BSP Rules on Banks Internal Credit Risk Rating

Applies to all universal and commercial banks.
Requires formal internal credit risk rating systems for underwriting and ongoing administration of corporate credit exposures.
Systems must suit the bank's nature, complexity, and scale.
Corporate credit exposure initially includes companies with assets exceeding P15 million.

Internal credit risk rating systems must be approved by the board of directors or equivalent management committee.
Boards must provide consistent oversight of these systems.
Systems must be integrated into the credit risk management process, influencing evaluation and review of exposures.
Credit underwriting must become more conservative as credit ratings deteriorate.
All credit decisions require written assessments.
Provisioning standards must align logically with the internal ratings.
Banks must maintain an independent credit risk control function responsible for system design, implementation, and performance.
The credit risk control function must operate independently from business origination activities.
Internal ratings must be regularly reported to the board, including portfolio quality and default analysis.
Internal and external audits must review the system and credit risk control operations at least annually.

Banks must fully document their internal credit risk rating systems covering coverage, criteria, parties involved, rating exceptions, approval authorities, review frequency, and management oversight.
Documentation must include rationale and analyses ensuring meaningful risk differentiation.
Rating criteria should combine qualitative and quantitative factors with transparent, experience-based quantitative ranges, including leverage and cash flow standards.
Banks must keep detailed rating histories for individual accounts, including ratings, dates, methodologies, analysts, default data, and realized default rates.
Systems must have at least 6 rating grades for unclassified accounts and 4 for classified accounts, consistently applied over time.
Exposures must be meaningfully distributed without excessive concentration in single grades.
Ratings must reflect two dimensions: borrower quality and facility (security/collateral) risk.
Audited financial statements by SEC-accredited external auditors are required for rating corporate borrowers with assets over P15 million starting 2005.

Banks must submit an implementation plan to BSP supervisory departments by 31 July 2004.
Penalty of P10,000 per banking day applies for delays in submission.
A fully documented, board-approved internal credit risk rating system must be submitted by 31 December 2004.
Upon approval, all prospective and existing corporate accounts must be evaluated and monitored using the system.
Same penalty applies for delay in compliance after the deadline.
The Circular is effective 15 days after publication in the Official Gazette or a general circulation newspaper.