Instruction No. 25/2016 of November 16 on Credit Risk Governance

INSTRUCTION NO. 25/16 of November 16 SUBJECT: CREDIT RISK GOVERNANCE

Considering the provisions established in Notice No. 07/2016 of June 22, on Risk Governance, Financial Institutions must adopt functions, policies, and risk management processes for the identification, assessment, monitoring, control, and reporting of credit risk;

In these terms, and under the combined provisions of letters d) and f) of Article 21 and letter d) of paragraph 1 of Article 51, both of Law No. 16/10 of July 15 – Law of the National Bank of Angola, and Article 90 of Law No. 12/15 of June 17 – Law of the Bases of Financial Institutions.

I DETERMINE:

1. Definitions Without prejudice to the definitions established in the Law of the Bases of Financial Institutions, for the purposes of this Instruction, the following are understood:

1.1 Risk factor: aspect or characteristic that influences risk. In the assessment of risks, the characteristics of products and financial markets, borrowers, and processes in force at Institutions are relevant, namely.

1.1 Impairment: negative impact, capable of being reliably estimated, on future cash flows associated with the risk position, resulting from objective evidence of one or more events occurring after the initial accounting recognition of the risk position.

1.3 Risk position: exposure to an asset, an off-balance sheet item, or a financial derivative instrument, plus income of any nature not received that are reflected in accounting as amounts receivable, regardless of whether they are due or overdue, in accordance with the criteria of the Chart of Accounts Manual for Financial Institutions.

1.4 Country risk: arising from the default of financial commitments contractually assumed by a counterparty due to the characteristics of, or events occurring in, a specific country.

2. Requirements of the organizational and operational structure

2.1 In accordance with the provisions of paragraph 9 of Article 9 of the Notice on Risk Governance, Institutions must ensure the existence of a body of staff with experience, knowledge, and training to act with prudence in the assessment, approval, and management of credit risk.

2.2 Institutions must define an unequivocal and consistent hierarchy of decision-making for decisions regarding credit activity.

2.3 The governing body must delegate competencies and adequately invest in the necessary resources to ensure that efforts of the various staff involved in credit granting and monitoring processes are coordinated and that respective decisions are made in a solid and consistent manner.

2.4 Credit granting decisions depend on the nature, size, complexity, and profile of the risk positions and may require approval from front and back offices.

2.5 Whenever the decisions referred to in the previous point are taken by a single committee, the voting structure implemented must ensure that the back office holds the majority of votes, i.e., veto power.

2.6 Without prejudice to the provisions in the previous point, in cases of credit granting considered immaterial, Institutions may decide that only one vote is sufficient for decision-making.

2.7 Members of the governing body may, within the limits of individual decision-making, take independent credit granting decisions.

2.8 In the risk monitoring report, credit granting decisions referred to in the previous point that did not pass the vote or whenever these decisions come from a member of the governing body responsible for the back office must be highlighted.

2.9 Material transactions with related parties must be subject to the approval of the governing body, excluding members with potential conflicts of interest.

2.10 Policies and processes for credit granting approval must establish accountability for decision-making and designate who has the authority to approve credits or alter their terms, depending on the size and nature of the credit.

2.11 Together with the process for approving new credits, Institutions must have policies and processes for the alteration, renewal, and restructuring of existing credits.

2.12 Contractual agreements related to credit activity must be concluded using legally valid credit request documents, which must be: a) standardized, according to the nature, size, complexity, and content of the risk; b) regularly updated; c) used for credit granting agreements with individuals and legal entities.

2.13 Documents for credit granting approval must include quantitative and qualitative risk factors, at least: a) the objective of the credit and the sources of repayment; b) current risk profile, including its activity, country, the aggregated value of the counterparty's risks, and real or personal guarantees, including their execution conditions, both for the Institution and for the financial system; c) history and current repayment capacity of the borrower, based on historical trends and projections of future cash flows; d) borrower's experience, volatility of its economic sector, and its position within the same; e) proposed credit terms and conditions, including contractual clauses aimed at protecting the Institution from future changes in the borrower's risk profile.

2.14 A procedure must be established to ensure the timely submission of documents necessary for the assessment of credit requests.

2.15 Staff who perform tasks such as the custody of sensitive documents, fund transfers, or the introduction of limits in information and communication systems must report to staff with management responsibilities independent of the initiation of the operation and the credit approval process.

2.16 Responsibility for the development and quality of the systems referred to in point 7.1 of paragraph 7 of this Instruction must lie with the middle and back offices, with the support of the front office, ensuring that they are adequate for the processing, monitoring, and continuous management of granted credits, treatment of credits with signs of impairment, and provisioning.

3. Identification

3.1 An effective credit risk management process must consider the identification and analysis of existing and potential risks inherent to any product or activity.

3.2 The credit risk identification framework must be comprehensive to ensure that relevant risk concentrations for the Institution are considered, including off-balance sheet risk positions and those recorded on the balance sheet.

3.3 The determination of credit risk concentration must consider: a) subtypes of credit concentration, including risk positions with counterparties, groups of interconnected counterparties, and counterparties belonging to the same economic sector, geographic region, or performing the same activities; b) credit risk mitigation techniques associated with large indirect risk positions.

3.4 Institutions must consider the reality of counterparties participating in the credit operation, as well as those providing guarantees on the same, verifying their characteristics, ensuring they have integrity, solid reputation, and creditworthiness, before agreeing on a new contractual link.

3.5 Institutions must ensure that credit files include information that allows verification of the counterparty's current financial condition, complete information on past decisions, and the credit history.

3.6 For the verification referred to in the previous point, Institutions must define, formalize, and implement policies and processes, including the appointment of responsible persons, to ensure the adequacy and timeliness of the information present in credit files.

3.7 Institutions must have criteria to identify situations where, in the credit granting process, it is appropriate to classify a counterparty into a group of interconnected counterparties.

3.8 Institutions must consider the risk associated with the country of origin of the foreign counterparty, which may have consequences for granted credits and capital investments, whenever international credits are granted.

4. Assessment

4.1 Institutions must assess the relationship between risk and return of any credit, considering possible negative scenarios.

4.2 Institutions may use the credit contract structure and guarantees to mitigate risks arising from individual credits, without prejudice to credit granting being governed by the counterparty's repayment capacity, obtained by comprehensive assessment of the counterparty and sufficiency of information.

4.3 Institutions must have policies regulating the acceptance of guarantees and a process that ensures their execution.

4.4 Institutions must assess the level of credit coverage provided by the guarantees given, considering the quality of the respective credits.

4.5 Institutions must develop and use adequate mechanisms to classify granted credits and provided guarantees, in accordance with Notice No. 11/2014 of December 17, on specific requirements for credit operations, and Notice No. 10/2014 of December 10, on guarantees for prudential purposes, to ensure that all risk positions are appropriately assigned to a risk class for the purpose of their initial assessment.

4.6 Institutions must develop models and indicators for the assessment of credit risk concentration, which adequately capture the nature of interdependencies between risk positions, and whose underlying assumptions and technical specifics are understood by the Institutions.

4.7 The model structure referred to in the previous paragraph must be in accordance with the characteristics of the Institution's credit portfolio and the dependency structure of its risk positions.

5. Monitoring and control from the perspective of credit by client

5.1 Institutions must develop and use mechanisms adequate to the nature of their activity, size, and complexity to monitor granted credits and provided guarantees, in compliance with the provisions of point 4.5 of the previous paragraph of this Instruction.

5.2 For the permanent and systematic monitoring of granted credits, as well as the prevention of default, Institutions must: a) develop indicators for the early detection of risk factors using quantitative and qualitative measures; b) define the competent structures, identifying their responsible persons and respective contact elements, for the following functions: i. collection of information regarding counterparties; ii. processing and analysis of collected information; iii. assessment of default risk. c) ensure that implemented information and communication systems enable the timely identification of occurrences indicating the degradation of the counterparty's financial capacity and emit alerts to relevant staff; d) define procedures so that staff, having become aware of actual occurrences in the indicators set out in letter a), can communicate to the unit of structure responsible for their processing and analysis; e) create mechanisms that allow counterparties themselves to communicate situations of difficulty in fulfilling assumed obligations; f) ensure the integration of relevant collected information on counterparties in information and communication systems, indicating degradation of their capacity to comply.

5.3 Institutions must establish policies and procedures to address imminent default situations, defining the entire recovery or restructuring procedure of the credit.

5.4 Institutions must take into account the potential impacts on capital adequacy and provisions that may arise from imminent default situations.

5.5 Institutions must formulate guidelines for the processing of documentation regarding credit operations, which must be detailed and exhaustive, notably by type of credit, and develop processes for the monitoring and execution of received guarantees, in accordance with Notice No. 10/2014 of December 10, on guarantees for prudential purposes.

5.6 In order to ensure continuous monitoring of the counterparty's financial condition, information and communication systems must allow: a) monitoring compliance with contractual clauses; b) assessing the coverage of guarantees; c) detecting irregularity situations and routing them to the competent management areas, promoting, if applicable, the revision of the credit classification; d) promoting necessary changes to contractual agreements; e) making adequate provisions.

5.7 Classifications assigned to counterparties at the time the credit is granted must be reviewed periodically, at least monthly or when there are indications of changes in the counterparty's financial capacity. This activity must be assigned to a function independent of the one responsible for credit granting.

5.8 Monitoring of country risk factors, presented in point 3.8 of paragraph 3 of this Instruction, must incorporate: a) the potential default of foreign counterparties as a consequence of specific economic factors of the country; and, b) the conditions for the application of the credit contract and execution of real guarantees in their respective legal framework.

6. Monitoring and control from the perspective of credit portfolio - stress tests

6.1 Stress tests or crisis simulations must involve the identification of possible events or future changes in economic, financial, and structural conditions that may compromise the solidity of Institutions. Institutions must examine, notably, the following situations: a) economic recessions; b) market risk events; c) liquidity conditions.

6.2 Institutions must monitor the links between different risk factors that are susceptible to emerging in times of crisis.

6.3 Stress tests, in the form of sensitivity analyses and scenario analyses, are essential for identifying and assessing credit risk and its concentration, and must be used for the identification of interdependencies between risk positions that may arise under extreme conditions.

7. Monitoring and control from the perspective of credit portfolio - limit system

7.1 The limit system established in accordance with number 7 of Article 7 of the Notice on risk governance must be compatible with the size, complexity, and sophistication of risk management systems, as well as the experience and competence of the Institution's staff.

7.2 Institutions must perform regular analyses of their risk positions, including estimates of their trends, using the respective results to establish and verify the adequacy of processes and limits for the management of credit risk concentration.

7.3 Whenever material underlying risks resulting from credit risk concentration are identified, Institutions must take appropriate mitigation measures, notably reducing limits to risk concentration, diversifying and adapting the financing structure, as well as acquiring, from other parties, financial instruments that offer coverage.

7.4 Institutions must establish a credit limit system that includes the following categories: a) aggregated exposure to risk; b) exposure to certain industries or economic sectors, geographic regions, products, currencies, and maturities; c) individual exposure, considering the internal credit risk assessment.

7.5 The limit system must be considered in the management of the global credit risk profile of Institutions, ensuring that credit granting activities are adequately diversified.

7.6 The limit system must consider: a) results of stress tests; b) risks associated with the nature of exposures to settlement of positions in the short-term, in case of counterparty default.

7.7 Whenever an Institution is involved in several transactions with the same counterparty, the potential exposure must be calculated over multiple time horizons.

7.8 The limit system must ensure the issuance of alerts to staff with management responsibilities and, if applicable, to the governing body, whenever credit granting exceeds pre-determined levels and has an impact in terms of concentration.

8. Reporting

8.1 Institutions must define, formalize, implement, and periodically review policies and procedures for reporting, which must be adequate to their nature, size, complexity, and risk profile.

8.2 In internal reporting, Institutions must provide the main results of the stages of identification, assessment, monitoring, and control of credit risk and its concentration, to the governing body and staff with management responsibilities, which must include, at least: a) implemented credit risk management policies; b) global exposure and concentration; c) mitigation actions taken; d) developments in new products or business initiatives; e) results of stress tests; f) qualitative and, when appropriate, quantitative information on inter and intra-risk concentrations.

8.3 In external reporting, Institutions must define, formalize, and implement policies and processes to transmit comprehensive information to stakeholders, which must include, at least: a) qualitative information, on: i. investment strategies and respective processes; ii. structure and organization of the credit risk management function; iii. overdue and impaired credits, for accounting purposes; iv. approach for determining credit remuneration and statistical methods used; v. credit risk management policies; b) quantitative information, on: i. global exposure and average exposure during the period in question, discriminating the main types of risk positions; ii. geographic distribution of risk positions, with detail on the most significant areas and the main types of risk positions in each area; iii. distribution of risk positions by industry or counterparty, detailing the main types of risk positions; iv. detail of the residual contractual maturity of the c