Enforcement of the European Bank Authority Guidelines on loan origination and monitoring by 7th MaRisk amendment

7^th MaRisk amendment expected in 2^nd half 2022

After the application of the EBA guidelines on loan origination and monitoring for significant institutes in June 2021, the publication of the 7^th MaRisk amendment is expected for the second half of 2022. As a result, the new requirements will soon also be relevant for less important institutions as well.

Requirements affect all bank segments and the whole master credit process

Although existing German MaRisk circulars already cover parts of the EBA guidelines on loan origination and monitoring, the effort for German less significant institutes to implement the expected requirements of the 7^th MaRisk amendment are still considered high.   

The Guidelines are divided into the following sections: internal governance, loan origination and procedures, pricing, valuation of immovable and movable property and the monitoring framework. Due to the comprehensive requirements, the whole master credit process must be reviewed throughout the segments Private Banking, Retail Banking and Corporate Banking.

Institutions should have appropriate data infrastructure as well as relevant policies and procedures to support the credit-granting process and for the purposes of credit risk management and monitoring throughout the life cycle of the credit facilities.

Although the current practice within the banking sector at least for less significant institutions may differ, the topics “Environment, Social and Governance” (ESG) factors, sensitivity analyses, key risk indicators and IT data infrastructure will have the largest impact for the implementation of the requirements among the others.

While ESG criteria for investment decisions are now widely available, the consideration of ESG criteria for loan granting is a special challenge for banks, because not all borrowers are large, listed companies obliged to publish ESG relevant information. Furthermore, the primary use of external data for ESG assessment may not meet the bank’s own claim. As a result, banks will have to deal with collecting information about/from clients themselves for at least some of their borrowers (who maybe have not yet dealt with ESG risks at all themselves). In the case of borrowers with external available information, the question remains how can be it integrated into the creditworthiness assessment process and into the existing IT data infrastructure.  

Additionally, banks which plan to originate environmentally sustainable credit facilities should develop, as part of their credit risk policies and procedures, specific details for those lending policies and procedures.

Although the creditworthiness assessment had to consider the future repayment capacity even before, the requirements to perform a detailed sensitivity analysis under idiosyncratic and market events are quite new. Considering this banks must build a process including scenarios for their single- or multifactor sensitivity analyses for classical lending to corporates (medium-sized and large enterprises) and consumers. Until now, this has mainly been the case for cash-flow oriented financings like leverage transactions

Part of the sensitivity analysis should also be the new key risk indicators (KRI) which banks should implement and apply within the monitoring framework. From our Infosys Consulting perspective, banks should focus on a limited number of such KRIs, but ensure the consistent use from credit granting up to early warning and monitoring. Thresholds should be defined, and an escalation process should be put in place.

Besides the mentioned business specific topics, the appropriate data and IT infrastructure throughout the life cycle of the credit facilities (technology-enabled innovation for credit granting and models for creditworthiness assessment and credit decision-making excluded at this point) is expected to be a further major challenge while implementing the regulatory requirements.

At least, the European Bank Authority allows a phase-in of requirements for addressing data gaps in the monitoring of already existing credit facilities up until 30^th June 2024. Probably the BaFin will also tolerate a transition period.

ESG and data infrastructure are large challenges

Even if gaps are already identified and implementation measures perhaps are in progress, the consistent integration of all requirements and the need for a data infrastructure over the whole credit lifecycle are still a significant challenge for banks. BaFin intends to keep the principle-based approach and will allow further application of proportionality for less significant banks. Specifically, the consideration of ESG factors and data collection to assess those risk will remain a challenge. At the same time, banks as well as companies will have to disclose information on ESG related risks to the authorities (EBA ITS 2022/01 on prudential disclosures on ESG risks, NFRD, CSRD, SFDR, etc.).

In order to meet all these requirements, it will be crucial to link the various requirements in an efficient way.