- This Prudential Standard is made under section 11AF of the Banking Act 1959 (Banking Act).
2. This Prudential Standard applies to all authorised deposit-taking institutions (ADIs) other than purchased payment facility providers (PPF providers), subject to paragraph 3.
3. Foreign ADIs must comply with the provisions in this Prudential Standard with the exception of paragraphs 24, 75 and 94 as relates to the quantitative aspects of capital adequacy.
4. The obligations imposed by this Prudential Standard on, or in relation to, foreign ADIs only apply in relation to their Australian business.
5. A reference to an ADI in this Prudential Standard, unless otherwise indicated, is a reference to:
(a) an ADI on a Level 1 basis; and
(b) a group of which an ADI is a member on a Level 2 basis.
6. If an ADI to which this Prudential Standard applies is:
(a) the holding company for a group, the ADI must ensure that the requirements in this Prudential Standard are met on a Level 2 basis, where applicable; or
(b) a subsidiary of an authorised non-operating holding company (authorised NOHC), the authorised NOHC must ensure that the requirements in this Prudential Standard are met on a Level 2 basis, where applicable.
7. This Prudential Standard commences on 1 January 2023.
8. This Prudential Standard applies to all activities of the ADI that give rise to credit risk, except exposures that have been securitised, transferred or originated into securitisation vehicles that meet APRA’s operational requirements for regulatory capital relief in Prudential Standard APS 120 Securitisation (APS 120).
9. Terms that are defined in Prudential Standard APS 001 Definitions (APS 001) appear in bold the first time they are used in this Prudential Standard.
10. Where this Prudential Standard provides for APRA to exercise a power or discretion, this power or discretion is to be exercised in writing.
11. In this Prudential Standard, unless the contrary intention appears, a reference to an Act, Regulations, Prudential Standard, or Reporting Standard is a reference to the Act, Regulations, Prudential Standards, or Reporting Standard as in force from time to time.
12. In this Prudential Standard, a reference to a borrower is also a reference to a counterparty.
13. The following definitions are used in this Prudential Standard in reference to an exposure:
(a) non-performing – an exposure that is in default. A default is considered to have occurred with regard to a particular borrower when either, or both, of the events in sub-paragraphs (i) or (ii) have taken place:
(i) the ADI considers that the borrower is unlikely to pay its credit obligations to the ADI in full, without recourse by the ADI to actions such as realising available security;
Elements to be taken as indications of unlikeliness to pay include:
(A) the ADI puts the credit obligation on non-accrued status (e.g. the lending ADI no longer recognises accrued interest as income or, if recognised, makes an equivalent amount of provisions);
(B) the ADI makes a charge-off or account-specific provision resulting from a significant perceived decline in credit quality subsequent to the ADI taking on the exposure;
(C) the ADI consents to a distressed restructuring of the credit obligation where this is likely to result in a diminished financial obligation caused by the material forgiveness, or postponement, of principal, interest or fees;
(D) the ADI has applied for the borrower’s bankruptcy or a similar order in respect of the borrower’s credit obligation to the ADI;
(E) the borrower has sought or has been placed in bankruptcy or afforded similar protection where this would avoid or delay repayment of any of the credit obligations to the ADI;
(F) the ADI sells the credit obligation at a material credit-related economic loss; and
(G) the exposure is a reverse mortgage with a loan-to-valuation ratio (LVR) greater than 100 per cent.
(ii) the borrower is 90 days or more past-due on a credit obligation to the ADI or, in the case of subsidiaries in jurisdictions where a different number of days past-due is set for exposures to individuals (i.e. natural persons) or public sector entities by the national regulator, the borrower is past-due by the number of days (or more) specified by that national regulator.
An exposure subject to a regular repayment schedule is considered 90 days past-due when:
(A) at least 90 calendar days have elapsed since the due date of a contractual payment which has not been met in full; and
(B) the total amount unpaid outside contractual arrangements is equivalent to at least 90 days’ worth of contractual payments.
For exposures to individuals, the definition of default may be applied at the level of a particular credit obligation, rather than at the level of the borrower. As such, default by a borrower on one obligation, does not require an ADI to treat all other obligations to the ADI as being in default.
(b) past-due – an exposure for which any amount due under a contract (interest, principal, fee or other amount) has not been paid in full at the date when it was due. An exposure is considered past-due from the first day of missed payment.
An exposure will remain outside of contractual arrangements notwithstanding any waiver of payments unless such an exposure has been restructured.
(c) restructured – an exposure for which:
(i) a borrower is experiencing financial difficulty or hardship in meeting its financial commitments; and
(ii) the ADI grants a concession to the borrower that it would not otherwise consider, whether or not the concession is at the discretion of the ADI or the borrower.
Examples of concessions include, but are not limited to:
(A) extending a loan term;
(B) rescheduling the dates of principal or interest payments;
(C) granting new or additional periods of non-payment (grace period);
(D) reducing the interest rate, resulting in an effective interest rate below the current interest rate that borrowers with similar risk characteristics could obtain from the ADI or other institutions in the market;
(E) capitalising arrears;
(F) forgiving, deferring or postponing principal, interest or relevant fees;
(G) changing an amortising loan to an interest payment only;
(H) allowing the conversion of debt to equity of the borrower;
(I) deferring recovery/collection actions for extended periods of time;
(J) easing of covenants; and
(K) refinancing an existing exposure with a new contract, even if the terms of the new contract are no more favourable for the borrower than those of the existing transaction.
14. APRA may adjust or exclude a specific requirement in this Prudential Standard in relation to one or more specified ADIs or authorised NOHCs.
15. An ADI must contact APRA if it seeks to place reliance, for the purposes of complying with this Prudential Standard, on a previous exemption or other exercise of discretion by APRA under a previous version of this Prudential Standard.
16. An ADI must implement a credit risk management framework that is appropriate to its size, business mix and complexity. The credit risk management framework must, at a minimum, include:
(a) a credit risk appetite statement;
(b) a credit risk management strategy;
(c) policies and processes supporting clearly defined and documented roles, responsibilities and formal reporting structures for the management of credit risk;
(d) a designated credit risk management function;
(e) a management information system that is adequate, both under normal circumstances and in periods of stress, for measuring, assessing and reporting on credit risk; and
(f) an independent review process to ensure that the credit risk management framework is effective in identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating credit risk.
17. An ADI need not have a stand-alone credit risk appetite statement or credit risk management strategy document where they form part of the ADI’s overall risk appetite statement or risk management strategy document required under Prudential Standard CPS 220 Risk Management (CPS 220).
18. An ADI may outsource aspects of its credit risk management, including credit origination, credit assessment and approval, however, it must have regard to Prudential Standard CPS 231 Outsourcing (CPS 231) for outsourced functions.
19. For large exposures and associations with related entities, an ADI must also have regard to Prudential Standard APS 221 Large Exposures (APS 221) and Prudential Standard APS 222 Associations with Related Entities (APS 222), respectively.
20. An ADI must maintain an appropriate and well-documented credit risk appetite statement. The statement must, at a minimum, articulate the degree of credit risk that the ADI is prepared to accept (credit risk appetite), the maximum level of credit risk that the ADI is willing to operate within (credit risk tolerance), the process for ensuring credit risk tolerances are set at an appropriate level, the process for monitoring compliance with credit risk tolerances and for taking appropriate action in the event it is breached, and the timing and process for review of the credit risk appetite and tolerances.
21. An ADI must maintain an appropriate and well-documented credit risk management strategy that outlines the objectives guiding the ADI’s credit origination, credit assessment and approval activities and adopts the necessary policies and processes for conducting such activities.
22. An ADI’s credit risk management strategy must reflect the ADI’s credit risk appetite, credit risk profile and market and macroeconomic conditions.
23. An ADI’s credit risk management strategy must describe the ADI’s willingness to accept credit risk based on exposure type, economic or industry sector, geographical location, currency and maturity. This must also include the overall characteristics that the ADI would want to achieve in its credit portfolio.
24. An ADI’s credit risk management strategy must consider the sustainability of earnings from its credit risk activities including an acceptable risk/reward trade-off that would factor in cost of capital estimates.
25. The Board of an ADI must review and approve, on at least an annual basis, the ADI’s credit risk appetite and credit risk management strategy.
26. The Board must regularly challenge, seek assurance and evidence from senior management that the credit risk policies, processes and practices are consistent with the credit risk management strategy (and, in turn, the credit risk appetite) of the ADI. The Board must obtain sufficient information to confirm whether or not the credit risk profile of the ADI is consistent with the credit risk management strategy, and require senior management to take appropriate and timely action if it is not.
27. The Board must ensure that senior management of the ADI has the capability and resources to appropriately manage the credit risk activities conducted by the ADI and that such activities operate within the credit risk management strategy, credit risk policies and credit risk appetite.
28. Senior management of an ADI must have responsibility for implementing the Board approved credit risk management strategy and for developing and implementing appropriate policies and processes for identifying, measuring, monitoring, reporting and controlling or mitigating credit risk. Such policies and processes must address credit risk in all of the ADI’s activities and at both the individual exposure and portfolio levels.
29. Senior management’s responsibility for implementing the credit risk management strategy and for developing and implementing the credit risk policies of the ADI includes ensuring:
(a) credit origination, credit assessment and approval activities conform to the established strategy and policies;
(b) written processes are developed consistent with the credit risk management strategy and credit risk policies;
(c) credit origination, credit assessment and approval and review responsibilities are clearly and properly assigned;
(d) the strategy, policies and processes are effectively communicated throughout the ADI and that all relevant personnel clearly understand the ADI’s approach to originating, assessing, approving and managing credit risk and are held accountable for complying with the established policies and processes; and
(e) there is a regular independent internal review of the ADI’s credit origination, credit assessment and approval and management functions. Such reviews must be conducted independently from the business function. This may involve an ADI’s independent risk management and compliance function or an independent internal audit function or qualified external party.
30. An ADI must adopt and implement prudent and well-documented policies and processes to identify, measure, monitor, report and control or mitigate credit risk. The full credit life-cycle must be considered, including credit origination, initial and subsequent credit assessment and approval processes and the ongoing monitoring and management of the ADI’s credit exposures and portfolio.
31. Credit risk policies must address such topics as target markets, portfolio mix, price and non-price terms, the structure of limits, approval authorities and overrides, waivers or exceptions processing and reporting. Such policies must be well-documented, clearly defined, consistent with prudent practices and applicable laws and regulations, and adequate for the size, nature and complexity of the ADI’s activities.
32. Credit risk policies must be designed and implemented within the context of internal and external factors such as the ADI’s market position, personnel capabilities and technology. Appropriate operational capacity and business systems must be in place to support the credit risk management strategy before the strategy is implemented.
33. An ADI must have prudent and well-documented policies and processes for the early identification and management of problem exposures, including non-performing and restructured exposures and other transactions, and the maintenance of adequate provisions.
34. An ADI must have appropriate credit risk practices, including an effective system of internal control, to consistently determine adequate provisions in accordance with the ADI’s stated policies and processes and Australian Accounting Standards.
35. In addition to the requirements in CPS 220, APS 221 and APS 222, an ADI must develop and implement appropriate policies and processes to ensure that the credit portfolio is adequately diversified given the ADI’s target markets and credit risk management strategy. In particular, such policies must establish targets for portfolio mix as well as set prudent limits on exposures to:
(a) higher risk borrowers;
(b) higher risk credit products and activities; and
(c) particular industry sectors and geographical locations, where appropriate.
36. An ADI that originates credit exposures in geographical locations other than Australia must have prudent policies and processes for identifying, evaluating, measuring, monitoring, reporting and controlling or mitigating country risk and transfer risk. Country or sovereign risk encompasses the entire spectrum of risks arising from the economic, political and social environments of a foreign country that may have potential consequences for foreigners’ debt and equity investments in that country. Transfer risk focuses more specifically on a borrower’s capacity to obtain the foreign exchange necessary to service its cross-border debt and other contractual obligations. The monitoring of country risk factors must incorporate:
(a) the potential default of foreign borrowers arising from country-specific economic factors; and
(b) the enforceability of agreements, including the timing and ability to realise collateral under the relevant legal framework.
37. An ADI must recognise and address the risks arising from different credit origination channels in its credit risk management framework. An ADI must exercise a higher level of diligence where credit assessment and approval decisions are made distant from the geographical location of a borrower or underlying collateral.
38. Where there are material changes to origination channels, including their relative significance, an ADI must assess the impact of these changes on the ADI’s credit risk profile, and appropriately address the risks of such changes.
39. In circumstances where third parties, such as brokers or introducers, are involved in credit origination, but have no ability to approve credit risk, an ADI must have a sound oversight process of the third party. In particular, an ADI must have prudent policies and processes to ensure that reasonable inquiries have been made and reasonable steps have been taken to verify the accuracy and completeness of all relevant borrower information provided by the third party and the outcomes of these processes must be documented.
40. An ADI must establish sound credit assessment and approval criteria. These criteria must set out the borrowers that are eligible for credit, the extent and nature of credit the ADI is willing to provide and the terms and conditions the exposures would be subject to.
41. An ADI must undertake a comprehensive assessment of a borrower’s credit risk which would consider and be proportionate to the nature, type and size of the exposure. An ADI must use experienced credit judgement in adopting a scalable and flexible approach to its credit risk assessment of a borrower.
42. An ADI must assess credit risk primarily on the strength of a borrower’s repayment capacity. The ADI must not place undue reliance on collateral provided by the borrower as a substitute for a comprehensive credit assessment.
43. An ADI must not place undue reliance on external credit ratings. An ADI must obtain adequate information to undertake a comprehensive credit assessment of a borrower.
44. An ADI must give due consideration to the integrity and reputation of the borrower as well as its legal capacity to assume liability.
45. For exposures to individuals, an ADI’s credit assessment must include consideration of the following criteria, where relevant:
(a) the purpose and structure of the exposure and sources of repayment, including making reasonable inquiries and taking reasonable steps to verify income or cash flows;
(b) the current risk profile of the borrower, including making reasonable inquiries and taking reasonable steps to verify commitments and total indebtedness;
(c) the borrower’s repayment history and capacity, assessed under various scenarios such as:
(i) an increase in interest rates;
(ii) a change from a fixed-rate to a floating interest rate (and vice versa);
(iii) a decrease in income or cash flows, particularly for less stable income or cash flow sources; and
(iv) for exposures with an interest-only period that subsequently converts to principal and interest payments, on a principal and interest basis of repayment;
(d) the borrower’s expenses, including the collection of reasonable estimates. Expense benchmarks must not be used as a substitute for an ADI making reasonable enquiries of a borrower’s expenses;
(e) the proposed terms and conditions of the exposure, including covenants designed to limit the ADI’s exposure to changes in the future risk profile of the borrower to an acceptable level to the ADI; and
(f) where applicable, the adequacy and enforceability of collateral, guarantees and other risk mitigants, including under various scenarios.
46. For exposures other than to individuals, in addition to paragraphs 45(a), 45(b), 45(c), 45(e) and 45(f), an ADI’s credit assessment must also include consideration of the following criteria, where relevant:
(a) the borrower’s business expertise, economic or industry sector and its position within that sector;
(b) the borrower’s historical financial and future cash flows;
(c) the borrower’s equity capital invested in the business; and
(d) the availability and enforceability of risk mitigants other than collateral, such as hedging and insurance.
47. An ADI must have prudent credit risk policies covering the acceptability of various forms of collateral, appropriate processes for the valuation of such collateral (including the valuation of collateral prior to entering into an exposure and the ongoing valuation of collateral, where appropriate), and an appropriate process to ensure that collateral is, and continues to be, enforceable and realisable (refer to Attachment A to this Prudential Standard).
48. An ADI must ensure all valuations are appraised independently from the ADI’s credit origination, credit assessment and approval process.
49. The valuation of collateral must reflect fair values, taking into account prevailing market conditions such as time taken for the liquidation or realisation of collateral.
50. An ADI must also ensure that the valuation of collateral such as land takes into account, to the extent possible, the likelihood of external events, including but not limited to fire, drought and flood, which may impact the valuation of the asset taken as collateral.
51. An ADI must have appropriate mechanisms in place for regularly assessing the value of collateral, guarantees and other risk mitigants.
52. An ADI must establish appropriate limits on LVR to minimise the risk that a property serving as collateral will be insufficient to cover any repayment shortfall. An ADI must ensure there is appropriate scrutiny of any instances of lending with high LVR.
53. An ADI must appropriately evaluate the level of coverage being provided in relation to the credit quality of the guarantor and legal enforceability of the guarantee. For exposures to individuals in particular, an ADI must ensure a guarantor has a clear understanding of the risks involved.
54. An ADI must have a clearly established process in place for:
(a) approving new exposures (including prudent credit standards);
(b) renewing and refinancing existing exposures; and
(c) identifying the appropriate approval authority for the size and complexity of the exposures.
55. An ADI must document the credit assessment and approval process and identify the approval authority for each exposure, so that it is clear which personnel are accountable for the individual credit decision.
56. An ADI must ensure personnel involved in the credit assessment and approval process have appropriate experience and knowledge to exercise prudent credit judgement commensurate with the nature, size and complexity of the transaction to which they are involved.
57. An ADI must have prudent credit risk policies and processes with respect to overrides, waivers or exceptions, including clear identification of approval authorities and limits that reflect the maximum level of allowable overrides, waivers or exceptions.
58. Exposures originated as overrides, waivers or exceptions to, or otherwise not in compliance with, credit risk policies must be regularly reported to an ADI’s relevant internal governance bodies and review functions.
59. Where an ADI uses a third party, such as a broker, to undertake any aspects of the credit assessment or approval, an ADI must implement appropriate oversight processes of the third party. An ADI must monitor and test the integrity of the third-party assessment and approval on a regular basis, either directly or through operationally independent personnel to ensure it aligns with the ADI’s credit assessment and approval criteria.
60. Where an ADI has direct exposure to credit risk through a third party, such as an on-line lending platform and the platform operator or other third party undertakes the credit assessment and approval of the underlying borrowers under its own credit risk policies and processes, the ADI must perform adequate due diligence on these exposures, including obtaining:
(a) a comprehensive understanding of the risk characteristics of the prospective and actual exposures;
(b) timely access to and review of performance information on the exposures; and
(c) a comprehensive understanding of all structural features of the transaction.
61. An ADI must have an appropriate system for the ongoing administration of its credit portfolio.
62. An ADI’s credit administration system must have regard to:
(a) the efficiency and effectiveness of credit administration operations, including monitoring documentation, contractual requirements, covenants and collateral;
(b) the accuracy and timeliness of information provided to management information systems;
(c) adequate segregation of duties;
(d) the adequacy of controls over all credit administration processes; and
(e) compliance with credit risk policies and processes as well as applicable laws and regulations.
63. An ADI must ensure its credit administration system captures all the information necessary to ascertain the current financial condition of the borrower as well as sufficient information to track all credit decisions made and the history of each exposure. An ADI’s credit risk review function must determine that credit administration is complete and that all approvals and other necessary documents have been obtained.
64. An ADI must have an appropriate system for monitoring the condition of individual exposures, including determining the adequacy of provisions.
65. An ADI must have in place an appropriate system for monitoring the overall composition and quality of the credit portfolio.
66. An ADI must have an appropriate information system and analytical techniques that enable management to measure the credit risk inherent in all on- and off-balance sheet activities. The management information system must provide adequate information on the composition of the ADI’s credit portfolio, including identification of any concentrations of risk.
67. Where appropriate for the scope, scale and complexity of its operations, an ADI must have in place an internal credit risk grading system.
68. An ADI must have in place prudent policies and processes governing the development, validation, operation and oversight of its credit risk grading system.
69. Coverage of the credit risk grading system must extend to as much of the ADI’s credit portfolio as possible, including off-balance sheet exposures. The credit risk grading system must meaningfully assess and differentiate risk and be able to rank risk consistently and through time. A sufficient number of risk grades must be included to ensure that the system adequately captures gradation of risk and the definitions and criteria for each risk grade must be plausible and intuitive.
70. An ADI must take into consideration potential future changes in economic conditions when assessing individual exposures and its credit portfolio, and must assess its credit risk exposures under stressed conditions.
71. An ADI must undertake regular portfolio level and risk specific stress testing of its credit exposures.
72. The complexity and granularity of an ADI’s stress testing must take into account the nature and scale of the ADI’s credit portfolio. An ADI must conduct stress testing at a sufficiently granular level to enable adequate sensitivity to the risk characteristics of different exposure types. Scenarios used for stress testing must include severe but plausible adverse conditions.
73. An ADI must consider the results of stress testing in its overall limit setting and monitoring process.
74. Stress testing analyses must include contingency plans regarding actions the Board and senior management may take given certain scenarios.
75. An ADI’s stress testing arrangements must include well-documented and sound policies and processes governing the stress testing program, including the timely communication of information on scenarios, key assumptions, results and capital impacts to the ADI’s Board and senior management.
76. Stress testing models must be appropriately validated and checked independently or by an appropriately qualified external party.
77. An ADI must establish a system of independent, regular reviews of the ADI’s credit risk management processes and practices (refer to paragraph 29(e) of this Prudential Standard) and the results of such reviews must be communicated directly to the Board and senior management.
78. An ADI must ensure that the credit origination, credit assessment and approval function is properly managed and that credit exposures are within levels consistent with an ADI’s limits. An ADI must establish and enforce internal controls and other practices to ensure that overrides, waivers or exceptions to policies, processes and limits are reported in a timely manner to the appropriate level of management for action.
79. An ADI must have an appropriate system in place for early remedial action on problem exposures, managing problem exposures and similar workout situations. An ADI’s collections systems must bring together a borrower’s arrears profile and be able to be scaled to manage high volumes in a time of stress.
80. An ADI must have an effective workout program for problem exposures, with the segregation of the workout function from the area that originated the exposure. An ADI must have an effective strategy and appropriate organisational resources and personnel in place to manage these exposures.
81. An ADI must have prudent policies and processes that assist the ADI to recover as much of an exposure as is reasonably achievable within the requirements established by law and also having regard to community expectation as to how borrowers are to be treated. An ADI must consider the risk to its reputation in such circumstances.
82. An ADI must have prudent policies and processes for classifying its credit risk exposures for prudential reporting purposes and for establishing appropriate and robust provisioning levels. An ADI’s system for classification and provisioning must take into account on- and off-balance sheet exposures.
83. An ADI must classify its credit risk exposures as performing or non-performing. An ADI must have adequate documentation to support its classification of exposures and its provisioning levels. An ADI must also classify its exposures when payments are past-due for a minimum number of days (i.e. 30, 60 and 90 days).
84. An ADI must regularly review its exposures at an individual level or at a portfolio level to ensure appropriate classification of exposures, provisioning levels and write-offs.
85. An ADI must have sound policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions.
86. An ADI’s Board must obtain timely and appropriate information on the condition of the ADI’s credit portfolio, including the classification of exposures as performing and non-performing and the level of provisions. The information must include, at a minimum, results of the latest credit risk review process, comparative trends in the overall quality of exposures and measurements of existing or anticipated deterioration in asset quality and expected credit losses.
87. An ADI must ensure that valuation, classification and provisioning for material non-performing exposures are conducted on an individual exposure basis.
88. An ADI must regularly assess any trends and concentrations in risk and risk build-up in relation to credit exposures and take into account any observed concentration in the risk mitigation strategies adopted and the potential effect on the efficacy of the mitigant in reducing loss. An ADI must consider the adequacy of provisions in light of this assessment.
89. For the purposes of this Prudential Standard, non-performing exposures must be measured as the whole amount of the exposure including where non-performance relates to only a part of the exposure, for example, unpaid interest. For off-balance sheet exposures, the whole exposure is the entire notional amount.
90. Collateral and other risk mitigation arrangements must not directly influence the categorisation of an exposure as non-performing.
91. Collateral may be considered, along with other factors, in assessing whether a borrower is likely to pay. Collateralisation must not influence the past-due status, including the counting of past-due days and the determination of the exposure as non-performing. An exposure must be classified as non-performing where it meets the definition of non-performing even if the collateral value exceeds the amount of the past-due exposure.
92. An ADI must classify off-balance sheet exposures as non-performing where the ADI has cause to believe that it is unlikely to recoup, in a timely manner, the full amounts it may be required to advance.
93. Commitments must also be classified as non-performing if the creditworthiness of a borrower has deteriorated to an extent that the timely repayment in full by the borrower of any potential drawdown or associated interest payments or fees is unlikely.
94. If an ADI considers it unlikely that it will receive timely repayment, in full, of cash flow entitlements which are or will be due from a counterparty to a derivative transaction, it must classify such an exposure as non-performing. In this regard, an ADI must calculate its derivative transaction exposures to counterparties for the purposes of measuring non-performance under the standardised approach or the adjusted current exposure method prescribed in Prudential Standard APS 180 Capital Adequacy: Counterparty Credit Risk (APS 180). Potential exposure add-ons applied in calculating such exposures must reflect the nature of the individual facility involved. Derivative transaction exposures must be revalued regularly so as to maintain reasonably current assessments of the extent of credit risk attaching to these transactions.
95. An ADI may reclassify an exposure from non-performing to performing when all of the following criteria are met:
(a) the borrower does not have any exposure 90 days or more past-due;
(b) repayments have been made when due over a continuous repayment period of at least 90 days, except for restructured exposures for which repayments, as per the revised contractual terms, must have been made in a timely manner over a continuous repayment period of not less than six months (the probation period);
(c) the borrower’s situation has improved so that the full repayment of the exposure is likely, according to the original or, when applicable, modified conditions; and
(d) the exposure does not meet the definition of non-performing in paragraph 13(a).
96. An ADI must not reclassify a non-performing exposure as performing in the following circumstances:
(a) partial write-off of an existing non-performing exposure (i.e. when an ADI writes-off part of a non-performing exposure that it deems to be uncollectible);
(b) repossession of collateral on a non-performing exposure, until the collateral is actually disposed of and the ADI realises the proceeds; or
(c) extension or granting of restructure measures to an exposure that is already identified as non-performing subject to the relevant exit criteria for non-performing exposures (refer to paragraphs 95(a) to 95(d)).
97. The reclassification of a non-performing exposure as performing must be made on the same level (such as a borrower or transaction approach) as when the exposure was originally categorised as non-performing.
98. Any restructuring of an exposure must be supported by a current, well-documented credit evaluation of the borrower’s financial condition and prospects for repayment under the modified terms. Renegotiation of an exposure must not be used to obscure the poor quality of a loan’s or other financial instrument’s performance, or avoid an increase in provisions. Before any concession is made to a borrower, the appropriate level of the ADI’s management must approve the restructure.
99. Restructure may be granted on performing or non-performing exposures. When restructure is applied to a non-performing exposure, the exposure must continue to be classified as non-performing. When restructure is applied to a performing exposure, the ADI must assess whether the exposure meets the definition of non-performing, even if the restructure resulted in a new exposure. If the assessment is that the original exposure would have been treated as non-performing at the time of restructure, had the restructure not been granted, the new exposure must be treated as non-performing.
100. An ADI must monitor the appropriate categorisation of exposures on which restructure has been granted more than once. When a restructured exposure under the probation period is granted new forbearance, this must trigger a restart of the probation period.
101. The continuous repayment period for non-performing exposures and the probation period for restructured exposures may run concurrently. Non-performing exposures that are restructured must continue to be classified as non-performing until they meet the criteria in paragraph 95. When a restructured exposure becomes non-performing during the probation period, the probation period must start again.
102. An exposure that is not subject to the National Credit Code need not be reported as restructured where it is placed on restructured terms for less than twelve months due to financial difficulty being experienced by the borrower but where long-term viability is unquestioned (e.g. an agricultural exposure encountering a bad season). The ADI must, however, be reasonably confident that the borrower is able to fully perform with no loss of principal and the originally contracted amount of interest or other payments due, and the ADI must not maintain any provisions assessed against the exposure on an individual basis.
103. An ADI must classify a restructured exposure as such until it meets both of the following exit criteria:
(a) when all payments, as per the revised contractual terms, have been made in a timely manner over a continuous repayment period of not less than six months (probation period). The starting date of the probation period must be the scheduled start of payments under the revised terms; and
(b) the borrower has resolved its financial difficulty.
104. An ADI must adopt, document and adhere to sound methodologies that address policies, processes and controls for assessing and measuring credit losses on all exposures. The measurement of provisions must build on robust methodologies and result in the appropriate and timely recognition of expected credit losses in accordance with Australian Accounting Standards.
105. An ADI’s aggregate amount of provisions must be adequate and consistent with the objectives of Australian Accounting Standards.
106. An ADI must have sound policies and processes in place to appropriately validate models used to assess and measure expected credit losses.
107. An ADI must use experienced credit judgement, particularly in the robust consideration of reasonable and supportable forward-looking information, including macroeconomic factors, in its assessment and measurement of expected credit losses.
108. An ADI must have an appropriate credit risk assessment and measurement process that provides it with a sound basis for common systems, tools and data to assess credit risk and to account for expected credit losses.
109. Where APRA considers that a simple overall approach to determining provisions is acceptable for regulatory purposes, or APRA judges an ADI’s own practices for identifying provisions to be inadequate in view of its credit risk profile, APRA may permit, or require, an ADI to implement the prescribed provisioning approach described in Attachment B to this Prudential Standard.
110. Prescribed provisions are minimum provisions that an ADI must hold. Where an ADI establishes provisions under Australian Accounting Standards in excess of those prescribed, the ADI must continue for regulatory capital and APRA reporting purposes, to include any excess provisions as part of its specific provisions or provisions held against performing exposures that represent unidentified losses, as appropriate.
111. Where APRA considers that an ADI is taking excessive credit risk relative to its financial or operational capacity to manage or absorb that risk, APRA may set limits on particular exposures or categories of exposures that may be held by that ADI, including but not limited to limits on growth or limits on the share of the ADI's portfolio, or may require the ADI to cease a particular type of lending or credit activity.
112. If APRA considers that there is an excessive level or growth in higher risk lending or credit activity more broadly, APRA may set limits on particular types of lending, including but not limited to those set out in Attachment C to this prudential standard, to be complied with by all ADIs or a specified class of ADIs.
113. Where APRA considers an ADI’s policies, processes and practices across its credit risk activities do not meet the requirements of this Prudential Standard or otherwise considers its credit risk management deficient, APRA may require the ADI to amend credit risk management policies, processes, and practices, or adopt appropriate credit risk management policies, processes and practices, or increase the levels of provisions or write-offs reported, or otherwise increase its capital adequacy.
114. APRA may require an ADI to appoint an independent party to review and provide a report to APRA on all or a particular aspect of the ADI’s credit risk management, including provisioning practices. APRA may, however, request such a report without prior consultation with an ADI. APRA may set the terms of the review and at the ADI’s expense.
- Collateral can include guarantees, insurance arrangements and, importantly, security held over various forms of assets. This Attachment applies to all forms of collateral, including all types of assets taken as security. An ADI must apply this Attachment, having regard to the nature and type of security held.
- An ADI must ensure that assets to be taken as security are accurately identified and documented in exposure documentation. An ADI must ensure that the relevant legal requirements are met to maintain the ADI’s security position and to provide for its enforcement. This includes the ADI confirming that:
(a) the borrower has, or will have when the exposure is extended, clear title to the assets;
(b) the characteristics of the collateral are as they have been represented; and
(c) assets serving as collateral, where relevant, are appropriately insured at the time of origination and this insurance is maintained under the contractual terms of the exposure.
3. Valuation of security must be undertaken on any exposure prior to drawdown and, where appropriate, an on-going basis.
4. In the event that the fair value of security is based on observable market values, an ADI’s policies and processes must have regard to:
(a) when observable market prices would be used;
(b) the basis for selecting the market prices to be used;
(c) the impact of market liquidity on the pricing of assets and the timing of their disposal; and
(d) costs which would arise in accessing and disposing of assets held as collateral.
5. In determining the fair value of security, an ADI may utilise the valuations of suitably qualified internal appraisers, external valuers or automated valuation methods. Policies and processes covering the fair value of security must address the circumstances in which such valuations would be sought.
6. Where an ADI uses valuations from internal appraisers, it must have policies and processes which address:
(a) when valuations would be provided by internal appraisers to remove the potential for real or perceived conflicts of interests which may affect the valuations; and
(b) the qualifications and experience required of internal appraisers when undertaking valuations.
7. If an ADI relies on external expertise for its security valuation needs, it must establish robust selection and review mechanisms. Factors that must be considered in the selection process include:
(a) professional qualifications required;
(b) relevant experience, including local knowledge;
(c) breadth of expertise to cover both standard and specialised security assessments; and
(d) appropriate professional insurance cover.
8. If an ADI relies on the use of alternative valuation methods such as desktop assessments, kerbside assessments and automated valuation methods to produce a security valuation, it must have appropriate policies and processes which address:
(a) when valuations would be provided by the alternative method;
(b) monitoring, validation and reporting of valuation data; and
(c) asset values including adequate haircuts for conservatism when using automated valuation methods.
9. An ADI contemplating the use of alternative valuation methods must subject proposals to thorough analysis and develop a risk management capability that includes:
(a) a hierarchy of acceptable methods of determining value that is appropriate to the level of risk;
(b) analysis of the strengths and weaknesses of the relevant approaches or models being considered, including an understanding of the methodologies used, sources of data employed and how a service provider may be able to assist in reengineering the ADI’s processes;
(c) details of any back testing of a statistically random sample of alternative methods or auditing arrangements undertaken by a service provider;
(d) clarity of the output to be provided and how it would be integrated with the ADI’s processes; and
(e) ongoing monitoring of tools used, processes that capture evidence of action taken when values are deemed to be unreliable and periodic back testing undertaken by the ADI to independently validate reliability of outcomes.
10. Policies and processes must also provide for the formulation of instructions for the conduct of valuations. Each valuation request must be the subject of specific instructions to the appraiser or valuer. These instructions must cover (as relevant in each instance) appropriate issues such as valuation purpose, valuation basis required, valuation for insurance purposes, valuation method, market summary/commentary and form of report required. Where a party other than the ADI instructs the valuer, the valuation must be appropriately endorsed for the ADI’s use. In these circumstances, the valuation must be confirmed by an internal appraiser, or an external valuer, with the appropriate expertise.
11. Where an ADI relies on a panel of approved valuation professionals, an ADI’s credit risk management must provide for the panel to be regularly reviewed at least annually by the ADI.
12. If an ADI uses valuations in determining the fair value of security, the ADI must require valuers and appraisers, in preparing their valuation reports, to adopt the valuation standards and practices of any relevant professional bodies. For example, in the case of property valuations, the standards and practices of the Australian Property Institute or equivalent local or offshore bodies must be used. Valuation reports must be based on the standard format advocated by any relevant professional bodies.
13. An ADI must have policies and processes directed at ensuring the reliability of the valuation processes and valuations received in respect of security held. This must involve independent and regular internal reviews of valuations and automated valuation methods results by appropriate management or audit personnel and formal reviews by an independent valuer.
14. An ADI’s policies and processes must provide for regular assessment of security values so as to ensure that the fair value of security underpinning provisioning and reserves, and any security coverage measures applied to exposures, is timely and reliably reflects values which an ADI might realise if needed. This is especially important where exposures are secured by assets that are susceptible to significant changes in value, or where the margin for diminution of value of security is small.
15. For the purposes of determining the fair value of security involving property, an ADI must assume:
(a) a property would be accessed in the near future;
(b) the period for marketing a property would be up to 12 months, although a longer period (up to a maximum of 24 months) may be adopted for specialised or unusual properties when professional valuers advise that this is appropriate; and
(c) market conditions and asset values remain static over the marketing period. Marketing periods must be retrospective and assumed to have elapsed at the date of valuation, rather than incorporating any improved market conditions.
16. Property assets must be based on fair values. In determining fair values, an ADI must use conservative estimates in imputing future income streams, such as lease payments which are not already contracted. An ADI must ensure key assumptions used in the valuation approach are appropriate and there is sufficient evidence to support the assumptions. An ADI must review and be satisfied of the reasonableness of key assumptions before the valuation takes place.
17. In determining fair values, any valuation based on highest and best use rather than existing use must be adequately supported and documented. Where applicable, the valuation report must set out how highest and best use was determined.
18. In some circumstances, it may be difficult to determine the fair value of property assets that have not yet achieved a stable income, or properties that are experiencing fluctuations in income. In such cases, a forecast of expected cash flows must be used to estimate the value of the property. The discount rates used in calculating the value of security must reflect the opportunity cost, determined by way of comparison with prevailing returns on competing investments, of holding the property, assuming a long-term holding. Capitalisation rates must reflect expectations about the long-term rate of return investors require under normal, orderly and sustainable market conditions.
19. Where collateral is in the form of a security interest over assets as defined in the Personal Property Securities Act 2009, an ADI must ensure that all relevant security is properly scrutinised.
20. Where a third party supplies information relating to a security interest held by an ADI, for example, outstanding debtors, asset values must be objectively assessed to ensure security coverage is adequate. This may include testing of information supplied.
21. In determining the fair value of security not in the form of real property, an ADI must also have regard to considerations such as market liquidity, legal costs, impediments to realisation and prior charges.
- Where an ADI undertakes prescribed provisioning, the level of prescribed provisions must be reported to APRA notwithstanding the level of any provisions which an ADI may have actually raised, or the form in which such provisions have been reported, in its audited published financial reports. Where an ADI establishes such provisions in excess of those prescribed, the ADI must continue, for capital and APRA reporting purposes to include any excess provisions, as part of its specific provisions or provisions held against performing exposures that represent unidentified losses, as appropriate.
2. The amount of prescribed provisions that an ADI is required to hold will, unless otherwise agreed with APRA, be in addition to any provisions held against performing exposures that repreent unidentified losses which it may hold.
3. A prescribed provision must be treated as a specific provision for capital and APRA reporting purposes and reported on an after-tax basis. Any deferred tax asset associated with the prescribed provision must be removed. Prescribed provisions must be deducted from an ADI’s Common Equity Tier 1 Capital unless the amount of the prescribed provision has otherwise not been included in Common Equity Tier 1 Capital.
4. Where the Board or senior management of an ADI believe that the prescribed provisions calculated in accordance with this Prudential Standard do not reasonably address assessed loss outcomes, they must report additional specific provisions. The level of specific provisions required will depend on the type of exposure and term of payments past-due or the period of irregularity in cash flows due on an exposure.
5. Alternatively, where an ADI can satisfy APRA that the level of provisioning prescribed under this Attachment is higher than it might prudently require, the ADI may seek APRA’s written agreement to report a lower level of such provisions as specific provisions. The difference between the level of provisions prescribed under this Attachment and that which it is agreed an ADI might prudently report may instead be included as part of the ADI’s provisions held against performing exposures that represent unidentified losses or, alternatively, may be returned to Common Equity Tier 1 Capital as agreed with APRA. An ADI will need to fully satisfy APRA that its estimates of its provisioning needs are both prudent and comprehensive.
6. An ADI subject to prescribed provisioning arrangements must determine its specific provisions for capital and APRA reporting purposes in accordance with the four categories of past-due exposures defined in this Attachment. The prescribed provisions calculated represent a minimum level of provisioning that an ADI must report, subject to paragraph 5 of this Attachment.
7. Where an exposure maintained by an ADI utilising prescribed provisioning does not fall into the four categories of exposures outlined in this Attachment and the exposure is a non-performing exposure, the amount of provision to be held against this item must reflect the risk involved and must be agreed with APRA.
8. No prescribed provisions are mandated for Category One exposures.
9. Category One exposures are well-secured (refer to paragraphs 18 and 19 of this Attachment) and include:
(a) an exposure that is secured by a registered first mortgage against a residential property and is insured by an eligible lenders mortgage insurer (as defined in APS 112) for 100 per cent of the outstanding balance;
(b) an exposure that is secured by a registered first mortgage against a residential property, where the ratio of the outstanding balance, less the amount of mortgage insurance, to the valuation of the security is no more than 80 per cent (where the exposure is 90 days or more worth of payments past-due, and the valuation is not older than 12 months); and
(c) an exposure that is secured by a registered second mortgage against a residential property where:
(i) the ratio of the outstanding balances of the exposure secured by both first and second mortgages to the valuation of the residential property does not exceed 80 per cent, and the first mortgage cannot be extended without it being subordinated to the second mortgage; or
(ii) where the ratio of the outstanding balances of the exposure secured by both first and second mortgages to the valuation of the residential property exceeds 80 per cent, and the first mortgage cannot be extended without it being subordinated to the second mortgage, and the outstanding balance is 100 per cent mortgage insured by an eligible lenders mortgage insurer (as defined in APS 112).
10. A Category Two exposure is defined as an exposure that is secured by a registered first mortgage against a residential property, where the ratio of the outstanding balance, less the amount of lenders’ mortgage insurance, to the valuation of the security is greater than 80 per cent but no more than 100 per cent (where the loan is 90 days or more worth of payments past–due, and the valuation is not older than 12 months).
11. For Category Two exposures, the prescribed provision is a percentage of the balance outstanding, where the percentage depends upon the term of payments past-due. An ADI must apply the minimum provisions for Category Two exposures in Table 1.
Table 1: Category Two exposures
Term of payments past–due | Amount of Provision (%) |
Up to 90 days | 0 |
90 days and less than 182 days | 5 |
182 days and less than 273 days | 10 |
273 days and less than 365 days | 15 |
365 days and over | 20 |
12. Where the provision calculated under Category Two exposures is greater than the provision that would have been calculated under Category Three exposures, the latter must be taken as the prescribed provision.
13. Category Three exposures apply to all exposures that do not fall into Categories’ One, Two, or Four. Personal and commercial loans (both secured and unsecured), and residential mortgage loans where the ratio of the outstanding balance, less the amount of lenders mortgage insurance, to the valuation of the security is greater than 100 per cent, are included.
14. The minimum provision for these items is a percentage of the balance outstanding, where the percentage depends upon the term of payments past-due. An ADI must apply the minimum provisions for Category Three exposures in Table 2.
Table 2: Category Three exposures
Term of payments past–due | Amount of Provision (%) |
Up to 90 days | 0 |
90 days and less than 182 days | 40 |
182 days and less than 273 days | 60 |
273 days and less than 365 days | 80 |
365 days and over | 100 |
15. Where an exposure is secured by a mortgage over a residential property, the provision may be adjusted to reflect a part of the fair value of security held. When this occurs, the minimum provision percentage in the table above must be applied to the difference between the outstanding balance less any lenders’ mortgage insurance and 70 per cent of the security value, where the exposure is 90 days or more worth of payments past-due, and the valuation is not older than 12 months. Where an exposure is secured by collateral other than residential property, an ADI may approach APRA to discuss an appropriate basis upon which to value security held.
16. Where an exposure is otherwise secured by equivalent or better security arrangements than that described in paragraph 15 of this Attachment, an ADI may, on application to APRA, seek to have the provision adjusted to reflect the whole or part of the fair value of security held. APRA may agree to an adjustment if it is satisfied that the provision, as adjusted, more appropriately covers the risk on the exposures. APRA will apply the following guidelines in considering the application:
(a) guarantees provided by Commonwealth or State Governments, or ADIs, may be deducted from the full value of the exposure prior to applying the prescribed provisioning requirements;
(b) Crown leases involving property used for residential purposes may be adjusted in accordance with this Attachment;
(c) bank bills and government securities held as collateral, if subject to enforceable security in favour of the ADI, may be deducted from the value of the exposure at their fair value prior to applying the prescribed provisioning requirements; and
(d) cash on deposit with the ADI may only be deducted from the full value of the exposure prior to applying the prescribed provisioning requirements for the purposes of prescribed provisioning where the deposits are secured by appropriate contractual arrangements that satisfy the eligible collateral provisions contained in APS 112. A right of offset is not considered to provide appropriate security per se.
17. This category applies to overdrawn savings accounts and overdrawn limits on revolving exposures such as credit cards, overdrafts and line of credit advances. The minimum provision on these items is a percentage of the balance outstanding, where the percentage depends on the period of irregularity, as shown below. In calculating the minimum provision for each item, except for overdrawn savings accounts, the full amount of the credit drawn must be included in the balance outstanding. For overdrawn savings accounts, the provision is only applied to the overdrawn amount. Refer to Table 3.
Table 3: Category Four exposures
Period of Irregularity | Amount of Provision (%) |
Up to 14 days | 0 |
14 days and less than 90 days | 40 |
90 days and less than 182 days | 75 |
182 days and over | 100 |
18. A well-secured exposure is, for the purposes of this Attachment, defined as one where an ADI judges that:
(a) the value of collateral, including the fair value of associated security is sufficient to ensure that the ADI will recover the outstanding principal, including any previously due but unpaid interest or fees, and other previously unpaid amounts, and any estimated shortfall in all remaining cash flows due over the life of the exposure. This includes any amounts arising over the period until collateral is obtained and settled. Collateral includes any arrangement that protects the ADI from losing, partially or fully, the principal, interest or other amounts due on an exposure. This will include secured interests in assets, lenders mortgage insurance, cash collateral, guarantees, put options and interest servicing arrangements. An ADI must be able to demonstrate to APRA, if required, that any value ascribed to collateral is reliable in a recovery situation; and
(b) there is reasonable assurance that collection efforts will result in payment of amounts due in a timely manner, including full compensation for overdue payments.
19. In determining whether the coverage provided by collateral will enable an ADI to recoup all cash flows due over the life of the exposure, including any outstanding payments due but not yet received, the ADI must take account of any costs, for example, selling costs, involved in taking possession of and realising the value of collateral.
20. Prescribed provisioning does not apply to restructured exposures, assets acquired through security enforcement and other real estate owned which meet the requirements for items to qualify as performing.
