(a) Timing. (1) A bank that is described in paragraph (b)(1) of section 1 must adopt a written implementation plan no later than six months after the later of the effective date of this appendix or the date the bank meets a criterion in that section. The plan must incorporate an explicit first floor period start date no later than 36 months after the later of the effective date of this appendix or the date the bank meets at least one criterion under paragraph (b)(1) of section 1. [AGENCY] may extend the first floor period start date.

(2) A bank that elects to be subject to this appendix under paragraph (b)(2) of section 1 must adopt a written implementation plan and notify the [AGENCY] in writing of its intent at least 12 months before it proposes to begin its first floor period.

(b) Implementation plan. The bank�s implementation plan must address in detail how the bank complies, or plans to comply, with the qualification requirements in section 22. The bank also must maintain a comprehensive and sound planning and governance process to oversee the implementation efforts described in the plan. At a minimum, the plan must:

(1) Comprehensively address the qualification requirements in section 22 for the bank and each consolidated subsidiary (U.S. and foreign-based) of the bank with respect to all portfolios and exposures of the bank and each of its consolidated subsidiaries;

(2) Justify and support any proposed temporary or permanent exclusion of business lines, portfolios, or exposures from application of the advanced approaches in this appendix (which business lines, portfolios, and exposures must be, in the aggregate, immaterial to the bank);

(3) Include the bank�s self-assessment of:

(i) The bank�s current status in meeting the qualification requirements in section 22; and

(ii) The consistency of the bank�s current practices with the [AGENCY�s] supervisory guidance on the qualification requirements;

(4) Based on the bank�s self-assessment, identify and describe the areas in which the bank proposes to undertake additional work to comply with the qualification requirements in section 22 or to improve the consistency of the bank�s current practices with the [AGENCY�s] supervisory guidance on the qualification requirements (gap analysis);

(5) Describe what specific actions the bank will take to address the areas identified in the gap analysis required by paragraph (b)(4) of this section;

(6) Identify objective, measurable milestones, including delivery dates and a date when the bank�s implementation of the methodologies described in this appendix will be fully operational;

(7) Describe resources that have been budgeted and are available to implement the plan; and

(8) Receive board of directors approval.

(c) Parallel run. Before determining its risk-based capital requirements under this appendix and following adoption of the implementation plan, the bank must conduct a satisfactory parallel run. A satisfactory parallel run is a period of no less than four consecutive calendar quarters during which the bank complies with all of the qualification requirements in section 22 to the satisfaction of [AGENCY]. During the parallel run, the bank must report to the [AGENCY] on a calendar quarterly basis its risk-based capital ratios using the [general risk-based capital rules] and the risk-based capital requirements described in this appendix. During this period, the bank is subject to the [general risk-based capital rules].

(d) Approval to calculate risk-based capital requirements under this appendix. The [AGENCY] will notify the bank of the date that the bank may begin its first floor period following a determination by the [AGENCY] that:

(1) The bank fully complies with the qualification requirements in section 22;

(2) The bank has conducted a satisfactory parallel run under paragraph (c) of this section; and

(3) The bank has an adequate process to ensure ongoing compliance with the qualification requirements in section 22.

(e) Transitional floor periods. Following a satisfactory parallel run, a bank is subject to three transitional floor periods.

(1) Risk-based capital ratios during the transitional floor periods - (i) Tier 1 risk-based capital ratio. During a bank�s transitional floor periods, a bank�s tier 1 risk-based capital ratio is equal to the lower of:

(A) The bank�s floor-adjusted tier 1 risk-based capital ratio; or

(B) The bank�s advanced approaches tier 1 risk-based capital ratio.

(ii) Total risk-based capital ratio. During a bank�s transitional floor periods, a bank�s total risk-based capital ratio is equal to the lower of:

(A) The bank�s floor-adjusted total risk-based capital ratio; or

(B) The bank�s advanced approaches total risk-based capital ratio.

(2) Floor-adjusted risk-based capital ratios. (i) A bank�s floor-adjusted tier 1 risk-based capital ratio during a transitional floor period is equal to the bank�s tier 1 capital as calculated under the [general risk-based capital rules], divided by the product of:

(A) The bank�s total risk-weighted assets as calculated under the [general risk-based capital rules]; and

(B) The appropriate transitional floor percentage in Table 1.

(ii) A bank�s floor-adjusted total risk-based capital ratio during a transitional floor period is equal to the sum of the bank�s tier 1 and tier 2 capital as calculated under the [general risk-based capital rules], divided by the product of:

(A) The bank�s total risk-weighted assets as calculated under the [general risk-based capital rules]; and

(B) The appropriate transitional floor percentage in Table 1.

(iii) A bank that meets the criteria in paragraph (b)(1) or (2) of section 1 as of the effective date of this rule must use the general risk-based capital rules effective immediately before this rule became effective during the parallel run and as the basis for its transitional floors.

(3) Advanced approaches risk-based capital ratios. (i) A bank�s advanced approaches tier 1 risk-based capital ratio equals the bank�s tier 1 risk-based capital ratio as calculated under this appendix (other than this section on transitional floor periods).

(ii) A bank�s advanced approaches total risk-based capital ratio equals the bank�s total risk-based capital ratio as calculated under this appendix (other than this section on transitional floor periods).

(4) Reporting. During the transitional floor periods, a bank must report to the [AGENCY] on a calendar quarterly basis both floor-adjusted risk-based capital ratios and both advanced approaches risk-based capital ratios.

(5) Exiting a transitional floor period. A bank may not exit a transitional floor period until the bank has spent a minimum of four consecutive calendar quarters in the period and the [AGENCY] has determined that the bank may exit the floor period. The [AGENCY]�s determination will be based on an assessment of the bank�s ongoing compliance with the qualification requirements in section 22.

(a) Process and systems requirements. (1) A bank must have a rigorous process for assessing its overall capital adequacy in relation to its risk profile and a comprehensive strategy for maintaining an appropriate level of capital.

(2) The systems and processes used by a bank for risk-based capital purposes under this appendix must be consistent with the bank�s internal risk management processes and management information reporting systems.

(3) Each bank must have an appropriate infrastructure with risk measurement and management processes that meet the qualification requirements of this section and are appropriate given the bank�s size and level of complexity. Regardless of whether the systems and models that generate the risk parameters necessary for calculating a bank�s risk-based capital requirements are located at any affiliate of the bank, the bank itself must ensure that the risk parameters and reference data used to determine its risk-based capital requirements are representative of its own credit risk and operational risk exposures.

(b) Risk rating and segmentation systems for wholesale and retail exposures. (1) A bank must have an internal risk rating and segmentation system that accurately and reliably differentiates among degrees of credit risk for the bank�s wholesale and retail exposures.

(2) For wholesale exposures, a bank must have an internal risk rating system that accurately and reliably assigns each obligor to a single rating grade (reflecting the obligor�s likelihood of default). The bank�s wholesale obligor rating system must have at least seven discrete rating grades for non-defaulted obligors and at least one rating grade for defaulted obligors. Unless the bank has chosen to directly assign ELGD and LGD estimates to each wholesale exposure, the bank must have an internal risk rating system that accurately and reliably assigns each wholesale exposure to loss severity rating grades (reflecting the bank�s estimate of the ELGD and LGD of the exposure). A bank employing loss severity rating grades must have a sufficiently granular loss severity grading system to avoid grouping together exposures with widely ranging ELGDs or LGDs.

(3) For retail exposures, a bank must have a system that groups exposures into segments with homogeneous risk characteristics and assigns accurate and reliable PD, ELGD, and LGD estimates for each segment on a consistent basis. The bank�s system must group retail exposures into the appropriate retail exposure subcategory and must group the retail exposures in each retail exposure subcategory into separate segments. The bank�s system must identify all defaulted retail exposures and group them in segments by subcategories separate from non-defaulted retail exposures.

(4) The bank�s internal risk rating policy for wholesale exposures must describe the bank�s rating philosophy (that is, must describe how wholesale obligor rating assignments are affected by the bank�s choice of the range of economic, business, and industry conditions that are considered in the obligor rating process).

(5) The bank�s internal risk rating system for wholesale exposures must provide for the review and update (as appropriate) of each obligor rating and (if applicable) each loss severity rating whenever the bank receives new material information, but no less frequently than annually. The bank�s retail exposure segmentation system must provide for the review and update (as appropriate) of assignments of retail exposures to segments whenever the bank receives new material information, but no less frequently than quarterly.

(c) Quantification of risk parameters for wholesale and retail exposures. (1) The bank must have a comprehensive risk parameter quantification process that produces accurate, timely, and reliable estimates of the risk parameters for the bank�s wholesale and retail exposures.

(2) Data used to estimate the risk parameters must be relevant to the bank�s actual wholesale and retail exposures, and of sufficient quality to support the determination of risk-based capital requirements for the exposures.

(3) The bank�s risk parameter quantification process must produce conservative risk parameter estimates where the bank has limited relevant data, and any adjustments that are part of the quantification process must not result in a pattern of bias toward lower risk parameter estimates.

(4) PD estimates for wholesale and retail exposures must be based on at least 5 years of default data. ELGD and LGD estimates for wholesale exposures must be based on at least 7 years of loss severity data, and ELGD and LGD estimates for retail exposures must be based on at least 5 years of loss severity data. EAD estimates for wholesale exposures must be based on at least 7 years of exposure amount data, and EAD estimates for retail exposures must be based on at least 5 years of exposure amount data.

(5) Default, loss severity, and exposure amount data must include periods of economic downturn conditions, or the bank must adjust its estimates of risk parameters to compensate for the lack of data from periods of economic downturn conditions.

(6) The bank�s PD, ELGD, LGD, and EAD estimates must be based on the definition of default in this appendix.

(7) The bank must review and update (as appropriate) its risk parameters and its risk parameter quantification process at least annually.

(8) The bank must at least annually conduct a comprehensive review and analysis of reference data to determine relevance of reference data to bank exposures, quality of reference data to support PD, ELGD, LGD, and EAD estimates, and consistency of reference data to the definition of default contained in this appendix.

(d) Counterparty credit risk model. A bank must obtain the prior written approval of [AGENCY] under section 32 to use the internal models methodology for counterparty credit risk.

(e) Double default treatment. A bank must obtain the prior written approval of [AGENCY] under section 34 to use the double default treatment.

(f) Securitization exposures. A bank must obtain the prior written approval of [AGENCY] under section 44 to use the internal assessment approach for securitization exposures to ABCP programs.

(g) Equity exposures model. A bank must obtain the prior written approval of [AGENCY] under section 53 to use the internal models approach for equity exposures.

(h) Operational risk - (1) Operational risk management processes. A bank must:

(i) Have an operational risk management function that:

(A) Is independent of business line management; and

(B) Is responsible for designing, implementing, and overseeing the bank�s operational risk data and assessment systems, operational risk quantification systems, and related processes;

(ii) Have and document a process to identify, measure, monitor, and control operational risk in bank products, activities, processes, and systems (which process must capture business environment and internal control factors affecting the bank�s operational risk profile); and

(iii) Report operational risk exposures, operational loss events, and other relevant operational risk information to business unit management, senior management, and the board of directors (or a designated committee of the board).

(2) Operational risk data and assessment systems. A bank must have operational risk data and assessment systems that capture operational risks to which the bank is exposed. The bank�s operational risk data and assessment systems must:

(i) Be structured in a manner consistent with the bank�s current business activities, risk profile, technological processes, and risk management processes; and

(ii) Include credible, transparent, systematic, and verifiable processes that incorporate the following elements on an ongoing basis:

(A) Internal operational loss event data. The bank must have a systematic process for capturing and using internal operational loss event data in its operational risk data and assessment systems.

(1) The bank�s operational risk data and assessment systems must include a historical observation period of at least five years for internal operational loss event data (or such shorter period approved by [AGENCY] to address transitional situations, such as integrating a new business line).

(2) The bank may refrain from collecting internal operational loss event data for individual operational losses below established dollar threshold amounts if the bank can demonstrate to the satisfaction of the [AGENCY] that the thresholds are reasonable, do not exclude important internal operational loss event data, and permit the bank to capture substantially all the dollar value of the bank�s operational losses.

(B) External operational loss event data. The bank must have a systematic process for determining its methodologies for incorporating external operational loss data into its operational risk data and assessment systems.

(C) Scenario analysis. The bank must have a systematic process for determining its methodologies for incorporating scenario analysis into its operational risk data and assessment systems.

(D) Business environment and internal control factors. The bank must incorporate business environment and internal control factors into its operational risk data and assessment systems. The bank must also periodically compare the results of its prior business environment and internal control factor assessments against its actual operational losses incurred in the intervening period.

(3) Operational risk quantification systems. (i) The bank�s operational risk quantification systems:

(A) Must generate estimates of the bank�s operational risk exposure using its operational risk data and assessment systems; and

(B) Must employ a unit of measure that is appropriate for the bank�s range of business activities and the variety of operational loss events to which it is exposed, and that does not combine business activities or operational loss events with different risk profiles within the same loss distribution.

(C) May use internal estimates of dependence among operational losses within and across business lines and operational loss events if the bank can demonstrate to the satisfaction of [AGENCY] that its process for estimating dependence is sound, robust to a variety of scenarios, and implemented with integrity, and allows for the uncertainty surrounding the estimates. If the bank has not made such a demonstration, it must sum operational risk exposure estimates across units of measure to calculate its total operational risk exposure.

(D) Must be reviewed and updated (as appropriate) whenever the bank becomes aware of information that may have a material effect on the bank�s estimate of operational risk exposure, but no less frequently than annually.

(ii) With the prior written approval of [AGENCY], a bank may generate an estimate of its operational risk exposure using an alternative approach to that specified in paragraph (h)(3)(i) of this section.¹⁵ A bank proposing to use such an alternative operational risk quantification system must submit a proposal to [AGENCY]. In considering a bank�s proposal to use an alternative operational risk quantification system, [AGENCY] will consider the following principles:

(A) Use of the alternative operational risk quantification system will be allowed only on an exception basis, considering the size, complexity, and risk profile of a bank;

(B) The bank must demonstrate that its estimate of its operational risk exposure generated under the alternative operational risk quantification system is appropriate and can be supported empirically; and

(C) A bank must not use an allocation of operational risk capital requirements that includes entities other than depository institutions or the benefits of diversification across entities.

(i) Data management and maintenance. (1) A bank must have data management and maintenance systems that adequately support all aspects of its advanced systems and the timely and accurate reporting of risk-based capital requirements.

(2) A bank must retain data using an electronic format that allows timely retrieval of data for analysis, validation, reporting, and disclosure purposes.

(3) A bank must retain sufficient data elements related to key risk drivers to permit adequate monitoring, validation, and refinement of its advanced systems.

(j) Control, oversight, and validation mechanisms. (1) The bank�s senior management must ensure that all components of the bank�s advanced systems function effectively and comply with the qualification requirements in this section.

(2) The bank�s board of directors (or a designated committee of the board) must at least annually evaluate the effectiveness of, and approve, the bank�s advanced systems.

(3) A bank must have an effective system of controls and oversight that:

(i) Ensures ongoing compliance with the qualification requirements in this section;

(ii) Maintains the integrity, reliability, and accuracy of the bank�s advanced systems; and

(iii) Includes adequate governance and project management processes.

(4) The bank must validate, on an ongoing basis, its advanced systems. The bank�s validation process must be independent of the advanced systems� development, implementation, and operation, or the validation process must be subjected to an independent review of its adequacy and effectiveness. Validation must include:

(i) The evaluation of the conceptual soundness of (including developmental evidence supporting) the advanced systems;

(ii) An on-going monitoring process that includes verification of processes and benchmarking; and

(iii) An outcomes analysis process that includes back-testing.

(5) The bank must have an internal audit function independent of business-line management that at least annually assesses the effectiveness of the controls supporting the bank�s advanced systems and reports its findings to the bank�s board of directors (or a committee thereof).

(6) The bank must periodically stress test its advanced systems. The stress testing must include a consideration of how economic cycles, especially downturns, affect risk-based capital requirements (including migration across rating grades and segments and the credit risk mitigation benefits of double default treatment).

(k) Documentation. The bank must adequately document all material aspects of its advanced systems.

(a) Changes to advanced systems. A bank must meet all the qualification requirements in section 22 on an ongoing basis. A bank must notify the [AGENCY] when the bank makes any change to an advanced system that would result in a material change in the bank�s risk-weighted asset amount for an exposure type, or when the bank makes any significant change to its modeling assumptions.

(b) Mergers and acquisitions - (1) Mergers and acquisitions of companies without advanced systems. If a bank merges with or acquires a company that does not calculate its risk-based capital requirements using advanced systems, the bank may use the [general risk-based capital rules] to determine the risk-weighted asset amounts for, and deductions from capital associated with, the merged or acquired company�s exposures for up to 24 months after the calendar quarter during which the merger or acquisition consummates. [AGENCY] may extend this transition period for up to an additional 12 months. Within 30 days of consummating the merger or acquisition, the bank must submit to [AGENCY] an implementation plan for using its advanced systems for the acquired company. During the period when the [general risk-based capital rules] apply to the merged or acquired company, any ALLL, net of allocated transfer risk reserves established pursuant to 12 U.S.C. 3904, associated with the merged or acquired company�s exposures may be included in the bank�s tier 2 capital up to 1.25 percent of the acquired company�s risk-weighted assets. All general reserves of the merged or acquired company must be excluded from the bank�s eligible credit reserves. In addition, the risk-weighted assets of the merged or acquired company are not included in the bank�s credit-risk-weighted assets but are included in total risk-weighted assets. If a bank relies on this paragraph, the bank must disclose publicly the amounts of risk-weighted assets and qualifying capital calculated under this appendix for the acquiring bank and under the [general risk-based capital rules] for the acquired company.

(2) Mergers and acquisitions of companies with advanced systems. If a bank merges with or acquires a company that calculates its risk-based capital requirements using advanced systems, the acquiring bank may use the acquired company�s advanced systems to determine the risk-weighted asset amounts for, and deductions from capital associated with, the merged or acquired company�s exposures for up to 24 months after the calendar quarter during which the acquisition or merger consummates. [AGENCY] may extend this transition period for up to an additional 12 months. Within 30 days of consummating the merger or acquisition, the bank must submit to [AGENCY] an implementation plan for using its advanced systems for the merged or acquired company.

(c) Failure to comply with qualification requirements. If [AGENCY] determines that a bank that is subject to this appendix and has conducted a satisfactory parallel run fails to comply with the qualification requirements in section 22, [AGENCY] will notify the bank in writing of the bank�s failure to comply. The bank must establish a plan satisfactory to the [AGENCY] to return to compliance with the qualification requirements and must disclose to the public its failure to comply with the qualification requirements promptly after receiving notice from the [AGENCY]. In addition, if the [AGENCY] determines that the bank�s risk-based capital requirements are not commensurate with the bank�s credit, market, operational, or other risks, the [AGENCY] may require such a bank to calculate its risk-based capital requirements:

(1) Under the [general risk-based capital rules]; or

(2) Under this appendix with any modifications provided by the [AGENCY].

 

---

15. [Paragraph (h)(3)(ii) would not be included in the bank holding company rule.]  Return to text