Instruction No. 25/2016 of 16 November on Credit Risk Governance

INSTRUCTION NO. 25/16 of 16 November SUBJECT: CREDIT RISK GOVERNANCE

Considering the provisions established in Notice No. 07/2016 of 22 June, on Risk Governance, Financial Institutions must adopt functions, policies, and risk management processes for the identification, assessment, monitoring, control, and reporting of credit risk;

In these terms, and under the combined provisions of the letters d) and f) of Article 21st and letter d) of paragraph 1 of Article 51st, both of Law No. 16/10, of 15 July – Law of the National Bank of Angola, and Article 90th of Law No. 12/15, of 17 June – Law of the Bases of Financial Institutions.

I DETERMINE:

1. Definitions Without prejudice to the definitions established in the Law of the Bases of Financial Institutions, for the purposes of this Instruction, the following are understood:

1.1 Risk factor: aspect or characteristic that influences risk. In the assessment of risks, the characteristics of products and financial markets, borrowers, and processes in force within Institutions are relevant, namely.

1.1 Impairment: negative impact, capable of being reliably estimated, on future cash flows associated with the risk position, resulting from objective evidence of one or more events occurring after the initial accounting recognition of the risk position.

1.2 Risk position: exposure relative to an asset, an off-balance sheet item, or a financial derivative instrument, plus income of any nature not received that are reflected accounting-wise as amounts receivable, regardless of whether they are due or overdue, in accordance with the criteria of the Chart of Accounts Manual for Financial Institutions.

1.3 Country risk: arising from the default of financial commitments contractually assumed by a counterparty due to the characteristics of, or events occurring in, a specific country.

CONTINUATION OF INSTRUCTION NO. 25/2016 Page 2 of 13

2. Organizational and Operational Structure Requirements

2.1 In accordance with the provisions of paragraph 9 of Article 9th of the Notice on Risk Governance, Institutions must guarantee the existence of a body of staff with experience, knowledge, and training to act prudently in the assessment, approval, and management of credit risk.

2.2 Institutions must define an unequivocal and consistent hierarchy for decision-making regarding credit activities.

2.3 The governing body must delegate competencies and adequately invest in the necessary resources to ensure that efforts of the various staff involved in credit granting and monitoring processes are coordinated and that respective decisions are made in a solid and consistent manner.

2.4 Credit granting decisions depend on the nature, size, complexity, and profile of risk positions and may require approval from front and back offices.

2.5 Whenever the decisions referred to in the previous point are taken by a single committee, the voting structure implemented must ensure that the back office holds the majority of votes, i.e., veto power.

2.6 Without prejudice to the provisions in the previous point, in cases of credit granting considered immaterial, Institutions may decide that only one vote is sufficient for decision-making.

2.7 Members of the governing body may, within the limits of individual decision-making, take independent credit granting decisions.

2.8 The risk monitoring report must highlight the credit granting decisions referred to in the previous point that did not pass the vote or whenever these decisions come from a member of the governing body responsible for the back office.

2.9 Material transactions with related parties must be subject to the approval of the governing body, excluding members with potential conflicts of interest.

2.10 Policies and processes for credit granting approval must establish accountability for decision-making and designate who has the authority to approve credits or alter their terms, depending on the size and nature of the credit.

2.11 Together with the process for approving new credits, Institutions must have policies and processes for the alteration, renewal, and restructuring of existing credits.

2.12 Contractual agreements related to credit activities must be concluded using legally valid credit application documents, which must be: a) standardized, according to the nature, size, complexity, and content of the risk; b) regularly updated; c) used for credit granting agreements with individuals and legal entities.

CONTINUATION OF INSTRUCTION NO. 25/2016 Page 3 of 13

2.13 Documents for credit granting approval must include quantitative and qualitative risk factors, at least: a) the purpose of the credit and the sources of repayment; b) the current risk profile, including its activity, country, the aggregated value of the counterparty's risks, and real or personal guarantees, including their execution conditions, both with the Institution and with the financial system; c) the borrower's history and current repayment capacity, based on historical trends and projections of future cash flows; d) the borrower's experience, volatility of their economic sector, and their position within it; e) proposed credit terms and conditions, including contractual clauses aimed at protecting the Institution from future changes in the borrower's risk profile.

2.14 A procedure must be established to ensure the timely submission of documents necessary for the assessment of credit applications.

2.15 Staff who perform tasks such as the custody of sensitive documents, fund transfers, or the introduction of limits in information and communication systems must report to staff with management responsibilities independent of the initiation of the operation and the credit approval process.

2.16 Responsibility for the development and quality of the systems referred to in point 7.1 of paragraph 7 of this Instruction must lie with the middle and back offices, with the support of the front office, ensuring they are adequate for processing, monitoring, continuous management of granted credits, treatment of credits with signs of impairment, and provisioning.

CONTINUATION OF INSTRUCTION NO. 25/2016 Page 4 of 13

3. Identification

3.1 An effective credit risk management process must consider the identification and analysis of existing and potential risks inherent to any product or activity.

3.2 The credit risk identification framework must be comprehensive to ensure that relevant risk concentrations for the Institution are considered, including off-balance sheet risk positions and those recorded on the balance sheet.

3.3 The determination of credit risk concentration must consider: a) subtypes of credit concentration, including risk positions with counterparties, groups of interconnected counterparties, and counterparties belonging to the same economic sector, geographic region, or performing the same activities; b) credit risk mitigation techniques associated with large indirect risk positions.

3.4 Institutions must consider the reality of counterparties participating in the credit operation, as well as those providing guarantees on it, verifying their characteristics, ensuring they have integrity, solid reputation, and creditworthiness, before agreeing on a new contractual link.

3.5 Institutions must guarantee that credit files include information allowing verification of the counterparty's current financial condition, complete information on past decisions, and the credit history.

3.6 For the verification referred to in the previous point, Institutions must define, formalize, and implement policies and processes, including the appointment of responsible persons, to ensure the adequacy and timeliness of information present in credit files.

3.7 Institutions must have criteria to identify situations where, in the credit granting process, it is appropriate to classify a counterparty into a group of interconnected counterparties.

CONTINUATION OF INSTRUCTION NO. 25/2016 Page 5 of 13

3.8 Institutions must consider the risk associated with the country of origin of the foreign counterparty, which may have consequences for granted credits and capital investments, whenever international credits are granted.

4. Assessment

4.1 Institutions must assess the relationship between risk and return of any credit, considering possible negative scenarios.

4.2 Institutions may use the credit contract structure and guarantees to mitigate risks arising from individual credits, without prejudice to credit granting being governed by the counterparty's repayment capacity, obtained through comprehensive assessment of the counterparty and sufficiency of information.

4.3 Institutions must have policies regulating the acceptance of guarantees and a process that guarantees their execution.

4.4 Institutions must assess the level of credit coverage provided by guarantees, considering the quality of the respective credits.

4.5 Institutions must develop and use adequate mechanisms to classify granted credits and provided guarantees, in accordance with Notice No. 11/2014, of 17 December, on specific requirements for credit operations, and Notice No. 10/2014, of 10 December, on guarantees for prudential purposes, to ensure that all risk positions are appropriately assigned to a risk class for the purpose of their initial assessment.

4.6 Institutions must develop models and indicators for the assessment of credit risk concentration, which adequately capture the nature of interdependencies between risk positions, and whose underlying assumptions and technical specifics are understood by the Institutions.

CONTINUATION OF INSTRUCTION NO. 25/2016 Page 6 of 13

4.7 The model structure referred to in the previous paragraph must be in accordance with the characteristics of the institution's credit portfolio and the dependency structure of its risk positions.

5. Monitoring and Control from a Customer Credit Perspective

5.1 Institutions must develop and use mechanisms adequate to the nature of their activity, size, and complexity to monitor granted credits and provided guarantees, in compliance with the provisions of point 4.5 of the previous paragraph of this Instruction.

5.2 For the permanent and systematic monitoring of granted credits, as well as the prevention of default, Institutions must: a) develop indicators for the early detection of risk factors using quantitative and qualitative measures; b) define competent structures, identifying their responsible persons and respective contact elements, for the following functions: i. collection of information regarding counterparties; ii. processing and analysis of collected information; iii. assessment of default risk. c) guarantee that implemented information and communication systems enable the timely identification of occurrences indicating the degradation of the counterparty's financial capacity and emit alerts to relevant staff; d) define procedures so that staff, having taken knowledge of actual occurrences in the indicators set out in letter a), can communicate to the unit of structure responsible for their processing and analysis;

e) create mechanisms that allow counterparties themselves to communicate situations of difficulty in fulfilling assumed obligations; f) guarantee the integration of relevant collected information about counterparties in information and communication systems, indicating degradation of their compliance capacity.

5.3 Institutions must establish policies and procedures to address imminent default situations, defining the entire recovery or restructuring procedure of the credit.

5.4 Institutions must take into account the potential impacts on capital adequacy and provisions that may arise from imminent default situations.

5.5 Institutions must formulate guidelines for the processing of documentation related to credit operations, which must be detailed and exhaustive, notably by type of credit, and develop processes for the monitoring and execution of received guarantees, in accordance with Notice No. 10/2014, of 10 December, on guarantees for prudential purposes.

5.6 In order to ensure continuous monitoring of the counterparty's financial condition, information and communication systems must allow: a) monitoring compliance with contractual clauses; b) evaluating the coverage of guarantees; c) detecting irregularity situations and routing them to competent management areas, promoting, if applicable, the revision of the credit classification; d) promoting necessary changes to contractual agreements; e) constituting adequate provisions.

CONTINUATION OF INSTRUCTION NO. 25/2016 Page 7 of 13

5.7 Classifications assigned to counterparties at the time the credit is granted must be reviewed periodically, at least monthly or when there are indications of changes in the counterparty's financial capacity. This activity must be assigned to a function independent of the one responsible for credit granting.

5.8 Monitoring of country risk factors, presented in point 3.8 of paragraph 3 of this Instruction, must incorporate: a) the potential default of foreign counterparties as a consequence of economic factors specific to the country; and, b) the conditions for the application of the credit contract and execution of real guarantees in their respective legal framework.

6. Monitoring and Control from a Credit Portfolio Perspective - Stress Tests

6.1 Stress tests or crisis simulations must involve the identification of possible events or future changes in economic, financial, and structural conditions that may compromise the solidity of Institutions. Institutions must examine, notably, the following situations: a) economic recessions; b) market risk events; c) liquidity conditions.

6.2 Institutions must monitor the links between different risk factors that are likely to emerge in times of crisis.

6.3 Stress tests, in the form of sensitivity analyses and scenario analyses, are essential for identifying and assessing credit risk and its concentration, and must be used for the identification of interdependencies between risk positions that may arise under extreme conditions.

CONTINUATION OF INSTRUCTION NO. 25/2016 Page 8 of 13

7. Monitoring and Control from a Credit Portfolio Perspective - Limit System

7.1 The limit system established in accordance with number 7 of Article 7th of the Notice on Risk Governance must be compatible with the size, complexity, and sophistication of risk management systems, as well as the experience and competence of the Institution's staff.

7.2 Institutions must perform regular analyses of their risk positions, including estimates of their trends, using their results to establish and verify the adequacy of processes and limits for the management of credit risk concentration.

7.3 Whenever material underlying risks resulting from credit risk concentration are identified, Institutions must take appropriate mitigation measures, notably reducing limits to risk concentration, diversifying and adapting the financing structure, as well as acquiring, from other parties, financial instruments that offer coverage.

7.4 Institutions must establish a credit limit system that includes the following categories: a) aggregated exposure to risk; b) exposure to specific industries or economic sectors, geographic regions, products, currencies, and maturities; c) individual exposure, considering the internal credit risk assessment.

7.5 The limit system must be considered in the management of the global credit risk profile of Institutions, ensuring that credit granting activities are adequately diversified.

7.6 The limit system must consider: a) results of stress tests;

CONTINUATION OF INSTRUCTION NO. 25/2016 Page 9 of 13

b) risks associated with the nature of exposures to settlement of positions in the short term, in case of counterparty default.

7.7 Whenever an Institution is involved in several transactions with the same counterparty, the potential exposure must be calculated over multiple time horizons.

7.8 The limit system must ensure the emission of alerts to staff with management responsibilities and, if applicable, to the governing body, whenever credit granting exceeds predetermined levels and has an impact in terms of concentration.

8. Reporting

8.1 Institutions must define, formalize, implement, and periodically review policies and procedures for reporting, which must be adequate to their nature, size, complexity, and risk profile.

8.2 In internal reporting, Institutions must provide the main results of the stages of identification, assessment, monitoring, and control of credit risk and its concentration, to the governing body and staff with management responsibilities, which must include, at least: a) implemented credit risk management policies; b) global exposure and concentration; c) mitigation actions taken; d) developments in new products or business initiatives; e) results of stress tests; f) qualitative and, when appropriate, quantitative information on inter and intra-risk concentrations.

CONTINUATION OF INSTRUCTION NO. 25/2016 Page 10 of 13

8.3 In external reporting, Institutions must define, formalize, and implement policies and processes to transmit to stakeholders comprehensive information, which must include, at least: a) qualitative information, on: i. investment strategies and respective processes; ii. structure and organization of the credit risk management function; iii. overdue credit and credit with signs of impairment, for accounting purposes; iv. approach for determining credit remuneration and statistical methods used; v. credit risk management policies; b) quantitative information, on: i. global exposure and average exposure during the period in question, discriminating the main types of risk positions; ii. geographic distribution of risk positions, with detail on the most significant areas and the main types of risk positions in each area; iii. distribution of risk positions by industry or counterparty, detailing the main types of risk positions; iv. detail of the residual contractual maturity of the c

[Note: The source text ends abruptly at "v.iv. detail of the residual contractual maturity of the c". The translation reflects this truncation.]