BANK 4.2.4 Policies — monitoring, testing and access

(1) A banking business firm's credit risk management policy must provide for monitoring the total indebtedness of each counterparty and any risk factors that might result in default (including any significant unhedged foreign exchange risk).
(2) The policy must include stress-testing the firm's credit exposures at intervals appropriate for the nature, scale and complexity of the firm's business and for its risk profile. It must also include a yearly review of stress scenarios, and procedures to make any necessary changes arising from the review.

Note The firm's ICAAP sets out how these monitoring and testing are to be achieved. ICAAP includes procedures to continuously identify, measure, evaluate, manage and control or mitigate the risks arising from the firm's activities, and the capital held against such risks — see rules 3.1.4 and 3.1.5.
(3) A firm must give the Regulatory Authority full access to information in its credit portfolio. The firm must also give the authority access to staff involved in assuming, managing and reporting on credit risk.
Derived from QFCRA RM/2014-2 (as from 1st January 2015).