Recommendation T on Good Practices for Managing Risk of Retail Credit Exposures

Financial Supervision Authority Recommendation T concerning good practices in the management of risk of retail credit exposures Warsaw, February 2013

Recommendation T Page 2 of 35 This document is issued pursuant to Article 137(5) of the Act of 29 August 1997 on Banking Law (Journal of Laws of 2017, item 1876, as amended) and constitutes a set of rules concerning good practices in the management of risk of retail credit exposures. By adapting its activities to this Recommendation, the bank takes into account legal provisions, in particular the Act of 11 May 2011 on Consumer Credit (Journal of Laws of 2018, item 993, as amended).

Recommendation T applies to all banks subject to Polish legal provisions. With regard to certain banks, due to their specificity, scale of activity, and the possibility of generating systemic risk, the Recommendation introduces additional requirements. These cases concern banks for which the share of the portfolio of retail credit exposures exceeds 2% of the value of retail credit exposures for the entire banking sector in Poland¹. For the purposes of this Recommendation, these banks have been designated as significantly engaged banks. The bank should determine the level of its share in the entire banking sector once a year, based on data published by the KNF for the entire banking sector as of the end of the year².

The primary objective of Recommendation T is to define good practices in the management of risk of retail credit exposures in banks. Recommendation T should be helpful in developing a forward-looking approach and requirements for stability and prudence, manifested, among other things, by taking into account in credit policy the long-term perspective of risk management, sensitivity to changes in environmental conditions, and the impact on the level of credit risk. In particular, banks should maintain the necessary objectivity and conservatism regarding the parameters used to assess creditworthiness, understood in both quantitative and qualitative terms.

Particularly important in this regard is the awareness of the acceptance of the risk level determined based on accumulated knowledge about customers resulting from the assessment of creditworthiness and risk monitoring and control (in quantitative and qualitative terms).

Proper identification and measurement of risk and determination of the acceptable level of risk are the necessary minimum for proper credit risk management in a bank. When establishing parameters used for creditworthiness assessment, banks should ensure their objective nature by demonstrating the justification for accepting them at a given level by reference to quantities confirmed in analyses and studies. In this regard, it is important to maintain the necessary independence of analyses.

The need to ensure reliable information for the credit process as components directly affecting its quality deserves emphasis. The preservation of assessment credibility should result from the bank's ability to obtain objective data, including from external sources, allowing for the verification of declarations and statements submitted by the borrower.

From the perspective of the correctness of the risk management process for retail credit exposures, it is extremely important for banks to use information from external databases, in particular interbank databases built by institutions referred to in Article 105(4) of the Act of 29 August 1997 - Banking Law, which collect, process, and provide information, inter alia, on the level and history of repayment of retail customers' credit obligations. Banks should actively participate in the system of interbank information exchange by providing complete and up-to-date data on customers' credit obligations.

Due to the need to ensure the widest possible exchange of information, in the case of the sale of receivables, banks should not remove entries from bank databases but should change the status of the receivable to expired in the bank-customer relationship. This will ensure a 5-year period for processing data in the case of negative information and indefinite processing of data in the case of positive information, provided the customer has not withdrawn consent.

Banks should, if justified, use standardized data sets maintained by credit information bureaus referred to in the Act of 9 April 2010 on the provision of economic information and exchange of economic data (Journal of Laws of 2018, item 470, as amended) in the creditworthiness assessment process.

Recommendations relate to the following areas:

1. Management Board and Supervisory Board
2. Identification, measurement, and assessment of risk of retail credit exposures
3. Tools supporting the risk management process for retail credit exposures
4. Counteracting/limiting risk of retail credit exposures
5. Monitoring and reporting on risk of retail credit exposures
6. Internal control
7. Customer relations

Recommendations constitute a framework for proper management and assessment of risk of retail credit exposures. They are a set of good practices in the area of internal procedures that should indirectly and directly reflect the recommendations in all processes related to this type of credit exposures.

For the purposes of this Recommendation, the concept of retail credit exposures is used, understood as credit claims from individuals granted for purposes unrelated to business and agricultural activity, excluding mortgage-secured claims, which are fully covered by Recommendation S, exposures secured by a deposit made by the customer in the bank, credits and loans granted for the purchase of securities due to the specific nature of this product, which has characteristics of an investment credit, and exposures where the source of repayment is income from the sale of securities. Furthermore, the provisions of Recommendation S do not apply to the management of risk of credit exposures financing real estate, unless they are not mortgage-secured.

Recommendation T provides that the retail lending process will result from a policy developed by the bank and approved by the bank's Management Board, and the entire process will be subject to supervision by the bank's Supervisory Board.

In the case of affiliated cooperative banks, the supervisor expects that provisions regarding policy are developed with the support of the affiliated banks, taking into account the individual specificity and risk profile of each affiliated bank and the principle of proportionality. The scale of activity should determine the scope and degree of advancement of the procedures adopted. The process of creating internal regulations in affiliated cooperative banks, despite the active role of the affiliated bank, must not contradict the scope of duties and statutory responsibility of the organs of the affiliated cooperative banks defined in the respective recommendations.

Affiliated banks should also support affiliated cooperative banks in developing analytical tools for measuring the level of risk associated with retail credit exposures, as well as developing and conducting stress tests.

It should be noted that policies and procedures should be adequate to the scale of activity, the degree of complexity of the structure, and the area of operation of the bank. The larger they are, the greater the requirements for the adopted solutions should be. Cooperative banks of significant size, in particular banks with own funds exceeding the equivalent of 5 million euros (converted according to the average exchange rate resulting from the exchange rate table published by the National Bank of Poland, applicable at the end of the year preceding the year of achieving the specified level of own funds), should have procedures fully taking into account the requirements contained in the recommendations.

The provisions of the recommendation regarding the internal control system apply mutatis mutandis to cooperative banks in which, in accordance with Article 10 of the Banking Law, internal control is performed by the affiliated bank. Recommendation T applies to all retail exposures. Due to the principle of proportionality, some provisions of Recommendation T relate specifically to selected groups of exposures. Recommendation 7 indicates credit products for which the bank may apply simplified creditworthiness assessment rules.

For the credits and loans listed in Recommendation 7, the bank may apply simplified creditworthiness assessment rules, inter alia, in determining income and expenses compared to the creditworthiness assessment rules referred to in Recommendation 6. The application of the rules specified in Recommendation 7 is not mandatory, but it cannot be interpreted broadly. Therefore, in the case of applying simplified creditworthiness assessment rules, one should take into account those rules listed in Recommendation 6 that have not been otherwise regulated by the provisions of Recommendation 7.

The average monthly salary in the enterprise sector is indicated as a reference tool without a rigid monetary level, determined independently and published by the Central Statistical Office.

Recommendation T provides for the possibility of making a credit decision based on simplified creditworthiness assessment rules, using scoring models (scoring assessments), the customer's declaration of income level, and analysis of the customer's credit history based on information from own and external databases. The maximum amounts of credits and loans specified in Recommendation 7, for which the bank may apply simplified creditworthiness assessment rules, find their justification, inter alia, in statistical data analyses regarding the quality of the portfolio of cash and installment loans depending on the amount of the incurred obligation.

From the perspective of credit risk management, it is extremely important to correctly and cautiously estimate the acceptable level of the DtI (debt-to-income) ratio, which is a measure allowing to determine what part of the borrower's income is able to be allocated to debt repayment. Regarding the DtI ratio, Recommendation T proposes that banks individually determine the acceptable value of this parameter, adequate to the specificity of the conducted activity and the level of risk accepted by the bank (including simplified creditworthiness assessment rules). The acceptable DtI value should be specified in the risk management strategy approved by the bank's Supervisory Board.

The provisions of Recommendation T, which aim to eliminate excessive risk, introduce restrictions on the lending activities of banks. Their weaker competitive position vis-à-vis entities operating in the Polish market subject to foreign jurisdictions would inevitably lead to an increase in systemic risk. Therefore, guided by the principle of the general good, as well as to limit systemic risk, the Financial Supervision Authority expects that branches of credit institutions in Poland will, to an appropriate extent, comply with the provisions of Recommendation T, in particular recommendations 1, 6, 7, 8, 9, 10, and 19.

The KNF expects that Recommendation T concerning good practices in the management of risk of retail credit exposures, constituting an annex to Resolution No. 59/2013 of the Financial Supervision Authority of 26 February 2013 (Journal of Notices of the KNF item 11 and of 2018 item 19) will be implemented no later than 31 July 2013.

Recommendation T Page 6 of 35 Glossary of Terms

1. Credit exposure – the bank's claim arising from a loan, credit, debt limit (including credit card and overdraft), acquired receivable, cheque, promissory note, realized guarantee, other receivable of a similar nature, and granted off-balance sheet commitment.
2. Retail credit exposure – credit exposure towards an individual, granted for purposes unrelated to business activity or agricultural household management, excluding mortgage-secured credit exposure, exposure secured by a deposit made by the customer in the bank, credit exposure arising from granting a credit for the purchase of securities, and exposure where the source of repayment is income from the sale of securities.
3. Currency credit exposure – retail credit exposure expressed in a currency or indexed to a currency other than the one in which the customer obtains income.
4. Significantly engaged banks – banks in which the share of the portfolio of retail credit exposures exceeds 2% of the value of retail credit exposures for the entire banking sector. The bank determines this share according to data published by the KNF at the end of the year.
5. Credit obligation – the customer's obligation towards the bank arising from a retail credit exposure.
6. Installment credit and loan – retail credit exposures, repaid in installments, granted for the purchase of durable consumer goods, excluding motor vehicles (according to the definition contained in Article 2(32) of the Road Traffic Act).
7. Cooperation with the bank – systematic inflows to the retail customer's bank account maintained in a given bank or the retail customer having in a given bank a product of a credit nature, repaid on time for the last 6 months, or the retail customer having in a given bank a product of a credit nature, repaid on time for the last 6 months, terminated no earlier than in the last 6 months.
8. Creditworthiness – the ability to repay the credit obligation together with interest within the timeframes specified in the agreement.
9. DtI (debt to income) – a ratio characterizing the level of the relationship between expenses related to servicing credit obligations and other financial obligations (not credit obligations) to the customer's income.
10. Risk appetite – expressed in the form of quantitative indicators, the maximum permissible level of exposure to risk of retail credit exposures determined by the bank.
11. Database – standardized internal and external data sets maintained for the purpose of credit risk assessment by the bank and institutions referred to in Article 105(4) of the Act of 29 August 1997 - Banking Law (Journal of Laws of 2017, item 1876, as amended).
12. Economic database – standardized data sets maintained by credit information bureaus referred to in the Act of 9 April 2010 on the provision of economic information and exchange of economic data (Journal of Laws of 2018, item 470, as amended).

Recommendation T Page 7 of 35 13. Retail customer – an individual applying to the bank for a retail credit exposure or having a retail credit exposure in the bank. 14. Household – related or unrelated persons living together and maintaining themselves. Single persons maintaining themselves independently are single-person households. 15. Model – a statistical tool supporting creditworthiness assessment. 16. Scoring model – a model differentiating customers depending on the level of risk of non-performance of obligations. 17. Monitoring (of the model) – verification of the effectiveness of the model's operation performed by the bank unit responsible for the functioning of the model, usually based on statistical measures. 18. Validation – assessment of the effectiveness of the model's operation performed by a bank unit unrelated to the model building process, usually in a more comprehensive manner than within monitoring (e.g., including, besides statistical measures, qualitative assessment). 19. Currency spread – the difference between the currency buying rate and the selling rate.

Recommendation T Page 8 of 35 List of Recommendations I. Management Board and Supervisory Board Recommendation 1 The Management Board of the bank is responsible for approving and implementing a written policy for managing risk of retail credit exposures. The policy in this area should result from the risk management strategy approved by the Supervisory Board, in particular reflecting the risk appetite and maximum DtI ratio level specified in the strategy and accepted by the bank's Supervisory Board.

Recommendation 2 The Management Board of the bank should designate persons responsible for implementing and executing the bank's policy on managing risk of retail credit exposures.

Recommendation 3 The Management Board of the bank should assess the policy for managing risk of retail credit exposures at least once every six months regarding the manner of its application and the necessity of introducing necessary changes. The Management Board of the bank should inform the Supervisory Board about the results of the assessment.

Recommendation 4 The Supervisory Board, in the course of fulfilling its functions and responsibility for the risk management system in the bank, should supervise the implementation of the policy for managing risk of retail credit exposures.

Recommendation 5 The organizational structure of the bank, while maintaining the principle of proportionality and taking into account the scale of activity and risk profile, should ensure the separation of functions: a) sales, b) risk acceptance, c) monitoring and control of risk of retail credit exposures.

II. Identification, measurement, and assessment of risk of retail credit exposures Recommendation 6 Before the bank decides to engage in a retail credit exposure, it is necessary to examine the customer's creditworthiness in quantitative and qualitative terms. In the case of retail credit exposures, possessing creditworthiness should be the primary factor determining the possibility of a retail customer incurring a credit obligation in the bank.

Recommendation 7 In the case of granting to retail customers: a) installment credits and loans, for which the amount of credit or loan does not exceed four times the average monthly salary in the enterprise sector, b) credits and loans

• for customers with cooperation with the bank lasting at least six months, for which the amount of credit or loan does not exceed six times the average monthly salary in the enterprise sector,
• for customers with cooperation with the bank lasting at least twelve months, for which the amount of credit or loan does not exceed twelve times the average monthly salary in the enterprise sector,
• for other customers, for which the amount of credit or loan does not exceed the average monthly salary in the enterprise sector the bank may apply simplified creditworthiness assessment rules.

Recommendation 8 The bank should inform the KNF about the application of simplified rules.

Recommendation 9 The Management Board of the bank sets the level of the DtI ratio relating to the maximum level of the relationship between expenses related to servicing credit obligations and other financial obligations (from which the retail customer cannot withdraw, i.e., resulting inter alia from legal provisions or having a permanent and irrevocable nature) to the incomes of retail customers. The level of the DtI ratio should be specified in the risk management strategy approved by the bank's Supervisory Board.

Recommendation 10 Within the customer creditworthiness assessment process, it is necessary for banks to use external databases every time, in particular interbank databases built by institutions referred to in Article 105(4) of the Act of 29 August 1997 - Banking Law (Journal of Laws of 2017, item 1876, as amended). Banks should, when justified, use data available in economic databases.

III. Tools supporting the risk management process for retail credit exposures Recommendation 11 The bank should have internal information systems, databases, and analytical tools supporting the measurement of the level of risk associated with retail credit exposures.

Recommendation 12 The bank should determine the scope of application, manner of use, and interpretation of results obtained using models. To ensure reliable and effective models, the bank regularly verifies their use and effectiveness.

IV. Counteracting / limiting risk of retail credit exposures Recommendation 13 The bank should have internal limits approved by the Management Board limiting credit risk relating to the entire portfolio, as well as individual types of retail credit exposures. These limits should reflect the scale of the bank's activity, diversification of credit exposures and accepted collateral, and the level of risk appetite.

Recommendation 14 The bank conducts stress tests investigating the impact of factors from the internal and external environment of the bank on the risk of retail credit exposures.

Recommendation 15 One of the ways to limit risk arising from retail credit exposures is the bank accepting collateral. Banks should specify in internal procedures the maximum exposure value for which the use of collateral is not required. This limit should be approved by the bank's Management Board taking into account the level of risk appetite.

V. Monitoring and reporting on risk of retail credit exposures Recommendation 16 The bank should have systems for monitoring retail credit exposures, with particular attention to procedures ensuring compliance with regulatory requirements, both external and internal. Ensuring constant, current control of retail credit exposures should enable the rapid acquisition of managerial information and a quick reaction by the bank to existing threats.

Recommendation 17 The bank should ensure an effective reporting system on the implementation of the policy for managing risk of retail credit exposures and the level of risk arising from these exposures, providing information enabling actions to ensure the maintenance of the accepted level of risk appetite.

VI. Internal control Recommendation 18 The bank should have an effective internal control system covering the bank's activity in the area of retail credit exposures.

VII. Customer relations Recommendation 19 The bank should have written internal procedures specifying the manner and scope of informing each customer applying for a retail credit in accordance with the requirements of the Consumer Credit Act. In the case of a customer applying for a credit or loan expressed in a currency or indexed to a currency other than the one in which they obtain income, the bank should additionally, in a clear form, inform the customer about the risk associated with this exposure and its consequences and the impact of the currency spread.

Recommendation T Page 11 of 35 income, the bank should additionally, in a clear form, inform the customer about the risk associated with this exposure and its consequences and the impact of the currency spread.

1 Directive CRD provides criteria for systemic importance, in connection with the definition of systemically important branches of credit institutions. One of the criteria is a 2% share of the branch in the deposits of the banking sector of the host country. 2 Data is published by the KNF by 15 February of the following year.