Regarding the Management of Credit, Counterparty, Concentration, and Exchange Rate Risks

CENTRAL BANK OF DJIBOUTI

INSTRUCTION NO. 2019-04

REGARDING THE MANAGEMENT OF CREDIT, COUNTERPARTY, CONCENTRATION, AND EXCHANGE RATE RISKS

The Governor of the Central Bank of Djibouti,

Having regard to Law No. 118/AN/11/6ème L of January 22, 2011 establishing the Statutes of the Central Bank of Djibouti;

Having regard to Law No. 119/AN/11/6ème L of January 22, 2011 on the establishment and supervision of credit institutions and financial auxiliaries;

Having regard to Decree No. 2018-171/PRE of May 8, 2018 appointing the Governor of the Central Bank of Djibouti.

Has decreed:

Article 1:

To establish the risk management framework that credit institutions must implement to ensure risk control, this instruction defines the organizational framework and general principles applicable to overall risk management, as well as specific provisions concerning the management of credit risks to clients, counterparty risks in interbank markets, concentration risks, and foreign exchange risks.

Credit institutions are required to organize risk management in accordance with the provisions of this instruction.

1. General Provisions

Article 2:

The board of directors, upon proposal by the executive management and after advice from the risk committee, sets the credit institution's risk strategy and risk acceptance level, in accordance with Instruction 2019-05 on corporate governance for credit institutions. These general guidelines must align with the institution's capital, liquidity, human resources, and technical capabilities, and comply with legal and regulatory requirements.

The board of directors must review the risk strategy and acceptance level at least once a year relative to the institution's risk profile, achieved results, market conditions, and economic environment.

It continuously ensures, through the risk committee's work, that the operational policies and activity plan implemented by executive management fall within the defined strategy and respect the established risk acceptance level. The risk committee must be specifically consulted on the launch of new activities or products.

Article 3:

Credit institutions are required to implement and update a risk map that, based on the nature and complexity of operations and the level of risk, enables the definition of appropriate risk management frameworks.

Article 4:

The board of directors defines risk limits in all areas presenting significant risks and establishes the delegations it grants to executive management.

Executive management ensures that limits and procedures related to delegation of authority and sub-delegations granted to committees or individuals are documented and disseminated to relevant personnel.

The board of directors reviews limits and delegations as necessary and at least once a year.

Exceptions to standard limits and procedures must follow a special procedure specifying, among other things, the delegation level at which the decision can be made and any prior approval required from executive management or the board of directors. This procedure must stipulate conditions for prior and post-facto information to executive management and the board of directors.

Article 5:

The organization of the risk management function must be approved by the board of directors on the advice of the risk committee.

The risk management organization and frameworks must be adapted to the nature and volume of the credit institution's activities, the number of its locations, and the various types of risks to which it is exposed.

Executive management must designate a Head of Risk Management. Their appointment or dismissal must be approved by the board of directors. They report to executive management and the risk committee.

Depending on the institution's size, nature, and importance of risks, executive management may create specialized committees to ensure continuous risk monitoring. These committees report their work to executive management and the risk committee at appropriate intervals. These committees may include, in addition to the Head of Risk Management, any head whose presence is useful to the committee.

The Head of Risk Management and personnel assigned to risk management cannot exercise decision-making power or perform operational tasks.

Article 6:

The board of directors must ensure that executive management implements necessary frameworks to identify, measure, assess, monitor, and control risks, and to implement mitigation measures if needed.

Information systems must be adapted to enable risk identification and measurement, and access, selection, and centralization of information as required for risk monitoring.

The quality of information provided to executive management and the board of directors must enable a complete view of risks, and the provided elements must be easily understandable regardless of the complexity of activities and operations.

Implemented frameworks must follow a proportionality principle, ensuring that the nature, importance, and frequency of risk monitoring are adapted to the potential losses generated by each type of risk.

Article 7:

Compliance with limits set by the board of directors must be monitored continuously and result in a report addressed to executive management, the risk committee, and the board of directors.

This report must include an analysis of the reasons for any breaches, the duration of these breaches, and the measures taken to return within limits.

Article 8:

Frameworks must enable the assessment of the credit institution's vulnerability to stress situations, and crisis simulation tools must be implemented for this purpose.

Institutions must formalize an emergency plan and outline corrective measures to be implemented, approved by the board of directors, to address major risks and problems arising from unforeseen events.

2. Internal Capital Allocation

Article 9:

Credit institutions must implement a framework to assess capital deemed adequate relative to the nature and level of risks to which they are exposed.

Article 10:

The assessment must cover all risks, including those not subject to capital requirements under the prudential regulations of the Central Bank of Djibouti.

Credit institutions must also examine the adequate link between risks and liquidity.

Article 11:

When the Central Bank of Djibouti considers that certain risks are not adequately covered by capital, or that risk management and internal control systems are inadequate, it may require, pursuant to Article 7 of Instruction No. 2011-03 on the solvency of credit institutions, compliance with a solvency ratio higher than that set by this instruction, or, pursuant to Article 54 of Law No. 119/AN/11/6ème L on the establishment and supervision of credit institutions and financial auxiliaries, issue an injunction to reduce exposure levels to these risks, or halt activities or operations causing these exposures.

3. Credit Risks

Article 12:

For the purposes of this instruction, credit risk corresponds to the risk incurred in the event of a counterparty's default: bank, company, individual, or other third party, or a group of beneficiaries consisting of natural or legal persons linked to each other and presenting a single risk for the lending institution, whether the link is capital, financial, or economic.

Article 13:

Credit institutions must implement a measurement, assessment, and monitoring device for credit risks to ensure that counterparty default risks are continuously and appropriately monitored, thereby informing executive management and the board of directors on the implementation of risk policy and compliance with granted delegations and established limits.

Article 14:

Delegations granted by the board of directors to the CEO must be exercised within a credit committee for the most significant commitments exceeding a threshold defined by the board of directors. The composition and procedures governing the committee must ensure the solvency and good conduct of credit beneficiaries and guarantee that, both in substance and form, credit granting respects professional standards. Decisions of this committee, under the responsibility of executive management, are subject to regular reporting to the risk committee and the board of directors.

Article 15:

The credit function must be organized to ensure strict separation and independence:

• of personnel responsible for committing credit operations and their first-line monitoring;
• of personnel responsible for their validation: accounting recording, guarantee verification and retention, fund release;
• of personnel responsible for second-line risk management attached to the Head of Risk.

Article 16:

When the nature and importance of operations require it, credit institutions must ensure, including within delegation procedures, that loan or commitment decisions are made by at least two persons and that credit files are analyzed by an independent specialized unit separate from operational entities.

Article 17:

The credit risk control device must ensure that risks to which the institution may be exposed due to a counterparty's default are properly assessed and monitored.

Article 18:

A rating must be assigned to each counterparty using a reliable system and reviewed at least once a year. The system used must enable risk differentiation and quantification and must be used for both credit granting, pricing, and risk monitoring.

The rating system must at minimum meet the loan classification requirements set by Instruction No. 2019-03 on loan classification and provisioning for non-performing loans, distinguishing between performing, watchlist, substandard, doubtful, and impaired loans.

The rating process must stipulate that assigned or revised ratings are validated by the risk management structure.

Article 19:

The responsibilities of persons and bodies authorized to commit the institution and the criteria for assessing credit risk must be clearly and precisely defined and documented in writing. The delegation system must notably take into account the counterparty rating grid.

Job descriptions and internal procedures must precisely define the functions assigned to each person, their hierarchical reporting line, and the powers delegated to them.

Article 20:

Loan or commitment decision procedures, particularly when organized via delegation, must be clearly formalized and adapted to the company's characteristics, particularly its size, organization, and nature of activity.

Written procedures setting criteria to be met for granting and monitoring commitments must be regularly updated and disseminated to all personnel.

Article 21:

Credit decisions must be supported by files containing all quantitative and qualitative information regarding the applicant, including accounting documents, financial statements, salary or income certificates, or any equivalent documents.

Information must cover both the credit applicant themselves and entities with which they form an interest group, considering legal and financial links and/or significant dependency levels.

Credit files must be regularly monitored and updated. Credit institutions must review these files at least quarterly for counterparties whose loans are non-performing or who present significant risks or volumes.

For the most significant files presented to the credit committee or a hierarchical decision, a contradictory study of the credit request different from that presented by the credit granting channel must be conducted by a service or person independent of that channel.

When the beneficiary is a banking institution, the same diligence is required for file study and monitoring, and a study must be conducted on its solvency and liquidity.

When credit must be granted to a non-resident counterparty, a study must be conducted on the country risk associated with the operation.

Article 22:

Credit decisions must consider the overall profitability of operations conducted with the client through a forward-looking analysis of costs and revenues (funding and operational costs, charge corresponding to potential counterparty default risk, and remuneration of equity). Executive management must conduct a post-facto profitability analysis of credit operations at least semi-annually.

Article 23:

Credits granted to persons related to the credit institution as defined by Instruction No. 2019-02 on relations between credit institutions and related parties must be processed under the same conditions as those granted to other clients and comply with the provisions of that instruction.

They are subject to appropriate monitoring by the risk management function and reporting to the board of directors and the Central Bank of Djibouti according to the modalities set by the aforementioned instruction.

Article 24:

Credits granted to natural or legal persons likely to create a conflict between the institution's interests and those of the beneficiaries must be mandatorily granted under conditions compliant with rules applicable to the entire client base, excluding from the study, decision, and monitoring process persons likely to be directly or indirectly involved in the conflict of interest.

The risk committee and the board of directors must be kept informed of these operations.

Article 25:

Credit institutions must have a credit risk selection procedure and a risk measurement system enabling them to notably:

• identify and aggregate all balance sheet and off-balance sheet risks on the same beneficiary or group of beneficiaries;
• classify commitments by risk level using qualitative and quantitative information, utilizing the internal rating system;
• apprehend and control concentration risk through documented procedures;
• verify the adequacy of commitment diversification to their credit policy.

Article 26:

Credit risk assessment must consider, among other things, the nature of activities conducted by the applicant, their financial situation, the net worth of major shareholders or partners, their repayment capacity, and, where applicable, proposed guarantees serving to mitigate risk.

It must also take into account any other information enabling a more relevant