Third pillar of Basel 3 - Disclosure by institutions Information at 30 September 2018

Transcription

1 Third pillar of Basel 3 - Disclosure by institutions Information at 30 September 2018 This is an English translation of the Italian language original Terzo pilastro di Basilea 3 Informativa da parte degli enti Informazioni al 30 settembre 2018 that has been prepared solely for the convenience of the reader. The Italian language original Terzo pilastro di Basilea 3 Informativa da parte degli enti Informazioni al 30 settembre 2018 is available on

2 Introduction 3 Own funds... 4 Capital requirements... 8 Financial leverage Credit risk Declaration of the Manager in charge of financial reporting

3 Introduction On 1 January 2014, the regulations harmonised for banks and investment companies contained in Regulation (EU) no. 575/2013 (Capital Requirements Regulation, CRR) and in the 2013/36/EU Directive (Capital Requirements Directive, CRD IV) that transpose in the European Union the standards defined by the Basel Committee on Banking Supervision (known as Basel 3 framework) became applicable. The regulatory framework was further broken down by issuing implementing measures, contained in technical regulating or implementing standards, adopted by the European Commission on recommendation from the European Banking Authority. The Bank of Italy summarised in Circular no. 285 of 17 December 2013 the prudential supervisory provisions for Italian banks and banking groups, revised and updated to align internal regulations with the changes introduced to the international regulatory framework, particularly the European Union s new regulatory and institutional framework for banking supervision and to take account of the needs identified in the exercise of supervision on banks and other intermediaries. The Circular outlines a comprehensive, organic and rational regulatory framework integrated with directly applicable Community guidelines, in order to facilitate its use by operators. The structure of the prudential regulation is divided in "three pillars": - the "First Pillar" envisages a capital requirement to face up to typical risks of banking and financial activities, envisaging the use of alternative methods for calculating capital requirements; - the "Second Pillar" requires banks to adopt a strategy and control process of the current and future capital adequacy; - the "Third Pillar" establishes public disclosure requirements designed to allow market operators a more accurate assessment of the sound equity and of risk exposure of banks. The supervisory regulations require banks in order to strengthen market discipline to provide the public with specific information regarding among other things capital adequacy, risk exposure, general characteristics of risk management and control systems, structures of corporate governance and remuneration policies. All documents are published on the website Public disclosure by entities (Pillar 3) is regulated directly by the CRR, Part 8 "Disclosure by institutions". The regulatory framework of reference is completed by the European Commission regulations containing the technical regulating or implementing standards to govern the uniform models for the publication of specific types of information and by the guidelines of the European Banking Authority. For full disclosure on risks, governance and remuneration policies, reference is made to the Condensed Interim Consolidated Report at 30 June 2018, the Report on Operations and the Consolidated Financial Statements at 31 December 2017, the Report on Corporate Governance and Ownership Structures for the financial year 2017 and the Report on Remuneration for All amounts indicated in this document, unless otherwise specified, are in thousands of euro. The disclosure is available on the website 3

4 Own funds Qualitative disclosure On 1 January 2014, the regulations for banks and investment companies contained in Regulation (EU) no. 575/2013 (Capital Requirements Regulation, known as CRR) and in the 2013/36/EU Directive (Capital Requirements Directive, known as CRD IV) approved on 26 June 2013, which transpose in the European Union the standards defined by the Basel Committee on Banking Supervision (known as Basel 3 framework), came into force. As from 1 January 2014, the banking groups must meet a minimum ratio: - of CET1 equal to 4.5%, - of Tier 1 equal to 6% as from 2015; - of a Total Capital Ratio equal to 8%. According to the Regulation, the following buffer of CET1 is added to these binding minimum values: - as from 1 January 2014, the capital conservation buffer; - from 2016, the counter-cyclical buffer in periods of excessive growth in loans and the systemic buffer for banks important at global or local level (G-SII, O-SII). With the 18th update of Circular no. 285, it was established that the banking groups will be obliged to apply a minimum ratio of capital conservation buffer equal to: % from 1 January 2018 until 31 December 2018; - 2.5% from 1 January The Bank of Italy decided to maintain the counter-cyclical buffer at 0% throughout The counter-cyclical capital buffer aims to protect the banking sector during phases of excess credit growth; it is only imposed in periods of credit growth, therefore making it possible to accumulate Common Equity Tier 1 Capital which will then be allocated to absorb the losses during the downward phases of the cycle. The sum of regulatory requirements and of additional buffers determine the level of minimum capital conservation requested from the banking groups at the consolidated level; for 2018, this level is as follows: - CET1 equal to 6.375%; - Tier 1 equal to 7.875%; - Total Capital Ratio equal to 9.875%. If the sum of these buffers does not comply with the minimum requirement (Combined Requirement), profit distribution is limited, and it is necessary to adopt a capital conservation plan. Quantitative disclosure The elements forming Own Funds are set below: - Tier 1 Capital Tier1 in turn divided into: Common Equity Tier 1 CET1; Additional Tier 1 capital AT1; - Tier 2 Capital T2. CET1 and AT1 form the Total Tier 1 Capital that together with Tier 2 Capital allows to determine Total Own Funds. Consolidated Own Funds are shown below, calculated by applying the transitional regime: 4

5 (in thousands of EUR) 30/09/ /12/2017 Common Equity Tier 1 Capital - CET1 1,739,043 1,374,187 Tier 2 capital - Tier 2 197, ,106 Total own funds 1,936,280 1,623,293 On 12 December 2017, Regulation (EU) 2017/2395 "Transitional arrangements for mitigating the impact of the introduction of IFRS 9 on own funds" was issued introducing the new article 473 bis "Introduction of IFRS 9" in Regulation 575/2013. This article offers banks the possibility of mitigating the impacts on own funds deriving from the introduction of the new rules on impairment envisaged by IFRS 9 over a transitory period of 5 years, sterilising the impact in CET1 by applying percentages that decrease over time. This makes it possible to consider within Common Equity Tier 1 (CET1) a smaller portion of the impact of the new accounting standard on own funds, calculated net of the tax effect. This portion gradually decreases from 95% in 2018 to 85% in 2019, 70% in 2020, 50% in 2021 and 25% in Own Funds are shown below, calculated by applying IFRS 9 on a fully-phased basis: (in thousands of EUR) 30/09/ /12/2017 Common Equity Tier 1 Capital - CET1 1,247,910 1,349,813 Tier 2 capital - Tier 2 197, ,191 Total own funds 1,445,147 1,598,443 Description of the main characteristics of the Common Equity Tier 1 Capital, Additional Tier 1 Capital and Tier 2 Capital instruments issued by the institution 1. Common Equity Tier 1 CET1 The elements forming CET1 mainly include paid-up capital (consisting of ordinary shares), share premiums, income-related reserves, other accumulated comprehensive income, other valuation reserves and accountable minority interests. These items, in order to be considered accountable, must comply with some characteristics envisaged by the Regulation to ensure the absorption of losses (Article 28 CRR). The following are also envisaged: - prudential filters that consists of regulatory adjustments of the carrying amount of positive or negative elements of Common Equity Tier 1 Capital, including for example impairment losses carried out to take account of the uncertainty of the parameters with reference to exposures in the financial statements measured at fair value; - negative elements of CET1, which reduce directly the component of the Tier 1 capital, such as goodwill, intangible assets, net assets deriving from defined benefit pension plans, deferred tax assets (DTA) based on future profitability and not deriving from temporary differences, the negative amounts resulting from the calculation of expected losses compared to accounting adjustments (shortfall), deferred tax assets (DTA) that are based on future profitability and derive from temporary differences and significant and insignificant investments in CET1 instruments held in other financial sector entities to be deducted if their amount exceeds the exemption limits envisaged by the regulations. 5

6 Total Common Equity Tier 1 (CET1), which does not include the profit for the period, amounted at 30 September 2018 under transitional regulations to EUR 1,739 million. The main changes occurred during the first nine months mainly concern: - capital increase that resulted in an increase in equity of EUR million including net costs related to the transaction and the equivalent value of the sale of non-exercised rights; - a negative change of EUR 46 million in valuation reserves, mainly attributable to the change in the value of Government bonds held in the portfolio of Financial assets at fair value through other comprehensive income; - the negative change resulting from the calculation of the shortfall for the transition to AIRB models for the calculation of the requirement for credit risk of EUR 59.4 million; - the effects of first-time adoption of IFRS 9 considering the application of the adopted transitional regime (negative impact of EUR million) and the zeroing of the filters linked to the transitional regime in place at 31 December 2017 (negative impact of EUR 25 million); - greater deductions related to deferred tax assets that are based on future profitability and do not derive from temporary differences (negative impact of EUR 55.2 million). At 30 September 2018, both significant investments in Common Equity Tier 1 Capital instruments of financial sector entities and tax assets that derive from temporary differences and are based on future profitability are below the exemption limits set forth in the regulations. Non-significant investments exceed the exemption limits set forth in the regulations amounting to EUR 26.6 million. 2. Additional Tier 1 capital AT1 On 30 September 2018, the Credito Valtellinese Group did not issue any AT1 instrument. 3. Tier 2 T2 Tier 2 capital amounted to EUR million at 30 September 2018, within which deductions are envisaged for non-significant investments exceeding the exemption limits set forth in the regulations for an amount of EUR 7.4 million. The fully loaded Tier 2 Capital included the subordinated loans issued by Credito Valtellinese of EUR million, net of amortisation and repurchases. In particular, the theoretical amortisation of the loans was calculated on a daily basis in compliance with the provisions of Regulation (EU) 575/2013. More specifically, below is the list of subordinated liabilities issued by Credito Valtellinese included in Tier 2 capital. By deducting the repurchase limit from the total shown below, for which authorisation was requested from the Bank of Italy, we obtain the amount of subordinated liabilities included in Tier 2 Capital of own consolidated funds. 6

7 Issuer Unique identifier Type of coupon rate Coupon rate and any related index Issue date Maturity date Early repayment as from Currency Grandfathering Original amount in currency unit Contribution to regulatory capital Credito Valtellinese IT Fixed rate 3.75% 30/12/ /12/ Euro No 170,000,000 8,476,712 Credito Valtellinese XS Fixed rate 4.70% 04/08/ /08/ Euro No 100,000,000 56,931,506 Credito Valtellinese XS Fixed rate 8.25% 12/04/ /04/ /04/2022 Euro No 150,000, ,300,000 Credito Siciliano IT Fixed rate 3.75% 30/12/ /12/ Euro No 10,000, ,630 Total 430,000, ,206,848 7

8 Capital requirements Qualitative disclosure The Group, also consistent with the provisions of prudential regulations, is equipped with processes and tools to determine the level of internal capital adequate to cover all types of risk as part of a current and future assessment of risk exposure that takes into account the strategies and development of the context of reference (Internal Capital Adequacy Assessment Process ICAAP). The ICAAP process is carried out in line with the management process of the RAF, with the strategic and operational planning and with the internal control system. Corporate governance bodies - who will independently establish the set-up and organisation in accordance with their respective powers and remits - are responsible for the ICAAP process, which is one of the main corporate processes, considering, in compliance with the principle of proportionality, the characteristics, size and complexity of the activity carried out. Specifically: - the Board of Directors of the Parent defines and approves the general guidelines of the process, ensures its compliance with the RAF and its timely adjustment in relation to significant changes in the strategic guidelines, in the organisational structure, in the operational context of reference; promotes the full use of the results of the ICAAP for strategic purposes and in making business decisions; resolves the formulation/variation of the guidelines relating to the ICAAP based on the proposal of the Chief Risk Officer; is in charge of the report on the ICAAP made annually to the Bank of Italy; - the Board of Statutory Auditors of the Parent, in accordance with its control function, supervises the adequacy and compliance process with the requirements established by the regulations; - the Delegated bodies, in the framework of the guidelines defined by the Board of Directors and bringing to the attention of said body the results of the audits conducted, implement the ICAAP process making sure that it is in compliance with the strategic guidelines and consistent with the RAF. The ICAAP process is divided in the following phases: - definition and management of the ICAAP process. It is the preliminary stage of the process and its aim is to specify the methodological approach and structure, by defining the organisational and operational context of reference of the analysis and determining: the company functions involved in the process and relevant responsibilities; the activities in which it is divided and related information flows concerning the process; the documents to be produced; - assessment of capital adequacy. It forms the central part of the process and its aim is to carry out the current and future Group capital adequacy assessment process, in relation to the risks taken and to company strategies; the assessment of capital adequacy, carried out annually and summarised in the ICAAP Report, is divided in the following moments: identification of significant risks; risk measurement/assessment of risks and related Internal Capital; calculation of the Total Internal Capital; calculation of the Total Capital; - self-assessment of the ICAAP process. It forms the final phase of the process and leads to the formulation of a self-assessment of the Group with regard to its internal assessment of capital adequacy process; - production of the disclosure for the Supervisory Authority. It forms the summary and illustrative phase of the process and its aim is to prepare the special description and assessment Report to be sent to the Supervisory Authority. The Report is produced at the consolidated level by the Parent and it is subject to the approval of the related Board of Directors. 8

9 Quantitative disclosure Capital requirements and capital ratios (in thousands of EUR) 30/09/ /12/2017 Categories/Amounts Weighted amounts/requirements REGULATORY CAPITAL REQUIREMENTS Credit risk and counterparty risk 701, ,007 Credit valuation adjustment risk 999 1,072 Settlement risk - - Market risks 16, Standardised approach 16, Internal models Concentration risk - - Operational risk 107, , Basic indicator approach 1, Standardised approach 106, , Advanced measurement approach - - Risk-weighted assets 10,336,663 12,943,781 Common Equity Tier 1 Capital/Risk-weighted assets (CET1 capital ratio) 16.82% 10.62% Tier 1 Capital/Risk-weighted assets (Tier1 capital ratio) 16.82% 10.62% Total own funds/risk-weighted assets (Total capital ratio) 18.73% 12.54% At 30 September 2018, risk-weighted assets amounted to EUR 10,337 million. The total solvency ratio (total capital ratio) stood at 18.73% whereas the Group Tier 1 to total risk-weighted assets (Tier 1 ratio) stood at 16.82%. 9

10 The capital requirement for credit and counterparty risk calculated according to the standardised approach - broken down by regulatory portfolio - is shown below. Exposure class Capital requirement 30/09/2018 (in thousands of EUR) Capital requirement 31/12/2017 Central governments and central banks 47,520 52,021 Regional governments and local authorities 1,879 1,999 Public sector entities 1, Supervised institutions 45,212 26,191 Corporate 79, ,117 Retail exposures 6,895 85,656 Exposures secured by mortgages on immovable property 7, ,735 Exposures in default 9, ,440 High risk exposures 4,982 3,662 Exposures to collective investment undertakings (CIUs) 23,095 17,407 Equity exposures 19,818 21,243 Other exposures 38,801 40,083 Total capital requirement for credit and counterparty risk - standardised approach 285, ,938 The capital requirement for risk calculated according to the approach based on internal models is broken down below. Exposure class Capital requirement 30/09/2018 (in thousands of EUR) Capital requirement 31/12/2017 Corporate 314,883 - Retail exposures 99,493 - Total capital requirement for credit risk - approach based on internal models 414,376-10

11 Financial leverage Basel 3 regulations introduced a leverage ratio that represents the ratio between Tier 1 Capital and value of total exposure. The total exposure derives from on-statement of financial position exposures net of deductions carried out on Tier 1 Capital, from exposures in derivatives, from exposures for Security Financing Transactions (SFT) and from off-statement of financial position exposures. The leverage ratio is intended to contain the build-up of leverage in the banking sector, in order to avoid destabilising deleveraging processes in crisis situations, in addition to having backstop functions to capital requirements based on risk. As from 2014, the institutions report to national supervisory authorities the leverage ratio and its components. As from 1 January 2015, the institutions are required to publish information relating to the leverage ratio. The legislative process is currently ongoing at European level targeted at inserting the leverage ratio in the own fund requirements, with a minimum of 3%. For the purposes of managing and reducing the risk, for the leverage ratio, provision is made not only for the monitoring of the regulatory minimum, but more prudential levels as part of the Group Risk Appetite Framework. In order to assess more accurately the exposure to risks and their trend in adverse conditions, their mitigation and control systems and the adequacy of capital and organisational methods, stress tests that consider, either separately or jointly, the decrease in own funds and the increase in exposures of different size are also carried out. (in thousands of EUR) Capital and total exposure measure 30/09/ /12/2017 Tier 1 Capital 1,247,910 1,350,252 Total exposure measure 27,427,587 26,284,049 Leverage ratio 4.55% 5.14% The leverage ratio is disclosed in accordance with the provisions in force. 11

12 Credit risk Information on portfolios subject to the A-IRB method Qualitative information Authorisation to use internal models The supervisory regulations envisage two methods for calculating the capital requirement: the Standardised approach and the Internal Rating Base (IRB) method, in which risk weightings are based on assessments made internally by the banks on debtors. The internal ratings method is in turn divided into a foundation IRB (Foundation Internal Rating Based FIRB) and an advanced IRB (Advanced Internal Rating Based AIRB), differentiated according to the risk parameters to be estimated by banks; in the foundation approach, banks use their own PD estimates and regulatory values for other risk parameters, while in the advanced approach, the latter are also internally estimated. On 25 September 2018, the Bank of Italy authorised the Credito Valtellinese Group: - to use the internal A-IRB credit risk measurement system, for the Exposures to corporate and Retail exposures regulatory classes, pursuant to Article 143 of Regulation (EU) No. 575/2013; - to gradually extend the method according to a defined plan, pursuant to Article 148 of Regulation (EU) No. 575/2013; - to use the permanent partial approach for the categories of eligible exposures pursuant to Article 150 of Regulation (EU) no. 575/2013 and in particular Exposures to central governments and central banks, Exposures in equity instruments, Elements representing securitisation positions and Other assets other than receivables. With a special reference to the first point, the risk parameters for which the Group received authorisation are set out below: - Probability of default (PD): probability that the borrowing counterparty will default; - Loss Given default (LGD): expected loss rate at the time of default of the borrowing counterparty; - Exposure at default (EAD): expected exposure of the borrowing counterparty at the time of default (except for Corporate counterparties falling under the Exposures to corporate regulatory exposure class). For exposures falling within the "Exposure to corporate - Specialised Lending" regulatory exposure class, the Group applies the so-called "Slotting Criteria". Illustration of the structure, use, management processes and control mechanisms of the internal rating system Development, adoption, management and monitoring of the rating system The Rating System is defined as the set of methods, processes, controls, data collection mechanisms and information systems that support the assessment of credit risk, the assignment of exposures to rating classes or pools and the quantitative estimate of defaults and losses for a given type of exposure. Therefore, the Rating System can be divided into 3 areas: 1. scope of the models: includes the components expressing the risk related to an exposure. Specifically: - credit risk segmentation and probability of default (PD), which relate to the debtor; - the default loss rate (LGD, Loss given default) and the exposure at the time of default (EAD, Exposure at default), which relate to the individual transaction. Credit risk segmentation serves internal risk management purposes and is a preparatory process for identifying the model and rating process to be applied for assessing counterparty risk. 12

13 Through this component, each counterparty is assigned to a specific segment, where the methods for assigning the rating and the credit processes are homogeneous and unambiguous; 2. scope of processes: includes the rating assignment process, processes subject to use test and/or experience use test requirements and processes regulating the adoption, management and monitoring of the rating system; 3. scope of ICT: databases, information systems and processes suitable for supporting the measurement, management and control of credit risks. Therefore, changes to the rating system include both changes to the mathematical and statistical methods or to the databases used for estimating, which involve changes in the calculation models, and more generally changes in the measurement and monitoring of risks. In particular, the process of adoption, management and monitoring of the system consists of a series of structured and shared phases within the Group, broken down as follows: - definition of the internal system and activation of the strategic policy for its adoption; - development and adoption of the internal system; - extension of the internal system; - operation, maintenance and updating of the internal system, including significant changes to the authorised internal system; - internal audits represented by the regular activities carried out by the validation function and the internal audit function. The main components of the rating system are described below. Main characteristics of the models in use The paragraph summarises the main characteristics of the models for which the Group received authorisation for use for prudential purposes, with two elements common to all models referred to in the introduction. Specifically: - the definition of default adopted for all models is in line with the regulatory definition. The administrative statuses taken into consideration are those required by the regulations of reference: - bad loans, i.e. on and off-statement of financial position exposures towards insolvent customers (even if they have not yet been legally acknowledged as such) or customers in similar positions, regardless of any expected loss formulated by the Bank; - unlikely to pay, i.e. the improbability that, without recourse to action such as enforcement of the guarantees, the debtor fully satisfies (in terms of principal and/or interest) its loan obligations. This valuation must be carried out independently from the presence of any amounts (or instalments) past due and unpaid. Therefore, it is not necessary to wait for an explicit symptom of anomaly (non-payment), if elements exist that imply a situation of default risk of the debtor. In the periods prior to the introduction of the definition of unlikely to pay in the regulations, this category considered substandard and restructured administrative statuses; - past due and/or overdue non-performing loans (hereinafter past due ), or on-statement of financial position credit exposures, other than those recognised as bad loans or unlikely to pay, which are past due or overdue or those loans other than the above, where the debtor has been overdue on a loan obligation to the bank or banking group for more than 90 days. Also note that, for the purposes of estimating the internal models, no past due event is considered as technical. - in order to take account of the presumed margin of error in the estimates, an appropriate precautionary factor (quantified through a common methodology for all models, based on the variability of estimates with respect to the values actually observed) has been introduced in line with the provisions of the regulations of reference. 13

14 The Risk and control department of the Parent is responsible for developing and maintaining risk measurement and control systems. PD models The PD models of the Group are intended to comply with the precise rationale of obtaining risk measures that: - can pinpoint the fundamental drivers of the creditworthiness of the parties towards which the Group has or intends to assume loan exposures; - are relatively stable over time, so as to reflect the expected long-term riskiness of the Group s current and potential loan exposures in each customer segment; - can prevent uncontrolled increases in risk in positive cycle phases and on the contrary indiscriminate restriction of loans in negative cycle phases (anti-cyclical). The estimating algorithms present in the model are the combination of accurate and rigorous statistical tests used without losing sight of the intuitiveness of the model and the economic sense of the estimates. The set of information used for estimating the rating models was defined with the aim of assessing the entire database available and developed through the experience gained on previously estimated rating models as well as consistency with loan management practices, which was verified through active involvement of the competent corporate functions (e.g. Loans Department). The models developed internally by the Group are as follows: - Corporate Enterprises PD Model, relating to counterparties with Corporate Enterprises and Corporate SME credit risk segmentation; - Retail Enterprises PD Model, relating to counterparties with Small and Micro-Retail Enterprise credit risk segmentation; - Private PD model, relating to counterparties with Private Retail credit risk segmentation; - Co-holdings PD Model, relating to co-holdings and temporary business combines (A.T.I., associazioni temporanee di impresa), for all exposure classes within the scope of application, subject matter of a specific treatment that takes into account the risk profile of counterparties with ratings assigned through the models listed above. The main characteristics of the PD models are shown below: - the segmentation of the rating models was defined in a manner consistent both with the regulations and with the process and regulatory logics; all models adopt a counterparty approach and are characterised by the same time horizon for estimation and calibration; - the structure of each model is based on a modular approach (with different modules depending on the credit risk segment of the counterparty): information considered relevant for the assignment of the rating is divided into autonomous and independent modules each producing a score. This model structure, consistent for the different types of counterparty, was considered optimal in that: - it allows for the separate analysis of internal Bank/Group and external information sources; - it allows the contributions of the individual information areas to be separated; - it corresponds to the logical scheme for evaluating counterparties used by an expert credit analyst; - it allows a clear representation of the influence of each component on the calculation of the counterparty's rating; at the end of the calculation of the quantitative rating, the application of corrective measures activated on the basis of information considered relevant during the granting/monitoring phase of the credit lines is envisaged for all models. The information areas considered for the introduction of corrective measures at the end of the calculation of the quantitative rating are: - qualitative assessments of the counterparty collected through questionnaires; - the fact that the counterparty belongs to the legal group (for the Corporate Enterprises model); 14

15 - the presence of events relevant to the counterparty. - with regard to the models of the segment Corporate and Retail Enterprises, the manager must also express his/her own independent opinion on the creditworthiness of the counterparty; in case of difference of opinion on the rating, it will have the right to activate the override procedure; - in order to ensure the consistency and comparability of ratings between the various categories of counterparties identified, the Group adopts a single internal Master Scale for all PD models that envisages 9 rating classes and one class for defaulting positions. This choice makes it possible to: - obtain rating classes that are homogeneous in terms of risk in the various segments, i.e. the fact that a counterparty belongs to a class implies the same information regarding its riskiness, regardless of the segment to which it belongs; - structure the rating classes in a granular way with respect to the default probabilities; - the rating is reviewed at least once a year, at the same time as the credit line is reviewed or more frequently if there are signs of deterioration in credit quality. LGD model The estimated LGD model is unique for all exposure classes within the scope of application. The LGD model, developed with the aim of ensuring consistency with the Group's management and recovery practices, is characterised by the estimate of two separate components: - estimate of the LGD - Bad loan, which consists of the loss rate historically recognised on bad loans (known as workout LGD ). The presence of a specific parameter for the bad loan administrative status is determined by the fact that this administrative status is considered absorbent and that the credit recovery process takes place exclusively in this status. Note also that the sample for estimating LGD - Bad Loan includes, in addition to the closed bad loans, also open positions with a duration exceeding the Maximum Recovery Period (known as MRP), i.e. bad loans that are still open but, due to specific characteristics, are considered "substantially closed": their inclusion in the sample has a prudent effect on the overall estimates. In line with the relevant regulatory guidelines, the effects of disposals of non-performing exposures have been incorporated into the estimates. In this regard, a specific component has been added to the LGD-Bad loan estimates deriving from the workout process, which takes into account both the actual sales price of the positions and future prospects for sale; - estimate of the Danger Rate, which consists of the probability that a position will migrate from its administrative status to the bad loan administrative status. This parameter is used to calibrate the expected loss recorded on bad loans in such a way as to make it effectively applicable also to positions classified in different administrative statuses. In order to obtain a measure of economic loss that takes into account the costs incurred during the credit recovery process, a specific component that quantifies all the costs incurred by the Bank and not directly included in the movements of individual positions, but attributable to the overall management of non-performing positions (so-called indirect costs) is estimated. Moreover, for both LGD - Bad Loan and Danger Rate components, the following elements are estimated: - an appropriate precautionary factor that takes into account the presumed margin of error contained in the estimates (the so-called Margin of conservatism or MOC); - the effects of a recessionary phase in the economic cycle on the estimated parameters (known as Downturn). For non-performing exposures, the Expected Loss best estimate (ELbe) parameter was also estimated, which represents the best possible estimate of expected loss considering the current economic condition, thus not including either the economic cycle component (downturn) or specific precautionary factors. 15

16 EAD model The estimated EAD model is unique for exposures classified as Retail and Private Retail Enterprises. The Exposure at Default (EAD) risk parameter represents the amount of the counterparty's exposure at the time of default and is determined by estimating the credit conversion factor "K". For the EAD model, the following elements are also estimated: - an appropriate precautionary factor that takes into account the presumed margin of error contained in the estimates (the so-called Margin of conservatism or MOC); - the effects of a recessionary phase in the economic cycle on the estimated parameters (known as Downturn). - specific "Ks" for non-performing counterparties, which take into account any further uses found between the time of the transition to default and the time of entry into bad loans. Uses of the rating system The Rating system plays an essential role in the Group's business processes, with a special reference to the processes of granting, managing and monitoring credit, as well as those of a strategic and commercial nature. The uses of the rating system in the main processes is summarised below. Risk governance and control Risk Appetite Framework (RAF) The definition and formalisation of the Group Risk Appetite Framework is an essential element for determining a risk governance policy and a risk management process based on the principles of sound and prudent corporate management. Within the RAF there is a section dedicated to the quality of assets which uses, among other things, the internal rating system in order to guide the growth of loans by optimising the management of risks and Expected Loss. For all the indicators identified, the Group identified the circumstances in which the reporting and escalation processes defined in the Restructuring Plan are activated. For this purpose, a "trafficlight" approach was adopted for monitoring the trend of the indicators, based on progressive alarm thresholds. The RAF - RAS is updated at least once a year; monitoring is normally carried out on a quarterly basis. Specific escalation processes are activated when the defined thresholds are exceeded. Internal capital adequacy assessment process (ICAAP) The purpose of the internal capital adequacy assessment process (ICAAP) is to have banks and banking groups assess the current and prospective adequacy of their capital with respect to their exposure to the risks that characterise their operations and to corporate strategies. The ICAAP Report, the result of a process that is carried out in accordance and in connection with the Risk Appetite Framework, is, on the one hand, the point of convergence and synthesis of the equity, economic and financial plans of the risk management, capital management and liquidity management and, on the other hand, an essential instrument supporting strategic planning and the implementation of the corporate decisions. The Report provides, among other things, a detailed analysis of the level of exposure to credit risk based on the A-IRB PD, LGD, EAD and Expected Loss risk parameters. Moreover, for the purposes of a more complete assessment of the prospective exposure, even under adverse conditions, the risk parameters used in loan management and in the measurement of its risk, in line with the use test requirements for the A-IRB systems and with the variables and metrics used in the RAF, are used for determining the adverse scenario. In particular, the results of the stress tests are taken into account when determining internal capital. In line with current regulatory requirements, the ICAAP Report is updated on an annual basis. With a view to identifying any deviations from expected trends in good time, the Group carries out an 16

17 infra-annual monitoring of capital adequacy, which is included in the half-yearly ICAAP Report and in the quarterly monitoring of capital adequacy. Credit performance scoring The supervisory regulations require the risk control function to [ ] verify the proper execution of performance scoring on individual credit exposures, in particular those non-performing, and assess the consistency of the classifications, the appropriateness of the provisions and the adequacy of the recovery process [ ]. To this end, in 2014 the Group set up the Credit Monitoring Service within the Risk and Control Department. The Service carries out second-level controls with the aim of checking/assessing the overall adequacy level of the loans portfolio management, with reference to the 4 aspects identified by the supervisory regulations, also through single file review: - proper carrying-out of the monitoring process; - consistency of the classifications; - appropriateness of the provisions; - adequacy of the recovery process. The performance control and monitoring of individual positions is carried out systematically, through a defined control process and a set of effective procedures capable of identifying the presence of anomalies. Risk reporting In addition to the above-mentioned representations/disclosures, quarterly reports on the level of exposure to the Group's risks are presented to the Corporate Bodies. The report illustrates the exposure to the main risks to which the Group is exposed, with a specific focus on the assessment of exposure to credit risk, credit quality and the related changes with respect to previous quarters/financial years. The A-IRB risk parameters are used for assessing the credit risk exposure profile. The analyses are carried out at consolidated, portfolio and break-down level. Credit and business processes Credit policies Credit policies represent a credit planning tool used by the Group to define the guidelines to be adopted when granting and revising credit for managing the performing portfolio. Credit policies are aimed at pursuing an optimum loans portfolio at Group level in compliance with the volume, risk and profitability objectives set by the Board of Directors in accordance with the Risk Strategy. The definition of credit policies is a transversal process between the structures of the Chief Lending Officer, Chief Risk Officer, Chief Financial Officer and Chief Commercial Officer with the aim of ensuring the correct implementation of the strategy for the overall re-composition of the portfolio and therefore represents the summary of the integration of the Risk Strategy into the business processes. The credit policies of the Credito Valtellinese Group apply to single counterparties that fall within the performing loan portfolio and are divided into different frameworks. The credit strategies that concretely implement the credit policies are based, among other things, on the A-IRB risk parameters. 17

18 Loan origination, assessment and approval process The A-IRB risk parameters are essential to assess the creditworthiness of the counterparty when approving and reviewing credit lines and are also used to determine the decision-making body and to monitor the non-problematic loan. Specifically: - the rating assignment process is, to all intents and purposes, a stage in the loan origination process; - the rating is a determining element in the loan assessment and approval stage; - the rating is an important element for loan monitoring. The process of assigning a rating is an integral and essential part of the loan origination, assessment and approval process. The purpose of this process is to assign an online rating or an official and valid rating to assess a counterparty's risk profile for the purposes of granting, renewing and reviewing the loan. The online rating (and the related PD) is assigned to both new and consolidated customers and involves different phases depending on the credit risk segment to which the counterparty belongs. The rating assignment process adopted by the Group takes into account all relevant information and related updates. In particular, the rating is determined by a model that considers a quantitative and a qualitative component and includes any other relevant information that cannot be processed automatically but can affect the assessment of the risk profile to ensure the completeness of the information. The resulting rating is unique and homogeneous at the Banking Group level. In line with regulatory requirements, the rating is reviewed at least every 12 months or whenever there are changes in the customer's creditworthiness and/or in the input data to the rating assignment process. The Group's decision-making powers are calculated on the basis of differentiated work flows and take into account the A-IRB risk parameters. The process of granting, renewing and reviewing the credit and the rating assessment process are supported by specific electronic procedures. Early Warning System Customer credit risk is constantly monitored, including through a process of early warning system of the credit. The objective is to promptly identify performing positions that present early or potential signs of difficulty and the immediate activation of the most suitable actions for the removal of anomalies and the regularisation of the relationship of trust. The process is based on the application of a management classification affected, among other things, by the A-IRB risk parameters, including the monitoring PD. The monitoring PD is calculated centrally on a monthly basis, using the same engine as the online PD, and is therefore able to capture changes in the creditworthiness of the counterparty by making use of updated assessment elements. The comparison between the online PD and the monitoring PD allows to point out the trend of the counterparties' risk profile; in all cases where a negative misalignment occurs beyond a preestablished minimum threshold, the online rating becomes "impaired" and there is an obligation to review and reassign it. Classification and assessment of loans The risk parameters contribute to the preparation of the Financial Statements and the Notes to the Financial Statements through: the classification/assessment of loans and their representation. With a special reference to the process of classification/assessment of loans, IFRS 9 requires that, for financial assets not measured at fair value through profit or loss, impairment losses must be determined based on the 12 month expected credit loss and, if there is a significant increase in credit risk compared to the initial recognition date, impairment losses must be calculated based on the lifetime expected credit loss of the financial instrument. In line with the regulations, the Group classifies its financial instruments into three distinct stages: 18

19 - stage 1 includes performing financial instruments for which a significant increase of the credit risk compared to the initial recognition date was not observed. The impairment is collectively determined based on 12 month expected credit loss; - stage 2 includes performing financial instruments for which a significant increase in the credit risk compared to the initial recognition date was observed. The impairment is determined collectively on the basis of lifetime expected credit loss of the instrument; - stage 3 includes non-performing financial instruments. The impairment is analytically determined based on lifetime expected credit loss. The Group identified the main elements for the transition from the first to the second stage. In particular, reference will be made to the change in the default lifetime probabilities as compared to the initial recognition of the financial instrument determined by the credit quality of each individual relation on each measurement date; moreover, the possible presence of a past due of at least 30 days and/or of forbearance measures were considered, presumptively, to be indicative of a significant increase in credit risk and involve the transition to the second stage. For this purpose, specific models based on the A-IRB models were created. In the analytical assessment of loans in the third stage, the loss is measured as the difference between the carrying amount and the present value of estimated future cash flows discounted at the original effective interest rate of the loan. The estimated cash flows take account of the guarantees associated with the loans. In the event that the guarantees are not likely to be enforced, account will be taken of either their present value or their realisable value net of expenses to be incurred to recover the amount due. The analytical impairment loss relates to expected losses on individual non-performing loans. For non-performing loans classified as unlikely to pay, which have a limited unitary amount, or as past due non-performing, the expected loss is calculated by homogenous categories according to internal statistical models and analytically applied to each position. Moreover, forward-looking factors that adapt the weighed-up probabilities of occurrence of the different future scenarios were included in the valuations of exposures classified in the third stage. Product development and pricing The Credito Valtellinese Group also takes into account the internal ratings model when developing new lending products for customers. It also adopts a model for determining the correct pricing for credit risk (known as Pricing Risk Based) that quantifies the minimum spread that the company must apply to ensure coverage of the costs and risks related to these products. Process for monitoring and controlling the rating system The process for monitoring and controlling the rating system collects the activities, roles and responsibilities for the continuous monitoring of the effectiveness and regulatory compliance of the rating system. The process involves various Group structures, in particular the risk control department and the internal audit function. The process consists of a series of structured and shared phases within the Group, broken down as follows: - quantitative checks or model monitoring activities; - qualitative checks or monitoring of supervisory regulations; - checks of the Company's control functions. The checks of the Company's control functions are carried out by the Internal Validation Service of the Risk and Control Department of the Parent and by the Services of the Auditing Department of the Parent responsible for the rating system. The Services carry out the audit activities of direct concern in accordance with the provisions of the supervisory regulations and respective regulations. Any critical situation is managed by means of structured and shared processes, including the management process of the remedial actions that envisages formalised activities and timescales for managing critical situations and related remedial actions. The actual implementation of the 19

20 provisions of the remedial actions identified is verified by the control functions mainly during the follow-up of the controls of direct concern. The results of the above activities are illustrated to the Corporate Bodies on a quarterly basis. 20