Circular to Banks and Financial Institutions No. 2016-06 of October 11, 2016

Tunis, October 11, 2016

CIRCULAR TO BANKS AND FINANCIAL INSTITUTIONS No. 2016-06 ON THE COUNTERPARTY RATING SYSTEM

The Governor of the Central Bank of Tunisia, Having regard to Law No. 2016-35 of April 25, 2016 establishing the statutes of the Central Bank of Tunisia; Having regard to Law No. 2016-48 of July 11, 2016 on banks and financial institutions; Having regard to Circular No. 91-24 of December 17, 1991 to credit institutions on risk division, coverage, and monitoring of commitments, as amended by subsequent texts; Having regard to Circular No. 2006-19 of November 28, 2006 to credit institutions on internal control and notably its Article 25; Having regard to Circular No. 2011-06 of May 20, 2011 to credit institutions on strengthening good governance rules in credit institutions; Having regard to Note No. 93-23 of July 30, 1993 to banks and financial institutions on the terms of reference for audit of accounts; Having regard to the decision of the Board of Directors of the Central Bank of Tunisia dated September 28, 2016; Having regard to Opinion No. 05-2016 of the Compliance Control Committee dated October 5, 2016, as provided for by Article 42 of Law No. 2016-35 of April 25, 2016 establishing the statutes of the Central Bank of Tunisia; Decides:

Article 1: For the purposes of this Circular, the following terms shall apply: Institution: A bank or financial institution as defined in Law No. 2016-48 of July 11, 2016 on banks and financial institutions. Board: The Board of Directors or the Supervisory Board. Management Body: The General Management or the Executive Committee. Transaction: Any facility constituting a commitment of the institution generating credit risk, regardless of its nature, maturity, domicile, or counterparty. In addition to financing, signature commitments, hedging instruments, and derivatives fall within the scope of transactions. Default: A situation where an institution considers it unlikely that the counterparty will repay its commitment in full without the institution needing to take appropriate measures, such as realizing a guarantee, or when the counterparty's arrears on one of its significant commitments to the institution exceed 90 days. Rating System: The set of methods, procedures, controls, data collection systems, and information technology systems that enable the assessment of credit risk, rating of counterparties, their allocation to a risk class, and the quantification of default and loss estimates for a given type of counterparty.

Article 2: The purpose of this Circular is to establish a number of principles inspired by the Basel framework regarding the design, structure, updating, use, and control of the rating system. These constitute minimum requirements that institutions must comply with in order to assign a rating to each counterparty under Article 25 of Circular No. 2006-19 of November 28, 2006 on internal control. This internal rating must play a primary role in the credit granting process, client pricing policy, risk management policy, and internal allocation of own funds, in preparation for the adoption of the Internal Ratings-Based (IRB) approach under Basel II.

Article 3: The following provisions apply to the rating of the following counterparty categories: Sovereigns, Banks, Financial Institutions, and Corporates.

CHAPTER 1: RATING PARAMETERS AND STRUCTURE OF THE RATING SYSTEM Article 4: The rating system must satisfy the following requirements: a) It comprises two distinct parameters: counterparty-specific factors relating to the assessment of risk attached to the counterparty itself, regardless of transaction nature, and transaction-specific factors integrating the nature of the operation and the assessment of the quality of received collateral. b) It includes a counterparty rating scale that exclusively reflects the quantification of their default risk. This scale comprises at least seven ratings for non-defaulted counterparties and one rating for defaulted counterparties. Each rating corresponds to a risk level defined based on a set of specific and sufficiently distinct rating criteria that enable the assessment of default risk for the relevant counterparties. c) Institutions define the relationship between counterparty ratings associated with a default risk level and the criteria used to determine that level. d) Institutions whose portfolios are concentrated on a specific market segment and within a certain default risk range must maintain a sufficient number of counterparty ratings within that range to avoid excessive concentration of counterparties on a given rating. e) Significant concentrations on a given rating must be justified by convincing empirical evidence establishing that the relevant counterparty category is covered by a reasonably narrow default probability range and that the inherent default risk of all counterparties within it corresponds to that range.

Article 5: For the design of their rating system, institutions must rely on formalized definitions, procedures, and rating criteria for counterparty ratings or their allocation to different risk classes. The following requirements must be met: a) Definitions and criteria are sufficiently detailed to enable those responsible for rating allocation to assign the same rating to counterparties with identical risk, consistently across relevant business lines, departments, or geographic locations; b) Rating procedure documentation enables internal audit and external third parties, such as statutory auditors and the Central Bank of Tunisia, to understand rating assignment methods, reconstruct ratings, and evaluate whether allocations to different ratings are appropriate; c) Used criteria align with internal credit granting policies and procedures, as well as credit risk management policies. d) Rating criteria and procedures are reviewed periodically, at least once a year, to determine whether they remain suitable for the institution's portfolio and its economic environment.

Article 6: Institutions must consider all relevant information when assigning ratings to counterparties. An institution must be increasingly prudent in its rating policy as the amount of available information on a counterparty decreases. When an institution relies on an external rating as the primary factor for determining its internal rating, it ensures that other relevant information is taken into account.

Article 7: Although the default probability value is estimated over a one-year horizon, institutions must base their rating assignments on longer-term horizons. The selected horizons must be documented in writing and specified for raters. The rating must enable the assessment of a counterparty's capacity and willingness to honor its commitments, even under unfavorable economic conditions or unforeseen events. To this end, institutions shall either:

• conduct periodic simulations of plausible crisis situations at least once a year to underpin ratings,
• without specifying a particular crisis scenario, consider vulnerability factors characterizing the counterparty in difficult economic situations or unforeseen events. The range of envisaged economic situations must incorporate the current situation and those that may affect, during an economic cycle, the relevant economic sector or geographic area. Within this framework, institutions must exercise prudence in their analyses.

Article 8: When an institution uses a statistical model or any other mechanized device to assign ratings to counterparties, the following conditions must be met: a) The model has strong forecasting capability and does not contain significant biases. Variables feeding the model form a coherent and effective basis for establishing forecasts. b) The existence of a procedure to verify model input data, particularly controlling their reliability, completeness, and relevance. c) Data used to construct the model are representative of all counterparties. d) The existence of a model validation program, which includes monitoring performance and reliability, reviewing parameters, and evaluating the results produced against observed outcomes. e) To control the ratings it produces and ensure appropriate model usage, expert analysis and judgment supplement the statistical model and consider all relevant information not integrated by the model. Review procedures detect and limit errors related to model weaknesses; f) The linkage between model results and expert judgments is documented.

Article 9: Within the credit risk assessment process, a rating is assigned to each distinct legal entity on which the institution holds an exposure, as well as to all corporate guarantors. The treatment of individual entities affiliated with the same group, as well as the circumstances under which the same rating may or may not be assigned to all or some entities within that group, must be subject to detailed procedures. Since group rating is performed on a consolidated basis, these procedures specify the criteria and rules under which an entity's rating may benefit from the support of its affiliated group.

Article 10: The counterparty rating procedure must satisfy, among others, the following requirements: a) Rating assignment and regular review are performed or approved by a person independent of credit granting or renewal decision-making structures. Practices followed for this purpose are documented in writing within the institution's procedures and integrated into its credit policy; b) institutions update their counterparty ratings at least once a year. Counterparties considered particularly risky or facing significant difficulties undergo more frequent review; c) institutions establish an effective process enabling them to obtain and update relevant information on counterparty characteristics affecting default probabilities. They possess a rapid rating update procedure allowing integration of this information upon receipt and, where applicable, assignment of a new rating to the counterparty.

CHAPTER 2: DOCUMENTATION RELATING TO THE RATING SYSTEM Article 11: Institutions must maintain appropriate documentation including, among others: a) the design and operation of their rating systems. This documentation demonstrates compliance with the minimum requirements set forth in this Circular, specifically addressing portfolio differentiation, rating criteria, responsibilities of rating personnel, frequency of rating reviews, and monitoring mechanisms by the management body; b) the reasons and analysis motivating the selection of rating criteria, demonstrating that these criteria can provide ratings that significantly differentiate risk; c) any significant changes to the rating framework. This documentation accounts for modifications implemented following observations by internal audit and third parties, notably statutory auditors and the Central Bank of Tunisia; d) the entire rating framework, along with associated internal control; e) specific definitions of default and loss used by the institution. When an institution uses statistical models within its rating framework, it must document the methodology, specifying, among others:

• the detailed theories, hypotheses, mathematical foundations, and empirical analysis from which estimates are assigned to ratings;
• the data sources used to develop the model;
• the statistical framework that must be rigorously applied to validate the model;
• all circumstances under which the model may exhibit bias. The use of a model from a third party claiming exclusive rights to its technology does not exempt institutions from complying with the requirements of this chapter regarding rating systems, particularly the obligation to provide appropriate documentation.

Article 12: Data on counterparties and transaction characteristics must be collected and retained. They must be sufficiently detailed to enable the retrospective reallocation of counterparties to ratings. To this end, the institution maintains a historical record of previously applied ratings for counterparties and corporate guarantors, comprising the following information: a) rating assignment dates; b) the method and primary data used to establish ratings; c) the identity of the person who assigned the ratings; d) identification of defaulted counterparties and exposures in default; e) the date and circumstances of these defaults; f) data on default probabilities and loss rates associated with each rating, as well as rating migrations.

CHAPTER 3: GOVERNANCE AND CONTROL OF THE RATING SYSTEM Article 13: The counterparty rating system, including the main elements of rating processes, is validated by the Board. Board members must possess a solid understanding of general risk rating system principles and a good comprehension of associated reports. The management body must also have a thorough understanding of the rating system's design and operation, validate significant differences between established procedures and practice. It must continuously ensure the proper functioning and effectiveness of the rating system. The management body must keep the Board informed of all major changes or exceptions to approved policies that significantly impact rating system operations. Analyses of the institution's credit risk profile based on internal rating systems constitute an essential element of reports submitted to the Board or management body. These reports must include, among others, the risk profile for each rating, migrations between different ratings, estimation of major parameters per rating, and a comparison between observed actual default rates and forecasts. Report frequency may vary based on the importance and type of information, as well as the hierarchical or functional level of the recipient.

Article 14: The structure responsible for credit risk management within institutions is accountable for the design or selection, implementation, monitoring, and effectiveness of the rating system. This structure is also responsible for:

• conducting rating tests and controls;
• implementing procedures to ensure consistent application of rating definitions across different departments and geographic locations;
• reviewing and documenting any modifications to the rating procedure, including the reasons for such changes;
• periodically reviewing rating criteria at least once a year to determine whether they retain their risk forecasting capability. Changes to the rating process, criteria, or other individual rating parameters are documented and retained;
• actively participating in the design or selection of models used in the rating process, their implementation and validation, supervising them, and making necessary modifications;
• regularly preparing and analyzing reports on results produced by the rating system, as well as summaries of rating system operations.

Article 15: The internal audit structure must review the rating system and its operation at least once a year, ensuring compliance with the minimum requirements defined in this Circular. This review results in a report that must be submitted to the Central Bank of Tunisia no later than one month after its validation by the Board.

CHAPTER 4: MISCELLANEOUS PROVISIONS Article 16: Institutions must take necessary measures to comply with the minimum requirements set forth in this Circular, no later than December 31, 2017. They must submit a roadmap for the implementation of the counterparty rating system to the Central Bank of Tunisia no later than December 31, 2016.

THE GOVERNOR, Chedly AYARI