Credit Risk Management Regulation

Contents

Page	Subject
3	Introduction
3	Scope
4	Objective
4	Article (1) Definitions
10	Article (2) Credit Risk Governance
11	Article (3) Credit Risk Management Framework
12	Article (4) Credit Risk Oversight Functions and Roles
13	Article (5) Credit Underwriting
14	Article (6) Definition of Credit Default
15	Article (7) Significant Increase in Credit Risk
15	Article (8) Restructuring
16	Article (9) Classification and Provisioning
17	Article (10) Credit Risk Mitigation
17	Article (11) Portfolio Management and Internal Reporting
18	Article (12) Non-Performing Assets and Write-Off
18	Article (13) Credit Risk Models
19	Article (14) Counterparty Liability
19	Article (15) Enforcement and Sanctions
19	Article (16) Interpretation of Regulation
19	Article (17) Cancellation of Previous Circulars and Notices
20	Article (18) Publication and Effective Date

---

Circular No.: 2024/3 Date: 25/07/2024 To: All Licensed Financial Institutions Subject: Credit Risk Management Regulation

============================================================================================

Introduction

The Central Bank of the UAE (“CBUAE”) seeks to promote the continuous development of an effective and efficient financial system. This regulation and the accompanying standards are issued pursuant to the powers vested under the Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities and its amendments.

Each LFI is required to implement a comprehensive framework to manage the credit risk it acquires to ensure its financial resilience. In this context, this regulation establishes the minimum acceptable practices for credit risk management and provisioning for LFIs.

Where this regulation or the accompanying standards include requirements to provide specific information, to take specific measures or to address a specific list of items ‘at a minimum’, the CBUAE reserves the right to impose additional requirements to those articulated in this regulation and the accompanying standards.

This regulation supersedes and replaces the circulars and notices as set out in Article 17 of this regulation.

The accompanying ‘Credit Risk Standards’ supplement the regulation and are mandatory and enforceable in the same manner as the regulation.

Scope

This regulation applies to all LFIs in the UAE that provide Credit Facilities. In addition, LFIs incorporated in the UAE with foreign subsidiaries, affiliates, or international branches, must comply with this regulation on a consolidated basis. UAE branches or subsidiaries of foreign institutions must apply this regulation to their activities in the UAE and their reporting to the Central Bank.

Objective

The objective of this regulation is to establish minimum requirements for LFIs with regard to effective credit risk management.

Article (1): Definitions

1.1 Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.

1.2 Board: The board of directors of the Licensed Financial Institution.

1.3 CCO: The Chief Credit Officer of an LFI, this includes the Head of Credit, or any similar designation which denotes the highest level of authority for this role within the LFI.

1.4 Central Bank: The Central Bank of the United Arab Emirates.

1.5 Central Bank Law: Decretal Federal Law No. (14) of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities as amended.

1.6 CEO: The Chief Executive Officer of an LFI.

1.7 Counterparty Credit Risk: Transactions that give rise to counterparty credit risk include: OTC derivatives, exchange-traded derivatives, long settlement transactions and securities financing transactions that are bilaterally or centrally cleared. Counterparty credit risk may result from (but is not limited to) transactions with LFIs and corporate entities.

1.8 Country Risk: The risk of loss caused by geopolitical, economic or natural events in a foreign country. The concept is broader than sovereign risk because it covers exposures to all types of obligors in the country, including individuals, corporates, banks and government entities. Country risk can have direct and indirect impacts on credit risk, market risk, operational risk, reputational risk and several other risk types. Country risk also covers transfer risk, i.e. the risk that an obligor is not able to convert local currency into a foreign currency, thereby reducing its ability to repay its debt in foreign currency. Such risk arises from foreign exchange restrictions imposed by the government in the country of the obligor.

1.9 Credit Facility (“Facility”): Any legal agreement that gives rise to financial obligations or commitments that are legally binding or perceived to be legally binding on one of the parties in a transaction. In the context of this regulation, credit facilities should be understood in the broad sense as credit exposure via any financial instrument, including amongst others, on-balance sheet credit facilities, capital market instruments, receivables, off-balance sheet contracts including but not limited to guarantees/letters of credit, as well as Counterparty Credit Risk arising from over-the-counter derivatives contracts and securities financing transactions including Shari’ah compliant facilities.

1.10 Credit Risk: The potential loss arising from the likelihood that a borrower or counterparty fails to meet its obligations in accordance with agreed terms of a lending agreement.

1.11 Credit Risk Mitigation (“CRM”): Cash flows derived from liquidation of collateral and other sources that may be utilised to mitigate against financial loss as described in this regulation and the accompanying standards.

1.12 CRO: The Chief Risk Officer of an LFI this includes the Head of Risk, or any similar designation which denotes the highest level of authority for this role within the LFI.

1.13 Days-Past-Due (“DPD”): A payment is considered past due if it has not been made by its contractual due date. The days-past-due is the number of calendar days that a payment is due, i.e. the number of days for which a payment is late.

1.14 Default: As defined in Article 6 of this regulation and the accompanying standards.

1.15 Deferrals: A payment is considered deferred if it has not been made on or by its contractual due date with the formal agreement of the LFI to delay the single instalment.

1.16 Group of Connected Counterparties: as defined in the Central Bank’s Large Exposures Regulation.

1.17 Interest: For the purpose of this regulation and the accompanying standards, the treatment of ‘interest’ used for conventional finance applies to ‘profit’ used for Islamic finance unless an exception from the Central Bank and the Higher Shari’ah Authority is obtained for Shari’ah compliance purposes.

1.18 Islamic Financial Services: Shari'ah compliant financial services offered by Licensed Financial Institutions that conduct all or part of their activities and businesses in accordance with the Islamic Shari’ah (“Islamic Financial Institutions” or “IFIs”).

1.19 Lending: For the purpose of this regulation, the treatment of ‘lending’ used for conventional finance also apply to ‘financing’ used for Islamic finance.

1.20 Licensed Financial Institutions (“LFI”): as defined under the Central Bank Law.

1.21 Obligor: Individual or entity or group of entities that have a Credit Facility with the LFI.

1.22 Parent and Subsidiary: An entity (the 'first entity') is a parent of another entity (the 'second entity') if any of the below requirements are met: 1.22.1 The first entity holds more than 50% shareholding in the second entity; 1.22.2 The first entity holds more than 50% of the voting rights in the second entity; 1.22.3 The first entity is a shareholder of the second entity and has the right to appoint or remove a majority of the Board of directors or managers of the second entity; 1.22.4 The first entity is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity; or 1.22.5 The second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.

1.23 Past Due: A financial asset is past due when an Obligor has failed to make a payment when that payment was contractually due, that is if any part of the contractual Interest and/or principal payment (or the debt due in case of IFIs’ debt-based structures) is not met on time. The number of days past due is non-cumulative, where the most recent payment cures the earliest contractual breach.

1.24 Purchased or Originated Credit Impaired (“POCI”): Credit Facility that is already impaired at the time when it is purchased or originated.

1.25 Related Parties: The Group and its controlling shareholders, members of the Board and Senior Management (and their Relatives) and persons with control, joint control or significant influence over the LFI (and their Relatives).

1.26 Relatives: The individual's parents, siblings and children.

1.27 Repayment: For the purpose of this regulation, the requirements applied to “repayment” in the context of conventional finance also apply to “payment” in Islamic finance context. The timing of such repayment is called the repayment structure. In many cases Interest and/or a charge to the principal balance is added in exchange for lending/financing services and/or to cover the time value of money/compensation for the exchange.

1.28 Restructured Credit Facility: As defined in Article 8 of this regulation.

1.29 Retail Obligor: For the purpose of this regulation, retail obligors refer to individuals to whom Credit Facilities are granted to satisfy that individual’s personal needs. It also includes SME, small business Credit Facilities for which Credit Risk is managed by the LFI using similar methods as applied for personal Credit Facilities. If this is not the case, then SME will be classified as wholesale.

1.30 Risk Appetite: The aggregate level and types of risk an LFI is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.

1.31 Risk Governance Framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the LFI's strategy and risk approach; articulate and monitor adherence to the Risk Appetite and Risk Limits relative to the LFI's strategy; and identify, measure, manage and control risks.

1.32 Risk Limits: Specific quantitative measures that must not be exceeded based on, for example, forward-looking assumptions that allocate the LFI's aggregate Risk Appetite to business lines, legal entities or management units within the LFI or group in the form of specific risk categories, concentrations or other measures as appropriate.

1.33 Risk Management Function: Collectively, the systems, structures, policies, procedures and people that measure, monitor and report risk on an LFI-wide and, if applicable, group-wide basis.

1.34 Risk Profile: Point in time assessment of the LFI's risk exposures aggregated within and across each relevant risk segment based on current or forward-looking assumptions.

1.35 Senior Management: The executive management of the LFI responsible and accountable to the Board for the sound and prudent day-to-day management of the LFI, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, chief credit officer and heads of the compliance and internal audit functions.

1.36 Significant Increase in Credit Risk (“SICR”): Material deterioration in credit-worthiness of a Credit Facility since its initial recognition as articulated in Article 7 of this regulation.

1.37 Small and Medium Enterprises: Includes micro, small and medium business institutions, provided they meet the minimum number of...