Guidance on the Internal Ratings-Based Approach for Credit Risk (G2-2025)

370 Helen Joseph Street Pretoria 0002 +27 12 313 3911 / 0861 12 7272 www.resbank.co.za 1 Ref.: 15/8/1/2 G2/2025 To: All banks, branches of foreign institutions, controlling companies, eligible institutions and auditors of banks or controlling companies Guidance Note issued in terms of section 6(5) of the Banks Act 94 of 1990 Guidance on the internal ratings-based approach for credit risk Executive summary This Guidance Note covers various matters related to the credit risk models used by banks or controlling companies that have adopted the internal ratings-based (IRB) approaches (hereinafter collectively referred to as ‘IRB banks’) to calculate minimum required capital and reserve funds for their credit risk exposures. In addition, this Guidance Note provides guidance on several matters related to the changes introduced to the IRB approaches as part of the Basel III post-crisis reforms. A key component of these reforms is the removal of the advanced IRB (AIRB) approach for certain regulatory asset classes, which in turn requires IRB banks to use the foundation IRB (FIRB) approach. In this regard, this Guidance Note articulates the Prudential Authority’s (PA) expectations and related guidance regarding the implementation of the various minimum requirements specified in the Regulations relating to Banks (Regulations) and outlines factors to be taken into account by IRB banks in their model development, validation and ongoing monitoring activities. This Guidance Note also addresses the practical implications of regulation 23(12) (FIRB approach) and regulation 23(14) (AIRB approach) of the Regulations, relating to the respective requirements of credit risk mitigation (CRM). The guidance covers, among others, the overlapping coverage between the FIRB and AIRB approaches regarding the recognition of the CRM effects within and across the FIRB and AIRB approaches. Although this issue mainly pertains to the IRB approaches, it also has some implications for portfolios reported under the standardised (STA) approach. This Guidance Note must be read in conjunction with Guidance Note 9 of 2022 1 (dated 29 July 2022). 1 G9-2022 - Matters related to the credit risk models of banks

2

1. Introduction 1.1. In 2021, the PA issued a discussion paper titled ‘Policy guidance on credit risk models-related matters’, inviting comments from IRB banks on various matters related to the IRB minimum requirements specified in the amended Regulations and their practical effect on the development, validation and ongoing monitoring activities of IRB banks. Following the responses to the discussion paper, the PA issued Guidance Note 9 of 2022, providing guidance on various matters related to the credit risk models of IRB banks to calculate minimum required capital and reserve funds for their credit risk exposures. 1.2. This Guidance Note provides further guidance based on the related Basel III post￾crisis reforms. In support of the implementation of the revised IRB approaches, the PA issued various instruments in consultation with the industry to give effect to the requirements under the revised IRB and STA approaches introduced by the Basel III post-crisis reforms. Among other matters, the PA issued discussion papers to consult banks on various aspects related to the IRB credit risk models, including CRM requirements, the classification of exposures to local government and public sector entities (PSEs), and the requirement specified in regulation 23(11)(b)(v)(E)(vi) of the amended Regulations. After further consultation, the PA deemed it necessary to issue a further Guidance Note to provide additional guidance on the aforementioned matters. 1.3. The topics covered in this Guidance Note flow directly from the consultative process undertaken by the PA and are informed by the comments provided by banks on the various drafts of the proposed amendments to the Regulations issued for comment. These topics are intended to outline the PA’s expectations and related guidance regarding the practical implementation of the IRB approach minimum requirements specified in the amended Regulations. 1.4. IRB banks need to duly consider the respective factors outlined in this Guidance Note when determining the classification and risk weights of their asset classes set out in the revised IRB approaches. 1.5. The guidance provided is not exhaustive. Therefore, the PA also expects IRB banks to consider additional factors that may be relevant to their credit models, in line with the respective requirements specified in regulations 23(11) and 23(13) of the amended Regulations.
2. Guidance related to specified matters 2.1. CRM requirements and capital treatment under the IRB approach 2.1.1. The fundamental distinctions between the FIRB approach under regulation 23(12)(d)(iii)(A)(ii) of the amended Regulations and the AIRB approach under regulation 23(14)(d)(iii)(A)(i) of the amended Regulations lie primarily in the flexibilities and requirements for estimating credit risk parameters, i.e. reliance on internal (being bank’s own estimates) versus regulatory prescribed estimates for risk parameters.

3 2.1.2. In terms of the FIRB approach, banks must adhere to a structured framework that begins with splitting credit exposure into covered and uncovered portions. In cases where the CRM is in the form of a guarantee, banks may utilise, for the covered portion of the exposure the guarantor's risk weight function and apply the risk rating grade and probability of default (PD) ratio appropriate to the guarantor. However, the FIRB approach imposes strict controls over loss given default (LGD) adjustments, prohibiting banks from using their own LGD estimates. As such, banks that have adopted the FIRB approach can only use internal models to calculate PD estimates. 2.1.3. In the context of LGD estimation under the FIRB approach, a notable limitation exists where banks must use regulatory prescribed ratios. This is particularly evident in the treatment of subordinated exposures, which typically carry a 75% prescribed LGD, but this can be reduced to anywhere in the range of 40% to 45%. However, if a guarantee represents a senior claim, banks are explicitly prohibited from using the guarantor’s actual LGD, as own LGD estimates are not permissible under the FIRB approach. This restriction aligns with the broader intentions of the Basel III post-crisis reforms of reducing undue variability in LGD estimates between IRB banks. 2.1.4. In contrast, the AIRB approach, in contrast, provides greater flexibility in risk parameter estimation and related adjustments. AIRB banks can utilise their own LGD estimates and have the option to choose between PD or LGD adjustments for CRM purposes. In the case where the CRM is in the form of a guarantee, AIRB banks may substitute the PD or LGD of the portion of the exposure covered by the guarantee with the PD or LGD as well as the risk weight function of the guarantor. This effectively allows AIRB banks, from a risk weighting perspective, to treat the covered portion of the exposure as if it were a direct exposure to the guarantor. However, a crucial limitation remains, which is consistent across both approaches, and that is the prohibition of simultaneous PD and LGD adjustments when recognising CRM benefits. Additionally, the LGDs estimated under the AIRB approach cannot be used for exposures under the FIRB approach. This means that the restrictions under the FIRB approach in terms of the applicable risk parameters cannot be replaced by own estimates calculated in terms of the AIRB approach. 2.1.5. Importantly, the CRM requirements under the FIRB approach and the AIRB approach specified in the amended Regulations must not be read to allow for the recognition of the CRM effect by substituting or adjusting both the PD and LGD of the obligor with that of the guarantor. 2.1.6. In cases where the protection is provided across/between credit risk approaches, the CRM recognition must uphold the demarcation between the respective credit risk approaches. This means that CRM provision cannot be the basis for changing the credit risk approach applied to an exposure. This means that an exposure reported under the STA approach cannot be risk-weighted using the IRB approach risk weight function to recognise CRM benefits. Similarly, an exposure on the FIRB approach cannot be treated as if it were an exposure reported under the AIRB approach, based on the recognition of CRM.

4 2.1.7. Therefore, when an exposure falls within the ambit of a particular credit risk approach, the CRM requirements of that approach take precedence. For instance, the CRM requirements and all the eligibility and operational requirements related to exposures under the STA approach are set out in regulation 23(9) of the amended Regulations. Therefore, any collateral provided by, for instance, a protection/guarantee provider on the IRB approach must first and foremost comply with the requirements of regulation 23(9) of the amended Regulations. The same applies to the approaches used by the STA, FIRB and AIRB approaches to calculate the relevant required risk-weighted assets (RWA) amount. 2.1.8. When an exposure that is partially guaranteed subsequently goes into default, the entire exposure needs to be classified and reported in default. This includes both the guaranteed and unguaranteed portions, even though the risk weights differ between the guaranteed and the unprotected portions. 2.1.9. Below are various scenarios that provide further guidance in terms of CRM treatment across the STA, FIRB and AIRB approaches: 2.1.9.1. If an exposure is reported under the STA approach and a direct exposure to the guarantor is treated under the IRB approach, then the bank will substitute the risk weight applied to the protected or covered portion of the exposure with the risk weight that will be applicable to the guarantor under the STA approach. The risk weight that will be applicable to the guarantor under the STA approach must be substituted for the protected portion of the exposure prescribed in regulation 23(8) of the amended Regulations. 2.1.9.2. If an exposure is reported under the FIRB approach and a direct exposure to the guarantor is treated under the FIRB approach, then the bank must substitute the PD and/or the risk weight function of the guarantor in terms of regulation 23(12)(c)(iii) of the amended Regulations to the protected or covered portion of the exposure. In respect of LGD substitution, the prescribed LGDs specified in regulation 23(12) of the amended Regulations will be applicable. The only variation in the applicable prescribed LGD is due to the seniority of the guarantee or the collateral types prescribed in regulation 23(13)(c)(iii) of the amended Regulations and subject to the condition that they meet the eligibility requirements. 2.1.9.3. If an exposure is reported under the AIRB approach and a direct exposure to the guarantor is treated under the FIRB approach, then, in terms of regulation 23(14)(c)(iii)(A) of the amended Regulations, a bank must recognise the CRM benefit of the guarantee by substituting either the PD or LGD of the protected or covered portion of the exposure with the bank’s own LGD or PD estimates of the guarantor. This is because the LGDs prescribed under the FIRB approach will generally be higher than those estimated under the AIRB approach. Therefore, ceteris paribus, the capital requirements in this scenario will be higher because of the higher prescribed LGD under the FIRB approach.

5 2.1.9.4. If the exposure is reported under the AIRB approach and a direct exposure to the guarantor is treated under the AIRB approach, then, in terms of regulation 23(14)(c)(iii)(A) of the amended Regulations, a bank must recognise the CRM benefit of the guarantee by substituting either the PD or LGD of the protected or covered portion of the exposure with that of the guarantor. In this regard, regulation 23(14)(c) of the amended Regulations must be read in the broader context of regulation 23(13) and regulation 23(14) of the Regulations. The Regulations allow banks using the AIRB approach the flexibility to adjust the risk parameters (PD or LGD estimates), subject to complying with the eligibility and various other operational requirements. The purpose is to fully reflect the CRM benefits provided by protection from entities that are treated under the STA, FIRB, and AIRB approaches, subject to eligibility and operational requirements. The requirement for consistency when adjusting the PD or LGD estimates in regulation 23(14)(c)(iii)(A)(i) of the amended Regulations are instructive in this regard. 2.1.9.5. The consistency requirement in paragraph 2.1.9.4 must also be read to mean that banks using the AIRB approach must have in place a consistent approach for adjusting PD or LGD estimates to incorporate the CRM benefits of guarantees and all types of protection across all their exposures. AIRB banks must ensure that this is done consistently. This requires AIRB banks to outline consistent policies, for instance, on how the CRM benefits of various types of protection are recognised via PD or LGD adjustments. 2.1.10. When a guarantee for an exposure reported under the IRB approach is provided by a guarantor that is not a client of the bank, the bank may not have the necessary PD and LGD estimates available for the guarantor in order to recognise the CRM benefits in the RWA calculations. In this regard, the PA expects IRB banks to be able to determine the risk parameters of the protection provider even in cases where the provider is not a client. That said, it is important to note that the CRM benefits, risks related to the protection and the extent to which the benefits should be factored into the RWA calculation are only done via PD or LGD adjustment. Therefore, where an IRB bank cannot determine the PD or LGD estimates of the guarantor, then the CRM benefits of the guarantee cannot be recognised in the RWA calculations. This, by implication means that the STA approach risk weights cannot be used as a default approach but must, instead, only be used in line with the requirements of the amended Regulations (e.g. when the exposure is under the STA approach, then the protection provider will either have been treated under the IRB or STA approach). 2.1.11. When a bank considers or accepts credit-related insurance policies as CRM instruments, it remains the responsibility of the bank to ensure that the insurance contract complies with the requirements of regulations 23(7)(c)(iv), 23(9)(c), 23(12)(d)(i), and/or 23(14)(c) of the amended Regulations for recognition as eligible CRM. At a minimum, the contract must establish an explicit, unconditional documented obligation between the insurer and the bank, clearly specifying the scope and terms of the guarantee. That is, the contract language must unambiguously establish the bank’s right to call on the guarantee in the event of default, with no conditional clauses that could impede this right.

6 2.1.11.1. On documentation requirements, banks need to ensure that the relevant insurance contracts are legally enforceable. In cases where there is any uncertainty regarding the legal enforceability of the insurance contracts, it may also be necessary for banks to obtain independent legal opinions as required by regulation 23(7)(c)(iv)(B) of the amended Regulations. 2.1.11.2. The PA reserves the right to request any contracts pertaining to collateral types held against a bank’s exposures for the purpose of verifying compliance with the minimum regulatory requirements relating to guarantees, as specified in regulations 23(7)(c), 23(9)(c), 23(12)(d), or 23(14)(c) of the amended Regulations. 2.1.12. With respect to regulatory reporting of guaranteed exposures in the respective BA returns, the following guidance applies: 2.1.12.1. The substitution of risk parameters and risk weight functions with those of the guarantor does not change the fundamental reporting obligations for the underlying exposure. Banks must maintain a clear distinction between CRM treatment and exposure classification requirements. That is, when a bank’s exposure is guaranteed and the risk weight function of the relevant guarantor is used, that does not mean that the asset class in the form BA 200 should change to that of the guarantor. Therefore, the asset classification of the exposure in the statutory returns must be based on direct exposure to the obligor and not the guarantor (protection provider). 2.2. Classification and modelling taxonomy of exposures to local government and PSEs under the IRB approach 2.2.1. In accordance with regulation 23(11)(c)(ii) of the amended Regulations, and for RWA calculation, the sovereign asset class is defined to include only the central government and central bank. As such, PSEs and local government entities are classified under the bank asset class; however, this classification does not imply that they should be reported as bank exposures for regulatory reporting purposes. 2.2.2. All exposures that fall within the IRB regulatory asset class of bank exposures (including exposures to local government and PSEs) have been migrated to the FIRB approach, in line with the Basel III post-crisis reforms. Therefore, banks that have adopted the IRB approach for their bank exposures must use the FIRB approach to calculate their credit risk capital requirements. Consequently, by virtue of being classified in the bank asset class, exposures to local government and PSE also migrate to the FIRB approach. 2.2.3. IRB banks must also maintain a clear demarcation between the sovereign exposures, and local government and PSE exposures when determining appropriate credit risk models to be used for calculating PDs for the PSE and local government exposures. In this regard, the following guidance is applicable: 2.2.3.1. Entities that are wholly state-owned and partially funded by the state, with borrowing and revenue-raising capabilities, may not be rated using IRB banks’ sovereign models.

7 2.2.3.2. While corporate models may serve as a baseline for rating PSEs due to their similarities with corporates, PSEs are also different given their public status, legislative framework and ownership by the state. Therefore, in instances where PSE portfolios are rated using a corporate model, banks must be able to demonstrate to the PA that they have made appropriate adjustments to the risk parameters to account for the differences in the credit risk profiles. The PA also reserves the right to review rating models and underlying data (at any point in time) to verify that appropriate credit risk weight adjustments are considered in the rating process of the PSE portfolios. 2.3. Rating assignment horizon and incorporation of business cycle effects 2.3.1. Credit risk models are required to incorporate both idiosyncratic and industry￾specific drivers for default prediction over a 12-month horizon, in accordance with regulation 23(11)(b)(v)(E)(vi) of the amended Regulations. This requirement does not mandate the inclusion of economic variables in PD models used under the IRB approach; however, it maintains consistency between Basel II and Basel III post-crisis reforms, requiring PDs to be through-the-cycle (TTC). The requirements also mandate that rating system design must include both idiosyncratic and industry-specific drivers that enable rating migrations, which may include business cycle effects. 2.3.2. The Basel III post-crisis reforms introduce some subtle changes. For instance, the credit risk framework stipulates that credit risk models should be designed in such a way that idiosyncratic or industry-specific changes are a driver. While there is reference to business cycle effects, it is important to note that the Basel III post-crisis reforms do not require business cycle effects to be considered, but that they may be a driver. This does not imply that PD models must include economic variables (as suggested by a comment received) and therefore does not disregard the requirement for PDs to be TTC. In practice, creating TTC models is not always an exact science, and most often PD models will exhibit hybrid characteristics. As referred to in the Basel III post-crisis reforms, these models may still contain some degree of ‘point in time’ trends, albeit in a relatively dampened manner. 2.3.3. Idiosyncratic versus industry-wide factors are not necessarily factors that can be perfectly separated. Therefore, balancing these factors is the essence of developing a good PD model. No two counterparties will be entirely similar; however, a reasonable degree of homogeneity among counterparties is what enables the development of PD models that are able to capture a common set of default drivers across a population of counterparties, notwithstanding the existence of differences amongst them. 2.3.4. Moreover, the fact that a PD model is TTC does not take away from the fact that rating migration will occur even during economic swings, which in large respects reflects the ability, or lack thereof, of counterparties to perform even during adverse economic conditions.

8 3. Acknowledgement of receipt 3.1. Kindly ensure that a copy of this Guidance Note is made available to your institution’s independent auditors. The attached acknowledgement of receipt, duly completed and signed by both the Chief Executive Officer of the institution and the said auditors, should be returned to the PA at the earliest convenience of the aforementioned signatories. Fundi Tshazibana Chief Executive Officer Date: The previous Guidance Note issued was Guidance Note G1/2025, dated 7 April 2025.