
(a) |
whether the institution maintains an inventory of those reports, specifying their content, frequency and addressees; |
(b) |
whether the inventory referred to in point (a) has been approved at the appropriate management level and is updated in consultation with the risk control unit. |
Article 14
Assessment of adequacy of trading limits
When assessing the adequacy of trading limits referred to in Article 103(2), point (b)(ii), Article 104b(2), points (c) and (f), and Article 325bi(1), point (b), of Regulation (EU) No 575/2013, competent authorities shall verify whether:
(a) |
the institution has a clear breakdown of trading limits that is consistent with the acceptable level of risk set by the institution and the budget of each trading desk; |
(b) |
the choice of the trading limits reflects the trading strategy of the trading desk and the nature of the underlying risks; |
(c) |
the trading limits include the following:
|
(d) |
the institution has a further breakdown in the value-at-risk limits, proportional to the institution’s trading strategies; |
(e) |
all internal limits, including those referred to in point (c), are properly documented and formally approved; |
(f) |
as part of the limit approval and update process, the risk control unit assesses and documents the consistency and compatibility between the value-at-risk limits approved by the management body and the rest of the internal limits not based on value-at-risk, including sensitivities or loss trigger; |
(g) |
the institution properly documents and formally approves an inventory of authorised instruments and underlying risk positions that traders can enter. |
For the purposes of point (c)(i), the value-at-risk limit shall be the sum of individual value-at-risk limits when the permission to use the internal model approach, as referred to in Article 325(1), point (b), of Regulation (EU) No 575/2013, has not been granted.
Article 15
Assessment of the adequacy of the process to update trading limits
1. When assessing the adequacy of the process of updating the institution’s trading limits referred to in Article 103(2), points (b)(ii), Article 104b(2), points (c) and (f), and Article 325bi(1), point (b), of Regulation (EU) No 575/2013, competent authorities shall verify whether:
(a) |
the update process is coordinated and duly documented by the risk control unit; |
(b) |
the proposal for updating the trading limits reflects any changes in:
|
(c) |
the proposal for updating the trading limits takes into account, over the period where the trading limit applicable at the time of the update has been used:
|
2. Competent authorities shall verify whether the process to update trading limits is conducted at least every year, and more frequently where there are changes in the organisation or new business lines or products are introduced.
Article 16
Assessment of the adequacy of the process relating to trading limit breaches
1. When assessing the adequacy of the process for the approval of trading limit breaches referred to in Article 104b(2), point (f), of Regulation (EU) No 575/2013, competent authorities shall verify whether:
(a) |
the institution has a clear and documented procedure for the approval by the management body of breaching trading limits; |
(b) |
the management body has specified materiality conditions according to which any breach of the trading limits are to be reported to the management body itself, irrespective of the level where the trading limits have been approved; |
(c) |
the risk control unit documents any breaches of the trading limits and reports such breaches to the responsible committee, sub-committee or individual manager; |
(d) |
the committee, sub-committee or individual manager referred to in point (c) either takes action when a trading limit is breached, or reports such breach to the management body, in accordance with point (b); |
(e) |
the documentation referred to in point (c) comprises the magnitude and main causes of the breach of the trading limit, including:
|
2. Competent authorities shall verify, in particular where a trading desk has frequently exceeded trading limits, whether the frequency and magnitude of breaches of trading limits, and the measures taken by the risk control unit and management body in response to such breaches, are appropriate. The competent authority shall conduct such verification.
Article 17
Assessment of the adequacy of the stress testing programme
1. When assessing the adequacy of the programme of stress testing referred to in Article 325bi(1), point (g), and Article 325bp(7), point (b), of Regulation (EU) No 575/2013, competent authorities shall verify whether:
(a) |
the institution reviews scenarios applied as part of the stress testing programme at least annually; |
(b) |
the risk control unit runs the stress test scenarios determined in the stress testing programme frequently and at least every month, and at a higher frequency where the institution has significant trading activities; |
(c) |
the scenarios to be applied as part of the stress testing programme comprise, apart from historically observed or hypothetical scenarios, scenarios resulting from reverse stress testing and ad-hoc scenarios designed to address the relevant specific risk drivers; |
(d) |
the scenarios referred to in point (c) are reviewed at least on an annual basis. |
2. Competent authorities shall verify whether the scenarios referred to in paragraph 1, point (c), are used to assess the reasonableness of the elements constituting the own funds requirements for market risk, including the additional own funds requirement for default risk, when those own funds requirements are compared with potential losses stemming from severe, but plausible market scenarios.
3. For the purposes of paragraph 2, competent authorities shall verify whether the institution, when it is assessing the reasonableness of the default risk model assumptions, in particular regarding the capture of credit risk concentrations, uses all of the following:
(a) |
losses arising from events, including credit events; |
(b) |
hypothetical rating downgrades; |
(c) |
market events on specific issuers’ types; |
(d) |
changes to copulas’ types and parameters, where modelled explicitly. |
Article 18
Assessment of the adequacy of the reverse and ad-hoc stress testing scenarios
1. When assessing the adequacy of the reverse stress testing scenarios referred to in Article 325bi(1), point (g), of Regulation (EU) No 575/2013, competent authorities shall verify whether:
(a) |
the risk control unit applies the reverse stress test as a tool to identify possible combinations of severe events and risk concentrations within the institution, including severe events and risk concentrations that derive from environmental risks; |
(b) |
the analysis performed with the reverse stress test complements the regular stress testing; |
(c) |
when identifying the scenario or scenarios resulting from reverse stress testing, the risk control unit assesses:
|
2. When assessing the adequacy of ad hoc stress testing scenarios as part of the stress testing programmes referred to in Article 325bi(1), point (g), of Regulation (EU) No 575/2013, competent authorities shall verify whether the risk control unit, when designing the ad hoc stress testing scenarios concerned, takes into account the composition, at the last reporting date, of the portfolio of positions included in the scope of the internal model. Competent authorities shall in particular verify:
(a) |
whether the risk control unit uses the results obtained from sensitivity analysis towards single risk factors, considered individually and jointly, to identify scenarios that include the stress of a combined set of plausible risk factors; |
(b) |
whether the risk control unit explicitly has considered the following elements when establishing the ad hoc stress testing scenarios:
|
For the purposes of point (b)(i), the risk control unit may consider larger shocks to reflect the impossibility of unwinding positions in a timely manner, in particular for cash instruments, that is caused by the fact that positions are concentrated, or that are due to a sharp increase in market illiquidity.
For the purposes of point (b)(iv), the risk control unit may, in particular:
(a) |
assess the potential risk incurred when hedging positions valued using a proxy; |
(b) |
apply the stressed scenario movements to the proxy while keeping illiquid positions constant. |
Article 19
Assessment of the internal risk-measurement model in relation to the robustness of the IT systems
1. When assessing whether the internal risk-measurement model is calculated and implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013, competent authorities shall verify whether the institution’s IT systems related to market risk management and the IT systems supporting the internal model are robust enough to cope with execution errors. In particular, competent authorities shall:
(a) |
assess the robustness of the IT systems during the last 250 business days; |
(b) |
verify whether:
|
2. Competent authorities shall verify whether an institution examines all internal model positions and instruments in the internal risk-measurement model and reconciles those positions and instruments with the end-of-day value systems by confirming, at least on a weekly basis, that the positions and instruments in one system correspond to those in the other systems. Competent authorities shall verify that the institution fully documents and monitors any positions and instruments not fully reconciled.
Article 20
Assessment of reasonable accuracy of the internal risk-measurement model, including pricing model
1. When assessing whether the internal risk-measurement model, including any pricing model, has a proven track record of being reasonably accurate in measuring risks, and does not differ significantly from the models that the institution uses for its internal risk-measurement models as referred to in Article 325bi(1), point (f), of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
verify whether the institution has inventories, whereby those inventories comprise:
|
(b) |
verify whether the inventories referred to in point (a) are updated at least annually, and whether the internal policies of the institution provide for a specific update whenever that would be necessary due to substantial changes in the information provided in the inventories; |
(c) |
verify whether all the differences between the pricing functions used to compute the end-of-day value and the pricing functions used in the internal risk-measurement model are validated as part of the internal validation referred to in Article 325bj of Regulation (EU) No 575/2013; |
(d) |
assess, on the basis of the profit and loss attribution results and the back-testing results, whether there are pricing functions that may present deficiencies; |
(e) |
analyse the conclusions in the most recent reports by the institution’s internal validation referred to in Article 325bj of Regulation (EU) No 575/2013 regarding the accuracy of the internal risk-measurement model; |
(f) |
analyse the conclusions laid down in the most recent reports about the institution’s internal review of the accuracy of the internal risk-measurement model, as referred to in Article 325bi(1), point (h), of Regulation (EU) No 575/2013; |
(g) |
verify whether the institution has documented the differences between the internal risk-measurement model and the models that the institution uses for its internal risk management for the same scope of positions, and whether the institution is able to explain those differences; |
(h) |
analyse the results of the tests performed by the institution as part of its internal validation to verify whether the assumptions made in the internal risk-measurement model are appropriate and do not underestimate or overestimate the risk, as referred to in Article 325bj(3), point (a), of Regulation (EU) No 575/2013, in particular for the trading desks with the highest differences between the own funds requirements calculated in accordance with the alternative standardised approach referred to in Part Three, Title IV, Chapter 1a of Regulation (EU) No 575/2013, and the own funds requirements calculated in accordance with the internal risk-measurement model. |
For the purposes of point (d), competent authorities may, where appropriate, require the institution to calculate, on a set of instruments and commodities for which the competent authority wants to test the accuracy of the pricing functions, the risk-theoretical changes referred to in Chapter 2, Section 2, of Commission Delegated Regulation (EU) 2022/2059 (10) and the hypothetical changes referred to in Chapter 1, Section 2, of that Delegated Regulation, and require the institution to justify differences in outcome between the two measures.
2. Where positions corresponding to product classes assigned to a trading desk are booked back-to-back with those of another entity of the group that is outside the scope of the highest level of consolidation within the Union, and the competent authority needs more evidence to verify that the internal risk-measurement model is reasonably accurate, the competent authority may require institutions to provide:
(a) |
the actual, hypothetical, and risk theoretical changes over 60 business days in the trading desk portfolio’s value, without any hedges with the entity of the group being considered; |
(b) |
the value-at-risk numbers at trading desk level as referred to in Article 325bf of Regulation (EU) No 575/2013 over 60 business days, without any hedges with the entity of the group being considered; |
(c) |
an assessment of the profit and loss attribution results and back-testing results in light of the changes in the portfolio’s values referred to in point (a) and the value-at-risk numbers referred to in point (b). |
3. Where the market risk of positions corresponding to some product classes is transferred to another entity of the group that is outside the scope of the highest level of consolidation within the Union, and the effects of such transfer de facto resemble the effects of positions booked back-to-back, competent authorities may apply paragraph 2.
Article 21
Assessment of the internal risk-measurement model in relation to additional back-testing programmes
1. When assessing whether the institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to the back-testing referred to in Article 325bj(3), point (b), of that Regulation, competent authorities shall verify whether, as part of such back-testing programmes, the institution:
(a) |
runs the back-testing programme referred to in paragraph 2 or another internal back-testing programme that enables the institution to identify the contribution of modellable and non-modellable risk factors to the back-testing results; |
(b) |
applies direct expected shortfall back-testing approaches to its portfolios. |
For the purposes of point (b), competent authorities shall verify how the institution motivates the choice of the applied direct expected shortfall back-testing methodology, and analyse whether that methodology is conceptually sound.
The institution may use the back-testing programmes referred to in the first subparagraph as an element to detect and monitor potential deficiencies in the calculation of the excepted shortfall measures. Where a competent authority decides on the permission to use the internal model approach to compute the own funds requirement for market risk in accordance with Article 325az, those back-testing programmes shall not supersede the outcomes of the regulatory back-testing referred to in Article 325bf of Regulation (EU) No 575/2013 and the profit and loss attribution requirements referred to in Article 325bg of that Regulation.
2. For the purposes of paragraph 1, first subparagraph, point (a), the institution may run a back-testing programme that applies the following principles:
(a) |
an overshooting is identified as a one-day change in HPL MRF or in |
(b) |
APL MRF that exceeds the value-at-risk number referred to in Article 325bf(6), point (a), of Regulation (EU) No 575/2013; |
(c) |
HPL MRF and APL MRF are calculated as follows:
Where:
|
(d) |
the institution identifies potential weaknesses in its risk-measurement model by counting the overshootings, as identified in accordance with point (a), that occurred over the last 250 business days, and by comparing the amount of the identified overshootings against the thresholds referred to in Article 325bf(3), points (a) and (b), of Regulation (EU) No 575/2013. |
CHAPTER 3
ASSESSMENT OF THE INTERNAL RISK-MEASUREMENT MODEL USED TO COMPUTE THE EXPECTED SHORTFALL RISK MEASURE AND THE STRESS SCENARIO RISK MEASURE
SECTION 1
Overview of the assessment
Article 22
Introduction to the assessment of the internal risk-measurement model used to compute the expected shortfall measure and the stress scenario risk measure
When assessing an institution’s compliance with the requirements applicable to the internal risk-measurement model used to compute the expected shortfall risk measure and the stress scenario risk measure, competent authorities shall assess whether the institution complies with:
(a) |
Section 2 of this Chapter, which contains requirements on risk factors, including the modellability assessment and the mapping to the appropriate liquidity horizon; |
(b) |
Section 3 of this Chapter, which contains requirements on data quality and the proxy approaches used in the calculation of:
|
(c) |
Section 4 of this Chapter, which contains requirements on back-testing and profit and loss attribution; |
(d) |
Section 5 of this Chapter, which contains requirements on the treatment of foreign exchange risk and commodity risk in the non-trading book; |
(e) |
Section 6 of this Chapter, which contains requirements on the expected shortfall measure and the stress scenario risk measure calculations. |
SECTION 2
Assessment of the internal risk measurement model’s risk factors set-up and properties
Article 23
Assessment of the internal risk-measurement model’s coverage of the risk
1. When assessing the institution’s compliance with Article 325bh(1), point (a), of Regulation (EU) No 575/2013 in relation to the requirement to include in the internal risk-measurement model at least those risk factors that are used in the calculation of the own funds requirements under the alternative standardised approach, the competent authority shall verify whether:
(a) |
the institution documents whether there are risk factors used in the standardised approaches that are not included in the internal risk-measurement model; |
(b) |
the institution highlights all of the following aspects:
|
(c) |
where there are risk factors used in the alternative standardised approach that are not included in the internal risk-measurement model, the institution, in addition to providing information on the impact of the exclusion of those risk factors on the profit and loss attribution results as required by Article 325bh(1), point (a), of Regulation (EU) No 575/2013:
|
2. When assessing an institution’s compliance with Article 325bh(1), point (a), of Regulation (EU) No 575/2013 in relation to the requirement to include in the internal risk-measurement model a sufficient number of risk factors, competent authorities shall perform the following steps in the following order:
(a) |
require the institution to provide an overview of the factors used in the calculation of the end-of-day value of the portfolio, including, where appropriate, a list of aggregates of factors used in the calculation of the end-of-day value, which specifies, for each aggregate, all of the following:
|
(b) |
based on the overview referred to in point (a):
|
For the purposes of point (a), institutions shall aggregate factors so that each aggregate shares the same attributes in relation to point (ii), point (iv)(1), and point (iv)(2).
For the purposes of point (b)(i), competent authorities shall apply the assessment method referred to in paragraph 3, and may complement that method by the assessment method referred to in paragraph 4.
For the assessment referred to in paragraph 2, point (b)(i), competent authorities shall identify trading desks or hypothetical portfolios used by the institution for the internal validation referred to in Article 325bj(3), point (c), of Regulation (EU) No 575/2013 whose values depend on factors that are not included in the internal risk-measurement model. Competent authorities shall verify for those trading desks whether the results of the back-testing referred to in Article 325bf of Regulation (EU) No 575/2013 or of the own internal model validation tests referred to in Article 325bj(3), point (b), of Regulation (EU) No 575/2013 indicate weaknesses in the internal risk-measurement model.
3. For the assessment referred to in paragraph 2, point (b)(i), competent authorities may identify trading desks or hypothetical portfolios used by the institution for the internal validation referred to in Article 325bj(3), point (c), of Regulation (EU) No 575/2013 whose values depend on factors that are not included in the internal risk-measurement model, and apply the following steps in the following order:
(a) |
require the institution to calculate:
|
(b) |
require the institution to explain deviations in the changes in the portfolio’s values calculated in accordance with points (a)(i), (ii), and (iii). |
Article 24
Assessment of general interest rates risk factors
1. When assessing an institution’s compliance with the requirements set out in Article 325bh(1), point (c), of Regulation (EU) No 575/2013 in relation to the modelling of the interest rate risk, competent authorities shall:
(a) |
require the institution to provide a list of all the currencies towards which the institution’s portfolio is sensitive and, for each of those currencies, all the yield curves towards which the institution’s portfolio is sensitive; |
(b) |
require the institution, for each of the yield curves referred to in point (a), to specify whether a curve is modelled in its entirety directly, or whether it is modelled as a sum of a base curve and a basis curve; |
(c) |
require the institution to provide a sensitivity analysis of its portfolio towards each of the yield curves referred to in point (a); |
(d) |
verify, by using the information referred to in points (a), (b) and (c), that the basis risk between any two given yield curves is either implicitly captured by the fact that two yield curves are modelled directly, or by the fact that a basis yield curve representing the difference between those two yield curves is included in the internal-risk measurement model; |
(e) |
perform, in relation to yield curves where risk factors are points in the curve, an additional assessment in accordance with Article 29 of this Regulation and, where buckets are established by the institution in accordance with Article 5(4) of Commission Delegated Regulation (EU) 2022/2060 (11), verify whether the institution uses at least six risk factors where both of the following conditions are met:
|
(f) |
perform, in relation to curves that have been modelled by means of function parameters as referred to in Article 6 of Delegated Regulation (EU) 2022/2060, an additional assessment of compliance in accordance with Article 29 of this Regulation; |
(g) |
assess whether vega risk related to interest rate risk is duly captured as required by Article 30 of this Regulation. |
2. By way of derogation from paragraph 1, points (a) and (b), competent authorities may require an institution to provide the information referred to in those points for the most relevant currencies and yield curves only, and perform the assessment set out in that paragraph 1 on those data.
Article 25
Assessment of equity risk factors
1. When assessing the institution’s compliance with the requirement set out in Article 325bh(1), point (e), of Regulation (EU) No 575/2013 in relation to the modelling of equity risk, the competent authority shall:
(a) |
require the institution to provide a list of all equity names and equity indices towards which the institution’s portfolio is sensitive, and the risk factors used to model the associated risk; |
(b) |
require the institution to provide a sensitivity analysis of its portfolio towards each of the equity names and equity indices referred to in point (a); |
(c) |
verify that, where the risk in an equity name is modelled as a sum of a systematic risk factor as referred to in Article 3(3) of Delegated Regulation (EU) 2022/2060 and idiosyncratic risk factor, the volatility generated by shocking those factors reflects the volatility observed for that equity name; |
(d) |
verify that the basis risk between two different equity names is captured by either modelling the two equity names directly or by means of a basis risk factor; |
(e) |
assess whether the risk in changes in equity curves is duly captured in accordance with Article 29 of this Regulation; |
(f) |
assess whether vega risk related to equity risk is duly captured in accordance with Article 30 of this Regulation. |
For the purposes of point (c), the competent authority may, where appropriate, compare the volatility of the shocks applied to the issuer equity name, as resulting from the systematic and idiosyncratic risk factors, with the volatility observed for that equity name.
2. By way of derogation from paragraph 1, point (a), the competent authority may require the institution to provide the information referred to in that point for the most relevant equity names and indices only, and may perform the assessment set out in that paragraph on those data.
Article 26
Assessment of credit spread risk factors
1. When assessing an institution’s compliance with the requirements set out in Article 325bh(1) of Regulation (EU) No 575/2013 in relation to the modelling of credit spread risk, competent authorities shall:
(a) |
require the institution to provide a list of all issuers’ credit spreads curves and credit indices towards which the institution’s portfolio is sensitive, and the risk factors used to model the associated risk; |
(b) |
require the institution to provide a sensitivity analysis of its portfolio towards each of the issuers’ credit spreads curves and credit indices referred to in point (a); |
(c) |
verify whether, where the risk in an issuer credit spread is modelled as a sum of a systematic risk factor as referred to in Article 3(3) of Delegated Regulation (EU) 2022/2060 and an idiosyncratic risk factor, the volatility generated by shocking those factors reflects the volatility observed for that issuer credit spread; |
(d) |
verify whether the basis risk between issuers is captured by either modelling the issuers’ credit spreads directly or by means of a basis risk factor, and whether the basis between different positions referencing to the same issuer is monitored and, when material, included in the internal risk-measurement model; |
(e) |
assess whether the risk in changes in credit spread curves is duly captured as required by Article 29 of this Regulation; |
(f) |
assess whether vega risk related to credit spread risk is duly captured as required by Article 30 of this Regulation. |
For the purposes of point (c), competent authorities may, where appropriate, compare the volatility of the shocks applied to the issuer credit spread, as resulting from the systematic and idiosyncratic risk factors, with the volatility observed for that issuer credit spread.
2. By way of derogation from paragraph 1, point (a), competent authorities may require an institution to provide the information referred to in that point for the most relevant credit spreads curves and credit indices only, and perform the assessment set out in that paragraph 1 on those data.
Article 27
Assessment of foreign exchange risk factors
1. When assessing an institution’s compliance with the requirements set out in Article 325bh(1), point (d), of Regulation (EU) No 575/2013 in relation to the modelling of foreign exchange risk, competent authorities shall:
(a) |
require the institution to provide a list of all the currency pairs towards which the institution’s portfolio is sensitive and, for each of those currency pairs, to clarify whether that currency pair is subject to the spot exchange rate only, or other risk factors, including implied volatilities; |
(b) |
require the institution to provide a sensitivity analysis of its portfolio towards each currency pair referred to in point (a); |
(c) |
based on the information referred to in points (a) and (b), verify whether the basis risk between any couple of currency pairs is implicitly captured by either of the following:
|
(d) |
assess the extent to which the institution considers the risk linked to unpegging events for non-free floating currency pairs, and where such risk is material, how it is monitored; |
(e) |
assess whether the risk in changes in foreign-exchange curves is duly captured as required by Article 29 of this Regulation; |
(f) |
assess whether vega risk related to foreign-exchange risk is duly captured as required by Article 30 of this Regulation. |
2. By way of derogation from paragraph 1, point (a), competent authorities may require an institution to provide the information referred to in that point for the most relevant currency pairs only, and perform the assessment set out in that paragraph 1 on those data.
Article 28
Assessment of commodity risk factors
1. When assessing an institution’s compliance with the requirements set out in Article 325bh(1), point (f), of Regulation (EU) No 575/2013 in relation to the modelling of commodity risk, competent authorities shall:
(a) |
require the institution:
|
(b) |
verify whether the institution’s internal policies identify metrics that are appropriate to assess the materiality of a commodity market as referred to in Article 325bh(1), point (f), of Regulation (EU) No 575/2013 and whether, for commodity markets identified as material, each different commodity is specifically modelled in the institution’s internal risk-measurement model; |
(c) |
verify whether the basis risk between similar but not identical commodities towards which the institution has material exposure is captured, including the basis risk stemming from a different place of delivery and from maturity mismatches; |
(d) |
assess whether the risk in changes in commodity curves is duly captured as required by Article 29 of this Regulation; |
(e) |
assess whether vega risk related to commodity risk is duly captured as required by Article 30 of this Regulation. |
For the purposes of point (c), competent authorities shall verify whether the institution models two different commodities directly or captures the basis by means of a basis risk factor.
2. By way of derogation from paragraph 1, points (a)(i) and (ii), competent authorities may require the institution to provide the information referred to in those points for the most relevant commodities only, and may perform the assessment set out in that paragraph 1 on those data.
Article 29
Assessment of curves
1. Competent authorities shall apply:
(a) |
where required to assess curves whose points are risk factors as referred to in Article 4 of Delegated Regulation (EU) 2022/2060, paragraph 2 of this Article; |
(b) |
where required to assess curves that have been modelled by means of function parameters as referred to in Article 6 of Delegated Regulation (EU) 2022/2060, paragraph 4 of this Article. |
For the purposes of points (a) and (b), competent authorities shall assess the interpolation and extrapolation techniques used by the institution in accordance with paragraph 6.
2. For curves for which the institution establishes buckets itself in accordance with Article 5(4) of Delegated Regulation (EU) 2022/2060, competent authorities shall verify that:
(a) |
the institution’s internal policies have established criteria to decide on the numbers of risk factors to be used to model a curve, and that such criteria are based on the liquidity and materiality of the positions with exposure to that curve; |
(b) |
the criteria referred to in point (a) are accompanied by an analysis showing that the number of risk factors used allows for the volatility across different tenors to be captured. |
For the purposes of point (b), where the competent authority considers that the number of risk factors used to model a curve are not appropriate, competent authorities may complement their assessment using the assessment method referred to in paragraph 3.
3. For the purposes paragraph 2, point (b), competent authorities may:
(a) |
require the institution to apply scenarios of future shocks to the curve’s risk factors as made in the internal risk-measurement model; |
(b) |
require the institution to derive the volatility of a point in the curve that is not a risk factor; |
(c) |
require the institution to obtain the observed volatility of the point in the curve referred to in point (b); |
(d) |
compare the volatility obtained in accordance with point (b) with the observed volatility obtained in accordance with point (c). |
For the assessment referred to in paragraph 2, point (b), competent authorities shall base themselves on both the period referred to in Article 325bc(4), point (c), of Regulation (EU) No 575/2013 and the period of financial stress referred to in Article 325bc(2), point (c), of that Regulation.
4. For curves that have been modelled by means of function parameters as referred to in Article 6 of Delegated Regulation (EU) 2022/2060, competent authorities shall assess whether the institution’s internal policies include analysis showing that shocking functions parameters allows capturing all material risks in the curves and the volatility across different tenors. Where appropriate, competent authorities may complement their assessment by using the assessment method referred to in paragraph 5 of this Article.
5. For the purposes of paragraph 4, competent authorities may:
(a) |
require the institution to apply scenarios of future shocks to the function parameters as made in the internal risk-measurement model; |
(b) |
require the institution to derive the volatility of a point in the curve; |
(c) |
require the institution to obtain the volatility of the point in the curve referred to in point (b); |
(d) |
compare the volatility obtained in accordance with point (b) with the observed volatility obtained in accordance with point (c). |
For that assessment, competent authorities shall base themselves on both the period referred to in Article 325bc(4), point (c), of Regulation (EU) No 575/2013 and the period of financial stress referred to in Article 325bc(2), point (c), of that Regulation.
6. Competent authorities shall assess whether all the techniques used by the institution to build a curve, including interpolation and extrapolation techniques, are sound. Where part of the curve is derived by extrapolating its two outer points, competent authorities shall verify whether the volatility of the returns observed in the market for the extrapolated part of the curve does not significantly differ from that resulting from the extrapolation. For that purpose, competent authorities may apply the assessment methods referred to in paragraphs 3 and 5 by picking a point in the curve obtained via extrapolation when applying point (b), of those paragraphs.
Article 30
Assessment of implied volatility surfaces
1. When assessing an institution’s compliance with the requirements set out in Article 325bh(1), point (h), of Regulation (EU) No 575/2013 in relation to capturing vega risk for any given broad risk factor category, competent authorities shall:
(a) |
require the institution to provide a list of all the volatility surfaces towards which the institution’s portfolio is sensitive; |
(b) |
require the institution to provide a sensitivity analysis of its portfolio towards each of the surfaces referred to in point (a); |
(c) |
verify, based on the information referred to in points (a) and (b), whether any material basis risk between any two given surfaces is either implicitly captured by the fact that two surfaces are modelled directly, or by the fact that a basis surface representing the difference between those two curves is modelled; |
(d) |
verify, in relation to volatility surfaces whose points are risk factors as referred to in Article 4 of Delegated Regulation (EU) 2022/2060, whether:
|
(e) |
verify, in relation to surfaces that have been modelled by means of function parameters as referred to in Article 6 of Delegated Regulation (EU) 2022/2060, whether the institution’s internal policies include an analysis showing that shocking functions parameters allow for a comprehensive representation of the risk across the surface; |
(f) |
assess whether interpolation and extrapolation techniques used by the institution to build a surface are sound and where part of the surface is derived by extrapolating its two outer points, verify whether the volatility of the returns observed in the market for the extrapolated part of the surface does not significantly differ from that resulting from the extrapolation. |
For the purposes of point (a), the institution shall for each of the surfaces referred in that point specify whether it is modelled in its entirety directly, or whether it is modelled as a sum of a base surface and a basis surface.
For the purposes of point (d)(ii), competent authorities may, where appropriate, complement their assessment by using the assessment method referred to in paragraph 2.
For the purposes of point (e), competent authorities may, where appropriate, complement their assessment by using the assessment method referred to in paragraph 3.
For the purposes of point (f), competent authorities may apply the assessment method referred to in paragraphs 2 and 3 by picking a point in the surface obtained via extrapolation when applying points (b) of those paragraphs.
2. For the purposes paragraph 1, point (d)(ii), competent authorities may:
(a) |
require the institution to apply scenarios of future shocks to the surface’s risk factors as made in the internal risk-measurement model; |
(b) |
require the institution to derive the volatility of a point of the surface that is not a risk factor; |
(c) |
require the institution to obtain the observed volatility of the point in the surface referred to in point (b); |
(d) |
compare the volatility obtained in accordance with point (b) with the observed volatility obtained in accordance with point (c). |
For the assessment referred to in paragraph 1, point (d)(ii), competent authorities shall base themselves on both the period referred to in Article 325bc(4), point (c), of Regulation (EU) No 575/2013 and the period of financial stress referred to in Article 325bc(2), point (c), of that Regulation.
3. For the purposes of paragraph 1, point (e), competent authorities may:
(a) |
require the institution to apply scenarios of future shocks to the function parameters as made in the internal risk-measurement model; |
(b) |
require the institution to derive the volatility of a point of the surface; |
(c) |
require the institution to obtain the observed volatility of the point in the surface referred to in point (b); |
(d) |
compare the volatility obtained in accordance with point (b) with the observed volatility obtained in accordance with point (c). |
For the assessment referred to in paragraph 1, point (e), competent authorities shall base themselves on both the period referred to in Article 325bc(4), point (c), of Regulation (EU) No 575/2013 and the period of financial stress referred to in Article 325bc(2), point (c), of that Regulation.
Article 31
Assessment of correlation risk factors
When assessing whether an institution’s internal risk-measurement model captures correlation risk as required by Article 325bh(1), point (b), of Regulation (EU) No 575/2013, competent authorities shall verify that, for multi-underlying options and any other products whose end-of-day value is determined via an implied correlation parameter, a risk factor capturing the risk of changes in the correlation parameter is included in the internal risk-measurement model.
The competent authority may identify options and products relying on an implied correlation parameter by using the information reported in accordance with Article 23 of this Regulation, and by identifying those factors that are correlation parameters.
Article 32
Assessment of the modellability of risk factors
1. When assessing an institution’s compliance with Article 325bi(1), point (e), of Regulation (EU) No 575/2013 in relation to requirements on the risk factors’ modellability, competent authorities shall verify whether the institution’s internal policies referred to in that point meet all of the following conditions:
(a) |
the internal policies cover the aspects referred to in Article 7 of Delegated Regulation (EU) 2022/2060 for all documentation; |
(b) |
the internal policies require the production of an up-to-date inventory which specifies for each risk factor the following:
|
(c) |
the internal policies set out:
|
(d) |
the internal policies set out criteria to determine whether the modellability assessment of a curve, surface, or cube is performed by using standard, pre-defined buckets as referred to in Article 5(2) of Delegated Regulation (EU) 2022/2060, or by using the institution’s own establishment of buckets as referred to in Article 5(4) of that Delegated Regulation; |
(e) |
the internal policies set out the rationale of the choice, where the standard pre-defined buckets referred to in Article 5(2) of Delegated Regulation (EU) 2022/2060 are subdivided into smaller buckets in accordance with Article 5(3) of that Regulation. |
For the purposes of points (b)(vii) and (viii), where the institution performs the modellability assessment for a risk factor by assessing the modellability of a set of buckets first, competent authorities shall verify whether the number of verifiable and representative prices are specified at the level of each of those buckets.
2. When assessing whether the institution’s internal risk-measurement model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to the modellability assessment of risk factors that are assessed as modellable in accordance with Article 1 of Delegated Regulation (EU) 2022/2060, competent authorities shall:
(a) |
verify, in relation to the results of the modellability assessment:
|
(b) |
in relation to the requirements for considering a price verifiable as referred to in Article 2 of Delegated Regulation (EU) 2022/2060:
|
(c) |
in relation to the requirements for considering a verifiable price as representative of a risk factor as referred to in Article 3 of Delegated Regulation (EU) 2022/2060, verify whether the mapping process and the criteria used to determine the representativeness of a price for a risk factor as referred to in Article 7(1), point (d), of that Delegated Regulation are sound. |
For the purposes of point (a)(ii), competent authorities shall verify whether the criteria referred to in paragraph 1, point (c) to identify whether risk factors are of the same type are sound and, by using the inventory referred to in paragraph 1, point (b), verify whether those criteria are applied correctly.
For the purposes of point (b)(i), competent authorities shall apply the assessment method referred to in paragraph 5.
For the purposes of point (c), competent authorities shall apply the assessment method referred to in paragraph 6.
3. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to the modellability assessment of risk factors that belong to a curve, a surface or a cube and that are assessed as modellable in accordance with Article 4 of Delegated Regulation (EU) 2022/2060, competent authorities shall:
(a) |
in relation to the results of the modellability assessment:
|
(b) |
in relation to the requirements for considering a price verifiable as referred to in Article 2 of Delegated Regulation (EU) 2022/2060:
|
(c) |
in relation to the requirements for allocating a verifiable price to a bucket as referred to in Article 4(4) of Delegated Regulation (EU) 2022/2060, verify whether the mapping process and the criteria referred to in Article 7(1), point (d), of that Regulation used to determine that a price is representative for a point in the bucket are sound; |
(d) |
in relation to the possibility of reallocating a verifiable price of a bucket to an adjacent bucket in accordance with Article 5(5) of Delegated Regulation (EU) 2022/2060, verify:
|
For the purposes of point (b)(i), competent authorities shall apply the assessment method referred to in paragraph 5.
For the purposes of point (c), competent authorities shall apply the assessment method referred to in paragraph 7.
4. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to the modellability assessment of risk factors that are assessed as modellable in accordance with Article 6 of Delegated Regulation (EU) 2022/2060, competent authorities shall:
(a) |
in relation to the results of the modellability assessment:
|
(b) |
in relation to the requirements for considering a price verifiable as referred to in Article 2 of Delegated Regulation (EU) 2022/2060:
|
(c) |
in relation to the requirements for allocating a verifiable price to a bucket as referred to in Article 4(4) of Delegated Regulation (EU) 2022/2060, verify whether the mapping process and the criteria referred to in Article 7(1), point (d), of that Regulation used to determine that a price is representative for a point in the bucket are sound; |
(d) |
in relation to the possibility of reallocating a verifiable price of a bucket to an adjacent bucket in accordance with Article 5(5) of Delegated Regulation (EU) 2022/2060, verify:
|
For the purposes of point (b)(i), competent authorities shall apply the assessment method referred to in paragraph 5.
For the purposes of point (c), competent authorities shall apply the assessment method referred to in paragraph 7.
5. For the purposes of paragraph 2, point (b)(i), paragraph 3, point (b)(i) and paragraph 4, point (b)(i), competent authorities shall apply the following assessment method:
(a) |
require the institution to provide a sample of risk factors and buckets, with the corresponding verifiable and representative prices, including:
|
(b) |
require the institution to justify for the prices referred to in point (a), of this paragraph which of the conditions referred to in Article 2(1) of Delegated Regulation (EU) 2022/2060 are met, and verify the following:
|
(c) |
for the verifiable prices referred to in point (a), competent authorities shall verify:
|
For the purposes of this paragraph, competent authorities shall require institutions or third-party vendors as applicable to provide them with all information that they need to perform that assessment comprehensively, in accordance with Article 2(5), point (b), of Delegated Regulation (EU) 2022/2060.
6. For the purposes of paragraph 2, point (c), competent authorities shall:
(a) |
require an institution to provide a sample of risk factors, and the corresponding verifiable and representative prices used to assess the conditions referred to in Article 1 of Delegated Regulation (EU) 2022/2060; |
(b) |
verify whether, where for the risk factor there are multiple verifiable prices on a given observation date, only one is considered when assessing whether the conditions referred to in Article 1 of Delegated Regulation (EU) 2022/2060 are met; |
(c) |
for those risk factors in the sample referred to in point (a) that are not systematic credit or equity risk factors capturing market-wide movements as referred to in Article 3(3) of Delegated Regulation (EU) 2022/2060, verify whether:
|
(d) |
for those risk factors in the sample referred to in point (a) that are systematic credit or equity risk factors capturing market-wide movements as referred to in Article 3(3) of Delegated Regulation (EU) 2022/2060, verify whether the verifiable prices used are representative of attributes of the systematic risk factors. |
For the purposes of point (a), the sample of risk factors shall include, among others, risk factors that narrowly met the conditions for being assessed modellable and risk factors that changed their modellability status over the previous year. Where applicable, that sample shall contain risk factors for which verifiable prices are obtained solely by the institution, solely by third-party vendors, and by both the institution and third-party vendors.
7. For the purposes of paragraph 3, point (c), and paragraph 4, point (c), competent authorities shall:
(a) |
require the institution to provide a sample of buckets relating to a set of curves, surfaces or cubes, and the corresponding verifiable and representative prices; |
(b) |
for the verifiable prices referred to in point (a), verify, for the buckets for which there are multiple verifiable prices on a given observation date, that only one verifiable price per each date is considered when assessing whether the conditions referred to in Article 1 of Delegated Regulation (EU) 2022/2060 are met; |
(c) |
for the verifiable prices referred to in point (a), assess that the methodology employed by the institution to map a verifiable price to a given bucket is appropriate. |
For the purposes of point (a), the sample of buckets shall include, among others, buckets that narrowly met the conditions for being assessed modellable and buckets that changed their modellability status over the previous year. Where applicable, that sample shall include buckets for which verifiable prices are obtained solely by the institution, solely by third-party vendors, and by both the institution and third-party vendors.
For the purposes of point (c), the competent authority shall verify whether:
(a) |
the points in a bucket are a strong driver of the price considered representative, |
(b) |
the method used by the institution to conclude that there is a close relationship between any point in the bucket and that price is sound, |
(c) |
the methodology employed by the institution to extract the value of that point in the bucket from that price is sound. |
Article 33
Assessment of the risk factors’ liquidity horizon
1. When assessing an institution’s compliance with Article 325bi(1), point (e), of Regulation (EU) No 575/2013 in relation to requirements on the risk factors’ liquidity horizon, competent authorities shall verify whether the internal policies referred to in that point require the production of an up-to-date inventory specifying, for each risk factor, the following:
(a) |
a description of the risk factor; |
(b) |
whether the risk factor is modellable following the assessment of the modellability referred to in Article 325be of Regulation (EU) No 575/2013 and, where the risk factor is modellable, whether that risk factor is included in the subset of modellable risk factors referred to in Article 325bc(2), point (a), of that Regulation; |
(c) |
a simple description of the data inputs used to mark the risk factor; |
(d) |
the liquidity horizon assigned to the risk factor as required by Article 325bd(2) of Regulation (EU) No 575/2013; |
(e) |
whether the nature of the risk factor does not correspond to any broad category of risk factors as required by Article 1(2) of Delegated Regulation (EU) 2022/2058; |
(f) |
whether the nature of the risk captured by the risk factor and the data inputs used for that risk factor correspond to risk factors that could fall under more than one broad category of risk factors or broad sub-category of risk factors as required by Article 1(3) of Delegated Regulation (EU) 2022/2058; |
(g) |
where used to model a homogenous index, whether the methodology referred to in Article 1 of Delegated Regulation (EU) 2022/2058 or the methodology referred to in Article 2 of that Regulation has been used to map the risk factor to the appropriate broad category and sub-category of risk factors of Table 2 of Article 325bd of Regulation (EU) No 575/2013. |
2. When assessing whether the institution’s internal model is implemented with integrity in accordance with Article 325bi(1) of Regulation (EU) No 575/2013 as regards requirements on the risk factors’ liquidity horizon, competent authorities shall verify whether:
(a) |
by using the elements referred to in paragraph 1 of this Article:
|
(b) |
the institution has in place objective criteria for identifying when a credit spread risk factor refers to an investment grade or a high yield position; |
(c) |
where the institution applies the derogation set out in Article 325bd(3) of Regulation (EU) No 575/2013 regarding the use of longer liquidity horizons in calculating the expected shortfall risk measure referred to in Article 325bb of that Regulation and the stress scenario risk measure referred to in Article 325bk of that Regulation, the institution distinguishes between positions belonging to trading desks for which the derogation is used from those trading desks for which the derogation is not used; |
(d) |
as part of the monthly verification referred to in Article 325bd(6) of Regulation (EU) No 575/2013, the institution verifies whether:
|
(e) |
only one currency is considered domestic for the purpose of mapping a risk factor to the broad category ‘Interest rate’ and sub-category ‘Most liquid currencies and domestic currency’ of Article 325bd, Table 2, of Regulation (EU) No 575/2013. |
For the purposes of point (c), competent authorities shall focus on risk factors belonging to the sub-category subject to the derogation and that are present both in trading desks for which the derogation is used and in trading desks for which the derogation is not used.
3. For the purposes of paragraph 2, point (a), competent authorities may require the institution to identify the risk factors in a sample of financial instruments or commodities, and make their assessment taking into account the nature of the financial instruments bearing the risk factors. When requiring that sample, competent authorities shall focus on financial instruments or commodities encompassing a sufficiently wide range of risk factor types to ensure a comprehensive assessment.
4. For the purposes of paragraph 2, point (d), of this Article competent authorities may require the institution to provide risk factors that were subject to a change in the sub-category, and verify that, following the monthly verification, the expected shortfall risk measure referred to in Article 325bb of Regulation (EU) No 575/2013 and the stress scenario risk measure referred to in Article 325bk of that Regulation reflected the changes in the liquidity horizon.
SECTION 3
Assessment of proxies and data quality
Article 34
Assessment of proxies
1. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to requirements on the use of proxies, competent authorities shall verify whether:
(a) |
the institution has established, as part of the internal policies referred to in Article 325bi(1), point (e), of Regulation (EU) No 575/2013, criteria outlining:
|
(b) |
the internal policies referred to in Article 325bi(1), point (e), of Regulation (EU) No 575/2013 cover all proxy approaches employed by the institution, including, where used:
|
(c) |
for non-modellable risk factors, there is a clear rationale for using a proxy approach, even though the number of returns N in the time series for the risk factor resulting from Article 7 of Delegated Regulation (EU) 2024/397 would allow for using the historical method or the asymmetrical sigma method referred to, respectively, in Articles 8 and 9 of that Delegated Regulation; |
(d) |
the approach used to proxy the risk factor is appropriate and ensures, as required by Article 325bh(1), point (g), of Regulation (EU) No 575/2013, a conservative calibration of the scenarios of future shocks for modellable risk factors and of the extreme scenarios of future shock for non-modellable risk factors; |
(e) |
for risk factors for which proxy data are used only for specific periods in the time series, there are no anomalous jumps between the parts of the time series that are proxied and the parts of the time series that are not proxied. |
2. For the purposes of paragraph 1, point (c), competent authorities shall, on a sample of risk factors that are proxied, verify whether:
(a) |
the proxy approach used for those risk factors is the approach described in the internal policies as referred to in paragraph 1, point (a), and the proxy used is economically meaningful; |
(b) |
the basis risk between that risk factor as proxied and other risk factors is duly captured, including where different risk factors are proxied by mapping them to the same risk factor; |
(c) |
there are no cases where, as a result of the proxy, the specific risk is not duly captured. |
When applying that assessment method, competent authorities shall choose a sample of risk factors reflecting a variety of proxy approaches, including, where used, factor models, beta approximations, and mapping of risk factors to benchmarks, including names representative of the sector and region or indices.
3. For the purposes of paragraph 1, point (c), competent authorities shall, on a sample of risk factors for which data in the last 12-month period have been proxied:
(a) |
require the institution to provide the time series of the proxied risk factors as used in the internal risk-measurement model and the time series of the corresponding pricing factors as used in the end-of-day valuation process; |
(b) |
verify that the volatilities of the two time series referred to in point (a) do not substantially diverge; |
(c) |
verify that the two time series are highly correlated. |
When applying that assessment method, competent authorities shall choose a sample of risk factors reflecting a variety of proxy approaches, including, where used, factor models, beta approximations, and mapping of risk factors to benchmarks, including names representative of a given sector and region or indices.
4. For the purposes of paragraph 1, point (c), to test the conservativeness of proxy approaches, competent authorities shall select a sample of approaches and apply, for each proxy approach, all the following steps in following order:
(a) |
require the institution to provide the time series of a sample of risk factors that are not proxied and that, if proxied, would follow the proxy approach being assessed; |
(b) |
require the institution to provide the time series that would be used by applying the proxy approach being assessed to the risk factors’ time series referred to in point (a); |
(c) |
for both time series, obtain the volatilities of the risk factors in the stress period and in the last 12-month period, and verify that the volatility resulting from the proxy time series referred to in point (b) does not underestimate the volatility resulting from the time series referred to in point (a). |
When applying that assessment method, competent authorities shall choose a sample of risk factors reflecting a variety of proxy approaches, including, where used, factor models, beta approximations, and mapping of risk factors to benchmarks, including names representative of a given sector and region or indices.
5. For the purposes of paragraph 1, point (c), competent authorities shall, on a sample of non-modellable risk factors for which proxy data have been used in the stress period despite the number of returns N in the time series for the risk factor resulting from Article 7 of Delegated Regulation (EU) 2024/397 would allow for using the historical method or the asymmetrical sigma method referred to, respectively, in Articles 8 and 9 of that Delegated Regulation:
(a) |
require the institution to provide the original time series for the risk factors before any proxy approach has been used; |
(b) |
require the institution to provide the time series used for the proxied risk factors; |
(c) |
compare the upward and downward calibrated shocks as resulting from the application of Article 8 and 9 of Delegated Regulation (EU) 2024/397 to the time series referred to in points (a) and (b) of this paragraph, and verify that shocks resulting from the proxied time series are not systematically less conservative than the shocks obtained by using the original time series. |
When applying that assessment method, competent authorities shall choose a sample of risk factors reflecting a variety of proxy approaches, including, where used, factor models, beta approximations, and mapping of risk factors to benchmarks, including names representative of the sector and region or indices.
Article 35
Assessment of the data quality
1. When assessing whether an institution’s data standards meet the minimum standards for the internal risk-measurement model to be considered reasonably accurate in measuring risks as required by Article 325bi(1), point (f), of Regulation (EU) No 575/2013, competent authorities shall verify whether:
(a) |
the institution documents, as part of its internal policies, any methodology used to fill in time series with missing data points, and whether such documentation contains sound analysis showing that those methodologies do not affect the risk factors’ volatilities and correlations; |
(b) |
the institution has established objective criteria setting out which methodology to fill in time series is used, where more than one methodology is available, and has documented those criteria in its internal policies; |
(c) |
the institution has established, as part of its internal policies, the process to be followed whenever the values in a time series are changed, and whether such process includes the documentation of the performed changes; |
(d) |
the institution does not perform filtering of data, including flooring, capping and exclusions of outliers, unless the institution is able to demonstrate that the excluded data point relates to erroneous or stale data, and the institution documents such an exclusion; |
(e) |
the institution performs periodic quality checks on the time series used for the computation of the expected shortfall risk measure, and documents those checks and the corresponding results are documented; |
(f) |
the institution analyses, as part of the checks referred to in point (e), the effect that missing or replaced data and the methodology used to obtain the time series have on the risk factors’ volatilities and correlations; |
(g) |
the data quality of the time series used by the institution is appropriate. |
For the purposes of point (e), competent authorities shall verify whether the institution monitors, as part of the checks referred to in that point, for each time series:
(a) |
the number of days for which data points were initially missing and were then filled in using a particular methodology; |
(b) |
the number of days for which data points were initially available and have been replaced using a particular methodology; |
(c) |
the number of days with no daily changes; |
(d) |
the maximum number of consecutive days with no daily change. |
2. For the purposes of paragraph 1, point (g), competent authorities shall:
(a) |
require the institution to provide an overview of their time series used in , , , , and , as referred to in Article 325bb of Regulation (EU) No 575/2013, and in the calculation of the stress scenario risk measures, as referred to in Article 7 of Commission Delegated Regulation (EU) 2024/397, and to include in that overview for each time series used:
|
(b) |
based on the overview referred to in point (a), identify those times series used for risk factors that may be affected by low data quality; |
(c) |
based on the overview referred to in point (a), select a sample of time series that are characterised by a high number of data points initially missing, and apply the following steps in the following order:
|
(d) |
based on the overview referred to in point (b), select a sample of time series characterised by a high number of data points that were initially available but have been substituted by other data points, and apply the following steps in the following order:
|
For the purposes of point (b), competent authorities may use, where appropriate, as a basis for the identification referred to in that point, the following indicators:
(a) |
time series with less than 10 % of initially available data points; |
(b) |
time series with 20 consecutive business days without any daily change; |
(c) |
time series with more than 20 % of days with no changes; |
(d) |
time series for which more than 50 % of the initially available data have been changed. |
Competent authorities shall require the institution to justify the use of those time series and, where applicable, the reason why the corresponding risk factor is included in the reduced set of risk factors as referred to in Article 325bc(2), points (a) and (b), and Article 325bc(3), points (a) and (b), of Regulation (EU) No 575/2013.
,
,
,
,
and
, as referred to in Article 325bb of Regulation (EU) No 575/2013, and on the stress scenario risk measures, as referred to in Article 7 of Commission Delegated Regulation (EU) 2024/397.
SECTION 4
Assessment of compliance with requirements relating to the back-testing and profit-loss attribution test
Article 36
Assessment of the technical elements to be included in the actual and hypothetical changes in the portfolio’s value for the back-testing requirements
1. When verifying whether an institution complies with Article 325bi(1), point (e), of Regulation (EU) No 575/2013 in relation to requirements on the technical elements to be included in the actual and hypothetical changes in the portfolio’s value, competent authorities shall verify whether the internal policies referred to in that point:
(a) |
specify all the elements referred to in Article 5 of Delegated Regulation (EU) 2022/2059 and, where applicable, all the elements referred to in Article 1(5), point (c), of that Regulation; |
(b) |
require the production of a periodic report, and, where the different elements contributing to the changes in the portfolio’s value are disentangled, daily figures, including:
|
(c) |
require the production of the report referred to in point (b) both at the level of each trading desk subject to trading desk’s back-testing requirements in accordance with Articles 1 and 3 of Delegated Regulation (EU) 2022/2059, and at the level of the portfolio subject to back-testing requirements in accordance with Articles 2 and 4 of Delegated Regulation (EU) 2022/2059; |
(d) |
specify the rectification processes to follow in the calculation of the actual and hypothetical changes in case of contingencies, exceptions, errors, and pricing failures. |
2. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to requirements on the technical elements to be included in the actual and hypothetical changes in the portfolio’s value, competent authorities shall:
(a) |
in relation to the calculation of the actual changes in the trading desk portfolio’s value as referred to in Article 1(1) of Delegated Regulation (EU) 2022/2059:
|
(b) |
in relation to the calculation of the actual changes in the portfolio’s value as referred to in Article 2 of Delegated Regulation (EU) 2022/2059:
|
(c) |
in relation to the calculation of the hypothetical changes in the trading desk portfolio’s value as referred to in Article 3 of Delegated Regulation (EU) 2022/2059:
|
(d) |
in relation to the calculation of the hypothetical changes in the portfolio’s value as referred to in Article 4 of Delegated Regulation (EU) 2022/2059:
|
(e) |
in relation to the processes followed by the institution to calculate actual and hypothetical changes:
|
For the purposes of points (a)(vi), (b)(v)(1), (c)(v) and (d)(v)(1), competent authorities shall verify whether the institution does not derive the adjustment applicable to the trading desk from a broader scope of positions than those assigned to the trading desk.
For the purposes of point (a)(vii), competent authorities shall evaluate how the institution risk-manages those adjustments.
For the purposes of points (b)(v)(2) and (d)(v)(2), competent authorities shall verify whether the whole adjustment calculated on that scope is included in the actual changes in the portfolio’s value.
For the purposes of point (c)(vi), competent authorities shall evaluate how the institution risk-manages those adjustments.
For the purposes of point (e)(ii), competent authorities shall review the history of contingencies, exceptions, errors, and pricing failures in the calculations of the changes in the portfolios’ values, assess how they have been remediated and, where relevant, the impact of those errors on the back-testing and profit-and-loss attribution test results.
For the purposes of point (e)(iii), competent authorities shall, where, due to stale data, those positions lead to no changes in the end-of-day valuation and in the actual and hypothetical changes in the portfolio’s value, assess whether, despite the lack of data, the risk-measurement model is reasonably accurate in measuring risks of those positions as referred to in Article 325bi(1), point (f), of Regulation (EU) No 575/2013.
3. For the purposes of paragraph 2, points (a) to (d), competent authorities may apply any of the following assessment methods:
(a) |
on a sample of transactions, require the institution to calculate and reconcile the changes in the end-of-day value as resulting from the end-of-day valuation process, the actual changes, and the hypothetical changes; |
(b) |
on a sample of transactions, require the institution to calculate the hypothetical changes and the risk-theoretical changes, and verify whether the effect of the passage of time is captured consistently; |
(c) |
compare the profile of the cumulative hypothetical changes to the portfolio’s value over a given period of time and the corresponding cumulative actual changes over the same period to assess the plausibility of the calculations performed by the institution. |
Article 37
Assessment of the analysis of overshootings
1. Competent authorities shall verify whether an institution analyses all overshootings referred to in Article 325bf of Regulation (EU) No 575/2013 in detail, in order to determine their causes.
2. For the purposes of paragraph 1, competent authorities shall verify whether the institution:
(a) |
identifies which portfolios or trading desks primarily caused the overshooting; |
(b) |
analyses the differences in the hypothetical and actual changes in the portfolio’s value; |
(c) |
analyses whether and which market movements, risk factors or parameters caused the overshooting; |
(d) |
analyses whether any modelling issues, or missing risk factors, contributed to the overshooting, and provides an explanation of which part of the changes in the portfolio’s value can be explained by the model and which cannot; |
(e) |
analyses whether process failures, including positions not being properly captured or missing updates of data, contributed to or caused the overshooting; |
(f) |
describes the results of actions taken as a result of points (a) to (e) when notifying competent authorities of overshootings that emerged from their back-testing programme conducted in accordance with Article 325bf of Regulation (EU) No 575/2013. |
3. Competent authorities shall verify whether, where the analysis referred to in paragraphs 1 and 2 identifies a material weakness or inaccuracy in the model or processes, the institution assesses that weakness or inaccuracy and promptly develops a plan for a timely return to compliance with the backtesting requirements to be assessed as part of the regular validation of the model.
4. Competent authorities shall verify whether the institution ensures both of the following:
(a) |
any overshooting, including those relating to the back-testing referred to in Article 325bf(5) of Regulation (EU) No 575/2013, is reported to senior management within three working days of the date the overshooting has been identified; |
(b) |
the analyses referred to in paragraphs 1 and 2 are reported to the competent authority and to the senior management within one month of the date the overshooting has occurred. |
Article 38
Assessment of compliance with the profit and loss attribution requirements
1. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to requirements on the technical elements to be included in the hypothetical changes in the trading desk portfolio’s value for the profit and loss attribution requirements referred to in Article 325bg of that Regulation, competent authorities shall verify whether, the time series of hypothetical changes in the trading desk portfolio’s value as used for the purpose of the back-testing requirements coincides with the time series of hypothetical changes in the trading desk portfolio’s value as used for the profit and loss attribution requirement, as required by Article 13 of Delegated Regulation (EU) 2022/2059.
2. When assessing an institution’s compliance with Article 325bi(1), point (e), of Regulation (EU) No 575/2013 in relation to requirements on the technical elements to be included in the theoretical changes in the portfolio’s value for the purpose of the profit and loss attribution requirements referred to in Article 325bg of that Regulation, competent authorities shall verify that the internal policies referred to in that point (e):
(a) |
ensure that the business days used in the calculation of the theoretical changes in the portfolio’s value are the same as those used in both the calculation of the expected shortfall risk measure referred to in Article 325bb of Regulation (EU) No 575/2013 and the stress scenario risk measure referred to in Article 325bk of that Regulation; |
(b) |
specify whether the institution aligns the snapshot time for which it calculates the theoretical changes in the trading desk portfolio’s value with the snapshot time for which it calculates the hypothetical changes in the trading desk portfolio’s value, as allowed by Article 6(2) of Delegated Regulation (EU) 2022/2059; |
(c) |
specify whether there are risk factors for which the institution, uses input data or values used in the calculation of the hypothetical changes to calculate the theoretical changes, or whether there are no risk factors for which such treatment is used, as allowed by Article 14 of Delegated Regulation (EU) 2022/2059; |
(d) |
cover all aspects referred to in Article 15(2) and (3) of Delegated Regulation (EU) 2022/2059 in relation to risk factors for which the institution uses input data or values used in calculating the hypothetical changes to calculate the theoretical changes, as allowed by Article 14 of that Delegated Regulation; |
(e) |
specify the rectification processes to follow in the calculation of the theoretical changes in case of contingencies, exceptions, errors, and pricing failures; |
(f) |
cover all aspects referred to in Article 15(1) of Delegated Regulation (EU) 2022/2059. |
For the purposes of point (c), where the treatment concerned is used for some, but not all, risk factors, competent authorities shall verify whether the internal policies specify objective criteria to select risk factors for which that treatment is applied.
For the purposes of point (d), competent authorities shall verify whether the institution uses quantitative criteria to assess the effect of the alignment referred to in Article 15(2), point (b), of Delegated Regulation (EU) 2022/2059.
3. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to the profit and loss attribution requirements referred to in Article 325bg of that Regulation, competent authorities shall:
(a) |
in relation to the calculation of the theoretical changes in the portfolio’s value:
|
(b) |
in relation to the profit and loss attribution results:
|
For the purposes of point (a)(ii), competent authorities shall evaluate whether the institution’s IT systems ensure the calculation of those changes on the same positions. To that effect, competent authorities may require the institution to provide the inventory of positions captured in the actual and theoretical changes, and compare those positions.
For the purposes of point (a)(iv), competent authorities shall verify whether the institutions’ systems ensure that the pricing functions used for calculating the theoretical changes are those used in the calculation of the expected shortfall risk measure referred to in Article 325bb of Regulation (EU) No 575/2013 and the stress scenario risk measure referred to in Article 325bk of that Regulation.
For the purposes of point (a)(v), competent authorities shall verify whether the institutions’ systems ensure that the value of other risk factors is kept constant when calculating the theoretical changes. Competent authorities may complement their assessment by using the assessment method referred to in paragraph 5.
For the purposes of point (a)(vi), competent authorities shall review the history of contingencies, exceptions, errors, and pricing failures in the calculations of the changes in the portfolios’ values, assess whether and how they have been remediated and, where relevant, assess the impact of those errors on the back-testing and profit-and-loss attribution test results.
4. For the purposes of paragraph 3, point (a)(iii), competent authorities shall use one or more of the following assessment methods:
(a) |
to require the institution to provide the inventory, at a given day and at the subsequent day as referred to in Article 12(1) of Delegated Regulation (EU) 2022/2059, of the positions in the portfolio on which it calculates theoretical changes, and assess whether those inventories coincide; |
(b) |
to verify that the risk theoretical changes are typically closer to the hypothetical than to the actual changes and, by using the reports referred to in Article 36, paragraph 1, points (b) and (c), identify those days in the time series where the actual and hypothetical changes differ the most due to a change in the trading desk’s portfolio composition, and verify that the theoretical changes in those days are not affected by such a change in the portfolio’s composition. |
5. For the purposes of paragraph 3, point (a)(v), competent authorities may:
(a) |
when the institution calculates the excepted shortfall risk measure referred to in Article 325bb of Regulation (EU) No 575/2013 or the stress scenario risk measure referred to in Article 325bk of that Regulation, require the institution to provide a sample of financial instruments in its portfolio, the prices of which depend both on risk factors that are shocked and risk factors that are not shocked; |
(b) |
when the institution calculates the theoretical changes related to the financial instruments referred to in point (a), verify whether, for a given reference date, the value of risk factors that are not shocked is kept constant. |
6. For the purposes of paragraph 3, point (b)(i), competent authorities shall, for the most material trading desks or all trading desks:
(a) |
require the institution to provide the time series of hypothetical and theoretical changes in the trading desk’s portfolio’s value used for calculating the Spearman correlation coefficient and Kolmogorov-Smirnov test metric as referred to in Article 6 of Delegated Regulation (EU) 2022/2059; |
(b) |
calculate the Spearman correlation coefficient in accordance with Article 7 of Delegated Regulation (EU) 2022/2059 and the Kolmogorov-Smirnov test metric in accordance with Article 8 of that Delegated Regulation; |
(c) |
verify whether the Spearman correlation coefficient and Kolmogorov-Smirnov test metric resulting from point (b) coincide with those obtained by the institution; |
(d) |
verify whether the classification of the trading desks to the zones referred to in Article 9 of Delegated Regulation (EU) 2022/2059 is correct. |
7. For the purposes of paragraph 3, point (b)(ii), competent authorities shall:
(a) |
identify the most material risk factors for which the institution applied the treatment referred to in Article 14(1) of Delegated Regulation (EU) 2022/2059; |
(b) |
verify whether the same risk factor is used in the calculation of the hypothetical and theoretical changes; |
(c) |
verify whether the value of the risk factors referred to in point (a) differs only because of the different sources or extraction times of their input data. |
The intensity at which the competent authority performs the assessment shall be proportionate to the effect that the alignment of risk factors’ input data has on the theoretical changes and on the profit and loss attribution test results as referred to in Article 15(2) of Delegated Regulation (EU) 2022/2059.
8. For the purposes of paragraph 3, point (b)(iii), competent authorities shall:
(a) |
identify the most material risk factors for which the institution applied the treatment referred to in Article 14(2) of Delegated Regulation (EU) 2022/2059; |
(b) |
for the risk factors referred to in point (a), acquire a comprehensive understanding of the techniques of the valuation systems that are used to derive the value of the risk factor from the input data, as referred to in Article 14(2), point (b), of Delegated Regulation (EU) 2022/2059; |
(c) |
on the basis of point (b) of this paragraph, assess whether the conditions referred to in Article 14(2) Delegated Regulation (EU) 2022/2059 are met, taking into account any rationale provided in accordance with Article 15(3) of that Regulation. |
The intensity at which the competent authority performs the assessment shall be proportionate to the effect that the alignment of risk factors’ values has on the theoretical changes and on the profit and loss attribution test results as referred to in Articles 15(2) of Delegated Regulation (EU) 2022/2059.
SECTION 5
Assessment of compliance with requirements relating to the treatment of foreign-exchange and commodity risk in the non-trading book
Article 39
Assessment of the calculation of the own funds requirements for foreign exchange and commodity risk in the non-trading book
1. When assessing an institution’s compliance with Article 325bi(1), point (e), of Regulation (EU) No 575/2013 in relation to requirements on the calculation of own funds requirements for market risk for positions in the non-trading book, competent authorities shall verify whether the internal policies referred to in that Article specify:
(a) |
the scope of foreign exchange positions in the non-trading book for which the institution calculates the own funds requirements with the alternative internal model approach and, where applicable, the underlying reason for excluding some positions from that scope; |
(b) |
the scope of commodity positions in the non-trading book for which the institution calculates the own funds requirements with the alternative internal model approach, and where applicable, the underlying reason for excluding some positions from that scope; |
(c) |
for positions subject to foreign exchange risk but not to commodity risk:
|
(d) |
the trading desks for which the hypothetical and the actual changes in the portfolio’s value in relation to a non-trading book position which is subject to commodity risk or both to commodity and foreign exchange risk are calculated in accordance with Article 5(2), point (a), of Delegated Regulation (EU) 2023/1577, and trading desks for which the changes are calculated in accordance with Article 5(2), point (b), of that Delegated Regulation, and the reason for that choice. |
2. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1), of Regulation (EU) No 575/2013 in relation to requirements on the calculation of own funds requirements for market risk for positions in the non-trading book, competent authorities shall:
(a) |
verify whether the internal processes referred to in Article 325bi(1), point (e), of Regulation (EU) No 575/2013 ensure:
|
(b) |
in relation to the calculation of own funds requirements for positions that are subject to foreign exchange risk as referred to in Article 3 of Delegated Regulation (EU) 2023/1577, verify whether:
|
(c) |
in relation to items meeting the conditions referred to in Article 3(6) of Delegated Regulation (EU) 2023/1577, verify whether:
|
(d) |
in relation to the calculation of own funds requirements for positions that are subject to commodity risk or both to commodity and foreign exchange risk as referred to in Article 4 of Delegated Regulation (EU) 2023/1577, verify whether scenarios of future shocks are applied only to risk factors belonging to the commodity broad risk factor category, and, where applicable, to the foreign exchange broad risk factor category; |
(e) |
verify whether the hypothetical and actual changes related to non-trading book positions subject to foreign exchange risk or commodity risk are calculated in accordance with Article 5 of Delegated Regulation (EU) 2023/1577. |
For the purposes of point (a)(iii), competent authorities shall verify how the institution includes in the internal risk-measurement model the net open positions stemming from different entities of the group.
3. For the purposes of paragraph 2, point (a)(ii), competent authorities may apply one of the two following approaches:
(a) |
on a sample of non-trading book positions taken on a given reference date, verify whether those positions are included in the scope of positions captured in the expected shortfall risk measure or stress scenario risk measure at that reference date or in the scope of positions of the alternative standardised approach; |
(b) |
require the institution to reconcile, on the one hand, the non-trading book positions taken at a given reference date and, on the other hand, the non-trading book positions that are in the scope of the internal risk-measurement model and in the scope of the alternative standardised approach at that reference date. |
4. For the purposes of paragraph 2, point (a)(iii), competent authorities may require the institution to provide types of positions that are included in the model and that stem from assets and liabilities that do not attract market risk when the own funds requirements are calculated at the individual level, but attract it when the own funds requirements are calculated at the consolidated level because of translation risk.
5. For the purposes of paragraph 2, point (a)(v), competent authorities may require the institution to reconcile the items that the institution identified as meeting the conditions referred to in Article 3(6) of Delegated Regulation (EU) 2023/1577 for calculating the own funds requirements with the alternative internal model approach, with the items meeting those conditions in accordance with the applicable accounting framework.
6. For the purposes paragraph 2, point (b), competent authorities may, on a sample of non-trading book positions and for a reference date for the calculation of the expected shortfall risk measure as referred to in Article 325bb of Regulation (EU) No 575/2013 and the stress scenario risk measure as referred to in Article 325bk of that Regulation, apply the following assessment method:
(a) |
require the institution to provide the list of:
|
(b) |
require the institution to provide the value of the risk factors referred to in point (a) at the following dates:
|
(c) |
verify whether:
|
7. For the purposes of paragraph 2, point (b), competent authorities may, on a sample of non-trading book positions and for a reference date for the calculation of the expected shortfall risk measure as referred to in Article 325bb of Regulation (EU) No 575/2013 and the stress scenario risk measure as referred to in Article 325bk of that Regulation, apply the following assessment method:
(a) |
assess how the institution disentangles the foreign exchange risk factors from other inputs used to determine the accounting value of a position; |
(b) |
require the institution to provide the list of risk factors out of the foreign exchange risk factors referred to in point (a) on which the institution applies scenarios of future shocks when calculating the expected shortfall risk measure referred to in Article 325bb of Regulation (EU) No 575/2013 or the stress scenario risk measure referred to in Article 325bk of that Regulation; |
(c) |
obtain the value of the foreign exchange risk factors and of other inputs used to determine the accounting value at the following dates:
|
(d) |
verify whether:
|
8. For the purposes of paragraph 2, point (d), competent authorities may, on a sample of non-trading book positions and for a reference date for the calculation of the expected shortfall risk measure referred to in Article 325bb of Regulation (EU) No 575/2013 and the stress scenario risk measure referred to in Article 325bk of that Regulation, apply the following assessment method:
(a) |
require the institution to provide the list of:
|
(b) |
verify whether in the list referred to in point (a)(ii), there are only risk factors reflecting commodity risk, and foreign exchange risk where applicable. |
9. For the purposes of paragraph 2, point (e), competent authorities may, on a sample of non-trading book positions, apply the following assessment method:
(a) |
require the institution to provide a description of the valuation inputs used to determine the accounting or the fair value of the position; |
(b) |
require the institution to provide the values of such valuation inputs at the end of the day following the calculation of the value-at-risk number referred to in Article 325bf of Regulation (EU) No 575/2013 and at the end of the previous day, as used in the calculation of the hypothetical and actual changes to the portfolio’s value; |
(c) |
verify whether, depending on the position subject to the assessment, the values are updated or kept unchanged as required by Article 5(2) of Delegated Regulation (EU) 2023/1577. |
SECTION 6
Assessment of the calculation of the expected shortfall risk measures and the stress scenario risk measure
Article 40
Assessment of the capability of the internal risk-measurement model to capture non-linearities
1. When assessing an institution’s compliance with Article 325bh(1), point (b), of Regulation (EU) No 575/2013 in relation to requirements on the effectiveness and capability of the internal-risk measurement model to capture non-linearities of options and other products for an institution using a sensitivity-based approach, competent authorities shall verify whether:
(a) |
the internal risk-measurement model captures at least the material first- and second-order terms of Taylor series approximations to reflect the change in the prices due to changes in relevant risk factors, including the cross-gamma risk represented by material joint-moves in risk factors; |
(b) |
the sensitivity-based approach leads to appropriate results, including where severe shocks are applied to the risk factors. |
2. For the purposes of paragraph 1, competent authorities may apply the following steps in the following order:
(a) |
identify products for which competent authorities want to test the materiality of the order terms of a Taylor series approximation, and the appropriateness of the sensitivity-based approach under severe shock; |
(b) |
identify a business day in the stress period where the returns observed for the risk factors in those products were particularly high, where positive, or particularly low, where negative; |
(c) |
require the institution to calculate the hypothetical and theoretical changes in the values of those products in accordance with Delegated Regulation (EU) 2022/2059, under the scenario identified by the returns on the business day identified in accordance with point (b); |
(d) |
based on the results of the calculation referred to in point (c), assess whether the sensitivity-based approach leads to appropriate results. |
Article 41
Assessment of the calculation of the expected shortfall risk measure
1. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to the calculation of the unconstrained expected shortfall measures and of the partial expected shortfall measures for all broad categories of risk factors at a reduced frequency as referred to in Article 325bb(4) of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
analyse the process that the institution uses to determine the day of the week when the measures are computed; |
(b) |
verify that a reduction in the calculation frequency does not lead to an underestimation of risk. |
2. For the purposes of paragraph 1, point (b), competent authorities shall:
(a) |
verify whether the analysis performed by the institution is adequate to demonstrate that there is no underestimation of risk; |
(b) |
verify whether the evolution of the daily figures for UES
t
, , and calculated on all portfolio’s positions as required by Article 325bb(1) of Regulation (EU) No 575/2013, does not systematically show a lower risk profile in the day chosen by the institution. |
3. For the purposes of paragraph 2, point (b), competent authorities may, where there are hints of a systematically lower risk profile, complement their assessment by:
(a) |
requiring the institution to calculate daily and for a given period the unconstrained expected shortfall measures and the partial expected shortfall measures , and for each broad risk factor categories; |
(b) |
analysing whether those measures are systematically lower on the day chosen by the institution. |
Article 42
Assessment of the calculation of the partial expected shortfall measures
1. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to the calculation of the partial expected shortfall measures referred to in Article 325bc of that Regulation, competent authorities shall:
(a) |
verify whether the estimator used by the institution to estimate the expected shortfall risk measures is conceptually sound and reasonably accurate; |
(b) |
verify whether, when calculating partial expected shortfall measures and as required by Article 325bc(1) of Regulation (EU) No 575/2013, the institution identifies effective liquidity horizons of the risk factors of a given position, taking into account the maturity of the position in accordance with Article 325bd(4) of that Regulation; |
(c) |
verify whether, as part of the internal policies referred to in Article 325bi(1), point (e), of Regulation (EU) No 575/2013, the institution has established objective criteria that are appropriate for choosing the risk factors forming the subset of modellable risk factors referred to in Article 325bc(2), point (a), of that Regulation; |
(d) |
verify whether risk factors that are not part of the subset of modellable risk factors chosen by the institution in accordance with Article 325bc(2), point (a), of Regulation (EU) No 575/2013 are kept constant when computing and ; |
(e) |
verify whether the techniques used to calculate
and those used to calculate are the same, except for those deviations necessary to ensure the fulfilment of requirements set out in Article 325bc(2) to (4) of Regulation (EU) No 575/2013; |
(f) |
verify whether, when calculating the
, the institution uses equally weighted data in the observation period; |
(g) |
in relation to the identification of the stress period, verify whether the 12-month rolling windows tested to determine the stress period starts at least from 1 January 2007 as referred to in Article 325bc(2), point (c), of Regulation (EU) No 575/2013 and that the internal policies of the institution specify the frequency of update of the stress period for the calculation of the partial expected shortfall measures, and the other applicable criteria triggering its update. |
For the purposes of point (e), competent authorities shall obtain an overview of the differences in the techniques employed by the institution when calculating the partial expected shortfall measures calibrated on the recent 12-month period and on the stress period, and verify whether those differences do not go beyond what is needed to achieve compliance with the requirements set out in Regulation (EU) No 575/2013.
For the purposes of point (g), competent authorities shall verify, also on the basis of past updates, whether the stress period is updated at least with a quarterly frequency and that the institution has followed any possible criteria specified in the internal policies.
2. For the purposes of paragraph 1, point (a), competent authorities:
(a) |
shall verify how the institution choses the estimator it uses and the analysis made to support such choice; |
(b) |
verify whether the expected shortfall estimator corresponds either to the integral of the estimator for the Value-at-Risk numbers referred to in Article 325bf of Regulation (EU) No 575/2013 understood as a function of the tail probability from zero to one minus the relevant confidence level, and dividing by one minus the relevant confidence level, or to a more conservative choice; |
(c) |
may compare the Value-at-Risk and expected-shortfall estimators used by the institution against the estimators included in Table 1. Table 1
|
(d) |
where the calculation of the expected shortfall risk measures is based on Monte Carlo simulations, verify whether the number of simulations ensures convergence towards stable results. |
For the purposes of point (d), competent authorities shall review the tests performed by the institution to set the number of simulations, and the statistical tests ensuring that the randomness properties of the sequences used to generate the simulation are appropriate. Where the competent authority deems those tests insufficient, it may use the assessment method referred to in paragraph 4.
3. For the purposes of paragraph 1, point (b), competent authorities shall:
(a) |
require the institution to provide the Monte Carlo statistical error at 95 % confidence level, and verify whether the method employed to measure such statistical error is sound; |
(b) |
require the institution to calculate the expected shortfall risk measures with several different seeds, all other assumptions being equal; |
(c) |
assess whether the differences in the expected shortfall risk measures with a different seed resulting from the calculation in accordance with point (b) are compatible with the statistical error referred to in point (a). |
(d) |
where competent authorities deem the results referred to in point (c) incompatible, assess the root cause of such incompatibility, and assess the number of simulations needed to ensure that the statistical error is below 5 %. |
4. For the purposes of paragraph 1, point (c), competent authorities shall:
(a) |
obtain an overview of the risk factors chosen by the institution and verify:
|
(b) |
verify whether, where the position has a maturity of less than 10 days, the effective liquidity horizon of all risk factors is set to 10 days, and that such position does not impact the calculation of for ; |
(c) |
where the position has a maturity of Mat days, with , verify whether:
|
(d) |
verify whether, where the position has a maturity of Mat days, with , the institution has assigned all risk factors of that position to an effective liquidity horizon corresponding to the liquidity horizon SubCatLH assigned to the risk factors; |
(e) |
verify whether, when computing , the institution keeps constant those risk factors with an effective liquidity horizon that is lower than the liquidity horizon corresponding to the index j. |
For the purposes of point (a)(ii), competent authority shall assess by which margin the institution exceeded the threshold in the previous quarters.
For the purposes of point (a)(iii), competent authorities may, where they deem insufficient the testing of alternative subsets carried out by the institution, require the institution to test alternative subsets and assess whether alternative choices lead to material differences in terms of own funds requirements.
Article 43
Assessment of distributional and statistical assumption
1. When assessing whether institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to the requirement for the expected shortfall risk measures referred to in Article 325bb of Regulation (EU) No 575/2013 to reflect historically observed data in accordance with Article 325bc(2), point (c), and Article 325bc(4), point (c), of that Regulation, competent authorities shall verify whether:
(a) |
the distributional and any other relevant statistical assumptions used in the model, including volatility and correlations, are well justified, including with regard to the tail of the distributions relevant for the expected shortfall calculation;. |
(b) |
the empirical correlations that the institution uses when applying scenario of future shocks to reflect the joint movement of risk factors in the calculation of the expected shortfall risk measures referred to in Article 325bb of Regulation No 575/2013 are based on historically observed data in accordance with Article 325bc(2), point (c), and Article 325bc(4), point (c), of that Regulation. |
For the purposes of point (b) of the first subparagraph, competent authorities may, where appropriate, require the institution to:
(a) |
provide a sample of time series; |
(b) |
calculate the empirical correlations among those time series; |
(c) |
verify whether the correlations referred to in point (b) do not materially differ from the correlations used by the institution in its internal risk-measurement model. |
2. For the purposes paragraph 1, competent authorities shall compare, on the basis of a sample of time series:
(a) |
the volatility and other distributional properties of the scenario of future shocks applied to a given risk factor in the calculation of the partial expected shortfall measures; |
(b) |
the volatility and other distributional properties of the returns observed for the given risk factor. |
Competent authorities shall do the assessment referred to in paragraph 1 on the basis of both the period referred to in Article 325bc(4), point (c), of Regulation (EU) No 575/2013 and the period of financial stress referred to in Article 325bc(2), point (c), of that Regulation.
3. For the purposes of paragraph 1, competent authorities may, on a sample of risk factors, perform additional tests, including normality tests, to assess whether the distributions assumed by the institution are adequate. Competent authorities may require the institution to provide the impact that using alternative distributions would have on the expected shortfall risk measures.
Article 44
Assessment of the stress scenario risk measure
1. When assessing an institution’s compliance with Article 325bi(1), point (e), of Regulation (EU) No 575/2013 in relation to requirements on the determination of the extreme scenario of future shock, competent authorities shall verify whether the internal policies referred to in that point meet all of the following requirements:
(a) |
the internal policies comply with Article 21 of Delegated Regulation (EU) 2024/397; |
(b) |
the internal policies require the production of an up-to-date inventory which, for each non-modellable risk factor:
|
(c) |
internal policies specify the criteria referred to in Article 1, point (a)(i) and Article 4, point (a)(i), of Delegated Regulation (EU) 2024/397, establishing when either the direct method or the stepwise method referred to in Article 2, Article 3, Article 5 and Article 6 of that Delegated Regulation is used with reference to any non-modellable risk factor or non-modellable standardised bucket; |
(d) |
internal policies specify the criteria to identify business and non-business days in a way that is consistent across the calculation of the stress scenario risk measure referred to in Article 325bk of Regulation (EU) No 575/2013 and the calculation of the expected shortfall risk measure referred to in Article 325bb of that Regulation; |
(e) |
internal policies specify the criteria to identify risk factors for which the institution determines the stress scenario risk measure by applying a regulatory extreme scenario of future shock in accordance with Article 14 of Delegated Regulation (EU) 2024/397; |
(f) |
internal policies require that the institution keeps track of all pricing failures as referred to in Article 13(3) of Delegated Regulation (EU) 2024/397, the cause of the pricing failures, and the remedial actions taken under that Article; |
(g) |
internal policies specify the frequency of updates, in accordance with Article 12(4) of Delegated Regulation (EU) 2024/397, of the stress period used for the determination of the extreme scenario of future shock, and the other possible criteria triggering an update of such stress period. |
2. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to requirements on the calculation of the stress scenario risk measure referred to in Article 325bk of that Regulation, competent authorities shall:
(a) |
where the institution uses the direct method referred to in Article 2 of Delegated Regulation (EU) 2024/397 in relation to non-modellable risk factors:
|
(b) |
where the institution uses the direct method referred to in Article 5 of Delegated Regulation (EU) 2024/397 in relation to non-modellable standardised buckets:
|
(c) |
in relation to the determination of the time series of 10 business days returns referred to in Article 7 of Delegated Regulation (EU) 2024/397:
|
(d) |
in relation to the implementation of the fallback method referred to in Article 10 of Delegated Regulation (EU) 2024/397:
|
(e) |
require the institution to identify non-modellable risk factors or non-modellable standardised buckets for which the value of the non-linearity coefficient referred to in Articles 17 and 18 of Delegated Regulation (EU) 2024/397 is equal either to κ min or κ max , as referred to in those Articles, and verify whether the extreme scenario of future shock is appropriate or whether, in accordance with Article 325bk(3), point (b), of Regulation (EU) No 575/2013, the institution is to be required to apply a regulatory extreme scenario of future shock in accordance with Article 14 of Delegated Regulation (EU) 2024/397; |
(f) |
in relation to the determination of the stress period as required by Article 12 of Delegated Regulation (EU) 2024/397:
|
(g) |
in relation to the computation of losses with sensitivity-based pricing methods under the conditions set out in Article 13(3) of Delegated Regulation (EU) 2024/397:
|
(h) |
in relation to the determination of the regulatory extreme scenario of future shock referred to in Article 14 of Delegated Regulation (EU) 2024/397:
|
For the purposes of point (a)(ii), competent authorities shall verify whether the justification provided fits with the criteria referred to in point (a)(i) and the related changes are not driven by the fact that one method leads to a lower stress scenario risk measure than the other.
For the purposes of point (b)(ii), competent authorities shall verify whether the justification provided fits with the criteria referred to in point (b)(i) and is not driven by the fact that one method leads to a lower stress scenario risk measure than the other.
For the purposes of point (g)(ii), competent authorities shall verify that the institution calculates the losses related to other financial instruments and commodities bearing that risk factor but not subject to a pricing failure with the pricing methods used in the risk measurement model in accordance with Article 13(2) of Delegated Regulation (EU) 2024/397.
3. For the purposes of paragraph 2, points (a)(ii) and (b)(ii), competent authorities may compare the stress scenario risk measure of the risk factors or standardised buckets for which a change in the approach has occurred and assess whether the changes systematically correspond to a lower stress scenario risk measure.
4. For the purposes of paragraph 2, point (c)(i), competent authorities may, on a sample of time series of observations referred to in Article 7(1), point (a), of Delegated Regulation (EU) 2024/397, verify that where observations in the time series are constants over subsequent business days, the actual market data for the risk factor are unchanged. When collecting the sample, competent authorities shall consider time series characterised by a large amount of data without changes over subsequent business days.
5. For the purposes paragraph 2, point (c)(iii), competent authorities may, on a sample of risk factors, compare the risk factors’ observations that the institution uses to calculate the expected shortfall for the risk factor when it was modellable against the risk factors’ observations that the institution uses to calculate the stress scenario risk measure.
6. For the purposes of paragraph 2, point (d)(ii), competent authorities may, on a sample of risk factors for which the institution uses the approaches referred to in Article 10(2) or (3), of Delegated Regulation (EU) 2024/397, verify whether those risk factors meet the conditions for being subject to that methodology.
7. For the purposes of paragraph 2, point (d)(iii), competent authorities may, on a sample of risk factors for which the approach referred to in Article 10(4), of Delegated Regulation (EU) 2024/397 is used, verify whether the corresponding selected risk factors meet the conditions referred to in paragraph 5 of that Article.
When verifying whether the two risk factors are of the same nature in accordance with Article 10(5), point (b), of Delegated Regulation (EU) 2024/397 and whether those risk factors do not differ for features leading to an underestimation of the volatility in accordance with Article 10(5), point (c), of that Delegated Regulation, competent authorities shall verify whether the risk factors share the main characteristics, and whether the selected risk factor attracts name-related specific risk if the non-modellable risk factor attracts it.
8. For the purposes of paragraph 2, point (d)(iii), competent authorities may, on a sample of risk factors for which the methodology referred to in Article 10(4) of Delegated Regulation (EU) 2024/397 is used:
(a) |
require the institution to test alternative suitable risk factors meeting the conditions referred to in Article 10(5) of Delegated Regulation (EU) 2024/397 instead of the risk factors selected by the institution; |
(b) |
compare the extreme scenario of future shock obtained using the risk factors selected by the institution and the extreme scenario of future shock obtained using the alternative risk factors referred to in point (a); |
(c) |
assess whether the risk factors selected by the institution lead to a systematic underestimation of the extreme scenario of future shock; |
9. For the purposes of paragraph 2, point (d)(iii), competent authorities may, on a sample of risk factors for which the methodology referred to in Article 10(4) of Delegated Regulation (EU) 2024/397 is used and for which observations over a 1-year period are more than twelve:
(a) |
require the institution to estimate the volatility of those risk factors over that 1-year period; |
(b) |
require the institution to estimate the volatility over that 1-year period of the risk factors selected in accordance with Article 10(5) of Delegated Regulation (EU) 2024/397 for the risk factors referred to in point (a); |
(c) |
assess whether the volatility of the risk factors selected by the institution resulting from the estimation referred to in point (b) is systematically lower than the volatility of the risk factors in the institution risk-measurement model resulting from the estimation referred to in point (a). |
10. For the purposes of paragraph 2, point (e), competent authorities may, on a sample of risk factors and standardised buckets:
(a) |
assess whether the non-linearity coefficient is equal to κ
min
or κ
max
because extremely high or extremely low values characterise the numerator or denominator of the following term as used in the computation of κ in accordance with Articles 17 and 18 of Delegated Regulation (EU) 2024/397; |
(b) |
require the institution to plot the loss resulting from risk factor changes in the neighbourhood of the extreme scenario of future shock and assess whether the profile of the loss function is particularly concave or convex in that neighbourhood. |
When performing such assessment, competent authorities shall choose the set of non-modellable risk factors and standardised buckets considering their materiality.
11. For the purposes of paragraph 2, point (f)(i), competent authorities may, where appropriate and where losses corresponding to changes in material non-modellable risk factors or non-modellable standardised buckets are highly non-linear:
(a) |
require the institution to determine the stress period by maximising the value referred to in Article 12(1) of Delegated Regulation (EU) 2024/397 on a set of non-modellable risk factors or any non-modellable standardised bucket belonging to the same broad category of risk factors, using the pricing methods that the institution uses in the risk-measurement model in accordance with Article 13(2) of that Delegated Regulation; |
(b) |
require the institution to determine the stress period by maximising the value referred to in Article 12(1) of Delegated Regulation (EU) 2024/397 on the set referred to in point (a) of this paragraph, using sensitivity-based pricing methods in accordance with Article 13(4) of that Delegated Regulation; |
(c) |
assess whether the stress periods determined in accordance with points (a) and (b) materially differ. |
The set of non-modellable risk factors or non-modellable standardised buckets referred to in the first subparagraph, point (a), shall be chosen considering their materiality and the non-linear profile of the loss to changes in their values. To identify non-modellable risk factors or non-modellable standardised buckets with a non-linear loss profile, competent authorities may use as a basis the value of the non-linearity coefficient κ calculated in accordance with Article 17 or Article 18 of Delegated Regulation (EU) 2024/397.
12. For the purposes of paragraph 2, point (f)(ii), competent authorities may:
(a) |
require the institution to determine the stress period by maximising the value referred to in Article 12(1) of Delegated Regulation (EU) 2024/397 on a set of non-modellable risk factors or any non-modellable standardised bucket belonging to the same broad category of risk factors, using the pricing methods used in the risk-measurement model in accordance with Article 13(2) of that Delegated Regulation; |
(b) |
assess whether the stress period determined in accordance with point (a) significantly differs from the stress period identified by the institution when applying the methodology referred to in Article 12(2) of Delegated Regulation (EU) 2024/397. |
13. For the purposes of paragraph 2, point (g), competent authorities may, on a sample of pricing failures that the institution may have faced, verify whether the institution followed the processes and methods referred to in paragraph 2, point (g)(i), and assess on that basis the robustness of those processes and methods.
14. For the purposes of paragraph 2, point (h)(iii), competent authorities may, on a sample of non-modellable risk factors or non-modellable standardised buckets:
(a) |
require the institution to generate a time series of returns from a fat-tailed statistical distribution prescribed by the competent authority and calculate the extreme scenario of future shock with the stepwise method referred to in Article 3 and Article 6 of Delegated Regulation (EU) 2024/397 combined with the historical method referred to in Article 8 of that Delegated Regulation; |
(b) |
verify the conservativeness of the institution’s expert-based approach by comparing the regulatory extreme scenario of future shock resulting from that approach with the extreme scenario of future shock calculated in accordance with point (a). |
15. By way of derogation from the first subparagraph, point (a), competent authorities may require the institution to use the time series of another similar risk factor instead of generating the time series from a conservative distribution. For the purposes of paragraph 2, point (h)(iv), competent authorities may, on a sample of non-modellable risk factors or non-modellable standardised buckets and at a given reference date, verify whether:
(a) |
the risk factors or standardised buckets for which the stress scenario risk measure are determined by applying a regulatory extreme scenario of future shock in accordance with Article 14 of Delegated Regulation (EU) 2024/397 fulfil the criteria identified by the institution to use that method; |
(b) |
the risk factors or standardised buckets for which the stress scenario risk measure is not determined by applying a regulatory extreme scenario of future shock in accordance with Article 14 of Delegated Regulation (EU) 2024/397 do not fulfil the criteria that the institution identified to use that method. |
16. For the purposes of paragraph 2, point (i), competent authorities may, on a sample of non-modellable risk factors:
(a) |
verify whether the nature of the risk factor is such that it reflects idiosyncratic risk only by reviewing the description of the risk factor provided in the list referred to in Article 33(1) of this Regulation, and the data inputs used to mark it, as required by Article 16(3), point (a), and Article 16(4), point (a), of Delegated Regulation (EU) 2024/397; |
(b) |
perform hypothesis testing to assess the significance of correlation coefficients between risk factors in the sample and compare the results of that hypothesis testing with the results that the institution obtained when performing the statistical tests referred to in Article 16(3), point (d), and Article 16(4), point (d), of Delegated Regulation (EU) 2024/397. |
CHAPTER 4
ASSESSMENT OF THE INTERNAL DEFAULT RISK MODEL USED TO COMPUTE THE ADDITIONAL OWN FUNDS REQUIREMENT FOR DEFAULT RISK
SECTION 1
Overview of the assessment
Article 45
Assessment of the internal default risk model used to compute the additional own funds requirement for default risk
When assessing the institution’s compliance with the requirements applicable to the internal default risk model as referred to in Articles 325bn, 325bo and 325bp, competent authorities shall assess whether the institution complies with:
(a) |
the general requirements for the internal default risk model in accordance with Section 2; |
(b) |
the requirements for estimates for default probabilities and losses given defaults in accordance with Section 3; |
(c) |
the requirements for default correlation between issuers, recognition of hedges and other particular requirements in accordance with Section 4. |
SECTION 2
Assessment of general requirements
Article 46
Assessment of the scope of positions subject to default risk
1. When assessing whether an institution’s internal model is implemented with integrity in relation to the scope of positions subject to the own funds requirement for default risk referred to in Article 325bl of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
verify whether the institution’s internal systems ensure that all positions containing at least one risk factor mapped to the broad categories of risk factors ‘equity’ or ‘credit spread’, as referred to in Article 325bd(1) of Regulation (EU) No 575/2013, are included in the scope of the additional own funds requirement for default risk; |
(b) |
obtain an overview of the default risk in the institution’s portfolio, by requiring the institution to provide an inventory of positions aggregated by one or more dimensions and the corresponding aggregated jump-to-default exposures. |
For the purposes of point (a), competent authorities shall verify the consistency between the mapping and the inventories referred to in Articles 33(1), 48(1) and Article 49(1).
For the purposes of point (b), competent authorities may, depending on the portfolio, require the institution to aggregate the positions by different dimensions, including by:
(a) |
positions having the same rating; |
(b) |
positions falling within the same exposure class; |
(c) |
positions sharing the same systematic risk factors as those referred to in Article 325bp(1) of Regulation (EU) No 575/2013. |
2. For the purposes of paragraph 1, point (a), competent authorities may:
(a) |
require the institution to provide the list of positions assigned to trading desks for which the institution has been granted the permission to use internal models referred to in Article 325az of Regulation (EU) No 575/2013 or is in the process of being granted such permission; |
(b) |
require the institution to identify those positions containing a risk factor mapped to the broad category of risk factors ‘equity’ or the broad category of risk factors ‘credit spread’, as referred to in Article 325bd(1) of Regulation (EU) No 575/2013, and the corresponding traded debt or equity instrument in accordance with Article 325bi of that Regulation; |
(c) |
verify the accuracy of the list referred to in point (a) and of the identification referred to in point (b); |
(d) |
verify, on a sample of instruments identified in point (b), whether those instruments are in the scope of instruments included in the calculation of the own funds requirement for default risk. |
Article 47
Assessment of accuracy and frequency of the calculation of the own fund requirement for default risk
1. When assessing whether an institution’s own funds requirements for default risk equal a value-at-risk number at a 99,9 % confidence interval level as required by Article 325bn(1), points (a) and (b), of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
verify whether the estimator used by the institution to estimate the value-at-risk is accurate; |
(b) |
where the value-at-risk calculation is based on Monte Carlo simulations, verify whether the number of simulations ensures convergence towards stable results, and the randomness properties of the sequences used to generate the simulations; |
(c) |
verify whether, before calculating the changes in the portfolio’s value following issuers’ defaults, the value of the positions in the institution’s portfolios refers to the value-at-risk’s reference date; |
(d) |
verify whether, with the exception of the positions subject to the derogation referred to in Article 325bn(3) of Regulation (EU) No 575/2013, a one-year time horizon is used in the computation of the value-at-risk; |
(e) |
where the default risk is computed less frequently than daily, analyse the process used by the institution to determine the frequency of the calculation of the own funds requirements for default risk, and verify whether the calculation at a reduced frequency does not lead to underestimation of risk; |
(f) |
verify whether for equity instruments, prices are set to zero when simulating the defaults of those equity instruments, and whether that is systematically ensured by the internal systems, and may verify whether that is the case on a sample of equity positions. |
For the purposes of point (a), competent authorities shall verify how the institution chose the estimator and the analysis made to back such choice.
For the purposes of point (b), competent authorities shall review the tests performed by the institution to set the number of simulations.
For the purposes of point (d), competent authorities shall verify whether the rationale of the institution for applying that derogation is sound, in particular when the institution uses a time horizon of 60 days for some equity positions, and a one-year time horizon for some other equity positions.
For the purposes of point (e), competent authorities:
(a) |
shall, where the default risk is computed weekly, analyse the process used by the institution to determine the day of the week when the own funds requirements for default risk are calculated; |
(b) |
shall require the institution to calculate, where not yet available, daily jump-to-default exposures over a given period, and assess whether those exposures hint at a systematically lower risk profile on those days in which the own funds requirements are calculated; |
(c) |
may also use additional figures that may be computed daily by the institution for internal risk-management purposes, including daily sensitivities to the most material issuers. |
For the purposes of the fourth subparagraph, point (b), where there are hints of a systematically lower risk profile, competent authorities may complement their assessment by requiring the institution to calculate, on a daily basis and for a given period, its own funds requirements for default risk, and by analysing whether those measures are systematically lower on the days chosen by the institution.
2. For the purposes of paragraph 1, point (b), competent authorities may, where they deem the tests performed by the institution to set the number of simulations insufficient:
(a) |
require the institution to provide the Monte Carlo statistical error at 95 % confidence level, and verify whether the method employed to measure such statistical error is sound; |
(b) |
require the institution to calculate the value-at-risk measure with several different seeds, all other assumptions being equal, and verify that the method used to generate simulation does not create bias in the results; |
(c) |
assess whether the differences in the value-at-risk measures with a different seed, as calculated in accordance with point (b), are compatible with the statistical error referred to in point (a), and, where that is not the case, assess the root cause of such incompatibility and the number of simulations needed to ensure that the statistical error is below 5 %. |
SECTION 3
Assessment of default probabilities and losses given default estimates
Article 48
Assessment of default probabilities
1. When assessing an institution’s compliance with Article 325bi(1), point (e), of Regulation (EU) No 575/2013 in relation to the requirements on the estimation of default probabilities, competent authorities shall verify whether the internal documentation covers all aspects laid down in Article 5 of Delegated Regulation (EU) 2023/1578, and whether the institution’s internal policies require the production of an up-to-date inventory specifying:
(a) |
the methods that the institution uses to estimate default probabilities, including the materiality of each different method in terms of number of issuers, size of positions, and contribution to the default risk own funds requirements; |
(b) |
for each issuer, the default probability value, the rating, where available, and whether:
|
(c) |
for all issuers, the exposure class referred to in Article 147(2) of Regulation (EU) No 575/2013 to which their exposure belongs; |
(d) |
for issuers for which an estimate of default probability is obtained by using external sources as referred to in Article 2 of Delegated Regulation (EU) 2023/1578, whether the estimate is obtained in combination with current market prices as referred to in Article 325bp(5), point (c), of Regulation (EU) No 575/2013 and Article 2(4), point (b), of Delegated Regulation (EU) 2023/1578. |
2. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to requirements on the estimation of default probabilities, competent authorities shall:
(a) |
verify whether:
|
(b) |
by using the inventory referred to in paragraph 1 of this Article, verify whether all estimates are floored as required by Article 325bp(5), point (a), of Regulation (EU) No 575/2013; |
(c) |
verify whether any method used for scaling a default probability to the applicable time horizon referred to in Article 325bp(5), point (b), or Article 325bn(3) of Regulation (EU) No 575/2013, is conceptually sound and whether such method is supported by robust analysis; |
(d) |
verify whether:
|
(e) |
assess whether and how extreme declines in market prices as referred to in Article 325bp(5), point (c), of Regulation (EU) No 575/2013 are considered when the institution determines the estimates of default probabilities and whether and how those declines relate to the credit worthiness of an issuer; |
(f) |
for default probabilities that are obtained in accordance with paragraph 1, points (b)(i) to (b)(iii), of this Article verify whether those default probabilities take into account the margin of conservatism referred to in Article 179(1), point (f), and Article 180(1), point (e), of Regulation (EU) No 575/2013; |
(g) |
for default probabilities that are obtained in accordance with paragraph 1, point (b)(i):
|
(h) |
for default probabilities that are obtained in accordance with paragraph 1, point (b)(ii):
|
(i) |
for default probabilities that are obtained in accordance with paragraph 1, point (b)(iii), of this Article review the reports produced by the internal validation or the internal audit regarding the compliance of the internal methodology used to obtain the default probabilities with Part Three, Title II, Chapter 3, of Regulation (EU) No 575/2013; |
(j) |
for default probabilities that are obtained in accordance with paragraph 1, point (b)(iv):
|
(k) |
for default probabilities that are obtained in accordance with paragraph 1, point (b)(v):
|
For the purposes of point (a), competent authorities may, where appropriate:
(a) |
identify issuers for which the estimated default probability has not changed for an extensive period; |
(b) |
assess whether the default probability estimates are up-to-date; |
(c) |
verify whether the institution can explain the reasons behind the unchanged values. |
For the purposes of point (b), competent authorities shall analyse the materiality and the characteristics of the positions subject to the floor, including their rating and exposure class.
For the purposes of point (c), competent authorities shall:
(a) |
identify the effective time horizon that is used before applying any scaling to obtain the applicable time horizon; |
(b) |
assess the rationale for using, as a starting point of the scaling, a different time horizon than the time horizon that is applicable in accordance with Article 325bp(5), point (b), or Article 325bn(3) of Regulation (EU) No 575/2013. |
For the purposes of point (k)(i), competent authorities shall verify whether the data used are reflective of the sector or region of the issuer.
For the purposes of point (k)(iii), competent authorities may require the institution to provide a sensitivity analysis following the principles of the sensitivity analysis referred to in Article 1(2), second subparagraph, of Delegated Regulation (EU) 2023/1578 to assess the potential impact of changes in the PD estimate.
3. For the purposes of paragraph 2, competent authorities may, where appropriate, require an institution to estimate default probabilities with another method among the methods laid out in Delegated Regulation (EU) 2023/1578, and explain the differences in the results obtained.
Article 49
Assessment of losses given defaults
1. When assessing an institution’s compliance with Article 325bi(1), point (e), of Regulation (EU) No 575/2013 in relation to the requirements on the estimation of the losses given default, competent authorities shall verify whether the internal documentation covers all aspects referred to in Article 5 of Delegated Regulation (EU) 2023/1578, and whether the institution’s internal policies require the production of an up-to-date inventory specifying:
(a) |
the methods that the institution uses to estimate the losses given default, including the materiality, in terms of size of positions and contribution to the default risk own fund requirement, of each different method; |
(b) |
for each position, the loss given default value, whether the position is a subordinated debt, a senior unsecured debt, a covered bond, or any other type of position, and whether:
|
(c) |
for all positions, the exposure class referred to in Article 147 of Regulation (EU) No 575/2013 to which they belong. |
2. When assessing whether an institution’s internal model is implemented with integrity as required by Article 325bi(1) of Regulation (EU) No 575/2013 in relation to requirements on the estimation of loss given default, competent authorities shall:
(a) |
verify whether the granularity of the losses given default provides a meaningful differentiation of risk and, among others, whether that granularity allows to appropriately reflect the seniority of the position as referred to in Article 325bp(6), point (b), of Regulation (EU) No 575/2013, and its collateralisation; |
(b) |
verify whether loss given default estimates as well as the data inputs used to derive them are updated at a frequency that ensures that the own funds requirements for default risk are risk-sensitive, and whether any new relevant information is reflected timely, as required by Article 325bp(4) of Regulation (EU) No 575/2013; |
(c) |
for losses given default that are obtained in accordance with paragraph 1, point (b)(i), verify whether any additional layer applied to the losses given default under the IRB approach to obtain more conservative estimates is applied when the institution calculates the own funds requirements for default risk; |
(d) |
for losses given default that are obtained in accordance with paragraph 1, point (b)(ii):
|
(e) |
for losses given default that are obtained in accordance with paragraph 1, point (b)(iii), of this Article review the reports produced by the internal validation, and the internal audit regarding the compliance of the internal methodology used to obtain the losses given default with Part Three, Title II, Chapter 3, of Regulation (EU) No 575/2013; |
(f) |
for losses given default that are obtained in accordance with paragraph 1, point (b)(iv):
|
(g) |
for losses given default that are obtained in accordance with paragraph 1, point (b):
|
For the purpose of point (b), competent authorities may, where appropriate, identify positions for which the estimated losses given default has not changed for an extensive period, assess whether they are up-to-date and verify that the institution can explain the reasons behind the unchanged values.
For the purposes of point (c), competent authorities shall, on a sample of positions, verify whether the loss given default estimate used in the IRB approach does not differ from the loss given default estimate used in the calculation of the default risk requirement.
For the purposes of point (g)(i), competent authorities shall verify whether the data used are reflective of the seniority of the position as referred to in Article 325bp(6), point (b), of Regulation (EU) No 575/2013, and the region or sector.
For the purposes of point (g)(iii), competent authorities may verify whether the estimates of losses given default distinguish between positions that are defaulted and positions that are not by assessing the estimate assigned by the institution to positions to the same issuer that are defaulted and that are not defaulted included in the scope of the additional own funds requirements for default risk.
3. For the purposes of paragraph 2, competent authorities may, where appropriate, require the institution to estimate losses given default with another method among the methods laid out in Delegated Regulation (EU) 2023/1578, and explain the differences in the results obtained.
SECTION 4
Assessment of correlation, hedging and particular requirements
Article 50
Assessment of the correlation structure
1. When assessing the methodology used by an institution to determine the default correlation between different issuers as required by Article 325bn(1), point (c), of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
verify whether only listed equity and credit spreads are used as data inputs for determining the correlation between different issuers; |
(b) |
where the institution uses copulas to model default correlations, assess the internal validation of the copula assumptions performed by the institution and verify whether there is compatibility between the historical data used for the calibration of the correlations and the issuers included in the institution’s portfolio; |
(c) |
identify whether the correlation among issuers is based on absolute or relative returns, and assess whether the rationale behind the choice of the return type is:
|
(d) |
assess whether the method that the institution uses to obtain a correlation on the applicable time-horizon from returns calculated on a shorter time horizon is sound; |
(e) |
assess how the institution determines the calibration period referred to in Article 325bn(1), point (c), of Regulation (EU) No 575/2013. |
For the purposes of point (a), competent authorities may, where appropriate, require the institution to provide data used to model the correlation between a sample of issuers selected by competent authorities, and verify whether those data only relate to listed equities and credit spreads.
For the purposes of point (d), competent authorities shall verify whether, where the institution applies the derogation referred to in Article 325bn(3) of Regulation (EU) No 575/2013, a correlation of 60 business days is used only between equity positions for which that derogation is used, and that the correlation is otherwise measured over a one-year time horizon.
For the purposes of point (e), competent authorities shall verify whether the approach that the institution uses to select the period, including its length, is:
(a) |
sound; |
(b) |
documented in the institution’s internal policies; |
(c) |
reviewed to account for any changes in the stress period referred to in Article 325bc(2) of Regulation (EU) No 575/2013. |
2. For the purposes of paragraph 1, point (b), competent authorities shall, on a sample of issuers for which the institution has positions subject to the own funds requirements for default risk, verify whether the pairwise issuer correlations derived from the correlation modelling are compatible to the pairwise issuer correlations derived from observable market data.
Article 51
Assessment of the hedging recognition
When assessing whether the recognition of hedges in the institution’s internal default risk model complies with Article 325bo of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
verify whether the institution’s internal policies:
|
(b) |
review the internal policies of the institution, and verify the criteria envisaged in those internal policies to recognise netting and hedging or diversification effects; |
(c) |
assess whether the monitoring of potential significant basis risk that may arise in the interval between the maturity of an instrument and the one-year time horizon is robust; |
(d) |
require the institution to provide:
|
When requesting the sample referred to in point (d)(i), competent authorities shall ensure that there is variety in the positions provided, and that, where applicable, both positions that are netted and positions that are not netted are included.
For the purposes of point (b), competent authorities shall verify whether the criteria in the internal policies of the institution ensure that the netting and hedging are efficient, also where a credit or any other event occurs.
For the purposes of point (d), competent authorities shall verify whether:
(a) |
the institution’s mapping of positions to risk factors ensures that exposures to different obligors are not netted, and that such netting only takes place for positions that relate to the same financial instruments of the same obligor; |
(b) |
either exposures to different obligors are mapped to different risk factors, or there is a basis risk factor to capture the differences in those exposures, and the basis risk between obligors that are constituents of credit indices and other obligors is captured; |
(c) |
for positions in different financial instruments of the same obligor, the analysis performed by the institution to assess whether significant basis risk in the hedging strategies may arise due to different type of products, seniority in the capital structure, internal or external ratings, maturity, or vintage, is robust. |
Article 52
Assessment of compliance with particular requirements
When assessing the internal default risk model’s compliance with the requirements laid down in Article 325bp of Regulation (EU) No 575/2013, competent authorities shall:
(a) |
in relation to the modelling of the default of individual as well as multiple issuers as required by Article 325bp(1) of Regulation (EU) No 575/2013:
|
(b) |
in relation to the requirement to reflect the economic cycle in the internal default risk model as required by Article 325bp(2) of Regulation (EU) No 575/2013, assess how the modelling of losses given defaults, including stochastic ones, is performed for such losses given defaults to reflect changes in the properties taken by the systematic risk factors; |
(c) |
in relation to the requirement to capture non-linearities as required by Article 325bp(3) of Regulation (EU) No 575/2013, assess:
|
(d) |
in relation to the requirement to have an internal default risk model that is consistent with internal risk-management as required by Article 325bp(9) of Regulation (EU) No 575/2013, verify whether the institution has documented the differences between the internal default risk model and the models that the institution uses for its internal risk management for the same scope of positions, and whether the institution is able to explain those differences. |
For the purposes of point (a)(i), competent authorities shall assess the rationale provided in the institution’s internal policies for the choice of the systematic risk factors, and their economic interpretation.
For the purposes of point (a)(iii), competent authorities may, where appropriate, verify on a sample of similar issuers that the idiosyncratic risk factors differ.
For the purposes of point (a)(iv), competent authorities may, where appropriate, verify on a sample of issuers, that the mapping is correct.
For the purposes of point (a)(v), competent authorities may, where appropriate and where the analyses performed by the institution do not seem sufficient for the portfolio subject to default risk as it stands, require the institution on a sample of issuers to assess the power of the systematic risk factors chosen by the institution in explaining the drivers of the default of each issuer’s asset.
For the purposes of point (b), competent authorities may, where appropriate, perform statistical analyses on a sample of issuers, including hypothesis testing, to test the dependency of losses given defaults on the systematic risk factors.
CHAPTER 5
FINAL PROVISIONS
Article 53
Entry into force and application
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
Article 18(1), point (a), as regards the environmental risk, Article 18(1), point (c)(vii), and Article 18(2), point (b)(v), shall apply from 1 January 2025.
Article 21(1), point (b), shall apply from 1 January 2026.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 13 March 2024.
For the Commission
The President
Ursula VON DER LEYEN
(1) OJ L 176, 27.6.2013, p. 1, ELI: http://data.europa.eu/eli/reg/2013/575/oj.
(2) Regulation (EU) 2019/876 of the European Parliament and of the Council of 20 May 2019 amending Regulation (EU) No 575/2013 as regards the leverage ratio, the net stable funding ratio, requirements for own funds and eligible liabilities, counterparty credit risk, market risk, exposures to central counterparties, exposures to collective investment undertakings, large exposures, reporting and disclosure requirements, and Regulation (EU) No 648/2012 (OJ L 150, 7.6.2019, p. 1, ELI: http://data.europa.eu/eli/reg/2019/876/oj).
(3) Commission Delegated Regulation (EU) 2022/2058 of 28 February 2022 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards on liquidity horizons for the alternative internal model approach, as referred to in Article 325bd(7) (OJ L 276, 26.10.2022, p. 40, ELI: http://data.europa.eu/eli/reg_del/2022/2058/oj).
(4) Commission Delegated Regulation (EU) 2022/2059 of 14 June 2022 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards specifying the technical details of back-testing and profit and loss attribution requirements under Articles 325bf and 325bg of Regulation (EU) No 575/2013 (OJ L 276, 26.10.2022, p. 47, ELI: http://data.europa.eu/eli/reg_del/2022/2059/oj).
(5) Commission Delegated Regulation (EU) 2022/2060 of 14 June 2022 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for assessing the modellability of risk factors under the internal model approach (IMA) and specifying the frequency of that assessment under Article 325be(3) of that Regulation (OJ L 276, 26.10.2022, p. 60, ELI: http://data.europa.eu/eli/reg_del/2022/2060/oj).
(6) Commission Delegated Regulation (EU) 2023/1577 of 20 April 2023 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards on the calculation of the own funds requirements for market risk for non-trading book positions subject to foreign exchange risk or commodity risk and the treatment of those positions for the purposes of the regulatory back-testing requirements and the profit and loss attribution requirement under the alternative internal model approach (OJ L 193, 1.8.2023, p. 1, ELI: http://data.europa.eu/eli/reg_del/2023/1577/oj
(7) Commission Delegated Regulation (EU) 2023/1578 of 20 April 2023 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards specifying the requirements for the internal methodology or external sources used under the internal default risk model for estimating default probabilities and losses given default (OJ L 193, 1.8.2023, p. 7, http://data.europa.eu/eli/reg_del/2023/1578/oj).
(8) Commission Delegated Regulation (EU) 2024/397 of 20 October 2023 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards on the calculation of the stress scenario risk measure (OJ L, 2024/397, 29.1.2024, ELI: http://data.europa.eu/eli/reg_del/2024/397/oj).
(9) Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12, ELI: http://data.europa.eu/eli/reg/2010/1093/oj).
(10) Commission Delegated Regulation (EU) 2022/2059 of 14 June 2022 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards specifying the technical details of back-testing and profit and loss attribution requirements under Articles 325bf and 325bg of Regulation (EU) No 575/2013 (OJ L 276, 26.10.2022, p. 47, ELI: http://data.europa.eu/eli/reg_del/2022/2059/oj).
(11) Commission Delegated Regulation (EU) 2022/2060 of 14 June 2022 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for assessing the modellability of risk factors under the internal model approach (IMA) and specifying the frequency of that assessment under Article 325be(3) of that Regulation (OJ L 276, 26.10.2022, p. 60, ELI: http://data.europa.eu/eli/reg_del/2022/2060/oj).
(12) Commission Delegated Regulation (EU) 2022/2058 of 28 February 2022 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards on liquidity horizons for the alternative internal model approach, as referred to in Article 325bd(7) (OJ L 276, 26.10.2022, p. 40, ELI: http://data.europa.eu/eli/reg_del/2022/2058/oj).
ELI: http://data.europa.eu/eli/reg_del/2024/1085/oj
ISSN 1977-0677 (electronic edition)