I would also like to learn more about this

While I recognize a lot of these points, I do think that we should not let the tail wag the dog

If the non-financial factors add predictive power, I don’t think there is any reason on a first principles basis to categorically exclude them. But of course, I do appreciate that these kind of factors can be subjective and therefore of lower quality, so we should keep an eye on that and encourage the clients to improve data quality

Also, many banks lump treatment of these kind of factors with overrides, which is almost always where the supervisory feedback is coming from. It is commonly used as a fudge factor, and that is poor practice. One can develop a disciplined, (high-quality) data based use of this type of information to avoid that pitfall

Hello

I have seen corporate model have country specific sub models, to reflect political dependencies and support or changes in legislation, e.g., the France care home scandal and changes in the legislation

In the RSU corporate model one of the submodules is a Merton model, to reflect the market movements

@OP

In my experience, it typically depends on the bank's approach to the override:

Pre-calibration would typically be included if they are trying to include is as an statistical predictor of risk: i.e. you have some historical information that help you calibrate the specific weight and you only include the override if it increases the predictive ability of the model

Post-calibration if they want it to be a “penalization” mechanism for management (however this will not be fully compliant with EBA calibration guidelines for the use of overrides in IRB models)

@OP

In which case,

No change in default level – new Soft UTP is not adding any defaults (there must be fully correlated to any existing trigger or triggers e.g. 90DPD, bankruptcy, etc.)

No timing difference of default event – therefore no PD or LGD impact even due to discounting

Client has only limited historic time series to show proof

Both 1 and 2 indicate there is full correlation to already existing triggers at the existing time period (but level of correlation can differ at time (t) for each trigger toward the new Soft UTP trigger).

Based on the other responses to this question, a bootstrapping would be the correct approach, but the bank states on recent periods the outcome should be NULL (or similar like that)

Therefore, an idea could be to simulate the uncertainty of the correlation in different macroeconomic environments

Correlation analysis of macro economic factor vs existing triggers over time (t) Given that new Soft UTP trigger is correlated toward multiple triggers at time (t) (based on existing time period the bank has), the correlation variation found of each underlying existing trigger can be used to proxy new Soft UTP trigger back in time

PLUS above should still be supplemented with a qualitative statement

Given the new Basel regulation, Specialized Lending has its own exposure class and can continue to to utilize the full range of regulatory approaches; Standardized, Slotting, FIRB and AIRB. Each approach will require more data to achieve, but also lead to lower capital requirements

Standardized approach is suitable for limited exposure towards Specialized Lending

Slotting approach is suitable for institutions with limited internal data to build FIRB or AIRB PD models, but results in little risk differentiation given the stringent regulatory categories to be covered in a slotting model. The maturity risk differentiation provides capital relief for loans in the last phase until maturity

FIRB and AIRB allows the highest level of risk differentiation with PD models primarily build on internal observations (default or shadow rating models). In case of joint PD and LGD simulation models, various FSA expressed their expectation towards banks to utilize external loss and recovery information during the model build process (various form e.g. rank-ordering, calibration, MoCs). The capital benefit for AIRB towards FIRB has been reduced with the new Basel regulation given more sensitive Foundation LGD treatment, but it still provides a Risk Weight benefit of around 40 percent in higher recovery rate project finance segments (banks data quality and granularity can impact the benefit due to additional MoCs).

The guidelines for development data should be less around whether only the internal data is used vs. e.g., the full S&P ratings universe. Instead, it should be around sufficiency of internal data and representativeness of development data to application portfolio

E.g., if a bank has insufficient internal observations, then they should use a maximal universe

We also see an example where a bank lacked financials internally and had to use external financials, but the intersection of (1) being an internal client and also having both (2) external financial data and (3) external ratings resulted in too small a development dataset. This led to them using the full externally rated universe, rather than just their internal observations

Using standalone rating from ECAI as a target

Include failures in definition of default (i.e., banks that would have defaulted had they not received direct/indirect support from the government, including money or government schemes; e.g., Merrill Lynch in 2008)

Basel 3.1 implementation in UK delayed… once again
Basel 3.1 represents the final set of international banking reforms in response to the Global Financial Crisis. The reforms aim to enhance banks' risk measurement and capital requirement calculations, striving to make capital ratios more consistent and comparable across institutions.

But in consultation with HM Treasury, the PRA has decided to delay the implementation of Basel 3.1 in the UK by one year, to 1st January 2027. This adjustment was proposed to allow the regulator for additional time to observe the rollout of the reforms in the United States.

The delay appears to stem primarily from the potential impact on proposed reforms of the Fundamental Review of the Trading Book (FRTB) front, which includes revised boundaries between trading and banking books, a more sensitive standardised approach for Market Risk, and the introduction of the Non-Modellable Risk Factors charge. Whilst this affects primarily banks with significant trading or investment banking activities, the regulator has chosen to take a comprehensive pause of the entire Basel 3.1 regulation to reassess the entire suite of reforms.

But the reaction from more traditional banks in the UK with significant Credit Risk exposure is mixed. In our latest European IRB survey, clients reported that the new set of rules could lead to potential capital release for some of the Standardized Approach (SA) and Foundation Internal Ratings-Based (FIRB) portfolios. Conversely, firms with significant Advanced Internal Ratings-Based (AIRB) portfolios have deemed the approach conservative and have welcomed the delay.

On the other hand, our belief is that the PRA will be less lenient regarding day-one compliance, as the regulatory text has been available in draft form since 2022. It is also notable that the model output floors have remained unchanged. This means that once the rules come into effect in 2027, banks will need to achieve the required levels of capital by 2030, effectively shortening the transition period to two years.

Another greatly understated driver of the delay might stem from concerns about stifling the British economy, which has struggled to regain its footing post-COVID, with more stringent prudential regulation.

This push ‘from within’ has been already observed elsewhere: Across the pond, Jay Powell, Chair of the Fed, commented back in 2024 that ‘broad and material changes’ were coming to the proposed Basel Endgame framework. Republican lawmakers have consistently expressed scepticism about the reform and have repeatedly called for the program to be scrapped.

The ‘Endgame’ is set to become effective on 1st July, 2025. However, the new administration holds the future of the American banking regulatory landscape in its hands: Trump might push to simplify the reform or scrap the framework completely.

Many domestic banks, lacking international operations, may advocate for abandoning current proposals in favour of frameworks that better suit the American context. On the contrary, recent bank failures have cast doubt on the resilience of smaller regional firms in the US, potentially strengthening the argument for a stricter framework aligned with international practices.

Closer to home, Continental Europe seems to be taking the middle ground, as the Basel 3.1 rules became effective, with some modifications, in January 2025. But the most interesting point is that the FRTB part of the regulation has been pushed back 1 January 2026.

On the Credit Risk front, a 2023 ECB survey determined that corporate-oriented financial institutions would be the worst hit by the reforms. While some capital release is expected from the model outputs, the output floor means that the overall benefit is negated in full.

This puts the EU on an alternative, steadier path compared to the uncertain US and hesitant UK approaches.

This disparity of rules require transcontinental banking institutions to dedicate increased resources to ensure compliance in the US, the UK, and Europe. Future-proofing activities and ensuring that the ability to act quickly remains in place in case new short-term steer emerges from the regulators will be fundamental to ensure risk transformation projects remain compliant once implemented.

Some questions remain unanswered: will the US scrap the FRTB reforms completely? will the PRA modify the ‘near final’ regulatory text to align with the Fed? will Europe continue in its sure path towards complete Basel IV adoption?

For now, we’ll just have to wait and see…

Co-authored with Cian Mellett
 
 
 
Matias Coggiola is a Manager at Oliver Wyman and specialises in Credit Risk modelling methodology and regulatory compliance. Prior to consulting, Matias spent several years as an industry practitioner working within a range of financial institutions across three continents. Matias joined Oliver Wyman in 2024 to help expand the Risk Delivery capability.

Cian Mellett is a Manager at Oliver Wyman and specialises in the development of Credit Risk models. Prior to joining Oliver Wyman, Cian worked for an Irish consultancy delivering a suite of credit risk models for Irish Pillar Banks across multi-year programs. Cian joined Oliver Wyman's Risk Delivery Team in 2024.

Very good questions. I’ve come across this as well on operational resilience and
cyber, where the challenges are similar

Some thoughts on this (also with the ex-regulator hat on):

Management bodies should acknowledge the challenge and be thoughtful around
how to address this, e.g. through training; reporting; succession planning
etc. We recently heard from a regulator that they were worried that sometimes
these topics are ‘outsourced’ to one person on the exec/ Board who
understands it, whereas they are looking for broader skills and knowledge in
the group. Again I think this is important to acknowledge, including the fact
that building those muscles take time In terms of ‘evidencing’ appropriate oversight and challenge by the Board,
when supervisors look at meeting minutes they would expect to see critical
questions being asked and a level of discussion (rather than the Board just
‘noting’ things) The quality of the materials and reports being presented to the Board is very
important, both data, but also someone bringing out the ‘so what’ and in
particular where there are areas of judgement and uncertainty, and where
there are trade-offs

I have seen the following:

Percentage of the Business/Institutional portfolio in high transition risk sectors Proportion of the mortgage portfolio exposed to high physical risks (by 2050 under a 4-degree warming scenario is one specific example). Believe this is based on property level assessment and then some % increase in PD. Some reputational ones around ESG scores

However, I don’t believe anyone would set the thresholds at a level that would likely be binding. So skeptically, I think this is just for reporting and transparency at the moment – which is probably right given the limitations of climate risk modeling

We’ve seen a variant of this issue in US/Canada, with the large Canadian Banks generally having IRB approval at the Group level (including for their main US loan books) and their US subsidiaries being on standardized

In this case, there is no incentive for the US entity to seek IRB approval - but US regulators do care about the risk rating systems from a bank supervision perspective, which has raised some of the same questions about whether group models are suitable. Those banks have generally taken a view aligned to a previous poster, i.e., using local models for middle market and below, and trying to align to group models for larger companies and FI's

On the last point, I'll say that we've seen US regulators challenge the support for those decisions heavily, but at least in some cases it seems to have stood up to that challenge.  In one case where the bank's prior analysis and documentation didn't provide great support, they are being pushed to redevelop those as well, though they are trying to do so in a way that they can ultimately extend back to group as well, for a C&I model that was getting a bit long in the tooth anyway

I'll just flag that a Canadian bank who had decided to extend several of their existing "global" models to their US subsidiary based on similar logic, and while the logic makes sense broadly, they ran into significant issues with their US subsidiary’s regulator about the way they did it

I would primarily attribute the root causes of those issues to:

Operating model for how those decisions were taken and where they were reviewed and challenged – the Group development and validation teams led the substantive assessment of “fit-for-use”, and while there were some US stakeholders involved, the ones most involved were not very senior in stature, and often deferred to the expertise of Group.  But those US stakeholders then couldn’t / didn’t do a good job of credibly defending those decisions to their regulators, leading the regulators to question if US senior management had been sufficiently involved in determining that these models were appropriate for the US portfolio

The documentation they produced justifying and validating the use of these models in the US was a narrow “fit for use assessment”, which taken as a standalone artifact fell far short of the comprehensive model documentation and validation expectations of SR 11-7.  This led regulators to question the “effective challenge” provided by US model risk management and more broadly by US senior management

The short answer is yes they should definitely be included. The group risk report is the bare minimum that should be included for a GSIB in terms of internal reports and you can go from there

Will to share some pages on the latest interpretation of the scope of BCBS239 by the ECB. A bit more expansive that the traditional industry approach but that is really going to be the new bar. We also have a full BCBS239 benchmarking database that covers 20+ banks (including most European GSIBs) and all dimensions of BCBS239 so maybe your client wants to participate in it

There is certainly precedent for this in loss forecasting, given various companies that need to follow both IFRS9 and CECL at different legal entity levels, and/or to follow different stress testing guidance for different regulators.   I can’t think of a case where I’ve seen it for the primary credit risk rating models however (at least not for literally the same exposures receiving two different ratings)