LOAN POLICYThe loan policy is the foundation for maintaining sound asset quality because it outlines the organizations default risk tolerances, states terms to mitigate exposure at default, and provides key controls to help the lending institution identify, manage, and report risk mitigation. Generally, the loan policy outlines risk tolerances at the transactional and portfolio level. At a minimum, every loan policy should accomplish the following:Sound underwriting standards Describe both desirable and undesirable loans. Provide underwriting standards and monitoring requirements for all loans the bank offers and extends. It is important to delineate primary risk mitigation strategies by transaction and by portfolio. Establish concentration limits and sublimits. The policy should also describe enhanced monitoring and underwriting practices such as management information systems granularity, stress testing, market and industry analyses, systemic dependency, and credit reviews. Describe the credit approval process, identifying lending authorities and outlining the responsibility of the board in reviewing, ratifying, and approving loans. Define transactions requiring credit memorandums. Define transactions requiring audited, reviewed, or compiled financial statements. Define transactions requiring environmental audits. Establish credit and collateral file maintenance standards. Provide specific documentation requirements for all loan types offered or extended. Establish guidelines for insider transactions, including overdrafts, to ensure compliance with Regulation O. Establish appraisal guidelines to ensure compliance with Regulation Y and theUniform Standards of Professional Appraisal Practices.Sound credit risk management and monitoring Establish an effective loan review system and address key elements of an effective loan review program (such as qualifications and independence of loan review personnel; frequency, scope, and depth of reviews; the review of findings and follow-up; and work paper and report distribution). Establish a comprehensive and effective credit-grading system. Create portfolio mix and risk diversification guidelines and limits. Establish collection and problem loan resolution procedures. Establish charge-off and nonaccrual policies. Establish the methodology for determining the adequacy of the allowance for loan and lease losses (ALLL). It should also ensure compliance with Accounting StandardsCodification and regulatory guidance. Establish a threshold for annual credit reviews to assess the financial strength of borrowers. Establish procedures to identify, approve, monitor, and report all loan policy exceptions with acceptable risk mitigants. Additionally, the loan policy should set risk tolerances for total policy exceptions.The loan policy should be tailored to the organization and reflect the local/regional economic conditions and credit needs. At least annually, the board should review and revise the policy and communicate the policy to all appropriate personnel. Deviations from the loan policy should not be recurring or excessive and should be reported (by policy exception and in the aggregate) to the board of directors.Supervisory expectations concerning sound credit risk assessment and valuation for loans1. A banks board of directors and senior management are responsible for ensuring that the bank has appropriate credit risk assessment processes and effective internal controls commensurate with the size, nature and complexity of its lending operations to consistently determine provisions for loan losses in accordance with the banks stated policies and procedures, the applicable accounting framework and supervisory guidance.2. A bank should have a system in place to reliably classify loans on the basis of credit risk.3. A banks policies should appropriately address validation of any internal credit risk assessment models.4. A bank should adopt and document a sound loan loss methodology, which addresses credit risk assessment policies, procedures and controls for assessing credit risk, identifying problem loans and determining loan loss provisions in a timely manner.5. A banks aggregate amount of individual and collectively assessed loan loss provisions should be adequate to absorb estimated credit losses in the loan portfolio.6. A banks use of experienced credit judgement and reasonable estimates are an essential part of the recognition and measurement of loan losses.7. A banks credit risk assessment process for loans should provide the bank with the necessary tools, procedures and observable data to use for assessing credit risk, accounting for loan impairment and determining regulatory capital requirements.

A. Establishing an appropriate credit risk environmentPrinciple 1: The board of directors should have responsibility for approving and periodically (at least annually) reviewing the credit risk strategy and significant credit risk policies of the bank. The strategy should reflect the banks tolerance for risk and the level of profitability the bank expects to achieve for incurring various credit risks.Principle 2: Senior management should have responsibility for implementing the credit risk strategy approved by the board of directors and for developing policies and procedures for identifying, measuring, monitoring and controlling credit risk. Such policies and procedures should address credit risk in all of the banks activities and at both the individual credit and portfolio levels.Principle 3: Banks should identify and manage credit risk inherent in all products and activities. Banks should ensure that the risks of products and activities new to them are subject to adequate risk management procedures and controls before being introduced or undertaken, and approved in advance by the board of directors or its appropriate committee.Operating under a sound credit granting processPrinciple 4:Banks must operate within sound, well-defined credit-granting criteria. These criteria should include a clear indication of the banks target market and a thorough understanding of the borrower or counterparty, as well as the purpose and structure of the credit, and its source of repayment.Principle 5: Banks should establish overall credit limits at the level of individual borrowers and counterparties, and groups of connected counterparties that aggregate in a comparable and meaningful manner different types of exposures, both in the banking and trading book and on and off the balance sheet.Principle 6: Banks should have a clearly-established process in place for approving new credits as well as the amendment, renewal and re-financing of existing credits.Principle 7:All extensions of credit must be made on an arms-length basis. In particular, credits to related companies and individuals must be authorized on an exception basis, monitored with particular care and other appropriate steps taken to control or mitigate the risks of non-arms length lendingMaintaining an appropriate credit administration, measurement and monitoring processPrinciple 8:Banks should have in place a system for the ongoing administration of their various credit risk-bearing portfolios.Principle 9:Banks must have in place a system for monitoring the condition of individual credits, including determining the adequacy of provisions and reserves.Principle 10:Banks are encouraged to develop and utilize an internal risk rating system in managing credit risk. The rating system should be consistent with the nature, size and complexity of a banks activities.Principle 11:Banks must have information systems and analytical techniques that enable management to measure the credit risk inherent in all on- and off-balance sheet activities. The management information system should provide adequate information on the composition of the credit portfolio, including identification of any concentrations of risk.Principle 12:Banks must have in place a system for monitoring the overall composition and quality of the credit portfolio.Principle 13:Banks should take into consideration potential future changes in economic conditions when assessing individual credits and their credit portfolios, and should assess their credit risk exposures under stressful conditions.Ensuring adequate controls over credit riskPrinciple 14: Banks must establish a system of independent, ongoing assessment of the banks credit risk management processes and the results of such reviews should be communicated directly to the board of directors and senior management.Principle 15:Banks must ensure that the credit-granting function is being properly managed and that credit exposures are within levels consistent with prudential standards and internal limits. Banks should establish and enforce internal controls and other practices to ensure that exceptions to policies, procedures and limits are reported in a timely manner to the appropriate level of management for action.Principle 16:Banks must have a system in place for early remedial action on deteriorating credits, managing problem credits and similar workout situations.The role of supervisorsPrinciple 17:Supervisors should require that banks have an effective system in place to identify, measure, monitor and control credit risk as part of an overall approach to risk management. Supervisors should conduct an independent evaluation of a banks strategies, policies, procedures and practices related to the granting of credit and the ongoing management of the portfolio. Supervisors should consider setting prudential limits to restrict bank exposures to single borrowers or groups of connected counter parties.