Icaap Ilaap Bma Manual 2019 en

The Internal Capital Adequacy Assessment Process (ICAAP),
the Internal Liquidity Adequacy Assessment Process

(ILAAP)
and their supervisory review, and the Business Model Analysis (BMA)
METHODOLOGY MANUAL FOR SUPERVISED INSTITUTIONS 1
Revised: December 2019
1
This is the English version of MNB’s handbook with the following title: „A tőkemegfelelés belső
értékelési folyamata (ICAAP), a likviditás megfelelőségének belső értékelési folyamata (ILAAP) és
felügyeleti felülvizsgálatuk, valamint az üzleti modell elemzés (BMA) módszertani kézikönyv a felügyelt
intézmények részére”. This translation is not official, the Hungarian manual shall be considered as
normative text.
Contents
Contents..................................................................................................................................................2
I. Introduction...................................................................................................................................9
I.1 ICAAP/ILAAP reviews and BMAs as reflected in the SREP...............................................................9
I.2 The Internal Capital Adequacy Assessment Process (ICAAP)........................................................10
I.2.1 Supervisory principles for ICAAP design.................................................................................12
I.3 The Internal Liquidity Adequacy Assessment Process (ILAAP)......................................................15
I.3.1 Supervisory principles for ILAAP design.................................................................................16
I.4 Business Model Analysis (BMA)....................................................................................................16
I.5 General principles to be applied in ICAAP/ILAAP reviews.............................................................17
I.5.1 Internationally accepted principles........................................................................................17
I.5.2 General principles applied in the context of the MNB’s review processes............................18
II. Scope of the ICAAP, the ILAAP, and their supervisory review.......................................................20
II.1 ICAAP and ILAAP compliance and the supervisory review process on an individual level..........20
II.2 ICAAP and ILAAP compliance and the supervisory review process on a group level..................21
III. Grades of ICAAP review and categorisation of supervised institutions.........................................25
IV. Conduct of ICAAP/ILAAP reviews and BMAs................................................................................26
IV.1 Preparations for ICAAP/ILAAP reviews and BMAs......................................................................26
IV.2 Requests for documentation to support ICAAP/ILAAP reviews and BMAs................................26
IV.3 Supervisory evaluation of ICAAP/ILAAP reviews and BMAs.......................................................27
IV.4 Risk mitigation measures and the determination of economic capital and liquidity excess
reserve requirements............................................................................................................................28
IV.5 Joint risk assessment and decision process................................................................................28
IV.6 Closure of ICAAP/ILAAP reviews and BMAs, supervisory measures...........................................29
IV.6.1 Cases in which measures related to the overall supervisory review and evaluation process
(SREP) are applicable against credit institutions...............................................................................31
(SREP) are applicable against investment firms................................................................................34
IV.7 Annual evaluation for institutions on the lessons learned from the overall SREP......................36
V. The elements and supervisory review of the ICAAP.....................................................................37
V.1 ICAAP governance and control systems – risk management......................................................37
V.1.1 ICAAP awareness................................................................................................................37
V.1.2 Level of ICAAP regulation, governance and internal audit.................................................38
V.1.3 Framework set up for the internal capital adequacy assessment process.........................38
V.1.4 Integration of ICAAP...........................................................................................................39
V.1.5 Risk strategy.......................................................................................................................40
V.1.5.1 Risk-taking policy.......................................................................................................40
2
V.1.5.2 Setting risk appetite and the willingness to take risks................................................41
V.1.5.3 Target risk structure...................................................................................................42
V.1.5.4 Stages of risk management:.......................................................................................42
V.2 Assessment of material risks......................................................................................................44
V.2.1 Credit risk...........................................................................................................................44
V.2.1.1 Assumptions of the credit risk model........................................................................47
V.2.1.2 Fundamental expectations for models and rating systems........................................48
V.2.1.3 Rating models............................................................................................................49
V.2.1.4 Estimating the probability of default.........................................................................49
V.2.1.5 TTC (Through-the-Cycle) PD.......................................................................................51
V.2.1.6 Retail TTC PD – supervisory benchmark.....................................................................52
V.2.1.7 Corporate PD – supervisory benchmark....................................................................53
V.2.1.8 Applying EU benchmark PDs......................................................................................53
V.2.1.9 Application of a sovereign floor.................................................................................54
V.2.1.10 Estimation of the loss given default ratio...................................................................54
V.2.1.11 Retail mortgage LGD – supervisory benchmark.........................................................55
V.2.1.12 Non-performing items, expected loss and provisions................................................56
V.2.1.13 Holdings (Equity exposures).......................................................................................57
V.2.1.14 Specialised lending exposures....................................................................................59
V.2.1.15 Real estate financing project capital requirement and expected loss – supervisory
benchmark 61
V.2.1.16 Treatment of off-balance sheet items........................................................................62
V.2.1.17 Counterparty risk.......................................................................................................63
V.2.1.18 Counterparty credit risk from White Label contracts in investment firms.................66
V.2.1.19 Credit valuation adjustment risk (CVA)......................................................................66
V.2.1.20 FX lending risk............................................................................................................67
V.2.1.21 Residual risks..............................................................................................................69
V.2.1.22 Settlement risk...........................................................................................................70
V.2.1.23 Free deliveries............................................................................................................71
V.2.1.24 Securitisation risk.......................................................................................................72
V.2.1.25 Concentration risks....................................................................................................74
V.2.1.26 Country risks..............................................................................................................78
V.2.1.27 Risk of other assets....................................................................................................79
V.2.1.28 Calculation of capital requirements for credit risk.....................................................80
V.2.1.29 Capital requirement discounts granted as lending incentives...................................80
V.2.2 Operational risks................................................................................................................82
V.2.2.1 Operational risk.....................................................................................................................82
V.2.2.1.1 Legal and conduct risk........................................................................................................87
3
V.2.2.1.2 Information and communications technology (ICT) risk....................................................90
V.2.2.2 Reputational risks.................................................................................................................91
V.2.3 Market risk.........................................................................................................................93
V.2.4 Interest rate risk in the banking book................................................................................98
V.2.5 Model risks.......................................................................................................................103
V.2.6 High-risk portfolios...........................................................................................................106
V.2.7 Other relevant risks..........................................................................................................106
V.2.7.1 Risks of the regulatory environment........................................................................106
V.3 Stress tests...............................................................................................................................107
V.3.1 Reliability of the risk models applied...............................................................................109
V.3.2 Adoption of an integrated risk management approach...................................................109
V.3.3 The practical application of the principle of proportionality at small institutions............111
V.4 Description of the stress-testing framework used to determine capital guidance...................112
V.5 Determination of capital requirement.....................................................................................116
V.5.1 Differences concerning the degree of sophistication of applied methods.......................116
V.5.2 Potential differences between Pillar 1 and 2....................................................................117
V.5.3 Allocation of capital.........................................................................................................118
V.5.4 Determining the required capital after the supervisory review.......................................118
V.5.4.1 Determination of additional own funds requirements............................................119
V.5.4.2 SREP capital requirement (TSCR).............................................................................120
V.5.4.3 Total SREP capital requirement ratio.......................................................................120
V.5.4.4 Combined capital buffer requirement.....................................................................121
V.5.4.5 Overall capital requirement (OCR)...........................................................................122
V.5.4.6 Pillar 2 capital guidance (P2G)..................................................................................122
VI. Components and supervisory review of ILAAP...........................................................................123
VI.1 The institution’s internal assessment of liquidity and funding risks.........................................123
VI.2 Supervisory liquidity adequacy assessment process................................................................126
VI.2.1 Comprehensive assessment of liquidity and financing risks.............................................126
VI.2.2 Additional Requirements due to risk management deficiencies......................................127
VI.2.3 Key aspects of calculating Pillar 1 requirements..............................................................128
VI.2.4 Portfolios that are risky in terms of liquidity....................................................................128
VI.2.5 Calculation and compliance with Pillar 2 liquidity requirements.....................................128
VII. Business model analysis.........................................................................................................129
I. Business model analysis.............................................................................................................129
II. Supervisory expectations for the internal capital requirement calculation and liquidity adequacy
assessment of small institutions, and the applicable supervisory review and evaluation process......132
4
II.1 Application of the principle of proportionality.........................................................................132
II.2 Definition of small institutions.................................................................................................132
II.3 Supervisory expectations concerning the ICAAP of small institutions......................................132
II.4 Methodologies applied by institutions subject to simplified ICAAP reviews............................133
II.5 Steps of internal capital requirement calculations...................................................................133
II.6 Typical risks of smaller credit institutions................................................................................134
II.7 Activities generating unusual, additional risks to investment firms.........................................134
II.8 Supervisory review in small institutions...................................................................................134
II.9 The most common additional own funds requirements for investment firms.........................135
II.10 Supervisory measures relevant for small institutions..............................................................135
II.10.1 Supervisory measures at small credit institutions............................................................136
II.10.2 Supervisory measures at investment companies.............................................................137
II.11 Closing the supervisory review.................................................................................................138
List of documents...............................................................................................................................139
II.12 Summary..................................................................................................................................139
II.13 Presentation of actual and target capital position...................................................................139
II.14 Detailed presentation of capital adequacy calculations...........................................................140
II.15 The integration of the ICAAP methodology into processes......................................................140
II.16 Description of the Internal Liquidity Adequacy Assessment Process.......................................140
III. Annexes......................................................................................................................................142
5
Abbreviations
The advanced version of the Internal Ratings Based
AIRB Advanced Internal Ratings Based Approach Approach to credit risk, incorporating PD, LGD and
CCF estimates
Advanced Measurement Approach (operational
AMA
risk)
Asset Liability Committee for the management
ALCO
of liquidity risk
Alternative Standardised Approach (operational
ASA
risk)
AVA Additional Valuation Adjustments
BCM Business Continuity Management
BIA Basic Indicator Approach (operational risk)
BMA Business Model Analysis
Investment Act CXXXVIII of 2007 on Investment Firms and
Services Commodity Dealers, and on the Regulations
Act Governing their Activities
CCF Credit Conversion Factor
CEBS Committee of European Banking Supervisors
CET1 Common Equity Tier 1 capital (for details, see CRR Part II, Chapter on Own Funds)
CCP Central Counterparty
2006/48/EC (amending Directive 2000/12) and

CRD Capital Requirement Directives
2006/49/EC (amending Directive 93/6)
Directive 2013/36/EU of the European Parliament
and of the Council on access to the activity of credit
institutions and the prudential supervision of credit
CRD IV Capital Requirement Directive IV
institutions and investment firms, amending Directive
2002/87/EC and repealing Directives 2006/48/EC and
2006/49/EC
Regulation (EU) No 575/2013 of the European
Parliament and of the Council on prudential
CRR Capital Requirement Regulation
requirements for credit institutions and investment
firms and amending Regulation (EU) No 648/2012
CVA Credit Valuation Adjustment

Commission Delegated Regulation (EU) 2015/61 of
10 October 2014 to supplement Regulation (EU) No
DA Delegated Act 575/2013 of the European Parliament and the
Council with regard to liquidity coverage requirement
for Credit Institutions
FFAR
foreign exchange funding adequacy ratio
(DMM)
DVP Delivery versus Payment
EAD Exposure at Default
6
EBA European Banking Authority
EL Expected Loss
EEA European Economic Area
Foundation Internal Ratings Based Approach
FIRB
(credit risk – PD estimation)
Credit
Act CCXXXVII of 2013 on Credit Institutions and
Institutions
Financial Enterprises
Act
ICAAP Internal Capital Adequacy Assessment Process
IG Intergiro
ILAAP Internal Liquidity Adequacy Assessment Process
IRB Internal Ratings Based Approach (credit risk)
IRRBB Interest Rate Risk in the Banking Book
JRAD Joint Risk Assessment and Decision
KRI Key Risk Indicator
LCP Liquidity Contingency Plan
LCR Liquidity Coverage Requirement
LGD Loss Given Default
LTV Loan to Value
MNB The Central Bank of Hungary
NFSR Net Stable Funding Ratio
OCR Overall Capital Requirement
OTC Over-the-Counter secondary or derivative securities market
PD Probability of Default
A type of PD model that provides a PD forecast in
PIT Point-in-Time view of the status of the business cycle at a particular
point in time
SD Settlement Date
Pursuant to Article 147(8) of the CRR, and MNB
SL Specialised Lending
Recommendation No. 10/2017
SREP Supervisory Review and Evaluation Process
RVP Receive versus Payment
T1 Tier 1 capital (for details, see CRR Part II, Chapter on Own Funds)
T2 Tier 2 capital (for details, see CRR Part II, Chapter on Own Funds)
TSA Standardised Approach (operational risk)
TREA Total Risk Exposure Amount
TSCR Total SREP Capital Requirement
TSCR Ratio Total SREP Capital Requirement Ratio
A type of PD model that captures long-term trends
TTC Through-the-Cycle and provides an average value characteristic of a
business cycle
7
UL Unexpected Loss
VAR Value-at-Risk
MIS Management Information System
8
I. Introduction
The Hungarian supervisory authority first published its methodological guidelines on the Internal Capital
Adequacy Assessment Process (ICAAP) and its Supervisory Review and Evaluation Process (SREP) for
institutions under the CRD in 2008, which were subsequently reviewed regularly in accordance with
legislative changes and practical experience. With the introduction of the CRD IV and the CRR in 2014,
major amendments were made to the European-level regulations serving as the basis of the guidelines,
which the Magyar Nemzeti Bank (“the MNB” or “the supervisory authority”) has followed up by radically
transforming the structure of the guidelines, compiling a Manual that incorporates the principles of both
the internal processes for the assessment of capital adequacy (ICAAP) and the Internal Liquidity
Adequacy Assessment Process (ILAAP), and their supervisory review. In an effort to harmonise the
practice and methodology of SREP reviews at the European level, the EBA developed the EBA SREP
Guidelines2, leading to additional changes in the Manual. As a result, a chapter on Business Model
Analysis (BMA) was added to the Methodology Manual. However, even with the new additions this
Manual does not fully cover the overall SREP specified in the EBA SREP Guidelines, because it merely
sets out supervisory expectations for the ICAAP/ILAAP reviews and BMAs, taking into account the
common European methodology specified in the EBA SREP Guidelines, the Union’s regulatory
provisions, as well as the lessons learned from Hungarian practice.
An important aspect of the current annual review of the Manual was the need to make the supervisory
expectations and guidelines even more transparent so that they help institutions in their work more
effectively.
The Methodology Manual contains the material and temporal scope of the review process, presents the
fundamental review principles and addresses the grades of the supervisory review process. It discusses
the elements of the ICAAP and the ILAAP, the fundamental methodology of business model analysis, and
provides guidance on the interpretation of provisions. In addition, it explains the MNB’s view on the
principles and methods by which, in its supervisory role, it intends to evaluate institutions’ capital
requirement calculations and liquidity coverage, and review the viability and sustainability of their
business and strategic plans.3
This Manual primarily sets out principles in view of the fact that regulatory expectations regarding the
internal calculations of required capital and liquidity vary according to the type and size of the
institution concerned, and to the complexity of its activities. As a standardised method that is equally
applicable to all institutions cannot be provided, the MNB develops requirements for specific institutions
with a view to the principle of proportionality.
I.1 ICAAP/ILAAP reviews and BMAs as reflected in the SREP 4
According to the EBA SREP Guidelines, under international and Hungarian regulations the supervisory
review and evaluation process (SREP), in the broad sense, means the supervisory authority’s control and
evaluation of the business model, corporate governance, risk profile and capital and liquidity position of
institutions. To cover the overall SREP, in addition to ICAAP/ILAAP reviews and BMAs the MNB provides
ongoing supervision, and carries out on-site thematic and targeted reviews.
The CRD IV includes provisions on the supervisory review of capital positions 5, under the framework of
which the MNB assesses whether the institution has sufficient capital based on its strategy, regulations,
established processes and internal procedures to cover the risks it is taking. Furthermore, the MNB
reviews the business model and material risks of the institution, examines internal governance and the
2
Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress
testing, EBA/GL/2014/13
3
The Manual is based primarily on CRD IV/CRR, the relevant articles of the recommendations issued by the Basel Committee on Banking
Supervision and the applicable recommendations of the European Banking Authority (EBA). Further sources of this Manual include materials
published on the websites of other financial supervisory authorities, in particular authorities operating within the EU.
4
Specific methodological guidelines on ILAAP reviews are currently being developed, and are expected to be released in 2020.
5
Articles 97-101 of 2013/36/EC
9
compliance and reliability of and internal capital and liquidity adequacy assessment processes and
checks the fulfilment of minimum requirements set out in legal provisions. Clearly the supervisory
review process can only be successful if the institution presents the risk models and the internal capital
calculation and internal liquidity adequacy methodology it applies both comprehensively and in detail.
The significance of Pillar 2 processes lies in the fact that the long-term prudent and predictable
operation of institutions can be safeguarded only by high-quality and extensive risk measurement and
management procedures, because a high level of available own funds does not, by itself, guarantee total
security. Accordingly, through this Manual the MNB wishes to emphasise that rather than being a
standalone process, ICAAP/ILAAP reviews and BMAs are an integral and particularly important part of
institutional supervision. As part of ICAAP reviews, the MNB assesses the adequacy of institutions’ ICAAP
governance frameworks.
The chart below illustrates the overall SREP as set out in the EBA SREP Guidelines, which has served as
model for the MNB in the design of its own supervisory review processes. Within the overall process,
the topics covered in this Manual are marked with a red dashed line in the chart below.
ICAAP governance
framework
Drawing on the experience of past reviews, the MNB has developed procedures, a consistent
methodology and an informed view on a number of elements in ICAAP/ILAAP reviews and BMAs.
Accordingly, the Manual formulates a number of specific requirements, including for a wide range of risk
types, and for the consideration of external factors. The more precise and more detailed formulation of
expectations is hoped to improve the information and risk awareness of supervised institutions and is
expected to contribute to smooth reviews.
I.2 The Internal Capital Adequacy Assessment Process (ICAAP)
Hungarian and EU regulations on the determination of capital requirements require every credit
institution and investment firm (collectively: “institution”) to develop its internal procedure for the
calculation of capital requirements in order to assess, based on the institution’s own calculations, the
amount of capital requirement which the institution considers necessary to cover the losses that may
10
result from the risks that are taken by it, and actually arise. 6 Thus the internal capital adequacy
assessment process is designed to ensure that the institution
 operates a sufficiently sophisticated risk management system that adequately identifies,
measures, summarizes and monitors all materials risks
 has a sufficient amount of capital to cover these exposures as determined based on the
institution’s internal rules.
The internal process for capital requirement calculations applies to all the institutions that are subject to
CRD IV; its use is mandatory. The primary responsibility for the proper implementation and quality of
the internal capital requirement calculation process rests with the senior management of the institution.
This responsibility is also there if the ICAAP is determined at group level.
The internal capital adequacy assessment process includes the following areas:
 comprehensive risk analysis to identify and assess the material risks of the institution;
 a well-established capital analysis to quantify the extent of risks and determine the required
level of risk capital;
 adequate information to the institution’s board of directors and senior management, and
their involvement in capital adequacy processes;
 establishment of an adequate review and reporting structure in which the institution can
regularly present its risk profile and capital position;
 elaboration of adequate internal audit mechanisms, provision for independent review.
In the context of the ICAAP, the two pivotal terms in this Manual are capital and risk. Existing regulations
basically require capital adequacy at institutions for covering unexpected losses 7, with adequate capital
also functioning as permanent collateral that enables the institution to operate prudently in any regular
business and economic situation 8. Accordingly, capital requirement refers to adequate capital that
corresponds to the risks quantified by a particular method and the size of potential losses that may
result from these risks.
As part of the ICAAP, in Pillar 2 the amount of economically needed capital is determined. Economically
needed capital captures the risks deriving from the institution’s business activities through the statistical
and/or probability estimate of potential future losses at a level of likelihood determined by the
institution and for a certain period (usually one year).
When calculating capital adequacy, the institutions may compare the aggregate economic capital
requirement covering all types of risk against the regulatory (Pillar 1) own funds; in the calculation of
SREP capital adequacy, only such capital items may be accepted as capital available to cover risks. The
MNB does not permit taking into account the formerly used other factors of adjustment to the Pillar 2
definition of own funds, for instance as an item reducing the risk capital requirement. In accordance
with the EBA SREP Guidelines, diversification among risks may no longer be taken into account for the
determination of the Pillar 2 capital requirement.
Beyond the regulatory capital requirements determined under Pillar 1, institutions are also required to
calculate capital requirements under Pillar 2 according to their internal procedures. Due to the
differences in approach, the two calculation methodologies usually deviate from each other. In Pillar 2,
the institution is required to specify a capital requirement for all of its relevant risk types (including for
6
CRD IV, Article 73.
7
In case of operational risk, the capital must provide coverage for both expected and unexpected losses
8
Although the term “risk” is not defined explicitly either in the Basel recommendations or in EU legislation, when used in conjunction with
capital it usually refers to unexpected losses. Nevertheless, it is true that during both budgeting and capital adequacy assessment the full
amount of losses is to be compared against the sum of allowances for impairment, provisions and capital. It is only sufficient to assess capital
adequacy in the light of unexpected losses if we can rest assured that the allowances for impairment and provisions furnish adequate coverage
for expected losses.
11
the risks that are not managed in Pillar 1, such as risky portfolios, concentration risk, and interest rate
risk in the banking book), and for Pillar 1 risks, both on a risk-by-risk basis and in the aggregate, the
minimum capital level is set as the regulatory capital specified in the CRR. However, due to the
additional capital requirement calculated for risks that are not captured in Pillar 1, the result of the
internal capital calculation typically exceeds the regulatory capital requirement, causing additional
capital requirements to be shown in Pillar 2. Institutions are expected to define the allocated capital
requirement amount for each risk within Pillar 2. The internal capital requirement calculation may
nevertheless yield a lower capital requirement in Pillar 2 for Pillar 1 risks; in this case, the minimum Pillar
2 capital requirement by risk type corresponds to the regulatory capital under CRR (Pillar 1+ approach,
for details see the chapter on the determination of capital requirements). Also in Pillar 2, as part of the
supervisory review the MNB assesses the need for additional own funds requirements on a risk-by-risk
basis.
However, the purpose of Pillar 2 capital requirement calculations is not only to make the institution set
up additional capital on top of the regulatory minimum level. What the MNB considers more important
is the incentive effect which spurs the institution to apply more effective risk management techniques
and internal procedures for detecting and measuring its exposures more accurately, and for managing
them better. In that framework, institutions are also encouraged to enhance their calculation methods
for Pillar 1 capital requirements, aiming for the implementation and enhancement of internal rating
based approaches as appropriate for their size, as well as for the nature, scale and complexity of their
activities. Therefore, embedded into day-to-day processes, the internal capital adequacy assessment
process can greatly contribute to the prudent operation of the institution.
I.2.1 Supervisory principles for ICAAP design
The following is a description of the general ICAAP principles formulated at the European level,
supplemented by the experience available to the MNB, provided as guidance to all institutions on the
design of their internal capital adequacy processes.
ICAAP 1: Every institution must have a process for assessing its capital adequacy relative to its risk
profile (an ICAAP).
Every institution must have adequate corporate governance and risk management procedures, including
a strategy and processes aiming to achieve and sustain a capital level that is adequate to the nature of
the institution’s business activities and risks. The fulfilment of this principle can be examined both at
group and individual company level.
ICAAP 2: The ICAAP is the responsibility of the institution.
The institution is responsible for devising an adequate ICAAP consistent with its risk profile and
operating environment, and for internally defining its capital targets. The ICAAP should be tailored to
the institution’s circumstances and needs, and it should use the inputs and definitions that the
institution uses for internal purposes. The ICAAP shall meet supervisory requirements and the institution
should be able to demonstrate that it does so. Institutions retain full responsibility for their ICAAP
regardless of any outsourcing.9
If the institution is a group member and applies the parent company’s methods models, then the
institution is responsible for adapting these methods and models to local circumstances and conditions,
for implementing and applying them according to its own risk profile, and must certify the group
methodology’s adequacy in terms of its risk profile to the MNB. Furthermore, the institution must be
familiar, both comprehensively and in detail, with the group’s methodology, and must examine and
annually verify the feasibility of the method or model at hand prior to application.
9
See the chapter on ICAAP compliance at group level, and the CEBS Guideline on Outsourcing (CP 02 revised, 14 December 2006).
12
ICAAP 3: The applied internal capital requirement calculation methods’ design should be fully
specified and fully documented. The management body (both supervisory and management
functions) should take responsibility for the ICAAP.
The responsibility for initiating and designing the ICAAP rests with the management body (both
supervisory and management functions). The supervisory function within the management body should
approve the conceptual design (at a minimum, the scope, general methodology and objectives) of the
ICAAP. The details of the design (i.e. the technical concepts) are the responsibility of the management
function.
The management body (both supervisory and management functions) is also responsible for integrating
capital planning and capital management into the institution’s overall risk management culture and
approach. The institution must have properly documented internal procedures for capital adequacy,
which should be approved and regularly reviewed by the institution’s senior management.
The results of the ICAAP should be reported to the management body.
ICAAP 4: The ICAAP should form an integral part of the management process and decision-making
culture of the institution.
The ICAAP should be an integral part of institutions' management processes in order to help the
management body to assess, on an ongoing basis, the risks that are inherent in their activities and
material to the institution. Depending on the complexity of activities, this could range from using the
ICAAP to allocate capital to business lines, to generate expansion plans and even to having it play a role
in the individual credit decision process. Yet it is also important at smaller institutions that ICAAP
considerations should already appear in decision-preparation both in their business and banking
operations.
ICAAP 5: As the ICAAP is based on processes and procedures, the appropriateness of its operation
should be reviewed regularly, at least once a year.
The ICAAP should be reviewed by the institution as often as deemed necessary (but at least once a year)
to ensure that risks are covered adequately and that capital coverage reflects the actual risk profile of
the institution. The annual review should also cover completion of the tasks defined during the previous
year’s MNB audit. The review should be essentially completed before the next supervisory review.
The ICAAP should be subject to independent internal review within the institution.
Any changes in the institution's strategic focus, business plan, operating environment or other factors
that materially affect assumptions or methodologies used in the ICAAP should initiate appropriate
adjustments thereto. New risks that occur in the business of the institution should be identified and
incorporated into the ICAAP.
ICAAP 6: The ICAAP should be risk-based.
The adequacy of an institution’s capital depends on its risk profile. Institutions should set capital targets
which are consistent with their risk profile and operating environment, and this should be evidenced to
the MNB. Furthermore, institutions may take other considerations into account in deciding how much
capital to hold, such as external rating targets, market reputation and strategic goals.
Institutions must clearly identify the risks they are able to measure. Where the qualitative factors
dominate in respect of the specific risks, the emphasis will be on risk management and the use of risk
mitigation techniques.
Even institutions who apply simpler methods to measure Pillar 1 risks (credit, operational and market
risks) are required to base their ICAAP and the related governance and supervisory functions on their
actual risks.
13
ICAAP 7: The ICAAP should be comprehensive, covering every detail.
Institutions should record all their material risks. There is no standard categorisation of risk types and
definition of materiality; institutions are free to use their own approaches and terminologies. The MNB
requires that in the course of the supervisory dialogue the institution should be able to present in detail
the approaches and conceptual distinctions it applies as part of the ICAAP (along with deviations from
regulatory capital requirement calculation methods).
The ICAAP should be comprehensive and should take into consideration all relevant risks, the following
in particular:
 Credit, operational and market risks captured under Pillar 1, including their handling in
the ICAAP which is different from Pillar 1,
 Pillar 1 risks not sufficiently covered with simpler methods (e.g. residual risk),
 Pillar 2 risks (interest rate risk in the banking book, concentration risk, strategic and
reputational risk),
 Risks of external factors (regulatory, economic, business environment).
ICAAP 8: The ICAAP should be forward-looking and future-oriented.

The ICAAP should take into account the institution's strategic plans and how they relate to
macroeconomic factors. The institution should develop an internal strategy for maintaining capital
levels, which should incorporate factors such as expected developments in lending, potential sources of
a future capital increase, the dividend policy foreseen, and any cyclical effects of the degrees of risk
applied in Pillar 1.
The institution should have an explicit, approved capital plan which states the institution's objectives
and the time horizon for achieving those objectives, and in broad terms the capital planning process and
the specification of individuals who are responsible for that process. The plan should also lay out how
the institution will handle situations that call for immediate action.
The ICAAP calculation is based on exposures as of a particular reference date but, if justified, the
significant impacts of future expected events or events occurring after the reference date may also be
taken into account.
ICAAP 9: The ICAAP should be based on adequate measurement and assessment processes.
The ICAAP should be based on the adequate measurement and assessment of risks, but there is no
single correct ICAAP method. As institutions are free to choose the method they wish to apply, the MNB
considers several approaches acceptable and does not necessarily require the use of complex capital
calculation models. Nevertheless, based on the principle of proportionality, the MNB requires
institutions pursuing complex and diverse activities to apply sufficiently advanced quantitative
techniques in line with their unique and systemic. Pursuant to Section 124(3) of the Credit Institutions
Act and in accordance with Article 77 of the CRD IV, the MNB must encourage credit institutions to use
internal approaches. Large, complex institutions with extensive clientele are particularly expected by the
MNB to switch to the application of the internal model when calculating the capital requirement.
Compared to the standardised approach, the risks inherent to the institution’s operation are better
reflected in the capital requirement calculated in the internal model; consequently, where an institution
uses the latter the context of its ICAAP, the MNB can also better rely on it for the purposes of ICAAP
reviews.
14
Certain risk elements and thus the related capital requirements may be difficult to calculate.
Nevertheless, the MNB requires that these risk capital figures be determined by way of expert
estimates.
Whenever an institution does not have in place the appropriate measurement of a particular risk, the
MNB will expect it to use the conservative approach in the ICAAP. It is important that institutions not
rely on quantitative methods alone in the course of the ICAAP, but apply qualitative considerations and
prudent management estimates regarding model inputs and outputs.
ICAAP 10: The ICAAP should produce a reasonable outcome.
Once the capital requirement of specific risk types has been identified, the ICAAP should produce the
total economic capital requirement of the institution. This figure must be reasonable, i.e. it must be
proportionate to the actual risks of the institution and it must be adequately reconcilable with the level
of regulatory capital. Where the SREP shows a significant disparity in the supervisor’s expectations and
the institution’s own capital requirement calculation, the institution should be able to provide
conclusive evidence for the adequacy and comprehensive nature of the methodology it applied.
I.3 The Internal Liquidity Adequacy Assessment Process (ILAAP)
The CRD IV, the CRR, the supplementary Delegated Act (DA) 10, and both the Credit Institutions Act and
the Investment Services Act contain detailed rules for the management of liquidity risk. Pursuant to the
requirements of the Credit Institutions Act and the Investment Services Act, the institution must
establish its liquidity risk profile in line with the nature, scale and complexity of its activities, and it must
have effective, written procedures and policies for the following:
 identification, measurement, management and monitoring of liquidity risk over an
appropriate set of time horizons, including intra-day, tailored to business lines,
currencies and legal entities of the group, including adequate allocation mechanisms of
liquidity costs, benefits and risks,
 measurement and management of all key sources and impacts of market liquidity risk
and for managing liquidity shortages arising from short position due dates preceding
long positions.
With a view to fulfilling the above, the credit institution’s executive body with governing powers must,
among other things, devise an adequate strategy and defined risk-bearing levels for every business line.
The executive body must also review and annually revise its assumptions underpinning decisions on the
institution's financial position, taking into account alternative scenarios for liquidity positions and risk-
mitigating tools. Alternative scenarios must cover off-balance sheet items and other contingent
liabilities, also with regard to SPVs for which the credit institution acts as sponsor or provides substantial
liquidity support to.
Credit institutions must develop internal regulations for the identification, measurement, management
and monitoring of funding positions, covering the current and projected material cash-flows from
assets, liabilities, off-balance sheet items, including contingent liabilities, as well as any estimated cash
flows from the possible impact of reputational risk. Credit institutions must use liquidity risk mitigation
tools, including a system of limits and liquidity buffers in order to be able to withstand a range of
different stress events and an adequately diversified funding structure and access to funding sources;
these arrangements must be reviewed regularly, at least once a year. Credit institutions must have plans
in place setting out adequate strategies and proper implementation measures in order to address
possible liquidity shortfalls; these plans (also applicable to branches established in other EEA member
10
COMMISSION DELEGATED REGULATION (EU) 2015/61 of 10 October 2014 to supplement Regulation (EU) No 575/2013 of the European
Parliament and the Council with regard to liquidity coverage requirement for Credit Institutions.
15
states) must be endorsed by the management body with governing powers and be regularly tested and
updated on the basis of the outcome of the alternative scenarios, at least annually.
The requirement set out in the Credit Institutions Act applies to all affected institutions, but the MNB, in
keeping with the principle of proportionality, expects systemically important financial institutions to
devise an ILAAP. The requirements of CRD IV and the CRR also apply to investment enterprises, but the
MNB applies the principle of proportionality in their regard, and requires the elaboration of processes
suited to the level of complexity of their activites.
The internal liquidity adequacy assessment process includes the following areas:
 internal analysis of the adequacy and reliability of the institution’s liquidity risk management
system and the related indicators and key indicators;
 comprehensive risk analysis to identify and assess the liquidity and funding risks of the
institution;
 a well-established liquidity coverage analysis which quantifies the extent of risks and
determines the required level of coverage based on the institution’s own calculations;
 adequate information to the institution’s board of directors and senior management, and
their involvement in liquidity adequacy processes;
 establishment of an adequate review and reporting structure in which the institution can
regularly present its liquidity risk profile and coverage;
 elaboration of adequate internal audit mechanisms, provision for independent review.
I.3.1 Supervisory principles for ILAAP design

Institutions required to carry out an ILAAP must take into account the following fundamental principles
when devising their ILAAP. These fundamental principles coincide in many areas with those defined for
the ICAAP.
ILAAP 1: The ILAAP is the responsibility of the institution.
ILAAP 2: The applied methods’ design should be fully specified and fully documented. The management
body (both supervisory and management functions) should take responsibility for the proper operation
of ILAAP, as well as for the approval and enhancement thereof.
ILAAP 3: The ILAAP should form an integral part of the management process and decision-making
culture of the institution.
ILAAP 4: As the ILAAP is based on processes and procedures, the appropriateness of its operation should
be reviewed regularly, at least once a year.
ILAAP 5: The ILAAP should be risk-based.
ILAAP 6: The ILAAP should be comprehensive, detailed, and adequately documented.
ILAAP 7: The ILAAP should be forward-looking and future-oriented. .
ILAAP 8: The ILAAP should be based on adequate measurement and assessment processes.
ILAAP 9: The ILAAP provides a clear and well-established final result, while also specifying the measures
needed to address any risks that may be identified.
I.4 Business Model Analysis (BMA)
The purpose of the regular Business Model Analysis is to assess business and strategic risks and to form
a supervisory view on the viability and sustainability of the institution’s business model. The results of
16
Business Model Analysis are used by the MNB to assess all other elements of the SREP, in particular
capital adequacy and liquidity adequacy, and also to support those assessments.
It is the responsibility of the management body of the institution to develop, regularly review and, if
necessary, modify the institution's operating model by considering external and internal conditions and
opportunities, so that the model is able to produce acceptable results and returns.
Regular reviews of the business model should assess the risks resulting from changes in the business
environment, as well as the risks to the achievement of the targets set in the strategy.
Regarding the business model, the MNB requires that
 the model should be aligned with the institution’s strategy;
 the model should be integrated into the governance and decision-making processes of the
institution;
 the risk that have been detected and identified should be taken into account in the
ICAAP/ILAAP, and should be managed in the course of business and strategic planning.
The MNB expects the institution to maintain detailed documentation of the development and review of
its business plans, and the assumptions used.
I.5 General principles to be applied in ICAAP/ILAAP reviews
I.5.1 Internationally accepted principles

The internationally accepted principles of the supervisory review process are as follow:
 Institutions measure their risk exposures on their own and ensure that the required levels
of liquidity and capital are sustained. Institutions must have capital requirement calculation
procedures in place that correspond with their risk profile and a strategy for maintaining
their capital and liquidity levels.
 The internal procedures of institutions are reviewed by the supervisory authority. The
MNB examines and evaluates institutions' internal capital adequacy assessment processes,
risk strategy, capital plan, liquidity adequacy processes and risk management framework. In
the course of this it assesses whether the institution will be able to provide the level of
capital and liquidity required for prudent operations. If the institution’s capital or liquidity
adequacy processes are deemed inadequate, the MNB takes measures.
 The institution's available capital should exceed regulatory and supervisory requirements
(corresponding to the OCR + P2G determined for the institution). The supervisory authority
expects and requires institutions to operate with a capital level that exceeds the regulatory
expectation. The supervisory authority recommends that the institution’s capital should be
greater by at least the P2G amount, and will verify whether that recommendation has
been implemented.
 The supervisory authority also requires institutions to operate with liquidity buffers that
exceed the regulatory expectation. Since the required liquidity buffers are supposed to
ensure the institution’s liquidity, the buffers should be designed so that the institution's
liquid assets and stable funds meet at least regulatory expectations in the event of mild
stress, but can be used in case of severe stress.
 In accordance with the institution’s business model, the supervisory authority separately
examines the availability of sufficient, sound and effective liquidity coverage, and the
process of coverage calculations.
17
 The supervisory authority takes action if needed. The MNB intervenes or takes corrective
action in a timely manner if the capital adequacy, capital supply or liquidity adequacy of the
institution is not deemed as being guaranteed.
Since the review extends to the overall operation and all risks of the supervised institutions – in line with
the complexity of the activities conducted by financial institutions – it is a considerably complex and
multifaceted review process. Accordingly, where appropriate, in the course of the supervisory review
process the MNB will adopt specific supervisory expert decisions, taking into consideration institutions’
individual features, and previous supervisory experience. In the context of its ICAAP and ILAAP
assessment, the MNB follows a holistic approach, paying heed to the presence of controls needed for
managing risks and sufficient capital for covering such risks at all institutions.
I.5.2 General principles applied in the context of the MNB’s review processes
The above specified elements of the review process make up a well-founded and balanced system, built
on additional general principles over and above the internationally accepted fundamental principles.
These principles apply to the review process as a whole and exert a palpable impact on supervisory
procedures in most areas of institution supervision.
The principle of proportionality
Based on the requirements and definitions of the CDR IV and the CRR, the principle of proportionality
applies to the review process as a whole and to all institutions falling under its scope. It means that the
extent and depth of supervisory expectations must be proportionate to the type, business model, size,
activities and risk exposure of the given institution. Since a very wide range of institutions fall within the
scope of the CRD IV, both the supervised institutions and the supervisors must exhibit flexibility and
discretion when applying the relevant legal provisions. In the framework of the supervisory review
process — as a rule of thumb — it is the institutions that are obliged to demonstrate to the supervisors
that the methodology chosen by them covers all material risks and captures them in an appropriately
sophisticated way.
The practical application of the principle of proportionality means that there may be significant
differences from institution to institution in the depth and horizon of the supervisory review process and
in the nature of the dialogue conducted with the institution as well as in its form and intensity.
Primacy of risk management over capital generation and the creation of a liquidity buffer
The main function of the Pillar 2 review process is to become fully aware of institutions’ risk processes
and to identify their material risk exposures as accurately as possible. Based on the above factors, it is
possible to define the capital level that can assure solvent operation and assess the institution’s liquidity
position. As a result of the process, both the supervised institutions and the supervisors can acquire a
precise picture about the risk profile of institutions which is unquestionably the token for well-
established and efficient business and regulatory decisions.
As a consequence of the above, the main objective of the review process is to raise risk awareness and
to consolidate process regulation rather than to make an additional increase in the capital requirement
under Pillar 2 or the creation of an extra liquidity buffer. In the course of the review, the MNB seeks to
ensure the strict application of the above principle. In particular, alongside the requirements aimed at
enhancing the standard of risk management, the determination of own funds requirements in addition
to the ICAAP capital requirement is a provisional and involuntary measure which counterbalances
institutions’ deficiencies in risk measurement and risk management on the one hand, while also
providing the institution concerned with incentives to elaborate better internal capital adequacy
processes, and more generally, a better risk management framework going forward.
Tracking the continuous improvement of risk methods and expectations
The MNB’s is of the firm view that given the constant change of financial, economic and risk conditions,
and of the regulatory environment, the business processes and risk methods applied need continuous
18
improvement in order to ensure the prudent operation of institutions. The supervised institutions
consequently need to regularly reconsider the appropriateness of their risk management processes and
capital and liquidity calculation methods. This need is highlighted by the fact that even the most
advanced sectoral and regulatory methods have undergone further improvement in the recent past and
are likely to follow suit in the foreseeable future as well, a tendency as a result of which supervisory
expectations will also continue to become deeper and more extensive.
In the field of internal capital and liquidity adequacy procedures, the MNB expects institutions to make
two adjustments: on the one hand, adjustment to the prevailing market and risk conditions, and
continuous improvements in line with industry standards and regulatory expectations on the other
hand. This means that the appropriateness of approaches and levels judged adequate in previous
reviews is not automatically relevant in the present.
The equality and complementary nature of the two pillars of the review
The method of capital requirement calculation and the size of the capital necessary for prudent
operation are defined by the legal regulations concerning Pillar 1 in a binding manner, based on uniform
methodology. Due to the diversity of institutions, the capital required cannot necessarily be adjusted to
the actual risk exposure in the regulatory pillar 11, therefore supervisory activity cannot be limited to
examining compliance with regulatory minimum requirements. The Pillar 2 review process – among
others – is aimed at ensuring that, in addition to formal legal compliance, the risk profile and capital
adequacy of institutions may also be assessed from economic point of view in order to guarantee
prudent operation.
The equality and complementary nature of the two pillars of capital requirement calculations derive
directly from the regulatory concept according to which the management of risks covered under Pillars 1
and 2 bear the same importance. Nevertheless, while in Pillar 1 mandatory risk measurement solutions
are prescribed for a well-defined group of risks, in Pillar 2 the risk-based approach can be used by
institutions for all material risks in a free or optional way. As a result, in Pillar 1 the MNB places
emphasis on compliance with legal requirements, whereas in the course of Pillar 2 review the MNB
principally focuses on the quality, reliability and completeness of internal capital calculation processes.
It is exactly the above differences that justify the independent nature of the two pillars, but they also
shed light on their mutual interdependence. Risk management experience collected, and methods
developed in one of the two pillars (e.g. rating systems applied for credit risk models, parameter
estimates) can be utilised or enhanced almost without exception in the other pillar, too.
11
Henceforth the terms Pillar 1 and regulatory pillar are used as synonyms.
19
II. Scope of the ICAAP, the ILAAP, and their supervisory review
Articles 6-17 of the CRR defined the levels of application of compliance with capital and liquidity
requirements. The requirements concerning the internal capital adequacy assessment process are
defined in Articles 108 and 109 of CRD IV. Pursuant to the requirements formulated in the Credit
Institutions Act and the Investment Services Act, the supervisory review and assessment must be
performed in accordance with the provisions in Part One Title II of the CRR; the scope of the supervisory
review should be aligned with the application levels concerning compliance with prudential
requirements.
ICAAP and ILAAP reviews can be carried out as part of the SREP assessment at the level of individual
institutions, or at group level on a consolidated or sub-consolidated basis (in accordance with
Chapters II.1 and II.2).
The capital adequacy assessment review process of international banking groups is conducted in the
form of a joint risk assessment with the participation of the competent supervisors. The central
institutions of the joint assessment are the so-called supervisory colleges, in which the competent
authorities performing the supervision of the given banking group (“host”), under the leadership of the
consolidating supervisor (“home”), jointly assess the risk exposure and control of the group members.
The joint assessment is concluded by a joint decision, as part of which the supervisory college decides by
common agreement on Pillar 2 capital adequacy, at the same time it determines the total SREP capital
requirement ratio (TSCR) required to be held at the consolidated, sub-consolidated and/or individual
levels. Effective from 1 January 2014, the college has adopted its decisions on liquidity adequacy as well
by common agreement in the joint decision process, so that the institution’s liquidity and funding risk
assessment and liquidity adequacy assessment constitute a separate component of the review process.
The rules for multilateral procedure are set out in Section 173 of the Credit Institutions Act, and Section
173/A of the Investment Services Act.
II.1 ICAAP and ILAAP compliance and the supervisory review process on an individual level
Evaluating the capital requirement

Pursuant to Article 108(1) of the CRD IV, the supervisory review of the ICAAP must individually apply to
every institution within the scope of the CRR that is required to conduct an individual ICAAP and which
has not been granted exemption by the MNB from compliance with the CRR’s requirements for capital.
Individual exemption from meeting capital adequacy requirements (pursuant to the supervisory
authority’s decision) may be granted only in the following cases:
 the institution is the subsidiary of another institution, where both the subsidiary and the
institution are subject to authorisation and supervision by the same Member State, and all
the additional conditions set out in Article 7(1) of the CRR are satisfied;
 the institution is the subsidiary of a financial holding company or of a mixed financial holding
company and the conditions set out in Article 11(1) of the CRR are satisfied;
 the institution is a parent undertaking in a Member State where that institution is subject to
consolidated supervision in the Member State concerned, and all the additional conditions
set out in Article 7(3) of the CRR are satisfied;
 the institution is permanently affiliated to a central body and the conditions defined in
Article 10 of the CRR are met.
Exemption from the consolidated application of capital requirements for groups of investment
enterprises may be granted based on Article 15 of the CRR.
Assessing liquidity adequacy
20
The starting point for complying with liquidity requirements on the basis of the CRR is individual
compliance, while the compliance with the liquidity data supply requirement at individual level is
mandatory without exception. Exemption from compliance may only be granted to investment
enterprises, and to institutions that are part of a liquidity subgroup or the cooperative integration.
II.2 ICAAP and ILAAP compliance and the supervisory review process on a group level
Evaluating the capital requirement

The internal capital requirement defined in the CRR should be applied at a consolidated level if:
 the institution is a parent undertaking in the country where it is authorised or supervised;
 the institution is controlled by a parent financial holding company or a parent mixed
financial holding company, and is subject to consolidated supervision;
 the cases under Article 22 of the CRR (other sub-consolidated compliance) apply;
 the institution is a central body, along with its affiliated institutions.
Pursuant to Article 108 of the CRD IV — for groups not exempted from compliance with the CRR’s
capital adequacy requirements — the ICAAP must also be carried out both at the sub-consolidated and
EU levels of consolidation.
Group-level ICAAP compliance and types of supervisory review process
 International groups
A. The group’s EU-level parent undertaking has a seat in Hungary
If the group’s EU-level credit institution parent undertaking, EU-level financial holding company and EU-
level parent mixed financial holding company has a seat in Hungary, then consolidated compliance with
the ICAAP represent a single consolidation level.
Parent undertaking
(Supervised by the MNB)
Subsidiary Subsidiary Subsidiary Subsidiary

(Supervised by the MNB) (Non-EU) (Supervised by the MNB) (EU)
Subsidiary
The supervisory review of the ICAAP is performed by the MNB in the context of a joint decision
procedure. Article 20 of the CRR must be followed in the event of joint decision-making on capital.
B. The group’s EU parent institution has its registered office in another Member State 12
Where the group’s EU parent credit institution, EU parent financial holding company or EU parent mixed
financial holding company has its registered office in a country other than Hungary, under Article 108 of
the CRD IV the MNB also expects compliance with ICAAP requirements at Member State level, i.e. that
the Hungarian subsidiary should also conduct an ICAAP on a consolidated basis in respect of the
12
Where the parent undertaking is registered in a non-EU country (third country), proceed according to Sections 174 (5)–(7) of the Credit
Institutions Act, or respectively Sections 161/B (5)–(7) of the Investment Services Act.
21
institutions within the scope of consolidated supervision. The management of the Hungarian group is
responsible for the quality of the capital requirement calculations even where processes for the
Hungarian group’s capital requirement calculations are designed at a higher (EU) level. In this case, the
strategy, the processes and the systems elaborated at EU level should be suitable for assessing the risks
of institutions that belong to the consolidated supervision of the domestic group leader. Furthermore,
they should also be suitable for measuring the risks against the capital requirement that matches the
risk profile and for demonstrating all this to the MNB as the host supervisor in an acceptable manner.
Parent undertaking
Subsidiary
Subsidiary Subsidiary (Supervised by the MNB) Subsidiary
Subsidiary Subsidiary Subsidiary

(Supervised by the MNB) (EU) (Non-EU)
Domestic institution groups typically fall in this category as they have a foreign (EU-level) parent
undertaking. Therefore, the ICAAP has to be applied both at EU level (consolidated for the overall group
of the EU-level parent undertaking) and at member state level (for the institutions that belong to the
consolidated supervision of the domestic subsidiary).
In this case, the MNB plays a dual role. On the one hand, it conducts the sub-consolidated ICAAP
supervisory review process, and on the other hand, participates in EU-level joint decision procedures in
accordance with legislative requirements.
C. Other sub-consolidated level reviews
Still, if a subsidiary credit institution with a domestic parent undertaking has a credit institution,
investment firm, financial enterprise of investment fund manager subsidiary or affiliate with a seat in a
third country, the domestic subsidiary credit institution has to meet ICAAP requirements at
subconsolidated level as well (without prejudice to the mandatory group-level compliance of the
domestic parent undertaking), that is in consolidated form in respect of the institutions that belong the
subsidiary’s consolidated supervision. The supervisory review process must therefore apply to this
scenario.
Parent undertaking

(Supervised by the MNB) (EU) (Non-EU)

(Supervised by the MNB) (Non-EU) (EU)
22
 Hungarian groups
D. Credit institution permanently affiliated to a central body
The central body must fulfil the CRR’s capital requirements together with its affiliated institutions on a
group level, or each institution must fulfil them individually. Pursuant to Article 108(1) of the CRD IV, the
application level of the ICAAP must also be adjusted to the decision adopted on the basis of Article 10 of
the CRR. In case of central bodies with a seat in Hungary, the MNB is in charge of conducting the
supervisory review process, in accordance with the above specified decisions. No joint decision process
is applied in this case.
Central body
Affiliated credit institution Affiliated credit institution Affiliated credit institution Affiliated credit institution
(Supervised by the MNB) (Supervised by the MNB) (Supervised by the MNB) (Supervised by the MNB)
E. Hungarian group of institutions

In respect of institutions subject to consolidated supervision, a group of institutions with only a
Hungarian parent undertaking and Hungarian subsidiaries must comply with the requirements for
internal capital requirement calculations both for individual institutions and on a consolidated basis.
Joint decision process is not applicable in case of such groups.
Parent undertaking
Subsidiary Subsidiary
(Supervised by the MNB) (Supervised by the MNB)
Subsidiary
Assessing liquidity adequacy

The liquidity requirements defined by the CRR must be satisfied in the aggregate in respect of the parent
institution, financial holding corporation or mixed financial holding corporation for institutions
supervised by an EU-level parent institution, institutions supervised by an EU-level parent financial
holding company and institutions supervised by an EU-level parent mixed financial holding company.
Member state-level subconsolidated application is not yet a requirement, except in the cases defined in
Article 8 of the CRR, i.e. if a liquidity subgroup was established or the central integration body complies
with liquidity requirement on a consolidated level.
As the supervisory authority, the MNB considers that group-level ILAAP should be conducted for
institutions subject to the SREP both on a sub-consolidated and on a fully consolidated basis. In the case
of an international group, a key role is occupied by the examination of the operational and legal
23
constraints that limit the free flow of liquidity, and of the currency consistency of liquidity buffers and
potential outflows. As a Home authority, the MNB takes into account the assessment of the supervisory
authorities of the subsidiary banks, while as a Host authority it reports individual risks to Home
supervisors.
24
III. Grades of ICAAP review and categorisation of supervised institutions
The frequency, intensity and granularity of the review and evaluation are defined by the MNB based on
the size of the institutions, the significance, nature, scale and complexity of their activities, and their
business models and risks, providing that the review and evaluation must be performed at least once a
year. Three supervisory review process grades are differentiated according to the depth of the review
process and to the intensity of the dialogue conducted with the institution:
 comprehensive ICAAP review, which will always involve an on-site inspection;
 focused ICAAP review, with particular emphasis on the assessment of specific components
of the ICAAP framework, which may involve an on-site inspection;
 simplified ICAAP review, which is carried out by means of a questionnaire completed by the
institution and evaluated by the MNB.
The depth of the review process that appears reasonable for each institution is determined by the MNB
on an annual basis.
25
IV. Conduct of ICAAP/ILAAP reviews and BMAs13
As a general rule, ICAAP/ILAAP reviews and BMAs are conducted annually. At the end of each year, the
MNB draws up an SREP plan, which sets out the SREP schedule for the following year, and the depth of
the assessments. In the course of planning, for international groups of institutions the MNB must also
take into account joint decision processes.
The MNB nevertheless reserves the option to conduct a supervisory review process partially, for specific
risk(s), in one or in a number of institutions at any time over and above the annual reviews. In
accordance with the supervisory review process principles, the annual review does not necessary mean
that a comprehensive review process is carried out. In the course of the review, the impact of significant
changes is to be evaluated based on talks, on-site and off-site inspections in the subject period as well as
information gathered from other sources. Nevertheless, it may also occur that in the course of ongoing
supervision, the MNB becomes aware of a change whose nature and magnitude warrant the launch of a
comprehensive review process at a time other than that scheduled for the institution (even possibe
between two, annual ICAAP or ILAAP reviews).
The review process is to be developed and carried out prudently in coordination with the partner
supervisors and with the supervised institutions in order to ensure that the stipulation of European and
Hungarian legislation and EU guidelines are implemented in practice.
IV.1 Preparations for ICAAP/ILAAP reviews and BMAs
Applicable Hungarian and European legislations require supervisory ICAAP and ILAAP reviews to be
carried out annually. In consultation with partner supervisors, the MNB establishes in advance the
annual timetable for supervisory reviews at the end of the year preceding the year concerned in order
to ensure the efficient and effective conduct of the process.
Prior to the reviews, the MNB will inform the institutions concerned in due time about the exact time of
on-site inspections, any requests for documentation, as well as presentation and other technical needs
related to the review.
IV.2 Requests for documentation to support ICAAP/ILAAP reviews and BMAs
In each round of a review, the MNB expects the institution to submit official ICAAP and ILAAP
documentation endorsed by senior management 14, as well as a strategy and business plan for the BMA.
The contents of the documentation must be aligned with the requirements set out in the supervisory
Methodology Manual. With regard to the ICAAP and ILAAP documentation reviewed annually according
to the applicable EBA Guidelines15, the MNB expects the following in particular:
 the documentation should contain the institution’s ICAAP and ILAAP methodological guidelines,
which should present in detail the approaches implemented, the risk management procedures
and capital requirement calculation methodologies for each risk type, explain any deviations
from Pillar 1 management, and contain accurate references to all elements of the ICAAP and
ILAAP documentation,
 the ICAAP/ILAAP methodological guidelines should describe the ICAAP/ILAAP framework and its
scope,
13
In the context of simplified ICAAP reviews, the procedures described in this chapter are subject to proportionality considerations. Any
differences in the practices of comprehensive, focused and simplified supervisory reviews are indicated specifically. The simplified supervisory
review process is discussed in a separate chapter.
14
The MNB makes the institution's ICAAP and ILAAP methodological guidelines and related regulations, as well as the ICAAP strategy (including
risk appetite), subject to mandatory senior management approval, with a definite preference for the full ICAAP and ILAAP documentation
submitted to the MNB with such an endorsement.
15
Guidelines EBA/GL/2016/10
26
 the ICAAP/ILAAP methodological guidelines of the institutions should be sufficiently
comprehensive and should include all relevant risks and risk management arrangements of the
institution, as well as the mandatory elements indicated in the ICAAP Review Schedule,
 the ICAAP documentation must contain the so-called SREP Review Form, containing the results
of capital calculation according to risk types,
 the ILAAP documentation must provide evidence to demonstrate compliance with additional
liquidity requirements for the period under consideration,
 the available information and documents must clearly indicate what the institution concerned
considers as the elements of the ICAAP and ILAAP.
In the context of the BMA the MNB expects the strategy and business plan to:
 be reviewed at least annually, at least in part,
 specify the main strategic directions and objectives,
 be aligned with the institution’s declared risk appetite,
 provide an analysis of the business environment (e.g. macroeconomic environment, regulatory
environment, competition),
 incorporate a forecast for key balance sheet and P&L account items over a time horizon of at
least 3 years,
 include the main assumptions used for forecasting,
 ensure that the data, assumptions, and methods used are well-designed and documented,
 identify the main competitive advantages, vulnerabilities, and the major risks associated with
implementation,
 include the ongoing and planned major actions related to the implementation of the plans,
 enable the subsequent back-testing of plan fulfilment.
The MNB sends its detailed documentation requirements for ICAAP/ILAAP reviews and BMAs to the
institutions prior to the investigations, in due time. In addition, in the letter of notification the MNB will
specify the institutional scope (consolidated, sub-consolidated or individual) and deadline for and by
which the documents should be submitted to the supervisory authority, and determines the format and
reference date (in the form of a specific Excel template, as the case may be), in and for which the data
and calculations are requested.
As part of ICAAP reviews, in the investigation phase the customised nature and intensity of the dialogue
with the institution, as well as the type of investigation, may require the supply of further information to
the MNB.
IV.3 Supervisory evaluation of ICAAP/ILAAP reviews and BMAs
Institutions’ internal evaluations are closely linked to supervisory evaluations, because the MNB
conducts a dialogue with all supervised institutions on the outcome of investigations and the level of
economic capital requirements. In the initial step the MNB is provided with the necessary
documentation, while most of the dialogue (with or without on-site inspections) takes place in the
course of the investigation, including subsequent written and/or oral discussions. The concluding
moment in the dialogue is the establishment of the MNB’s final view on the assessment. The intensity of
the dialogue primarily depends on the type of the MNB investigation, the complexity of the institution’s
activity and the extent of differences between the two parties’ assessments. When conducting
comprehensive investigations, the MNB aims to strengthen the dialogue further and gain a better
understanding of institutions’ methodologies. In the course of focused investigations, the MNB focuses
27
on the definition of Pillar 2 capital requirement calculations for the risks involving the highest amount of
capital requirements. In the case of a simplified ICAAP review, the MNB sends a questionnaire to the
institutions, which it expects to be returned with documentation supporting the questionnaire
responses. After evaluating the responses, the MNB consults the institution in writing on any major
deviations.
The ICAAP review dialogue is aimed at ensuring the full application of general supervisory expectations
during the calculation of economic capital. In the spirit of methodological freedom, the MNB accepts all
consistent, sound and sufficiently conservative internal capital calculation approaches, procedures and
methodologies; however, in order to harmonise the review processes, it will follow its methodology
elaborated in advance, relying on supervisory benchmarking models as required. The structure of the
dialogue is based on the “building blocks” approach, i.e. certain elements of the capital calculation
interpreted in the broad sense (e.g. risk types, capital elements, external factors, business processes,
etc.) are relatively well-defined and are mostly assessed separately from each other. While certain
elements of the methodology have been established in the manuals published by the supervisory
systems and institutional protection schemes, other elements will only crystallise during the gradual
development of institutional relations, in practical arrangements and procedural conventions.
The purpose of the dialogue on ILAAP reviews is to ensure the effective and proactive enforcement of
supervisory expectations as well as to support supervised institutions.
IV.4 Risk mitigation measures and the determination of economic capital and liquidity excess
reserve requirements
In the case of comprehensive ICAAP reviews, once the subject-matter parts of the assessment processes
have been completed, the MNB prepares an evaluation report, which may include a detailed description
of supervisory findings about the supervised institution's economic capital and internal capital
adequacy, the risk mitigation measures required, and the SREP capital requirement considered
appropriate by the MNB. The review report is forwarded by the MNB to the supervised institution,
which has the opportunity to express an opinion on it within the timeframe specified. The MNB takes
into consideration the opinion of the institution for the purposes of finalising the report and adopting
related supervisory measures. It is, however, not in a position to recognise any newly proposed
methodological changes, interim modifications that the MNB has had no means to assess, or any
initiatives for the partial re-run of an ICAAP review or a BMA. In the case of a focused ICAAP review, a
much shorter summary evaluation is produced, and the institution is also given the opportunity to
comment.
IV.5 Joint risk assessment and decision process
In the case of international banking groups that fall under the jurisdiction of several EU supervisory
authorities and are registered and operate in the European Economic Area, the final assessment of risks,
the discussion of the applied methods and the definition of capital, as well as the determination of
economic capital requirements and liquidity adequacy assessment are done within the framework of the
international supervisory colleges. The institutional framework for international supervisory cooperation
is set out in detail in Article 20 of the current CRR and Article 113 of CRD IV (implemented in Article 173
of the Credit Institutions Act and Article 162(5)(d) of the Investment Services Act), while detailed
provisions on the operational functioning of supervisory colleges and on the joint risk assessment and
decision process are set out in Commission Implementing Regulation (EU) No 710/2014 16.
In the first step of the joint risk assessment and decision process (JRAD), following the evaluation phase
of the ICAAP and ILAAP reviews the results of risk assessment, the findings made as part of ongoing
supervision and on the basis of other supervisory reviews, as well as the fulfilment of the CRD IV
minimum requirements are also evaluated by the national competent authorities in a uniform structure
16
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0710&from=HU
28
elaborated by the international supervisory community, with findings subsequently forwarded to the
consolidating supervisor. In templates that serve as a basis of joint assessment the individual risk types
and the individual ICAAP and ILAAP sub-processes are evaluated on a scale of 1 through 4, whereas
compliance with CRD IV requirements is presented in a descriptive manner.
As the second main step of the JRAD the content of the uniform evaluation templates are summarised
and synthesised by the consolidating supervisor on the level of the total group, and based on the above,
the college dialogue is led and moderated by the consolidating supervisor with the participation of each
and every competent supervisor. In the course of this dialogue, every important aspect of risk
assessment, of ICAAP and ILAAP methodologies and of the CRD IV minimum requirements are addressed
and discussed, as a result of which the risk characteristics and capital adequacy of each group member
and the group as a whole are jointly assessed by the college members.
If there is full consensus among the college members, JRAD is concluded by an evaluation report
produced by the consolidating supervisor with the consent of partner supervisors, a report that contains
also the joint decisions on capital and liquidity adequacy. The reports prepared are then forwarded by
the consolidating supervisor to all partner supervisors concerned and to the institution at the head of
the group, which concludes the overall SREP assessment.
If no decision is passed by the authorities within four months of the availability of the joint risk
assessment in respect of the capital requirements and within one month for the liquidity buffer
requirements, EBA mediation shall be sought in accordance with the relevant requirements. If mediation
yields no result, the decision on the adequacy of the group’s solvency capital and additional capital
requirement, and its liquidity adequacy and additional liquidity assets holding obligation (in view of the
risk analysis of associated companies and opinion of partner supervisors) is taken by the consolidating
supervisor, whereas in the case of local institutions decision is taken by the host supervisors.
IV.6 Closure of ICAAP/ILAAP reviews and BMAs, supervisory measures
As a general rule, the Pillar 2 review process is closed with a review report (SREP Review Form)
produced for the institution, or by the forwarding of a so-called prudential letter (if the participating
parties have a consensus or an agreement). 17
The prudential letter is a unique tool of the MNB which states the minimum level of Pillar 2 capital
adequacy relying on and referring to the content of the evaluation report.
The prudential letter contains the following:
 executive summary,
 risk assessment for the main risk categories,
 summary on the expected risk mitigating measures, highlighting the key supervisory
requirements,
 supervisory stress test result,
 the capital deemed necessary based on the ICAAP review.
In the prudential letter, the MNB establishes the total SREP ratio (TSCR ratio) required for the institution,
the overall capital requirement (OCR) and the Pillar 2 capital guidance (P2G). Under the new regulations,
the MNB also specifies the types of capital that institutions must use to meet these obligations.
Where the ICAAP, ILAAP or BMA reviews are not conducted at the same time, the prudential letters will
be sent separately, each with contents specific to the investigation concerned.
17
In the case of institutions subject to simplified reviews, with particular regard to the cardinality of such institutions, a review report is only
generated where the supervisory review is carried out within the scope of a comprehensive investigation.
29
The results of the ICAAP supervisory review process must be documented in the SREP Review Form. A
resolution may also be issued where in the course of a review a condition warranting the use of
supervisory measures arises (particularly where an institution fails to meet the supervisory
expectations).
The introduction of supervisory measures is justified, in particular, by the following conditions:
 the supervised institution does not accept either the risk mitigating measures deemed
necessary by the MNB or the specified level of the SREP capital requirement
 the MNB believes that the capital adequacy is not guaranteed according to the legal
provisions,
 the credit institution has supplied implicit support within the meaning of Article 248 of
Regulation (EU) No. 575/2013 more than once, without attaining any significant risk
transfer,
 the MNB establishes that the credit institution’s economic value (the present value of
expected net cash flows from its assets, debts and off-balance sheet positions), calculated by
taking into account a sudden and unexpected change in interest rates, of an extent specified
by the MNB, would decline by more than 20% of the institution’s own funds compared to its
economic value calculated without regard to the effects of the interest rate changes, as a
result of a sudden, unexpected 200 basis-point change or otherwise as specified by the EBA.
 the MNB discovers any severe deficiency in the risk identification of the institution’s internal
methodology,
 the MNB finds that the internal methodology applied by the institution no longer complies
with the requirements pertaining to it,
 when applying the internal model, there is a risk of the institution being unable to satisfy the
requirements within the specified deadline and being unable to certify that the
consequences of such non-compliance are not significant,
 the number of overruns when applying the internal model applied by the institution is
indicative of the internal model’s lacking or no longer sufficient accuracy in terms of market
risk.
The prudential letter closing an ILAAP review contains the following:

 an overall evaluation of the institution's liquidity risk management,
 an evaluation of the numerical specification of legal and Pillar 2 requirements 18,
 a statement on compliance with external and internal regulations,
 an evaluation of the quality of liquidity reporting not related to legal compliance,
 the establishment of deficiencies (if any),
 calls for action (if any).
18
Given the volatility of the liquidity situation, the additional requirement is not determined on a forward-looking basis
30
(SREP) are applicable against credit institutions
The legal grounds for the measure Possible measures
Case types subject to the MNB’s discretion
The financial institution violates the Credit All the measures provided for in Section 185 (1)
Institutions Act, legislation on prudent operations of the Credit Institutions Act may be applied, thus
or other legislation governing its activities, or it especially the MNB may order the financial
manifestly fails to carry out its activities with due institution to formulate and implement an
care, and in particular, its own funds fail to cover emergency action plan and it may also impose an
its risks or fall short of the capital requirements extraordinary reporting obligation. (Sections
specified in Section 79(2) for credit institutions. 185(1)(a)–(h))
(Credit Institutions Act, Section 184(1))
The MNB may impose additional own funds The MNB may impose additional own funds
requirements on the credit institution in the requirements on the credit institution. Guiding
following scenarios: criteria for determining the extent of the
additional capital requirements:
- the credit institution fails to comply with the
requirements in terms of its ICAAP, recovery plan - the qualitative and quantitative aspects of the
or large exposure, credit institution’s internal capital adequacy
assessment process,
- the credit institution’s capital requirement does
not cover certain risks, - the adequacy of the credit institution’s
governance and risk management systems, and
- the measures that have already been applied
are likely to fail in sufficiently improving the - the findings of the supervisory review carried
credit institution’s systems, procedures or out at the credit institution, and
strategies,
- the credit institution’s systemic risk.
- failure to meet the requirements pertaining to
The additional own funds requirements
the method applied by the credit institution lead
determined for the credit institution may not
to an inadequate capital requirement,
exceed 150% of the capital requirement under
- the credit institution has probably Section 79(2)(a).
underestimated its risks,
- the credit institution notifies the MNB that the
outcomes of its stress tests significantly exceed
its capital requirement for the correlation trading
portfolio. (Credit Institutions Act, 186 (1))
Cases in which the application of supervisory measures is mandatory
The own funds of the credit institution are less All of the measures specified in Sections 185(1)–
than 80% of the capital requirement specified in (2) of the Credit Institutions Act, and all of the
Section 79(2). (Credit Institutions Act, Section 184 exceptional measures specified in Section 189 of
(3)(a)) the Credit Institutions Act are applicable.
The own funds held by the credit institution are All of the measures specified in Sections 185(1)–
insufficient to ensure sound management and (2) of the Credit Institutions Act, and all of the
coverage of its risks, or exceptional measures specified in Section 189 of
the Credit Institutions Act are applicable.
- its governance system, corporate governance
system and risk management system, ICAAP or
large exposure management framework does not
comply with the requirements defined in this Act
31
or in other legislation governing prudent
operation.19 (Credit Institutions Act, Section 184
(7))
The credit institution has supplied implicit Credit Institutions Act, Sections 185(1)–(2), all of
support within the meaning of Article 248 of the measures specified.
Regulation (EU) No. 575/2013 more than once,
without attaining any significant risk transfer.
(Credit Institutions Act, Section 177 (10))
The MNB establishes that the credit institution’s Credit Institutions Act, Sections 185(1)–(2), all of
economic value (the present value of expected the measures specified.
net cash flows from its assets, debts and off-
balance sheet items), calculated by taking into
account a change in interest rates under Section
177(5) of the Credit Institutions Act, would
decline by more than 20% of the institution’s own
funds compared to its economic value calculated
without regard to the effects of the interest rate
changes, as a result of a sudden, unexpected 200
basis-point change or otherwise as specified by
the EBA. (Credit Institutions Act, Section 177 (12))
Following a review, the MNB deems that the Pursuant to Section 177(16) of the Credit
credit institution’s recovery plan is deficient or Institutions Act, the MNB requires the credit
there may be obstacles to its implementation. institution to rework its recovery plan within
three months.
The MNB discovers any severe deficiency in the Pursuant to Section 179(3) of the Credit
risk identification of the credit institution’s Institutions Act, the MNB
internal methodology.20
- requires the credit institution to correct its
methodology, or
- adopts measures to mitigate the consequences
of the deficiency, for instance by applying higher
multiplication factors, imposing additional own
funds requirements or using any other suitable
and effective tools.
The MNB finds that the internal methodology Pursuant to Section 179(4) of the Credit
applied by the credit institution no longer Institutions Act, the MNB requires the credit
complies with the requirements pertaining to it. institution to
- prove that the consequences of such non-
compliance are not significant, or
- draw up a plan for restoring compliance,
specifying a deadline. (In this case, the credit
19
If the credit institution is subject to consolidated supervision or consolidated supervision extends to it, prior to taking extraordinary measures
vis-a-vis the credit institution, the MNB — with the following exception — must conciliate with the competent supervisory authority of the EEA
member state where a credit institution under consolidated supervision with the credit institution can be found. The MNB is not required to
conciliate with the competent supervisory authority of the other EEA member state prior to issuing its decision on the exceptional measure if
the time required for such conciliation would jeopardise the execution of the decision. In this case, the MNB must immediately notify the
competent supervisory authority of the other EEA member state of the decision.
20
Section 179(1) of the Credit Institutions Act requires the MNB to review, at least every three years, the internal approaches that the credit
institution is authorised to use for the calculation of its capital requirement, the satisfaction of the requirements necessary for their application,
and the extent to which the approaches are elaborated and up to date.
32
institution amends its plan if the MNB deems that
the relevant requirements can in all likelihood
not be fully complied with based on the original
plan, or the set deadline is not acceptable.)
There is a substantiated risk of the credit Pursuant to Section 179(6), the MNB
institution being unable to satisfy the
- revokes the licence on the application of the
requirements within the specified deadline and
internal method,
being unable to certify that the consequences of
such non-compliance are not significant, - limits the licence to areas complying with the
requirements or complying with the
requirements within a specified deadline.
The number of overruns when applying the Pursuant to Section 179(7), the MNB
internal model applied by the credit institution is
indicative of the internal model’s lacking or no
internal model,
longer sufficient accuracy in terms of market risk.
- imposes adequate measures to immediately
adjust the internal model.
33
(SREP) are applicable against investment firms
The legal grounds for the measure Possible measures
Case types subject to the MNB’s discretion
Violation of the obligations defined in the The MNB may require the investment enterprise
Investment Services Act. to satisfy additional capital requirements.
Guiding criteria for determining the extent of the
additional capital requirements:
- the qualitative and quantitative aspects of the
internal capital adequacy assessment process of
the investment firm,
- the adequacy of the governance and risk
management systems of the investment firm,
and
- the results of the supervisory review carried out
at the investment firm. (Investment Services Act,
Section 164 (4))
Cases in which the application of supervisory measures is mandatory
The investment enterprise has supplied implicit Measures under Investment Services Act, Section
support within the meaning of Article 248 of 164
Regulation (EU) No. 575/2013 more than once,
without attaining any significant risk transfer.
(Investment Services Act, Section 162 (10))
If, according to the findings of the MNB’s Measures under Investment Services Act, Section
supervisory review and evaluation, the economic 164
value of an investment enterprise (assets and
liabilities, off-balance-sheet items, net cash flow
at current value) declines by more than twenty
percent of its own funds as a result of the change
in interest rates as specified in Paragraph (5)(h)
relative to its economic value calculated without
the effects of the interest rate changes as a result
of a sudden, unexpected 200 basis point change
or the degree of change defined by the EBA.
(Investment Services Act, Section 162 (12))
Following a review, the MNB deems that the Pursuant to Section 162(17) of the Credit
investment enterprise’s recovery plan is deficient Institutions Act, the MNB requires the investment
or there may be obstacles to its implementation. enterprise to rework its recovery plan within
three months.
The MNB discovers any severe deficiency in the Pursuant to Section 163/A(3) of the Investment
risk identification of the investment enterprise’s Services Act, the MNB
internal methodology21.
- requires the investment enterprise to correct its
methodology, or
21
Section 163/A(1) of the Investment Services Act requires the MNB to review, at least every three years, the internal approaches used by the
investment firm to calculate its capital requirement, the satisfaction of the requirements necessary for their application, and the extent to
which the approaches are elaborated and up to date.
34
- adopts measures to mitigate the consequences
of the deficiency, for instance by applying higher
multiplication factors, imposing additional own
funds requirements or using any other suitable
and effective tools.
The MNB finds that the internal methodology Pursuant to Section 163/A(4) of the Investment
applied by the investment enterprise no longer Services Act, the MNB requires the investment
complies with the requirements pertaining to it. firm to
- prove that the consequences of such non-
compliance are not significant, or
- draw up a plan for restoring compliance,
specifying a deadline. (In this case, the
investment enterprise amends its plan if the MNB
deems that the relevant requirements can in all
likelihood not be fully complied with based on
the original plan, or the set deadline is not
acceptable.)
There is a substantiated risk of the investment Pursuant to Section 163/A(6) of the Investment
enterprise being unable to satisfy the Services Act, the MNB
requirements within the specified deadline and
being unable to certify that the consequences of
internal method,
such non-compliance are not significant.
- limits the licence to areas complying with the
requirements or complying with the
requirements within a specified deadline.
The number of overruns when applying the Pursuant to Section 163/A(7) of the Investment
internal model applied by the investment Services Act, the MNB
enterprise is indicative of the internal model’s
lacking or no longer sufficient accuracy in terms
internal model,
of market risk.
- imposes adequate measures to immediately
adjust the internal model.
In the case of a joint risk assessment and decision process, which regulates the review of international
groups of institutions, the SREP (which also incorporates ICAAP and ILAAP reviews) is concluded by a
joint decision on Pillar 2 capital and liquidity adequacy adopted by the consolidating supervisor in
agreement with college members. The joint decision comes into force directly in the form accepted
under the legal system of the given “home” supervisory country under the jurisdiction of the national
supervisory authorities affected provided the joint decision is taken within four months of submitting to
the supervisors the report which was drawn up by the consolidating supervisor and which contains
group level risk assessment.22 Additionally, a prudential letter is sent by the consolidating supervisor to
the senior management of the group of institutions, and by the partner supervisors concerned to the
subsidiaries under their remit. In the letter information is provided about the results of the joint risk
assessment, about the prescribed minimum level of the TSCR ratio, and about the relevant risk
mitigating measures.
In the opposite case, it is the duty of the individual partner supervisors in member state competence to issue a resolution about the capital
22
adequacy of the institution.
35
The delivery of a prudential letter or the issuance of a resolution represents in all cases the closing of the
SREP. Nevertheless, there are two reasons which may lead to the continuations of the supervisory
dialogue for the institution in the given review round. On the one hand, the ICAAP and ILAAP review
report may typically describe a number of risk management and methodological expectations whose
deadline for implementation may precede the commencement of the following review. Checking their
implementations requires in many cases continuous communication between the MNB and the
institutions in Pillar 2. On the other hand, in especially justified and exceptional cases, the institutions
themselves may initiate the interim review of the prescribed capital ratio. A typical case is when
profound changes take place in the institution’s market position, business activity, risk profile or risk
management system that have a major impact on the extent of its requirement for economic capital in
relation to its regulatory capital requirements. In the context of the interim review of the TSCR ratio, the
MNB considers the materiality of the impact that changes in circumstances have on the capital
requirement, and the time required for the review, and takes into account the current status of the joint
decision process (with regard to the regulated process of joint decision-making for international groups
of institutions).
The supervisory measure is monitored by the MNB following the closing of the annual supervisory
review, i.e. the implementation of the prescribed tasks, the maintenance of additional capital levels, the
actual implementation of capital increases, as well as compliance with the deadlines. Capital levels are
monitored on the basis of reporting, whereas the implementation of other prescribed tasks is reviewed
either as part of the next ICAAP, BMA or ILAAP review, or at a specific date set during the closing of the
SREP.
IV.7 Annual evaluation for institutions on the lessons learned from the overall SREP
The MNB considers it important to provide more detailed and comprehensive information to
institutions, to strengthen dialogue and to provide feedback on supervisory findings. Accordingly, after
each review year, the MNB informs the senior management of each institution about the results of the
overall SREP, the main findings of the reviews, and the lessons learned from ongoing supervision.
36
V. The elements and supervisory review of the ICAAP
V.1 ICAAP governance and control systems – risk management
As part of the supervisory review process, the MNB will assess the operation of the institution’s internal
governance and control functions. If they are assessed to be of low standard, the MNB may deem it
necessary for the institution to hold additional capital under the ICAAP and improve its standard of risk
management. The setup and operation of the governance and control functions are subject to the
detailed regulations set out in the Credit Institutions Act, the Investment Services Act and the MNB
recommendation on the establishment and operation of internal safeguards, and the governance and
control functions of financial organisations. This Manual provides a summary of the ICAAP governance
expectations for ICAAP reviews performed as part of SREP assessments.
V.1.1 ICAAP awareness
Risk is an organic part of the activities of financial organisations. Accordingly, financial organisations are
expected to develop an integrated risk culture encompassing the entire institution/group, which ensures
the identification, assessment and management of the arising risks in accordance with the risk appetite
and risk tolerance level of the institution/group.
The primary tools for the establishment of the risk culture are the internal policies, regulations and
guidelines, communication as well as employee training. Within the organisation risk management is not
exclusively the task of risk experts or the organisational unit responsible for risk management. All
employees must be aware of their respective roles in connection with the management of risks arising
at the institution.
Middle and senior management are expected to have knowledge of Hungarian and international ICAAP
regulations, as well as of the factors of the internal ICAAP risk measurement processes, designed
according to such regulations, that are relevant to the managed area.
The MNB finds it important that daily risk management practices should be followed in accordance with
ICAAP risk policies, procedures and controls.
The MNB recommends the implementation of a comprehensive ICAAP risk management practice that:
 covers the entire institution/group, as well as all organisational units, business areas,
institutions and activities of the institution/group,
 goes beyond regulatory compliance and is built on the internal economic substance of the
risks,
 manages all risks relevant for the institution in addition to the credit, market, liquidity and
operational risks, e.g. it covers concentration, reputation, compliance and strategic risks as
well,
 allows for the aggregation and breakdown of the risks from the bottom up and from top to
bottom across business areas and reporting lines as part of the ICAAP, as well as for the
assessment and maintenance of the risks in the framework in terms of contents and
methodology within the institution and the group,
 assesses the viability of the institution over the medium-term (3 to 5 years) in addition to
short-term risks arising over a time horizon of less than one year and exactly one year, and
 incorporates actual senior management decision-making on the basis of the above
considerations.
ICAAP risk management should ensure that the institution takes informed decisions that are based on
the identification, measurement or assessment and monitoring of risks, and are back-tested at regular
intervals depending on the type of risk, i.e. daily e.g. for liquidity and market risks, and quarterly e.g. for
37
credit risk. For systemically important institutions in the domestic or international financial intermediary
system, the expected frequency is at least quarterly, and monthly where required (for example, where
justified by the institution’s capital position, i.e. in cases where the free capital above the capital
requirement determined by the prevailing OCR rate relative to the TREA is below 2%).
V.1.2 Level of ICAAP regulation, governance and internal audit
In order for the internal capital requirement calculation system to function, it is essential that the
institution has an adequate level of ICAAP regulation, and an adequate structure for approvals and
regular monitoring, and that the conditions are provided for the development and regular review of
these aspects at least annual intervals. The MNB expects the main elements of the ICAAP (ICAAP
framework, ICAAP strategy, risk appetite) to be approved by the board of directors and the supervisory
board of the institution (as provided in the foregoing, this should be done at least annually, i.e. within 12
months following the previous approval).
Once the framework has been approved, the internal audit function is responsible for reviewing
whether the Risk Control functions enjoy sufficient independence within the organisation. At least
annually, the internal audit function should carry out a comprehensive review of the proper functioning
and organisational embeddedness of the ICAAP framework for the group as a whole (i.e. at the
consolidated level) and individual group members as follows:
 an appropriate annual ICAAP audit plan should be in place, and the relevant decision-making
forums of the institution should receive quarterly reports on the fulfilment of the plan and on
the extent to which the deficiencies identified during previous audits have been eliminated (i.e.
whether the ICAAP findings of the internal audit function had been implemented by the
responsible area within the deadline),
 assessment coverage should be ensured for all group members and the ICAAP model of
the institution, which should also be carried out at the group level and in a group
approach, except that a simplified ICAAP framework should be acceptable in respect of
subsidiaries that operate in third countries or have a sub-consolidated balance sheet
total of less than HUF 500 billion in the reference period of the investigation,
 the ICAAP framework should be reviewed in a process approach,
 for institutions employing advanced method(s), an annual report should be prepared on each
portfolio or risk assessed or rated using an advanced method, with a specific audit focus on the
fulfilment of the rollout schedule,
 finally, senior management feedback based on an internal audit assessment is also required on
actual ICAAP use.
As stated above, the internal capital requirement calculation process must be integrated into the
institution’s risk measurement and control processes. The steps of that integration should be
implemented essentially along the following lines.
V.1.3 Framework set up for the internal capital adequacy assessment process
A fundamental expectation for the internal capital adequacy assessment process is soundness. To
achieve an appropriate level of soundness, the institution must have policies, procedures and models
commensurate with the nature, scale and complexity of its activities.
In its evaluation, the MNB will take into account:
 whether methodologies and assumptions applied by institutions are appropriate and consistent
across risks, are grounded in solid empirical input data, use robustly calibrated parameters and
are applied equally for risk measurement and capital management;
38
 whether the confidence level is consistent with the risk appetite and whether the internal
diversification assumptions reflect the business model and the risk strategies.
Apart from soundness, a prominent role is also occupied by process effectiveness. As an essential part of
risk management and capital management, the institution should apply ICAAPs at all necessary levels of
decision-making and management processes. The interconnections and interrelated functioning
between the risk appetite framework, risk management and capital management must be adapted to
the institution’s business model and its complexity. The management body should demonstrate
appropriate commitment to and knowledge of the ICAAP and its outcomes. Accordingly, it should be
involved in the approval of ICAAP frameworks and outcomes, and, where relevant, in of the approval of
internal ICAAP validation outcomes. The forward-looking nature of the ICAAP should be ensured, one of
the most important means of that being the coherence between the ICAAP and the capital plans and
strategy.
In its evaluation of process effectiveness, the MNB takes into account whether the policies, procedures
and tools of the institution facilitate:
 clear identification of the functions and/or management committees responsible for the
different elements of the ICAAP,
 capital planning: the calculation of capital resources on a forward-looking basis (including in
assumed stress scenarios) in connection with the overall strategy or significant transactions,
 the allocation and monitoring of capital resources amongst business lines and risk types (e.g. risk
limits defined for business lines, entities or individual risks are consistent with the objective of
ensuring the overall adequacy of the institution’s internal capital resources),
 the regular and prompt reporting of capital and liquidity adequacy to senior management and to
the management body. In particular, the frequency of reporting should be adequate with
respect to risks and business-volume development, existing internal buffers and the internal
decision-making process to allow the institution’s management to put in place remedial actions
before capital adequacy is jeopardised, and
 senior management or management body awareness and actions where business strategy
and/or significant individual transactions may be inconsistent with the ICAAP and available
internal capital.
Another expectation for the ICAAP is that, by virtue of its comprehensive nature, it should provide
adequate coverage of business lines, legal entities, and the risks to which the institution is or might be
exposed, while also ensuring compliance with legal requirements.
For the judgment of the above, the MNB will assess in particular:
 whether the ICAAP is implemented homogenously and proportionally for all the relevant
institution’s business lines and legal entities with respect to risk identification and assessment;
 whether the ICAAP covers all material risks regardless of whether the risk arises from entities
not subject to consolidation (special-purpose vehicles (SPVs), special-purpose entities (SPEs));
and
 where any entity has different internal governance arrangements or processes from the other
entities of the group, whether these deviations are justified.
V.1.4 Integration of ICAAP
In order to achieve the appropriate organisational and process integration of the internal capital
adequacy assessment process, the unit responsible for the institution’s ICAAP risk management under
the applicable internal regulations should ensure the following minimum requirements:
39
 clearly define responsibilities and mandates to avoid conflict of interests,
 present the risk management processes,
 taking into account the principle of proportionality, divide the risk management department
into sub-divisions (define and present the transparency and functionality of the
organisational structure, the level of segregation, and the level of segregation of business
areas, back office and risk management),
 present the internal audit and control as well as the compliance functions, (including the
degree of independence of the internal control functions from the activities subject to
supervision and control), ensure that the ICAAP topics are subject to an assessment of
adequate quality and frequency through internal audits,
 present the MIS, controlling and internal information system,
 define the nature, scope and frequency of reporting at different levels,
 present how the risk strategy is communicated and how risk awareness is developed within
the organisation (information, training),
 apply and present the group-level risk management and coordination,
 apply and present a remuneration policy that harmonises with the risk management system.
V.1.5 Risk strategy
When designing its internal capital requirement calculation mechanisms, the institution should establish
its approach to risks and risk management. This approach should then be summarised in a risk strategy
elaborated by senior management and approved by the management bodies. The scope and extent of
the document should be in line with the size and the activities of the institution. 23
The risk strategy must include the parent institution’s ICAAP-related requirements. Accordingly, the risk
strategy must define at group level the main risk factors and the types and tolerable extent of risks that
can be taken. Furthermore, it is necessary to break down (cascade) the group risk strategy consistently
to the individual subsidiaries.
Regarding the IT, modelling as well as risk management and planning processes that are operated by the
parent bank and are used at the local level, the MNB expects that the availability and high level of
institutional knowledge at subsidiary banks is ensured through training and the allocation of adequate
resources.
The steps of preparing the risk strategy
V.1.5.1 Risk-taking policy

1. Identification of group members and the scope of the ICAAP
As the first step in developing a risk strategy, the institution must specify the group of institutions that
the ICAAP covers and must define what is meant by “group level” and “institution-specific” along with
the relation between the two.
2. Establishment of risk management guidelines/principles
As a precondition for standardised and prudent risk management, the institution defines its risk
management principles which it sets out as requirements throughout the entire organisation (e.g.
independent control, increase of risk awareness, etc.). When defining the risk management principles,
special attention must be paid to the fact that according to Hungarian regulations, credit institutions
23
The principle of proportionality is a key consideration during the ICAAP review. The requirements concerning internal capital adequacy
depend on the type and size of the institution, its business model, the complexity of its activities and the level of risks they convey. The same
criteria must be applied to the scope and depth of the risk strategy.
40
subject to consolidated supervision must fulfil the requirements regarding the governance system and
risk management also together with its credit institution and investment enterprise subsidiaries in which
it holds a controlling stake. The establishment and enforcement of a risk culture throughout the
institution (group) is the basis of implementing effective risk management.
3. Identification of risk/return trade-off
The institution must specify the extent of risk/return trade-off which it still considers acceptable at
strategic level. This calls for defining the expectations that the institution will take into account, for
instance shareholder expectations, customer expectations, supervisory expectations, etc. In addition,
the institution should consider the following factors:
 types and extent of risks that the institution intends to take and the expected returns;
 whether the institution has comparative advantages in any area;
 capital requirement of actual risks.
The weighing of the above factors enables the creation of a strategic framework which contains the
target market, the targeted segments and the range of key products and services. The definition of the
strategic framework also includes the specification of key target variables and indicators and the linking
of an appropriate measurement system to the targets based on the risk-taking principles of the
institution.
4. Backtesting
It is important to embed the risk-taking policy into a dynamic environment. The operation of existing risk
management systems and models must be monitored on an ongoing basis. Results must be backtested
and the models must be improved based on the experiences.
V.1.5.2 Setting risk appetite and the willingness to take risks

Risk appetite refers to the amount of risk which an organisation is ready to take and is able to tolerate.
Risk appetite may differ from group member to group member. If so, risk appetites need to be
presented separately.
Institutions must identify (both at group and individual levels) the relevant internal and external risk
factors and draw up an accurate risk map of the exposures that are applicable to them. (With regard to
the risk definitions provided in the Manual.) Each institution (or group) must have a detailed
understanding of the ratio, concentration and significance of specific risk types within its portfolio. The
MNB recommends that the experience gained from risk maps at the individual level, and the risk
assessment results they contain, should be incorporated into the group risk map.
The institution’s management body and senior management are responsible for setting risk appetite and
risk tolerance levels serving the business and risk strategy of the institution (group). When setting risk
appetite and tolerance, all risks taken by the institution must be considered, including the exposures
conveyed by off-balance sheet activities.
The process of setting risk appetite and risk tolerance must encompass the review and modification
thereof in case newly obtained environmental, business and risk information and analyses call for it.
Risk appetite and risk tolerance levels can be expressed in different forms, either as qualitative or
quantitative requirements (e.g. profitability, key risk indicators [KRIs], limits). They can also address
areas where the institution’s risk tolerance is minimal (e.g. not preferred sectors and products).
The fulfilment of targets and requirements specified in conjunction with risk appetite and tolerance
must be measured on a regular basis. This approach ensures that the set limits, risk indicators, limit
frameworks, etc. are consistent with the institution’s risk appetite and risk tolerance even in a stressed
41
environment. In the course of budgeting, the institution determines the percentage of risk capital and
the way of allocating it to specific portfolios based on its risk appetite
V.1.5.3 Target risk structure

The risk preference defined in line with the risk appetite must be compared with the business strategies.
The prevalence of risk/return trade-off rules determined at strategic level must be verified. The toolset
for all this might be a properly designed system of limits and indicators. In this respect, the following
steps are needed:
 Assignment of the limit system and indicator system to additional levels (assignment of
aggregate limits to specific risk types or to more profound levels),
 Elaboration of detailed requirements or methods, or reference to the thorough regulation
thereof. Institutions must be able to show on their risk map how the internal capital
requirement is determined for specific risk elements, what internal processes are used for
managing risks (four eye principles, incorporation of KRIs and triggers) and how these items
are monitored (monitoring).
The changes in risk appetite and the extent of risks taken can be monitored and verified by using the
indicators that represent the specific dimensions. This approach ensures the permanent control of the
desirable risk structure and its comparison to the actual one.
V.1.5.4 Stages of risk management:

1. Comprehensive risk identification
This stage involves the revealing, definition and recording of all potential risks. Its importance derives
from the fact that it sets the course of the risk management process and its stages, for the institution
can control and manage only the risks which it is aware of. As part of the ICAAP the institution can
estimate the material risks which it considers relevant. The range of these risks may vary depending on
the size and profile of individual institutions, and the complexity of their activities. The institution is
required to record and document the risks revealed during the identification process (as part of its Risk
Management Policy, ICAAP documentation, etc.).
The next step is to describe and define suitable processes and systems for measuring the risks identified
and to define and retrieve the necessary data from available systems and databases. The risk
identification process should be flexible enough so that it is able to manage any later and newly
revealed risks.
2. Specification of the extent of risk (quantification of risks and coverage factors)
Risk quantification is essential to provide an objective benchmark for decision-making both for the
ICAAP risk control function and the entire institution. Risk quantification is also important because it
helps the institution identify the limits of its risk-bearing capacity. Furthermore, it is also needed for
assessing the performance of the independent control function.
Apart from and in relation to the quantification of risks, the institution must also quantify any existing
and potential liabilities (capital and quasi-capital elements) that provide a coverage for the risks
accepted by the institution, as well as any processes with an impact on the value of the elements used
for the calculation (e.g. stability of results considered by the institution, hidden reserves, etc.).
During the identification and measurement of the risks the institution must use forward looking (e.g.
stress tests) and back-looking tools with which it can filter out risk concentrations as well. Forward-
looking tools can be used for the identification of risks that may arise in crisis situations. Back-looking
tools are suitable for the comparison of the risk profile and the risk appetite/risk toleration ability of the
institution.
42
During the evaluation of the risks it is advised to take quality considerations (e.g. expert valuations,
presumptions and limitations of the risk assessment models) into account in addition to the quantitative
information and data.
It is expected that the institution should possess a well-defined, appropriately documented internal
reporting system approved by the management of the institution for the risk management activity. The
task of the internal reporting system is to ensure that the management of the institution, as well as
persons/organisational units involved in risk management and in the implementation of the risk control
function obtain adequate, timely, clear, understandable, relevant and usable information on the
extension (size and type) as well as identification, measurement or evaluation and monitoring of the
risks.
3. Comparison of risks and risk mitigants
Once risks have been quantified, the resulting individual risk exposure should be aggregated. The result
of the aggregation will be the institution’s overall risk exposure within the ICAAP. In this step, it is
necessary to ensure that no risks have been omitted during the process, that risks have not been
recorded redundantly and that individual risk exposures can be aggregated. Moreover, it is also
important to review the assumptions on risk correlations.
Decision makers need to have up-to-date information on the facts identified by the risk management
process so that they have a clear and accurate view of the institution’s position and take the necessary
steps in order to manage risks. Risk management decisions can be taken after risks and coverage have
been compared. The transparency and clarity of the institution’s risk profile are indispensable for the
determination of the institution’s risk-bearing capacity.
Prevention is an effective instrument of risk management. One form of it is the use of pre-defined
operational limits. For each independent risk-taking organisational unit, a maximum limit should be set
upto which the unit is allowed to take risks. Ex ante control should also include the preparation of
contingency plans which present extreme, unexpected situations and the stress tests designed for them.
4. Risk monitoring
Risk monitoring is the process whereby an institution ensures that its (actual) risk profile is in line with
its (planned, expected) risk preferences. 24 During monitoring, the utilisation of pre-defined limits is
checked and the exercise should also address the consequences of increasing limit utilisation or
potential limit overruns.
In the case of non-quantifiable risks, process-related expectations or quality requirements are
monitored. The institution summarises monitoring results in internal (risk) reports. Therefore, crucial
elements of internal ICAAP reporting are the obtaining and preparation of all information (risks and risk-
mitigating instruments) regarding the risk positions of individual business lines as well as the overall
institution. These reports should be prepared on a regular basis and with a view to the specific needs of
recipients (institution management and business line leaders).
5. Ex post control, feedback
Internal reports are important starting points of actions taken during ex post control. The purpose of ex
post control is to enable the active influencing of risk positions defined earlier and measures previously
plannedbut now by taking account theactual risks. It can be implemented in the following manner:
 risk reduction: measures taken to mitigate risks (e.g. involvement of additional collateral in
credit deals, insurance, etc.);
 risk transfer: transfer of receivables to a third party (e.g. sale of receivables, hedge
transactions);
24
The plans/facts comparison should be performed from time to time.
43
 Reallocation of risk capital, i.e. a limit increase. It is only possible if other units have not
utilised their limits in full, or if the institution is able to allocate additional capital to cover
the transaction. This method can be used due to certain business considerations, depending
on the institution’s risk tolerance.
 Raising of cover capital: raising of additional capital (e.g. capital increase, capital issuuance).
Ex post control is the last stage of the risk management process. At the same time, it can serve as a basis
of further steps.
In the course of an ICAAP review, the MNB assesses the institution’s risk management framework and
judges the quality of senior management’s information on the ICAAP, how the ICAAP is presented in MIS
reports and how it is integrated into the decision-making processes and into the institution’s day-to-day
activities. If the risk management framework is evaluated as of poor quality, the MNB may deem it
necessary to prescribe the institution to raise additional capital for covering its reported risks, besides
prescribing tasks to enhance the quality of risk management.
V.2 Assessment of material risks
In this chapter we review the fundamental risks emerging in the operation of institutions in order to
provide guidance for the identification and measurement of material risks in the internal capital
adequacy calculation process. For each risk, we provide the definition of the risk concerned, its possible
elements (risk segments), and the principles and main supervisory requirements for the management of
the risk. However, even the supervisory review process should not overlook the main provisions of the
directly applicable CRR, or the related recommendations and implementing regulations, as they often
offer guidance in respect of Pillar 2 requirements.
Institutions must seek to map each of their material risks to the risks defined in this chapter of the
Manual. Special risks definitions as described in the chapter “Other risks” should only be used if the
scope of the underlying risk is truly different from the risk types presented in this chapter.
Furthermore, after the identification of their material risks, institutions must make efforts to apply an
integrated risk management approach for generating a standardised, single view of their risks. Individual
risks are often difficult to separate, strong interactions may exist between them and a certain type of
risk may transform into a different type as a result of external effects. One example is the impact that
the increased exchange rate risk conveyed by foreign exchange loans have on credit risk.
For the proper identification and management of risks, it is essential that institutions have reliable and
consistent data so that adequate data quality is ensured.
V.2.1 Credit risk
Definition
Credit risk refers to the threat of losses affecting the institution’s profitability and capital position as a
result of the non- or non-contractual performance of contracted partners’ payment obligations arising
from credit relationships, deferred payments or other credit-type relationships, i.e. failure to fulfill on-
or off-balance sheet liabilities to the institution.
To assess credit risks, the institution should consider the following sub-types of credit risk:
 the default risk in relation to a bank loan as mentioned above
 the risk of certain investments (typically bonds), where payment is not executed in
accordance with the contract
 default risk of other contractual partner or customer
 dilution risk
44
 counterparty risk (credit risk against professional financial and capital market participants)
 specialised lending exposures (exposures the risk of which depends on the profitability of
the asset or project being financed, e.g. commercial real estate, power plant, commodity)
 risk of foreign currency lending
 settlement risk
 concentration risk
 country risk
 residual risk
 securitisation risk
 default risk of insurance companies.
Risk assessment and management
Institutions must cover credit risk through measures, procedures and/or capital.
During the ICAAP, the institution sets out the process whereby it calculates the capital requirements for
credit risk, the systems of procedures for assessing and monitoring these risks (both inherently and as
part of controlling) and the process of verifying that the calculated capital requirement provides, overall,
adequate capital for unforeseen/unexpected losses associated with credit risk.
In terms of credit risk, as part of their ICAAPs institutions should consider all the components that
determine potential credit losses, and in particular: the probability of a credit event (i.e. default), or
correlated credit events, that mainly concerns the borrowers and their ability to repay relevant
obligations (PD); the size of exposures subject to credit risk (EAD); and the recovery rate of the credit
exposures in the event of default (LGD). For all these components, institutions should take into account
the possibility that these components may deteriorate over time and worsen compared to expected
outcomes.
The institution should assess not only its current credit risk but also its future credit risk, and link it to its
credit risk strategy, planning, and stress-testing framework. To do this, the institution should take into
account how macroeconomic developments related to baseline and stress scenarios affect the
determinants of credit risk.
Within the ICAAP framework, the governance and risk management framework underlying the lending
activity includes the following elements:
 a credit risk strategy and appetite that are reasonably and clearly designed and
documented, and have been approved by the management body,
 an appropriate organisational framework to enable effective credit risk management,
measurement and mitigation, with sufficient human and technical resources to carry out the
related tasks,
 policies and procedures for the identification, management, measurement, mitigation,
monitoring and reporting of credit risks, as well as practical procedures consistent with
those policies and procedures,
 an internal control framework aligned with the credit risk strategy and appetite.
Capital requirement calculations
The CRR allows three approaches to calculate regulatory capital requirements for the credit risk of
exposures in the banking book. The first two are the foundation (FIRB) and advanced (AIRB) internal
45
ratings based (IRB) approaches. Supervisory approval is required for the application of these advanced
methods.
The third, simplest approach is the standardised approach. Institutions applying the standardised
approach are expected to ensure that the adequacy of classification according to exposure classes be
supported by regulations and documentation. It is especially important to specify the conditions for
inclusion in the retail portfolio at the policy level (e.g. in the risk taking and risk management policy,
etc.), as well as to define other product characteristics (standardised products). The regulation must also
include the definition of granularity25.
During the calculation of the capital requirement the MNB accepts the following management solutions
in connection with the management of granularity:
 classification of the products into so-called “pools”, i.e. identification of products that
“behave” similarly (involving identical or standard conditions, limited amounts, etc.).
Minimum transaction numbers should be determined for individual pools in order to meet
the granularity requirement.
 Definition of the average size of credit per contract in connection with the exposures in the
retail portfolio in accordance with points a) and c) of Article 123 of the CRR and the
subparagraphs thereof on the management and capital requirement of credit risks, and the
provision of a relevant distribution threshold.
This means that the institutions must determine their retail exposures so that the individual exposure
risks should be adequately small proportionately to the entire portfolio. The institutions may use
indicators measuring the portfolio concentration to assess this.
Concerning the default risk, Pillar 1 does not allow the use of “real” credit risk models (i.e. models that
also reflect portfolio effects) even in the case of AIRB, whereas Pillar 2 permits their use. Several of these
models are available on the market (e.g. Creditmetrics, Creditrisk+), which, however, may carry
significant model risks due to calibration difficulties 26. For the judgment of these models, the MNB tries
to understand and reconstruct the model and its mechanism, but benchmarking is also an important
tool for evaluating the model, during which the MNB compares the results of the portfolio model used
by the bank with the results of the IRB model (or its simulation in cases where the granularity of the
exposures is insufficient).
ICAAP review
Credit risks represent the most important risks for credit institutions falling within the scope of the CRD
IV and constitute the vast majority of the total risk exposure and capital requirement. Accordingly, the
MNB stresses that credit risk factors should be fully identified and adequately taken into account, and
the credit risk capital requirement should be defined in a prudent manner.
With respect to the importance and complexity of credit risks, in parallel with the above, additional
capital requirements are typically determined for institutions which are subject to comprehensive and
focused ICAAP reviews and do not use risk sensitive methods based on internal ratings and calculations
in Pillar 2. The additional capital requirement is typically warranted by the potential risk(s) stemming
from the assessment of risk exposure without sufficient depth and sophistication. The MNB’s general
assessment experience is that the standardised approach underestimates the risks. Accordingly, in its
ICAAP reviews the MNB quantifies capital requirements on the basis of IRB simulations, supervisory
benchmark methodologies and models for a more accurate judgment of the risks.
The MNB also avails itself of the ability to determine the capital requirements of a particular institution
in application of benchmark models developed on the basis of other banks’ data, parameters, risk
25
According to Article 123(b) of the CRR: “the exposure shall be one of a significant number of exposures with similar characteristics such that
the risks associated with such lending are substantially reduced.”
26
Actually, this is why these are not acceptable for regulatory purposes (other than in Pillar 2).
46
weights and peer group data, for example where the institution’s own data do not allow estimations, or
the estimates obtained would not be reliable, observations for downturn periods are missing, or data
quality is insufficient.
The evaluation methodology followed by the MNB in the course of Pillar 2 reviews cannot be precisely
defined because of the complexity of lending processes and capital requirement calculations as well as
due to the multitude of possible consistent and prudent approaches. Nevertheless, the general aspects
associated with each element and area of credit risk models are clearly identifiable and they represent
the necessary preconditions for prudent consideration. The MNB also presents the basic elements of its
benchmark models. A summary of these elements is provided below.
V.2.1.1 Assumptions of the credit risk model

Advanced models for capital requirement calculation attribute credit quality changes to some underlying
factor, whereas the starting point for capital requirement is determined by the stressed loss which is
associated with the excessive swing of the above factor and which is subject to portfolio characteristics.
The IRB model authorised in the regulatory pillar operates with one systemic risk factor, whereas the
sensitivity which expresses changes generated by the default of transactions in this factor is defined by
the correlation coefficient set out in legal provisions. Conversely, in the most widely used Pillar 2 credit
risk models institutions have the opportunity to identify the risk factors, their number and their parallel
movements as well as to select the nature and strength of their impact on credit quality. In the
Creditrisk+ model, for instance, the sensitivity to underlying factor(s) is represented by the variability of
the probability of default (PD), while in the portfolio models based on the multifactor Merton model, it
is defined by factor weights and asset correlations.
In general, the MNB expects institutions using the IRB model in Pillar 2 to meet the minimum
requirements set for the IRB method validated by the CRR, while also bearing in mind the principle of
the continuous improvement of risk methods and expectations. If the given institution calculates capital
requirement by using the Pillar 1 standard method, the MNB expects it to demonstrate the full scale of
exposures covered by the IRB model, and also to report the possible discrepancies from the regulatory
pillar when exposures are taken into account. If the institution concerned applies the very same IRB
method in Pillar 1, then the possible most precise identification of the potential weaknesses and
sensitive elements of the applied model is considered by the MNB as the most important Pillar 2 task
concerning credit risk.
In the case of institutions applying an approach different from the IRB model in Pillar 2, the MNB has the
following expectations:
 With regard to the selected underlying risk factor or factors they should demonstrate the
close parallel movement of both the external factors which in reality define the credit
quality of the institution’s exposures and the time series of default rates. This is because if
factors, largely independent from default processes, are chosen the underestimation of risk
exposures cannot be avoided even by the use of higher asset correlations.
 In the absence of a sufficient data, calibrating the sensitivity of credit quality to the risk
factor is a very difficult task, and it is indispensable to use expert estimates. The prudent
approach must be followed with a consideration to statistical uncertainties which is
especially justified by the instability of asset correlations experienced in stress periods. Since
the sensitivity of defaults – e.g. the standard deviation of PDs in the Creditrisk+ model or the
asset correlation in the Merton portfolio model – can easily be made congruent to the
correlation coefficient of the IRB model in the case of single-sector approaches, the MNB
expects institutions to carry out such comparisons. 27
27
It is an empirical fact in connection with the spread of default rates that sensitivity to the state of the economy decreases with the growth of
the probability of default. Consequently, in the Creditrisk+ model it may be practical to select different relative spreads in the individual PD
bands.
47
 In the case of multi-sector models which operate with more than one systemic risk factor,
the definition of relations between factors as well as the sensitivity (factor weights) to
certain factors of the transactions often proves to be the delicate task. In the case of
selecting observable factors, the capturing of the joint distribution of risk factors in a
prudent way can be challenged due to the instability of empirical correlations, whereas in
the case of latent factors, it can be challenged due to the modelling difficulties of
decomposition. As a result of the above, in the case of applying multifactor models, the
MNB has the following expectations from institutions:
- on top of the risk characteristics of transactions, institutions should also use some
other group formation features (e.g. sectoral rating in the corporate portfolio,
exchange rate risk in retail models) in modelling;
- they should be able to quantify the diversification impact created by model

assumptions, i.e. even in the case of the complete parallel movement of risk factors
the extent of stressed loss should be specified.
 Institutions should demonstrate the completeness of exposures covered under the Pillar 2
model, highlighting in detail deviations from the regulatory pillar and their justification. In
addition to the above, the MNB has the following expectations from institutions which use
the IRB method validated in Pillar 1:
- with regard to parameters which do not have an influence on the mechanism of the
Pillar 2 credit risk model – probability of default (PD), loss given default, (LGD) and
credit conversion factor (CCF) – they should quantify the impacts of any deviation from
Pillar 1;
- they should enable the comparison of the parameters used in the two types of
methodology (CCF, PD, LGD, maturity factor, etc.) with the capital calculation results
(risk-weighted asset value, expected loss, capital requirement) either at transaction
level or at least at the level of rating models and/or rating categories.
V.2.1.2 Fundamental expectations for models and rating systems

The MNB has the following main general expectations for credit risk models and rating systems 28:
 complete, detailed and clear documentation,
 specification of concepts, procedures and processes,
 ensuring adequate data quality,
 adequate collection, storage and maintenance of the data used,
 annual validation,
 regular monitoring and reporting of model performance and stability,
 regular redevelopment of models based on validation or monitoring results (in the event of
triggers being reached),
 development and application of an up-to-date, regularly updated model inventory to track the
dates of model reviews and validations,
28
Rating systems under CRR Article 142(1)(1).
48
 use test: institutions must apply a rating system which is assessed as reliable, proven to function
reliably by regular back-testing, and used in internal processes and capital requirement
calculations,
 models and rating systems need to ensure a meaningful differentiation of risks, managing
changes in internal processes and lending practices. The rating system must be able to reliably
capture changes in the quality of the portfolio.
The MNB expects institutions to apply the IRB requirements stated in the CRR for models and rating
systems, and to monitor developments in international regulations on modelling issues, in particular by
taking into account EU requirements29 and ECB provisions30.
V.2.1.3 Rating models

Institutions applying advanced credit risk methods use rating (scoring) models to rate customers. The
main purpose of rating models is to distinguish customers/transactions based on their riskiness and
creditworthiness. In the rating model, institutions assess the riskiness of the customer/transaction on
the basis of specific qualitative and quantitative variables, assign scores to them, then classify the
customer/transaction into rating categories determined according to the final scoring result. A
calibrated probability of default (PD) is assigned to each rating category (or directly to
customers/transactions). Irrespective of the existence of any guarantees taken into account in capital
requirement calculations, the institution must perform the overall credit assessment of the underlying
exposure according to its rating model.
In relation to rating models, in both Pillar 1 and Pillar 2 the MNB basically expects compliance with the
requirements set out in the CRR. Among its expectations, the MNB highlights the need to regulate the
institution’s choice of a rating model for specific exposures (segmentation). By having consistent and
detailed documentation in place, the institution should ensure that rating staff have a clear
understanding of which rating model should be applied for a particular transaction/customer. A
particularly frequent concern is whether specialised lending exposures should be classified into the
corporate or project segment, and how they should be rated. To facilitate this task, the MNB issued a
guideline31 in 2017.
The categories defined by the rating model should be monotonous, i.e. higher-risk
customers/transactions (with higher default rates) should be classified into poorer rating categories,
while lower-risk customers/transactions should be assigned to more favourable rating categories.
Institutions should draw up regular management reports to assess the risk of migration between rating
categories. Where an institution detects an increase in migration risks (e.g. through migration matrices),
it should investigate the underlying cause (e.g. whether the risk results from portfolio deterioration or
the PiT character of the rating system). The risk of capital requirement cyclicality arising from the use of
a PiT rating system is considered by the MNB as a risk to be covered by capital (see the chapter on TTC
PD).
V.2.1.4 Estimating the probability of default

Institutions are required to estimate the probability of default (PD) for each exposure category by
reference to the long-term average of annual default rates.
Default is defined in Article 178 of the CRR. The EBA has released guidelines to support the correct
implementation of the concept described in the regulation 32.
29
Guidelines on the PD, LGD and defaulted assets; RTS_Assessment methodology to use IRB approach
30
https://www.bankingsupervision.europa.eu/ecb/pub/pdf/trim_guide.en.pdf
31
Recommendation No. 10/2017 (VIII.8.) of the Magyar Nemzeti Bank defining specialised lending exposures and speculative immovable
property financing
32
The EBA has released Guidelines EBA/GL/2016/07 on the application of the definition of default under Article 178 of Regulation (EU) No
575/2013.
49
In spite of the availability of the EBA Guidelines and various other regulations, material differences may
still remain between the definitions of default at different institutions, and this may have a material
impact on the estimated credit risk parameters. In order to offset these impacts, the MNB uses its own
benchmark definition of default in the ICAAP review to ensure that the parameters estimated for
particular institutions are comparable and that the differences reflect solely the differences in inherent
risks.
Although the use of conditional PDs reflecting the current state of the economy is expected for certain
applications (e.g. pricing, provisioning), the IRB Capital Requirement Calculation Model expects an
unconditional probability of default as the input variable, which is the long-term average PD of the
transactions over the economic cycle.
Where the institution has a sufficiently long default rate series, it should examine the occurrence of the
downturn and favorable years that can be identified in the series, and if it cannot be considered
representative of the economic cycle, the institution needs to adjust its time series by re-weighting the
ratio of downturn to favorable years. Where a sufficiently long default rate time series is not available,
the MNB considers it acceptable for the institution to examine the relationship between the default rate
time series and macroeconomic variables in respect of the portfolio concerned and use the historical
development of macroeconomic independent variables to estimate past default rates so that the length
of the time series covers a complete economic cycle.
Accordingly, the estimation of PDs is adequate only if institutions
 apply a definition of default that meets the legal requirements;
 determine the PD on the basis of a sufficiently long, multi-year time series in accordance
with Article 180(1)(h) of the CRR, relying on at least five years of experience 33. Where the
time series of at least five years does not contain a representative period that can capture
the likely range of variability of default rates 34, the institution should apply a higher
conservative margin in the parameter estimation to offset the estimation uncertainty;
 conduct not only a simple averaging of historical default rates, but ensure the through-the-
cycles characteristics (by applying adequate weighting), and demonstrate the
appropriateness of the PD estimation technique of their choice;
 Although seasonality (i.e. the consideration of the life cycle of transactions in estimating
probability of default) is expected best practice, the MNB has found that it is difficult to
measure accurately the impact of this variable and it therefore does not include it in its
benchmark models.
 counterbalance the statistical uncertainty of estimation by means of conservative
adjustments;
 take a forward-looking approach to estimation;
 demonstrate by means of regular (at least annual) back-tests that the rating system and PD
calibration work properly, and that recent default observations are in line with the forecasts
provided by the model. For that purpose, institutions should examine the relationship
between the calibrated PDs and the average default rates for each rating category.
In addition, the MNB expects institutions to conduct their PD estimations based on a detailed
methodology as laid down in the ICAAP documentation or the model documentation, rather than by
relying on ad hoc solutions and procedures. If the data used during the estimation do not meet the
requirements of the PD definition (e.g. the use of NPL ratios), then the assumptions used in the course
of the estimation should be substantiated in detail.
33
The MNB expects the institution to have the longest available time series for its products and segments.
34
likely range of variability of default rates
50
V.2.1.5 TTC (Through-the-Cycle) PD
Most of the credit risk capital models define the possible largest extent of losses in view of the risk
characteristics of portfolio elements. One of the most important risk indicators is a transaction’s
probability of default, which can be conditional or unconditional: the first expresses the credit quality
status for a given point of time and/or circumstance, while the latter reflects the extent of the
transaction’s general or “fundamental” default risk. The short-term probability of default, which reflects
the conditional state of the economy, is often referred to as Point in Time (PIT) PD, whereas the
probability of default that is not dependent on the former and applies instead to the entirety of an
economic cycle is referred to as Through the Cycle (TTC) PD.
IRB capital requirement calculations require unconditional PDs as their input parameter. In the CRR, this
expectation is captured by the provision that the estimate should reflect long-term experience.
According to the EBA guidelines on parameter estimation and the European Central Bank’s guide for the
Targeted Review of Internal Models (TRIM), PD calibration should be of a TTC character, i.e. estimates
may not be calibrated on short-term average default rates, but should be determined by reference to
the long-term average of probabilities of default. The MNB checks the fulfillment of this condition by
examining whether the expected default (central tendency) derived from the long-term average default
rate for a particular segment/product is the same as the estimated average PD of that
segment/product35. At the same time, these regulations allow institutions to apply a PIT rating
philosophy in their rating models. PIT rating models use cyclical risk factors that depend on the state of
the economy, thus transactions are migrated between rating categories as the economic cycle evolves.
The default rate for a rating category assigned in such models shows a low degree of variability, because
these models follow the rising default rate of the entire portfolio by migrating debtors to poorer rating
categories. Migration is lower in rating models of a TTC character, where the default rate of the given
rating category will increase rather than migration intensifying.
The PIT rating philosophy can lead to the cyclicality of the calculated capital requirement even with TTC
calibration, thus contributing to the pro-cyclical behaviour of the financial sector. The Basel III document
by the Basel Committee also calls for the reduction of the pro-cyclicality that emerges in the minimum
capital requirement itself. In addition, although even Basel II already sought to cushion pro-cyclicality, it
acknowledged that risk sensitivity and pro-cyclicality were, to a certain degree, inseparable.
In its 2016 consultation document addressing the applicability of credit risk models 36, the Basel
Committee argues that not only the PD calibration itself, but the rating model should also be TTC in
character, i.e. that rating systems should be designed in such a way that assignments to rating
categories generally remain stable over time and throughout business cycles, and that migration from
one category to another should generally be due to idiosyncratic or industry-specific changes. In a
slightly more qualified manner, the same expectation is expressed in the final Basel reform package of
201737, according to which a borrower rating must represent the borrower’s ability and willingness to
contractually perform despite adverse economic conditions, and that the corresponding assessments
must be made in consistence with current conditions and those that are likely to occur over a business
cycle. By design, in rating systems idiosyncratic or industry-specific changes are a driver of migrations
from one category to another, and business cycle effects may also be a driver. This latter wording allows
the institution to take into account the impact of external circumstances in its rating provided that such
circumstances represent a change in the borrower’s ability and willingness to repay, not merely a
change depending on the current state of the economy.
During the ICAAP reviews the MNB observed that the supervised institutions most frequently use a
combination of a PIT rating model and TTC calibration. In this approach, if the variables incorporated in
35
We consider it appropriate to use the term ‘expected default’ in view of factors such as portfolio composition, seasonality, etc. While the
default target for the performing portfolio at any point in time may differ from the long-term average default value, it is estimated on that
basis.
36
https://www.bis.org/bcbs/publ/d362.pdf
37
https://www.bis.org/bcbs/publ/d424.pdf.
51
the model correlate with the economic cycle, the PDs specific to individual years will also be volatile.
Although the average of estimated PDs, observed over the full length of the calibration period, will be
identical with long-term average of the default rates, the PDs specific to individual years will fluctuate
around the average in correlation with the cycle, and in particular, the average PD measured on the
performing portfolio of the final date considered may be significantly different from the calibration
target. The extent to which the PDs specific to individual years differ from the average of the long-term
default rate depends primarily on the proportion of the variables correlated with the economic cycle,
and their sensitivity to the economic cycle. In the case of a rating system with a strong PIT character, PD
calibration on the long-term average default rate will not reflect long-term experience, and may,
depending on the cycle, soon lead to underestimations (in favorable years) or overestimations (in a
downturn period) due to migrations.
Migration resulting from cyclical effects (PIT rating model) and respectively PIT PD calibration carry risks
that the MNB seeks to have covered with capital in the context of ICAAP reviews. While the MNB does
not expect PIT rating systems to be replaced in the short term, it does expect institutions to complement
it by developing a TTC rating system and PD under Pillar 2, and also calculate their capital requirements
accordingly, and, where necessary, provide the required capital under Pillar 2. TTC customer ratings
ensure that customers can only be migrated to another rating category in the event of a change in their
individual risk. In the retail segment, the practical implementation of this is more straightforward, as the
application ratings used typically incorporate variables that are, overall, largely independent of the
economic cycle (e.g. socio-demographic variables, PTI at disbursement). In the corporate segment, the
MNB primarily expects institutions to examine how PDs and capital requirements change when
independent variables such as past due status and negative monitoring information, the main drivers of
cyclicality, are removed from the models.
TTC rating models tend to provide lower separation power. In the longer run, the models have limited
capacity to separate groups with high PDs. PiT models, on the other hand, provide for adequate
separation in the short term, primarily by separating items that are already past due (showing poor
monitoring results). At the same time, PiT models tend to be ineffective in the division of non-past due
items into risk groups, which leads to high concentration in good rating categories. The MNB does not
consider a diminishing separation power to be problematic and regards it as a natural corollary of the
long-term approach.
V.2.1.6 Retail TTC PD – supervisory benchmark

Benchmarks are calculated to ensure that institutions are judged by the same standards. Applicable
legislation still gives institutions a broad scope for defining their own default indicators and for setting
the materiality threshold of 90 DPD38, which means that even if all the expectations for default
definitions are met, there may still be significant differences among banks in terms of whether certain
transactions are classified as defaulted, and when the default status is set. Differences in the
identification of defaults will eventually also appear indirectly in capital requirement calculations:
- through the calibration of PD models (a relatively strict default definition identifying a large
number default events that are subsequently cured – a higher observed default rate)
- through LGD models (a high number of cured default observations will reduce observed LGD)
- through the correlation of defaults (default events arising from the same cause but identified at
different times will distort the relationship observed between the economic environment and
default rates)
For retail portfolios, the MNB’s benchmark model consistently uses the same modified default definition
to estimate TTC PD for all institutions. Pursuant to the default definition on which the model is based,
38
Applying the EBA’s RTS on the definition of default and the related MNB Decree as well as the MNB Recommendation on the materiality
threshold for past due debts is expected to reduce the differences between banks due to the differences in their methodologies, provided that
the banks are able to offer reliable long-term retrospective estimates on how much their rates of default would have been if they had always
employed the new definition of default
52
only permanent past due status qualifies as a default (at least 360 days past due in the case of
mortgages and 180 days for personal loans), with recurring past due items aggregated in all cases, taking
the date of the first arrears (of a small sum) or the first restructuring date as the start date. A transaction
will only be considered cured if it is classified as less than 90 DPD permanently (for at least 1 year) and
until the end of the available time series. In the event of restructuring, cured status presupposes a
period of 2 years in the less than 90 DPD category. The MNB does not take into account default
indicators other than the past due status (it does not consider even restructuring as such an indicator),
and it assumes that any transaction involving a loss will also be recognised as past due. The extent to
which banks’ default definitions lead to distorted risk metrics is, in addition to the high proportion of the
transactions reported as cured and of multiple defaults, also indicated by the low risk parameters (low
CCF, low LGD) of “soft” defaults that are not the result of past due balances.
For time series based on the modified default definition, the MNB estimates the PD by running logistic
regressions for each product using the application variables to be supplied by the banks. The
independent variables used for that purpose do not include past due customer indicators or any other
indicators pertaining to the economic cycle. The advantage of model calibrated in this way is that it
takes into account the overall development of portfolio quality (typically an improvement), while
preserving the unconditional (TTC) character of the estimated PDs.
The MNB does not expect banks to apply the above methodology, but where an institution’s Pillar 2
capital requirement is significantly influenced by the default definition or modelling methodology
applied, the MNB will determine the TSCR by reference to the benchmark calculated with the above
methodology.
If the Bank is unable to supply reliable time-series data about the performance of its transactions going
back sufficiently far so that a full downturn period is covered, then the MNB will use the benchmark
model parameters estimated from the data of the major banks in order to estimate the PDs of the
specific transactions. In the case of smaller institutions with less sophisticated databases and during the
focused ICAAP reviews of major banks, the MNB will rely primarily on the benchmark model when
assessing the capital requirement calculations and will review the appropriateness of the Bank’s own PD
models in detail during its comprehensive audits.
V.2.1.7 Corporate PD – supervisory benchmark

Where an institution does not have corporate PD estimates based on data of appropriate quality and
length of history enabling the internal capital calculation, the MNB will quantify the IRB-based SREP
capital requirement using the corporate PD benchmark model developed from major banks’ corporate
default databases. The MNB developed the corporate PD model using a default rate time series of 12
years that only contain purely corporate observations (i.e. excluding e.g. projects, financial institutions)
and also include downturns. In terms of structure, the corporate model is a logistic regression between
the financial indicators (and their WOE – weight of evidence – values) generated from corporate balance
sheet and profit and loss data, and the default indicator. The indicators were selected taking into
account the experience of major banks; the model includes size, long-term and short-term liquidity,
profitability, indebtedness and the debt service ratio. The PD parameter was calibrated separately for
the micro, small/medium-size and large corporate segments.
V.2.1.8 Applying EU benchmark PDs

Pursuant to Article 78 of the CRD, the EBA carries out an annual EU level benchmarking exercise for the
results of the internal models used to calculate capital requirements for credit risk. The scope of the
EBA’s analysis includes both high default portfolios (HDPs) and low default portfolios (LDPs). The EBA
publishes the report on the analysis on its website 39. The EBA also examines specific international
39
https://eba.europa.eu/eba-releases-its-annual-assessment-of-the-consistency-of-internal-model-outcom-1
53
companies, institutions, banks and sovereigns in terms of the parameters calculated by institutions
holding an IRB permit; it collates the relevant descriptive statistics (minimum, maximum, median,
averages, quartiles, standard deviation etc.) in a database enabling comparisons and places this
information at the disposal of the supervisory authorities. In the case of the LDP, the MNB uses these
confidential results which concern specific customers for benchmarking Hungarian institutions’ own PD
estimates and capital requirement calculations. As part of the ICAAP review the MNB highlights any
significant and unjustified PD deviations, while also sets the add-on stemming from the different PD
estimates when necessary. The MNB may also use the EBA benchmark values for quantifying
concentration risk.
V.2.1.9 Application of a sovereign floor

In Pillar 2, the MNB expects institutions using advanced methods to apply the sovereign PD as a
minimum limit for customers that operate and/or have their registered office in Hungary. The MNB does
not expect the use of Hungarian souvereign floor for large international corporations that have their
registered offices and establishments abroad as their risk is completely independent of Hungary’s
country risk.
V.2.1.10 Estimation of the loss given default ratio

The loss given default (LGD) ratio is a risk characteristic of equal importance with the probability of
default. In the MNB’s view, in LGD estimations, as opposed to PD estimations, the use of expected
values in unfavourable (i.e. downturn) situations represent the logically consistent solution rather than
the use of long-term averages. It is the MNB’s fundamental expectation for institutions to collect
historical information about the amounts of losses actually incurred, as well as about the initial
collateral structure in place and the recovery process used when the losses were incurred. Where data
are available on the specific loss-reducing effect of a particular collateral, it should be measured
separately by the bank, and the bank should have data concerning returns on collateral 40 for major types
of collateral (residential and commercial real estate, cars, guarantees), and should also collect data on
indirect and direct expenses. Where in respect of a particular portfolio segment an institution does not
have sufficient loss data that reflect actual returns and afford a reliable statistical estimate of LGD, it
should rely on conservative expert assumptions. In LGD estimations, special attention is required for the
following:
 To determine the downturn value, the institution may assess the macroeconomic factors
that may affect LGD and the determinants of LGD, and quantify the downturn LGD by
modelling the value of these macroeconomic factors in a downturn year. For downturn
estimations, particular attention is required for the cyclical components used for LGD
modelling (e.g. LTV, payments by customers, recovery other than returns on collateral) as
well as for the factors observed in the current portfolio that are not representative of the
data used for the estimation41.
 The observed characteristics and distribution of the status of transactions after their
classification as defaulted must be used for the estimates (e.g. recovery, sale of receivables
and collateral, closure). In order to appropriately estimate the downturn, it is not sufficient
to project past trends, rather the characteristics of the period since the crisis as well as the
possible changes in the conditions of returns must also be thoroughly considered.
 It does not suffice to deal exclusively with closed transactions since in numerous portfolios
most of the ever-defaulted transactions are still waiting for closure or sale at present. In the
case of unclosed exposures, the estimation should also consider the fact that in transactions
that are in default for a long time cannot be expected to yield the rate and outcome of
40
Institutions are also required to collect data about returns on collateral under Section 16 (2) (g) of MNB Decree no. 40/2016. (X. 11.)
41
The EBA is currently planning the development of a downturn concept. Until the release of the EU regulations, the MNB will be guided by the
provisions of the ICAAP Manual and the Validation Manual.
54
returns which transactions closed with relative speed produce. Therefore, the MNB expects
that the default characteristics of closed and unclosed transactions are be compared.
 In the case of the application of non-linear capital functions in the PD (such as the IRB
model), the MNB challenges the approach which interprets the cure back or restructuring of
non-performing transactions as a recovery which influences LGD. This is underlined by the
fact that if such transactions represent a high share within the portfolio – due to the non-
linearity of the capital function according to PD –may result in the underestimation of capital
requirements. In such cases, the MNB considers it expedient that the effect of the above-
mentioned „technical” defaults should be disregarded in the course of LGD estimation, or
that the cure rate should be taken into account in a particularly conservative manner. 42
 To complement the above, institutions are expected to manage multiple default events
through the appropriate merge of such events, and the definition of a curing period.
 If the LGD estimation is not based on actual recovery data, it does not suffice to conduct an
exclusive use of collateralisation levels in a direct way (e.g. an overview which compares
exposures with the liquidation value of the collateral). In such situations, the MNB believes
that the reliable and expedient method is to jointly and item-by-item take into account
collateral values, external environmental impacts (e.g. exchange rate devaluation) and
coverage levels (LTV). In the absence of the above, the MNB also accepts simulation
methods which utilise empirical distributions characterising the coverage level for the given
portfolio.
 In addition to the above requirements, institutions should have separate loss rate estimates
for non-performing portfolios, which should take into account risk characteristics that
deviate from those of performing portfolios. Institutions should, on the one hand, have a
best estimate of expected loss (ELBE) for non-performing exposures based on the current
economic situation and exposure status (current collateralisation, recovery status,
customer’s willingness to repay, etc.). On the other hand, in addition to the ELBE, an
institution must also estimate any additional unexpected losses that may arise during
recovery (unexpected exchange rate stress, collateral depreciation, unexpected
deterioration of the customer’s willingness to repay). The loss rate estimate, which also
incorporates unexpected losses over expected losses, produces the LGDs for non-
performing portfolios. The LGDs for performing and non-performing transactions should be
consistent in the sense that there should be no “cliff effect” in the LGD of former performing
transactions that have recently been assigned a non-performing status.
Similarly to PD estimation, institutions must record in the ICAAP documentation the detailed
methodology of LGD estimation and its Review Schedule, which is expected to be carried out with at
least an annual regularity. Furthermore, the MNB expects institutions to also analyse the relationship
between recoveries expected in the course of LGD estimation and group formation characteristics of the
exposure (e.g. the size of the exposure, the extent of delay, the time length of collection or the extent of
collection costs).
V.2.1.11 Retail mortgage LGD – supervisory benchmark

Due to its high share and the difficulties in tapering the portfolio, non-performing retail mortgage
continues to represent one of the highest lending risks of the Hungarian banking system. Due to the
uncertain return potential of non-performing retail mortgage loans, the MNB expects institutions to take
a particularly conservative approach to LGD estimation. The MNB carries out benchmark calculations to
verify LGD estimates for retail mortgage loans. Benchmarks are calculated to ensure that institutions are
judged by the same standards. Institutions may provide explanations for their deviation from the
applicable benchmark, but where an institution’s model is inadequate, the MNB will determine its TSCR
42
In capital requirement calculations it may be justified to reduce input PDs in proportion with the absence of adjustments to the LGD.
55
by reference to the benchmark. The MNB’s benchmark LGD models the downturn value of two recovery
outcomes: 1) the curing ratio characteristic of the restoration of the customer’s solvency, and 2) the
level of loss observed in the case of returns on collateral.
The MNB determines the downturn value of the curing ratio by reference to the year with the worst
curing ratio. In order to eliminate the distorting effect of multiple defaults and curing on estimates, the
MNB will combine multiple default events. For non-performing transactions, curing is measured as a
function of the time spent in default, without other variables being used to model downturn curing,
given that most of the independent variables can be considered cyclical.
As regards returns on collateral, the MNB uses a single coverage factor to express the potential decline
in market value in a downturn, the price reduction due to forced sale, and the costs of enforcing the
collateral. The MNB derives the present value of the returns on collateral as a function of the time of
sale and a properly chosen interest rate that incorporates both funding and operating expenses. Where
the effect is material, for the purposes of calculating the returns on collateral the MNB may also take
into account the additional risk arising from the volatility of the coverage factor. The MNB performs
regular estimates and back-tests for the coverage factor, the discount rate, and the time of sale, with
regular reviews of these parameter values. As the risk of overvaluation had increased significantly in
Budapest by the end of 2018, the MNB specifically monitors the development of market prices in the
capital’s real estate market for the purposes of determining coverage factors.
The MNB underlines that LGD should be a downturn value, and in particular LGDs for non-performing
transactions should also include unexpected losses over expected losses. Precisely for that reason, while
calculation of provisions and expected losses may immediately reflect positive changes (such as
improvements in the customer’s ability to repay, and improving prospects for the real estate market),
the LGD must also provide coverage for any unfavourable movements (deteriorating willingness to
repay, declining real estate market), and unexpected losses.
As a result of its benchmark calculation, the MNB may impose additional own funds requirements, but it
does not rely on this calculation for its assessment of the adequacy of provisions.
V.2.1.12 Non-performing items, expected loss and provisions

Items classified into the default category based on the default definition under Article 178 of the CRR,
which applies uniformly to institutions using the standardised and IRB approaches, are an important
part of risk exposure. Coverage for the risk and potential losses of non-performing exposures is basically
provided through provisions43; however, as demonstrated by the former steady increase in the risk costs
of non-performing IPRE (Income Producing Real Estate) projects and retail FX mortgage loans, significant
unexpected losses may be incurred on the non-performing portfolio.
For the purposes of its review, the MNB expects institutions to assess the risk of non-performing
exposures in Pillar 2, by demonstrating, on the one hand, the existence of sufficient provisions for
expected losses and, on the other hand, calculating an adequate capital requirement for unexpected
losses over expected losses. To this end, as described in the chapter on the estimation of the loss rate,
the institution must develop a reliable ELBE or LGD estimate in respect of their non-performing
portfolios.
The MNB’s experience to date has been that a larger proportion of institutions did not have appropriate
ELBE or LGD estimates for non-performing exposures. In the absence of reliable parameters, the MNB
assumes ELBE (expected loss) as an equivalent of provisions, with regard to the interrelated concepts of
provisions and expected loss. While theoretically an institution may allocate provisions in excess of
expected losses, this has not been corroborated by the outcomes of previous reviews and developments
in risk costs. An institution seeking to recognise excess provisions on its non-performing portfolio must
provide conclusive evidence through its ELBE estimate that it actually has an impairment methodology
43
See the applicable provisions of Section 84 of Act CCXXXVII of 2013 (Credit Institutions Act) and Chapter VI of Government Decree 250/2000
(XII. 24.).
56
in place that produces provisions in excess of expected losses. Even in cases where the existence of
excess provisions can be verified, consideration will be given to whether the excess of a particular non-
performing exposure can actually be used to cover other risks in the future.
The MNB sets the regulatory LGD44 as the LGD for non-performing exposures, and determines
benchmark LGDs for certain portfolios (e.g. retail mortgage, projects) where the institution does not
have a separate LGD estimate.
Institutions using IRB also distinguish between expected and unexpected losses in their capital
requirement calculations: they allocate capital to unexpected losses, while recognising the IRB shortfall
(derived as the difference between expected losses and provisions) in own funds. Since the value of own
funds must be equal under Pillar 1 and Pillar 2, for institutions using IRB in Pillar 1 the value of the IRB
shortfall, overridden in Pillar 2, should be recognised in the Pillar 2 capital requirements. In the case of
institutions using a standardised approach in Pillar 1, the value of the IRB shortfall is obviously part of
the Pillar 2 capital requirement.
Regarding the calculation of capital requirements for the IRB shortfall and the non-performing portfolio,
the MNB will be guided by the provisions of the CRR on the IRB approach that incorporates an LGD
estimation of its own (AIRB), i.e. the expected loss on the non-performing portfolio is assumed to be
equivalent to the ELBE estimate, subject to Article 159 of the CRR in cases of excess provisions for the
non-performing portfolio. Obviously, in the absence of an ELBE estimate, when it is substituted by the
MNB for provisions, no excess (or shortfall) of provisions is recognised for non-performing exposures.
For non-performing exposures, the capital requirement is calculated using max{0;(LGD-ELBE)} under the
AIRB. To the extent that the institution has a reliable LGD estimate, the LGD will include unexpected
losses over expected losses; consequently, the relation LGD> ELBE will always be satisfied. However,
where an institution does not have LGDs, which tends to be the case with non-retail portfolios, the
regulatory LGD will be considered sufficient to cover the risks depending on the risk profile (e.g.
collateralisation) of the portfolio segment or the group of customers of homogeneous risk. The MNB’s
experience is that in certain non-retail segments regulatory LGDs do not provide adequate coverage for
the risk of non-performing exposures, and impairment is also higher than the regulatory rate of
approximately 45%. In the absence of a reliable LGD estimate, the MNB considers the provisions raised
as the ELBE value and determines the unexpected losses above that value as 8 percent (or 12 percent
for SL) of net exposures, by analogy to the standard capital requirement.
In the case of performing exposures, relative to the expected loss calculated as the product of the long-
term average default PD and the downturn LGD, and excess of provisions may accumulate naturally,
typically in a downturn accompanied by high default and loss rates. In such cases, providing that reliable
PD and LGD estimates are in place, the MNB accepts that the provisions will also cover part of the
unexpected losses over the expected loss. In the more favorable years of the economic cycle with low
rates of default and loss, provisions are typically not required in excess of the expected loss (derived as
the product of PD and LGD), but if this were nevertheless the case, then during the ICAAP review the
MNB will check the reasons for raising excess provisions, whether such excess is likely to survive on a
longer term and to what extent the excess is justified by differences in capital requirement calculation
and provisioning regulations. Such excess amounts may be taken into consideration against the IRB
shortfall values of other segments only if these excesses survive on a longer term and are raised due to
regulatory differences.
V.2.1.13 Holdings (Equity exposures)

A comprehensive risk assessment also requires an assessment of the risk of holdings. As part of such an
assessment, the institution must assess the risks of its subsidiaries that are subject to consolidated
supervision, as well as of any holdings outside the scope of consolidated supervision.
44
LGD values for the foundation IRB approach as defined in CRR.
57
In terms of holdings, the MNB primarily expects compliance with the rules for regulatory capital
adjustments and risk weighting as set out in the CRR 45.
In the ICAAP review, the institution should present the differences between its Pillar 1 and Pillar 2 risk
management and capital calculations. Institutions must segment the assets of the entities under
consolidated supervision into the exposure categories appropriate for the methodology used, and apply
the level of risk appropriate for each exposure class. The risk weighting of holdings must be determined
for investments in entities that are not subject to consolidated supervision.
As part of ICAAP reviews, the MNB expects information on the following:
 a complete list of entities in which the institution has a direct, indirect or synthetic holding,
defining the degree and type of each investment (e.g. significant/non-significant investment in a
financial sector entity), the gross value of the investment, and the amount of provisions, and risk
weighting under Pillars 1 and 2,
 The list should also include the details of credit provided by the institution for the purposes of
acquiring any participation,
 the activity profile of the entities,
 changes in holdings (during the period under review),
 upon request, the institution must disclose when, for what purpose, and in what circumstances
a particular holding was acquired, the activities and main risks of the entity in which the
institution has a holding, the results of the most recent accounting valuation of the holding, as
well as any changes expected concerning the entity in question (disposal, voluntary liquidation,
recapitalization of the entity, etc.).
In the case of Hungarian institutions, the MNB does not consider the risk of holdings to be significant;
accordingly, it does not expect Pillar 2 assessment approaches to be different from those applied under
Pillar 1. However, where the risk of holdings in entities not subject to consolidated supervision is higher
(which may be indicated by a higher share of exposures shown as holdings as a percentage of the
balance sheet total, significant past provisions on the holdings, or provisions recognised by the
institution on economic value or goodwill related to the holdings), the MNB expects the institution to
use its own internal capital requirement calculation methodology under ICAAP:
 in addition to the regulatory classification, the institution (primarily non-financial
institutions) should perform risk-based segmentation,
 segregate real estate market investments,
 manage the risks involved in an adequate and prudent manner, and quantify the capital
requirement.
As part of ICAAP reviews, the MNB examines in particular the risk weighting of holdings on which
significant past provisions were recognised in the supervised institutions, or which may present a higher
risk. These include in particular:
 holdings in which the asset side of the entity’s balance sheet is predominantly comprised of real
estate that generates profits or is to be sold,
 holdings acquired in an enterprise that a deteriorating debtor of the institution.
 holdings acquired in an enterprise that does not have a meaningful financial history and its
income-generation ability is difficult to assess.
In the case of the risky holdings specified in the previous paragraph, the MNB will be guided by the risk
weights specified in the CRR for IRBs:
 a risk weighting of 370% according to CRR Article 155(2);
45
Assistance for the interpretation of the provisions of the CRR is provided in László Seregdi: The role of own funds in the prudential regulation
of credit institutions.
58
 the application of lower risk weights or expected losses to exchange traded shares and equity
instruments (units), and to well-diversified portfolio investments, will only be accepted for
exposures where the application of preferential weights is supported by a high free float, the
volume of trading, or the level of diversification of the portfolio;
 the application of a 90% LGD under CRR Article 165 to equity exposures subject to the PD/LGD
method
Where a holding is acquired for the repossession of collateral property, the ICAAP risk weighting may
not result in a lower capital requirement compared to the application of the risk weighting expected by
the MNB to the properties being repossessed.
V.2.1.14 Specialised lending exposures

The Hungarian banking system has incurred its most severe losses on specialised lending exposures (SL),
particularly on income producing real estate financing projects. This is due to an uncontrolled build-up
of concentration in these portfolios, and their sensitivity to the economic cycle. Given the characteristics
of project portfolios, the MNB expects special care and awareness from the institutions in various areas
of risk management and measurement. Accordingly, institutions must:
 formulate and consistently apply the segmentation principles and the definition of default,
 develop a project appraisal and rating system that takes into account the specificities and
risk characteristics of such exposures, in particular the financial strength characterising the
project’s profitability, the LTV, DSCR, and their stress tolerance, as well as the other
characteristics of the asset, the political and legal environment, sponsor strength, PPP
revenue, and other collateral,
 pay proper attention in their internal parameter estimation procedures to the uncertainties
of estimation attributable to the typically small number of such exposures and to their low
representation in rating categories, and also manage the close correlation between the
customer’s risk and the value of the asset (property), i.e. the coordinated movements of PD
and LGD,
 determine, in the case of non-performing projects, adequate capital requirements for any
further unexpected deterioration in the value of the project and its profitability.
The MNB expects institutions to manage specialised lending exposures consistently in separation from
companies, in terms of segmentation, rating, parameter estimation, capital requirement calculations
and reporting. The MNB also expects institutions to act in accordance with the MNB’s
recommendation46.
Apart from segmentation, appropriate risk measurement is based on proper default definition and
default detection. Although it is already showing an improving trend, identifying the default status of
income producing real estate finance transactions, especially for projects in operation phase, has often
been a problem in the past. Reduced interest and principal burdens resulting from forbearance,
balloon/bullet arrangements, and contractual repayments often conceal the fact that the customer’s
profitability is insufficient to repay the loan even with the sponsor taken into account, which is a
precondition for the concept of default as set out in legislation.
With the appropriate number of defaults, institutions are expected to apply risk measurement and
capital requirement calculations on a PD/LGD (and possibly also loss rate) basis, taking into account the
principles of proportionality. In the parameter estimation used for internal capital requirement
calculations, a number of problems arising from the specific risk characteristics of SL exposures were
identified during supervisory reviews and the determination of capital requirements, addressing which
must remain in the focus for institutions going forward, with particular regard to the following:
46
Recommendation No. 10/2017 (VIII.8.) of the Magyar Nemzeti Bank defining specialised lending exposures and speculative immovable
property financing
59
 Managing the estimation and statistical uncertainties resulting from the number of elements
with a margin of conservatism.
 Managing the close correlation between the PD associated with project creditworthiness,
and the LGD associated with the value of the project property.
 Determining the downturn LGD in relation to the cyclical sensitivity of the value of the
project property and its profitability.
 Selecting a sample period that is representative of the complete economic cycle, taking into
account downturn periods with the appropriate weight, also with regard to the fact that in
the case of income producing real estate finance, the effects of the crisis may last
significantly longer than for ordinary corporate exposures.
Particular attention should be paid to the issue of cyclicality, which is relevant to the finance of income
producing real estate. The value of the financed property can be extremely volatile, and can often
change during the lifetime of the transaction as a result of various market events. Due to the close
correlation between the customer’s risk and the value of the property, the low LTV due to momentarily
low property prices will not necessarily result in a low loss potential, because customer default and
drastic falls in property value tend to coincide, which at the level of risk parameters, indicates a
correlation between PD and LGD. In addition, risk parameters are not only correlated with one other,
but also with the state of the economy, which may cause pro-cyclicality in capital requirements; namely,
capital requirements will increase in a downturn period and decrease in expansion, which may deepen
the economic crisis by further weakening or strengthening the willingness to lend. In addition to
cyclically changing risk parameters, capital requirements may be underestimated in good years, and
overestimated in bad years. The purpose of supervision is that the capital requirement should preferably
be cycle-independent, which should be taken into account in the assessment and measurement of the
risks of the income producing real estate portfolio. Cyclicality should be treated according to the TTC
concept described in the chapter on the PD 47.
Where institutions are unable to produce reliable estimates of the PD and LGD parameters due to the
low number of observations, the MNB considers it appropriate that institutions should use slotting
approach designed for specialised lending that takes credit quality into account by means of simple
weighting; however, even in such cases institutions are expected to back-test their PD estimates on a
quantitative basis, and calibrate it on the slotting categories.
In the SL segment, particular attention is required for the problem associated with the cyclicality of
cyclical rating variables. In this segment, the variables of the rating system typically correlate strongly
with economic variables, as a result of which the capital requirement will also be cyclical due to
migrations that follow the changes in the economy. This problem may be addressed through the cycle-
independent assessment of specific risk factors, in particular the value of the project property (including
its LTV and DSCR) over a long-term horizon, as well as by giving more thorough consideration and, for
rating purposes, more weight to the stress tolerance of project value. The use of a rating system that
implements these aspects enables institutions to carry out forward-looking assessments of the risks of
newly disbursed exposures, and to ensure that cycle-independent changes occurring in lending practices
and risk profiles are incorporated into the capital requirement.
A common problem is where an institution bases its capital requirement calculation methodology on the
assumption that its former poor-quality project portfolio is no longer representative of the current
project portfolio. However, the MNB expects the institution to be able to provide quantitative evidence
for the improvement of its portfolio quality. The MNB notes that a more favourable risk profile for newly
47
For projects, reliance may be made on variables such as the object (nature) of the project, whether the project is in construction or
completed, the quality and experience of the sponsors, the FX risks taken, the sensitivity of the cash flows generated by or estimated for the
project (e.g. to interest rates, OPEX, exchange rates, etc.). While these variables are much more stable, they cannot be considered to be 100%
non-cyclical.
60
disbursed projects can be supported by the application of a TTC-based rating system that takes into
account the aspects detailed above.
It can be also stated in general that in the case of non-performing income producing real estate finance
exposures, institutions failed to act with due care when assessing the risks, as they recognised the
required provisions over a longer period of time. While in 2009–2012, the sometimes spectacular rise in
coverage by provisions was due to the deliberate postponement of recognising impairment losses, in
later years the increase in collateralisation levels was driven by the further deterioration or stagnating
outlook for the commercial real estate market, and by the conservatism of valuation. The MNB
therefore continues to pay special attention to the adequate quantification of the risks associated with
non-performing property finance portfolios, and the coverage of risks by capital and provisions. In this
regard, the MNB expects institutions to develop risk measurement models that are capable of suitably
identifying risks arising in the operation of the portfolio and, in the case of profit-generating property,
primarily with respect to the cash-flow generated by the property. Besides the calculation of expected
losses, these models should be also able to ensure an adequate calculation method for possible
unexpected losses incurred during collection and for the capital requirement needed. One possible
implementation of this could be a stress on the cash flow on which the project appraisal is based.
Institutions are expected to assess the stress tolerance of a given SL exposure, which can be examined
primarily by stressing the cash flow plan of the project, by incorporating exchange rate stress, falling
rents or other deteriorating property market trends.
Recent supervisory reviews have found major improvements in provisions training in the Hungarian
banking sector, both in terms of the prudent management of the portfolio and the design of the
methodology for estimating expected losses. Overall, the levels of the provisions made by Hungarian
banks are increasingly approximating expected losses, i.e. the carrying amount net of allowances
provides an adequate approximation of project value, in view of which capital only needs to be allocated
to unexpected losses. Based on the experience of the MNB, in their internal capital requirement
calculations institutions may be expected to determine a capital requirement of at least 12% of the net
non-performing SL exposure to express the “unexpected” decrease in the value of projects appraised in
accordance with expected conditions. The MNB will review the adequacy of the 12% benchmark level
depending on the economic cycle, given that additional depreciation may be significantly greater in an
upturn than in a downturn scenario48.
Where the supervised institution lends to a real estate fund, the MNB will take into account the risk
weights of commercial real estate projects as benchmarks when examining the capital requirement for
these exposures.
V.2.1.15 Real estate financing project capital requirement and expected loss – supervisory benchmark
In general, the MNB considers the standard capital requirement insufficient for covering the risks of real
estate financing projects appropriately. As a result, the MNB uses the levels of capital requirement and
expected loss calibrated on the basis of major banks’ PD/LGD-based IRB capital requirements to
establish the SREP capital requirement of institutions that do not have reliable, risk-sensitive internal
ICAAP calculations. The benchmark model determines capital requirement and expected loss based on
project property coverage as the most relevant indicator as well as location, project status and project
type (industry/logistics, hotel, shopping/retail, homes, offices, specialist/plots). The MNB has capped
coverage at three times of market value in this model; if coverage is above that cap, the level of
required capital will not change. The MNB applies the capital requirement and expected loss levels to
the project exposures after the deduction of any state guarantees and financial collateral. The MNB uses
the benchmark model resulting in the risk weight primarily with small institutions that do not have their
own methodologies and data.
48
On that subject, see the following article in the Financial and Economic Review: http://www.hitelintezetiszemle.hu/letoltes/szenes-mark-
tomsics-andras-kutasi-david.pdf
61
V.2.1.16 Treatment of off-balance sheet items
The requirement to fully take into account credit exposures also applies to the proper management of
off-balance sheet items. Institutions that are subject to comprehensive and focused ICAAP reviews are
encouraged by the MNB to produce their own estimates of the credit conversion factor (CCF), also
taking into account the principles of proportionality. For own estimates, the MNB fundamentally expects
the conditions under the CRR to be met in Pillar 2 as well.
Particular regard should be given to off-balance sheet exposures (usually credit limits, and guarantees
given) with 0% regulatory CCFs due to the option of immediate termination, and to off-balance sheet
items of low/medium risk with 20% CCFs, for which, both in the MNB’s experience and according to
institutions’ own estimates, the CCFs applied fail to capture the real risk of these items. In the case of
these exposures, setting a higher 50% parameter value as an incentive for the production of own
estimates appears appropriate in Pillar 2.
Credit limits are set up for projects relatively rarely but may represent high risk. These off-balance sheet
items are typically credit limits related to later phases of project implementation, or possibly e.g.
treasury limits to hedge for exchange rate or interest rate risks. The probability of these limits being
drawn at default is difficult to measure statistically, but, in the MNB’s judgment, utilisation may be very
high in downturn scenarios. In the context of estimating utilisation, the MNB considers it important for
the institution to be able to establish whether the transactions used for estimation are operational or in
the development/investment phase. In the case of projects in operation, off-balance sheet exposures
are typically required for management and operations; accordingly, given that it is in the interest of the
institution that operations should be maintained, it can be assumed that off-balance sheet exposures
will be drawn under negative circumstances. By contrast, in the investment phase, it is not for the
customer to decide whether the off-balance sheet exposure should be utilised, it being conditional on
the fulfilment of contractual terms, which gives the institution the option to consider whether it is
worthwhile to provide additional funds in the event of a negative situation. Accordingly, the MNB is of
the view that the phase of the transaction at default is a cardinal point in estimating the utilisation of
off-balance sheet items; therefore, in cases where the institution does not have a reliable bank
estimate/back-test, the MNB determines the Pillar 2 CCF for the segment concerned depending on the
phase of the transaction (or, in the absence of this information, on the current utilisation rate). On those
grounds, the MNB uses the Pillar 1 CCFs set out in CRR under for transactions in the
development/investment phase (as well as for limit utilisation rates below 50% at default), but a CCF of
at least 50% in any case, while for transactions in the operational phase (as well as for utilisation rates of
50% and higher), setting the CCF at a 100% in Pillar 2 appears appropriate.
Mindful of the principles of proportionality, the MNB expects institutions that are subject to
comprehensive and focused ICAAP reviews to develop their own reliable downturn CCF estimates for
retail credit card debt and overdraft facilities. In the absence of this, the MNB applies a 100% CCF in
determining the TSCR.
In the case of internal approaches, the MNB expects institutions support and explain, in professional
terms, their choice out of the most commonly used CCF estimation methodologies (bootstrap
simulation, decision tree, confidence intervals for the calculation of margins of conservatism).
When the risk sensitive approach is applied, the MNB expects the use of an approach that takes into
account the empirical fact that the greater the probability of default, the greater also the probability of
drawdowns against credit limits. Irrespective of the chosen approach, the MNB finds it necessary to get
to know the institutions’ analyses as to what extent off-balance sheet exposures were drawn down until
the date of the defaults. Accordingly, the MNB expects that in cases where the estimation demonstrates
a significant correlation between the default rate and the credit conversion factor, the estimated factor
should include a higher margin of conservatism. The MNB has found that there is typically a significant
positive correlation between the limit utilisation and size, implying the need for this relationship to be
considered in the estimation of the credit conversion factor.
62
The MNB also expects the institution to assess the behaviour of limits with low and high utilisation rates,
and the impact of that behaviour on CCF estimation/back-testing, and to determine the CCF in view of
the result. In order to cater for downturn estimates, institutions should handle the cyclical behaviour of
the independent variables used in their CCF estimation. In special cases where limit utilisation is
correlated with the default rate, the risks will also be present in the migration between utilisation levels,
and should be covered in the downturn CCF estimate so that the exposures at default, as estimated
using the CCFs, reflect the higher limit utilisation observed during the downturn period.
In its CCF estimation, the institution must estimate the proportion of the undrawn limit that will be
drawn. Accordingly, by definition the observed CCF cannot take a negative value. Where an institution
calculates the CCF on the basis of the exposure difference between the observation date and the default
date, and thereby factors in the effect of interim repayments, the MNB expects the institution to set a
floor in order to limit the estimated transaction-level CCF within the observation sample. In this context,
institutions should assess the effect (i.e. the direction and extent of distortion) of limit changes on the
estimate.
The MNB has found that the estimation of the credit conversion factor for individual products provides a
significantly more accurate result if, for the product segment being considered, the credit conversion
factor is estimated separately within each sub-segment defined according to various levels of limit
utilisation. For the purpose of segregating transactions, the supervised institution may rely on expert
opinion or a statistical method in setting a threshold for the level of limit utilisation. Within product
segments subdivided by limit utilisation, a different CCF parameter may be used for the determination
of exposure at default where it can be demonstrated statistically (for example, by means of non-
overlapping confidence intervals for the two parameters) that the two parameters obtained differ
significantly.
V.2.1.17 Counterparty risk

Definition
Counterparty risk means potential losses from a counterparty’s failure to perform its contractual
obligation before the conclusion of the specific transaction (i.e. before the final settlement of
cashflows). As a type of credit risk, this risk affects derivatives, repo and other securities financing
transactions. Another characteristic feature of counterparty risks is their bilateral character; in other
words, the respective positions can take on an opposing (market) risk profile from the perspective of the
counterparties participating in the given transaction which, among other things, provides an opportunity
for netting positions and settlements. Regarding other definitions, the MNB will be guided by the
definitions provided in Article 272 of the CRR.
The assessment and management of counterparty risks is significantly different from the risks of direct
lending. On the one hand, generally transactions carrying counterparty risk are primarily not made to
take credit risk, but to hedge for or take market risks. Another important difference is that the exposure
of the position changes on a daily basis, which means that potential future changes in exposures should
be regularly monitored and taken into account.
For the purposes of managing counterparty risk, the MNB expects institutions to:
 monitor customers on a regular basis,
 evaluate transactions and exposures to customers at least daily,
 monitor collateral received and given, as well as initial and variation margins, at least on a
daily basis,
 monitor wrong-way risks,
63
 set limits on customer exposures,
 follow a conservative approach in the calculation of the limit charge of the transactions,
taking into account the risk of each transaction, as well the netting and margin framework
agreements with the counterparty,
 ensure the regular and reliable reporting of transactions to the EMIR database in accordance
with the legislation in effect.
The MNB recommends that, in line with the risk management arrangements in modern money and
capital markets, in the greatest possible number of cases, institutions should:
 enter into netting agreements with their customers,
 ensure the required collateralisation,
 ensure that a framework agreement is in place for the settlement of initial and variable
margins, and is operated on an ongoing basis, and
 arrange for clearing via a central counterparty.
ICAAP review
Although counterparty risk is classified by the CRR under credit risk, in view of its nature the MNB
expects the risk management unit to be familiar with the market risks of the products, and the
infrastructure of money and capital markets.
In determining capital requirements for counterparty risk, the MNB expects institutions to proceed as
follows:
 Take into account transactions in both the banking book and the trading book.
 Apply a consistent capital requirement calculation methodology for a particular type of
transaction.
 Carry out systematically checks on the quality of the data used to calculate the capital
requirement, including the assessment of the transaction.
 Carry out the assessment of collateral received and given in relation to the management of
counterparty risk at least daily at the level of the customer or the netting set.
 Have the means, for the purposes of their capital requirement calculations, to identify
written options (including any transactions whose market value is never positive) and
whether the option premium has already been paid or will be paid in the future, as well as
transactions where the terms are regularly re-established on an MTM basis so that the
market value of the contract is 0.
 Have the means, for the purposes of their capital requirement calculations, to identify
whether the individual transactions have been concluded via a central counterparty, and if
so, which one, and whether indirectly or directly.
 Based on the definition provided in Article 291(1) of the CRR, the MNB considers a risk to be
a specific wrong-way risk in cases where a high expected future exposure to the
counterparty is accompanied by a high probability of default of the counterparty. Pursuant
to Article 291(5) of the CRR, an institution identifying a transaction that carries a specific
wrong-way risk must quantify the capital requirement for that risk in a separate netting set
under Article 273(8) of the CRR even where the mark-to-market method is used.
 The recognition of netting in capital requirement calculations is subject to supervisory
authorisation in accordance with Articles 295–298 of the CRR.
64
 Written options are also subject to a potential future exposure add-on if they are included in
a netting set where there are also options that have not been written and as such potentially
have a positive value, as described in EBA Q&A 2013_666 49 and EBA Q&A 2015_219550.
 In the case of transactions concluded indirectly via a central counterparty, the institution
should be able to assess, for each member of the clearing chain, that the relevant
transactions and collaterals are separated and segregated, and are bankruptcy remote.
 The methodology and parameters used for the calculation of counterparty risk weights
should be the same for counterparty and direct credit exposures under both Pillars 1 and 2.
 Where an institution uses different methodologies for calculating capital requirements
under Pillar 1 and Pillar 2, the institution must provide a detailed description of the
difference in its documentation, and must be able to present the numerical differences at
the transaction or netting set level when calculating its capital requirements.
Where an institution uses the mark-to-market method as set out in Article 274 of the CRR to calculate
the capital requirement for counterparty risk, the MNB has the following expectations for Pillar 1 capital
requirement calculations:
 Given that transactions carrying counterparty risk are essentially comprised of two legs, the
institution should use a consistent methodology for determining the nominal value across
product types, which should be proportionate to inherent risk under Article 273(8) of the
CRR.
 According to EBA Q&A 2014_907 51, institutions may not use deltas to determine the nominal
value for option contracts.
 In the case of a netting agreement recognised by the authority, the net replacement cost
must be determined according to the following formula:
Net replacement cost = MAX(0; Σ Positive-value transactions – Σ Negative-value
transactions + Σ Collateral given – Σ Collateral received)
 The exposure value derived as the sum of net replacement cost and the reduced potential
future exposure may be further reduced by the value of collateral that is not recognised in
net replacement cost.
 If the derivative is not subject to a netting agreement recognised by the authority, the
exposure value derived as the sum of gross replacement cost and potential future exposure
may be reduced by the value of collateral received and must be increased by the value of
collateral given.
Described in the commonly applied Article 274 of the CRR, the mark-to-market method has a number of
shortcomings as identified in paragraph 6 of the BCBS Consultative Document 254 on counterparty
credit risk52:
 It does not differentiate between margined and unmargined transactions;
 The supervisory add-on factors do not sufficiently capture the level of volatilities as
observed over the recent stress periods; and
 The recognition of hedging and netting benefits through NGR is too simplistic and does not
reflect economically meaningful relationships between the derivative positions.
49
http://www.eba.europa.eu/single-rule-book-qa/-/qna/view/publicId/2013_666
50
51
52
http://www.bis.org/publ/bcbs254.htm
65
Since it does not consider this method to be sufficiently risk-sensitive, for the purposes Pillar 2 capital
requirement calculations the MNB has the following expectations for institutions with significant
derivative market activities:
 In their Pillar 2 capital requirement calculations, institutions should use more detailed and
risk-sensitive multipliers than the mark-to-market method set out in the CRR to determine
potential future exposure, or advanced methods such as the Internal Model Approach
described in Articles 283–294 of the CRR.
 The method to be used should differentiate between margined and unmargined
transactions in the calculation of potential future exposure.
 The calculation of potential future exposure should take into account the volatility typical of
the stress period.
 Institutions should seek to model netting benefits and initial and variation margins in a more
realistic way compared to the mark-to-market method.
 A conservative approach is required for exotic derivatives and underlying products.
V.2.1.18 Counterparty credit risk from White Label contracts in investment firms
Operating online trading platforms via the White Label scheme is a service where the investment firm
purchases a fully supported product from a third party and then resells it under its own brand and
business name. While in the relation of the investment firm and the customer the service includes the
acceptance and forwarding of the order, the contract between the investment firm and the third party,
rendering the actual services (access to the foreign exchange market) covers not only the purchase of
the software licence, but also the management of securities and cash account. In the case of White
Label contracts the customers’ funds and positions are recorded on subaccounts opened under the
customer account registered in the name of the investment firm. Technically, the third party service
provider is able to state customers’ positions and hedges separately, but in respect of open positions it
aggregates their eligible hedge assets, which is the source of counterparty credit risk with these types of
contract.
V.2.1.19 Credit valuation adjustment risk (CVA)

Pursuant to the regulatory changes effective as of early 2014, the scope of risks to be quantified and the
regulatory capital requirements for exposures were extended to include credit valuation adjustment
(CVA) risk, a type of risk that is a counterparty risk by nature but is defined separately under the CRR.
Institutions should design (or develop) and operate the rules, processes, methods, procedures and
systems intended to manage risks in such a manner that they adequately cover the newly emerging
elements of risks as well, with special regard to risks related to CVA. Based on current regulatory
requirements53, the risks associated with quantified CVA can be considered to be relatively low among
Hungarian institutions. Mindful of the principle of proportionality, given the presence of adequate in-
process components the MNB currently does not consider the use of advanced internal models in the
ICAAP as essential for determining the magnitude and capital requirements of this risk. Obviously,
where justified by the size and/or complexity of the risk positions, or possibly changes in regulation, the
development of the method applied is also expected.
In calculating the capital requirements for CVA risk, the MNB expects institutions to:
 regularly check the exemptions under Article 382(4) of the CRR for customers,
 regularly monitor the credit rating of customers,
 present the steps of their capital requirement calculations to the MNB,
53
According to the current provisions of the CRR, the scope of CVA exposure calculation should be limited in terms of customer types (subject
to exceptions).
66
 where an institution uses different methodologies for calculating capital requirements under
Pillar 1 and Pillar 2, the institution must provide a detailed description of the difference in its
documentation, and must be able to present the numerical differences at the customer level
when calculating its capital requirements.
V.2.1.20 FX lending risk

Definition
FX lending risk is the potential threat of a loss from lending in a currency other than the legal tender of
the country of the borrower’s residence.
As part of their credit risk assessment, institutions must separately assess the credit risk arising from the
foreign currency-denominated exposures to unhedged borrowers 54, and the materiality of that risk. The
risk inherent to foreign currency lending is characterised by a non-linear relationship between credit and
market risks, as the market risk stemming from the appreciation of the foreign currency exerts a
disproportionate impact on the credit risk of the institution’s foreign currency loan portfolio, and
occasionally can even impact the institution’s entire risk profile. Foreign currency lending can imply
higher residual risk in case the value of the collateral does not follow the rise in the exposure value
stemming from the increase in the exchange rate; in addition, institutions may also face the
concentration of credit risk if the majority of their loan portfolio is denominated in the same foreign
currency or in closely correlated foreign currencies.
In accordance with the EBA SREP Recommendation, FX lending risk may be assessed as material when
the outstanding foreign currency-denominated exposures to unhedged borrowers account for at least
10% of the institution’s total credit portfolio (for this purpose the total credit portfolio means the total
outstanding credit portfolio to non-financial corporations and household customers), in cases where the
total credit portfolio thus defined accounts for at least 25% of the institution’s total assets.
ICAAP review
The MNB expects institutions to operate adequate risk management mechanisms for measuring and
controlling FX lending risks. In this context, the MNB expects the institutions to:
 determine their risk appetite for foreign currency lending and their foreign currency lending
policy, and set specific limits (e.g. exposure-specific thresholds),
 adhere to the limits set for foreign currency lending, while also having preventive and ex-post
risk management procedures in place in case of potential overruns,
 ensure that FX lending risk is integrated into the institution's valuation methods, transaction
approval and review processes,
 ensure that the risk identification, monitoring and reporting procedures also cover FX lending
risks,
 have, for monitoring purposes, information on the foreign exchange risk of the transactions,
whereby the level of coverage, the natural hedge (including the existence and turnover of a
foreign exchange account) of foreign currency lending exposures should be monitored,
 ensure the continuous monitoring of the impact of exchange rate movements on the credit risk
of portfolios denominated in foreign currency,
 have appropriate knowledge of possible future trends and exchange rate volatility,
54
“unhedged borrowers”: borrowers without a natural or financial hedge that are exposed to a currency mismatch between the loan currency
and the hedge currency; natural hedges include in particular cases where borrowers receive income in a foreign currency (e.g.
remittances/export receipts), while financial hedges normally presume that there is a contract with a financial institution);
67
 incorporate into their collateral valuation policies the rules for the prudent management of
higher risk due to FX-denominated collateral (e.g. by applying higher haircuts) and to prescribe
the treatment of foreign exchange deviation (FX mismatch) arising from the different currencies
of the exposure and collateral, and periodically review the hedging position of foreign currency
borrowers,
 consider, in their rating systems/PD models, for the purposes of rating borrowers without a
natural hedge, the additional risk of foreign currency-denominated loans and the consequences
of the exchange rate fluctuations,
 incorporate a potential exchange shock effect into their EAD calculations.
The MNB expects the institutions to treat the risks arising from the foreign currency loans outstanding
to customers with no natural hedge separately in ICAAP:
 they should asses the non-linear correlation between the market risk and credit risk with
appropriate procedures,
 they should determine the related capital requirement in a prudent and forward-looking
manner, also taking the concentration risk (dominant currencies) into consideration;
 during the capital planning they should consider the future capital requirement arising as a
result of the properly stressed environmental variables.
 In case of stress tests, they should apply sufficiently severe scenarios.
The MNB expects the institution to carry out a regular review of the natural hedge at least annually, not
only on credit approval. In submissions, the institution must examine the existence of a natural hedge in
a separate chapter. The review of natural hedge should also cover the following aspects:
 the borrower's foreign exchange risk hedging strategy,
 the borrower's current and future foreign currency expenditures,
 analysis of the borrower's income, including, among other things, the currency in which the
borrower's income arises, whether the borrower's indirectly bears any foreign exchange risk
(e.g. if, despite the EUR rent, the tenant's income is generated in HUF), or which country the
borrower sells to (for example, to a currency resident country, to the home country, or to a
third country. In the latter two cases, it is necessary to analyse the sensitivity of demand to
changes in foreign exchange rates).
In the course of the ICAAP review, the MNB applies the above criteria to assesses whether the risk
management and capital requirement calculation processes and models for foreign currency lending are
adequately designed, and examines the adequacy of the capital requirement calculated to cover the
risk.
If the MNB identifies shortcomings in the relevant processes of the institution, or the institution is
unable to substantiate the adequacy of the capital requirement calculated for the relevant risk, for the
purpose of the proper management of the risks the MNB may impose measures and additional own
funds requirements.
V.2.1.21 Residual risks

Definition
68
Residual risks are risks associated with the significant devaluation or limited applicability of collateral
covering credit exposures. In other words, residual risk is the risk that recognised credit risk mitigation
techniques used by the credit institution prove less effective.
The CRR enables institutions to employ risk mitigation techniques to reduce the capital requirement of
credit risks. While institutions mitigate these risks by way of collateral, such collateral can pose
additional risks (legal, documentation and liquidation risks) which may deteriorate the impact of risk
mitigation.
For example,
 the liquidation of the collateral following the customer’s default is either problematic or
time consuming,
 collateral was valued inappropriately (e.g. overvaluation).
Residual risk must essentially be managed by means of written procedures and policies. Institutions
must be able to prove to the MNB that they have proper risk management procedures in place to
control risks that derive from the use of credit-risk mitigating collateral. The institutions should have in
place appropriate governing and control systems, valuation procedures, internal regulations and
assigned responsible individuals for the prudent handling of risks that occur. These procedures should
be subject to regular review.
Risk limits can also be used to monitor and mitigate residual risk. The institution may apply residual risk
limits, including those related to (i) the enforceability of collateral (e.g. success of drawing guarantees),
(ii) significant shifts in real estate prices (e.g. changes in price index), and (iii) the frequency of and losses
from fraud and legal procedures related to collateral (possibly within operational risk) to limit its risk. It
is important that the domain reports at regular intervals to the management area on the results of the
limits, or at least on the values that reached or exceeded the effective trigger level, as well as the action
plans that have been drawn up, and the measures implemented.
Where the MNB does not find the procedures and approaches employed by the institution under Pillar 1
appropriate and comprehensive, it may require the institution to take specific action (e.g. change the
haircuts on the volatility of collateral) or raise additional capital for covering residual risks.
ICAAP review
Residual risk is closely connected to the approach used in loss rate estimations because in sufficiently
conservative LGD estimations the residual risk is already directly reflected in the credit risk capital
requirement.
In the course of comprehensive ICAAP reviews, the MNB examines the method and capital requirement
for residual risk for institutions only in relation to the LGD estimation methodology. However, there are
also supervisory requirements for residual risks that include, but are not limited to, the management,
valuation, record-keeping, and enforceability of collateral that are typically assessed by the MNB in the
context of ongoing supervision and comprehensive and targeted reviews.
The MNB expects at least the following in a comprehensive ICAAP review:
 Institutions should measure and monitor the distribution of guarantors and collateral, and
take the necessary measures where appropriate (e.g. in the case of significant
concentration).
 Institutions should go beyond the statistics-oriented approach of LGD estimation in
assessing residual risks, they should also take into account and analyse in detail the risk
factors which may be responsible for the possible future devaluation or limited applicability
of collateral.
69
 Institutions should collect data on returns on collateral, costs related to returns, and
produce regular analyses of the experience, and quantify potential losses from the
depreciation and limited enforceability of collateral.
 Institutions should develop a detailed methodology for reviewing and back-testing the rules
for collateral discount rates. Institutions should carry out documented back-tests, at least
annually, for the appropriateness of the collateral value discount they use on the basis of
actual experience and of data on returns on collateral. Where justified by the result of the
back-testing, the discount should be adjusted.
 Institutions should investigate the relationship between the collateral and the
creditworthiness of the collateral provider and, if there is a significant correlation, take the
necessary steps (e.g. more conservative margin multiplier or LGD using other margins of
conservatism) 55.
 Institutions should adequately manage their collateral-transaction allocation in their
systems, risk management, and capital requirement calculations.
In their own LGD estimates, institutions should take into account previous burdens as well as the real
returns on collateral (e.g. through back-tested collateral value discounts) when determining the hedging
value used. It is also important that, in the LGD estimation, institutions should ensure the adequacy and
accuracy of the estimate with the appropriate data quality for the hedge data.
V.2.1.22 Settlement risk

Definition
Settlement risk is the risk that one counterparty to a transaction 56 does not fulfil its delivery/payment
obligation at the time of settlement, or fails to do so contractually, causing a financial loss to the other
party. Settlement risk may also include credit and liquidity risk elements, to the extent that it may result
from the deteriorated solvency or potential bankruptcy of the defaulting party, or unfavourable
developments in market liquidity conditions.
When assessing settlement risk, according to the methodology set out in Article 378 of the CRR, apart
from the value of the transaction the magnitude of the risk also depends on the length of delay in
settlement. The CRR considers the settlement risk to be actual in case of Pillar 1 from the fifth business
day after the delivery deadline (SD57 +5), i.e. in the event of a delay of more than four business days.
Under regular market conditions in Hungary, non-performance of delivery is mostly of technical nature;
i.e. transactions are simply settled with a delay. 58 In view of the fact that transactions delivered (settled)
within SD+4 days may also involve additional replacement cost, the MNB considers that such
transactions should also be monitored and managed in the ICAAP.
The basis for the quantification of the settlement risk is the market value of the outstanding transaction
at the time of settlement and the positive difference between the contracted (binding) value, i.e. the
replacement cost. The extent of the risk is thus influenced by the volatility of the exchange rate and the
length of time between the transaction and contractual performance. Non-performance by the
counterparty may mean loss of the exchange rate gains available on the transaction, i.e. the
replacement cost defined as the difference between the contract price and the rate at default may be
55
In accordance with Article 181(1)(c) of the CRR.
56
For the purposes of this point, a transaction in general is an agreement for the exchange of money market or capital market products, foreign
exchange, securities or commodities.
57
SD = Settlement Date
58
In relation to settlements, market players take varying levels of risk depending on whether the settlement of the transaction is guaranteed
(involves a CCP).
70
supplemented by the “alternative cost” of the loss of the exchange rate gains, or its realisation at a
reduced value.
Credit risk-related liquidity risk derives from the potential failure of the counterparty to fully deliver (the
contractual amount) in due time, which may lead to the following consequences:
 the duly delivering seller needs to seek other sources of liquidity to fulfil further contractual
obligation(s) (take out loans or sell certain assets),
 the duly delivering buyer will have to obtain the financial instrument concerned from
another seller so as to be able to deliver on further transaction(s).
For credit institutions and investment service providers operating under tight liquidity conditions,
defaults on high-value transactions (delays) may cause significant problems. This risk type should
especially be taken into consideration in the case of financial instruments that have a modestly liquid
market (for the purchase of the instrument is more difficult and delivery defaults are more frequent
under such conditions).
The greater the distance between the seller and the buyer in the transaction (the number of
intermediary counterparties or in terms of time zones), and the longer the (custodian) chain, the greater
the probability of partial, late, or non-performance. If the institution also provides clearing agent
services to its customers (sub-clearing members), it bears further risks due to the fact that as general
clearing member, it has to warrant for each sub-clearing member’s delivery to the central counterparty
(only the institution is in contractual relation with the CCP). This risk can be kept at an appropriate level
by setting risk limits, requiring adequate coverage and elaborating a proper monitoring system.
The extent of replacement cost risk depends on the institution’s agreements with other investment
service providers. Frame contracts (e.g. on securities lending) may be proper risk management means. If
the institution does not have an appropriate procedure in place for handling this risk, an additional
capital requirement may be justified in the case of volatile markets.
ICAAP review, capital requirement calculations
According to the CRR, the additional own funds requirement in Pillar 1 is based on the positive
difference between the market value of the not delivered transaction at the time of settlement and the
contract value (strike price), i.e. capital requirements are derived as the product of the replacement cost
and the weights in Table 1 in Article 378. For delays of less than 5 business days, the table contains a
zero percentage weight, and there is no need to allocate capital in the regulatory pillar for the risk of
such transactions.
In the ICAAP review, the MNB considers the approach used in Pillar 1 to determine the capital
requirement to be essentially appropriate, while in some respects it considers that a more rigorous
procedure should be in place. On the one hand, instead of a delay of four business days, it is advisable to
reduce the possibility of using a zero percentage weight to a delay of 2 business days, given that the
replacement cost also arises for these transactions. The risk weight to be applied is the same as that
assigned to the 5-15 day band of the table referred to above, i.e. 8%.
For prudential reasons, the determination of capital requirements is further tightened by the fact that,
instead of the capital requirement calculated for the current date (e.g. end of month/year), the MNB
considers the maximum daily value in the year preceding the determination of the capital requirement
to be the effective capital requirement.
V.2.1.23 Free deliveries

Definition
A free delivery risk arises in the case of transactions in securities, foreign exchange, commodities or
derivatives thereof, when one of the parties to the transaction irrevocably fulfils its contractual
71
obligation and the other party has not yet settled, i.e. in the case of a delivery before the other party
pays, or a payment before the other party delivers. As a result of unilateral performance, there is
essentially a credit relationship where the non-performing party is the borrower.
The risk of open delivery is essentially a credit risk, with the exception that the credit relationship is not
derived from a classical credit transaction. In contrast to the replacement cost arising in case of default
risk, the amount of risk exposure is equal to the total value of the delivered instrument or the total
purchase price paid.
The risk from free deliveries can be eliminated or mitigated through DVP (delivery versus payment) or
RVP (receive versus payment) settlements, a central counterparty (CCP) 59 interposed between the
counterparties, or the use of the CLS system 60. Since, by applying these instruments and principles, the
mechanisms of settlement systems mostly ensure that the risk from free deliveries is minimised, the risk
of settlements via central counterparties (CCPs) is limited to replacement cost. In the course of
transactions settled bilaterally outside the CCP, however, the risk of free deliveries should also be
considered, monitored, and managed, depending on the counterparty’s rating. The reason is that in this
scenario, there is no third party or mechanism between the dealing partners which could enforce the
DVP (RVP) principle. In this respect, the institution is expected to apply limit and partner evaluation
systems and to perform appropriate monitoring.
ICAAP review, capital requirement calculations
The criteria for determining the capital requirement for open deliveries in Pillar 1 are set out in Article
379 of the CRR. For the purposes of ICAAP reviews, the MNB will accept the management of these risks
according the CRR also under Pillar 2, and will thus be guided by the provisions of the Article referred to
above in determining the capital requirement for the risk, and in judging the institution’s determination
of the capital requirement.
V.2.1.24 Securitisation risk61

Definition
Securitisation is an alternative form of financing complementary to bank resources. Typically, in a
traditional securitisation technique, a service provider (e.g. a bank) with a significant stock of assets (e.g.
retail mortgages, SME loans, car loans) typically sells its receivables from different financial packages to
a company set up for this purpose. This company generates the consideration for the purchase of
receivables by issuing securities, so that the service provider obtains the rightful consideration for the
sale of the receivables without having to borrow or carry out other financial operations that would
increase its indebtedness. In the case of non-traditional, “synthetic” securitisations, the receivables are
actually not transferred, only their risk is transferred to the issuing company.
Risks deriving from securitisation deals for which an institution acts as an investor, originator or sponsor
should be evaluated and managed through appropriate procedures to ensure in particular that the
actual economic content of the transaction is fully reflected in risk evaluation and management
decisions. Institutions which are originators of revolving securitisation transactions involving early
amortisation provisions must have in place liquidity plans to address the implications of both scheduled
and early amortisation.
59
A central counterparty is an organisation that is interposed, directly or indirectly, between the parties to the transaction, taking over their
rights and obligations by acting directly or indirectly as a buyer with all sellers and as a seller with all buyers.
60
The forint was introduced to the CLS system in November 2015. The CLS (Continuous Linked Settlement) system operates on the basis of a
Payment versus Payment (PvP) approach to manage settlement risk. The system is operated by CLS Bank, which, however, does not qualify as a
CCP given that it does not assume the rights and obligations of the counterparties to the transaction.
61
Securitisation is covered in detail in Chapter 5 of the CRR, related secondary legislation, the EBA guidelines, as well as Article 82 of CRD IV, and
Paragraphs 155 to 157 of the EBA SREP Guidelines.
72
ICAAP review
The scope of the review and evaluation includes an assessment of the extent to which the level of own
funds held by the institution in respect of the assets which it has securitised are adequate having regard
to the economic substance of the transaction, including the degree of risk transfer achieved.
Institutions are expected to have internal methodologies that enable them to assess the credit risk of
exposures to individual obligors, securities or securitisation positions and credit risk at the portfolio
level. The internal methods may not rely solely or mechanistically on external credit ratings.
The supervisory evaluation is essentially based on the provisions of the CRR, related secondary
legislation62, and the relevant EBA guidelines63.
Published on 31 December 2010, the CEBS Guidelines on the Application of Article 122a of the CRD
provide further guidance on Articles 404, 405, 406 and 409 of the CRR 64.
The EBA Guidelines on the transfer of significant credit risk as set out in Articles 243 and 244 of the CRR
(EBA/GL/2014/05) were released on 7 July 2014 with the following objectives:
 to stipulate requirements for those originator institutions that wish to transfer the material
credit risk belonging to the securitised exposure to third parties and (in accordance with the
provisions of Articles 243(4) and 244(4) of CRR) prove that the reduction of the regulatory
capital requirement is justified by the transfer of the credit risk to a third party, and
 to provide the competent authorities with guidance for the proper valuation of the transaction
(based on Articles 243(2) and 244(2) of CRR) and (in accordance with the provisions of Articles
243(4) and 244(4) of CRR) for the assessment of the transfer – corresponding to the rate of the
reduction – of the credit risk to a third party.
If the initiator institution transfers a material part of the credit risk belonging to its exposures to a third
party, it may also reduce its regulatory capital requirement in proportion to the transferred risk. The
competent authorities have important powers in this respect. On the one hand, they permit the initiator
to regard the material credit risk as transferred, if it can prove that the reduction of the regulatory
capital requirement is justified by the transfer of the credit risk to a third party, and – on the other hand
– they may decide on ad hoc basis that the material credit risk may not be regarded as transferred to a
third party (if the decrease in the risk-weighted exposure values is not justified by the transfer of the
credit risk to a third party)..
Released on 24 November 2016, the EBA Guidelines on implicit support for securitisation
(EBA/GL/2016/08) define what constitutes a level playing field for the purposes of Article 248(1) of the
CRR, as well as the transactions under which no support is provided. 65
It is necessary to assess and manage in Pillar 2 all risks deriving from securitisation transactions
undertaken by institutions as the party who assumes risk, as the party who transfers risk or as sponsor.
The MNB expects institutions within the ICAAP review to allow access to all of their securitisation
positions irrespective of materiality, as well as to demonstrate the systematic monitoring of risk in the
portfolio underlying securitisation. In order to establish the relevant risk weights and capital
62
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:JOL_2015_263_R_0005 ; http://eur-lex.europa.eu/legal-content/EN-HU/TXT/?
uri=CELEX:32014R0602&from=EN
63
CEBS Guidelines on the Application of Article 122a of the CRD (Directive 2009/111/EC), published on 31 December 2010, EBA Guidelines on
the transfer of significant credit risk as set out in Articles 243 and 244 of the CRR (EBA/GL/2014/05), published on 7 July 2014 (defining
requirements for originator institutions that wish to transfer significant credit risk on securitised exposures to third parties, and, as provided for
in Articles 243(4) and 244(4) of the CRR, seek to demonstrate that the reduction of own funds requirements is justified by the transfer of credit
risk to a third party), and EBA Guidelines on implicit support for securitisation (EBA/GL/2016/08), published on 24 November 2016.
64
https://www.eba.europa.eu/regulation-and-policy/securitisation-and-covered-bonds/cebs-guidelines-on-the-application-of-article-122a-of-
the-crd
65
https://www.eba.europa.eu/documents/10180/1672271/Guidelines+on+implicit+support+for+securitisation+transactions+(EBA-GL-2016-
08)_HU.pdf/c66b1d41-be92-45d9-b7f5-f119c6c3afbe
73
requirements, the MNB acts with consideration to compliance with the provisions laid down in the CRR,
related secondary legislation and the EBA Guidelines, to the quality of the process, to its results, to the
business function of securitised positions and to the identical interests of entities sharing the risk.
V.2.1.25 Concentration risks

Definition
The concentration of risks refers to the exposures that may arise within a single risk category (intra-risk)
or across different risk categories (inter-risk) with the potential to produce (1) losses large enough to
threaten the institution’s regular business operations (of usual and expectable profitability) or (2) a
material change in the institution’s risk profile. While previous efforts to manage concentration risks
focused mainly on the concentration of credit risks (market risk concentration was typically managed by
market risk models)66, the crisis highlighted the fact that risk concentrations often make an impact via
various risks (credit, market, operational, liquidity risk) and in close interworking with each other. As
their combined impact may exceed the extent that would derive from the separated handling of
individual exposures, concentration risks must be managed with an integrated approach.
The concentration of risks may be a source of significant losses and therefore the MNB expects
institutions that the handling of concentration risks should always be an integral part of risk
measurement and management efforts as supported by written procedures and rules. As a minimum
requirement, these documents must address the following:
 Each institution must have a risk-taking policy and procedure approved by senior
management in respect of concentration risks. The risk-taking policy must be reviewed
regularly, taking into consideration the changes of the institution’s risk appetite and the
business environment as well.
 Institutions must elaborate internal systems and methods for identifying and measuring
concentration risk which are in line with the institution’s activities, size and complexity and
which are able to reveal the effects of concentration across multiple risk categories.
 Stress tests are an especially useful supplement to indicators. Under normal business
conditions, concentration risks rarely cause problems as concentration mostly remain in the
background. Therefore, the detection of concentration threats with stress testing is of
outstanding importance.
 Institutions must operate limit structures for concentration risks that are consistent with
their risk appetite and risk profile.
 Institutions must have adequate governance arrangements in place which enable them to
mitigate concentration risks and to monitor, assess and manage the related policies,
procedures and limits.
 Institutions must be able to assess the adequacy of assumptions that served as a basis in the
capital allocation process for setting the level of capital for covering concentration risks.
Methods suitable for keeping concentration risks under control:
 Application of limits for concentration indicators. For setting the limits, the institution must
have a clear risk-taking policy and must provide for ongoing monitoring. (Regarding credit
concentration risk, the requirements in the CRR for large exposures are suitable starting
points, but should be supplemented with measurements for industry, currency, country,
product/transaction, and hedge concentrations).
66
Accordingly, concentration risks may not be regarded as risks fully covered in Pillar 2.
74
 When converting risks to market instruments and “selling” them, the institution buys
protection provided by structured securitisation or credit derivatives, collateral, guarantees,
etc.
 Many institutions allocate capital beyond the regulatory minimum for covering
concentration risks albeit not separately but in relation to the underlying risks.
ICAAP review
The concentration of exposures is an important risk factor because the underlying assumptions used in
capital requirement calculations for not fully diversified individual and partial risks may often be
mistaken leading to the underestimation of capital requirements. In the case of even the relatively
moderate sectoral concentration or product type concentration, the real capital requirement may be
underestimated by as much as 20-40 percent by using the IRB method which assumes perfect
granularity of the portfolio when assessing credit risks.
It is a very complex task to identify and take into account concentration in a prudent way because the
concentration of exposures may occur in a number of different dimensions (connected with individual
transactions, groups of connected clients, according to geographical, sectoral or product types,
associated with denominations, within or across risks, etc.).
The guidelines of the international supervisory community point out that concentration risks cannot
solely be interpreted as a derivative element of credit risks, but they need to be assessed and managed
in respect of most risk types. Consequently, the MNB expects institutions to assess and manage
concentration risks in respect of the widest possible range of risks in line with the EBA SREP Guidelines
by means of the possible broadest set of tools (sound and effective limit system, regular concentration
analysis, stress tests and alternative model calculations, and – in justified cases – intervention into the
processes, etc.). The MNB emphasises that real estate owned, including property used for banking
operations may also represent excessive concentration risk, which the institutions must manage with
the capital requirement under ICAAP.
The MNB presumes the materiality of concentration risks for each institution, and the burden of proof is
imposed on the institution to provide evidence of the contrary. The MNB determines the capital
requirements for concentration risk in view of the assumptions of the capital requirement calculation
models applied, the consistent application of the methods they incorporate, and their quantified results.
In the absence of a separate capital requirement calculation model for concentration risk, the MNB
quantifies the reasonable amount of economic capital required by reference to the distribution and
characteristics of exposures, taking into account the Pillar 2 risk methods applied, by means of
sensitivity analyses and simulations.
Concentration risks of lending
The concentration of credit risks is interpreted as a distribution of exposures to customers and trading
partners where potential default by a relatively small group of counterparties or large individual
counterparties is driven by a common underlying cause and may hazard the “business-as-usual”
operation of the institution (uninterrupted operations with the usual and expectable profitability). The
term individual customers and trading partners does not only refer to individual counterparties but also
to groups of individual customers/partners that are closely connected (through ownership and/or
financing).67
In practice, the expression large exposure is used as a reference to cases that involve small groups of
individual counterparties.68 Concentration in a broader sense also includes the following: concentration
by economic sector or geographical location, product concentration, concentration in a specific foreign
exchange and concentration of credit-risk mitigating measures (concentration of the type or issuer of
such assets), etc.
67
See: Article 4(1)(39) of the CRR.
68
The undertaking of large exposures is regulated in Article 395 of the CRR.
75
Based on the definition, there are two main types of concentration risks:
 concentration of exposures on particular clients/groups of clients (large exposures): the
source of risk lies in the non-performance of exposures on the clients or groups of
interrelated clients,
 sectoral concentration: the risk of non-performance attributable to a shared
reason/reasons.
Pursuant to Section 108(5)(b) of the Credit Institutions Act, in respect of managing the risk
concentration arising from the application of credit risk mitigation techniques, all credit institutions
must have in place effective written procedures and policies for addressing concentration risk arising
from exposures to clients, groups of connected clients (including central counterparties), and
counterparties, clients in the same economic sector, geographic region or from the same activity, and
from the application of credit risk mitigation techniques.
When discussing the concentration risk of credit risk, institutions applying advanced and standard
methods should be mentioned separately. The main issue for these institutions relates to the fact that
the IRB capital function used for calculating the risk weighted asset value assumes a fully granulated
portfolio, thus it theoretically underestimates the actual capital requirement for the credit risk of the
institution’s portfolio. Therefore, the aforementioned distortion is an issue for every institution which
may call for the setting of an additional capital requirement in Pillar 2. This will be judged (both on the
part of the institution and the MNB) depending on the extent of risks and the adequacy of the risk
measurement and management tools applied.
For supervised institutions, the MNB measures the concentration risk of large exposures to individual
clients and groups of connected clients on a consistent benchmark basis by means of IRB simulation,
irrespective of whether an institution relies on other methodologies (e.g. management within a portfolio
model, Gordy-Lütkebohmert model, Herfindahl–Hirschman index or other simulation techniques) to
assess its concentration risk.
The methodology for supplying missing parameters
Regarding institutions applying the standard methodology, the risk parameters are defined and supplied
using supervisory benchmark methodologies. This allows for the quantification of the capital
requirement of concentration risk with IRB simulation for these institutions too.
The Benchmarking Exercise conducted pursuant to Article 78 of the CRD (V 2.1.8: EU benchmark PD) had
the objective of enabling the supervisory authorities to compare every year the results of the advanced
Pillar 1 models used by the supervised institutions for calculating the credit and market risk capital
requirements. In order to facilitate this benchmarking process, the EBA has compiled an analysis and a
database enabling comparison. This makes available non-public statistics of the validated IRB PD
estimates of European Banks for the low-default portfolios (sovereigns, institutions, large corporates),
from which the MNB takes the median PD value in its own methodology. Where the EBA benchmark PD
value is not available for a sovereign debtor, we provide a probability of default estimate based on the
available external ratings, assuming a logarithmic relationship between the rating category and the PD.
We use data from the 3 major international ratings agencies 69 to arrive at the rating category. Similarly
to sovereign exposures, we take over the PD values made available to the MNB based on the EU
benchmark in order to establish the PD parameters of financial institutions. For debtors where the EBA
database does not contain any data, we establish the PD value by regression from the international
rating of the particular financial institution70.
Supervisory simulation methodology
69
Moody’s, Standard and Poor’s, Fitch Ratings
70
The additional parameters necessary for quantifying the FIRB capital requirement are determined as follows: short term (maximum 3
months): M=1; long term (more than 3 months): M=2.5. Pursuant to Article 153 (2) of the CRR, we used 1.25 times the large corporate asset
correlation in the case of large entities in the financial industry.
76
For the simulation the MNB relies on the one-factor model underlying the IRB capital functions,
generating, for each simulation step, a standard realisation from factors representing systemic risks and
item-specific realisations from factors representing individual risks, then examining whether the ability
to pay falls below the threshold corresponding to the unconditional probability of default. During the
simulation, the MNB aggregates the supervised institution’s outstanding/performing transactions that
are assigned to a PD/LGD parameter at the level of groups of connected customers. The MNB defines
customer groups primarily on the basis of Article 4 (39) of the CRR, but the supervisory review may also
identify certain shared risk factors not covered under Pillar 1 that may make it necessary for customers
that are unrelated under Pillar 1 to be allocated to the same customer group and for sufficient capital
coverage to be provided under Pillar 2 for the event of their potential joint default. During the
aggregation process, the risk parameters (PD, LGD, R) are calculated by EAD * LGD weighting. During the
simulation, the MNB divides the analysis of outstanding transactions aggregated at the level of groups of
connected customers thus obtained into two parts: (1) non-retail customers and retail customers with
exposures above the granularity limit 71, as the non-granular part of the portfolio, for which IRB
simulations are used, and (2) retail customers with exposures below the granularity limit, for which a
conditional expected loss is quantified (eliminating the risk factor that represents the individual risk) per
simulation step. In order to reduce the calculation needs of the simulation, the MNB accepts the further
aggregation (based on e.g. PD-R parameters) of retail customers representing the granular part of the
portfolio. In the IRB simulation, the sum of the loss determined on the basis of transactions (customers,
groups of connected customers) representing the non-granular part of the portfolio, and the conditional
expected loss quantified on the basis of the transactions representing the granular part of the portfolio,
will comprise the loss distribution, the difference between the 99.9th percentile of which, and the
unconditional expected loss, is the capital requirement that also covers potential large exposure
concentration risk. The resulting capital requirement is compared with the so-called “clean IRB” capital
requirement, wherein the MNB eliminates the SME multiplier, the maturity adjustment and the 1.06
multiplier from the supervised institution’s original transaction-level IRB capital requirement
calculations in view of the fact that these adjustments also cannot be taken into account in the
simulation methodology. The MNB quantifies the additional own funds requirements 72 to cover
concentration risk on the basis of the quotient of the clean IRB and the capital requirement for
concentration risk, which also covers the risk of concentration:
 the MNB derives the IRB capital requirement adjusted for granularity, where the IRB capital
requirement is the actual capital requirement without the 1.06 factor (but including a maturity
adjustment and an SME multiplier), and the granularity adjustment is quotient of the
simulation-based capital requirement (which also covers concentration risk) and the clean IRB
ratio
 the additional own funds requirements which the MNB may determine as a hedge for
concentration risks is derived as the difference between the resulting IRB capital requirement as
adjusted for granularity, and the actual IRB capital requirement of the supervised institution
(incorporating the 1.06 and SME multipliers, as well as a maturity adjustment).
The review and revision of concentration risks are of special importance in the case of smaller
institutions and institutions that pursue specialised activities (e.g. mortgage banks). Smaller size and a
special activity profile should not imply larger concentration risk on their own because the drawbacks of
a limited market and specialised profile may be offset by comparative advantages like a deeper
knowledge of the market and higher proficiency. At the same time, this institution segment is far more
sensitive to shocks deriving from a common underlying cause. Therefore, the potential need for
additional capital is always a valid question in their case, noting that the assessment of risk
concentrations should always receive more attention at smaller institutions than at larger ones.
71
the granularity limit is determined by expert judgement based on the size of the bank’s performing loan portfolio
72
In determining the additional own funds requirement, the MNB does not take into account exposures to the parent company and to the
subsidiaries of the parent company in accordance with the regulations on large exposures. At the same time, it expects the effects of the above-
mentioned exposures on concentration risks to be presented.
77
Metrics applied to measure credit risk concentration:
 Size of top ‘x’ large exposures relative to relevant (“appropriately selected”) numeraire (e.g.
balance sheet total/own funds/total exposure),
 size of top ‘x’ connected exposures relative to relevant (“appropriately selected”) numeraire
(sensitivity analysis),
 portfolio concentration metrics (Gini coefficient, Herfindahl-Hirschman index),
 Portfolio correlations and variance/covariance,
 Sophisticated institutions do not necessarily perform separate concentration tests. Instead, they
manage concentration under the framework of integrated risk management systems.
Supervisory measures applied upon the breach of the large exposure limit:
 As of 1 January 2014 the CRR does not permit the breach of the large exposure limit; it no longer
permits the institution to – in accordance with the former practice – deduct the overdrawn
amount from its regulatory capital until the elimination of the breach. Accordingly, if such event
occurs, the institution must report it to the supervisory authority, which – in accordance with
Article 396 (1) of the CRR – obliges the institution to terminate the breach immediately or by a
specified deadline. If the breach is not terminated by the deadline, the MNB imposes a penalty.
 During supervisory review process the MNB verifies the compliance with the large exposure
limits. If the breach exists during the ICAAP review, the MNB may set the overdrawn amount as
a capital requirement add-on within the framework of the concentration risk.
V.2.1.26 Country risks

Definition
Country risk is defined as the threat of potential losses that may be generated by an (economic, political,
etc.) event that occurs in a specific country, where the event can be controlled by that country
(government) but not by the creditor/investor.
The components of country risk are as follows:
 transfer risk: the risk that the obligor of a contract (loan borrower, securities buyer, etc.) is
unable to meet his payment obligations in the contractual currency while he has the
necessary amount in local currency,
 sovereign risk derives from the insolvency of the country in which the institution has an
exposure,
 collective debtor risk derives from the fact that an event impacting the whole country leads
to default by a large group of debtors.
Specific elements of country risk are also addressed in the CRR:
 exposures denominated in different currencies but belonging to the same debtor may be
classified in different rating classes – consideration of transfer risk,
 differentiation between the risk weights of exposures to the central bank based on
denomination,
 collective debtor risk is incorporated into the measurement of credit concentration risk with
a view to correlations between defaults.
In order to manage country risks, the credit institution or investment service provider should develop
the rules of country-risk management and set out the following items therein:
78
 country limit for specific countries,
 factors and sources of information taken into consideration for setting country limits,
 person or organisational unit responsible for determining country limits,
 person or organisational unit in charge with approving country limits,
 person or organisational unit in charge with verifying country limits,
 mechanisms and frequency of reviewing country limits.
 monitoring process for the utilisation of country limits,
 procedural principles for exceeding country limits.
ICAAP review
Country risks cover all risks associated with lending which derive from economic, regulatory, political or
social events occurring outside Hungary and which represent a potential loss for the creditor. In this
sense, this term is much broader than the sovereign risk expressing the solvency of sovereign
governments, because country risks also include certain forms of transfer risks and collective debtor
risks.
The MNB expects institutions with material exposures outside Hungary to manage such risks by applying
the effective limit system specified in rules and regulations, and also to cover them by the appropriate
calibration of the model parameters for capital requirement calculations, or by additional capital
generation relying on the results of suitable stress tests.
In the course of its assessment of country risks as part of ICAAP reviews, the MNB evaluates:
 the degree of concentration within each type of country risk exposure, including exposures to
governments, in proportion to the credit portfolio of the institution as a whole (per client and
per amount),
 the economic strength and stability of the borrower’s country and its past performance in
terms of accurate payments and the occurrence of serious default events,
 the risk of other forms of government intervention that could significantly impair the
creditworthiness of borrowers (e.g., freezing of deposits, expropriation or punitive taxation),
 risks arising from the possibility of an event (such as a natural or social/political event) affecting
the whole country and leading to the default of a large group of borrowers (collective borrower
risk),
 transfer risks related to cross-border foreign currency lending.
V.2.1.27 Risk of other assets

The MNB does not expect a separate Pillar 2 capital requirement calculation methodology for other
assets (primarily real estate, other non-lending claims, etc.), where supervised institutions may use the
risk weights of the regulatory pillar. The MNB fundamentally does not support the application of lower
risk weights than the regulatory pillar, only to the extent that the institutions are able to prove the
applicability of lower weights by reliable means.
Concerning the risk of repossessed property, special rules are provided in the sub-chapter on risky
portfolios.
If the bank holds investment certificates in a real estate investment fund, the MNB examines the level of
the capital requirement for this exposure with a capital requirement calculated taking into account the
historical annual volatility of the net asset value of the fund, derived using the following simple formula:
Capital Requirement = NORM.INV (0.999, 0, S), where S is the variability derived from the annual
changes in the net asset value of the units.
79
If there is a significant difference between the bank's internal approach and the MNB’s benchmark
calculation, the MNB will pay particular attention to the adequacy of the bank’s solution.
V.2.1.28 Calculation of capital requirements for credit risk

When internal rating based credit risk models are used, Pillar 2 capital requirements are principally
calculated as the unexpected loss (UL) of performing portfolios based on the long-term (TTC) or
downturn risk parameters of the exposures, on the exposure characteristics of the credit portfolio and
on the underlying assumptions of the capital requirement calculation model. The outcome of the capital
requirement calculation model can only be automatically translated into capital requirements for credit
risk if the expected loss (EL) of the portfolio is fully covered through impairment or provisions. Since the
extent of justified provisioning is typically quantified by means of conditional, short-term (PIT) PDs and
LGDs, the two values usually differ (the difference may also be attributable to other causes).
With the "impairment less EL (expect loss on the portfolio)" difference the CRR prescribes the
appropriate adjustment73 of the capital available in Pillar 1. Based on CRR the negative difference
(shortfall) between the expected loss and the impairment must be deducted, in the case of institutions
applying IRB, from CET1 capital, while the surplus may be considered as Tier 2 capital up to 0.6% of the
RWA.
Paragraph 324 of the EBA SREP Guidelines provides that in Pillar 2, expected losses (EL) insufficiently
covered by provisions must be covered by additional own funds requirements. Based on the
Recommendation, the regulator’s intention is to ensure that the regulatory capital does not differ in
Pillar 1 and Pillar 2 either in terms of quality or in terms of volume. Accordingly, as of 2015 MNB
prescribes the impairment shortfall (or, in the case of institutions applying IRB, the shortfall difference
relative to the Pillar 1 value) calculated during the ICAAP review as a capital requirement both for
institutions applying the standardised approach and for institutions applying the IRB approach.
If during the ICAAP review the audit detects the inadequate application of the IRB risk parameters at
institutions that use IRB in Pillar 1, and the IRB shortfall difference is attributable to this in Pillar 2, then
the bank must handle the relevant findings with regard to the model, stipulated in the report or in the
supervisory resolution after the review, in its Pillar 1 model. However, the MNB will impose additional
own funds requirements to cover the risks that are insufficiently covered due to incorrectly set
parameters, with the proviso that if the institution modifies its Pillar 1 model in accordance with the
MNB’s requirements, the MNB may review the level of the requirement.
V.2.1.29 Capital requirement discounts granted as lending incentives

From 2016, the MNB intends to encourage institutions’ SME lending by releasing some or all of the
capital requirements for full 2016 net SME lending in Pillar 2, in proportion to the percentage of total
placements to MBLS74 commitments, up to the rate of the capital conservation buffer in the reference
year of the TSCR rate.
The discount reduces the capital requirements for credit risk, but only to the extent to which the Pillar
1+ approach is applied, i.e. the capital requirements for credit risk may not fall below the Pillar 1 capital
requirement even with the discount taken into account. The discount is based on the total amount of
net SME lending in 2016. The amount of the capital requirement discount is determined by the ratio of
total net SME placement and the amount of the commitment under MBLS. The discount rate is 0% for
less than one-half of MBLS commitments achieved, 20% for at least one-half of MBLS commitments
achieved, and 75% for a total net SME placement equivalent to the amount of the commitment under
MBLS. Over-performance of the commitment by 6% of more will earn a discount of 100%. The chart
73
the decrease of the capital by the impairment shortfall, or the increase thereof by (part of) the excess provisions
74
Market-Based Lending Scheme
80
below shows the development of the preferential capital requirement rate available, as captured by the
following function:
IF x<50; THEN 0,
IF x>50 min(100%; 0.0014*exp(0.0602*x)+0.1714),
where x is the ratio of actual SME lending to THE MBLS commitment, multiplied by 100
Kedvezmény
mértéke a 100%
tőkekövetelmény
arányában (%)
75%
50%
25%
0%
0% 11% 22% 33% 44% 55% 66% 77% 88% 99% 110% 121%
Nettó kkv kihelyezés 2016-ban, a PHP vállalás arányában (%)
Value of the factor determining the rate of capital requirement discount based on the ratio of total net SME
placement in 2016 to the amount undertaken to be placed as part of MBLS
While the MNB was first able to measure the basis of the discount in early 2017 on the basis of 2016,
the discount was already quantified during the 2016 SREP assessments. For that purpose, in the 2016
assessments the MNB assumed that the institutions would fulfil 100% of their commitments, and on this
basis, quantified the discount at 75%. The deviation of the actual net outflows compared to the plan was
adjusted by the Supervisory Authority in the next assessment in 2017. The MNB will provide the capital
discount on the medium term over a 5-year horizon on the basis of the 2016 placements, i.e. the
discount determined in the 2017 assessments will remain in place until 2021. In the case of institutions
that have not made a commitment, the discount will also be available from 2017 onwards. They will be
eligible for a discount amounting to 75% of their 2016 actual placements, for 5 years.
The discount rate and the capital requirement for new placements were quantified by means of the
average capital requirement for higher-risk transactions (in the quartile with the highest risk weight) in
the existing SME portfolio, and a risk weight of 150% was determined accordingly. Regardless of
individual bank portfolios, we will use this risk weight to determine the capital requirement for
placements under the scheme.
For example:
If the bank's total Pillar 2 capital requirement before the discount is HUF 50 billion, with a net outflow of
HUF 30 billion in 2016 and a commitment of the same amount under the MBLS, then the capital
requirement after the discount is reduced by 75% of the assumed capital requirement of the latter
amount (HUF 30 billion * 8% * 150% = HUF 3.6 billion), i.e. HUF 47.3 billion. This amount of capital
requirement serves as the basis for determining the minimum capital adequacy ratio in the SREP.
The effect, maximised in the capital conservation buffer that is variable yearly, is a limit on extreme risk
taking. Its value will rise to 1.25% in 2017 and 2.5% by 2019, at an annual 0.675%.
V.2.2 Operational risks
V.2.2.1 Operational risk
Definition
81
Operational risk pursuant to Article 4(1)(52) of the CRR, ‘operational risk means the risk of loss resulting
from inadequate or failed internal processes, people and systems or from external events, which also
includes legal risk.’
As a basic principle, all institutions should have the capability to assess their operational risk profiles and
exposures and raise sufficient capital to cover these. Under the ICAAP, all institutions should lay down
the capital calculation methods for operational risks, the systems of procedures for assessing,
monitoring and managing these risks and the process of verifying that the calculated capital
requirement and the risk management system are suitable for reducing and covering the institution’s
expected and unexpected losses from operational risks in a prudent manner. Institutions should put in
place risk assessment and management operations with governance and control that is proportionate to
their size and their operational risks, with the purpose of reducing the institution’s operational risk
exposure to an acceptable level that is within its resilience/risk appetite.
The senior management of the institution should be aware of the institution’s operational risks in terms
of both realised losses and potential exposures. To this end, operational risk reporting lines and
reporting frameworks should be established and the governing bodies responsible for accepting and/or
mitigating operational risks should be designated.
Operational risk exposures are realised when risk events are occured. All institutions are expected to
develop a process, criteria and thresholds for collecting such events and to have up-to-date records of
the operational risk events they have incurred.
An assessment of the operational risk profile can be considered exhaustive only if, besides identifying
past losses, it also covers the present and future risks of the institution. Accordingly, the institutions
should employ methods that, taking the proportionality principle into account, also capture the
potential operational risks. These methods include
 the operational risk scenario analysis, which quantifies potential events with low probability of
occurrence but high loss effects,
 the definition, collection and evaluation of key risk indicators, intended to signal shifts in the
level of operational risks,
 the operational risk self-assessment, which identifies and assesses the operational risk inherent
in the institution’s processes and their controls.
The management of operational risks is an activity that is adapted to the nature of specific operations
and event types and is carried out and monitored subject to centralised control; it incorporates the
following:
 the prevention and/or recurrence of risk events (through in-process and management control
as well as systems of protection),
 the management of critical situations (through immediate action plans and business continuity
management), and
 measures for the purpose of mitigating the losses incurred (through e.g. insurance covers and
operating debt management processes).
Defining and monitoring the risk mitigation measures and back-testing their impacts are essential
preconditions enabling an institution to identify its residual operational risks.
Calculated and accumulated capital is intended to function as a buffer covering the residual risk that is a
function of inherent risks as mitigated by controls and is therefore changing over time.
Institutions can apply their own model-based Advanced Measurement Approaches (AMA) or simpler
methods proportionate to the size of the institution and based on the use of fixed risk weights (Basic
82
Indicator Approach (BIA) as well as the standard (TSA) and alternative standard (ASA) methods) may be
used to determine the capital required for covering financial losses that are likely to happen under the
risk management method applied. The TSA and ASA approaches are subject to supervisory approval; the
use of AMA after its validation is also subject to supervisory approval.
With the Advanced Measurement Approach (AMA), risks should be quantified and qualified through a
complex assessment of the impact of operational risks on the institution. This comprehensive approach
incorporates the impacts of past events as well as a consideration of the possibility of extreme
operational risk events (scenarios), external circumstances, forced and intended changes in strategy and
the changes in the regulatory environment as well. When examining the risks of specific activities / work
processes, the loss impact of the of risk events should be evaluated alongside their probability.
The comprehensive oversight and reasonable mitigation of operational risks is mandatory and forms
part of the corporate governance system also when the simpler methods (BIA, TSA or ASA) are applied.
Institutions should have procedures in place to demonstrate the sufficiency of the capital they have
calculated. In addition to comparing capital to the losses actually incurred, this process should be based
on a systemic assessment of risks. As capital requirement calculations render only an approximate result
when the simpler methods are used and may sometimes (e.g. in the case of institutions with low
profitability) render a lower capital against actual operational risks, these calculations must be
supplemented with further analysis, and the capital requirement must be increased if necessary.
In the case of institution groups, the systems targeted at the identification, measurement, management
and analysis of operational risks should be established for the group of institutions that are subject to
consolidated supervision. A procedure is to be established for allocating the group-level capital
requirement for operational risks as calculated under the AMA. This procedure should adequately
reflect the operational risk profile of individual subsidiaries and their contribution to the consolidated
capital requirement.
ICAAP review
When measuring operational risks, institutions almost exclusively follow one of the following capital
calculation methodologies under the CRR:
 they calculate capital requirements (BIA, TSA and ASA approaches) in the considerably risk-
insensitive manner based on the relevant indicator aligned with operating profit and loss, or
 they quantify, in a considerably more sophisticated and risk-sensitive way, the extent of capital
coverage by using the probability distribution of possible losses (AMA).
The MNB’s experience shows that in the domain of risk awareness and risk management there is a
qualitative difference in favour of institutions which use the advanced method primarily because the
loss distribution-based approach requires the detailed and comprehensive assessment and evaluation of
the institution’s operation and processes. The MNB therefore expects all institutions subject to the
ICAAP review to carefully examine and identify their operational profiles and risks in Pillar 2, regardless
of the regulatory capital calculation methodology selected under Pillar 1.
As regards the risk identification methodologies, the MNB distinguishes especially banks providing
complex financial services and/or being of large size versus small size (with total assets below 1000
billion) in order to put the principle of proportionality into practice:
 all institutions are required to collect their historical loss data and evolve and keep up-to-date a
loss database on that basis,
 all large banks are expected to monitor the key risk indicators, conduct scenario analyses and
operational risk self-assessments,
 small banks are expected to choose at least one of the following methodologies in order to
assess their potential operational risks: the monitoring of key risk indicators, scenario analysis or
83
operational risk self-assessment. The requirements applicable to the selected methodology are
the same as for large banks.
In respect of individual elements of the framework, the MNB expects institutions to develop and
integrate the following practices and will examine compliance regularly, during the ICAAP review:
1. The operational risk framework
 The institution should have a well-documented and regulated operational risk management
framework in which risks are assessed and managed along well-defined roles and
responsibilities.
 The operational risk management framework should be subject to regular independent reviews
of at least annual frequency. Such reviews may be integrated into other risk management
frameworks or conducted independently.
 Operational risk management needs to be closely integrated into the processes and overall risk
management framework of the institutions.
 The monitoring of the institution's operational risk profile, the proper functioning and oversight
of control processes must be ensured at all times.
 Effective representation is also needed for the interests of the operational risk management
function, in addition to its executive role, in senior management decision-making, which makes
it essential to report operational risk regularly in operational risk reports.
2. Loss data collection
 The institution should have in place a loss data collection process covering its full operation, and
provide for the independent validation of the recorded events, losses and recoveries (4-eye
principle). For an institution using an advanced method, only validated events 75 should be
included in the capital requirement calculation.
 The data collection should cover at least those events (exceeding a limit to be set by the
institution) whose impact is recorded on general ledger accounts; it is recommended to also
collect events that, while they do not have a direct impact on capital or profits, will require risk
mitigation action.
 The data collection should also cover the operational risk events associated with credit and
market risks. In the data collection process, events should be marked as such if they are
attributable to the same underlying cause, i.e. are associated with a series of events/a group of
events.
 Operational risk events should be allocated to the event categories defined in Article 324 of the
CRR and the lines of business defined in Article 317 of the CRR. If an event concerns the entire
institution or several lines of business, it should be subdivided by line of business or the option
to categorise it as a total-bank event should be provided.
 The losses resulting from risk events should be allocated to loss types such as write-offs, legal
expenses, penalties, unsuccessful recourse, indemnities to customers and other parties, loss of
physical assets, provisions, forgone profit etc.
 In order to ensure the completeness of the loss data collected, institutions should provide
appropriate training to their staff involved in the process, also including the identification of
operational risks and the data collection process.
 Institutions should develop a control mechanism to assure the quality of the data collected and
the comprehensiveness and appropriateness of the data collection process and put it in place
75
Validation of events that are included in the capital requirement calculation is expected to include the verification of all the information used
in the calculation (for example. business line, event type, gross loss, insurance, credit risk related or not, etc.)
84
within their regular monitoring activities. An option for doing this is by identifying the realised
losses in the accounting records, using the method of double-entry general ledger reconciliation.
3. Key risk indicators (KRI’s)
 The institution's operational risk profile should be adequately covered by key risk indicators, i.e.
covering all the relevant business lines and event types; this makes it essential to regularly
assess its risk profile. In order to capture risks in full, the MNB recommends that institutions
examine the relevance of the indicators in Annex 13 and document the results.
 KRI coverage is considered acceptable if the institution can convincingly demonstrate that the
set of KRI’s it operates actually capture significant risks and measure them adequately in terms
of substance and threshold relevance, and KRI’s are set for all the significant risks for which loss
data are not available due to the nature of the risk.
 In order to adequately identify the risks associated with each indicator, a trigger (still
acceptable) and critical level threshold should be set for each key risk indicator.
 The institution should monitor the changes in indicator values at all times and should have in
place approved procedures for when an indicator reaches the trigger or critical level.
 The relevance and threshold review of key risk indicators should be conducted annually and
documented appropriately.
 The indicators reaching the critical level and the associated risk mitigation measures should be
included in the management reports.
4. Operational risk self-assessment
 Institutions should conduct regular operational risk self-assessments, covering the entire
organisation in at least two-year cycles.
 This activity should incorporate the identification and assessment of the risks and controls of the
processes/organisational units included in the self-assessment. Institutions should develop a
quantitative or qualitative scale to assess risks and controls, ensuring the comparability of the
inherent and residual risks identified.
 In their self-assessment of processes, institutions are expected to provide participants with
additional information matching the risk profile (e.g. loss data, key risk indicators, scenarios,
media news).
 High risks identified during self-assessment and the related risk mitigation measures should be
properly documented and included in the management reports.
5. Scenario analysis
The institution should assess the risk of high-loss, low-frequency events in the framework of scenario
analyses. The institution is expected to have a scenario to cover each of the Basel event categories. In
order to capture risks in full, the MNB recommends that institutions examine the relevance of the
scenarios in Annex 13 and document the results.
 All relevant departments should be involved in the scenario analysis process. The MNB
considers as good practice the workshop-based estimation process using the Delphi method; it
also considers as good practice if an institution includes the worst-case scenarios in its
operational risk self-assessment.
85
 In their scenario analyses, institutions are expected to provide participants with additional
information matching the risk profile (e.g. loss data, key risk indicators, self-assessment results,
media news).
 The institutions should explain the changes in their scenario analyses (compared to the previous
year), in terms of both scenario formulation and the estimation of severity and frequency.
 The institution is expected to carry out consistency checks of scenarios, i.e. the validation of the
results (e.g. by comparing the estimated parameters with external and internal loss data, the
institution’s assets and income) in order to avoid formulating scenarios that exceed the size of
the institution.
 The results of the scenario analysis should be properly documented and these results and the
related risk mitigation measures should be included in the management reports.
6. Recording and monitoring the risk mitigation measures
 The institutions are expected to either accept by management approval the operational risks
identified or to mitigate them with various measures. If the institution’s regulations already
incorporate the specific risk mitigation procedures applicable to a particular risk, then no further
action will be required.
 The institution should collect risk-mitigating measures from all relevant sources (loss data, KRIs,
self-assessment, scenario analysis) in a standardised structure, recording at least the following:
the source, description, status, owner and deadline of the measure.
 Institutions are expected to have procedures in place regarding who is entitled to approve the
completion of a risk mitigation measure or a potential request for extending the deadline, and
what escalation mechanism is available if the measure is not implemented on the deadline.
 Based on criteria defined by it, the institution should regularly back-test whether the completed
risk mitigation measures have reached their objectives.
 It is also expected that status reports, impact analyses and back-tests on the measures should
be presented to management.
Based on the MNB's past experience, institutions using advanced measurement approach should
consider the following as well:
 In the case of group-level capital requirement calculation, institutions must also assess their own
(single level) risk exposure and be aware of the sensitivity of the capital requirement to change
the input variables of the model (i.e. the structure, methodology and parameters of the group-
level model used to calculate the capital requirement must also be known at local, expert level).
 if the institution determines the capital requirement based on an internal model used by the
parent institution, as part of the capital requirement of the holding company allocated to the
local level, the institution must provide evidence to the supervisory authority, by means of
qualitative and quantitative tools, that the capital requirement allocated to it adequately covers
the operational risk profile of the institution;
 the completeness and representative nature of loss data used in capital requirement
calculations as well as the adequacy of the applied scenario parameters and the adequacy of
fitted functions should also be demonstrated;
 the information (loss data, results of self-assessments and scenario analyses, stress tests, KRIs,
etc.) for calculating internal capital requirement should be used in risk management to mitigate
risk exposure.
Given that, in the advanced methods for operational risks, qualitative requirements are at least as
important as the specification of the applied capital requirement calculation model, the MNB accepts
86
the result of the advanced method as the capital requirement only on the condition that the institution
exhibits carefully planned, high-quality performance in the areas listed above.
The changes published by Basel Committee in December 2017 regarding operational risk will be
implemented in the CRR at EU level, and Hungarian institutions will be bound by the same rules.
Although the exact date of entry into force is not yet known, the MNB expects institutions to regularly,
at least annually, quantify the capital requirement under the SMA in order to ensure timely preparations
for the new Pillar 1 approach. Furthermore, the MNB recommends that banks using the AMA
methodology compare the prevailing capital requirement level with the calculated SMA and BIA or TSA
values. If the AMA capital requirement value is significantly lower than the value calculated using the
BIA or TSA method, the institution should consider taking the variance into account in the Pillar 2 capital
figure.
In the light of the foregoing, the MNB expects all institutions to develop an operational risk
management framework that involves capturing the institution's risk profile and the setup of control
processes that are proportionate to risk exposure.
If the MNB finds that the calculated capital for operational risks under Pillar 2 does not cover the
institution’s existing and potential operational risks and/or finds deficiencies in terms of the
appropriateness and/or application of the selected methodologies and the quality and reporting of data,
it will impose an additional capital requirement to cover risks in full.
V.2.2.1.1 Legal and conduct risk
Definition
Legal risk is defined as a risk originating from a failure to observe or comply with legislation, a failure to
monitor changes in legislation and any breach of the law through any act or omission in providing
financial services, regardless whether committed willfully or negligently.
Legal risk incorporates conduct risk, which is a risk that arises from the inappropriate supply of financial
services, including willful, inadmissible behaviour or business conduct.
Legal and conduct risks should be treated and interpreted as a subset of operational risks. Institutions
should assess their legal risks arising from their not fully legitimate or ethical business conduct and
identify the potential threats from their operations, their market position or the implementation of their
strategy that may trigger conduct risk.
Increased risk may be signalled by, amongst others, the higher number of customer complaints,
litigations, higher legal costs, administrative penalties imposed on the institution for unfair/illegal
conduct, personal penalties imposed on the executive officers of the institution or the administrative
penalties imposed on other institutions of the sector.
Based on the EBA guideline on the supervisory review process, special attention should be given to the
fact during conduct risk identification and assessment that conduct risk may appear primarily in the
following elements:
 inappropriate sale of retail or corporate products,
 forced sale of products to retail customers tied to some other product, such as forcing the
customer to use services additional to current account servicing that the customer does not
actually need,
 conflicts of interest in the conduct of business 76,
 manipulating the market benchmark used to determine interest rates, foreign exchange rates or
any other financial instrument or index to increase the institution's performance,
76
For example, in the case of products sold on a commission basis, there are conflicting interests between the banking associate and the client
(e.g. higher commission vs. needs) and the employee and the management (e.g. higher commission vs. higher client satisfaction).
87
 hindering the possibility of switching between financial products or financial service providers,
 running a badly designed sales system that includes conflicts of interest or bad incentives,
penalising the customer in the course of automatic product renewals or the termination
of a service, improper handling of customer complaints.
ICAAP review
All institutions should be aware of their legal and conduct risk exposures by developing procedures for
identifying and managing their legal and conduct risks. In addition, they should incorporate in their
scenario analysis and self-assessment processes and KRI frameworks the identification and monitoring
of legal and conduct risks (e.g. through the introduction of indicators focusing on legislative changes,
regulatory requests and complaint handling).
During the supervisory dialogue institutions are expected to account for their most important
institutional characteristics that may carry (or reduce) risk.
In respect of individual elements of legal and conduct risk, the MNB expects institutions to develop and
integrate the following practices and will examine compliance during the annual ICAAP review.
1. The introduction and application of procedures for identifying risks, preventing the related
losses, risk management and reporting:
 setting out the concept of legal and conduct risk, its expected management in the
internal regulation of the institution,
 ensuring the reporting of events linked to conduct risk and the marking of events linked
to conduct risk in the losses database (including retrospectively for the operational risk
events of at least the past five years),
 inclusion of indicators to collect and monitor legal and conduct risk alerts in the
institution's key risk indicator system (introduction of indicators defined in the context
of e.g. customer complaints, lawsuits, legitimate customer complaints, regulatory fines,
internal fraud and changes in legislation, with developments in indicator values
monitored continuously),
 including legal and conduct risk in the institution's practices of self-assessment and
scenario analysis by identifying all processes and associated risks that may give rise to
conduct risk,
 ensuring the monitoring and back-testing of measures adopted in connection with loss
events, scenario analyses and legal and conduct risks identified in self-assessments,
 incorporation of events, processes and measures related to legal and conduct risks
identified in the context of loss data, self-assessments and scenario analyses into the
reports prepared for management.
2. In view of the complexity of processes that are relevant to conduct risks, in order to fully and
comprehensively capture these risks the institution is expected to compile a product inventory
document, which can be used to assess and monitor the extent to which individual products or
product groups carry potential threats, and to identify the controls that can reduce the
frequency of negative outcomes occurring, or the severity of the losses incurred. It is
recommended to develop the product inventory document in a breakdown by product or
product group, taking into consideration a materiality threshold based on objective
considerations, and covering the following information:
 generic product features, which may include the following:
 product/product group names, versions, segments, owners
88
 information on product introduction (date, related forums etc.)
 legislation and IT systems specific to the product
 the sales channels and objectives of the product
 the conduct risk category of the product, taking the following into account:
 related (mandatory or optional) products and services
 any information asymmetry regarding the product
 identification of conflicts of interest or potential aggressive sales
 reference values related to the product
 any difficulties/obstacles to cancelling or replacing the product
 complaints received, operational risk events identified and adverse
decisions/fines imposed over the past year
 related internal audits and their results over the past year
 assessment of product controls:
 the existence and quality of in-process controls (in terms of their ability to
reduce operational risk)
 training related to the product
 automated calculators related to the product and their validation
 customer information on discontinued products and the name of the
replacement products.
3. The MNB recommends that institutions operate the following control mechanisms at an
adequate level in order to reduce conduct risk:
 corporate governance and risk management systems, one of the most important
elements of which is that managers have an adequate understanding of the actual
risks of financial products, are aware of potential losses from conduct risk, and
commit themselves to reducing conduct risk,
 internal control systems, including internal audits and in-process controls that can
prevent negligent or deliberate damage,
 strict legal and risk control in the development of new products to assess the
potential risks of a new product, both to the institution and to customers, especially
for long-term products,
 tightening the practices of manager selection so that managerial positions are only
available to people who are able to understand the risks of their products, think in
terms of long-term outcomes, and focus on maintaining customer confidence,
 giving prominence to ethical and fair banking, which only seeks to sell financial
products that the customer actually needs, and does not exploit any benefits that
may be gained from information asymmetry or the institution’s financial expertise
or economic dominance to the customer’s detriment when developing product
conditions,
 simplifying products, improving customer decision-making advice, improving
financial literacy and awareness,
 providing sales and remuneration incentives and internal training to enable product
sales staff to explain the risks of the product and its potential problems in a way that
the customer can understand, rather than encouraging the unconditional sale of the
product,
 designing the appropriate product structure, using automatically tied financial
products only in the most justified cases (e.g. supplementary life or property
89
insurance), while ensuring the proper and fair management of their legal risks at the
contract level,
 conducting customer suitability tests, whereby before the sale the institution
examines whether the financial product is actually needed by the customer, and
whether the product is in line with the customer's financial position and
competence, even if this slows down the credit assessment process,
 providing more resources for managing customer complaints to ensure that
legitimate and well-grounded customer complaints are resolved quickly, and that
for non-legitimate complaints, the customer is adequately informed of why their
claim was found to lack grounds,
 Institutions applying advanced methods must also adequately factor in conduct risk
when calculating capital requirements.
Conduct risks must overall be controlled by means of ethical and effective processes designed in
compliance with the laws. In the event of questionable institutional practices, the MNB also requires the
generation of additional capital until the introduction of proper processes and in order to cover losses
that originate from the previous practice and can no longer be mitigated.
V.2.2.1.2 Information and communications technology (ICT) risk
The MNB expects the institution to cover information and communication technology (ICT) risks as part
of the broader category of operational risks in its risk appetite and internal capital adequacy assessment
process (ICAAP) for the purposes of defining a general risk strategy and determining internal capital, and
that ICT risks are subject to the institution’s risk management and internal control frameworks 77.
In order to verify this, the MNB examines whether the management body adequately manages these
aspects. The assessment focuses on the following areas:
 ICT strategy – whether the institution has an ICT strategy that is properly managed and is in line
with the institution's business strategy;
 general internal governance – whether the institution's overall internal management
mechanisms are appropriate for the institution's ICT systems; and
 ICT risk in the institution's risk management framework – whether the institution's risk
management and internal control framework adequately protects the institution's ICT systems.
ICAAP review
As part of its assessment, the MNB evaluates the ICT risk profile and exposures of the institution, i.e.
identifies the material inherent ICT risks to which the institution is or may be exposed, and assesses the
extent to which the institution's ICT risk management framework, procedures and control mechanisms
effectively mitigate these risks.
As part of the process to identify potential ICT risks which have the potential of a major prudential
impact on the institution, the institution should determine which ICT systems and services are critical to
the proper functioning, availability, continuity and security of the institution's core activities.
The institution's ICT systems and services may be rated critical in terms of business continuity and
availability, security and/or confidentiality. For the purposes of assigning a critical rating, the institution
should consider that critical ICT systems and services must meet at least one of the following criteria:
 they support the core business activities and distribution channels of the institution (e.g. ATMs,
internet and mobile banking services);
77
See EBA Recommendation on ICT Risk Assessment in the Supervisory Review and Evaluation Procedure (SREP) (EBA / GL / 2017/05)
90
 they support core management processes and organisational functions, including risk
management (e.g. risk management and financial management systems);
 they are subject to specific legal or regulatory requirements (where applicable) that set higher
standards in terms of availability, resilience, confidentiality or security (e.g. data protection
legislation or possible “Recovery Time Objectives” (RTO, the maximum time within which a
system or process needs to be restored after the incident) and the “Recovery Point Objectives”
(RPO, the maximum length of time during which data may be lost in the event of an incident),
for systemically important services (where applicable);
 they are used for processing or storing confidential or sensitive data that would be affected by
unauthorised access to the institution's reputation, financial performance or the reliability and
continuity of its business (e.g. databases containing sensitive customer data); and/or
 they provide core functions that are essential for the proper functioning of the institution (e.g.
telecommunication and connectivity services, ICT and cyber security services).
The MNB examines which risks should be subject to closer and/or in-depth reviews; for that purpose,
identified ICT risks that have been rated material are classified into the following ICT risk categories for
assessment:
 ICT availability and continuity risk,
 ICT security risk,
 risk of ICT changes,
 ICT data integrity risk,
 ICT outsourcing risk.
V.2.2.2 Reputational risks

Definition
Reputational risks should also be evaluated within the category of operational risks. Reputational risk is
the current or prospective indirect risk to liquidity, earnings and capital arising from adverse perception
of the image of the financial institution on the part of customers, counterparties, shareholders, investors
or regulators. It is manifested in the fact that the external opinion on the institution is less favourable
than desired.
Reputational risk may originate in the lack of compliance with industry service standards, failure to
deliver on commitments, lack of customer-friendly service and fair market practices, low or inferior
service quality, unreasonably high costs, a service style that does not harmonise with market
circumstances or customer expectations, inappropriate business conduct, isolated or recurring outages
of IT systems and service disruptions directly affecting customers, or unfavourable regulatory opinion
and actions.
There may also be a reputational risk of excessive concentration of operations involving prestigious,
primarily private banking customers (e.g. providing more risky investment products, more risky asset
management, sale of derivative products), because any negative circumstance could hurt investor
confidence, which could have a serious impact on institution's profitability and capital position.
Signs of significant reputational risk include the extensive and repeated voicing of a negative opinion on
the institution’s performance and overall quality by external persons or organisations, especially if such
negative opinion receives broad publicity (e.g. in the media or social media), along with events poor
performance by the institution which may lay the grounds for such opinions.
There might be some externalities that give rise to reputation risks despite being independent of the
activity of the specific institution (e.g. the reputation of the parent bank, the reputation of the entire
sector has been damaged by a different institution, etc.).
91
ICAAP review
As a part of measuring reputation risks, the MNB sets two requirements for institutions. On the one
hand, during the supervisory dialogue institutions should give account of their most important
institutional characteristics, events and measures which potentially carry (or alternatively, reduce)
reputational risks. Such characteristics may, among others, be the following:
 adverse decisions, measures and penalties imposed by public authorities (MNB, Hungarian
Competition Authority, National Tax and Customs Administration) against the institution,
 evaluation of the results of customer satisfaction surveys,
 the general statistical characteristics and trends of the number, the subject matter and the
management of customer complaints received,
 pending and closed criminal and civil litigation proceedings, and
 recent IT system shutdowns, service failures and their consequences, impact on customers
and other stakeholders,
 internal and external fraud in the institution and the measures taken in response,
 media allegations, whether or not substantiated, which pose a threat to reputation,
 the institution’s most important social and charity activities.
On the other hand, the MNB expects the institutions to consider in detail the possible situations
involving direct reputational risk (e.g. unfavourable media coverage, loss of investor confidence, crisis,
crisis situation, etc.) and their potential consequences, and appropriate institutional processes (e.g.
press and social media monitoring, scenario analysis), demonstrating the ability to effectively detect and
manage these events, referring to mechanisms and action plans. It is important to emphasize that
reputational risk management tools should be an integral part of the institution's corporate governance
framework and approach and proportionate to the size and role of the institution.
When assessing the appropriateness of risk control, the MNB takes into account, among other things,
the transparency of the division of labour between areas, organisational units, forums and committees
(e.g. marketing and communications, legal and compliance, potential crisis committees, crisis
management forums, etc.) that are primarily concerned with managing reputational risks, clarity of
powers, effectiveness of regulation and processes, the role of these areas in product and service
development and pricing processes initiated by business areas, in order to avoid or mitigate the
damaging effect of improper market practices and conduct risk on reputation. It should also be
examined to what extent the institution takes into account the impact of its strategy, business plans
and, in general, its behaviour on its own reputation. The MNB also expects the institution to regularly
monitor, assess and quantify the risks of and exposures to private banking customers, and the
concentration of such risks and exposures, as part of which it should rate its portfolios in terms of
riskiness, considering the measures that might be needed to manage or prevent customer attrition, as
well as the degree of loss that the institution may incur.
In the MNB’s view, reputational risks should be managed primarily through policies, effective processes
and action plans. However, in the case of worrying institutional practices and significant reputational
risk, the MNB may consider the allocation of additional capital to be necessary, until appropriate
mechanisms and process control are established, or to cover losses originating from the previous
practice that can no longer be mitigated or may potentially reoccur in the future.
The MNB’s requirements regarding the category of operational risks are summarised for the supervised
institutions in the table below:
AMA Large Small
Category Element of framework
Bank Bank Bank
92
Regulation x x x
Capital calculation x x x
Basic requirement Regular reporting x x x
Risk governance x x x
Risk mitigation actions x x x
Loss data collection x x x
contol of data collection x x x
regular training x x x
data collection software x
Pillar 1 methodologies
external data x
Scenario analysis x x
Risk self assessment x x x
Key risk indicators x x
Product inventory x x
ICAAP-SREP methodologies Model inventory x x
Reputational risk management x x x
ICT risk management x x x
Conduct risk management x x x
V.2.3 Market risk

Definition
Market risk: the current or prospective risk of losses on balance sheet and off-balance sheet positions
arising from changes in market prices (changes of bond prices, security or commodity prices, exchange
rates or interest rates that impact the positions).
In the course of the ICAAP, institutions keeping a trading book must assess whether the procedures
established and the models applied by them properly handle market risks, and whether the capital set
aside for market risks provides sufficient coverage for such risks at all times. As the institution has to
provide for capital adequacy on an ongoing basis, it is advised to build the ICAAP on internal risk
measurement and management processes and thereby it should form an integral part of the
institution’s internal governance system. The institution must have a clear strategy that contains
guidelines on managing interest and exchange rate risk. 78
The elements of market risk are as follows:
 position risk: interest rate and exchange rate risk in the trading book
- specific and general risk of debt securities
- specific and general risk of equity instruments
- specific risk of securitisation and of correlation trading positions;
 foreign exchange risk conveyed by the activity;
 commodity risk conveyed by the activity.
78
The MNB will expect an effort from the institution that is commensurate with the level of complexity and risks of its activities. The principle of
proportionality dictates that institutions should perform their ICAAP with a level of diligence that is in proportion with the market risks they
take and thus with the complexity of their trading book positions. Naturally, if an institution does not keep a trading book or if the book
includes very few items while its foreign exchange risk in the banking book or commodity risk is significant, then the MNB expects the
institution to elaborate and apply a more detailed process with a view to these risks.
93
The elements of the trading book include positions consisting of financial instruments or commodities
held by the institution for trading purposes or for hedging the elements of the trading book.
The management of the institution must regularly review the positions in the trading book exposed to
market risk, the external market environment, and respond to external and internal changes in a timely
manner. It is advisable for the institution to set up a dedicated unit/committee for this task. In addition
to the institution’s liquidity risk, the committee must monitor and regularly check equity positions,
interest rate and foreign exchange positions, various balances (interest rate, foreign exchange and
liquidity balances), the changes of key items, the changes in the yields of different asset groups, and the
impact of all these on profit.
The institution must also have a policy approved by the senior management for managing the risks of
stock positions. This policy must define the purpose and the reason for holding stock positions for own
account, the range of stocks and stock-related derivatives that are allowed to be held as positions, the
size and composition of the portfolio for own account, the revenue targets and profitability
requirements of speculation activities and the main methods of managing the risks of stock positions.
The institution must develop a policy for managing foreign exchange risk. This policy must specify how
this risk arises and how it is taken, identify deals that generate major foreign exchange risk along with
off-balance sheet activities that affect this risk, describe the evaluation of foreign exchange positions (in
particular foreign exchange options), set the value of foreign exchange positions that can be taken,
specify the related profitability targets and the key methods of managing foreign exchange risk.
The institution must use appropriate control mechanisms to keep market risks within the limits
designated by the strategy/policy/internal regulation defined or approved by the management. It must
operate a proper limit system for controlling exchange and interest rate positions in the trading book,
furthermore commodity and foreign exchange risks. In addition to the volume limits which control the
size of positions exposed to risk, it is advisable to use limits to maintain the extent of the risk (e.g. VaR
limit) or loss (e.g. stop loss). The limit system includes intraday and overnight limits, where appropriate,
for dealers, instruments, currencies, and various positions.
Market Risk Management is responsible for monitoring and recording limit overruns. These processes
and sanctions must be regulated in rules.
The operation of the limit system must be reported to the senior management on a regular basis.
Furthermore, the marketability of positions in the trading portfolio must be analysed regularly based on
the availability of relevant market prices, market turnover and size. Institutions with a significant
portfolio which regularly expand their product range are expected to have procedures also for the
management of the new products. The contents of the trading strategy, the risk relevant policies and
the trading book must be cross-checked on a regular basis and results should be reported to the senior
management. When the institution presents the ICAAP results to the MNB, documents on backtesting
must be filed as an attachment.
Valuation must be fully separated from trading activities and, whenever possible, it should use market
prices as a starting point. If no market price is available, institutions should price their positions
conservatively, by means of model-based pricing.
As part of the valuation process, the institution must have procedures in place which set out the rules
for setting up valuation reserves. The purpose of these reserves is to have the institution set aside
capital for covering the risk of events and phenomena that may derive from the imperfection of markets
or internal processes. The regulation declares that within the scope of these procedures, at least the
following reserves should be considered: unrealised interest gains, close-out costs, operational risks,
prepayment, investing and funding costs, future administrative costs and, where relevant, model risk.
94
Furthermore, formal procedures are required for determining the adequate level of reserves 79 for book
positions that are becoming illiquid 80.
The output of prudent valuation is the additional valuation adjustment (AVA), which results in the
adjustment of the fair value. If prudent valuation yields a value lower than the fair value, the absolute
value of the difference must be deducted from the regulatory capital.
The measurement of market risks and the determination of the capital requirement for risks are
expected in case of positions in the trading book, or exchange rate and commodity risk conveyed by the
activity.
The MNB expects supervised institutions to ensure that Pillar 1 capital requirement calculation is in line
with CRR and industry standards. In order to determine the capital requirement for the general interest
rate risk of debt securities subject to pre-repayment risk, the modified duration calculation must be
used in accordance with the standard approach set out in Article 340 of Regulation (EU) 575/2013. The
MNB expects to calculate the modified duration as described in the Guidelines EBA/GL/2016/09.
Larger institutions with a significant trading portfolio and complex positions are expected to employ
more accurate and risk-sensitive methods for capturing market risks, including foreign exchange risk
conveyed by the institution’s activity. Therefore, regardless of which method these institutions apply to
meet supervisory reporting obligations (standard or internal model approach), they are expected to
develop and employ as part of the ICAAP an advanced methodology that is based on value at risk (VaR).
In the latter case, for operative risk management purposes (e.g. when setting limits), it is acceptable for
an institution applying an internal model to use parameters which, in its own judgment, better reflect its
risks81, rather than those specified in the regulations; however, for VaR-based calculations the MNB
expects a 99% confidence level for the calculation of capital requirements, as well as holding period of
10 days. Furthermore, taking into account the Fundamental Review of Trading Book (FRTB), the
application of the expected shortfall (ES) model is also acceptable.
In the case of credit institutions subject to simplified supervisory reviews, the VaR model on the
Supervisory Authority’s website or the internal model developed by the institution is also required for
foreign exchange risk, even if the size of the open positions does not exceed the threshold set by the
CRR at 2% of the regulatory capital.
Regarding the limitations of internal models, the institutions must run regular stress tests and analyses
of extreme events. The results and conclusions of these should also be reviewed at senior management
level.
EBA published guidelines for the institutions calculating the regulatory capital requirement of market
risk with the Internal Model Approach. The Guidelines on Stressed Value At Risk 82 contain guidance for
the definition of the stress period, the stressed VaR methodology and the use test. The MNB expects
institutions using internal models for their ICAAP to design their model by taking into account the EBA
Guidelines referred to above.
In determining Pillar 2 capital requirements, the MNB expects banks to take the stressed value-at-risk
into account by ensuring that where the greater of (a) the most recent stressed VaR and (b) 1.5 times
the average stressed VaR for the preceding 60 days 83 exceeds the normal VaR-based capital
79
In case an institution is of the opinion that the setting up of such reserves is sufficiently handled by the accounting regulations, it is not a
mandatory requirement to raise additional capital (on top of what is already required by accounting provisions)..
80
Illiquidity may derive from market imperfection but may also be generated by the institution itself by e.g. holding an excessively concentrated
portfolio.
81
E.g. holding period, confidence interval, correction factor, etc. l
82
EBA Guidelines on Stressed Value-At-Risk (Stressed VaR) (EBA/GL/2012/2) i
83
The multiplier of 1.5 corresponds to the level applicable to FRTB Expected Shortfall. Given that in terms of substance stressed VaR also seeks
to capture extreme values, and that calibration on a fixed, high-volatility period is not expected to produce excesses during back-tests, a
multiplier of 1.5 is also deemed to be sufficient to cover the uncertainty stemming from model risk and disregard for intraday variations in
exposure (a multiplier of 3.0 is used in the case of normal VaR).
95
requirement, the value calculated on a stressed value-at-risk basis should be taken as the capital
requirement under Pillar 2.
Capital requirement Total =Max (Capital requirement sVaR ; Capital requirement VaR )
Capital requirement sVaR =max ⁡(1,5∗average ( preceding 60 days SVaR ) , SVa R t−1)
Capital requirement VaR =max ⁡(k∗average ( preceding 60 days VaR ) , Va R t−1 )
where k is the adjustment factor depending on the back-test outcome, minimum = 3
For institutions using internal models, the regular backtesting and evaluation of the model’s
performance are fundamental requirements. The senior management body responsible for managing
market risks should review the results of backtesting and evaluation on a regular basis.
ICAAP review
The mapping of market risks within the ICAAP, in an ideal case, is carried out by means of the risk
sensitive internal method. This is justified by the principle nature and function of the credit institution’s
activity as well as by the complex relationship of market risk factors and their high dimensions. In line
with this, the MNB requires within the framework of the ICAAP review that all institutions which have a
material trading portfolio should assess their risk exposures proportionately to the complexity of the
portfolio by using historical or mathematical-statistical methods with regard to all significant risk factors.
In the absence of the above, to cover market risks in the trading and banking books the MNB imposes
additional capital requirements, as appropriate to exposure profile concerned, on the institutions
subject to comprehensive and focused ICAAP reviews.
In conformity with the philosophy of internal capital calculation, the MNB does not specify the concrete
method of implementation, it allows institutions to freely choose from among variance-covariance-
based, historical or simulation-based approaches. However, in application of the principle of
proportionality, for institutions subject to comprehensive and focused ICAAP reviews, the MNB only
accepts the management of market risks in Pillar 2 as fully adequate where the following conditions are
satisfied:
 The institution should also have an indicator expressing the „stressed value-at-risk” (sVaR).
 Stressed value-at-risk should play a role in the process for the determination of capital
requirements.
 The institution should also calculate the VaR and sVaR numbers for the following risk
categories in addition to total risk VaR and sVaR: interest rate risk, foreign exchange risk,
equity risk, commodity risk.
 In addition to the separate VaR numbers for individual risk categories, the MNB
recommends that the institution should also have component or incremental VaR
calculations.
 Daily and local level measurements should be complemented with regular back-testing
involving ex-post comparisons between the extent of risks generated by the model and the
actual and hypothetical historical value changes in the portfolio. A hypothetical change in
value is considered to be the effect of the unchanged end-of-day positions on profit. For
actual changes in value, the fees, commissions and net interest income should be deducted
from the daily result. Here, the MNB expects the institution to back-test both the VaR values
for the individual risk categories and the aggregated risk VaR values.
 In addition to the foregoing, the MNB recommends that the institution should subject its risk
model to the PLA test provided in the Basel FRTB Recommendation, or a similar procedure,
to verify the completeness of the model.
96
 Internal trading and exposure taking limits should be in line with the institution’s risk
appetite and with the sophistication of its risk measurement system.
 Daily risk measurement should be complemented with periodic stress testing programs
which should extend to the examination of changes in all relevant risk factors.
 The market risk database should be continuously updated, and the extent of the shocks
applied should be re-evaluated.
 The set of market risk factors used in modelling should extend to the inherent risks of the
trading book position, in particular, to
- relevant risk factors,
- non-linear features of derivatives (the preferred method is full revaluation),
- characteristics deriving from the structure of the yield curve,
- risks deriving from the volatility of foreign exchange rates and asset prices,
- concentration risks.
 In the case of the application of empirical correlations between risk factors, assumption of
normality as well as the consideration of the holding period by means of scaling (e.g. by the
square root of time), the appropriateness of the applied method can be and should be
demonstrated.
 When selecting risk factors to be included in the risk model, the risk factor best suited to the
specificities of the products should be selected. For example, for the risk assessment of IRSs
and government securities the IRS yield curve and the deviating government bond yield
curve should be used. In the case of an open option position, the relevant volatility should
also be included as a risk factor, since in this case the vega value of the option position is not
zero, i.e. the position is sensitive to changes in implicit market volatility.
 When calculating the interest rate risk VaR, it is not recommended institutions to model the
relative change of the effective or logarithmic yields (directly proportional to the current
level). This approach is needed because a historically measured volatility of e.g. 10% results
in varying yield shocks depending on whether the yield environment is high (e.g. 0.8 ppt for
8%), medium (e.g. 0.3 ppt for 3%) or zero-bound (e.g. 0.0 ppt for 0%).
 The MNB expects that whether an institution does not model its specific interest rate risks,
then the capital requirements for specific interest rate risk, calculated using the
standardised approach, should be taken into account in Pillar 2.
 In the case of banking groups, market risks are measured, and capital requirements are
determined on a consolidated level.
In the case of calculations that are non-transparent, inconsistent or difficult to evaluate, the MNB may
set additional capital requirements in consideration of positions and risk limits.
V.2.4 Interest rate risk in the banking book
Definition
Interest rate risk originating from the banking book is the possibility that income and/or the institution’s
economic value of equity stemming from banking book positions changes adversely as a result of
changes in market interest rates.
97
All on- and off-balance sheet positions not included in the trading book should be regarded as banking
book positions, typically including loan and deposit portfolios, non-trading security portfolios and
interbank transactions, investments, other assets and liabilities, non-trading derivatives, etc. In
calculating banking book interest rate risk, all interest-sensitive instruments should be taken into
account; positions that are not interest-sensitive such as e.g. assets deducted from CET1 capital and
equity exposures in the non-trading book are not to be included. Institutions must have clear internal
policies and procedures for the classification of instruments.
In order to assess and measure interest rate risk, the institutions are expected to employ at least one
profit-based indicator and at least one method of measuring economic value as well; together, these
should take into consideration all the interest rate risk components originating from the banking book
(repricing, basis and option risks).
The income effect can be identified by using a number of indicators, of which the net interest income
(NII) and net interest margin indicators are applied the most frequently. In addition to indicators, any
other ratios or indices quantifying the institution’s income position and changes thereof may be used,
provided that they have demonstrated their suitability to identify current and expected future
developments in the income position and that they take account of all elements that have a significant
impact on profitability.
The institution’s economic value of equity is to be calculated as the net present value of the total cash
flow of the assets, liabilities and off-balance sheet items constituting the banking book, by taking into
account asset and liability cash flows and off-balance sheet items with the sign corresponding to the
direction of the position concerned. Total cashflow means that all cashflows emerging until the final
(actual or estimated) expiry of certain positions are to be included in the calculation.
In terms of its source, the interest rate risk in the bank’s balance sheet can be classified into three main
types:
 repricing risk: the risk arising from the time lag of the repricing structure of assets and liabilities
and off-balance sheet items, including the risk arising from changes in the shape and slope of
the yield curve;
 basis risk: risk deriving from the change in the relationship or correlation between two
instruments serving as a basis for the pricing of assets, liabilities and off-balance sheet items and
between the priced item and the interest rate of the instrument;
 option risk: the risk deriving from options pertaining to the – explicit or inherent –
characteristics of banking products that influence the interest rate risk of the product.
Table 1 in 2018/02 EBA GL sets out the minimum requirements for identifying the 3 subcomponents of
interest rate risk.
For the purpose of actively supporting management decisions, it is expected that internal reports to the
management body are produced and presented at the relevant levels of aggregation, with a sufficient
level of detail and at least quarterly frequency and, among other things, contain comparisons of the
actual exposures and limits, the action to be taken in the event of any limit overruns, the risk
measurement results, and the amount of, and changes in the capital requirement.
ICAAP review
The MNB considers interest rate risks in the banking book as material risks for all institutions and
expects them to measure and manage such risks by wide range of quantitative tools and appropriate
models (and proportionately to the institution’s exposure to interest rate risk), according to the
following aspects:
98
 The models should be able to measure the interest rate risks’ short-term impact on income and
long-term impact on equity value and apply generally accepted and understood risk
management methodologies and procedures.
 They should be capable of evaluating and quantifying all interest rate risk types arising in
relation to assets, liabilities and off-balance sheet items not registered in the trading book.
 Furthermore, they should cover all balance sheet items and off-balance sheet items that are
exposed to interest-rate risks, and beside interest-bearing assets, liabilities and off-balance
sheet items not registered in the trading book, non-interest expenditures and revenues that are
sensitive to changes of market interest rates (fees and commissions), if they play a relevant role
in income developments. At the same time, CET1 capital components and perpetual equity
should be excluded.
 In order to determine, as precisely as possible, the effect of interest rate risks on income and
equity value, the data applied (volume, interest rates, maturity pricing information, options,
etc.) should be specified properly and in line with the nature and magnitude of the institution’s
activities and risks. Furthermore, these data should be available in, or generated from, the credit
institution’s records with adequate accuracy in a timely manner.
 The underlying assumptions should be valid, properly documented, prudent and sufficiently
consistent over time. It is an especially important consideration for new products and
assets/liabilities, whose maturity or repricing period differs from the original contract conditions
or is not defined by contract. Assumptions should be understood clearly, adjusted to the
business strategies and subjected to regular (at least annual) stress testing, validation and
reviews. Key changes should be documented and are subject to approval by executive
management.
 The handling of interest rate risks in the banking book is an integral part of the credit
institution’s risk management activity. The management and the board should take into
consideration information derived from the risk management model when making decisions on
interest rate risks.
 Standard interest rate shocks expected as per international recommendations should form a
part of the institution’s practice of managing interest rate risks in the banking book.
 The credit institution should operate an IT system which adequately supports both at an
individual level and at a local group level, the procedures and processes required to measure,
control and report interest rate risks. The systems should have the capability for the recording
of all transactions fully and clearly, for calculating economic value and financial result indicators
and for running flexible, varied stress scenarios.
 If the institution applies internal hedges for the purpose of transferring the risk between the
banking and the trading book, these must be clearly documented, reflect the mark-to-market
method and should not be aimed at reducing the capital requirement.
 There is no diversification effect between the interest rate risk in the banking book and the
trading book risks and foreign exchange risk, the capital requirements for the two portfolios are
added up when determining the overall capital requirement.
 Institutions should model how interest rates and volume of sight deposits change as a result of
changes in market interest rates.
 Institutions should monitor and model the interest rate risk effect of prepayments on loans and
deposit breaks. Similarly, the interest rate risk characteristics of non-performing exposures
should also be assessed, and these impacts should also be taken into consideration in interest
rate risk calculations.
 For calculations using the EVE approach, institutions may opt to increase the yield curve used for
discounting by a credit risk spread component in order to ensure that future expected credit
losses are taken into account in the present value. This is particularly important for portfolios
with high credit risk and high margins.
99
 Institutions may also opt to reduce contractual cash flows by credit risk spread or commercial
margin. Institutions may not use this method simultaneously with the discount curve
adjustment referred to in the previous point.
 Institutions must identify, monitor and measure their credit spread risk in the banking book
(CSRBB).
 In the case of negative interest rates, institutions should take into account the product-specific
interest rate floors that may be stipulated in the underlying contract or legislation or arise from
typical customer behaviours.
 Institutions should be aware of the automatic and behavioural options inherent in products.
 They should set the average repricing period of exposures without a repricing date more than 5
years for all currencies.
 Institutions may also use models developed by a third party if they fully understand the model
and are able to customise it to match the institution’s specific characteristics.
Stress tests related to the interest rate risks in the banking book
Supervisor outlier test
As part of the management of interest rate risks in the banking book, the institutions are expected to
perform regularly (once a quarter) stress tests that show the potential impact of a material change in
the interest rate environment on the short-term profitability and long-term economic value of equity of
the institution. The stress tests should include at least one scenario with a prompt and unexpected
shock, a persistently changed interest rate level and parallel shifts of different magnitude and direction
in the yield curves. Beyond the parallel yield curve shock scenarios considered as the baseline, the MNB
expects a more thorough assessment of risks by using scenarios simulating further shocks to the interest
rate and changes in the shape and steepness of yield curves.
The institution is expected to model standard interest rate shocks to the banking book for all currencies
in which the aggregate sum of its denominated and off-trading book assets and liabilities and off-
balance sheet transactions in the currency concerned exceed 5% of all banking book items, of where the
combined amount of such transactions account for at least 90% of the total banking book exposures. (If
the currencies with a share of more than 5% do not account for 90% of the total banking book, then
those with smaller shares will also be included in the calculation.)
Upon determining the magnitude of the interest rate shocks applied, the MNB expects institutions to
take into account – for each foreign currency concerned – the actual level of interest rates, the level of
past interest rate changes, changes in the volatility of the interest rates, and the relevant regulatory
recommendations. The MNB is guided by the scenarios set out in international recommendations (see
below for details) for the types and extent of standard interest rate shocks.
When calculating the aggregate change in the economic value of equity, the institution should add up
the negative and positive changes of the economic value of equity observed in all the currencies.
However, it should assign a 50% weight to positive changes.
When calculating the economic value of equity, the institutions should assume a run-off balance sheet.
The institutions should take into account or exclude from the scope the trade margins and interest rate
margins in accordance with their internal management and assessment approach. If they opt for
exclusion, they should report this fact to the Supervisory Authority.
If scenarios assuming a parallel shift in the yield curve by +/-200 basis points and concerning the interest
rate risk in the banking book it shows a potential decrease of the institution’s economic value in excess
of 20% of its regulatory capital, the credit institution should take action to reduce its exposure to
interest rate risk. These actions may be targeted at increasing capital or reducing risk exposure. If the
100
absence of these measures the MNB initiates the reduction of the credit institution’s risk exposures and
the reinforcement of risk management processes. Before taking such steps, however, the MNB always
assesses the sufficiency of the actions taken by the institution itself and considers the form and means
of supervisory action accordingly. Effective from 30 June 2019, the new EBA Guidelines set an additional
15% early warning level as a threshold for the change in equity value as compared against the
institution’s Tier 1 capital; breaching this will not require immediate action, but institutions must notify
the MNB about reaching or exceeding the warning level. The MNB’s expectation is for economic value
sensitivity to be quantified using the scenarios in Annex III to EBA Guidelines 2018/2 in the case of
foreign currencies and using the interest rate changes defined in this document (see Appendix 2) in the
case of HUF.
Additional stress tests
Reverse stress tests are recommended for identifying severe interest rate scenarios and sensitivities due
to strategy or customer behaviour.
In an environment of low interest rates, negative interest rate scenarios are also recommended to be
taken into account.
If necessary, it is recommended to use scenarios that are significantly larger and more extreme than the
requirement. Examples include significant changes in the relations between important market interest
rates or changes in the assumptions on correlations between interest rates.
Larger and more complex institutions are recommended to use more sophisticated and complex
scenarios, in which the assumptions also depend on interest rate changes.
The MNB expects institutions to incorporate the stress testing of banking book interest rate risk into
their overall stress testing practices. During stress testing, they should take into account the outcomes
of stress testing for other risk types (credit risk, market risk etc.) as well as the interaction between
various risk types and any secondary impacts.
The modelling of standard interest rate shocks is a minimum requirement, which is recommended to be
supplemented with approaches aligned to the specific characteristics of the institution according to the
above.
Capital requirement calculation
The MNB considers interest rate risk in the banking book to be a material Pillar 2 risk for all institutions
and expects institutions to have procedures and processes that provide a level of control appropriate to
their risk situation to identify, measure and manage this risk.
In addition to the impact of changes in interest rate on the economic value of equity, the calculation of
the capital requirement should also assess and quantify the income impacts.
The MNB expects institutions to determine the capital requirement for quantified interest rate risk in
the banking book within the ICAAP and to allocate capital to cover risks. In determining its capital
requirement, a methodology is to be used that is based on internal risk measurement results and takes
into account both short-term (income) and longer-term (changes in the economic value of equity)
effects. In determining the capital requirement, institutions need to use stress scenarios other than
normal market conditions that pose a higher risk than the normal interest rate environment. In order to
avoid the unjustified fluctuation of the calculated capital requirement, the actual capital requirement is
determined by taking into account the results of the period preceding the calculation (at least half a
year) and the trend of the capital requirement instead of the exclusive calculation of the calculated
value for the given date (e.g. the end of the quarter). However, the volatility of capital requirements –
compared to what appears more stable over time – actually indicates a higher level of risk, which is also
expected to be addressed in the calculations.
101
The bank must use its own calculation to determine the capital requirement and may not rely solely on
the results of supervisory calculations. When assessing the adequacy of the capital requirement set by
the bank, the MNB takes into account the results of its own benchmark calculations (as well). The most
important parameters of these benchmark calculations are as follows:
 The MNB applies a static business scenario, i.e. it assumes constant balance sheet items and risk
profiles in NII sensitivity calculations and substitutes maturing exposures with new exposures of
the same risk characteristics and volumes. One exception to this is the treatment of sight
deposits, exposures of which are not considered permanent in some cases. The evolution of
these exposures, as opposed to term deposits, may vary in different market scenarios.
 EVE sensitivity is determined by using the ‘run-off’ model, where the exposures currently in the
balance sheet are assumed to run off by the contractually stipulated or estimated terms.
 For the purposes of these calculations, the MNB uses 6 market scenarios as set in international
recommendations84 (2 reverse, parallel yield curve shocks, 2 yield curve slope changes, 2 yield
curve deformations). The procedure used and the extent of interest rate shocks are shown in
Appendix 2.
 We perform the calculations separately for all currencies accounting for at least 5% of total
banking book assets/liabilities, but collectively for at least 90% of the total exposures. (If the
currencies with a share of more than 5% do not account for 90% of the total banking book, then
those with smaller shares will also be included in the calculation.)
 When aggregating the results per currency and per scenario, we do not take into account the
possible risk mitigating effect of the correlation between the movement of foreign exchange
rates, i.e. the aggregation is the simple addition of the results of the worst scenarios (with the
greatest negative effect) per currency. Here the MNB acts more strictly than the procedure for
outlier testing in the EBA Guidelines. This is because the EBA Guidelines allow taking into
consideration exposures with opposite signs in the different currencies by permitting 50% of
positive changes to be used for offsetting the negative ones. However, that part of the EBA
Guidelines apply not to the calculation of the capital requirement but to the parameters of the
outlier test. Although the results of this test can potentially serve as a basis of calculating the
capital requirement, its parameters are not necessarily applicable formally and directly when
calculating the capital requirement. The capital requirement must cover risks even under
circumstances representing higher risk than the normal market environment. In the case of
interest rate risk, such an environment is captured in assumed interest rate shock scenarios,
which are fundamentally generated by various shifts in yield curve points. However, it is more
difficult in an environment of interest rate shock to predict the direction and extent of
correlations across interest rates and thus to reliably quantify the size of the diversification
impact; correlations observed in a non-shock environment may lose their relevance.
 In determining the capital requirement, market scenarios are incorporated in terms of their
effects on both income (sensitivity of net interest income) and on the value of equity (sensitivity
of the economic value of equity).
 Within the instruments with undefined interest rate risk characteristics, sight deposits are of the
most significant proportion in banks’ balance sheets; modelling is used to determine the
parameters required for the calculations applicable to these products. Appendix 3 contains a
more detailed description of the model.
 Time horizon for measuring the sensitivity of income: 1 year.
 Effective capital requirements are determined on the basis of a method that also takes trends
and variability into account rather than relying exclusively on current values calculated for the
end of the period concerned (usually month). In practice, this means taking into account the
average value derived from the time series of the capital requirement data and standard
deviation.
84
See BCBS: Standard: Interest rate risk in the banking book; EBA: Guidelines on the management of interest rate risk arising from non-trading
book activities
102
 When determining the sensitivity of income (net interest income), the capital requirement is not
reduced by the expected income, i.e. the potential profit (profitability) is not included in the
calculations as a loss absorbent component.
 For both the EVE and NII sensitivity calculations, the baseline scenario is determined by
reference to the current yield curve on the market at the reference date of the calculation.
 In the income sensitivity calculations, the MNB uses as an alternative baseline scenario where
the assets, liabilities and off-balance sheet items currently assume the unchanged interest rates
on the balance sheet since the last interest rate change. The sensitivity of income is determined
based on the differences in the interest rates in the stress interest rate scenarios compared to
these interest rates.
A detailed description of the calculations is provided in Appendix 1.

The MNB considers it important that institutions separate the general interest rate risk of the
government securities portfolio in the banking book and the risk of spread (the difference between the
bond curve and the swap curve). The MNB does not expect the spread risk of the Hungarian government
securities portfolio to be covered by capital requirements as part of the interest rate risk in the banking
book, only that it should be calculated and reported (if material according to the calculations).
Concerning the management of interest rate risk in the banking book under the ICAAP, issues not
specified in this Manual should be addressed in accordance with the relevant BIS 85 and EBA86 Guidelines
and the MNB Recommendation on the measurement, management and control of the interest rate risk
of non-trading book exposures.
V.2.5 Model risks

Definition
The new EBA SREP Guidelines distinguish two different forms of model risks:
a) the risk of potential underestimation of the quantified capital requirement by a model
approved by the regulator,
b) the risk arising from inadequate development, implementation and use of models used by
the institution for decision-making (product pricing, valuation of financial assets, customer
rating, impairment training, etc.).
With regard to point (a) above, the EBA SREP Guidelines clearly state that the risk is to be managed
within the risk type concerned, while the risks described in point (b) as model risks should be managed
under operational risks.

It is rather difficult to quantify the model risk shown in (a); practically it is next to impossible as
quantification calls for an estimation of both model deficiencies and their economic impacts. Model
deficiencies can be isolated with sensitivity analyses and stress tests, yet the conversion of their results
into economic loss figures is a rather difficult task. Therefore, in the case of this risk, the recommended
way of protection is not coverage with capital but adequate risk management. A conservative approach
that is based on sensitivity analyses, the use of subjective elements (also required in Pillar 1) and the
85
https://www.bis.org/bcbs/publ/d368.htm
86
https://eba.europa.eu/documents/10180/2282655/Guidelines+on+the+management+of+interest+rate+risk+arising+from+non-
trading+activities+%28EBA-GL-2018-02%29.pdf
103
permanent monitoring of the models’ performance may provide sufficient protection against such
unfavourable impacts.
The use of simpler capital requirement calculation methods (underestimation of credit risk when a
standardised approach is used or the underestimation of operational risks in the case of BIA or a
standardised approach) may also result in a lower capital requirement relative to the actual risks. The
institution should assess the potential deficiencies of the applied methods and should take them into
consideration during the ICAAP.
Where the supervisory review finds that the methods, parameter estimates, and procedures applied by
the institution are not satisfactory, data quality is inadequate, or that the minimum own funds
requirements shown by the institution are not sufficient to cover its risks, in Pillar 2 during the ICAAP
review the MNB may, apart from instructions for the improvement of risk control, impose additional
own funds requirements by giving proper explanation.
The MNB consistently regards all risks deriving from the inherent uncertainty of capital requirement
calculation procedures or from their negligent application as material risks, including the standardised
approaches, models based on validated internal ratings or widely used sectoral approaches applied by
institutions. Thus, in managing model risks the tasks of institutions are the following:
 to be fully aware of the mechanism of the applied and alternative approaches as well as
with their general characteristics and characteristics specific to them, and to be able to
justify their choice;
 to make every effort to precisely map and support risk exposures by using sensitivity
analyses and stress tests,
 to use adequately conservative parameters to counterbalance the possible capital reducing
effect of model deficiencies, and to manage potential distortions due to poor data quality,
 to continuously monitor model outputs, their conformity with reality and to apply
immediate adjustments on detecting problems.
Model validation by an organisational unit independent of the modelling area or by the parent bank may
be a risk mitigant. When risk exposure is assessed with an insufficiently supported model, with the lack
of prudence or with unjustified simplification – in the absence of the required conservatism and
monitoring – the MNB imposes a model risk capital requirement in the context of the supervisory review
process by carefully considering the results of alternative approaches.
In the assessment of model risk, which is listed in point (b) and as such classified under operational
risks, the MNB identifies the business lines/activities in respect of which the institution’s model use is
relevant. For business areas where the use of models is significant, the MNB assesses how significant the
impact of model risk may be.
In particular, the MNB assesses and expects the following as part of identifying and managing model
risk:
 the institution appropriately identifies its model risks, and has established a control mechanism
for their management that is prudent, and reasonable in terms of methods, frequency, back-
testing, etc. (e.g. calculation of market boundaries, internal validation or back-testing, cross-
checking with expert advice, etc.), which includes the process of model approval, validation and
maintenance,
 the institution uses the models prudently (e.g. by increasing and decreasing the relevant
parameters according to the direction of the positions, etc.) where it is aware of the deficiencies
of the model, or market or business developments,
104
 the modelling framework and the knowledge related to its application have been properly
communicated within the institution (this includes both the adequacy of the management
information system and reporting to support management decision-making, as well as the
supply of appropriate information to staff using the models and the enhancement of their
knowledge and training as needed),
 the modelling framework and its application are well documented and regulated, and in
particular the institution has a model inventory document, for which the MNB has the following
minimum expectations:
- the institution should formulate a materiality threshold for the models, for which, in
the MNB’s opinion, appropriate indicators may include e.g. the sophistication of the
models, or the size of the portfolio managed by the models,
- the model inventory should describe each credit risk model in detail at the individual
level rather than merely at the level of , i.e. not only at PD-LGD-EAD level,
- the model inventory should include when the model was last validated and when
the institution plans the next validation, and whether this validation is done
internally or externally (with the involvement of an external counterparty) and when
the model was approved, as well as the applicable responsibility,
- the inventory should show which version of the model is currently implemented and
the date of this implementation,
- the inventory should indicate whether regular monitoring reports are made for the
model (if a particular model has regular monitoring, the regularity of monitoring, the
date of the last monitoring and its most important results should also be presented),
- responsibilities for the model’s operation should be designated at the model level 87,
- the inventory should indicate whenever a product or segment is associated with the
model,
- the inventory should briefly describe the purposes for which the models used by the
institution are used, including not only credit risk models, but also those employed
in pricing, provisions, asset valuation.
 In the spirit of risk-conscious operations, the MNB expects the model to be part of the
management reports, thus ensuring that management is properly informed about the models
operated by the institution and the associated risks. The MNB also expects that the risks arising
from the inappropriate operation of the models will, if necessary, be covered by the institution
by capital requirements.
V.2.6 High-risk portfolios

Every year, the MNB publishes its Guidelines on high-risk portfolios (see Annex 4), presenting portfolios
and risks undertaken that, based on the MNB’s opinion, give rise to supervisory concern in the
Hungarian market in the given period on the basis of analysis and supervisory information. In order to
manage such risks it is justifiable and expected that the institutions concerned hold additional capital. As
a general rule, the MNB foresees the identification and monitoring of high-risk portfolios in respect of
the risks and activities identified in the risky portfolios, but the method of determining the additional
own funds requirements for the portfolios of foreign subsidiaries, if justified by local circumstances, may
deviate from that described in the guide.
87
For example manager / expert responsible for (1) development and review, (2) validation, (3) business application, and (4) implementation of
the model. For group models (4) is the manager/expert responsible for local implementation.
105
V.2.7 Other relevant risks
ICAAP 7 requires that the institution’s internal capital allocation process should capture all risks which
have not been identified earlier but are material for the institution. This may involve risks that are
specific to the institution and derive from its non-standard activities or clientele but fall outside the
scope of usual risk definitions. The institution is free to use its own terminology and definitions for other
material risks; however, it should be able to explain these to the MNB in detail, along with the related
risk measurement and management procedures.
The MNB will not provide a detailed list of other risks. It is the institution’s responsibility to map out
other relevant risks for which it has to elaborate an adequate risk identification mechanism. The
institution needs to examine the materiality of the identified risk and the result of the assessment.
Furthermore, it has to be able to explain these satisfactorily to the MNB.
Materiality: in the context of an institution’s activities, all risks which affect the achievement of business
objectives should be considered material (significant). Other risks are usually difficult or impossible to
quantify, thus their measurement and management typically call for qualitative methods. Therefore,
institutions are advised to elaborate detailed methodologies for their evaluation and management
which enable the revealing of risks and help keep them under control.
There might be a strong link between these risks and other risks, either because the former may amplify
the latter or because they stem from the escalation of basic risks (e.g. IT problems carrying a high
operational risk may also result in the fast increase of reputation risk if they impact customer systems).
Thus the assessment of the materiality of other risks is a highly subjective exercise. The MNB takes a
stand on this matter in the course of the supervisory review process and during the dialogue between
the MNB and the institution, based on the submitted documentation.
V.2.7.1 Risks of the regulatory environment

Definition
Risks of the regulatory environment are risks that affect equity or profitability directly or indirectly, and
arise from the change in the rules prescribed by international or national authorities that are applicable
to the institution, or from the prescription of new rules.
In order to mitigate the risks arising from changes in the regulatory environment, institutions are
definitely required to regularly monitor legislative preparations both in Hungary and at the EU level,
including in particular the publication of any commencement orders related to the CRD IV and CRR
packages. Institutions may manage the risks arising from the regulatory environment through processes
and/or by determining capital requirements.
ICAAP review
In the framework of the supervisory review, the MNB assesses the extent to which the institution, in the
course of its ICAAP, considered risks deriving from the regulatory environment. The institution is
expected to strive for proper awareness and to monitor changes in the regulatory environment.
Continuous regulatory oversight is essential for proper risk management. It is also expected that not
only the legal area of the institution should be informed about the relevant changes, but also that the
management and the employees concerned will be properly informed. The MNB will assign a positive
assessment in cases where the institution prepares regular summaries of legislative changes both for
management (through reports) and for employees (by providing access to information material at least
on the intranet).
106
The MNB also expects the institution to align its internal policies with the external regulatory
environment and to review them on a regular basis (at least annually, or more frequently in the event of
relevant legislative changes) and to harmonise them with the legal framework. In the event of changes
in relevant legislation affecting specific fields or the entire institution, it is necessary that the institution
first identifies the internal organisational units affected by the legislation and then examine the effects
of regulatory changes with the involvement of the affected areas and, if appropriate, prepare training
material (possibly through organised training).
The MNB expects the institution to incorporate any significant changes resulting from the current and
projected regulatory environment into its strategy and planning processes (e.g. business and capital
plans, etc.). In the event of legislative changes that significantly affect the activity of the institution, the
review and analysis of potential impacts, the preparation of scenarios, the elaboration of action plans,
and the modification of the strategic and business plan are also necessary in advance.
V.3 Stress tests
Stress testing, as a concept, covers all quantitative and qualitative techniques and risk management
methodologies which financial institutions can employ to gain an overview of their exposure or
vulnerability to the impacts of exceptional but possible events that may occur due to rare risk events
that can have severe consequences. Due to the previous financial and economic crisis, the MNB attaches
great importance to stress tests in order to effectively mitigate the negative impact on institutions of a
potential future economic downturn.
The Pillar 2 stress tests required under the ICAAP are supposed to provide a forward-looking,
comprehensive and integrated assessment on all of the institution's material risks (including credit risk,
counterparty risk, securitisation, market risk, operational and conduct risk, liquidity risk, non-trading
risk, concentration risk, FX lending risk). This way, the scope of stress tests (including but not limited to
the risk types discussed earlier) includes the consideration of the impact of all market, economic,
institutional or political risk factors which may have a substantial impact on the prudent and solvent
operations, and profitability, of the institution concerned. In this sense, the stress testing methodology
discussed herein definitely exceeds CRR requirements. This is equally true for credit risk stress tests 88 to
be applied under Pillar 1 by institutions using internal ratings based (IRB) approaches and for general
regulations that relate to Pillar 2 stress tests 89.
In the MNB’s view, there is no single “correct” stress testing methodology. The range of approaches
acceptable in respect of a particular institution largely depends on factors including but not limited to its
size, organisational structure, type of authorised activities and services, business model and strategy
applied, complexity of its activities, risk appetite, and quality of risk management. Having regard to the
principle of proportionality, however, the MNB expects the stress testing methodology applied to be
sufficiently sophisticated in the light of the above factors. Major and more complex institutions need to
have more sophisticated stress test programs also on a consolidated level, while small and less complex
institutions and groups (on a consolidated level) can also implement simpler stress test programs.
However, the MNB definitely expects institutions under the comprehensive SREP to have an advanced,
complex and integrated stress testing framework.
The MNB is in favour of a sophisticated approach and expects the simultaneous application of different
methodologies (sensitivity analysis, scenario analysis, “reverse” stress test) from institutions under the
comprehensive SREP:
88
Compliance with Article 177 of the CRR is a pre-condition for obtaining the supervisory authorisation required for the adoption of the IRB
method, according to which an institution should have in place stress tests to properly identify the impact of potential adverse events on its
loan portfolio, and it should demonstrate that it is resilient to such events. .
89
The CRR regulates Pillar 2 tests in a rather general manner but sets out more specific regulations for certain risk types (e.g. interest rate risk
in the banking book, concentration risk of lending, etc.)
107
 Sensitivity analysis: is a stress test that measures the potential impact of a specific risk factor on
a particular portfolio or institution as a whole on capital or liquidity. In the first step, the
institutions should identify the relevant risk factors and ensure that the analysis covers all
relevant types of risk factors. Institutions should maintain a list of the risk factors identified.
Where the institution also relies on expert estimates, these estimates need to be explained in
detail. If combined occurrence is assumed, the individual risk factor analyses should be
supplemented with analyses involving multiple risk factors without the need for a scenario
definition.
 Scenario analysis: the test of an institution or a portfolio for its ability to resist a scenario
comprising a series of risk factors. It is important that stress test scenarios are not only based on
historical events, but should also take into account hypothetical scenarios based on non-
historical events. Institutions should ensure that scenarios are forward-looking and take into
account systemic and institutional-specific changes in the present and the foreseeable future.
Institutions should determine the severity of the scenario by taking into account the specific
weaknesses of the institution (e.g. exposure to international markets). Institutions should make
sure that they choose a scenario that is sufficiently serious both in relative and absolute terms.
 “Reverse” stress test: an institutional stress test that starts out from the specification of a
predefined output (e.g. where an institution's business model becomes non-viable or insolvent
or likely to become an insolvent institution), then reveals the scenarios and circumstances that
may lead to its occurrence. In the reverse stress test, institutions identify the predefined outputs
to be tested, identify possible adverse circumstances that would expose them to severe
weaknesses, and trigger predetermined output, assess the probability of events in a scenario
leading to the predetermined output, and adopt effective provisions, processes, systems or
other measures to prevent or mitigate the risks and weaknesses identified.
ICAAP review
In terms of ICAAP reviews, the most appropriate form of stress testing involves the so-called “bottom-
up” stress test, which relies heavily on the institution's own methodology. In this framework, risk
parameters, results and their impact on capital adequacy are calculated by the institution itself,
according to the rules imposed by the Supervisory Authority.
As set out in the Manual, in the MNB’s understanding the concept of stress tests involves a
comprehensive set of tools and procedures. The large degree of freedom and flexibility in stress testing
as an approach is especially useful for two different reasons. On the one hand, the capital requirement
calculation methodology geared to considering the individual risk types independently does not in
reality offer an opportunity to examine the interaction of risks. In a Hungarian context, it primarily (not
exclusively) means that the mutual interdependence of credit risks and exchange rate risks, market and
liquidity risks can only be captured within a comprehensive stress test which supplements the individual
risk methods. On the other hand, the capital requirement calculation procedures for individual risks may
– due to their nature – apply restrictive and simplifying assumptions (e.g. relating to independence,
normality) which result in the considerable underestimation of actual risk exposures.
Stress tests are essential building blocks for risk-conscious operation, and for preparations for potential
crisis situations. Consequently, in the context of the supervisory review, the MNB expects each
supervised institution to have a thorough knowledge about the guidelines on stress testing published by
the international supervisory community, about the quantified impact of changes in the most significant
environmental factors on the institution’s position and about the main shortcomings of the methods
applied in capital requirement calculations. In keeping with the principle of proportionality, the MNB
also requires that stress tests be developed with the same level of professionalism as the major risk
108
types and form an integral part of the economic capital requirement calculation. In the MNB’s opinion,
this can only be accomplished if
 the individual stress tests raise unambiguous questions, they have a rational concept and their
methodology is developed with the recognition that the capital requirement of most risk types
represents in itself a potential loss associated with an extreme stress scenario;
 one of the key elements of stress tests is the model which determines the transmission (i.e. its
impact on the institution) of external environmental shocks which is developed by
methodological sophistication and by utilising both past experience and (if possible) granular
level data of the portfolio;
 the individual stress tests enable the joint capture of credit and exchange rate risks and the
investigation of market and liquidity risks in a uniform framework;
 stress tests, if possible, take into account feedback (e.g. institutional reactions, risk mitigating
steps) and secondary effects (e.g. risk spill-over, possible forms of risk aversion), and the
credibility of the expected outcome of potential action plans is assessed by the supervisory
authority, subject to a sufficiently reasoned explanation provided by the institution;
 stress tests also extend to mapping shortcomings in the individual capital requirement
calculation methods applied within the framework of economic capital calculations, and if
possible, they indicate the capital requirement sensitivity linked to the individual risk types for
the purpose of changing the methodology and the assumptions used.
The MNB views stress testing primarily as a diagnostic tool because for most risk types the capital
requirement is, from the outset, specified to cover a possible extreme loss.
V.3.1 Reliability of the risk models applied
The risk exposure of institutions is determined by the operation of the financial system, which is a
complex network. The interactions within this network and their uncertainty make the clear
identification, accurate pricing and proper management of risk very difficult. Due to the complexity of
the system, models for the calculation of economic capital requirements can only capture the aggregate
risks of the institution in an indirect manner and must employ various assumptions regarding
correlations between asset prices and risk factors. Empirical experience shows the latter tend to grow
significantly (in absolute value) in a stress situation, thus models which focus on regular operations often
underestimate the actual risks under a crisis. This problem not only applies to risks within specific risk
types but also to the interrelations of risks. Therefore, the MNB requires institutions to have a clear view
of the performance of their risk models in crisis situations.
V.3.2 Adoption of an integrated risk management approach
For a number of reasons, risk types are discussed separately in existing business and regulatory practice
and thus they supply inputs for economic capital requirement calculations independently of each other.
Recent developments (the integration of money and capital markets, securitisation, economic based
accounting techniques, spreading of derivatives, etc.), however, blurred the differences between risks in
many aspects. A typical example to be mentioned is loan products offered with floating rate and
denominated in foreign currency (a product category of special significance for the Hungarian financial
system). In the case of these products, market risk and credit risk factors cannot be separated clearly;
and the crisis highlighted the organic relationship between liquidity risk and the two previously
mentioned risk types.
The MNB considers the integrated, comprehensive approach to risk management to be of paramount
importance, because in many cases, the risk exposure will be assessed to be higher than the
expectations of the institution when interactions are also factored in. The MNB expects integrated stress
tests at a consolidated level to be carried out for all institutions subject to comprehensive SREPs.
In the light of the considerations outlined above, stress testing methodologies that are limited to
changing the input parameters of internal risk models (e.g. shifting of PDs, increase of LGDs) are not
109
considered sufficient by the MNB. Furthermore, the MNB requires institutions to have a clear-cut and
identifiable stress testing programme that is set out in a policy of adequately high standard. We also
consider it necessary that supervised institutions should interpret and understand the results of their
stress tests so that test results can serve as a basis of clearly defined risk mitigation measures. The MNB
expects that the stress testing programme is communicated effectively across all business lines and at
management level in order to increase risk awareness, improve risk culture, and promote the dialogue
within the organisation on potential risk management measures. As a prerequisite for this, the MNB
requires the responsibility and proper awareness of the supreme management body of the institution.
Regarding the values used for the tests, the MNB requires that the stress tests (also) reflect the effect of
environmental shocks that are really exceptional and significant. 90 The MNB considers it indispensable
that institutions use their experiences gained during the crisis when selecting risk magnitudes and
methods and act in a sufficiently conservative manner.
Therefore, stress tests must be defined in accordance with the characteristics of the institution’s
portfolio, the risks taken by the institution, and the prevailing environmental conditions. In case any
change (or expected change) occurs in these factors, the applied tests must be revised. The MNB
requires institutions to carry out this revision annually even if the changes of the aforementioned
factors would not call for it. The MNB requires that stress tests are run more frequently than that.
In the current situation, the MNB believes that stress tests must indispensably become organically
integrated into the risk management practices of institutions and that their results should be utilised by
the institution in the following areas:
 verification of the results of capital requirement calculations and the identification of their
reliability
 during the evaluation of the liquidity position and capital planning;
 during the elaboration of the risk strategy;
 overall senior management decision-making, e.g. elaboration of emergency scenarios, setting of
limits, etc.;
 potentially for the determination of additional regulatory capital requirement after consultation
with the MNB;
 if necessary, for taking adequate risk-mitigating measures (equity raise, strategy, use of stricter
limits, etc.)
In order to ensure that regulatory requirements are fulfilled in practice, the MNB requires institutions to
have a comprehensive stress testing policy that is documented in detail and has been approved by the
institution’s senior management. This should include all relevant aspects of the stress testing process:
 the methodology applied (detailed description of models, reliability of parameters, support of
model conditions, need for management actions),
 purpose,
 frequency,
 the data applied (the data used in the stress test, time series, parameters, portfolios should be
consistent with those in other areas of the organisation, i.e. risk management / controlling /
reporting / capital requirement calculations),
 use of results,
 IT infrastructure,
 responsibilities.
It is also important that the institution should have sufficient resources and an adequate pool of experts
for stress testing. It should be noted that the MNB also expects the reverse stress test to be performed
by institutions subject to comprehensive SREPs as a complement to multiple stress test methods. When
a reverse stress test is applied, with a view to mapping out the weaknesses of the institution, scenarios
90
Due to the presence of nonlinear risk correlations, the MNB considers it useful to test stress scenarios of different severity and probability.
110
and parameters are sought which would lead to a major deterioration in the institution’s position (e.g.
by causing a significant loss, loss of capital or a liquidity stress). The resulting parameters are then
analysed based on the probability of their occurrence (monitoring). The application of the method
contributes to the more effective detection and management of risks and enables the Supervisory
Authority to identify systemic problems in the cross-sectional evaluation of results.
In order to assess systemic risks in a more reliable manner, the MNB reserves the option to require the
supervised institutions to apply specific stress scenarios. The benefit of that exercise would be that the
cross-sectional comparison of models and results would enable both the MNB and the institutions to
gain a more accurate picture of the institutions’ risk exposures and the suitability of their stress-testing
procedures.
When defining scenarios, the extent of the shock of each factor is important, i.e. the probability of
occurrence and the evolution of economic processes should be proportional to each other. It is also
important to ensure the internal consistency of the scenarios, i.e. that the evolution of individual factors
along a path should not lead to contradiction. All relevant factors should be taken into account in the
stress test (currency, interest rate and yield, stock market, commodity market shocks, elements of
economic growth). During stress tests, concentration risk and large exposures shall be measured on the
assumption of default of the institution's largest exposures. In the estimates, the institution has to
perform the calculations in a conservative manner in terms of the magnitude of the losses.
V.3.3 The practical application of the principle of proportionality at small institutions
In line with the principle of proportionality, the MNB does not expect smaller institutions with less
complex operational characteristics to develop reverse stress tests. Nevertheless, it expects them to
take advantage of the opportunities offered by the wide range of instruments available for testing shock
tolerance as best suited to the specifics of the institution. It is important for smaller institutions to also
work towards developing their scenario analysis, as this would offer them a comprehensive view of their
actual risks and their impact on capital. The MNB disapproves of institutions not having an overall
practice of creating a statistically demonstrable link between the main factors determining the bank’s
profitability and capital accumulation capacity on the one hand and the financial and macroeconomic
variables critical for banking operations on the other. The MNB takes the view that developing a model
on empirical foundations would offer banks a suitable understanding on the level of risk in their
operations and the potential losses that also impact on capital adequacy.
Furthermore, the MNB expects the institutions to prioritise the identification of risks unique to their
specific operations, to document the methodology of identifying the potential unique sources of risk
(e.g. collateral shock) and to quantify their impact on the financial situation of the institution. This is
especially important for institutions whose unique business models result in specific risks (clearly
delineated field of operations, clientele, special lending terms, coverage requirements etc.).
In addition, the MNB expects all institutions to produce a standard stress test documentation, in which
they describe the stress types used, their methodologies, the related limits, and the management
information and decision points. An enhancement of procedures is recommended in order to prevent
excessive risk concentration within the institution. It cannot be overemphasised, however, that these
documents should not be limited to reactive action plans for the event of specific risks occurring but
should instead aim at the proactive identification and timely management of risks in the case of
exposures that represent excessive risk.
In addition to the generalities listed above, the MNB is guided by the EBA Guidelines on Institutions
Stress Testing (EBA/GL/2018/04), published on 19 July 2018, which it applies in forming judgments the
stress tests of institutions. The MNB expects supervised institutions to study the referenced guideline in
detail and strive for complying with its provisions.
111
V.4 Description of the stress-testing framework used to determine capital guidance
In line with the EBA’s expectation, 91 the MNB introduced a new Capital Guidance (P2G) in 2019 on the
capital adequacy of Hungarian credit institutions in order to ensure that supervised institutions remain
solvent in stressed scenarios as well.
The extent of the Capital Guidance is determined by the supervisory stress test, which is carried out by
the MNB. In this calculation, the MNB may also take into account the results of the institution's own
stress test. Capital Guidance is not part of the quantified TSCR in the ICAAP review nor can it be
considered a capital buffer. While its breach does not involve direct sanctions, all cases it will result in a
close monitoring of the capital position, in which the MNB may request a review of the capital plan of
the credit institution and its regular presentation to the MNB. By calculating Capital Guidance, the MNB
communicates to the institution's management that it estimates the minimum free capital level to be
maintained over the TSCR and capital buffers, which ensures the secure operation of the institution. It is
calculated within the stress-testing framework and primarily quantifies the extent to which the
institution's CET1 capital adequacy (CET1 quality regulatory capital / regulatory pillar TREA) decreases
along the stress path.
The MNB has developed a top-down stress-testing framework (hereafter: supervisory stress test), which
relies mainly on the supervised institutions’ regular reporting to the MNB. The MNB considers it
important that the results obtained about the different banks should be comparable because this serves
as the basis for the supervisor’s Capital Guidance in effect since 2019. As a result, the MNB benchmark
uses stress testing models developed on banking sector data to quantify the negative impacts of a
potential economic downturn. Taking into consideration the current market and banking sector trends
and supporting a conservative approach, it has decided to make dynamic the former gross static balance
sheet assumption. This will change the evolution of exposures to the extent that the balance sheet total
will not be a constant, so that increasing non-performing portfolios will not necessarily entail a decrease
in the performing credit exposures, and the performing portfolio may decrease not only due to an
increase in NPL but also due to amortisation exceeding the potentially decreasing stressed lending. The
main elements of this stress testing methodology are explained below.
An important difference from the framework developed by the EBA is that the MNB's supervisory stress
test quantifies the impact of macroeconomic shocks other than those defined by the EBA, which better
reflects the mechanisms of the Hungarian economy. During the stress test, a baseline and a stress path 92
are quantified, taking into account the shocks defined by the MNB. The quantification of Capital
Guidance depends mainly on the institution's estimated capital adequacy on the stress path, while the
baseline scenario provides a better understanding of the results and a basis for comparison. The balance
sheet dynamic captures the trends in changes in exposures over the recent period and observed during
the last crisis. The characteristics of new assets and liabilities reflect the market conditions observed in
the baseline and the stressed scenarios and the characteristics of run-off exposures. The dynamic
balance sheet assumption also influences the development of risk-weighted assets, which are decisive
for capital adequacy, as RWA is also altered by changes in the portfolio. Another important factor from
the point of view of capital adequacy is the level of capital available to the institution, which is
determined by the risks realised during the forecast period and the capital accumulation capability
characteristic of the institution.
Among the risks, credit risk is one of the most significant, the impact of which is also reflected in the
supervisory stress test through several channels. In the stress scenario, the environment determined by
the macroeconomic shock results in a rise in the probability of default, which is based on the model
incorporating the macroeconomic factors estimated by the MNB and the customer and transaction
91
In 2018, the European Banking Authority revised the EBA SREP Guidelines to include the Pillar 2 Guidance (P2G) as a direct capital
requirement implication of stress testing. The P2G is also expected to be incorporated into CRD V.
92
It should be noted that the stress path used in the supervisory stress test is completely unique, so it does not match the unfavourable
trajectories of stress tests communicated by other MNB forums (e.g. Financial Stability Report).
112
characteristics. In addition, the coverage of non-performing assets by provisions increases during the
stress period, in line with the worsening economic outlook and rising loss rates. The credit risk loss
model is fully in line with IFRS 9 requirements. Compared to the earlier impairment calculations under
IAS 39, the main change is that the model not only manages the actual impairment but also the
expected lifetime of the loan. Impairment on loan portfolios broken down into different segments 93 and
impairment categories are revised to reflect the negative credit risk effects of the deteriorating
economic environment on the level of impairment for the entire life cycle. If the residual maturity of the
loan exceeds the three-year duration of the stress path, the model assumes that the economic and
credit risk parameters will gradually, linearly return to the baseline values in the six years following the
stress, and then hold them until maturity. One exception to comprises the credit risk parameters of
“Stage 3” exposures, which retain the values assumed as of the end of the stress scenario. The credit
risk parameters used in the impairment model are calculated as follows.
As a first step, the probability of default for different years along the stress path, which is formed
according to the macroeconomic indicators 94 involved in modelling, is estimated based on the current
loss rates. The calculated probability of default of a given segment for a given impairment category will
gradually return to the projected baseline as described above. After the third year of the baseline
scenario, the model assumes that the value of the last year remains unchanged until the maturity of the
loan portfolio under review. In the case of high-quality, performing (“Stage 1”) loans, the expected loss
will be calculated over the next 12 months using conditional PD values dependent on economic cycle
(PiT, point-in-time). This means that the value of impairment on “Stage 1” loans is completely
recalculated three times during the stress path, as the intensity of shock varies from year to year. In the
case of deteriorating quality, underperforming (“Stage 2”) loans, the model calculates expected losses
for the entire lifetime, similarly using PiT PDs, except that if the average maturity of the loan portfolio
exceeds the length of the stress path, a return to the baseline after three years is also factored in. For
non-performing (“Stage 3”) loans, the PD value is 100%, as the model assumes no curing for defaulted
loans. In the case of FX-denominated loan portfolios, the PD values calculated by the model are adjusted
by a penalty factor due to the additional risks of these exposures. This factor is calculated on the basis of
the currency movements of the financial and economic crisis and the subsequent volatile period.
The next step is to calculate the transition probabilities between different categories of impairment. The
probabilities of migration to the non-performing category as calculated for the stress path are derived
through the modelled relationship between the initial probabilities and simulated PD values. The
probabilities of two-way transition between the two performing categories are calculated using
historical data. In all cases, the sum of the probability of migration from the given category to the other
two, as well as the probability of staying in the given category, must be 100%. The probability of
migrating from “Stage 3” to the other two categories is 0% due to the prohibition of curing, so it follows
from the above rule that the probability of remaining in the non-performing category is 100%. The two
remaining probabilities (staying in “Stage 1” and “Stage 2”) are calculated on a residual basis by topping
up the sum of the probabilities assigned to the two impairment categories to 100%. In addition, the
probability of migration from “Stage 1” to “Stage 2”, and that of reverse migrations are also be limited.
The former may not fall below the initial value, while the latter may not increase above the initial value.
The third step is stressing LGDs. The losses expected in the event of default are offset by the model
using two types of shock. One is the FX shock applied to FX-denominated loans. The other economic
break is the property market shock affecting collateralised loans. Other collateral (guarantee, financial
collateral etc.) values are stressed on the basis of historical changes. The probability of curing for a given
loan portfolio is reflected in the LGD modelled for the bank under review as of the start of the stress
test, and will thereby remain present throughout the stress path.
93
Sovereign / local government, financial institution, large enterprise, micro, small and medium-sized enterprise, project, hedged retail,
unhedged retail
94
E.g. Investment, GDP, Unemployment, Inflation, Exchange Rate, Net Exports, Wages, Household Savings
113
With a dynamic balance sheet assumption, the credit conversion factor (CCF) may also change, so that
the off-balance sheet exposures included in the quantification of credit risk in a stress scenario will also
be based on historical processes observed in a past crisis.
The final step in quantifying credit risk parameters is the calculation of lifetime expected credit losses for
transactions that migrate from “Stage 1” to “Stage 2” during the three years of the stress path. This
exercise will also cover transactions starting in “Stage 2” in the period under review, whether they
remain in that category or become non-performing later on. For “Stage 3” transactions, the cost of
lifetime expected credit risk will be the LGD for these transactions, PD being at 100%. The cost of
lifetime expected credit risk is derived as the product of current exposure, marginal PD and LGD. It is
important to note that, due to the static balance assumption, the gross exposure remains constant for
the three years under review and only then begins to depreciate. Among other things, this implies that
the expected maturity of the portfolios will remain the same as the end-of-year observed value, and that
credit exposures maturing before the end of the three years will be rolled over with the same credit risk
characteristics (including the impairment category under IFRS 9).
As with ICAAP, credit risk incorporates counterparty risk and CVA risk. In the case of counterparty risk, in
line with the basic assumptions of the EBA stress test, the methodology assumes the default of the two
most risky clients of the 10 largest. When selecting the largest clients, the exposure underlying the
ranking is determined at group level, on a net basis. The clients under review do not include exposures
to sovereigns, central banks, and within the banking group. The identity of the two most risky clients is
determined by the internal evaluation of the bank under review and by the external rating. The
exposure of the two defaulting clients through a qualified clearing house and guaranteed by it, if it
relates to the total exposure, is 100% deducted before the expected stressed loss is calculated. The loss,
which is deducted in full during the first year of the stress path, is determined using the product of the
residual exposure and the related LGD or other loss resulting from the transaction during the expected
default event specified in the standardized approach. The CVA risk loss is quantified on the basis of the
relevant capital requirement under the ICAAP, which appears as a one-off loss in the supervisory stress
test in the first year, as with the counterparty risk. It is important to mention that counterparty risk and
CVA loss only weaken the result of the stress path, whereas in the baseline they are assumed to be 0.
In addition, an important source of risk is market risk, which for stress testing purposes is subdivided
into aggregated banking and trading book risks. In the case of banking book exposures, stressed value is
coupled with interest rate risk and foreign exchange risk. The shifting of an exposure measured at fair
value triggered by a change in exchange rates after the introduction of the dynamic balance sheet will
be meaningful because it entails a change in the balance sheet total. In addition, the effect of the
revaluation of foreign currencies can appear in credit risk through the PD values and in the trading book
due to measurement at amortized cost. Interest rate risk in the banking book is quantified based on the
benchmark model of the MNB, and is guided by the average interest rate rise over the three years of the
stress path. The revaluation of FVOCI securities is recognised through other comprehensive income in
the first year as a one-off item. Subsequently, revaluation is amortised over time, taking into account the
average maturity of the portfolio, i.e. also recognised through other comprehensive income with the
opposite sign in approaching the initial value over the years until the calculated average maturity. The
aggregate revaluation of the FVTPL part of available-for-sale securities and of their IRS hedges is derived
using a similar mechanism, except that it is recognised through profit or loss. Of the types of risk
associated with the trading book, the interest rate risk is calculated in the same way as for the banking
book counterpart, taking into account the specific interest rate shock, the main difference being that it is
recognised directly through profit and loss rather than directly through equity. Foreign exchange risk in
the trading book applies to assets denominated in foreign currencies, both securities and their off-
balance sheet hedges, and its extent depends on the intensity of the exchange rate shock. Other risks in
the trading book (e.g. equity risk, commodity risk) are determined taking into account the capital
requirement for them. The treasury earnings on trading instruments that are also held in the profit and
loss account are projected as the average of the results of the last three full years before the stress path.
114
Of the market risk-related income items, only the net result of treasury activity appears in the baseline,
with values and calculations equivalent to those of the stress path.
The operational risk is also the projection of the average of the results of the last three full years before
the stress path, with two differences compared to the calculation of the trading result. The first
difference is to take into account the effect of one-off items (such as losses recorded on the conversion
of retail loans denominated in foreign currency to forint) in determining the final value, the second is
the number reflecting the effect of the increase in risks, with which the projected value is multiplied on
the stress path. The values projected for the operational risk baseline are the same as the average value
calculated over the last three years.
The level of capital available to the institution is determined by the ability to accumulate capital
alongside the realisation of risks. The stress test shows the effect of the change in major revenue and
expense items. The P/L of the bank is seriously affected by the development of net interest income,
which is determined by the following factors and assumptions in the supervisory stress testing
framework. The basic assumption is that the interest rate rise for each quarter will take place in a single
step right at the beginning of the quarter and that level will remain unchanged until the start of the
following quarter. Assets and liabilities in the bank's books, as well as off-balance sheet items, are
classified into several categories and sub-categories in order to forecast the net interest income as
accurately as possible. The breakdown of asset and liability categories into fixed and floating rate parts,
as well as the calculation of the average repricing period, determines how quickly and at what intervals
the interest paid or received on a given portfolio should be changed based on the macro scenarios
applied to the different paths. In addition to loans denominated in foreign currency and forint categories
listed under credit risk, the stress test classifies deposits into corporate and retail, and foreign currency
and forint categories, while also distinguishing government securities and off-balance sheet items.
Deposits are the only product whose interest rate does not change with the rate of shift in the yield
curve. The rate of the shift is based on the MNB’s benchmark model, which predicts the evolution of the
interest rates of sight and term deposits due to its historical link to the yield curve. In addition, the stress
test takes into account the change in the ratio of term and sight deposits, which is also mainly
dependent on the evolution of the 3-month BUBOR. On the basis of the observation, the correlation
between the two variables is positive, so the proportion of term deposits in the total deposit portfolio
increases with the rise of interest rates, including under scenarios defined for the stress test. The sum of
the net interest income on the different paths is determined by reference to the value reported for the
last observed year, to which only the differences depending on the rate of change in interest calculated
for each year are added. As a combined result of these factors, in the case of a positive interest rate
shock net interest income may typically increase on the stress path improving the capital position of the
institution.
Of the remaining P/L items, the net fee and commission income in the baseline is at the level observed
in the last year under the model, while the average level observed in the most recent financial and
economic crisis on the stress path is slightly below the value recorded for the year as a result of adverse
economic effects. The development of operating costs is influenced by three main factors. One is the
balance sheet total, which may develop in a number of ways as a result of the introduction of the
dynamic balance sheet assumption. The level of wages may rise in the baseline, increasing operating
costs, while on the stress path by the average level observed in the crisis it falls slightly in the first year
and stagnates next. A higher operating profit adjusted for risk cost enables credit institutions to operate
at an increasing level of operating expenses, while a deteriorating profit will exert a slight downward
pressure on costs. Other costs and revenues included in the income statement are determined on an
expert basis by eliminating one-off items occurring in the actual year on both the primary and the stress
paths. The tax payable on the profits realised by the institutions is determined on the basis of the
current corporate tax rates. During the estimation phase of the stress test, individual potential
management actions (e.g. cost reduction) cannot be taken into account, but corrections that have
115
already been started or approved in a justified case at the conciliation stage may be applied to a
reasonable extent.
In the three-year forecast of credit risk RWA, the model assumes that Pillar 1 risk weights at the end of
the actual year used by the bank remain unchanged during both the stress and the baseline scenario.
The model also handles separately the loan portfolios covered by the different methods (IRB, STA), as
well as performing and non-performing exposures. The total RWA forecast values are shaped by credit
risk RWA as well as market and operational risk RWA, which change in line with the dynamic of the
balance sheet, the operating result and the historical experience.
Last but not least, a dynamic balance sheet also has an impact on the value of assets and liabilities
denominated in foreign currency, which will change in line with the predicted changes in FX rates. This is
also important in the sense that part of the equity held in foreign currency can also be repriced, which
will then change the Bank’s prevailing capital adequacy accordingly.
V.5 Determination of capital requirement
Under Pillar 2, the institution is required to determine to its best knowledge the level of capital
(economic capital) it needs to cover actual and potential risks. In the capital calculation process, all
material risks of the institution should be observed along with the impact of the risks on one another
(integrated risk management approach), as well as the ratio and quality of capital required for covering
the risks with regard to the legislative framework.
V.5.1 Differences concerning the degree of sophistication of applied methods
The level of sophistication of the method chosen by the institution may depend on the following:
 the size and complexity of the institution (based on the principle of proportionality, smaller
and simpler institutions are not expected to apply sophisticated and complicated capital
requirement calculation methods);
 the weight and relevance of the risk within the institution (an institution may apply very
simplistic approaches like capital cushions for negligible risks and sophisticated models to
material risks);
 available (especially intellectual) resources. The institution is expected to have a thorough
understanding of the approaches it applies. It should not employ models which it did not
have the capacity/time to learn adequately. (This point is closely related to the first one:
larger institutions usually have more resources at their disposal);
 the institution’s risk appetite. One definite expectation is that an institution which takes
larger risks should employ more sophisticated and more accurate methods than a risk-
averse institution – at least for material risks.
Therefore, depending on the complexity and risk appetite of the institution, various approaches can be
used for determining the capital requirement. Even in the simplest scenario, the required capital in Pillar
1 can be used as a starting point and it can be supplemented with capital allocated to risks not captured
(or not properly handled) in that pillar. This is actually a conservative margin. Even in this case, the
institution is required to provide evidence that Pillar 1 methods render a good approximation for the
risks handled therein and that other risks are negligible compared to these.
Institutions with a more complex risk profile may employ an internal model to determine the capital
requirement of all material risks, regardless of which pillar these risks belong to.
V.5.2 Potential differences between Pillar 1 and 2
The handling of the same (Pillar 1) risks may be different under Pillar 1 and 2. For Pillar 2 risk
management, the MNB considers it appropriate that institutions apply more sophisticated and more
advanced approaches compared to those in Pillar 1. For example, an institution may use a portfolio
116
model (e.g. Creditmetrics, Creditrisk+) in Pillar 2 instead of the portfolio-independent approach 95
employed in Pillar 1. Or, as is still frequently the case, it may identify market risks for internal purposes
with an internal model, while using a standardised approach in Pillar 1 (for the calculation of regulatory
capital requirements).
This freedom of choice does not only apply to the methods that serve the calculation of capital
requirement – it also means the freedom of selecting the approach and the risk metrics. Apart from
providing criteria on risk types that should be considered, neither CRD IV nor the CRR sets requirements
or provides recommendations on capital calculation methods under Pillar 2; indeed, they explicitly
emphasise methodological diversity. To a considerable extent, this is attributable to the need to ensure
that an institution which has been using capital requirement calculation methods that essentially
already comply with the new requirements (which tends to be the case with advanced institutions)
should not be forced to replace those methods solely because of the implementation of CRD IV and the
CRR. In line with the core philosophy of CRD IV and the CRR, however, this freedom has a price: the
institution must be able to demonstrate to the MNB’s satisfaction the correctness and validity of the
method it has chosen.
When calculating the adequate capital, usually the “going concern” or the “gone concern” principle is
used.
When the calculation is performed on a going concern basis, an amount of required capital will be
determined which enables the business to continue even when significant losses are suffered (thus this
principle reflects the viewpoint of owners and employees who have an interest in maintaining the
business). In these cases, typically an interim, alerting capital level is set as well. The drop of capital
below that limit is still not a direct threat to business continuity, yet it is a warning sign that only a slight
further decrease of capital is allowed and that actions are needed to avoid it.
The use of this approach requires more than just knowing the current situation. Some assumptions need
to be used (although usually very simple ones) to take into consideration the future course of business.
This thinking also involves the setting of a time horizon over which the institution wishes to guarantee
the continuity of its business. The reasonable length of this horizon is subject to factors such as the time
of resolving potential capital shortages or the rating period of credit rating institutions. Thus, this time
horizon can also be freely chosen theoretically, however usually a one-year period is used in practice,
due to various reasons. A differentiation is required between the holding period and the time horizon of
the capital requirement calculations (especially with portfolios that can be terminated quickly, e.g.
trading portfolios). The derivation of capital requirements for the latter requires further assumptions.
When the liquidation principle is used, the amount and composition of required capital will be
determined in such a way that ensures the fulfilment of all liabilities in the case of immediate liquidation
(this approach represents the viewpoint of bank deposit holders and creditors). Here it is sufficient to
know the current situation and time horizon is only mentioned as the time required for winding up the
positions which may differ significantly per asset type (e.g. the ten-day typical holding period for trading
portfolios and the one-year period applied to credit risks).
Concerning the extent of risk, it is increasingly common to use VAR and its more consistent variants
(expected shortfall, etc.) besides “traditional” distribution methods. VAR-type metrics require the
setting of a confidence level and it is an obvious expectation that this level should be identical for
different risk types (although in Pillar 1 different levels belong to credit and market risk).
If the institution chooses to use the going concern basis and VAR-type risk metrics, the capital
requirement has to be set in a way that it provides adequate coverage against potential risks for a
certain period and at a specific level of security. 96
95
This is one of the most important differences. In Pillar 1, it is not allowed to apply an internal model to credit risk which would also recognize
diversification effects.
96
This solution is the most common practice. The time horizon is typically 1 year but it can be longer in certain cases.
117
One may ask if a confidence level lower than that in Pillar 1 can be used for the calculation of economic
capital. During the ICAAP capital requirement calculations, the MNB expects the application of a 99.9%
confidence level. In the ICAAP, the institution may apply a confidence level which is different from that
in Pillar 1, but then the two results will not be comparable. The institution, however, needs to provide
for comparability, i.e. it must be able to demonstrate its capital requirement calculations for individual
risks also at the confidence levels defined in Pillar 1. 97 The application of a higher confidence level
reflects a more conservative approach and the MNB will accept it when performing the comparison to
Pillar 1.
Another question is whether different holding periods can be applied to specific risks. Different holding
periods are natural in the liquidation approach, because the termination time of individual portfolio
types is not identical (which also explains e.g. the differences in holding periods in Pillar 1).
It should be borne in mind that, while the institutions must be able to base their choice of methods on
appropriate arguments, they must also be able to demonstrate the relationship between their own
capital requirement calculation and Pillar 1 capital requirement. The more distant the approach used in
Pillar 2 is from its Pillar 1 counterpart, the more complex this task is. Accordingly, institutions are
expected to be able to justify any disparities in Pillar 1 and Pillar 2 definitions.
There should be no discrepancy between the two pillars regarding the definition and amount of own
funds, as the MNB will only accept, as of 1 January 2015, the own funds items defined as eligible in the
CRR as capital available for covering risks during the calculation of SREP capital adequacy 98.
V.5.3 Allocation of capital
In principle, except for the determination of the economic capital of group members, capital allocation is
not closely related to capital adequacy. In reality, however, it controls capital requirement calculations
through the breakdown and assignment, at the level of organisational units and exposures, of capital
that has been determined and aggregated in other ways. If allocation is linked to performance
measurement or pricing, it suggests that the institution takes the capital requirement calculation
seriously and applies it in its day-to-day operations (use test). The MNB regards this circumstance a
material criterion for its judgment on the reality and reliability of capital requirement calculations. 99
V.5.4 Determining the required capital after the supervisory review
After the supervisory review process, the MNB determines the required capital of the institution. During
this process, the MNB:
 determines additional own funds requirements, subject to the Pillar 1+ approach in
determining Pillar 2 capital requirements;
 establishes harmony between the additional own funds requirements, mandatory capital
buffers and any macroprudential regulations that may have to be considered;
 defines and communicates the total SREP capital requirement (TSCR), the SREP capital
requirement ratio and the overall capital requirement (OCR);
 assesses whether the prescribed total SREP capital requirement and the overall capital
requirement are expected to be sufficient, under both normal and stressed conditions.
V.5.4.1 Determination of additional own funds requirements

The MNB determines additional own funds requirements in order to ensure that at the institution they
cover:
97
The confidence levels required in Pillar 1 are more compliant with the stricter liquidation approach
98
The MNB's expectation is in line with the EBA SREP Guidelines
99
We found at several institutions that although allocation for the purpose of performance measurement and pricing exists, this allocation does
not encompass Pillar 2 capital (but typically Pillar 1 instruments). If so, the MNB will be led to assume that the institution’s Pillar 2 capital
requirement calculations are rudimentary and lack internal acceptance.
118
 unexpected losses arising over the next 12 months and the difference between the
calculated expected loss and the provisions made (shortfall),
 any risks arising from model deficiencies that result from an underestimation of the various
risks measured by the models;
 any potential risks not covered or insufficiently covered by the methods applied in Pillar 1;
 any risks arising from governance and control functions or other deficiencies.
The additional own funds requirements determined by the MNB in order to cover unexpected risks must
be met by institutions on a continuous basis, typically until the closure of the next supervisory review.
The MNB determines additional own funds requirements on a risk-by-risk basis. Besides the institution’s
ICAAP calculations, for this exercise, the MNB relies on the results of supervisory benchmark calculations
and any additional information available. When determining additional own funds requirements, the
MNB will base its calculation on the ICAAP, provided that it has found it acceptable, adjusting it, to the
necessary extent, on the basis of supervisory benchmark calculations and other relevant information. If
the MNB does not deem the ICAAP calculations reliable, it will use supervisory benchmark calculations
as a starting point and modify them on the basis of relevant inputs when necessary.
The MNB assesses the reliability of ICAAP calculations according to the following aspects:
 adequate granularity: the methods and procedures applied should be suitable for calculating
not only aggregated risk but also individual risk types;
 credibility: the methods and calculations applied should be suitable for the measurement
and assessment of the specific risk and should be based on adequate models and
conservative assumptions;
 soundness, clarity: the basis of the applied methods and calculations must be determined
precisely; “black box” is not acceptable as a calculation method. At supervisory request,
institutions should be able to indicate the areas where the applied models proved to be
imprecise or erroneous and explain how this will be considered during the ICAAP calculation;
 comparability: the holding period, risk horizon and confidence level used for the ICAAP
calculation should be comparable to the relevant variables of similar institutions and to
supervisory benchmark estimates.
During the calculation of the Pillar 2 capital requirement MNB applies the Pillar 1+ approach, wherein it
regards the regulatory capital requirement as the minimum capital level on a risk-by-risk basis, and no
longer accepts, for the coverage of additional own funds requirements, the regulatory capital required
to cover the risks under Article 92 of CRR either for individual risk types, or at the level of the total
capital requirement. The Pillar 1+ approach is to be applied both in the main risk categories (credit risk,
operational risk, market risk) and in individual sub-categories of risk. Obviously, the latter should only be
construed for risk categories managed in Pillar 1 (e.g. counterparty risk, CVA, settlement risk, trading
book and foreign exchange risk). Consequently, where an institution sets a lower Pillar 2 capital
requirement than that under Pillar 1, the MNB will set the SREP capital requirement at the Pillar 1 level
(unless additional own funds requirements are determined for other reasons, resulting in an SREP
capital requirement that already exceeds the Pillar 1 capital requirement).
In Pillar 2, the lower capital requirement set by the institution is due to the methodological difference
between the two pillars and the diversification effect within the risk. In accordance with the provisions
of Article 98(1)(f) of CRD IV, within all major risk categories the MNB assesses whether the
diversification effect in the capital requirement calculation should be taken into account; however, even
when the diversification effect is taken into consideration the the capital requirement calculated for the
given risk must not be below the minimum regulatory capital requirement defined in Article 92 of CRR.
119
According to the EBA SREP Guidelines the diversification effect between the risks must not be taken into
account when calculating the Pillar 2 capital requirement. Thus, for example, the diversification effect
between banking book and trading book risk cannot be recognised.
The MNB determines additional own funds requirements in order to ensure that they adequately cover
all relevant risks. If the additional own funds requirements calculated by the MNB differ significantly
from the result of the institution’s ICAAP calculation, the MNB will provide a justification for the result of
its calculation, and will discuss it with the institution as part of a dialogue. If the MNB only considers
aspects that are not uniquely specific to the institution, it shall apply its methodology on a consistent
basis to ensure consistency between the institutions.
V.5.4.2 SREP capital requirement (TSCR)

Based on the Pillar 1+ method, the MNB determines total SREP capital requirement (TSCR) as the sum
of the following items:
 sum of minimum own funds requirements as set out in Article 92 of the CRR
 and the additional own funds requirements established under the SREP and, if necessary, the
additional capital requirement to cover significant concentrations of different types of risk.
The MNB determines the total SREP capital requirement as a percentage of the total risk exposure
amount (TREA).
In determining additional own funds requirements, the MNB follows the EBA SREP Guideline, which
prescribes the application of the ratios applicable to regulatory capital requirements under Pillar 1 for
the imposition of SREP capital requirements. Accordingly, the TSCR is composed as follows:
CET 1 capital ratio: minimum 56.25% (4.5/8) of TSCR,
T1 capital ratio: minimum 75% (6/8) of TSCR,
T2 capital ratio: maximum 25% (2/8) of TSCR.
In the letter closing the SREP, the MNB identifies for each individual institution the items to be used to
meet the capital requirement, and may articulate stricter expectations than the ratios defined under
Pillar 1 as appropriate. The institution may also meet the capital requirements set by the MNB with
higher quality capital than required, i.e. the T2 capital requirement may be met with CET1 and T1
capital, and the T1 capital requirement with CET1 capital. The MNB may also prescribe the composition
of the additional regulatory capital that should be used to cover specific risk types. As of 1 January 2015,
the MNB may only consider items and instruments deemed eligible by the CRR for the determination of
own funds in the calculation of the total SREP capital requirement.
The MNB ensures consistency in setting additional own funds requirements and communicating them to
the institution and, where relevant, to other supervisory authorities. The communication toward an
institution must include at least the SREP capital requirement as a percentage of the TREA, broken down
in terms of the composition of the requirement and on a risk-by-risk basis.
V.5.4.3 Total SREP capital requirement ratio

The total SREP capital requirement ratio is calculated on the basis of the total SREP capital requirement
and the total risk exposure amount, according to the following formula:
%∗TSCR∗12.5
TSCR ratio=8
TREA
120
In exceptional cases, the MNB is entitled to deviate from the calculation methodology presented above
in order to prevent the additional capital requirement from dropping below a pre-determined level.
Example
Supervisory additional own funds requirements are established at 137.5% of Pillar 1 (TSCR = 11%), which
is a capital requirement of +3% for TREA.
The regulatory capital of the institution is 100, its CET1 capital is 70, and its T1 capital is 85.
Its total risk exposure is 1000, overall capital requirement under Pillar 1 is 80 (1000*8%), and its total
Pillar 1 capital adequacy ratio: 100/1000=10%
Amount of the supervisory additional own funds requirement: 80*0.375=30
TSCR is 11% of TREA, to be broken down as follows:
CET1 part: minimum 6.1875% (11%*56.25%), amounting to 61.875 (1000 * 6.1875%),
T1 part: minimum 8.25% (11% * 75%), amounting to 82.5 (1000 * 8.25%),
T2 percentage: maximum 2.75% (11% * 25%), amounting to 27.5 (1000 * 2.75%)
V.5.4.4 Combined capital buffer requirement

In addition to the SREP Capital Requirement, other than the mandatory capital conservation buffer,
additional macroprudential capital buffers may also be required for the institution in question, of the
following types:
 Countercyclical capital buffer
The MNB is the authority designated to determine the Hungarian countercyclical capital buffer
rate. On a quarterly basis, the MNB sets the benchmark countercyclical capital buffer rate as
the basis for determining the countercyclical capital buffer rate for Hungarian exposures and
publishes its methodology in a communication. The applicable countercyclical capital buffer
rates are available on the MNB's website and updated quarterly according to the dates of
Financial Stability Board (PST) decisions. Institutions must maintain institution-specific
countercyclical capital buffers.
 Capital buffer for systemically important institutions
The legal status of globally and other systemically important institutions, as well as the
prudential rules applicable to them, are governed by the regulatory framework of CRD IV
(Credit Institutions Act). To identify other systemically important credit institutions in the
European Union uniform principles are applied and it is carried out in accordance with EBA
guidelines (EBA/GL/2014/10). The list of institutions identified by the MNB as systemically
important as well as the extent of the related capital buffer requirement and the timing of the
introduction are available on the MNB's website. The MNB will adopt specific decisions to
notify individual institutions about the extent of the capital buffers to be maintained.
 Systemic risk buffer
Under the CRD IV, in the exercise of national discretion, national authorities in each Member
State may require the credit institution sector or one or more subgroups of the sector to set up
a systemic risk buffer in addition to minimum capital requirements. This is possible where
there is a need to prevent or reduce non-cyclical systemic risks or increase the resilience of the
financial intermediary system. The MNB will inform the institutions about the systemic risk
capital buffer to be introduced by publising it on its website. The MNB will adopt specific
121
decisions to notify the institutions concerned about the extent of the capital buffers to be
maintained.
All of the capital buffers listed above (including the capital conservation buffer) must be provided by the
institution with the highest quality (CET1) capital in addition to the regulatory minimum and the
additional own funds requirement set in the supervisory review.
Within the meaning of Article 93 of the Credit Institutions Act, the combined buffer requirement is to be
calculated by aggregating the capital conservation buffer, the institution-specific countercyclical capital
buffer requirement, the capital buffer requirement for globally systemically important and other
systemically relevant credit institutions, and the systemic risk capital buffer requirement. Under the
rules of aggregation, the higher of the capital buffer requirement for systemically important and other
systemically important credit institutions, and the systemic risk capital buffer requirement, is to be
applied unless the systemic risk capital buffer requirement applies only to Hungarian exposures.
V.5.4.5 Overall capital requirement (OCR)

Overall capital requirement includes the minimum regulatory capital requirement, the additional own
funds requirements imposed as a result of the supervisory review process, the capital conservation
buffer, and the macroprudential capital buffers listed above.
The overall capital requirement (OCR) is calculated as follows:
OCR = TSCR + combined buffer requirement
In consideration of the provisions of the CRR, the MNB also prescribes the required composition of the
overall capital requirement (OCR):
minimum X% in Common Equity Tier 1 capital (CET1);
minimum X% in Tier 1 capital (T1).
V.5.4.6 Pillar 2 capital guidance (P2G)

In line with EBA’s expectation, the MNB introduces a new Capital Guidance (P2G) from 2019 on the
capital adequacy of Hungarian credit institutions. Capital Guidance is a supervisory recommendation for
maintaining additional capital over SREP capital requirement (TSCR) and the combined buffer
requirement. Since the recommendation does not qualify as a capital requirement, there is no direct
sanction in cases where an institution's capital level falls below the minimum level set by the supervisory
authority in the framework of Capital Guidance but does not violate the capital buffers (OCR);
nevertheless, intensive supervisory dialogue will be initiated in such cases. Institutions must use items of
Common Equity Tier 1 capital (CET1) to cover P2G.
122
VI. Components and supervisory review of ILAAP
VI.1 The institution’s internal assessment of liquidity and funding risks
Liquidity is the institution’s ability to finance the growth of its assets and meet its maturing obligations
without incurring significant and unexpected losses. Liquidity risk is embodied in long-term lending from
short-term liabilities (maturity transformation carried out for the sake of profitability), mass
disinvestment before maturity, the renewability of funds, changes in funding costs, environmental
effects and the uncertainty of the behaviour of other market participants.
Liquidity risk in the broad sense may appear in a variety of specific forms. This includes the risk of short-
term liquidity and long-term funding risk, currency mismatch between outflows and liquidity buffers,
rollover risk, concentration of funds, etc. Funds may also be concentrated in terms of customer, sector,
geographic region, transaction, maturity, etc. There are specific regulatory constraints on several
liquidity risks, but the institution is expected to produce its own risk inventory, which should also cover
liquidity risks not covered by the legislation. In addition, the institution must assess the individual risks
according to its own business model and, if necessary, set internal limits that are additional to or more
stringent than the legislation. The institution should take into account the fact that different types of
reserves needed to cover each risk, with limited compatibility.
Institutions are required to manage liquidity risks effectively. To this end, institutions must have an
adequate liquidity risk management framework in place and apply effective risk mitigation techniques
which provide them with appropriate liquidity and include a buffer (additional reserves) for covering
unexpected market shocks.
The following considerations should be observed regarding this framework:
 The institution should clearly determine the level of liquidity risk which it can tolerate with
regard to its business model and market position.
 The executive management of the institution should elaborate a strategy (and regulation
guidelines) which keeps liquidity risk under the identified critical level and provides the
institution with adequate liquidity. This strategy (and guidelines) must be reviewed at least
once per year. The decision on approval and modifications must be made by executive
management or a competent body (ALCO), which should also submit a report to the board.
 The institution’s executive management or competent body should incorporate liquidity
costs, revenues and risk into internal pricing.
 The institution must have a reliable system, indicators, key risk indicators (KRI) and relating
limits in place for identifying, measuring, monitoring and controlling liquidity risks. In the
course of risk identification, the institution must specify the liquidity risk elements which
appear in its operations. This system is expected to be capable of taking into consideration
the cash flows that derive from assets, liabilities and off-balance sheet items within one year
according to the contract.
 The institution must establish and apply its own early warning indicators (EWI), which allow
the institution to forecast the intensifying liquidity risks.
 The institution must monitor and oversee its liquidity risk exposures and funding needs,
taking into consideration all applicable legal, regulatory and operational limits that relate to
the accessibility and transferability of liquid assets.
 In order to manage liquidity concentration risks, institutions are expected to gain a thorough
understanding of their assets and liabilities structure. Taking into consideration the nature
of their business activities, they should identify the sources of concentration risks and take
123
adequate measures to eliminate these sources. It is important that the related analyses also
consider off-balance sheet items.
 The institution’s risk management system must be capable of efficiently diversifying
liabilities based on funding terms and must help the diversification of funding resources. The
institution should monitor funding concentrations (in particular customer-level
concentrations for deposits reaching 2.5% of total deposits). Furthermore, the institution
must assess regularly how quickly it can renew the various liabilities. It must identify and
monitor factors which impact the availability and cost of various funding opportunities.
 Institutions that also hold foreign exchange accounts are expected to manage and plan
liquidity per currency type. The risk management framework must assess and observe the
liquidity impacts of off-balance sheet hedge deals, especially in respect of the deterioration
of the forint exchange rates and the potential operating failures of swap markets.
 The distribution of work within the group is a requirement concerning the liquidity
management system of group member institutions and so is the clear specification of
mandates and responsibilities. The rules must set out the liabilities and obligations of the
governing institution to the governed institutions along with the liquidity management
responsibilities and duties delegated to governed institutions.
 The institution must actively manage its intraday liquidity positions and risks and must
operate suitable payment and settlement systems for this purpose.
 The institution should assess its liquidity risks associated with the operation of the
Hungarian RTGS Instant Payment System outside business hours and create an appropriate
buffer (e.g. on-call duty procedures, action chain) to cover these risks in order to ensure that
potential problems are identified and the contingency plan is activated as soon as possible.
 During the use of stress tests that have been elaborated with a view to regularly run
institution-specific and market scenarios, the institution must identify potentially liquid
assets and ensure that actual exposures remain under the threshold set by the institution
itself. Institutions are expected, as a minimum, to use a one-month survival period in stress
testing and are advised to pay special attention to the first one-week period. At the same
time, it is important to stretch the stress tests to the date from which the institution is no
longer to able cover net outflows with liquid assets (time-to-wall). The results of stress tests
must be taken into account in liquidity management processes, in the risk management
strategy and policy, in the contingency plan 100, in the size of the necessary liquidity buffer
and potentially in the capital requirement.
 The institution must have a compliant contingency plan in respect of the liquidity crisis,
which specifies the steps to be performed in case of an unexpected emergency in order to
maintain liquidity. The timeliness of the contingency plan must be tested every year in
respect of responsible parties, tasks, reporting and contact. The plans should also cover the
new risks associated with the launch of the Instant Payment System.
 Using high quality liquid assets, the institution must set up a liquidity buffer preparing for
situations predicted in the stress scenarios. The institution must specify the range of assets
to be taken into account as liquidity buffer and rank them by liquidity in an internal
regulation. The creation of a liquidity buffer shall not substitute either careful preparation
for stress situations or any other measures that serve to manage funding gaps and
resources.
 The institution should put in place and maintain a suitable information system and database
able to support the other processes (identification and management of risks, reporting etc.).
100
Contingency Plan, Emergency or Business Continuity Plan – legislative provisions use a variety of terms.
124
 Institutions should use the following measurement and modelling methods proportionate to
their sizes and risks in order to quantify the various liquidity risks.
o The modelled areas should include 1) identifying the exposures not clearly defined in
legislation (e.g. defining operational deposits and the operational balance in the LCR), 2)
defining the factors for which the legislation only stated the minimum and maximum
applicable factors (e.g. deposits with higher outflow rates in the LCR) and back-testing
compliance with legally stipulated factors, 3) carrying out the modelling that carries no
consequences but is required by legislation (deposit/loan/credit facility run-off in the
Maturity Matching table), 4) modelling based on factors other than legislative
requirements (e.g. stress testing, recovery plan).
o Wherever applicable, the baseline scenario and a number of different stressed scenarios
should be modelled.
o Instead of aggregate figures (general ledger, transaction type totals), the calculations
should be preferably based on individual transactions.
o Wherever applicable, the maximum outflow rather than the outflows of a 30 day fixed
time window should be taken into account. Furthermore, wherever applicable, the start
date of the periods under review should also be considered as variable (e.g. salary
transfers at the start of the month may result in an underestimation of the maximum
outflow of retail deposits if the bank compares the change consistently to the end of the
preceding month)
 The ability to generate the LCR on a daily basis. Efforts should be made to ensure that the
value incorporates as few estimates as possible.
Information must be disclosed regularly by the institution to enable market players to assess its liquidity
position and liquidity risk management system.
The institution can analyse the expected changes in its liquidity position by comparing the timing
(maturity match) of its receivables and payables. It can perform a so-called static analysis which relies on
the assumption that payables and receivables will be realized in line with the related contracts (no new
loans provided and no new deposits are placed). The other option is a so-called dynamic analysis which
assumes the renewal of portfolios. Analyses should cover both normal business operations and liquidity
stress scenarios.
The limit system and the specific limit values are important elements of the liquidity management
system. The MNB expect the institutions to specify in their liquidity risk management rules the limits and
the procedures to follow in case of limit violations, and to prepare a report on limit utilisation. The latter
must contain the decision of the organisational unit in charge on the elimination of possible limit
violations. Limit values must be reviewed at least annually.
Compliance with the limits defined in legislation is expected at all times. This means compliance on a
daily basis even if reporting regulations and decrees impose a less frequent reporting obligation;
institutions are expected to comply at a time of lower stresses as well. In the event of appropriate over-
performance and the indicator’s stability, it is not necessary to monitor the indicator in the periods
between official reports.
In case the institution takes liquidity risk or certain elements thereof into consideration under another
risk type, the MNB requires the declaration of this in the relevant rules. The rules on the risk concerned
must include a detailed description of the measurement/management of liquidity risks
125
VI.2 Supervisory liquidity adequacy assessment process
VI.2.1 Comprehensive assessment of liquidity and financing risks

Following the unravelling of the crisis, a significant amount of attention focused on credit institutions’
intraday, short-term and medium-term liquidity, and the sustainability of the institutions’ long-term
funding. The issue of liquidity is addressed in detail in the Basel III regulatory framework (coming into
effect on a gradual basis), in the CRD IV and, in particular, in the CRR and its supplements, as well as the
various EBA Guidelines.
From the perspective of supervisory authorities, the monitoring of liquidity risks play a particularly
important role in the analysis of financial stability risks at the microprudential and macroprudential
level. The primary reason for this is the fact that the liquidity shocks sustained by individual financial
institutions may spill over, through various channels of contagion, not only to another credit institution,
but also to the financial system as a whole, undermining its stability. These external effects, as well as
excessive reliance on certain markets, resource types and counterparties by similar institutions' funding
and risk management profiles, generate additional risks that justify additional requirements compared
to individual institutional risk management. (For example, it does not necessarily pose risk buying
government securities from unstable funds at the individual level, but withdrawal of funds from several
such institutions, the selling pressure on government securities may already cause systemic disruptions.)
The basic activity of institutions is focused on cash flow transformation as a result of which they are
inherently exposed to liquidity and financing risks. For this reason, as a rule, the MNB regards liquidity
and financing risks as material risks, which are to be mandatorily managed under Pillar 2. Furthermore,
the MNB expects institutions to continuously diversifying the liability portfolio and to actively manage
their dependence on funding.
The MNB expects institutions to be fully aware of the documents referred to above and of essential
regulatory changes as well as to adjust themselves to them particularly with regard to the Basel III
liquidity indicators.
In the framework of the supervisory review process, the MNB shall assess
 the inherent liquidity risk of the institution,
 the inherent funding risk,
 the management and treatment of liquidity and funding risks, and
 the institution’s assessment of its risk factors relevant to liquidity and the extent to which it
succeeded, based on the factors identified, in addressing the related risk exposures reliably.
Upon evaluating the inherent liquidity risk, the MNB shall
 assess the institution’s short-term and medium-term liquidity risk. In this context, it reviews
the institution’s maturity liquidity balance, including contractual maturity gaps and their
concentration, broken down by currency, the going concern liquidity balance and gaps;
moreover, it examines money market dependency, with special regard to short-term parent
bank funding;
 reviews the institution’s own stress test, uncovered liquidity, drawdown-related liquidity risk
and survival period (time to wall survival analyses);
 evaluates the results of the supervisory liquidity stress test 101;
101
In accordance with EU standards (Article 100 of the CRD), supervisory authorities are required to run various stress tests on a regular basis.
Supervisory liquidity stress tests enable the MNB to judge the liquidity risk of individual institutions under uniform circumstances across various
time horizons and stress scenarios, to obtain additional information compared to the institutions’ own internal stress tests, to identify and
measure special liquidity risk areas and to receive assistance for the assessment of the general and relative (as compared to other institutions)
liquidity risks of individual institutions.
126
 assess the level of excess liquidity; the quantity and quality of the liquidity buffer and the
counterbalancing capacity, including transferable assets and transferable assets that are of
extremely high / high liquidity and credit quality, the related market liquidity risks; and the
institution’s liquidity coverage ratio (LCR) with the relevant calculations and their analysis.
Upon evaluating the inherent funding risk, the MNB shall
 review the funding profile of the institution along with funding structure and concentration
and its development over time, in consideration of the size, share and structure of parent
bank funding and the possibilities of accessing funds from money and capital markets,
 assess the stability and sustainability of the institution’s funding and FX maturity
transformation with the FFAR (DMM)102 and NSFR103 indicators,
 evaluate the financing plan along with the related structural gaps based on the business
model of the institution.
With a view to managing and addressing liquidity and funding risks, the MNB shall
 review, based on the business model available, the liquidity strategy and risk appetite of the
institution together with the relevant regulatory and internal limits and targets;
 judge the management of intraday liquidity risks, in the context of which it reviews the
management of daily liquidity positions broken down by foreign currency, the execution of
IG1104 and IG2 payment transactions together with the related coverage, as well as the
process of meeting the central bank requirement in respect of mandatory reserves;
 assess the institution’s risk management processes and control points, the adequacy of
compliance with regulatory limits, the institution’s internal indicator and limit system, key
indicators, early warning indicators, internal and external reports;
 examine the risk management processes: 1) monitoring within the month, 2) indicator
forecasting (e.g. loan disbursements, liaising with holders of large deposits), 3) proven and
fast mechanisms to increase the buffer (e.g. credit facility from parent bank) 105,
 evaluate the Liquidity Contingency Plan (LCP).
VI.2.2 Additional Requirements due to risk management deficiencies

Liquidity and funding risks are risk types typically not covered by capital, institutions managing such risks
by processes, limits, the diversification of their liabilities and by liquidity buffers. In the event of a
significant level of liquidity and funding risks and in case of deficiencies in the risk management systems,
procedures, indicators and their limits and the measurement thereof, the MNB – keeping in mind the
principle of proportionality and in addition to prescribing measures designed to improve risk
management procedures – may require to hold additional liquidity in order to ensure the proper
liquidity coverage.
For the purposes of determining specific liquidity requirements, pursuant to Section 181 of the Credit
Institutions Act, the MNB must take into account:
 the business model of the credit institution,
102
foreign exchange funding adequacy ratio
103
net stable funding ratio
104
Intergiro
105
The MNB believes that, as a general rule, 20 percent over-performance is necessary to qualify as ‘compliance at all times’ with the
requirements. Deviations from the above are nevertheless possible; with the MFAR, for example, an accurately predictable numerator
(mortgage bonds and refinancing loans) and a robust denominator (mortgage loans) result in a stable indicator, where a smaller buffer is also
sufficient. If the buffer is below 20 percent, the MNB will prioritise the inspection of the aforementioned risk management processes.
127
 the arrangements, processes and mechanisms referred to in Section 108(5)(f) of the Credit
Institutions Act, and their adequacy,
 the outcome of the supervisory review and evaluation, and
 systemic liquidity risks threatening Hungary
In respect of the level of additional liquidity, the MNB may prescribe:
 compliance with the minimum level of freely available liquid assets of adequate quantity
and quality (composition),
 compliance with liquidity indicators above the regulatory limit,
 a level of balancing capacity that ensures a prescribed minimum survival period,
 the level of maximum cash outflow (MCO106) for a specific period,
 a minimum liquid asset quantity best fitting the institution’s business model, aligned to the
liquidity benchmark of the supervisory authority.
Since the business models and liquidity risk profiles of institutions differ from one another, the MNB
should always apply the best benchmarks available, or it may revalue the benchmark used based on the
characteristics of the business model.
VI.2.3 Key aspects of calculating Pillar 1 requirements
Risk management or reporting deficiencies, identified based on supervisory experience, that led to the
underestimation of risks in several institutions. These topics are considered to be a priority in the
following reviews. By publishing them (Annex 10, “Priority Areas of the ILAAP Review”), the Supervisory
Authority helps the institutions to interpret legal requirements accurately. Institutions are expected to
review their practices for these portfolios.
VI.2.4 Portfolios that are risky in terms of liquidity
Although the institution is expected to produce its own risk list and manage the risks identified, the
Supervisory Authority will, on the basis of its experience, compile a comprehensive inventory of the risks
arising in multiple institutions. The list may vary depending on market trends, so the supervisor reviews
this annually and publishes it in an appendix to the Manual (Appendix 11: Information on unstable funds
that are prioritised in the context of the supervisory review process and on the related liquidity
requirements). In order to disseminate good practices and ensure a level playing field, the Supervisory
Authority will seek to provide methodological assistance regarding the level of additional buffers an
institution is expected to create for specific indicators. The institution is also expected to assess these
and, where the need is indicated by its own risk assessment, to set buffers at a higher level than the
legislation or this manual.
VI.2.5 Calculation and compliance with Pillar 2 liquidity requirements
The appendix on unstable funds indicates the indicator relative to which the buffer required for the
management of specific risks represents an add-on, the methodology of nominal determination, and the
form of compliance. There is a significant potential of volatility due to the nature of the liquidity risk. For
example, the inflow of unstable funds increases the risk, which will subsequently decrease following the
outflow of such funds. Therefore, it is not feasible for the Supervisory Authority to establish the
additional requirements from time to time at specific amounts. Consequently, in the case of rapidly
changing risks, the Supervisory Authority will only provide the methodology, and the institution will be
obliged to adjust its reserves to the changing liquidity risks.
Depending on the nature of the risk, the determination may:
106
MCO = maximum cash outflow
128
 concern a variety of indicators107, including risks that are not captured;
 be quantified as a nominal or percentage value, or a prescribed higher level;
 relate to a pre-established and regularly reviewed time horizon, or based on methodology or varied
on a monthly basis.
The Supervisory Authority monitors the fulfilment of requirements regarding additional own funds
primarily through ILAAP reviews, both in terms of determination and actual compliance. The Supervisory
Authority seeks to formulate additional requirements in a form verifiable through ongoing supervision.
In the current regular reporting 108, only additional requirements related to LCR regulation are reported
in Table C_76.00.
VII. Business model analysis
I. Business model analysis
As part of the SREP, the MNB can evaluate the strategy and business model of supervised institutions in
parallel with the ICAAP supervisory review process 109. The purpose of the regular business model
analysis is to assess business and strategic risks and to determine and judge the following:
– the viability of the institution's current business model on the basis of the institution's
ability to generate an acceptable income over the next 12 months; and
– the sustainability of the institution's strategy on the basis of the institution's ability to
generate an acceptable income over a period of at least 3 years, in the light of an
assessment of the institution's strategic plans and financial forecasts.
Conducting a business model analysis allows the MNB to refine its supervisory strategy and priorities,
and to detect risks at an early stage and take the necessary steps. The results of the business model
analysis are used by the MNB to evaluate all other elements of the SREP assessment and to support
those evaluations. Based on the results of the business model analysis, in justified cases – if the viability
of the business model of the institution or the sustainability of its strategy is not or not adequately
supported – the MNB may deem it necessary to impose additional capital requirements and other
requirements related to develop business model, manage business and strategic risks may also need to
be defined.
In the whole process of business model analysis, the MNB primarily seeks answers to four essential
questions:
1. How is the institution generating profits at the moment?
2. What are the main factors influencing the profit?
3. How is the institution planning to make a profit in the future?
4. How will the main factors affecting profitability change and what are the drivers of
change?
The process of business model analysis consists of the following seven major steps.
(1) Business environment assessment. The business environment is a key factor for the
implementation of the institutions' strategy. During the evaluation, the MNB focuses primarily on the
107
While most of the additional capital requirements determined under ICAAP concern equity and are additive, for the purposes of ILAAP this
option is limited, e.g. it is not possible for LCR capital requirements to be combined with those for FFAR (DMM). In addition, a risk can be
managed in several ways, e.g. through the assignment of a larger outflow in LCR, and a lower ASF multiplier in NSFR.
108
February 2019.
109
The business model is the set of methods, tools, and structures through which the institution operates, generates profits and increases.
129
economic environment, the regulatory environment, the competitive situation, and market trends
affecting the operation of the institution.
The main focus for the MNB in this respect is the identification and analysis of key macroeconomic
variables affecting operations currently or in the future, the competitive environment and its expected
development in view of the activities of the members of the peer group, and market trends with
potential impact on the performance and profitability of the institution (regulatory, technical,
technological, social, demographic, etc. trends).
(2) Quantitative analysis of the business model. The MNB carries out an analysis of institutions’ main
financial and accounting statements, including an assessment of their financial performance relative to
their announced and observed risk appetite.
In doing so, the MNB assesses, in particular, the institution's income statement, balance sheet, its
structure, the concentrations shown therein, the regulatory capital, and the trends in their changes, the
underlying trends, the risk appetite of the institution, the related limits and the appropriateness of limit
management.
(3) Qualitative analysis of the business model. The MNB examines the factors affecting the effective
functioning of institutions and the main external and internal dependencies, as well as the quality of the
relationship with customers, business counterparties, suppliers, and areas where the institution has a
competitive advantage over similar institutions.
(4) Evaluation of the strategy and financial plans. During the assessment of institutions’ strategic plan
and financial forecasts, the MNB reviews the assumptions used, and forms a comprehensive view about
the feasibility and riskiness of the business model.
In particular, the MNB assesses especially the overall strategy of the institution, the main quantitative
and qualitative corporate governance objectives, examines financial performance forecasts, identifies
the success factors for the implementation of the strategic and financial plan, examines the realism and
consistency of the assumptions behind the institution's strategy and forecasts, and the institution's
ability to implement on the basis of how the management has previously adapted to the strategy and
forecasts, and how the complexity and aspirations of the developed strategy relate to the current
business model of the institution.
(5) Creating a forward-looking capital plan: As a first step, the MNB creates a forecast of the revenues
and costs of an institution using the databases and sets of detailed records about the institution. The
forecast of the baseline scenario is produced in line with the expected changes in the macroeconomic
and legislative environment and also takes into account the expected results of key management actions
on both the cost and the revenue sides. In the second step of its calculation, the MNB produces the
institution’s capital plan in the light of its forecasted profitability; and then compares the capital plan to
the level of, and expected changes in, the capital requirement. In this analysis the MNB always
complements the outcomes of the quantitative model with the qualitative information obtained from
analysing the bank’s strategy; among other things, it analyses in detail the capital impacts of the
dividends policy, IT investment and management actions (branch and labour rationalisation, NPL
disposal etc.). It also looks at bank-specific factors that could not be identified by an analysis of historical
time series. These include especially, but not exclusively, an assessment of the impact of portfolio
purchases on capital and the impact of mergers and acquisitions on profit.
(6) Establishment of the MNB’s view. Based on the analysis of the business model implemented, on the
evaluation of the forward-looking strategy and financial plans, and on the Central Bank's own
expectations and forecasts, the MNB forms a view on the feasibility of the institution’s future business
model, the sustainability of its strategy, and its vulnerabilities (including in particular poor expected
financial performance, reliance on an unrealistic strategy, excessive concentrations or volatility,
excessive risk-taking, funding structure concerns, and/or significant external threats).
130
In assessing the viability of the business model, the MNB focuses primarily on the institution's ability to
generate an acceptable income over the next 12 months, taking into account the factors mentioned
above, and whether, in view of the current and the forecast capital requirement, the institution will be
able to maintain the level of capital required for stable operations without raising additional capital
externally. In particular, the MNB examines whether the business model generates a return above the
cost of capital on the basis of a comparison of the return on equity and the cost of capital, whether the
funding and funding structure of the institution are appropriate for the business model and strategy,
and whether the institution's business model and strategy relies, in general or in terms of individual
risks, on appropriate risk appetite in order to achieve acceptable returns.
In terms of assessing the sustainability of the strategy, the MNB primarily examines whether the
institution is able to generate reasonable returns on a future period of at least 3 years, based on plans
and forecasts, including the supervisory assessment of the business environment. In that context, the
MNB assesses in particular the extent to which the institution’s assumptions and financial performance
forecasts may be considered realistic, and the MNB will form a view on the effects of the business
environment on the institution’s financial performance forecasts. In addition, the MNB assesses the risk
level of the institution's strategy (complexity and objectives of the strategy relative to the current
business model) and the consequent probability of success based on the institution's ability to
implement it.
Based on the above assessment, the MNB develops a comprehensive opinion on the viability of the
business model and the sustainability of the strategy.
(7) Determination of supervisory measures. Depending on the objective and focus of the investigation
and the result of the business model analysis, the MNB determines, as required, the supervisory
measures concerning the management of the risks identified.
131
II. Supervisory expectations for the internal capital requirement calculation and liquidity adequacy
assessment of small institutions, and the applicable supervisory review and evaluation process
II.1 Application of the principle of proportionality
The principle of proportionality is a key consideration of any supervisory review. Supervisory

expectations concerning the ICAAP and ILAAP depend on the
 nature,
 scale,
 complexity
 and, naturally, the risk exposure of the institution’s activities.
Thus proportionality is a relative term and results from the review of multiple factors as listed above. It
should be noted that the principle of proportionality applies to all institutions that are subject to the
CRD IV, which means that both the depth of the supervisory review and evaluation process (SREP) and
the intensity of the dialogue with the institution will vary according to the above factors. During the
SREP, so-called small institutions should be mentioned and differentiated.
II.2 Definition of small institutions
An institution should be considered small if it meets the majority of the following criteria:
 its activities are non-complex and focus on a limited product range,
 it has a relatively small market share,
 it does not use any advanced methods which are approved by the MNB to calculate the
capital requirement of credit, operation or market risk,
 it mainly operates in the territory of Hungary and does not have any significant cross-border
activities,
 it describes itself as a small institution in its own assessment.
The final decision is taken by the MNB as to whether an institution can be treated as a small institution.
Concerning the elaboration of the ICAAP and ILAAP at small institutions, the MNB recommends that
interest representation organisations, central organisations and professional associations play a
coordinating, directing role in that process. These organisations may elaborate guidelines and methods
for the ICAAP or ILAAP for their member institutions, which the institutions can adapt and apply in their
operations. In this case, the MNB will negotiate the compliance of the methods with the interest
representation or other central organisations which elaborated them. Nevertheless, the MNB will
review the application of the methods upon the review of individual institutions as well.
II.3 Supervisory expectations concerning the ICAAP of small institutions
While individual principles can be applied proportionally, small institutions, too, have to meet all ICAAP
related requirements of the MNB110.
This way, all relevant risks should be taken into consideration in the internal capital requirement
calculation process. The purpose of making the ICAAP mandatory for institutions is not just to establish
compliance with the capital requirement regulation, but to make the ICAAP a key management
instrument for institutions that are subject to the regulation. The purpose of implementing and regularly
employing the ICAAP is to strengthen the risk-aware governance of institutions, to measure the
110
Proportionality in the MNB’s requirements is only applicable to compliance with ICAAP guidelines 6-10. Every institution must fully comply
with the first five ICAAP guidelines.
132
institution’s risk level regularly and to determine the amount of capital that is necessary to cover
unforeseeable losses. The ICAAP includes several elements which institutions have been using already:
partly in their annual business and strategic planning processes and partly for calculating the capital
adequacy ratio which has been a standard requirement to date.
Small institutions can comply with obligations set out in domestic ICAAP regulations by examining their
exposure to risk types listed herein and the amount of capital which serves to cover those risks. There
might be other risks; however, which are not presented in this material. In these cases, it is the
institution’s responsibility to ensure that the ICAAP considers such risks as well. Institutions should also
be aware that capital is only the ultimate mitigant of risks and that the use of more efficient risk
management and control methods can mitigate those risks.
II.4 Methodologies applied by institutions subject to simplified ICAAP reviews
There is no one single correct process when setting up the ICAAP. Small institutions could, for example,
adopt a method based on the Pillar 1 minimum capital requirement to assess the need for additional
own funds requirements in respect of any non-Pillar 1 risk types.
An institution choosing this method needs to assess the following:
 whether the capital requirement calculated on the basis of Pillar 1 appropriately reflects all
material risks on a risk-by-risk basis;
 amount of capital that should be allocated due to Pillar 2 risks and due to exposures deriving
from external factors.
Similarly, small institutions can choose the building block approach, using different methodologies for
the individual risk types and then calculating the sum of the resulting capital requirement. When
choosing to employ this approach, the institution has to consider if it is able to collect the information
necessary for operating this model and if it is in possession of the instruments required for capital
requirement calculations.
An institution which chooses to use a structured approach will need to assess separately the capital
amounts for all Pillar 1, Pillar 2 and external risks and then add up the capital requirement calculated for
the individual risk types. Sensitivity analyses can be used for determining whether a risk type should be
considered relevant or not.
II.5 Steps of internal capital requirement calculations
Regardless which methodology a smaller institution decides to adopt, it needs to compare its actual and
future capital with the actual and future internal capital need arising from the assessment. The
preparation of a capital plan is of key importance. The internal capital requirement calculation consists
of a number of steps: the identification of risk exposures and, based on these exposures, the calculation
of required capital.
 Risk identification: as the first step, the institution has to draw up a list of relevant risk types.
When doing so, the primary reason of past losses should be identified along with the
likelihood of the occurrence of similar losses. Upon compiling the list, not only historic
information should be considered but expected future events as well.
 Capital assessment: for each risk listed as relevant, an assessment is to be made of the
potential loss which the risk can cause to the institution. The amount of capital to cover
these risks can be calculated as the sum of all such potential losses.
133
 Forward capital planning: the institution should not only consider the present situation but
also assess the amount of capital which will be available to it and see if it is in line with the
likely capital requirement based on the institution’s business plan.
 Profit or loss that is in line with the profit or loss in the institution’s Business Plan and its
Strategy (the profit figure in the Capital Plan, which increases the regulatory capital figure,
should match the profit planned in the Business Plan and the Strategy, taking into account
the Dividend Policy).
Based on the above steps, the institution has to determine the amount of internal capital it should hold
with a view to the actual situation and expected future events. It must determine the quality and ratio
of the capital items required for covering the risks.
II.6 Typical risks of smaller credit institutions
In respect of small institutions, typically the following main risks are assessed:
 control/management risk (internal governance),
 credit risk,
 concentration risk (individual customers, geographical, industry-specific),
 interest rate risk,
 liquidity risk,
 operational risk,
 strategic risk,
 risk of external factors.
Obviously, individual credit institutions may have further risks, which should be evaluated by the
institution concerned.
II.7 Activities generating unusual, additional risks to investment firms
At investment firms, additional risks may arise in respect of the following activities:
 providing or mediating services for high gearing transactions,
 providing or mediating services for “high frequency trading”,
 services for investment loans or deferred financial performance,
 own-account trading (in the case of transactions conducted in favour of the client by using
own account).
II.8 Supervisory review in small institutions
In the case of small institutions, the MNB conducts annual simplified reviews (except for small
institutions where the MNB opts for a different ICAAP review method). This method can ensure that all
of the information necessary for the MNB to make decisions in the course of the supervisory reviews are
efficiently collected and processed despite the large number of small institutions.
The MNB updates the questionnaire every year and conducts its survey using this questionnaire; it
compares its results with the information received from data supply as well as on-site and off-site
reviews, as a result of which it identifies the institutions against which a supervisory measure needs to
be taken in the context of the supervisory review.
134
If, in application of the ICAAP, the small institution identifies a need for a higher capital requirement and
the MNB does not impose additional own funds requirements, the MNB will consider the higher capital
requirement calculated by the institution as the total SREP capital requirement. The MNB will reduce
the higher additional capital requirement calculated by the institution with the capital discount granted
pursuant to the institution’s participation and commitment in a market-based loan scheme (MBLS) when
determining credit risk capital requirement, subject to applying the Pillar 1+ method, i.e. the credit risk
capital requirement must not fall below the Pillar 1 capital requirement even after the discount.
The assessment of the liquidity adequacy of individual institutions is also included in the supervisory
review process (unless it is done during the annual ILAAP review). During the review, the MNB evaluates
the institution’s liquidity buffer and financing policy, as well as its regulations and mechanisms designed
to measure and address liquidity and funding risks. When assessing the liquidity adequacy of small
institutions, the MNB will give preference to appropriate risk management over raising an additional
liquidity buffer.
II.9 The most common additional own funds requirements for investment firms
In the SREP procedure, for institutions whose capital level to be achieved is the minimum subscribed
capital required as a prerequisite for authorisation, to offset the negative impact of the continued high
volatility of the HUF/EUR exchange rate, the MNB consistently determines the TSCR to be the EUR
amount of the initial capital set out in Article 13 of the Investment Services Act, converted to HUF at
95% of the highest exchange rate published by the MNB in the calendar year preceding the date of
observation.
In the SREP procedure, exposure to the concentration risk of third-party counterparties is taken into
account for institutions whose exposure to non-Hungarian counterparties exceeds 15% without taking
into account the exposure to KELER. In this case, the MNB will determine the additional own funds
requirement for exposures to counterparties with a share of more than 5%. In line with the general
approach of Pillar 1, the definition is based on a 20% risk weight and an 8% capital requirement.
To cover counterparty credit risk in White Label contracts, for transactions in open positions with a
leverage of over 10:1, 1% to 2.5% of the difference between the theoretical principal amount on
contracting and the opening hedge value will be determined as an additional own funds requirement.
Operational losses (loss events) were taken into account for institutions whose operating losses
exceeded 5% of Pillar 1 capital requirement for operational risk. In this case, the additional own funds
requirement for operational risk is determined by the MNB at 100% of the operating loss.
II.10 Supervisory measures relevant for small institutions
The main objective of the supervisory review is to ensure for small institutions a risk-conscious
operation and efficient prudential supervision rather than imposing additional capital generation.
Nevertheless, if the MNB deems necessary that, based on internal or external characteristics of the
institution, its Pillar 1 or ICAAP capital requirements are not in conformity with the risks assumed, it may
– similarly to large institutions – set an additional capital requirement.
The relationship between the deficiencies detected at small institutions and the supervisory measures to
be applied within the framework of the supervisory review is presented in the tables included in the
annex (as regards investment firms, the distribution of typical operational risks according to activities is
shown in a separate table). The MNB provides the tables, the categorisation of deficiencies and the
percentage of the additional capital requirement as a starting point, nonetheless, other aspects may
arise and be considered.
The imposition of additional own funds requirements is not the only tool for measures taken within the
framework of the supervisory review. Other tools may include requests for risk reduction, requests for
the improvement of the quality of risk management, for the modification of internal regulation, or for
135
organisational change, requirements for internal education and training, or proposals for hiring of new
managers or experts. If the given problem or deficiency is eliminated, it is taken into account by the
MNB during the next supervisory review. In justified cases, changes may take place in the institution’s
market position, business activity, risk profile or risk management system which changes significantly
influence the internal capital requirement, the institutions may propose interim review of the capital
ratio, or the MNB may decide to conduct an extraordinary SREP.
II.10.1 Supervisory measures at small credit institutions
As part of the supervisory review, a demand for the implementation of measures must be issued, or
additional own funds requirements must be imposed on a credit institution where any of the risks listed
below exists and is accompanied by a deficient internal control system and insufficient capital coverage,
and thus, overall, prudent operation is not guaranteed:
 the institution operates under conditions that are riskier than the average (e.g. geographical
environment, higher-risk clients)
 any of its indicators shows a higher risk level (e.g. poor asset quality, operational losses,
liquidity difficulties, high interest rate risk, concentration risk, etc.),
 the MNB or any other external audit reveals management, risk management or internal
control problems,
 recent frauds, abuses or operational problems have been revealed jeopardising long-term
operation,
 the institution is engaged in an activity that is not typical for small institutions (e.g. cross-
border services, trading of advanced derivative instruments, purchase of foreign securities),
 the institution launches new activities or penetrates new markets which will presumably
have a significant impact on its operation, and is continuously engaged in acquisitions,
 in contrast with its strategic objectives, the institution loses a significant market share in its
scope of operation, the number of its clients and volume of its business fall to a level that
jeopardises further operation,
 the financial terms and conditions the institution offers significantly differ from the usual
market terms and conditions and, according to the MNB’s assessment, this entails an
unsustainable business model;
 the institution fails to comply with fundamental procedures set out in supervisory
recommendations and methodology manuals thus jeopardising prudent operation;
 the institution lacks management knowledge, expertise or technical and IT conditions which
would be indispensable for the activities it is engaged in or the risks implied therein,
 trust by its clients or market partners towards the institution declined,
 the institution’s strategy cannot be regarded well-founded due to the expected macro-
economic and sector-specific conditions and to its position and business activity,
 the quality of the ICAAP/ILAAP applied by the institution is not adequate,
 the institution does not perform sensitivity analyses or stress tests to determine the growth
rate of its material risks in significant economic recessions and to define the volume of
capital needed to cover such risks;
 the behaviour of the institution’s owners does not allow for the efficient functioning of
owner’s control.
136
Due to the limited possibilities of tailor-made assessments, the level of the additional own funds
requirements is calculated in a pre-regulated way according to the relative frequency rate of the MNB’s
risk categories: high (category 1), medium (category 2) and low (category 3). For the purpose of
guidance, the typical presence of low, medium and high risks results in an additional capital requirement
of 33%, 66% and 100%, respectively, of the regulatory capital requirement, but the actual final figure is
mostly subject to further assessment.
II.10.2 Supervisory measures at investment companies
In the case of investment firms, according to the MNB’s opinion the business models or organisational
mechanisms generating unusual, additional risks are, in particular, the following:
 the broker may have authorisation over the client account,
 the broker has limits and/or competences above the usual ones,
 opening and keeping (without justification or control) suspense accounts, transit accounts,
technical accounts,
 cross-border services,
 trading with advanced derivative instruments, purchasing foreign securities,
 utilising third-party depositaries,
 compared to the size of the front office, the back office or the control unit does not have
sufficient material or human resources,
 lack of physical and logical separation of retail and back office systems,
 the institution’s ownership relations do not provide for the efficient functioning of owner
control,
 the MNB or any other external audit reveals management, risk management or internal
control problems,
 recent frauds, abuses or operational problems have been revealed jeopardising long-term
operation,
 the institution launches new activities or penetrates new markets which will presumably
have a significant impact on its operation,
 the institution fails to comply with fundamental procedures set out in supervisory
recommendations and methodology manuals thus jeopardising prudent operation;
 the institution lacks management knowledge, expertise or technical and IT conditions which
would be indispensable for the activities it is engaged in or the risks implied therein,
 trust by its clients or market partners towards the institution declined,
 the institution’s strategy cannot be regarded well-founded due to the expected macro-
economic and sector-specific conditions and to its position and business activity,
 the quality of the ICAAP applied by the institution is not adequate,
In the case of investment firms, if the majority of the problems revealed within the supervisory review
process or in data supply or in supervisory investigations fall into category III, the SREP capital
requirement is 8–10% of the capital adequacy ratio or 100-120% of the initial capital. If they fall into
category II, the SREP capital requirement is 8-12% of the capital adequacy ratio or 100-160% of the
initial capital and in category I it is 8-16% of the capital adequacy ratio or 100–200% of the initial capital.
The legislation in force sets the maximum additional own funds requirements that may be imposed in
the context of the supervisory review on the basis of the capital requirement calculated under Pillar 1,
137
so that the SREP capital requirement (amount of the capital requirement under Pillar 1 and the amount
of additional capital requirement under the supervisory review procedure) is limited to twice the capital
requirement set out in Article 105(2) of the Investment Services Act. In the case of investment firms for
which Pillar 1 capital requirements are set out in Article 105(2)(b) of the Investment Services Act, the
TSCR is imposed as the requirement to achieve a capital adequacy ratio of 8% to 16%, while in the case
of investment firms for which Pillar 1 capital requirements are set out in Article 105(1)(a) of the
Investment Services Act, the TSCR is imposed as the requirement to achieve 100% to 200% of the initial
capital required to take up the activity.
II.11 Closing the supervisory review
After processing the questionnaires and any other documents requested during the review, the MNB
will send a prudential letter to the institutions to inform them of the review results (together with the
results of consultations, if any). The MNB documents the quantified result of the supervisory review
process in the SREP Review Form attached to the prudential letter. If the MNB does not see compliance
with the prescribed total SREP capital requirement (TSCR) and the overall capital requirement (OCR)
guaranteed, it may issue a resolution to call for the institution to provide additional capital.
138
List of documents
In the course of the supervisory review, institutions are required to present the ICAAP in place. The
official ICAAP and ILAAP documentation submitted to the MNB must always include the presentation of
implemented methods that have been approved by top management.
In order to enable an accurate assessment, the data in the submitted documentation must always
reflect the latest information. Otherwise (i.e. if it has no access to updated figures and methodologies),
the MNB will have no choice but to apply additional conservatism when forming an opinion on the
capital and liquidity adequacy of the institution.
This chapter only provides suggestions regarding the chapters to be considered for inclusion in the
submission. Both the format and the contents of the document are for the institution to decide on.
However, when compiling the documentation, institutions must bear in mind that they will have to
present and defend their capital requirement calculation methods and results, as well as the system in
place to assure adequate liquidity. It is a supervisory expectation regarding the submitted document
that it cites all arguments for defending the calculations of the institution.
II.12 Summary
 Presentation of institution-specific and group-level risk strategy as a separate document (the

documentation of the ICAAP and the ILAAP must sufficiently present the organisational,
governance and supervisory functions of risk management along with the related internal
audit mechanisms).
 Brief presentation of the major activities/business lines of the institution/group. In case of
groups, it should be specified which group members are covered by the ICAAP and the
ILAAP.
 Overview of the applied internal capital calculation method(s) and any changes thereof.
 Documentation of a use test. The institution must present the areas where it uses the
results of the ICAAP. This presentation can impact substantially the supervisory judgment of
the reliability of capital requirement calculations. The relation between ICAAP results and
available capital.
 Evaluation of the compliance of the institution’s risk management methods.
 Presentation of the institution’s internal self-assessment (GAP analysis) and the resulting
action plans, presentation of the results of annual ICAAP and ILAAP reviews.
 Brief assessment of the institution’s material risks, presentation of changes since the
previous assessment.
 Time of the capital and liquidity adequacy assessment exercise, specification of group
members covered, name of persons conducting and approving the assessment.
II.13 Presentation of actual and target capital position
Capital plan in detail: capital requirement-capital expenditure, internal/external resources, dividend

policy
139
II.14 Detailed presentation of capital adequacy calculations
 documentation of methodologies established for identifying and managing risks (including

other risks);
 detailed presentation of calculation methods and results, specification of confidence level
and conditions for the calculation of economic capital requirements;
 date and time horizon of the calculation;
 a map of risks (including other risks), definition of risks;
 presentation of material risks that have been considered in the ICAAP, comparison to Pillar 1
calculation results where necessary, comparison to the institution’s risk appetite (limit)
concerning a specific risk, If Pillar 1 and Pillar 2 capital requirements are different,
differences must be reconciled in a detailed, itemised manner;
 risk mitigants;
 presentation of methodology and assumptions (risk management approach);
 consideration of other risks in the internal capital allocation process;
 presentation of the findings and results of stress tests and scenario analyses;
 presentation of the aggregation procedure, the correlation and diversification effects
considered including an explanation thereto;
 assessment of the compliance of the institution’s risk management methods and processes
(self-assessment: weaknesses, deficiencies, action plans).
As a requirement concerning the submitted documentation, the general methodology section (theory,
models, etc.) and the specific numeric results (capital figures, model parameters etc.) must not be
separated for such separation would cause difficulties in the assessment of quantitative results and the
examination of capital adequacy. The document must present in detail the manner in which the capital
requirement of a specific risk type was calculated. The MNB is only able to evaluate the relevant risk
capital requirement in the light of the applied models. Without being fully aware of these models, the
MNB has no choice but to have reservations regarding the presented numeric results. In case the
institution covers a certain risk type by way of processes (and not capital), it is required to support this
decision with convincing arguments (e.g. strategy and reputation risks may belong here).
II.15 The integration of the ICAAP methodology into processes
 demonstration and assessment of the level of integration of the ICAAP into decision-making
processes,
 outcome of the ICAAP review, main findings,
 planned and current changes to the ICAAP.
The MNB reviews the ICAAP in the context of risk cycles, in accordance with and under the framework of
its audit plan. Therefore, underlying documentation should only be submitted at the request of the
MNB, unless the ICAAP mechanisms have been subject to material changes. If so, the MNB must be
informed of the major changes.
II.16 Description of the Internal Liquidity Adequacy Assessment Process
For the evaluation of the ILAAP, institutions must at least submit the following documents:
 current liquidity strategy highlighting the changes compared to the previous liquidity
strategies;
140
 the liquidity plan of the year preceding the review, backtested, and the current liquidity plan
and current liquidity crisis plan (LCP);
 liquidity risk reports (quarterly and monthly reports for the past 12-month period, weekly
and daily reports for the month under review);
 liquidity stress tests (assumptions, results);
 related effective internal liquidity regulations and regulations on internal funds transfer
pricing;
 values and limit values of the early warning indicators during the past one-year period,
description of responses to any actual warning;
 models, assumptions, segmentations and time series applied in quantifying deposit
outflows;
 internal audit report relating to the liquidity risk;
 full list of limits indicating the changes made during the year preceding the review, and the
data of the limit utilisation measurements in accordance with their frequency for the past
one year preceding the review date, in an Excel table;
 explanation of the calculation of the Liquidity Coverage Ratio (LCR) and the Net Stable
Funding Ratio (NSFR) pertaining to the reference date of the audit;
 list of group financing transactions.
141
III. Annexes
Annex 1: Supervisory responses to the revealed deficiencies at small institutions

Annex 2: Supervisory responses to the revealed deficiencies at investment firms
Annex 3: Typical operational risks of investment firms broken down by activity
Annex 4: Information on risky portfolios that are prioritised in the context of the supervisory review
process and on the related additional own funds required (available separately on the MNB website)
Annex 5: Data request for the review of risky portfolios (available separately on the MNB website)
Annex 6: Internal model to be applied for calculating foreign exchange rate risk (available separately on
the MNB’s website)
Annex 7: SREP Review Sheet for credit institutions (available separately on the MNB website)
Annex 8: SREP Questionnaire for Investment Firms (available separately on the MNB website)
Annex 9: SREP Review Sheet for Investment Firms (available separately on the MNB website)
Annex 10: Priority Areas of the ILAAP Review (available separately on the MNB website)
Annex 11: Information on unstable funds that are prioritised in the context of the supervisory review
process and on the related liquidity requirements (available separately on the MNB website)
Annex 12: Request for data to check for unstable funds (available separately on the MNB website)
Annex 13: List of operational risk KRI’s and scenarios
142
1. Annex: Supervisory responses to the revealed deficiencies at small institutions
Problem
Revealed deficiency, problem Supervisory measure Primary source of information
category
Operation under conditions with above average Request for the Data supply, questionnaire,
II.
risks, the negative impacts of macroeconomic cycles diversification of the activity MNB investigations
Closer attention to risk Questionnaire, MNB
High geographic concentration risk III.
management investigation, sector analysis
Request for changing the MNB investigation, data
The institution’s strategy is not well-founded II.
strategy supplies
The owners’ dividend policy does not provide for the Call the owner’s attention to
II. Data supply, questionnaire
necessary internal capital increase the potential problems
Closer supervisory MNB investigation, market
Deterioration of trust (reputation risk) I.
monitoring of the activity information, questionnaire
Request for stronger owner’s Data supply, MNB
Lack or weakness of ownership control III.
control investigation
Request for the elimination
Investigations of the MNB and
Deficiencies in the capacities or expertise of of deficiencies, order to
I. other organisations, lessons of
executives conduct training, further
prudential discussions
training
Problems related to the qualification and
Request for professional Questionnaire, MNB
professional experience of executives out of the III.
further training investigations
scope of the MNB
Obligation to comply with
MNB investigation,
Non-compliance with earlier supervisory resolutions supervisory resolutions, I.
questionnaire
penalty
Reminder of compliance
Non-compliance with MNB recommendations and
with recommendations and II. MNB investigation
methodology manuals
manuals
143
Disregarding other MNB notifications (e.g. Closer monitoring of MNB MNB investigation,
II.
management letters, CEO circulars) notifications questionnaire
The MNB or any other external investigation reveals Obligation to rectify risk Investigation documents of
management, risk management or internal control management and control I. the MNB and other
problems deficiencies organisations
Obligation to rectify risk
Significant deficiencies in the market risk MNB investigation, data
management and control I.
management and control systems supply
deficiencies
Request for the modification
The services and products provided by the Investigation documents of
of the product and service
institution are non-marketable and do not adjust to III. the MNB and other
range and the business
market demands organisations, data supply
model
Performance of activities not typical for small Closer supervisory Questionnaire, MNB
III.
institutions monitoring of the activity investigation, data supply
Closer supervisory
Data supply, MNB
New types of activities, markets monitoring of new activities III.
investigation, questionnaire
and markets
Request for the modification MNB investigation,
Falling market share/growth rate below the sector
of the business model and III. questionnaire, data supply,
average
business policy HFSA analyses
The institution’s client structure is questionable, it is Investigation documents of
Request for the modification
a highly concentrated sector due to products or II. the MNB and other
of the client structure
debtor age. organisations, data supply
Investigation documents of
The MNB or any other external investigation reveals Obligation to dispense with
the MNB and other
an unauthorised activity unauthorised activities II. organisations, data supply
Request for changing Investigation documents of
The institution employs unacceptable tools in its
acquisition, marketing and II. the MNB and other
acquisition, marketing and disclosure policies.
disclosure policies. organisations, data supply
144
Asset quality is in the lowest 10–20% range Request for the reduction of
III. Data supply
compared to similar credit institutions credit risks
Asset quality is in the bottom 10% compared to Request for the reduction of
II. Data supply
similar credit institutions credit risks
Substantial credit losses in the past three years Investigating the cases of MNB investigation, data
II.
exceeding 5% of the equity. credit losses supply, questionnaire
The rate of suspended interests is at least 30% Investigating the cases of
III. Data supply
higher than the sector average. credit losses
MNB investigation,
Significant deficiencies in the credit risk investigation documents
management and control systems received from other
deficiencies
organisations
Order for more detailed
Clients representing higher credit risk than average Questionnaire, MNB
reports and stricter risk III.
based on their ratings and industry risks investigation
management procedures
Introduction of new loan products, including
Questionnaire, MNB
especially unusual and new products in the Monitoring of new products III.
investigation
Hungarian market.
The credit institution operates with ratios close to
Closer monitoring of ratios,
the statutory prudential limits (with less than 10% III. Data supply
prudential limits
deviations)
Additional
own funds
requiremen
Closer supervisory ts imposed
High country risk Data supply
monitoring of the activity following a
specific
methodolo
gy
145
Substantial losses in the last three years arising from Investigating the causes of
II. Questionnaire
market risks market risk losses
Call for a review of MNB investigations,
Products with exceptional conditions III.
conditions questionnaire
Additional
own funds
requiremen
Request for the
ts imposed MNB investigations, data
Interest rate sensitivity analysis indicates high risk improvement of interest rate
following a supply
risk management techniques
specific
methodolo
gy
Frequent liquidity problems, no access to additional Request for developing the

Questionnaire, data supply,
capital, GAP analysis indicates high maturity liquidity risk management II.
MNB analysis
mismatch. techniques
Investigation of the source of

Substantial losses in the last three years arising from
losses arising from II. Questionnaire
operational risks
operational risks
Outsourcing of significant activities, insufficient
Request for closer attention Data supply, MNB control,
attention is paid to the entities performing III.
to the outsourced activity questionnaire
outsourced activities.
Documentation and administrative problems (not MNB investigation, client
of documentation and II.
only operational risk related problems) complaints, data supplies
administrative deficiencies
On-site and off-site
IT deficiencies II. investigations, clients’
of IT deficiencies
complaints
The ICAAP value is higher than under Pillar 1 Additional own funds I. Data supply, questionnaire
requirements imposed in
146
accordance with the ICAAP
value and the result of the
MNB’s risk assessment
Decline in own funds compared to the end of the Obligation for the
II. Data supply
previous year in excess of 10%. formulation of a capital plan
2. Annex: Supervisory responses to the revealed deficiencies at investment firms

Problem
Revealed deficiency, problem Supervisory measure Primary source of information
category
Operation under conditions with above average Request for the Data supply, questionnaire,
II.
risks, the negative impacts of macroeconomic cycles diversification of the activity supervisory investigations
Request for stronger owner’s Data supply, supervisory
Lack or weakness of ownership control III.
control investigation
Request for changing the Supervisory investigation, data
The institution’s strategy is not well-founded II.
strategy supplies
Supervisory investigation,
Closer supervisory
Deterioration of trust (reputation risk) I. market information,
monitoring of the activity
questionnaire
Request for the elimination Investigations of supervisory
Deficiencies in the capacities or expertise of of deficiencies, order to authority and other
I.
executives conduct training, further organisations, lessons of
training prudential discussions
Problems related to the qualification and
Request for professional Questionnaire, supervisory
professional experience of executives out of the III.
further training investigations
scope of the MNB
147
Obligation to comply with
Non-compliance with earlier supervisory resolutions supervisory resolutions, I.
questionnaire
penalty
Reminder of compliance
Non-compliance with supervisory recommendations
with recommendations and II. Supervisory investigation
and methodology manuals
manuals
Disregarding other MNB notifications (e.g. Closer monitoring of MNB Supervisory investigation,
II.
management letters, CEO circulars) notifications questionnaire
The MNB or any other external investigation reveals Obligation to rectify risk Investigation documents of
management, risk management or internal control management and control I. supervisory and other
problems deficiencies organisations
The services and products provided by the Request for the modification Investigation documents of
institution are non-marketable and do not adjust to of the product and service III. supervisory and other
market demands range organisations, data supply
Closer supervisory
Data supply, supervisory
New types of activities, markets monitoring of new activities III.
investigation, questionnaire
and markets
The institution’s client structure is highly Request for the modification
II. supervisory and other
concentrated according to sectors or products. of the client structure
organisations, data supply
The MNB or any other external investigation reveals Obligation to dispense with
I. supervisory and other
an unauthorised activity unauthorised activities
organisations, data supply
Request for changing Investigation documents of
The institution employs unacceptable tools in its
acquisition, marketing and II. supervisory and other
acquisition, marketing and disclosure policies.
disclosure policies. organisations, data supply
Significant losses caused by credit risks in the past Investigating the cases of Supervisory investigation, data
II.
three years credit losses supply, questionnaire
148
Significant deficiencies in the credit risk investigation documents
management and control systems received from other
deficiencies
organisations
Significant losses caused by market risks in the past Investigating the causes of
II. Questionnaire
three years market risk losses
Significant deficiencies in the market risk Call for a review of Supervisory investigations,
III.
management and control systems conditions questionnaire
Request for developing the

Questionnaire, data supply,
Frequent liquidity difficulties liquidity risk management II.
supervisory analysis
techniques
149
3. Annex: Typical operational risks of investment firms broken down by activity
Activities/loss category Operational risks Problem category
Accepting and transferring orders, executing orders, portfolio management
Clients, products and business
practice
execution of the transactions without giving an order I.
or
Internal fraud (if intentional)
practice
acceptance of orders without appropriate documentation (e.g. the lack of
I.
or sound recording)
practice non-compliance with the requirements on the acceptance of orders (deals
made outside the designated business premises, the use of mobile devices in a I.
or
manner different from the internal rules)
employee mistakes, errors (faulty recording of client’s orders, fat finger) II.
practice
practice
deals made without collateral I.
or
practice wrong allocation II.
or
150
practice
detecting possible contradictions between the clients’ trading activity and the
I.
or compliance tests, the lack of warning signs
Execution, delivery and process improper execution, erroneous delivery (e.g. duplicated execution, failure of
II.
management execution)
practice
the lack of limiting risky transactions, the lack of increased inspection (high-gear
I.
or transactions)
practice
broker’s negligence, insufficient information II.
or
Employment practices and the lack of regulation on personal business activities (the possibility of trading
II.
workplace safety without restrictions)
Employment practices and brokers’ disposal over client accounts with authorisation (quasi portfolio
I.
workplace safety management)
Employment practices and
the lack of control over the relationship between clients and employees II.
workplace safety
Execution, delivery and process
the lack of limits set in trading systems II.
management
Execution, delivery and process the lack of limits set for brokers II.
151
management
the lack of regular review of limits III.
management
Execution, delivery and process the use of automated trading systems without controls (robots, algorithms
I.
management (High-Frequency Trading (HFT))
excessive powers granted to brokers (Rogue trader) I.
workplace safety
Employment practices and the treatment of authorisations (the access of the trading area to back-office
II.
workplace safety systems, unauthorised access to clients’ data)
Clients, products and business the use of monitoring the fulfilment of transactions (e.g. confirmation of
II.
practice performance by the trading area)
Custody and registration of financial instruments, as well as keeping client accounts thereof, keeping custody of securities accounts thereof, the
registration of printed securities and keeping client accounts
issuing fraudulent balance statements, statement of accounts, other
I.
Internal fraud documents for the client
Clients, products and business confirmations do not reach the client (confirmations requested to be kept at
II.
practice the service provider, confirmations via the broker)
Execution, delivery and process recording fault, the lack of control over reverse entries, insufficient
III.
management documentation
Execution, delivery and process partner risk – high exposure against third party depositories, the lack of partner
II.
management risk limits
the handling of client accounts (liabilities), clients with accumulated liabilities III.
management
Segregation deficiencies I.
management
152
Execution, delivery and process following the deal, its data and certificates are not immediately forwarded to
III.
management the back office
Execution, delivery and process opening and keeping suspense accounts, transit accounts, technical accounts
I.
management (without justification and control)
the possibility of opening fictitious accounts, the lack of screening fictitious
Execution, delivery and process accounts (accepting positions built on each other by creating fictitious client I.
management accounts in a value manifolds exceeding the relatively low trading limit)
Execution, delivery and process non-compliance with deadlines (e.g. remission, start of transfer) except for IT
I.
management breakdown
Execution, delivery and process the lack of mutual acknowledgement, confirmation vis-a-vis business partners
II.
management concerning the details of the transaction
certificates underlying the settlement are not countersigned by the back-office II.
management
lack of coordination between front-office and back-office systems II.
management
the lack of daily coordination of deals with the contracting party II.
management
Execution, delivery and process the lack of harmony between open positions and the collateral behind them
I.
management (the collateral is not well-founded, the positions are not correctly registered)
Own-account trading
no limits determined I.
management
lack of control of daily limits II.
management
Risk management, control
153
no appropriate body to manage the operational risk III.
management
agents are not properly controlled II.
management
the activity of branch offices is not properly controlled II.
management
Execution, delivery and process loss-making events are not recorded, incidents are not analysed (breach of
III.
management passwords, other abuses, producing fictitious documents)
Business disruption and system IT protection not properly ensured against intrusion and intervention in the
I.
failure system
Business disruption and system IT risks, system failure, system breakdown, interrupted network connection
I.
failure (financial transactions cannot be started in time)
Business disruption and system live start of new IT development without proper testing (collateral calculation,
II.
failure etc.)
Business disruption and system improper separation of live and test systems (there should be no link-up
II.
failure between the two)
Business disruption and system
trading system breakdown, disruption of operations I.
failure
Business disruption and system
lack of applying closed and non-manipulable IT systems I.
failure
Execution, delivery and process compared to the size of the front office, there are insufficient human resources
I.
management for inspection
Execution, delivery and process compared to the size of the front office, insufficient human resources for the
II.
management back-office
I.
Execution, delivery and process inadequate frequency of control of the front office (the lack of daily level
154
management control)
front office operation is not inspected continuously I.
management
lack of physical and logical separation of retail and back-office systems I.
management
Execution, delivery and process lack of review for faulty, modified and invalidated transactions (the number,
III.
management frequency and justification of transactions, etc.)
lack of daily reports on unusual event (transactions withdrawn, data of deals
Execution, delivery and process made outside trading hours or deviating from market price, settlement II.
management mistakes)
Managing human risks
Employment practices and no set of tools to screen potential employees whose morality or mentality may
II.
workplace safety represent risks for the firm
no references requested in the course of admission, selection I.
workplace safety
Employment practices and lack of professional expectations about the relationship between traders and
III.
workplace safety business partners
Employment practices and lack of monitoring and supervision concerning the relationship between traders
III.
workplace safety and business partners
inadequate regulation on leave and transfer of employees II.
workplace safety
Employment practices and lack of mandatory holidays (another broker has to keep contact with the client
II.
workplace safety for a certain period of time)
lack of mandatory exams (internal, external) III.
workplace safety
155
losses are not passed on to the person responsible III.
workplace safety
Employment practices and there is no member in the management who would have an oversight of the
I.
workplace safety trading activity
Employment practices and inadequate remuneration policy (endeavours to maximise commission income
I.
workplace safety are in conflict with client interest)
the scope of powers is not adequately detailed for the business area (nature
Employment practices and and size of deals, the magnitude of acceptable positions must remain within the I.
workplace safety set limits)
156
Annex 13: List of operational risk KRI’s and scenarios
A list of the relevant key risk indicators recommended by the MNB for consideration
 Number of unfilled positions/lead times
 Staff turnover rate
 Number/total value of external fraud cases prevented/occurred
 Number of internal fraud cases
 Number of complaints received
 Number/total value of lawsuits
 Number/total value of fines paid
 IT systems availability
 Number of notifications to HelpDesk
 Number of BCP incidents
 Number of data protection incidents
 Number of failures to meet deadlines (external and/or internal)
 Number/proportion of complaints answered past the deadline
 Workload indicators (by area)
 Number/proportion of faulty transactions
 Number/proportion of incomplete credit folders
 Number/proportion of unenforceable collaterals
 Lead times of retail/corporate loans
 Number/proportion of expired audit points
 Number/proportion of unreviewed regulations
A list of the scenarios recommended by the MNB for consideration
 Epidemics
 Key staff leaving
 High fines imposed by authorities
 Improper product/model/business practice
 High-figure action for damages (customer/partner/employee)
 Lending fraud
 Payments fraud
 Unauthorised treasury activity
 IT security incident (hacker attack/virus attack/phishing)
 Money laundering and terrorist financing
 Outage of key IT system(s) or public utilities
 Improper IT development and/or project
 Natural disaster
 War and terror attack
 High-value banking transaction executed by incorrectly
 Failure to observe deadlines and/or documentation requirements
 Non-compliant performance by suppliers
Appendix 1. Determination of the capital requirement for interest rate risk in banking books in the
MNB benchmark model
The capital requirement for interest rate risk in the banking book is derived by aggregating the average
value and standard deviation of the capital requirements determined periodically (typically as of the end
of each month).
(1)
ଵଶ
Ts z ( e f f ) = σ ௣ୀଵ ܶܵ ‫ݖ‬ ‫݌‬ / 12 +
where: Tsz(eff) = effective capital requirement; Tsz(p) = capital requirement at end of the period,
The purpose of taking standard deviation into account in determining the capital requirement is to
ensure a preference for a capital requirement that is stable over time and to distinguish between capital
requirements of the same average but with different degrees of standard deviation, in favour of the
requirement with a lower degree of standard deviation.
The structural sensitivity defined at the end of a given period is derived from the interest rate risk profile
of the balance sheet, most notably through the repricing and duration gaps, and determined by the
combined sensitivity of two key indicators, the net interest income and the economic value of equity.
Changes in both net interest income and economic value of equity are calculated separately according to
the relevant currencies, and the sensitivity of the particular currency will be the weighted root mean
square of the sensitivities of income and capital value 111; the total sensitivity (capital requirement) is
then calculated as the simple sum of sensitivities per currency.
௡
෍ ‫ כ ܿݓ‬ο ʹ ൅ ͳ െ‫ܿ ݓ‬ ‫ כ‬ο ʹ

Ts z p = ܿ (2)
௖ୀଵ
where: ∆NIIc = change in the net interest income of currency “c”; ∆EVE c = change in the equity value of currency “c”; w c =
change in the weight of the net interest income change for currency “c”, and 0 <w <= 1
The change in the net interest income or the equity value of each currency is the highest negative value
of the variation of the given currency, calculated according to different scenarios 112, up to zero.
∆NI I c = mi n ( ∆NI I c 1 , ∆NI I c 2 , ……∆NI I c n, 0 ) (3)
∆EVEc = mi n ( ∆EVEc 1 , ∆EVEc 2 , ……∆EVEc n , 0 ) (4)
where: ∆NIIcn = change in the net interest income of currency “c” in scenario “n”; ∆EVE cn = change in the equity value of currency
“c” in scenario “n”
In the above calculations, the NII and EVE sensitivity indicators may be considered separate measures,
which are nevertheless complementary in their meaning. In practice, the two indicators might return a
minimal (greatest negative) value for both the extent and the direction of assumed interest rate shifts
under the different scenarios; however, this does not mean that the calculation would assume the
simultaneous occurrence of the two different scenarios. This is because rather than adding up the NII
and EVE sensitivities, their (weighted) average is calculated. In this approach, there is a certain
probability for the occurrence of all the scenarios rather than one or the other occurring.
111
The use of the root mean square is justified by the treatment of results with a negative sign on the one hand, while it also provides a higher
value compared to the arithmetic mean of the absolute values, depending on the weighting.
112
The scenarios used and the methods applied to determine them are set out in Appendix 2.
158
The wc parameter, representing the weight of net interest income changes for a particular currency and
used for the calculation of structural sensitivity, is the simple arithmetic mean of the weights for that
currency in the four quarters preceding the calculation:
ସ
wc = ෍ ‫ ݍݓ‬൘Ͷ (5)
௤ୀଵ
where: wq = weight calculated for the given currency based on data “q” quarters prior to the reference period
w = coefficient of 0.08 to 1 based on the size of the repricing gaps, the value of which increases with the
increase in the ratio of repricing gaps that are closer in time (i.e. in shorter tenors).
The definition of parameter “w” is based on the principle that repricing gaps in closer time proximity
have a greater influence on NII sensitivity compared to more distant gaps, i.e., the closer the gaps are on
average, the greater the weight of the NII sensitivity. The same is reciprocally applicable to EVE
sensitivity, i.e. more distant repricing gaps have a greater influence on EVE sensitivity compared to the
gaps in closer time proximity, that is, the more distant the gaps are on average, the greater the weight of
the EVE sensitivity. The final weight of NII sensitivity 113 is the average of the weights obtained using two
different weighting schemes.
wq =( wNI I +( 1 - wEVE) ) / 2 (6)
The NII/EVE weighting scheme refers to a series of linear monotonically increasing or decreasing weights
assigned to tenors in the repricing table, aligned with the number of tenors for NII and EVE, which only
serve to calibrate the determination of the weights of NII and EVE sensitivity, and are not parameters for
the calculation of actual NII or EVE sensitivity. Using the two weighting schemes, weights are given in the
following formulas.
୬ ୬
wNII = ෍ ‫ כ‬ ൙෍
(7)
୧ୀଵ ୧ୀଵ
୬ ୬
wEVE=෍ ‫ כ‬ ൙෍ (8)

୧ୀଵ ୧ୀଵ
where: WNII is the weight determined using the NII weighting scheme; W EVE is the weight determined using the EVE weighting
scheme;
|GAPi| = absolute value of the repricing gap in tenor “i”;
wGAPNIIi and wGAPEVEi = NII and EVE weights for tenor “i”
The vectors of the weights assigned to each tenor in formulas (7) and (8) are:
wGAPNII=<100%,95%,89%,84%,78%,73%,68%,62%,57%,51%,46%,40%,35%,30%,24%,19%,13%,8%>
wGAPEVE=<8%,13%,19%,24%,30%,35%,40%,46%,51%,57%,62%,68%,73%,78%,84%,89%,95%,100%>
We determined the weights taking into consideration the 18 repricing tenors defined in Supervisory
Report 9R1 on interest rate risk (excluding the ON category).
113
The same procedure can be used to determine the weight of EVE sensitivity by changing the role of NII and EVE sensitivity. (Given that NII
weight = 1-EVE weight, the resulting final NII and EVE sensitivity weights are the same in both cases.)
159
160
Appendix 2. Interest rate scenarios used to determine the capital requirement for interest rate risk in
the MNB benchmark model
The interest rate scenarios used in the benchmark model follow the procedure outlined in the Basel
Recommendations and EBA Guidelines, which is described in detail in Appendix III of the new EBA
document effective from 30 June 2019 (see Guidelines on the management of interest rate risk arising
from non-trading book activities, Annex III: The standardized interest rate shock scenarios). The
standardized interest rate shock scenarios).
For the HUF currency, the EBA Guidelines referred to above define the baseline shock scenario (an
immediate parallel shock to the entire yield curve) to be a movement of 300 bps, the same measure
being 450 bps for the short end of the yield curve, and 200 bps for the longer end. At the same time, the
Guidelines enable local authorities to review these values by using a different observation period.
Using the data of the observation period from 2009 to 2018, the MNB determined the following interest
rate movements for the forint as the baseline scenarios for benchmark calculation.
Table 1: Intensities of the baseline HUF currency interest rate shock
Parallel Short Long

2.50% 3.50% 1.60%
For currencies other than the forint, the MNB applies the values contained in Appendix III of the EBA
Guidelines as a baseline interest rate shock scenario.
In the benchmark interest rate risk calculations, the MNB applies a zero interest floor to changes in
ordinary interest rates while assuming an unchanged spread, i.e. the rate of downward movement of
transaction (product) interest rates is limited depending on the given level of the yield curve. In the case
of market interest rate changes, the MNB will apply the interest rate floor in the international guidelines
for the HUF and other currencies alike. Accordingly, the extent of interest rate reduction may be such
that the lowest yield level is -1% at the nearest point of the yield curve and 0% at its farthest point,
whereas the lowest level of the intermediate points are derived by linear interpolation.
(Note that the rate of downward movements varies depending on the current level of the yield curve
points, so they need to be updated regularly.)
161
Appendix 3. Modelling sight deposits in the banking book interest rate risk benchmark model
As part of its interest rate risk benchmark model, the MNB produces estimates in order to determine the
behaviour of products with undefined interest rate risk characteristics. The model for sight deposits,
which fall into the above category of products, is described below along with the requirements
concerning the development objectives for the sight deposit models used by the banks.
Since sight deposit holdings dominate on the liability side within Banks’ balance sheets and therefore
significantly impact on the measurement results of interest rate risk, the MNB expects the Banks to have
in place their own models that capture the actual risk behaviour of these products appropriately. An
appropriate model must not consider the entire portfolio as immediately due and cannot allocate it to
the shortest repricing category. If possible, the model is expected to contain the components described
in this appendix, either as standalone models or as parts of a more complex model.
A. Segmentation
The MNB expects banks to have estimates for all currencies with significant holdings within their sight
deposit models but at least for the currencies HUF and EUR.
In addition to such breakdown by currency, the MNB also considers it necessary to differentiate the
customer segments. Banks are expected to treat separately each customer segment with a materially
different interest rate risk behaviour; as a minimum requirement, they should perform separate
estimates for retail and corporate customers.
B. The data used
The MNB expects the banks to develop and operate their sight deposit models by relying on all the
material information available to them regarding the parameters of sight deposits and to make every
effort to ensure that the data they use offer validated, controlled and reliable information. The data
used should include at least sight deposit holdings and interest rate time series, which should
incorporate data for at least 10 years in at least a monthly breakdown.
C. The parts of the model
The purpose of applying the sight deposit model – as a part of the interest rate risk model - is to
estimate the income sensitivity and capital value sensitivity of deposit holdings, for which the MNB will
take into consideration the results of several sub-models, as follows:
Sub-models
1) Core holdings estimate
2) Holdings estimate
3) Interest rate estimate
4) Amortisation, cash flow estimate
5) Market scenarios
C.1. Core holdings estimate

Core holdings are the part of the sight deposit holdings that are available to the bank
consistently, regardless of the interest rate environment and have low interest rate
flexibility, i.e. the changes of their interest rates do not follow market rate changes or only to
a small degree.
The definition of core holdings is the first step in sight deposit modelling; these holdings
serve as the basis for the subsequent estimates. The holdings and interest rate estimates
and cash flow forecasts described below apply to the core holdings; the rest of the total
162
holdings (the noncore holdings) are sensitive to interest rates as products responding quickly
to changes in market rates.
Accordingly, determining the core holdings involves taking into consideration the
uncertainties originating from, firstly, the behaviour of customers and, secondly, the product
pricing practices of banks, in an environment of changing interest rates. There are various
types of estimation methods, depending on the data available:
e.g. the analysis of historic holdings data, the processing of individual account data, the use
of time series analysis processes (cf. ARIMA), expert estimates.
C.2. Holdings estimate
When estimating income sensitivity, the underlying assumption of the interest rate risk
model is of unchanged balance sheet holdings and structure, i.e. expiring holdings are
replaced with the same products and positions with the same risk characteristics. Taking into
consideration the dynamic changes of sight deposit holdings observed in recent years, the
assumption of unchanged balance sheet may distort the interest rate risk estimates, so that
we are relaxing the strict assumption of an unchanged balance sheet to a certain extent in
the case of sight deposits. When estimating income sensitivity, we assume the entire deposit
holdings that incorporate term deposits to be unchanged instead of assuming the sight
deposit holdings to be unchanged, i.e. we allow for changes in the proportion of fixed and
sight deposit holdings to the total deposit holdings.
There are different methods available to forecast the changes of the proportion of sight
deposit holdings and their changes over the estimate horizon (typically time series analysis,
regression, machine learning processes). The applied method should have the capacity for
reliably predicting the proportion of sight deposit holdings under the various interest
scenarios used in the interest rate risk model, with an acceptably low estimation error level.
C.3. Interest rate estimate

When estimating the interest rates of sight deposits, the objective is to forecast the
evolution of the interest rates of these products in various market scenarios. Unlike in
holdings estimation, the interest rates estimated in this model will be relevant not only for
the estimation of income sensitivity but also in capital value sensitivity calculations, because
the interest rates predicted here are the ones used in determining interest cash flows.
There are different methods available to forecast the changes in the interest rates of sight
deposit holdings (typically time series analysis, regression, replicating portfolio, machine
learning processes). The applied method should have the capacity for reliably predicting the
sight deposit interest rates under the various interest scenarios used in the interest rate risk
model, with an acceptably low estimation error level.
C.4. Amortisation, cash flow estimate

When estimating the economic value of capital, the so-called ‘run-off’ approach is used in
the case of sight deposits too: the amortisation of the holdings currently in the balance sheet
are estimated and a forecast of the capital and interest cash flows originating from the
amortisation schedule is created. The sensitivity of the present value of the cash flow
forecast in this way is the contribution of sight deposits to the total capital value sensitivity.
Given the differences between interest rate cash flows quantified in the different interest
rate scenarios, the individual scenarios will result in different cash flows, even if the capital
cash flow does not change. Forecasting cash flows requires a knowledge of the maturities of
163
the deposits and the amortisation schedule of the capital amount; an estimate of the future
changes in product interest rates is also needed.
The deposit interest rates are estimated in a separate sub-model (see section above). The
maturity and the amortisation (capital cash flow) estimate is produced using the replicating
portfolio approach. To determine the replicating portfolio, 1-, 3-, 6- and 12-month and 3-, 5-
and 10-year yield curve points are used in the model, with the restriction that the average
term of the resulting portfolio must not be longer than 5 years. The replicating approach
allocates optimally the core part of the sight deposit holding to the selected tenors, whereas
the non-core deposits are placed in the 1 month category, which stands for maturity within a
short period of time. The target variable to be optimised is the so-called Sharpe ratio, i.e. the
weights of the investments represented by the various points on the yield curve are set by
finding the maximum of the indicator determined as the quotient of the margin between the
replicating portfolio and the deposit interest and the margin spread.
Capital amortisation is determined assuming the constant run-off, in equal monthly
amounts, of the parts invested in instruments represented by the various points of the yield
curve, e.g. a partial sum invested for 3 months is amortised in three months, an amount
invested for 6 months is amortised in 6 months etc. in equal monthly amounts. The total
amortisation schedule is calculated as the total of these constantly amortising subtotals.
C.5. Market scenarios
The market shock scenarios used in modelling sight deposits are the same 6 Basel scenarios as
appear in the EBA Guidelines and applied by the MNB (see Appendix 2). The forecast future
interest rates used in the various sub-models equal the forward yields calculated using the
current yield curve. Shocked future yields are quantified by identifying forward yields using the
six current yield curves determined by the six immediate rate shocks.
By using forward yields, future shocked interest is determined essentially by the current yield
curve shock and the shape of the yield curve. Although this procedure does not necessarily
provide a reliable forecast of future - shocked - interest, it serves the objective of the interest
rate risk model. This is due to the fact that, through NII and EVE sensitivity measurement, the
model is aimed only at measuring the differences between the various interest rate scenarios
and the presentation of potential changes, and not a precise determination of income or capital
economic value.
164

Icaap Ilaap Bma Manual 2019 en

Uploaded by

Copyright:

Available Formats

Icaap Ilaap Bma Manual 2019 en

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Icaap Ilaap Bma Manual 2019 en

Uploaded by

Copyright:

Available Formats

The Internal Capital Adequacy Assessment Process (ICAAP),

the Internal Liquidity Adequacy Assessment Process

METHODOLOGY MANUAL FOR SUPERVISED INSTITUTIONS 1

Revised: December 2019

2006/48/EC (amending Directive 2000/12) and

CVA Credit Valuation Adjustment

I.1 ICAAP/ILAAP reviews and BMAs as reflected in the SREP 4

 Risks of external factors (regulatory, economic, business environment).

ICAAP 8: The ICAAP should be forward-looking and future-oriented.

I.3.1 Supervisory principles for ILAAP design

I.4 Business Model Analysis (BMA)

I.5.1 Internationally accepted principles

Evaluating the capital requirement

Evaluating the capital requirement

Subsidiary Subsidiary Subsidiary Subsidiary

Subsidiary Subsidiary Subsidiary

Subsidiary Subsidiary Subsidiary

Subsidiary Subsidiary Subsidiary

E. Hungarian group of institutions

Assessing liquidity adequacy

The prudential letter closing an ILAAP review contains the following:

adequacy of the institution.

V.1 ICAAP governance and control systems – risk management

V.1.5.1 Risk-taking policy

 whether the institution has comparative advantages in any area;

 capital requirement of actual risks.

V.1.5.2 Setting risk appetite and the willingness to take risks

V.1.5.3 Target risk structure

V.1.5.4 Stages of risk management:

V.2.1.1 Assumptions of the credit risk model

- they should be able to quantify the diversification impact created by model

V.2.1.2 Fundamental expectations for models and rating systems

 specification of concepts, procedures and processes,

 ensuring adequate data quality,

 adequate collection, storage and maintenance of the data used,

 regular monitoring and reporting of model performance and stability,

V.2.1.3 Rating models

V.2.1.4 Estimating the probability of default

V.2.1.6 Retail TTC PD – supervisory benchmark

V.2.1.7 Corporate PD – supervisory benchmark

V.2.1.8 Applying EU benchmark PDs

V.2.1.9 Application of a sovereign floor

V.2.1.10 Estimation of the loss given default ratio

V.2.1.11 Retail mortgage LGD – supervisory benchmark

V.2.1.12 Non-performing items, expected loss and provisions

V.2.1.13 Holdings (Equity exposures)

V.2.1.14 Specialised lending exposures

V.2.1.17 Counterparty risk

V.2.1.19 Credit valuation adjustment risk (CVA)

V.2.1.20 FX lending risk

V.2.1.21 Residual risks

V.2.1.22 Settlement risk

V.2.1.23 Free deliveries

V.2.1.24 Securitisation risk61

V.2.1.25 Concentration risks

V.2.1.26 Country risks

V.2.1.27 Risk of other assets

V.2.1.28 Calculation of capital requirements for credit risk

wEVE=෍ ‫ כ‬ ൙෍ (8)