The following sections provide a more detailed description of the methodology for assessing the credit risk of significant institutions (SIs) as part of the Supervisory Review and Evaluation Process (SREP). The ECB uses a risk-based standardised methodology to assess credit risk.

1 Introduction

The SREP credit risk methodology:

• is consistent with the European Banking Authority (EBA) Guidelines on the SREP and assesses whether banks are complying with the ECB’s supervisory expectations;
• is applied proportionately to SIs, taking into account the nature, scale and complexity of their activities;
• supports Joint Supervisory Teams (JSTs) in performing risk-based supervision, while providing sufficient flexibility to cater for bank-specific elements, which means that the frequency, scope and depth of the assessments vary in line with European banking supervision and bank-specific priorities;
• is comprehensive and includes backward and forward-looking perspectives that consider all relevant risk components and their possible mitigants;
• draws on best practices and is periodically updated to ensure alignment with the EBA Guidelines on the SREP and any relevant changes in regulation.

The factors that the ECB considers relevant to assessing the credit risk of an institution, both on and off-balance sheet, include:

• the size and materiality of credit exposures/activities;
• the nature and composition of the credit portfolio, as well as the various sub-portfolios and the corresponding concentration;
• the evolution of the credit portfolio, including from a forward-looking perspective;
• the quality of the credit portfolio, particularly the specificities of the performing and non-performing parts (for performing parts, this also entails checking potential deterioration, e.g. analysing the forborne/Stage 2/past due progressive share and coverage);
• the granting and monitoring of loans and credit facilities throughout their life cycle;
• the risk-based pricing of loans;
• the credit risk parameters, including International Financial Reporting Standard (IFRS) 9 parameters (e.g. transition matrices, probability of default and loss given default), internal ratings-based (IRB) parameters (e.g. probability of default, loss given default and credit conversion factors) and other internally estimated parameters;
• credit risk mitigants, such as provisions, immovable and movable collateral and the level of coverage, especially for non-performing exposures;
• other items considered relevant to the specific institution (e.g. held for sale portfolio and foreclosed assets).

External factors – such as the economic environment, climate-related and environmental aspects and geopolitical evolution – are also considered.

Credit risk is gauged as part of the assessment of risks to capital (Element 3) of SREP (Figure 1).

Figure 1

Overview of the SREP methodology

The credit risk assessment is based on (i) a quantitative assessment that considers the inherent risk (risk level), and (ii) a qualitative assessment that considers the management and control framework (risk control) (Figure 2). In the credit risk level assessment, JSTs assess risks or vulnerabilities that might have an impact on the prudential elements of the institution if they were to materialise.

During the risk control assessment, JSTs assess whether credit institutions have adequate processes and systems in place to appropriately identify, measure, evaluate, monitor, report and mitigate the level of credit risk, including expected credit loss (ECL) measurements and policies, as well as procedures to appropriately validate ECL models.

The risk level assessment is performed by JSTs in three phases:

• Phase 1: supervisors gather data and assess the materiality of the risks;
• Phase 2: an automated anchoring score is generated based on common key risk indicators;
• Phase 3: supervisors carry out a more in-depth credit risk assessment, taking into account supervisory judgement regarding the bank specificities and applying constrained judgement.

The risk control assessment is also divided into different phases:

• Phase 1: supervisors gather data;
• Phase 3^[1]: supervisors conduct a more in-depth credit risk assessment, taking into account a formal compliance check, which was previously performed in Phase 2, and the supervisory judgement regarding the bank specificities and applying constrained judgement.

The assessment of credit risk covers both risk level and risk control and is combined to form an overall credit risk assessment. It summarises the supervisory view in an overall credit risk score of between 1 and 4 (with qualifiers) and a main rationale for the score.

Figure 2

Overview of the SREP credit risk assessment

The SREP methodology is rooted in the EBA Guidelines on SREP, and the documents in which the ECB communicates its supervisory expectations are an integral part of the SREP framework.

2 Credit risk level methodology

2.1 Phase 1

The primary objective of Phase 1 is to identify potential areas of vulnerability in the form of credit risk that may warrant further investigation in Phase 3.

The Phase 1 methodology is structured along both a portfolio view and a risk view and is divided further into modules and sub-modules. This is to enable the JSTs to focus on the most pertinent risks (Table 1). In addition, JSTs can assess any other aspect which is material for the credit risk profile of an institution. The modular structure introduced in Phase 1 therefore facilitates a more proportionate assessment, while the supervisory efforts in Phase 3 focus on the material risk drivers for each institution. The modular structure is aligned with different types of counterparty (in line with the financial reporting – FINREP – definitions, e.g. households and non-financial corporations) and/or with specific risk sub-categories for the nature of the credit activities performed by the institution (e.g. country risk and securitisation). Where relevant, a more granular perspective at the sub-modular level may be taken (e.g. credit for consumption within the households portfolio).

The credit risk assessment is based on a wide range of information, including supervisory reporting and other relevant sources.

In a first stage, the materiality of the different modules is automatically calculated on the basis of the available data sources, which include:

• implementing technical standards (ITS) on supervisory reporting, such as FINREP and common reporting (COREP);
• additional information derived from the short-term exercise (STE) (e.g. data on concentration).

A number^[2] of key risk indicators are calculated to check the materiality of the various modules. Volume-based indicators (e.g. share of portfolio exposures) display materiality in terms of exposure amounts. Risk-based indicators (e.g. the non-performing loan (NPL) ratio, Stage 2 ratio, loan growth and forbearance ratio) signal riskiness and provide further details on areas to be considered in Phase 3.

In a second stage, JSTs make a final selection of the material modules, also taking into account additional information, including:

• internal management data available in banks’ internal reports, such as internal capital adequacy assessment process (ICAAP) reports and internal audit (IA) reports;
• qualitative information, such as credit risk budgets and strategies, risk appetite frameworks for credit risk, credit risk policies and procedures, and internal policies and procedures for collateral valuation;
• supervisory information, such as routine credit risk monitoring reports, credit file reviews, findings from on-site inspections, deep dives, previous risk assessment system reports and other routine reporting templates;
• non-harmonised reporting forwarded by national competent authorities.

JSTs will flag the related modules as material or immaterial. In making their final decision on the materiality assessment, JSTs always take into consideration the results of the automatic assessment and the specificity and complexity of the institution.

2.2 Phase 2

The purpose of Phase 2 is to produce an automatic anchoring score for the credit risk level of an institution. The Phase 2 score is risk-based and the methodology is applied equally across all SIs. It serves as a starting point for JSTs to consider more detailed bank-specific circumstances and thus apply expert judgement. The Phase 2 methodology captures different dimensions to ensure that the preliminary assessment of an institution’s credit risk profile is sufficient and comprehensive.

First, the “asset quality” dimension is assessed for both the performing and the non-performing parts of the credit portfolio. The level of NPLs and NPL inflows are taken into consideration to establish a view on the riskiness of the non-performing part of the portfolio. In line with the ECB’s previous communications on the management of NPLs and coverage expectations^[3], banks are expected to deliberately and sustainably reduce material levels of NPLs and adequately cover the remaining risk^[4] in their balance sheets. The forward-looking assessment of asset quality deterioration linked to the performing part of the credit portfolio has gained significance over the last few years. To address this aspect, the Phase 2 score also takes into account the amount of performing exposures that show early signs of distress and significant increases in credit risk.

Second, the “risk mitigation” dimension is assessed for both the performing and the non-performing parts of the credit portfolio. Timely provisioning and write-off practices related to non-performing loans are essential to avoid the excessive build-up of NPLs on banks’ balance sheets and allow institutions to (re)focus on their core business, most notably lending to the real economy. This is consistent with the ECB’s previous communications on prudent provisioning practices in the context of the NPL Guidance (including its Addendum) and of the coronavirus (COVID-19) pandemic.^[5] In addition, it is essential for banks to allocate exposures to the appropriate IFRS 9 stages.^[6] In order to ensure adequate credit risk coverage, banks must draw on all relevant information to determine the corresponding expected credit losses, using realistic parameters and assumptions suited to the current environment.

Finally, the “concentration risk” dimension is assessed for the performing part of the credit portfolio, looking at both sectoral and single name concentration. The ECB closely scrutinises the risk of incurring significant losses owing to credit concentration; a high concentration will have a negative effect on the Phase 2 score.

Figure 3 summarises the Phase 2 approach. The scores for all quantitative risk indicators used in Phase 2 are defined by drawing a comparison between the individual value of a supervised institution and predefined thresholds aligned with the Single Supervisory Mechanism (SSM) risk appetite.

Figure 3

Approach for determining the Phase 2 score

The Phase 2 framework is purely quantitative in nature, which ensures that it is based on harmonised and consistent indicators and thresholds. The objective of the Phase 2 score is neither to capture all idiosyncratic elements linked to a bank’s credit risk profile nor to assess banks’ specificities, such as their business model (e.g. a diversified lender, global systemically important bank or universal bank). These aspects are duly considered during the in-depth assessment performed by the JSTs in Phase 3.

2.3 Phase 3

In Phase 3, JSTs conduct a comprehensive bank-specific assessment, which results in the final risk level score reflecting the institution-specific credit and counterparty risk level. While the Phase 2 credit risk score serves as an anchoring score, Phase 3 provides JSTs with the necessary flexibility to consider institution-specific aspects of the portfolios and risk dimensions. Phase 3 follows a consistent and risk-based framework and can lead to an adjustment of the Phase 2 score.

JSTs consider information from various sources, including peer comparisons. During the Phase 3 assessment, JSTs take into account insights gained from on-site inspections, deep dives or horizontal analyses, such as targeted or thematic reviews, when available. Peer comparison is also embedded in this assessment and supported by internally available tools.

The adequacy of processes and procedures is essentially a risk control topic and feeds into the risk control assessment. However, there may be consequences for the reliability of quantitative information analysed in the risk level assessment. The quality and reliability of quantitative metrics reported by the supervised entity are considered in order to prevent metrics from being biased. Such biases (which could, for example, stem from a lack of prudence or risk control deficiencies) could lead to an overly positive assessment of the supervised entity’s risk position.

The Phase 3 assessment is aligned with the material modular structure identified in Phase 1 and follows the portfolio view and the risk view.

2.3.1 Modules under the portfolio view

The structure of the modules to be assessed in Phase 3 is largely aligned with the regulatory FINREP counterparty definitions and therefore follows a portfolio view.^[7] The modules are predominantly:

1. Households: sorted into main sub-portfolios, such as “Households secured by residential real estate (RRE)”, “Credit for consumption” and “Others”. Specific elements for possible consideration in this portfolio include analysis of the level, distribution and evolution of, for example, debt-service-to-income (DSTI), loan-service-to-income (LSTI), debt-to-income (DTI) or loan-to-income (LTI) ratios; loan-to-value ratios (LTV); maturity composition; analysis of underwriting standards; and level of collateralisation.
2. Non-financial corporations: sorted into main sub-portfolios, such as “Corporates and large corporates”, “Small and medium-sized enterprises (SMEs)”, “Commercial real estate (CRE)” and “Specialised lending (other than CRE)”. Specific elements under consideration in this portfolio include, for example, the rating composition and financial situation of clients and how these align with probabilities of default (PDs); the segmentation by sector and the amount of exposure in each sector; the subordination, maturity, guarantees, amortisation and the nature of exposures; the level of overrides and overlays; the expected cashflows from the financed projects; and underwriting standards.
3. Credit and other financial institutions: specific elements under consideration in this portfolio include, for example, rating composition and alignment with PDs; ownership structure and potential support mechanisms; exposure composition, guarantees and product types; outlook and expected trends; and analysis of the corresponding financial leverage.
4. Central and general governments: specific elements under consideration in this portfolio include, for example, specificities of exposures to regional and local authorities or public sector entities and exposures to groups of connected clients involving central and regional governments.
5. Leveraged finance: assessing whether the leveraged finance aligns with the ECB’s 2022 letter on leveraged transactions and supervisory expectations.

Some aspects that drive portfolio quality are specific to the type of portfolio (e.g. collateral in the case of RRE or CRE), while other assessment dimensions have been found to be potentially relevant for all portfolios, such as:

• Growth: analyses performed over at least the past three years to identify trends and deviations regarding the size, strategy, organisation, capital availability, risk appetite and management framework of the institution. The assessment also covers growth driven by new products or sectors to verify that the bank has adequate risk control frameworks, know-how and resources.
• NPEs: the NPE ratio and its coverage are considered key indicators of a portfolio’s credit quality. This analysis also covers the NPE drivers, including the type of exposures, sectors, geographies, level of unlikely to pay (UTP) exposures and the NPE vintage composition. Furthermore, the analysis covers the evolution of NPE inflows and examines how the credit quality of the portfolio evolves. The NPE coverage ratio and its evolution in terms of provisioning and collateralisation are also assessed, including by vintage buckets. Deficiencies in an institution’s classification practices – such as a lack of prudent UTP triggers or forbearance flagging, a backlog of UTP assessments or shortcomings in early warning systems – might also indicate NPL ratios that are not fully reliable.
• Stage 2: the analysis of exposures classified as Stage 2 focuses on their development and evolution, as well as their main drivers. JSTs assess banks’ actions against the expectations outlined in documents such as the “Dear CEO letter”. JSTs also consider the level of performing forborne exposures and the stage transfers (e.g. a high level of direct transfers from Stage 1 to Stage 3 may warrant further investigation). The assessment of the evolution of the corresponding provisions complements the analysis. Additionally, JSTs assess whether the Stage 2 ratio and its coverage adequately reflect the quality of the performing portfolio. For example, they take into account the degree of prudence in a bank’s policies for identifying, classifying and measuring risk.
• Collateral and financial guarantees: the JST analysis considers the enforceability of the collateral, recovery rates, costs and time to recovery. This analysis is also complemented by the results from on-site investigations and other supervisory activities. In their analysis, the JSTs also consider the vintage composition of NPLs that are secured by collateral. The analysis covers key aspects, such as the accuracy and reliability of valuations, the frequency of monitoring and revaluation, as well as collateral price risk.
• Foreign exchange (FX) lending: the analysis covers significant currency concentration in the same, or highly correlated, foreign currencies in the lending portfolio. This analysis is performed in different portfolios, as well as the total portfolio, to identify trends and potential vulnerabilities owing to exchange rate fluctuations.
• Forbearance: the assessment encompasses both performing and non-performing forbearance and pays specific attention to performing forborne exposures and their evolution. The assessment focuses in particular on the sustainability of forbearance measures, including repetitive extensions or overly long durations of forbearance measures. The assessment also considers the level of effectiveness of forbearance measures, as well as the corresponding level of coverage.
• Off-balance sheet exposures: JSTs use different scenarios to evaluate how off-balance sheet exposures might develop as part of the credit risk strategy. The analysis involves different scenarios that test the volatility of these exposures and potential effects in terms of credit losses or concentration.
• Climate risk and other risks: this assessment covers any credit risk-related aspect potentially impacted by climate-related and environmental risk. This includes considering concentrations in economic sectors or geographical areas more vulnerable to this risk. It also covers other aspects, such as residual risk, settlement and delivery risk and other elements that are material to credit risk.

Even though the Phase 3 assessment focuses on the most material portfolios, the assessment of the credit risk dimensions is also carried out at the total portfolio level. This is particularly relevant when certain critical aspects are not evident at the sub-portfolio level but become relevant when assessed for the total portfolio.

2.3.2 Modules under the risk view

1. Concentration risk: JSTs consider the risk of concentration with regard to the same counterparties (single name concentration) and the evolution of this risk. They also consider concentration with regard to same sectors, same regions and countries, specific products, specific types of collateral and guarantees or any other risk driver that could lead to significant losses.
2. Risk from securitisation: this assessment covers any risk profile of the securitiser and securitisation strategy, as well as its alignment with the overall risk profile of the institution, with a focus on the size of the securitisation portfolio. It also covers the interconnectedness between significant risk transfer transactions and capital planning, as well as the appropriate governance framework for securitisation and the internal control framework.
3. Risk from foreclosed assets (FAs) and NPLs held for sale (HFS): JSTs take into consideration, for example, the stock of FAs and its evolution, paying special attention to assets with a vintage of longer than one year, coverage, type and location of assets, type of execution, valuation policies and corresponding management, performance against budgets and reduction strategies. The JST assessment covers the level and evolution of HFS assets, the timeline and implementation of plans, and the duration of the HFS classification. JSTs also examine any attempt made by the institution to exploit regulatory arbitrage by classifying NPLs as HFS.
4. Country risk: JSTs take into consideration sovereign risk, transfer risk and other risks arising from international activities. The assessment includes the degree of concentration with regard to all types of country risk and potential contagion effects.
5. Counterparty credit risk (CCR): this involves distinguishing between the risk arising from the derivatives and secured financing sub-portfolios. As part of this assessment, JSTs examine settlement and wrong-way risk. The JSTs also consider exposure under business-as-usual and stressed conditions, the types of counterparty and their creditworthiness, collateral, netting and margin agreements, as well as the degree of concentration with regard to specific counterparties, types of position, risk classes and any other material aspect.

3 Credit risk control methodology

The regular analysis of banks’ internal credit risk control functions is the qualitative complement to the quantitative credit risk assessment under the risk level part of the SREP. It is of the utmost importance that banks manage their risks well to better withstand adverse circumstances and that their risk appetite is subject to closer scrutiny and control at all levels of the organisation. A lack of responsiveness to supervisory measures (as well as to IA recommendations) signals serious deficiencies in banks’ risk control frameworks, as well as a lack of capacity to improve their control systems to ensure the risk is properly managed.

3.1 Phase 1

The primary objective of Phase 1 is to obtain information about the risk control structures for credit risk. To assess risk control in Phase 3, JSTs gather information on the control set-up for credit risk for both the governance structure and the control framework in place.

Phase 1, like Phase 3, has three common modules for all risks to capital, which include topics that are closely related to organisational and strategic aspects of credit risk management, and four modules capturing the unique nature of credit risk controls (Table 2), which largely follow the loan life cycle.

3.2 Phase 3

The primary objective of Phase 3 is to assess the efficiency of the credit risk control framework from different perspectives and in the light of the scale and complexity (business model, organisational structure, etc.) of the institution. The assessment performed in Phase 3 should be proportionate to the level of the bank’s credit risk and is risk focused.

JSTs include in their assessment the outcomes of any supervisory activity to gauge the degree to which the institution verifies compliance with, and the effective implementation of, the relevant Level 1 regulation^[8] to ensure that any potential deficiency in this regard is duly reflected in the assessment and in the scores obtained. If severe weaknesses or non-compliance are identified, JSTs will design appropriate measures to restore compliance.

JSTs combine their assessment of risk controls with the insights gained from on-site supervisory activities, deep dives and horizontal analyses (such as targeted or thematic reviews) and draw on the reports of the institution’s internal and external auditors.

Finally, nothing prevents JSTs from broadening the scope of the risk assessment to include relevant aspects that have not been addressed in the Guidance, although this is not expanded on in this chapter.

Modularity of the Phase 3 assessment

The risk control assessment is not preceded by a materiality check, in contrast to the risk level assessment. All modules are assumed a priori to be material.

One exception in this regard is the “transversal topics” module where an assessment is conducted when an institution is materially exposed to risks relating to CCR, securitisation and/or leveraged finance (the same quantitative materiality indicators apply as in the risk level methodology). This transversal module covers specific portfolios for which the analysis requires a different perspective from that for the typical credit risk exposures. These topics are covered in line with their special features, following a comprehensive review of the institution’s governance and organisational frameworks, as well as its strategy and risk appetite frameworks.

The risk control modules for credit risk are summarised below.

3.2.1 Modules common to all Element 3 blocks (risks to capital):

• Governance and organisational frameworks: The JSTs assess the extent to which the institutions:
  • have an appropriate organisational framework for credit risk management, measurement, monitoring and control functions;
  • have a proper governance framework, including an adequate decision-making process for credit risk issues and the clear involvement of the management body and relevant committees.
• Risk strategy and risk appetite: the JSTs assess the extent to which the institutions:
  • have a sound, clearly formulated and well-documented credit risk strategy, which is approved by the management body and is effectively implemented, monitored and controlled;
  • implement a robust credit risk appetite framework with consistent links to their overall business strategy, overall risk strategy, risk appetite and risk management framework.
• Framework for internal capital allocation for credit risk: the JSTs assess whether the institution has an adequate internal capital allocation for credit risk, focusing, for example, on the comprehensiveness, conservativeness and risk sensitivity of the methodology.

3.2.2 Credit risk-specific modules

• Loan origination: the JSTs assess the extent to which the institutions:
  • have an adequate lending authority framework given the nature, size, risk and complexity of their origination activities and have an appropriate credit decision-making framework;
  • ensure accurate and comprehensive analyses of borrowers’ creditworthiness at loan origination (including an assessment of environmental, social and governance (ESG) factors);
  • ensure that the valuation approaches applied at the point of origination are sufficiently accurate, prudent and commensurate with the type of collateral/guarantee;
  • effectively embed the internal control framework and lines of defence in their origination activities and ensure that their IA function conducts an effective review.
• Loan monitoring: the JSTs assess the extent to which the institutions:
  • effectively recognise early signs of declining credit quality and take suitable and timely actions through their tools, methodologies and processes;
  • have an adequate and effective framework for NPE and forbearance recognition;
  • ensure that collateral values are monitored on a regular basis and updated in a timely manner, using methods commensurate with the type of collateral and the evolution of its value;
  • effectively embed their internal control framework and lines of defence in their monitoring activities and ensure that their IA function conducts an effective review;
  • have adequate and effective procedures in place for the identification, monitoring and mitigation of country risk;
  • have adequate governance and control frameworks for IRB and IFRS 9 models.
• Arrears and NPL management: the JSTs assess the extent to which the institutions:
  • manage early arrears in a timely manner through efficient systems and policies, contacting borrowers to seek tailored solutions and to minimise losses;
  • develop, regularly review and monitor their respective NPL policies and their application and, where relevant, have ambitious and realistic NPL strategies, together with the corresponding governance and operational frameworks, for efficient NPL management;
  • ensure the implementation of adequate procedures for the management and valuation of collateral pledged for NPEs and of FAs;
  • effectively embed the risk control framework in their arrears and NPL management and ensure that their IA function conducts an effective review.
• Transversal topics: the JSTs assess the extent to which the institutions:
  • have an effective risk management framework in place to identify/capture and appropriately manage all risks specific to leveraged transactions and comply with the expectations of the ECB in this regard;
  • have an effective risk management strategy in place to capture all sources of securitisation risk and have appropriate governance arrangements for managing securitisation risk;
  • have a dedicated and specific risk monitoring and management framework for their CCR exposures commensurate with the size, nature, complexity and risk profile of their activities and the specificity and dynamic nature of the CCR arising from market activities, including an effective governance and control framework for CCR models (internal model method (IMM) and repurchasing agreements value at risk (Repo-VaR) approaches), if applicable.