Credit Risk Management

From Open Risk Manual


Credit Risk Management denotes a broad collection of principles, tools, processes and management roles that aim to underpin the management of Credit Risk, most typically (but not necessarily) in the context a Credit Portfolio.

Credit Risk Management is a superset of Credit Portfolio Management, with the later term being used when intending to place emphasis on portfolio aspects.


A decomposition of credit risk management into elements building on[1]

  • Assessment of Credit Culture and Credit Control
  • Setting of Portfolio objectives and risk tolerance limits (Credit Limit),
  • Management information systems, including Credit Risk Monitoring
  • Portfolio segmentation and risk diversification objectives,
  • Aggregate policy and underwriting exception systems
  • Stress testing portfolios
  • Analysis of loans originated by other lenders
  • Independent and effective control functions
  • Analysis of portfolio risk/reward tradeoffs

EBA Requirements

In accordance with the EBA Guidelines[2] on internal governance, institutions should implement a robust and comprehensive internal control framework, including credit risk management, respecting inter alia the principles of accountability, segregation and independence of functions and responsibilities, challenge and assurance of outcomes.

Risk management and internal controls for credit risk should be integrated into the institution’s overall risk management and internal control frameworks, as well as into the organisational and decision-making structure. Institutions should ensure that the internal control framework, including credit risk management, supports robust and appropriate credit risk taking, analysis, and monitoring throughout the life cycle of a credit facility, including the design and development of the specific product, sales and administration.

Institutions should establish regular and transparent reporting mechanisms so that the management body, its risk committee, if established, and all relevant units or functions are provided with reports in a timely, accurate and concise manner and can take informed and effective actions within their respective mandates, to ensure the identification, measurement or assessment, monitoring and management of credit risk (see also Section 8).

Institutions should define, in a clear and transparent manner, the allocation of responsibilities and authority within the organisation, including within and between business lines, units and functions, including risk management. To this end, institutions should clearly define functions responsible for performing the various tasks related to credit risk taking and the credit decision-making process, specified in a way that does not lead to a conflict of interest and ensures the effective management of credit risk.

The business lines and units originating the credit risk should be primarily responsible for managing the credit risk generated by their activities throughout the lifetime of the credit. These business lines and units should have adequate internal controls in place to ensure adherence with internal policies and relevant external requirements.

The institutions should have a risk management function, in line with the EBA Guidelines on internal governance, that is responsible for ensuring the proper controls of credit risk. The risk management function should be independent of the business-originating units.

For this purpose, institutions should consider the following areas/tasks:

  • developing and maintaining credit-granting and monitoring processes and procedures;
  • defining and developing processes, mechanisms and methodologies for credit risk appetite, credit risk strategy and credit risk policies, including the overall cascading-down process for policies and procedures, and business strategy;
  • designing and implementing an appropriate credit decision-making framework in accordance with these guidelines;
  • designing, defining and performing credit risk monitoring and reporting, including early warning systems, credit portfolio and aggregate risk monitoring, including in relation to ICAAP and any applicable regulatory metrics, e.g. large exposures rules;
  • performing an assessment of creditworthiness and a credit risk analysis for scoring or rating purposes;
  • providing an independent/second opinion on the creditworthiness assessment and credit risk analysis for the purposes of credit decision-making, specifying in which circumstances, considering the specificities of the credit facility, its size and the risk profile of the borrower, this independent/second opinion is relevant;
  • assessing the appropriateness of allowances in accordance with the relevant accounting framework;
  • developing new credit products, also considering the requirements for the new product approval process, and ongoing monitoring of the appropriateness of credit products;
  • managing early arrears and non-performing exposures, and granting and monitoring forbearance measures, in line with the provisions of the EBA Guidelines on management of non-performing and forborne exposures and the EBA Guidelines on arrears and foreclosure under Directive 2014/17/EU 27 , and the institution’s internal policies – in relation to lending to consumers, such tasks may also include liaising with independent debt-counselling and debt advice services when relevant;
  • performing stress tests on the aggregate credit portfolio as well as on relevant sub-portfolios and geographical segments;
  • monitoring individual exposures through regular credit reviews, in accordance with the requirements set out in Section 8, including sample reviews of credit lines;
  • ensuring the integrity and reliability of the internal ratings assignment process, as described in Article 173 of Regulation (EU) No 575/2013, where relevant for institutions with permission to use an internal ratings-based approach, and the integrity and reliability of the rating scale and ratings assignment process used by the institution, for the institutions using the standardised approach;
  • performing quality assurance of credit assessments, taking into account an appropriate sample size, and ensuring that credit risk is properly identified, measured, monitored and managed within the institution’s business origination activities, and that regular reporting is communicated to the institution’s management body.

See Also


  1. Loan Portfolio Management Comptroller’s Handbook, April 1998 (Updated June 26, 2017, for Non-accrual Status)
  2. EBA, Guidelines on loan origination and monitoring EBA/GL/2020/06

Contributors to this article

» Wiki admin